(Credit: istockphoto.com/peshkov)
Using RCM 703A to Build a Better Case
By Captain Ethan B. Murphy
An unknown suspect. An uncorroborated eyewitness account. An encrypted device. What is the common thread between these unrelated investigative issues? The solution to all three can often be found in digital evidence maintained by third-party service providers. Evidence that trial counsel can now obtain.
On 1 January 2019, the Military Justice Act of 2016 (MJA16) went into effect, bringing sweeping reforms to nearly every facet of the military justice process.1 While a great deal of attention has understandably been given to the many new offenses and significant updates to the trial phase,2 none of the changes show as much potential to affect investigations as the introduction of two new “pre-referral tools”: the Rule for Courts-Martial (RCM) 703A electronic communications’ court order and that RCM’s warrant.3 Indeed, after nearly a year of trial and error at the 25th Infantry Division, these tools have proved invaluable to the digital evidence collection process, leading to the conclusion that they should be used to improve nearly every investigation. The purpose of this article, therefore, is to provide background on the new RCM 703A tools and a “brass tacks” guide on their use, including a series of scenarios in which they would be valuable.
Highlighting the Need: The Long Road to RCM 703A
In order to appreciate the vast utility of the new RCM 703A tools, one needs only to look at the shortfalls of digital evidence collection before their existence. As the Department of Justice long ago identified, “virtually every class of crime can involve some form of digital evidence.”4 Criminal communications, admissions, and confessions are made through text messages, Wi-Fi- or cellular data network-enabled instant messaging services like Apple iMessage,5 and social media direct messaging features.6
Pictures, videos, and audio recordings are made, sent, and stored over
innumerable applications (apps). Global Positioning System (GPS) data
abounds: cell phone cell-site location information keeps a record of an
individual’s location, social media platforms keep a record of “geotags”
and locations from which the user logged in, and services such as Google
Maps maintain a “timeline” of destinations mapped and routes
traveled.7 Even financial transactions are carried out remotely, through networks.8 This digital evidence, and that of hundreds of other unnamed sources, is often held in storage not only by the users of such apps and services (usually on their personal electronic devices) but also in backups and records maintained by the service or app providers themselves (“service providers”).9
Before 2019, however, Army prosecutors and investigators had the internal authority to pursue only half of that evidence—the part held by users. For military justice teams strictly utilizing their own resources, digital evidence searches began and ended with commander- or military magistrate-authorized searches of a subject’s or witness’s personal electronic device.10 That process essentially involves the authorized seizure and “opening” of an electronic device, often times with the use of data extraction software to search for and create a copy of its digital evidence.11
While device searches continue to be an integral part of Army criminal investigations, the unfortunate reality is that they are time-intensive and unreliable processes.12 With the introduction of each new model, device encryptions become more complex and harder to crack,13 and device makers are often unwilling to assist law enforcement agencies in their attempts.14 When devices are finally cracked open, investigators are often disappointed to find that expected digital evidence is either partially or entirely missing15 or altered beyond recognition.16
When those difficulties occurred in the past, trial counsel and Army investigators had little recourse. For decades, federal and state prosecutors and law enforcement agencies have been able to seek troves of stored digital evidence from all sources via authorities granted to them and their courts by the Stored Communications Act (SCA).17 Military justice practitioners, however, had no statutory right to serve judicial process on, and therefore obtain evidence from, service providers.18 As a result, before the passage of MJA16, military justice teams had two options: (1) ask state and federal partners to seek evidence from service providers on their behalf, a tactic that carried significant constraints of its own,19 or (2) rely on whatever evidence they were able to obtain directly from users. The result, as many would expect, was often deeply unsatisfactory, and—for at least the last decade—a number of our predecessors suggested Congress extend the SCA’s judicial processes to military courts.20 Congress finally did so in passing MJA16, empowering military judges to review and issue RCM 703A court orders and warrants for electronic records and communications, starting on 1 January 2019.
Given this history, the arrival of the pre-referral tools should be viewed not just as the addition of a few more arrows in a military justice practitioner’s quiver, but also as the beginning of a new era in evidence collection and case development. Digital evidence and records are stored by service providers more than ever, and that evidence is just waiting to be obtained through these new judicial processes. Whether that evidence is used to solve, or simply bolster a case, it is out there. The onus is now on military justice practitioners to learn how to get it.
