A Hacker's Guide to Getting Busted

by Outlawyr - Attorney at Law

Every day we hear about new laws proposed to control encryption or to "protect" users of computers, cell phones, and new technology.  Often these laws are drafted not to protect anyone but to make it easier for the Justice Department to arrest people.

Even hackers who don't intend to break these laws can do so without knowing it, and innocent people get arrested and thrown in jail all the time.  It is therefore necessary that every hacker have at least some understanding of how criminal law works and what they can expect if Officer Friendly comes tapping at their door.

The Bill of Rights and the Supreme Court cases that have interpreted it create a complex melange of privacy protections and civil rights.  Included among these are rights which protect people "against unreasonable searches and seizures"1 and which prevent any person from being "compelled... to be a witness against himself"2 or herself.

Unfortunately, what these rights really mean is a mystery to most citizens.  It is impossible for one to invoke rights one does not understand or know about.  This article seeks to explain a complicated and amorphous area of law in layman's terms and create a practical guide for the hacker community.

Search And Seizure - Who And What Can Be Searched

Cops like to search people and things so they can find evidence of wrongdoing.

They also like to seize people and put them in jail so they can find them later when they figure out what to charge them with.  A "seizure" occurs when a reasonable innocent person would believes he's not free to leave the presence of the cop.  If they've got you pinned to the ground it's a seizure.  If they stop to ask you your name, it's not a seizure.  Between these two is a vast and interesting gray area.

To better understand when the cops can stop you and when they can search you we'll follow the unhappy goings on of Joe Hacker.  Joe Hacker has been Dumpster diving for interesting information and is now walking home, his backpack overflowing with good stuff.  He's also carrying a Red Box and some random electronics in his pockets.  What justifies a policeman in stopping Joe, asking questions, patting him down, and searching him?  Can a cop search Joe without a warrant?

Yes and no.  First, the cop can engage Joe in conversation.  At this point Joe is free to stop and chat or to go on his merry way.  But if he doesn't at least stop to chat for a few seconds, perhaps comment on the weather, this may create an "articulable suspicion" in Officer Buster's mind.  Once suspicion rises to that level, the Officer can make what's called a "Terry stop."

Terry Stops - Getting Stopped And Searched Prior to Arrest

Terry stops are named after the first case to discuss them, Terry v. Ohio.3

Under Terry, a policeman needs an articulable and reasonable suspicion of criminal activity to stop a person.  Having stopped them, the officer must reasonably believe the person may be armed and presently dangerous in order to frisk them.  This frisk is a protective search, justified by the interest in police safety.  "Police safety" is a lot like "national security," a blanket excuse for doing things that often seem to have no connection with the excuse.

When the cop frisks you, he is supposed to be patting you down to check for weapons only.  He or she is not allowed to reach into your pockets without your consent or probable cause to believe there's something illegal in there.  This leads to an interesting loophole for the cop.

Imagine the following...  Officer Buster stops Joe, who gets very nervous and starts stuttering and sweating and swatting at imaginary flies.  Joe, by the way, has a pierced eyebrow and a 2600 T-shirt.  Officer Buster thinks, ah hah, I'm reasonably suspicious that this hacker is involved in a criminal activity.

Officer Buster "Terry stops" Joe, asks questions which make Joe even more nervous, causing him to reach into his pockets over and over.  The cop gets nervous and decides Joe may be armed.  Officer Buster pats Joe down and feels a bulge in his pocket.  "Is that a Red Box I feel or is this guy just happy to see me?" thinks Officer Buster.

If the cop reaches into Joe's pocket and pulls out the Red Box based merely on a suspicion, this is an improper search.4

What happens as a result of an improper search is the prosecutor can't use that evidence at trial if the police broke the rules when they got it.

But, here's where the loophole comes in.  All Officer Buster has to do is say, "Based on my many years of experience as a police officer, after feeling the outside of the pocket, I felt certain there was an illegal hacking device in there."  Boom, he has probable cause to search the pocket, and the evidence can be used at the trial.

