FBI agents targeting alleged criminal spammers last year obtained a trove of incriminating documents from a suspect's Google Docs account, in what appears to be the first publicly acknowledged search warrant benefiting from a suspect's reliance on cloud computing.

The warrant, issued August 21 in the Western District of New York, targeted Levi Beers and Chris de Diego, the alleged operators of a firm called Pulse Marketing, which was suspected of launching a deceptive e-mail campaign touting a diet supplement called Acai Pure. The warrant demanded the e-mail and "all Google Apps content" belonging to the men, according to a summary in court records.

Google provided the files 10 days later. From Beers' account, the FBI got a spreadsheet titled "Pulse_weekly_Report Q-3 2008" that showed the firm spammed 3,082,097 e-mail addresses in a single five-hour spree. Another spreadsheet, "Yahoo_Hotmail_Gmail - IDs," listed 8,000 Yahoo webmail accounts the men allegedly created to push out their spam. The Yahoo accounts were established using false information, allegedly in violation of the CAN SPAM Act.

Privacy advocates have long warned that law enforcement agencies can access sensitive files stored on services like Google Docs with greater ease than files stored on a target's hard drive. In particular, the 1986 Stored Communications Act allows the government to access a customer's data whenever there are "reasonable grounds" to believe the information would be relevant in a criminal investigation – a much lower legal standard than the "probable cause" required for a search warrant.

But in the spam investigation, FBI and federal prosecutors opted for a full-blown search warrant, making it palatable – more or less – even to government watchdogs.

"Assuming the warrant is valid and satisfied the Fourth Amendment … the government's conduct in this case certainly satisfied one of our biggest concerns," says EFF staff attorney Kevin Bankston. "We think a warrant should be required to access cloud data."

The cloud, though, undoubtedly makes things easier for the feds. If the alleged spammers had kept their files strictly on their local hard drives, the FBI would have had no choice but to serve the warrants in person, seize the computers or image their contents, and leave the suspects with a copy of the search warrant and a written inventory of everything taken.

The Google Docs search warrant, in contrast, was issued under seal and presented politely to Google, without an FBI agent having to draw his gun or sternly bang on a door. More significantly, and unlike most physical search warrants, the government has no obligation to disclose the cloud search to Beers and de Diego, unless criminal charges are filed. Beers said he's received no notice that his documents were searched, even though nearly eight months have passed since Google handed them over. "I have not received notification from Google or the government about this search warrant," he writes.

"Notice can be a little tricky if it's not a physical place," says Orin Kerr, a professor at the George Washington University Law School. "You can imagine a law that requires the government to send an e-mail to the account, 'Your receipt for what we recovered.'"

For its part, Google says it has a policy of providing notice whenever it can. "Currently, if it doesn't jeopardize the investigation … and is allowed under the law, we work to notify the user before turning over any information requested," says spokesman Brian Richardson. "That will allow the user to contest the demand in court."

The New York search warrant was issued under seal, but was detailed in a public follow-up search warrant affidavit (.pdf) filed in Denver this year, which successfully sought access to the contents of dozens of Yahoo webmail accounts used in the spam operation.

The same Colorado prosecutors' office made news this week for attempting, and failing, to gain access to some Yahoo e-mail content without a search warrant, in a separate case that's mostly under seal. It's unclear if the cases are related. Jeffrey Dorschner, spokesman for the U.S. Attorney's Office in Denver, declined comment.

De Diego's attorney and sister Sarah de Diego says the e-mail messages detailed in the search warrant affidavit were all opt-in, and no crime was committed – the Yahoo webmail addresses were registered only to test a piece of mailing software. Chris de Diego has been cooperating with the FBI in the case since last November, says the lawyer.

"He was just a pencil-pusher," she told Threat Level on Monday. "It's been a long and expensive ongoing investigation, into, as near as I can tell, absolutely nothing."

Updated to add comments by De Diego's attorney and Beers.

David Kravets and Ryan Singel contributed to this report.

Photo: Tom Raven/Flickr

See Also: