Network Forensics: Network Data and State Seizures in the United States

Network systems capture data about electronic activity in new, sometimes unprecedented forms. These new forms offer new, powerful tactical tools for investigations of electronic malfeasance under traditional leg al regulation of state power, particular that of Fourth Amendment limitations on police searches and seizures under the U.S. Constitution. But mis- appreciation of identity and authenticity issues with electronic data, particularly IP addresses and account numbers, raise issues of public policy, privacy and proper oversight network forensic investigations. The digital age uses digital facts, particularly alphanumerical identifiers used for addressing, hashing and authentication and identification in online transactions. These artifacts become the evidence supporting a state search or seizure Given the technical issues with evidence preservation and examination in electronic storage media, search warrants relating to computers may direct the seizure of computers and removal off-site for examination in a computer forensics facility. This can disrupt or even destroy records, objects and systems on those computers. This reliance on simple digital identification with minimal authentication further corrodes privacy and liberty rights in new ways. Technical security cannot protect privacy and security with such attitudes towards data. Security policy must extend into all domains of society. The challenge will be to establish a balance where courts set a stricter boundary for state searches and seizures based on electronic evidence of questionable reliability. As the United States v. Gourde court observed "We are acutely aware that the digital universe poses particular challenges with respect to the Fourth Amendment." That awareness still needs greater knowledge of the facts of identity and authenticity of electronic data as evidence, its mutability and evanescence, if the rights, liberties, and privacy of Americans are to be protected.