Insights
Publications

4th Amendment And Shared Servers: Lessons From Shkreli

9/29/2017 Articles

The prosecution of Martin Shkreli, whom the BBC has called “the most hated man in America,” reveals some important lessons about the Fourth Amendment protections against search and seizure in the digital corporate context: physical access to documents on a server may trump actual ownership of records. As the use of shared servers increases, foresight and commitment to clear document policies can prevent potentially overbroad and unconstitutional data collection.

In December 2015, Shkreli, former head of the pharmaceutical company Retrophin, was indicted for conspiracy to commit securities fraud. Federal prosecutors in Brooklyn alleged that Shkreli raided Retrophin cash and stock to pay defrauded investors in two hedge funds he managed, MSMB Capital Management LP and MSMB Healthcare Management LP. In response to a government subpoena following Shkreli’s indictment, the publicly traded Retrophin produced troves of MSMB Capital and MSMB Healthcare-related documents. Shkreli subsequently moved to suppress those documents, arguing their introduction at trial would violate his Fourth Amendment protection against government searches and seizures.

Shkreli argued that, although he used his MSMB entities’ email to conduct Retrophin business, and although MSMB entity information was stored on Retrophin servers, the produced MSMB information was password protected, and thus not accessible to Retrophin. Therefore, Shkreli argued, he had a reasonable and subjective expectation of privacy in the MSMB documents.

To complete his Fourth Amendment claim, Shkreli also argued that Retrophin functionally acted as a government agent in collecting MSMB documents for production because, Shkreli alleged, the company “partner[ed]” with the government to collect MSMB documents.

Retrophin disagreed and the government opposed Shkreli’s claim. Retrophin filed an affidavit asserting that “emails sent to or from MSMB email addresses (both in current and archived form) were commingled on Retrophin’s servers with emails sent to or from Retrophin email addresses,” that no separate password was required to access MSMB entity emails stored on the Retrophin servers, and that Retrophin — not Shkreli or MSMB entities — paid for and maintained the servers that housed the documents at issue. Moreover, the company responded to the subpoena by producing “responsive documents that it had in its possession, custody or control,” and that merely production did not mean it was acting as a government agent. Therefore, the government asserted Shkreli’s Fourth Amendment rights were not violated by the production of the MSMB entity data.

Judge Kiyo Matsumoto agreed and denied Shkreli’s suppression attempts, finding that Shkreli did not have a reasonable expectation of privacy in the documents at issue, and that “corporate compliance with a government subpoena [does not] transform the complying entity into a government agent.”

The court recognized that, while the Second Circuit had found that a corporate officer like Shkreli may assert a reasonable expectation of privacy in his corporate records, see United States v. Chuang, 897 F.2d 646, 649 (2d Cir. 1990), Shkreli had not made such a showing. The court found that Shkreli willingly co-mingled MSMB and Retrophin records, and that Shkreli signed Retrophin’s email policy, which stated that “[a]ll electronic data ... transmitted through [Retrophin] facilities ... are the property of the company.” In other words, because Shkreli had failed to take proper precautions to keep MSMB material separate from Retrophin material, he could not demonstrate a subjective expectation of privacy in his corporate records. Shkreli was later convicted of three counts of securities fraud.

Shkreli’s failed motion to suppress provides a cautionary tale for entities that share physical or server space. Shkreli essentially argued that, because the MSMB documents formally belonged to MSMB and thus were not in the “possession, custody or control” of Retrophin, their production was a constitutional violation. The court ignored formal ownership, however, and found that the intermingling of Retrophin and MSMB records on a shared server was sufficient to establish Retrophin’s “possession, custody or control” over MSMB material.

Of course, intermingling records alone does not waive constitutional rights, In re SK Foods LP, No. 2:09-CV-02942-MCE (E.D. Cal. Dec. 24, 2009) (finding no authority for assertion that “privacy interests are waived simply because [] companies may have shared storage and access capabilities”), and federal appellate courts considering the Fourth Amendment rights of those not subject to search have proposed procedures for disaggregating intermingled physical documents, see United States v. Tamura, 694 F.2d 591, 595–96 (9th Cir. 1982) holding modified by United States v. Comprehensive Drug Testing Inc., 579 F.3d 989 (9th Cir. 2009) (“In the comparatively rare instances where documents are so intermingled that they cannot feasibly be sorted on site, we suggest that the Government and law enforcement officials generally can avoid violating fourth amendment rights by sealing and holding the documents pending approval by a magistrate of a further search ...”).

