What happens to seized data that falls outside the scope of a search warrant?

United Kingdom

In a judicial review challenge of a Crown Court decision to refuse an application to require an Authority to return data copied from seized devices which fell outside the scope of the search and seizure warrants, the court has held that an investigating Authority’s duty to identify and “return” such seized property extended, in the context of copied electronic data, to deleting that copied data. However, the data need not be deleted if, taking a pragmatic and practical view of the factual context, it is not reasonably practicable to separate it from data that falls within the warrant.

Background

In Business Energy Solutions Ltd and others v Crown Court at Preston [2018] 1534 (Admin), a Trading Standards Authority had obtained widely drafted warrants from the Crown Court to seize, among other things, computer equipment from the claimants’ premises as part of an investigation into alleged mis-selling by the claimants of utilities services, namely, telephony, electricity and gas. Equipment and devices with a combined storage capacity of 53 terabytes was seized. Once the data (comprising 200 million electronic documents and 770,000 recorded telephone conversations) was copied and backed-up, the physical equipment and devices were then returned to the claimants.

Issues

Section 50 of the Criminal Justice and Police Act 2001 (the “Act”) enables an Authority that is exercising powers under a search and seizure warrant, to seize property for examination off-site if it is not reasonably practicable to (i) determine whether (or the extent to which) the property is covered by the warrant or (ii) separate it from other property that is not covered by the warrant (e.g. material held on servers or hard drives).

Section 53 of the Act requires an Authority that is in possession of such seized material to conduct an initial examination as soon as reasonably practicable after seizure to determine if any of that material is not within the terms of the search warrant and, if so, to return it as soon as reasonably practicable. However, there is an exception from the obligation to return such material, where it is not reasonably practicable following the examination to separate it from the material that is covered by the warrant.

In this case, the warrants issued were framed in wide terms, and permitted the seizure of computer and other devices on which data was stored. For example, they permitted the seizure of: "Any material recorded on servers accessible from the subject premises" and "All records, details, notes and files whether on computer or otherwise of the employees of the above named companies…". Given how wide the warrants were, the amount of data retained by the Authority and not covered by the warrants was likely to be "very limited".

Although the claimants also made various allegations during the proceedings about the manner in which the warrants had been obtained and their breadth, the warrants themselves were never challenged.

Instead, the claimants focused on the obligation to identify and return material not covered by the warrants. They applied to the Crown Court under section 59 of the Act for the return of data held by the Authority that allegedly fell outside the scope of the warrant, in particular material relating to two companies in the group, which had nothing to do with the utilities business that was under investigation. The claimants also requested a detailed inventory of the items contained on the seized equipment, on the basis that this was required under section 21 of the Police and Criminal Evidence Act 1984 (“PACE”). The Authority argued that by returning the physical items containing the data that was copied, they had complied with the obligation to return the material and/or that it was not reasonably practicable to return the copied data that fell outside the warrants as it would be disproportionately time-consuming and costly to perform the exercise necessary to do so. The Crown Court refused to grant the claimant’s application, resulting in the judicial review challenge.

This raised the following issues:

  1. Does the obligation to “return” seized property extend to copied data?
  2. If so, what does “return” mean when applied to such data?
  3. In assessing the practicability of separating the data, should the court only take into account technical feasibility, or a wider range of factors such as time, cost and diversion of resources from other priorities?
  4. Under section 21 PACE, how much detail were the authority, or the police who carried out the search, required to provide of what had been seized?

The decision

The Court held that the obligation to return seized property did extend to copied data. Green J noted that section 63 of the Act expressly provides that copies are included in the definition of seized property. There was no basis for distinguishing between hard copies and soft copies in this regard and it was in keeping with the purpose of the provisions (which allowed for a very onerous infringement of a person’s rights and freedoms) that copied data should be included within the obligation.

As to how copied data was to be returned, the court held that it was sufficient to delete or destroy the data. Green J commented that the Act had been passed at a time when the rapid evolution of electronic search techniques had not been fully foreseen. It was therefore appropriate to apply a purposive construction to the word “return”. The intention behind the obligation to return seized property was to ensure that “no trace or residue” of that property was retained by the authority. In relation to copied data, this could be achieved by deletion or destruction.

As to whether or not it was practicable to separate the data, the court held that the test was a broad and practicable one, not the narrow one of whether it was technically possible. “Practicable” was by definition broader than “possible”, and section 53(3) of the Act expressly stated that “all the circumstances” were to be taken into account. If Parliament had intended the test to be technical feasibility, it would have said so. Further, if “reasonably practicable” in section 53 was intended to mean “technically feasible”, it would have a different meaning than the same phrase in other sections of the same Act. This was unlikely to have been Parliament’s intention.

In the present case, common sense indicated that to sift 200 million documents and 770,000 audio recordings would require a very considerable investment of time, cost and resources. Green J said that this would have the effect of diverting the investigation “into a blind alley”. The Court therefore rejected the claim for the return (i.e. deletion) of the data on the particular facts of the case. It was an important consideration in the case that the warrants were so wide that there was likely to be very limited data or material not covered by its terms and that the amount of data captured was very large.

Finally, the Court held that there was no obligation to provide an item by item breakdown of the contents of the equipment that had been seized under section 21 PACE. It was sufficient to identify the equipment itself. The equipment had been returned to the claimants with the original data intact, and they could therefore determine for themselves what had been seized. The claim for an inventory was therefore also refused. (The Court noted that it was also misplaced as the proper defendant to that application was the police constabulary who carried out the search and seizure, not the Court who refused the application.)

Comment

Although previous cases have considered the obligations of an Authority in relation to data that has been unlawfully seized, this appears to be the first case to have considered a scenario where data is lawfully seized under a search warrant, but subsequently argued to be outside the scope of that warrant. It will therefore be of interest to companies in highly-regulated industries who may be exposed to searches by regulators. The confirmation that copied data is subject to the return (or deletion) obligation, and the guidance on how that is to be achieved, will be welcome and acknowledges the realities of the role of electronic data in modern investigations.

Businesses may be more concerned by the decision that Authorities can rely on considerations of resources, cost and time to refuse to identify material that was outside the scope of the warrant. However, the volumes of data in this case were exceptional even by the standards of such investigations and the scope of the warrant was very wide, meaning that there was in practice likely to be very little data outside its scope. It remains to be seen what will be the threshold below which the Courts will consider separation of the relevant and irrelevant data to be practicable. Companies may view this judgment as an indicator that they may be better served by focusing on the legitimacy and breadth of the warrant itself, rather than on whether material captured as a result should be returned after the fact.