Of course, it is possible that a judge will decide the cop did not have probable cause, but don't forget that judges are elected.  Letting criminals go free is not a popular act, especially when based on a disbelief in a policeman's testimony.  So the point is, during a Terry stop a cop isn't supposed to go digging around your pockets, backpacks, and what have you, but they can probably make a convincing case for having done so if push comes to shove.

There are still some important things Joe should know about the Terry stop.  As you recall, Officer Buster only needs a reasonable suspicion that Joe committed a crime in order to stop him.  (This same low standard also justifies on-the-scene fingerprinting.)5

In deciding whether Officer Buster had the necessary suspicion to stop Joe, a court will look at the totality of circumstances.  They will take into account the assumption that trained officers will see things that laymen don't.  The Supreme Court has stated that "[b]ased upon that whole picture the detaining officers must have a particularized and objective basis for suspecting the particular person stopped of criminal activity."6

What does this mean in practice?

Suppose while walking home Joe stops and talks to Tony Tonedialer, a known hacker.  Officer Buster sees them talking but can't hear the conversation.  At this point there is not enough to justify a Terry stop on Joe.7  But, suppose Officer Buster strolls over toward Joe, and Joe gets nervous and runs away.

Officer Buster chases him, catches up with him, and Terry stops him.  This stop is probably proper, since given the totality of the circumstances, a reasonable officer would have been suspicious that Joe was involved in criminal activity.8

Once Officer Buster has stopped Joe, how long can he hold him without arresting him or letting him go?  Again, courts look at the totality of circumstances to see if the person was held for a reasonable time.9  Sound like a pretty amorphous rule?  Welcome to constitutional law.

Here in My Car, I'm as Safe as Can Be

What if Joe was driving rather than walking and is pulled over?

What does Officer Buster need to justify searching the car?  How far can this search go?  Actually, if this is just a Terry stop (based on an articulable and reasonable suspicion of criminal activity), the search is the same, except now the cop is Terry searching a car instead of a person.

In other words, Officer Buster can search inside the car in places where a weapon might be hidden.10

He can only make this search based on a reasonable belief that Joe poses a danger to him, but since we're dealing with police safety, the courts will generally bow to the cop's judgment on this one.  So what if Officer Buster wants to look inside a small envelope on the car seat.

Well, there aren't any weapons in there, so he has to meet a higher standard.  He must have probable cause to believe that there is contraband in the car.11  He does not, however, need to get a warrant.

So if he thinks he saw Joe snorting a white powder out of the envelope, he can take a look inside it.  If it turns out there's a list of credit card numbers in the envelope, too bad for Joe.  The search was justified and the contents are evidence.

Bear in mind that all of these searches are done without arresting Joe and without a warrant.  They're based on the limited expectation of privacy one has in a car and the interests of police safety.  But what if Officer Buster actually sees Joe committing a crime - say Dumpster diving on private property and therefore trespassing, after which Joe drives away.  Once he arrests Joe, Buster can then search the inside of Joe's car.12  This search is not just for weapons, it's for any evidence at all.  Although Officer Buster can't search the trunk, he can search everything inside the car.  This includes the envelope full of credit card numbers and the backpack full of computer printouts.

Administrative Searches

Now, there's one more way that the cop can search the car, and this time the search is of everything, including the trunk.

If the cops take possession of the car, let's say they tow it to the police pound, they can do an "administrative search."  What's that mean?  It means they can look wherever they damn well please.

In constitutional terms this isn't a search at all.  It's meant to protect against claims of lost goods and to protect officer safety in case there's a bomb in the car.  The only requirement for this type of search, other than the car being impounded, is that the police have some standard procedure regarding administrative searches.13  They can't just do them on a whim.

Searching People in the Car

O.K., let's all take a deep cleansing breath, and go back to before Joe gets arrested or Dumpster dives or any other shenanigans.