Disaggregating electronic records is much more complex than disaggregating physical records, however, and requires courts to grapple with the constitutional implications of server technology and the ubiquity of shared server space. “The advent of fast, cheap networking has made it possible to store information at remote third-party locations,” and "[g]overnment intrusions into large private databases thus have the potential to expose exceedingly sensitive information about countless individuals not implicated in any criminal activity, who might not even know that the information about them has been seized and thus can do nothing to protect their privacy.” United States v. Comprehensive Drug Testing Inc., 621 F.3d 1162, 1177 (9th Cir. 2010).

While the courts grapple with how the constitution contemplates the storage of vast amounts of data stored all over the world, it remains clear that demonstrating a reasonable and subjective expectation of privacy in material is critical to stating a viable Fourth Amendment claim.

To make the strongest case for that expectation of privacy, entities sharing physical or server space should password protect distinct-entity documents, create formal policies regarding ownership of electronic and other records, and consider sharing the costs of hosting servers. Taking these precautions to protect distinct-entity documents on shared server space will strengthen claims to a reasonable and subjective expectation of privacy in entity records, and prevent unconstitutional searches.

Published in Law360.

Firm Highlights

News

Farella’s Aviva Gilbert Honored With WWCDA Catherine M. O’Neil Mentoring Award

SAN FRANCISCO, November 19, 2020: Northern California legal powerhouse Farella Braun + Martel is pleased to announce that Aviva J. Gilbert will be honored by the Women's White Collar Defense Association (WWCDA) with its Catherine...

Read More
Publication

Recommended Practices for Conducting Internal Investigations

William Keane served as the chair of the American College of Trial Lawyers’ Federal Criminal Procedure Committee, which drafted the white paper “ Recommended Practices for Conducting Internal Investigations ” published by the ACTL...

Read More
Publication

Going it Alone: How to Manage Cybercrime Response With Less Government Help

By: Jessica K. Nall, Chair, White Collar Defense and Corporate Investigations practice and Aviva J. Gilbert, Senior Associate, White Collar Defense and Corporate Investigations practice, Farella Braun + Martel [1] Several years ago when...

Read More
News

Farella Braun + Martel Ranked Among “Best Law Firms” by U.S. News & World Report and Best Lawyers

SAN FRANCISCO, November 5, 2020: Farella Braun + Martel earned national and regional rankings across a number of practice areas in the U.S. News & World Report and Best Lawyers® release of the “Best...

Read More
News

TikTok Sues Over Trump Order, Calls President’s Decision Political

Janice Reicher, co-chair of Farella's White Collar Defense and Internal Corporate Investigations Group, commented in the Daily Journal article, "TikTok Sues Over Trump Order, Calls President’s Decision Political."

Read More
Publication

FCC Designates Huawei as National Security Threat

In the ongoing confrontation between the U.S. government and Chinese telecom giant Huawei, the U.S. has dealt another major blow. The Federal Communications Commission issued an order on June 30, effective immediately, declaring that...

Read More
News

Eight Farella Braun + Martel Lawyers Listed in Best Lawyers: Ones to Watch 2021

SAN FRANCISCO/ST. HELENA, CA, August 20, 2020: Eight Farella Braun + Martel lawyers were listed in the inaugural Best Lawyers: Ones to Watch . This recognition is awarded to attorneys who are earlier in...

Read More
Publication

Jurors, Justice and Technology

Douglas Young, Farella partner and president of the American College of Trial Lawyers, spoke with podcast host Howard Miller about requirements in jury selection and technology for jury and non-jury trials. Listen to the...

Read More
News

52 Farella Braun + Martel Attorneys Listed in The Best Lawyers in America© 2021

Read More
News

Farella Braun + Martel Elevates Five to Partner

Read More