The Starting Point: The Preservation Letter
In any investigation potentially involving stored digital evidence held by service providers, the first step is to send an RCM 703A(f) preservation letter to the service provider. Since no law requires service providers to preserve digital evidence,21 most only do so for their own purposes, and for a finite (and often short) period of time. As such, failure to issue a preservation letter may result in the loss of evidence before an order or electronic warrant can be obtained and issued. What the preservation letter allows, and standards for its use, are as follows:
- Use to obtain: Preservation of electronic records and/or the contents of electronic communications.
- Legal standard: None—just a request. RCM 703A(f) states: “A provider of wire or electronic communication services or a remote computing service, upon the request of a federal law enforcement officer, trial counsel, or other authorized Government counsel, shall take all necessary steps to preserve records and other evidence in its possession pending the issuance of an order or other process.”22 Upon receipt, the provider must retain such evidence for a period of ninety days, and that period can be extended an additional ninety days upon renewed request by the Government.23
-
Service: Trial counsel or the investigating agent should issue the
preservation letter to the relevant service provider custodian of
records, most of whom can be found, free of charge, on the National
Consortium for Justice Information and Statistics website.24
-
Forms: While a template preservation letter can be found in the SCA
templates folder on the JAGConnect MJA16 Mobile Training Team (MTT)
milSuite page, in reality many providers require that their own forms
or formats be used, many of which can also be found on the National
Consortium for Justice Information and Statistics website.
Uncertain Ground: Avoid Using Pre-Referral Investigative Subpoenas for
Digital Evidence Held by Service Providers
Before diving into RCM 703A court orders and warrants, it is worth
taking a brief moment to address why using pre-referral investigative
subpoenas to obtain digital evidence held by service providers is not
recommended. First, it is questionable whether the Uniform Code of
Military Justice (UCMJ) actually grants military practitioners the
authority to obtain such evidence via pre-referral subpoena. Second, the
use of a subpoena could result in disclosure to the subject prior to
apprehension, thereby compromising the investigation and potentially
resulting in the destruction of evidence.
With respect to legal authority, RCM 703(g)(3)(b), which defines the
type of evidence that may be produced by UCMJ subpoenas, states: “A
subpoena shall command each person to whom it is directed to… produce
evidence—including books, papers, documents, data, writings, or other
objects or electronically stored information.”25
At face value, this definition appears to allow trial counsel to seek
stored digital evidence with merely a subpoena, a notion encouraged by
the fact that our federal counterparts, under the authorities granted to
them by the SCA, can pursue some basic categories of stored digital evidence (basic subscriber information and some non-content records) with administrative, trial, and grand jury subpoenas.26
Plain readings of UCMJ Articles 30 and 46 and RCM 703A and its analysis,27 however, clearly dictate that any type of stored digital evidence covered by the SCA (as discussed above, including all stored communications and records held by telephone, internet, email, and social media providers) can only be obtained with RCM 703A electronic warrants and court orders. Indeed, because RCM 703A specifically requires a court order for those same records that a federal prosecutor or investigator could obtain with a subpoena, it can be inferred that the rule makers intentionally deprived trial counsel, who are new to this area of practice, of the right to use subpoenas for such evidence.
As to potentially compromising an investigation, while 703A court orders and warrants may be accompanied by a non-disclosure order issued by the military judge,28 pre-referral investigative subpoenas may not. As such, using a pre-referral investigative subpoena for stored digital evidence runs the significant risk that the recipient providers may alert the target suspects and witnesses to the subpoena’s existence, potentially leading to the destruction of other evidence—such as personal electronic devices—before a suspect can be apprehended. Accordingly, it is again recommended that pre-referral investigative subpoenas not
be used to pursue digital evidence held by service providers.
Human interaction has moved to cellular- and internetbased messaging
platforms. These platforms provide advantages that past generations only
dreamed of—they allow users to send messages instantaneously, around the
globe, often for free. At the same time, by virtue of their very
existence, these platforms have enabled all types of criminal
communications
Building Blocks and Loose Ends: Pursuing Basic Subscriber Information
and Non-Content Records and Logs with RCM 703A Court Orders
After consulting with the Criminal Investigation Command (CID)
investigator, trial counsel sent preservation letters to every service
provider that may be in possession of relevant stored digital evidence.