Let's say he's going down the road feelin' bad.  He's got his favorite ELO 8-track playing.  He's got his favorite hacking tools and trusty laptop in his backpack.

Unfortunately for Joe, his license plates are expired, his tail lights are broken, his stereo is on too loud, and he hasn't showered in weeks.  Officer Buster decides to take action, and pulls Joe over.  Let's say you can actually do jail time for driving with expired plates.  Officer Buster can make Joe get out of the car and he can arrest him.  Now that he's arrested him, Buster can make a full-body search.14

The cop can look in pockets, backpacks, and anywhere else he thinks Joe might be hiding weapons or evidence.  This isn't a Terry stop, this is a search incident to an arrest, and there aren't many limits to it.  In other words, don't get yourself arrested if you're carrying incriminating evidence that could lead to an arrest on other charges.  Discretion pays.

Get On the Bus

Joe's sick of getting stopped while walking and driving.

This time he's taking the bus.  Suddenly a few cops hop on board.  They spot Joe and walk over to his seat and start asking questions: where's he going, what's he plan on doing there, that type of thing.  Joe is getting pretty nervous and would like to end the conversation and be on his merry way.

What are his rights?  At what point are the police going too far?  Well, in theory at the point that Joe doesn't feel free to terminate the encounter, it becomes a seizure.15  A seizure is either an arrest or a Terry stop, so the cops would need at least a reasonable suspicion of criminal activity for things to go that far.

So why is all this "in theory?"  Think of it this way.  Officer Buster approached Joe on the bus and asks to see some identification.  If Joe says no, which he has every right to do, this may give rise to the reasonable suspicion needed for a Terry stop.  The Terry stop will most likely lead to a frisk, the cop will probably then feel something that feels like a weapon, dig in pockets, find contraband, and boom, Joe's under arrest.

The bottom line on all this search and seizure stuff is, if you look or act suspicious, the cops will come up with a justification for searching you, and what they find might lead to an arrest.  The best way to avoid this is to not look suspicious.  Since many people dress in a way that is considered by them to be cool and by cops to be suspicious, you've already lost the battle if you go out dressed to impress.  Keep the chains and leather at home if you're going about doing things or carrying things you shouldn't.

I'll Blow the Door Down - Search & Seizure at Home

No Warrant, No Problem

If the cops don't have a warrant to search your house and don't have a warrant for your arrest it's less likely they will search your house.  The exceptions to this are the Plain View Exception and Exigent Circumstances.

Plain View

If the cop is lawfully in a place (your landlord or parents let him in) he can seize items in plain view where the criminality of the evidence is immediately apparent.  So keeping your well labeled collection of pirated software and viruses out on display might not be a good idea.

Exigent Circumstances

Factors that give rise to exigent circumstances include a "grave offense," an armed suspect, or risk that the suspect will escape if the police don't bust in and grab him.  In other words, if it's a really big emergency, the cops don't need a warrant to enter a house.

Obviously, of the two exceptions, plain view is more likely to come up in your life.  If the cops have a warrant to arrest your roommate and come in to get him you better hope your stuff is well hidden.

Warrant

There are two types of warrants, a warrant to arrest a specific person and a warrant to search a specific place for a specific thing.  Ask to see the warrant and read it to make sure it states with particularity who or where it applies to.  Make sure it was signed by a judge or magistrate.

If the police have a warrant to arrest a specific person, they can also search things within that person's reach.  This is to protect the cops in case there are weapons about.  The cops can use this to their advantage by encouraging you to move around.  Wherever you go they can search the area "within your control."  So if the cop asks if you'd like to go get your coat before he hauls you down to the station, it's not because he's nice.  He wants to see what's in your closet.

The warrant to search a specific place for a specific thing is self-explanatory.  In theory the warrant must have specificity; it should name the place to be searched and what is being searched for.  In practice the plain view exception discussed above broadens what the cops might find and take once they are inside with their little search warrant.

