The Law Reform Commission has just published a consultation paper on search warrants and bench warrants. In relation to search warrants it points out there is currently a bewildering array of statutory provisions (over 100 different Acts and Regulations) which deal with searches, with different procedures to be followed and different powers of search and seizure in each case. The consultation paper aims, amongst other things, to rationalise the law in this area, and seeks to put in place a single statutory framework.
Surprisingly, though, the consultation paper has almost nothing to say about searches of computers and data. In fairness, it does note that there are some existing (rather patchy) provisions which specifically deal with computer searches - such as the power to require passwords in s.48 of the Criminal Justice (Theft and Fraud Offences) Act 2001. It also makes a very brief reference to the need for specialist forensic examination of seized computers. However it fails to consider any of the difficulties which have emerged when traditional norms are applied to data, much less current proposals which would fundamentally rewrite the law in this area.
To take just a few examples: there is no recognition of the vast quantities of personal data which are often stored on computers, making searches particularly privacy invasive in a way which is not generally true elsewhere. On a similar note, the consultation paper fails to recognise that the effect of seizing a computer and data can often be to shut down a business or to seriously disrupt an individual's life, and that this can often be mitigated by returning a copy of the seized data. There's no analysis of how extensive searches of data should be - if, for example, a computer is seized on suspicion of fraud offences should it be permissible to automatically scan the hard drive to detect possible child pornography images? (These and many other issues have been extensively analysed by Orin Kerr in several excellent articles, including Search Warrants in an Era of Digital Evidence and Searches and Seizures in a Digital World.) Similarly, there's no mention of so-called remote searches (police hacking into computers at a distance), despite the fact that these have been the subject of recent EU proposals.
These and other issues will have to be addressed if the Law Reform Commission analysis is to deal with computer searches adequately in a way which protects privacy - if you're interested in bringing any of these issues to their attention, you can email them at email@example.com or make a submission via snail mail using the details on this page.