What is the next step? Determining whether a court order or warrant is
the most appropriate tool to employ.
When it comes to returns, RCM 703A warrants may seem superior to court
orders. While court orders may only obtain non-content information such
as a user’s name, address, and form of payment, as well as all other
non-content data maintained by the provider, such as logs, session
times, connect times, disconnect times, and more,29
warrants can be used to obtain everything a court order can and
all sorts of “contents” of electronic communications, including the
content of messages, sent and stored video and image files, and GPS
data.30
Yet, RCM 703A court orders have at least two distinct advantages over warrants. First, they seek records and logs not protected by the Fourth Amendment and, therefore, do not require probable cause. Instead, the military judge must merely be provided with “[s]pecific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.”31 This is a much lower standard than that for obtaining a warrant.32 Second, as the information they seek is often already kept by the service providers in record and log form, the returns are usually provided sooner than warrant returns, which may take weeks to assemble.33
Standards for an RCM 703A order:
- Use to obtain: Basic subscriber information, logs and records, including source internet protocol (IP) addresses, length and source of service, payment information, records of session times, and lengths of service.
- Legal Standard: A court order does not require probable cause. Instead, it merely requires “[s]pecific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.”34
- Application: The investigating agent’s affidavit, sufficient to establish “specific and articulable facts” in support of issuance of the order, can be incorporated into MJA16 milSuites’ 2703(d) order template. The submitted document includes the Application, an Attachment A to the Application specifying the username or account at issue (Part I of Attachment A) and the non-content data to be seized (Part II of Attachment A), and draft orders, potentially including a non-disclosure order, for the judge to sign. The investigating agent submits the signed request to the military judge through the relevant trial counsel.
- Forms: A template RCM 703A court order, as well as a non-disclosure order, can be found in the SCA templates folder on the MJA16 milSuite page.35
Useful Times to Obtain An RCM 703A Order
The Building Block: Identifying an Unknown Suspect
It is undisputed that a great deal of human interaction has moved to cellular- and internet-based messaging platforms. These platforms provide advantages that past generations only dreamed of—they allow users to send messages instantaneously, around the globe, often for free. At the same time, by virtue of their very existence, these platforms have enabled all types of criminal communications—indecent and threatening language to name a few—and behaviors—such as cyberstalking—to move from the real world to the internet, often accompanied by a level of anonymity that was much harder to achieve in the past.36
This may manifest itself in investigations in numerous ways, but a few examples include: (1) anonymous suspects sending threatening or indecent messages to victims; or, (2) anonymous suspects sending indecent communications to undercover agents (UCs) that they believe are children. When this occurs, the easiest
way to obtain the identity of the suspect is by filing an RCM 703A
court order seeking the basic subscriber information and logs associated
with the suspect’s username.37 When the returns come back, they will likely either identify the suspect directly (subscriber email, name, etc.) or, even if the suspect is savvy enough to have masked his identity when he originally submitted the basic subscriber information, provide the IP address of the source, which can subsequently be traced to an internet service provider (ISP) through another court order, and then to the suspect’s origin (typically their residence).38
Obtaining such crucial information is the first step in building out the rest of the investigation, which usually culminates in a search authorization for the seizure of a suspect and their personal electronic devices.
The Loose End: Obtaining the Missing Text Logs
Now consider the opposite hypothetical. Trial counsel have built a strong case against a known suspect and, after his arrest, CID seized his cellphone to confirm the existence of incriminating or criminal text messages. Disappointingly, the phone extraction reveals nothing, as it appears the messages have been deleted and wiped entirely. While law enforcement still has the text messages from the victim’s side of the conversation, the Government is reluctant to prefer charges and possibly go to trial without more evidence confirming that the Accused did in fact send the messages from his device.
An option is to obtain an RCM 703A warrant for a copy of the suspect’s messages maintained in cloud storage (further defined below). If that fails, however, another option is to send an RCM 703A court order to the telephone service provider (AT&T, Verizon, T-Mobile, etc.) seeking “text logs.” These logs are a record, kept by all major phone providers, which details the basic information (time sent, time received, phone number of sender and receiver, etc.) for all messages received and sent during a given timeframe. While these logs would not include the content of the texts, they would affirmatively prove whether or not the Accused in fact sent the messages.
Unlimited Potential: The RCM 703A Electronic Communications Warrant
Long utilized by federal law enforcement and prosecutors, the advent of social media and cloud storage in the 2000s only served to make the electronic communications warrant that much more crucial to investigations. Whether used to directly solve computer crimes (child pornography, indecent communications, wire fraud, etc.), or in support of solving general crimes (messages in violation of military protective orders, conspiracy, cell site location information), every trial counsel should ask the same question at the beginning of an investigation: can we use an RCM 703A warrant to help solve this case? Following is a quick reference guide to help answer that question:
- Use to obtain: The contents of electronic communications, including email and text message contents, pictures, videos, and other media maintained by service providers; GPS data and cell site location information.
- Legal Standard: Probable cause to believe that the information sought contains evidence of a crime.
- Application: A sworn affidavit by the requesting agent is required. All required forms are submitted as a package by the agent, through the relevant trial counsel, to the military judge. Each affidavit must include: A facts section setting forth probable cause for the criminal evidence to be found; Attachment A, setting forth the place to be searched (examples include user names, account numbers, email addresses); Attachment B, part I, setting forth the particular39 evidence to be disclosed by the service provider to the Government for review; and Attachment B, part II, setting forth the evidence of the crime to be properly seized by the Government after a review of part I. Optional: Non-disclosure order for the judge’s signature, with a recommended non-disclosure period of one year.
- Forms: (1) DD 3057 Application for Search and Seizure Warrant to be signed by investigating agent and submitted by trial counsel; (2) Affidavit in support of the warrant drafted and signed by the investigating agent and reviewed and submitted by trial counsel; (3) DD 3056 Search and Seizure Warrant to be signed by the military judge.
Useful Times to Obtain An RCM 703A Warrant
Solving an Encrypted or Wiped Device: Obtaining Cloud Storage40 Backup
In the course of a recent investigation, the trial counsel obtained a magistrate authorization to search a suspect’s device for indecent communications that he allegedly sent over a social media direct messaging service, but one of two things happened: (1) the encryption proved too difficult to crack, or (2) the phone’s contents were wiped, either before it was seized or remotely afterward. What to do?
If the trial counsel previously sent a preservation letter to the phone’s cloud storage provider,41 they can follow up with an RCM 703A warrant for portions of its cloud backup. When enabled on smart phones, cloud storage “backs up” a nearly identical copy of a phone’s contents.42
If the suspect backed up his phone until the point of seizure, the trial
counsel would likely find the communications stored in residual “app
data.”
Solving an Encrypted or Wiped Device Part II: Obtaining Evidence
Directly from the App
Taking the previous hypothetical one step further, assume that the
suspect both wiped his phone and had cloud storage disabled on his
device, thus preventing Government investigators from obtaining the
messages from a backup. Even then, the Government still has a chance to
obtain the communications from the Accused’s social media account if it
sends an RCM 703A warrant to the social media provider. While every
provider has a different data storage policy, many retain the contents
of communications sent by users for a period of time. Additionally, and
as mentioned earlier, the warrant returns would provide subscriber
information that could likely be used to tie the suspect to the account.
Checking an Alibi: Cell Site Location Information and GPS Data
Cell site location information creates a record of a cell phone user’s
geographic location based on the phone’s continuous connections with
nearby radio antennas, called “cell sites.”
43
Last year, the Supreme Court determined that suspects retain a
reasonable expectation of privacy in the record of their physical
movements as captured in cell site location information.44
As such, any searches for cell site location information and GPS data
maintained by service providers will require an RCM 703A warrant. In
investigations that hinge on the suspect’s whereabouts at the time of
the alleged offense, obtain a warrant for cell site location information
through phone providers, and/or GPS location data through cloud storage
or other providers (Apple Maps, Google Maps, Facebook location services,
etc.).
In investigations that hinge on the suspect’s whereabouts at the time of
the alleged offense, obtain a warrant for cell site location information
through phone providers, and/or GPS location data through cloud storage
or other providers
Conclusion
A tool is only as good as the skill of its user, and a case is only as
strong as the evidence that supports it. Stored digital evidence is
everywhere, and MJA16, through the new RCM 703A’s court order and
warrant provisions, has finally given military justice practitioners the
ability to obtain it. Now, the onus is on military justice practitioners
across the Corps to invest the time and resources to learn, alongside
their investigative partners, how to properly and skillfully employ
these assets to their greatest advantage. Ensuring the preservation of
relevant data, determining what elements of the data are most important,
and identifying the best and most appropriate means to obtain that data
based on the factors present in each case are the keys to that mastery.