You Have the Right to Shut Up - Miranda When Things Go Horribly Wrong

As we've seen, there are many ways the cops can legally search you, your car, and your house.  Having done so if they find evidence that you were involved in a crime they are likely to arrest you.  What they need to do this is "probable cause."

Probable cause is difficult to define.  It's more than a suspicion that you've done something wrong.  If a reasonable person would feel reasonably certain that you committed a crime, the cop most likely has probable cause to arrest you.

Once they arrest you they will likely read you your Miranda warnings.  You've heard these a million times on TV, and they include the right to remain silent and the right to an attorney.  There are two important things to bear in mind after being arrested.

One, just because the cops don't read you your Miranda's doesn't mean you're going to be set free on a "technicality."  All it means is they may not be able to use any evidence you give them when they interrogate you.  Maybe.

This leads to the second important thing.  Shut up.  You are not going to help your case by talking.  They will not go easy on you for cooperating.  Every word you speak adds to the probability that you will go to jail.  Don't give them any information beyond identification like name and address.  Don't give them permission to search you.  Don't sign anything.  Don't talk to other people in holding cells or sitting next to you in the police station - they might be snitches.  Don't make deals with the cops, they don't have the authority to make such deals and only use this as a ploy to get you talking.  Aside from asking for a glass of water or other incidental matters, the only words you should speak are "I want an attorney."

Right to an Attorney

The Sixth Amendment provides the right to have assistance of counsel for defense.

Even the trial of a misdemeanor requires counsel when there is a possible sentence of imprisonment.  The Supreme Court in Gideon v. Wainwright (1963) found that lawyers in criminal court are necessities, not luxuries.  (There's an interesting movie about this case called Gideon's Trumpet.)

You should heed these words well and find a good attorney if you are arrested.  More importantly, even if you can't afford an attorney or don't want one, you should tell the police that you want an attorney.  This does not mean they will rush out and get you one, or that you will be given the opportunity to do so.  The right to counsel attaches at or after initiation of adversary proceedings against a defendant.  This generally means your first hearing.

So why would you say you want an attorney before this point?  To end the questioning.  If you ask for a lawyer after your Miranda warning, you go to your cell.  At this point you don't actually see a lawyer.  After you assert the right to an attorney the police can't question you unless you initiate the discussion.  You must "evince a desire to open a generalized discussion relating to investigation."  Don't do that.

So to clarify, the Miranda "right to an attorney" you always hear about is a right to a "ghost" attorney.  Invoking this right gets the cops off your back until they can question you with an attorney present.  The right to the Miranda "ghost" attorney arises from the Fifth Amendment.

The Sixth Amendment right to a real lawyer doesn't start till after an indictment or the beginning of adversarial proceedings in a courtroom.  And by the way, although it is legal for you to defend yourself without an attorney, it is very very stupid.  Even attorneys rarely do this.

In addition to helping with your case and representing you at the trial, an attorney can help get you a lower bail than you would get on your own.  An attorney can be provided to you for free, and there are many legal aid clinics and public interest groups that might provide one free if you don't like your court appointed attorney.  If you have the money to get a really good attorney, do it.  Why do you think O.J. Simpson is walking around free today?

Change the World

All the above is not meant to help bad guys avoid arrest or prosecution.

It's meant to show you that what seems like an unlikely event - being stopped, searched, questioned, arrested, and perhaps sentenced to prison time - is not beyond all possibility.  Other than trying not to look and act suspicious there is a very good way for you to avoid all this.

We are at a pivotal point in the development of computer and cyber law.  Most of the laws that hackers need to worry about breaking are of recent vintage or are being written and debated right now.  You can have an impact on the future shape of these laws by writing polite and articulate letters to your congressperson when bills related to hacking are being discussed.

These letters generally get read by underlings who keep track of how many people support and how many oppose a specific bill.  Your congressperson wants to be reelected and pays close attention to these tallies.

Snail mail counts more than e-mail, by the way, so send atoms, not bits.

Conclusion

The above is just the tip of the iceberg.

