Police Seize Records | Civil Inspector
Law enforcement searches for and raids to seize computer records come in many shapes and sizes. A student in one of my SANS classes – who had experience helping the FBI confiscate electronic evidence under formal search warrants – taught us that an FBI raid is swift, forceful, well-equipped and well-organized.
According to him, the bystanders, such as IT staff at the target enterprise, have little opportunity to say or do anything other than try to get out of the way.
But a highly-professional FBI raid is just one kind of police/prosecutor investigation that can demand computer records. Other raids or investigations can involve law enforcement personnel who are less specialized and less well-trained. The raid could be executed by the local county sheriff's department, which may not possess the resources and expertise of the Federal Bureau of Investigation.
The Maricopa County sheriff raided a tow truck company in Mesa, Arizona, seizing computer and other records, in connection with a fraud investigation. Five years later (that's a long time to wait on an investigation!) prosecutors had still not decided whether charges would be brought against the truck company. The company claims the whole event was political.
Also in Maricopa County, the sheriff's department raided one of its sister county departments in a dispute over control of county computers. Sheriff's deputies threatened to arrest fellow county employees who stood in the way. The computer system in question was the topic of a civil lawsuit between the county sheriff's office and the county board of supervisors.
The personnel executing a raid or inspection need not necessarily be peace officers who carry guns. They could be simply regulatory investigators. For example, in Australia, a Fair Work Inspector can enter a business and (“without force”) demand access to computer records related to labor practices.
Any time government appears at the door looking for computers or electronic evidence, here are general guidelines for IT staff:
1. Do not obstruct an officer acting under color of law. An example of “color of law” is that the person carries a police badge and a gun.
2. Do not authorize or express “consent” for the search.
3. Designate a single, calm spokesperson to talk to the government personnel.
4. Politely request to see and get copies of documentation of the government's authority (but don't stand in the way if your request is not immediately answered).
5. Politely request opportunity to have counsel come and be present.
6. Politely explain (if given the opportunity and if truthful) that (a) the enterprise computer systems are complex and damage to them might damage the enterprise and throw employees out of work, and (b) a cooperative acquisition of records through counsel might be more prudent.
7. Politely request to make as many records as possible of the government's activity while its on the premises. Although FBI agents may be unlikely to allow you to follow them around, take notes and/or video them as they work, a Fair Labor Inspector might.
–Benjamin Wright, Senior SANS Institute Instructor