This article provides a starting point for practitioners to begin
employing these new—and long overdue—tools.
TAL
CPT Murphy is presently assigned as a Special Assistant United States Attorney in the 25th Infantry Division and U.S. Army in Hawaii.
The author would like to give a very special thanks to Army Major
Cybercrime Unit (MCU) Special Agent Jon Reinecke and MCU Counsel Gary
Korn for their invaluable mentorship and contributions to 25th ID’s
work in this subject area.
Notes
1. See Meghann Myers, Here’s What You Need to Know About the Biggest Update to UCMJ in
Decades, Military Times, (Jan. 15, 2019), https://www.militarytimes.com/news/your-army/2019/01/15/heres-what-you-need-to-know-about-the-biggest-update-to-ucmj-in-decades/.
2. Id.
3. Statutorily enacted through the Uniform Code of Military Justice articles 30(a)(1)(B) and 46(d)(3)—implemented in the 2019 edition of the Manual for Courts-Martial (MCM). Manual for Courts-Martial, United States, R.C.M 703A (2019) [hereinafter 2019 MCM]. The R.C.M. 703(g)(3)(C)
pre-referral investigative subpoena is also discussed below, but for
reasons provided, it is not recommended that investigative
subpoenas be used to pursue stored digital evidence, held electronic communication service, or remote computing service providers. Id.
4. Office of Legal Education, Exec. Office for U.S. Attys, Computer
Crime and Intellectual Property Section Criminal Division, U.S. Dep’t
of Justice., Searching and Seizing Computers and Obtaining Electronic
Evidence in Criminal Investigations
ix (3d ed. 2009) [hereinafter
Searching and Seizing Computers]. Based on the universal nature of digital technology use in 2019, a definition is not likely necessary, but nonetheless, digital evidence can be defined as: “information and data of value to an investigation that is stored on, received, or transmitted by an electronic device.” Nat’l Inst. of Justice, U.S. Dep’t of Justice, Electronic Crime Scene
Investigation: A Guide for First Responders
ix (2008),
https://www.nij.ojp.gov/library/publications/electronic-crime-scene-investigation-guide-first-responders-second-edition.
5. See About iMessage and SMS/MMS, Apple.com, https://support.apple.com/en-us/HT207006 (last visited May 19, 2020).
6. See Direct Messaging, Instagram, https://help.instagram.com/1750528395229662 (last visited May 19, 2020).
7. See Google Maps, Google, https://www.google.com/maps/about (last visited May 19, 2020).
8. See In re Application of the United States of America for an Order Pursuant to 18 U.S.C. § 2703(d), 2018 U.S. Dist. 52183 (D.D.C. 2018) (holding Royal Caribbean Cruises’ on-board network used by its passengers for financial transactions was considered an electronic communications service).
9. For the purposes of this guide, and in accordance with United States v. Warshak, 631 F.3d 266 (6th Cir. 2010), no practical distinction will be made between electronic communication service (defined in Title I of the Electronic Communications Privacy Act (ECPA) at 18 U.S.C. § 2510(15)), and remote communication service providers (defined in Title II of ECPA (Stored Communications Act)) at 18 U.S.C. § 2711(2)).
10. For an explanation of the military search authorization process for personal electronic devices, see Major Jacqueline DeGaine, Digital Evidence, Army Law., May 2013, at 9-12.
11. Searching and Seizing Computers, supra note 4, at 77-78.
12. Id. at 76-79.
13. Apple recently published a ninety-two-page white paper on its most updated operating system’s security functions, which included the following description of its device encryptions:
By setting up a passcode, the user automatically enables Data Protection....The passcode is entangled with the device’s UID, so brute-force attempts must be performed under attack. A large iteration count is used to make each attempt slower. The iteration count is calibrated so that one attempt takes approximately 80 milliseconds. This means that it would take more than five and a half years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers....To further discourage brute-force passcode attacks, there are escalating time delays after the entry of an invalid passcode at the Lock screen. If Settings > Touch ID & Passcode > Erase Data is turned on, the device will automatically wipe after 10 consecutive incorrect attempts to enter the passcode.