If you want to learn more there are many excellent books on the subject of criminal law and defense, and most of the cases cited in this article make for good reading.  Your librarian is your friend!

You might also consider joining a group like the (((ACjU))) or (((EFF))) to keep updated on changes in the law and current cases.  The New York Times online edition has an excellent cyber law section.

You could even, god forbid, go to law school and study criminal procedure and constitutional law.  But even if you don't pursue the subject further, I hope this article has opened your eyes to the real danger of being stopped and searched and some of the do's and don'ts of dealing with the cops.

Above all, if you are stopped, stay calm and be polite; if you are arrested, assert your right to an attorney.

Disclaimer

This legal guide is meant as a learning tool for those interested in the current state of criminal procedure.  It is not an endorsement of illegal acts and does not constitute legal advice.  Consult an attorney for help with your specific case.

Footnotes

1.)  U.S. Const. amend. IV.  The Fourth Amendment reads: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

2.)  U.S. Const. amend. V.  The Fifth Amendment reads: "No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the militia, when in actual service in time of war or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation."

3.)  Terry v. Ohio, 392 U.S. 1 (1968).  In Terry, a cop saw three men loitering in front of a store.  It appeared to the cop that they were casing the store.  The cop approached the men, patted them down, and found a gun.  At trial, one of the suspects, Terry, moved to exclude the gun from evidence based on both improper search and seizure.  He claimed that because the cop didn't have probable cause it was improper for him to stop and search the men.  But the cop had an articulable suspicion.  The court held that this was enough to justify a stop.  Once he had stopped the men, the interests of police safety justified the frisk.  This is a limited seizure and a limited search.

4.)  Minnesota v. Dickerson 113 S.Ct. 2130 (1993): Holding that by "squeezing, sliding and otherwise manipulating the outside of the defendant's pocket" after determining that it contained no weapon, the police officer had "overstepped the bounds" of the Terry search.

5.)  Hayes v. Florida, 470 U.S. 811 (1985): Stating in dicta that on the scene fingerprinting is justified as long as there is a "reasonable basis for believing that fingerprinting will establish or negate the suspect's connection with that crime," and if the procedure is done quickly.

6.)  United States v. Cortez, 449 U.S. 411 (1981)

7.)  Sibron v. New York, 392 U.S. 40 (1968)

8.)  California v. Hodari D., 111 S.Ct. 1547 (1991)

9.)  United States v. Sharpe, 470 U.S. 675 (1985)

10.)  Michigan v. Long, 463 U.S. 1032 (1983)

11.)  California v. Carney, 471 U.S. 386 (1985).  See also California v. Acevedo, 111 S.Ct. 1982 (1991) which quoted the Ross Court as holding: "The scope of a warrantless search of an automobile... is not defined by the nature of the container in which the contraband is secreted.  Rather, it is defined by the object of the search and the places in which there is probable cause to believe that it may be found."

12.)  New York v. Belton, 453 U.S. 454 (1981).  In Belton, the cop pulled over a car for speeding.  He smelled pot smoke in the car and saw an envelope marked "Supergold."  He arrested the driver, then searched the car.  On the back seat was a leather jacket.  The cop unzipped one of the pockets and found cocaine.  The Court held that once the defendant had been properly arrested for possession of pot, "the officer was justified in searching the immediate area for other contraband."

13.)  Colorado v. Bertine, 479 U.S. 367 (1987)

14.)  United States v. Robinson, 414 U.S. 218 (1973)

15.)  Florida v. Bostick, 111 S.Ct. 2382 (1991).  The Court stated: "So long as a reasonable person would feel free 'to disregard the police and go about his business,' the encounter is consensual and no reasonable suspicion is required... We have stated that even when officers have no basis for suspecting a particular individual, they may generally ask questions of that individual, ask to examine the individual's identification, and request consent to search his or her luggage - as long as the police do not convey a message that compliance with their requests is required."

Return to $2600 Index