This is something that has not been fully addressed in the internet age.
According to the plain view doctrine, police may not search outside the scope of a warrant unless the evidence is in plain view. If evidence is in plain view, the government may seize it and use it to prosecute a separate crime.
This doctrine can be troublesome when applied to digital searches because of the sheer amount of data available to the government. What constitutes plain view in these cases, and what limits can be placed on warrants to prevent all digital searches from becoming phishing expeditions? In theory, law enforcement officials should discard all material unrelated to a criminal investigation of specific person or persons, but what safeguards exist to ensure that will happen?
Think about it, investigating a website, an email account, even a phone, brings in a ton of data about not just the person you’re investigating, but a whole lot of other people who may not be involved at all. If I get access to cell tower logs in order to track one device’s location through a period of time, I see every other device that was in the area as well. If I get access to website logs, I see everyone who logged in, not just the person I may be investigating.
That provides a whole lot of collateral information, about a whole lot of people who had nothing to do with what’s being investigated. How comfortable should we be with that? What safeguards do we have that information will stay private and not be put together with information from various other investigations to paint a false picture of someone?
Let me give you an example. Let’s say you are looking for information on resources and shelters for domestic violence victims. You go to the internet and start running some searches. In the course of investigating someone else about something entirely different, the local police gets access to web browsing logs from the local ISP, including yours. Lo and behold, one of the investigators knows your spouse, and runs a quick search of your IP address as a favor for him.
Now, there are laws in place that are supposed to prevent that sort of misuse of information, but we also know that it still happens. We’ve seen plenty of stories of law enforcement or contractors with access to this kind of information using it to look up girlfriends, or kids friends, etc. Wouldn’t it be safer to simply limit the information being turned over? Getting this back to something that requires some level of reasonable suspicion before you even get to see the information instead of just having it laying around in bulk might do us all a lot of good.