SeeiOS Security: iOS 12.3, Apple, https://www.manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-securiy-guide.pdf [hereinafter iOS Security] (last visited May 19, 2020).
14. The most public example of this phenomenon was Apple’s refusal to assist the Federal Bureau of Investigation (FBI) in cracking the iPhone 5C that belonged to one of the shooters involved in the December 2015, San Bernardino attack. Ironically, the FBI’s mishandling of the device prevented them from potentially obtaining “backups” in iCloud storage accessible with a stored communications warrant. See Breaking Down Apple’s iPhone Fight With the U.S. Government, N.Y. Times, (Mar. 21, 2016), https://www.nytimes.com/interactive/2016/03/03/technology/apple-iphone-fbi-fight-explained.html.
15. Evidence can often be destroyed by the intrusive search itself, or by remote destruction initiated by the user. iPhone users, for example, have the ability to remotely “wipe” their devices of all stored digital evidence. See iOS Security, supra note 13, at 82.
16. Searching and Seizing Computers, supra note 4, at 78.
17. The Stored Communications Act is Title II of the Electronic Communications Privacy Act of 1986. See 18 U.S.C. §§ 2701-2712 (1986). It established both statutory privacy rights for customers in the evidence held by third party service providers and a series of judicial processes (subpoenas, court orders, and warrants—the federal analogs to the Army’s new pre-referral tools) by which federal prosecutors and investigators could compel that evidence. See Searching and Seizing Computers, supra note 4, at 115-138.
18. Before the passage of the Military Justice Act of 2016 (MJA16), military courts were long ago determined not to be “courts of competent jurisdictions” for purposes of the Stored Communications Act (SCA), and military judges were therefore unable to issue 18 U.S.C. § 2703 warrants and court orders. See Major Sam C. Kidd, Military Courts Declared Incompetent: What Practitioners (Including
Defense Counsel) Need to Know About the Stored Communications
Act, 40 Reporter, no. 3, 2013 at 17, 20-21.
19. Even when willing, federal and state authorities often could not provide assistance due to jurisdictional or investigation threshold issues. See Lieutenant Colonel Thomas Dukes Jr. & Lieutenant Colonel Albert Rees Jr., Cyberlaw Edition: Military Criminal Investigations and Stored
Communications Act, 64 A.F. L. Rev. 103, 111 (2009) (Examples of such scenarios would include uniquely military offenses, such as desertion, which may only be prosecuted by court-martial; cases where no federal or state court has jurisdiction over the offense being investigated; and cases that are technically within the jurisdiction of a federal or state court, but which fall below prosecutorial thresholds, such as drug cases involving minimal amounts of controlled substances.).
20. Id. at 118-19.
21. Searching and Seizing Computers, supra note 4, at 78.
22. See 18 U.S.C. § 2703(f) (federal analog).
23. 2019 MCM, supra note 3, R.C.M. 703A(f)(2).
24. ISP List,
Search, https://www.search.org/resources/isp-list/ (last visited May 18, 2020).
Also known as SEARCH, this organization’s internet service provider list
function offers a wealth of free information on service providers and
their respective legal policies.
25. The exact definition is found in previous versions of the
MCM, well before Congress turned military courts into “courts of competent jurisdiction” under the SCA. See Manual for Courts Martial, United States, R.C.M. 703(e)(2)(B) (2016). Such a subpoena, if used before the
enactment of the MJA16, would have been unenforceable if the service
provider refused to turn over the evidence in question. For a more
in-depth discussion, see Kidd, supra note 18, at 20-21. The Rules for Courts-Martial further fail to distinguish between the types of information that are sought with a pre-referral investigative subpoena vice a trial subpoena, leading one to conclude that they serve the same function.
26. See 18 U.S.C. § 2703(c)(2) (2018).
27. See 2019 MCM, supra note 3, R.C.M.703A, app.15.
28. See Id. R.C.M. 703A(d)(2).
29. Id. R.C.M 703A(a)(4)(A)-(F). While R.C.M. 703A(a)(2) and (3) purportedly allow court orders to be used to obtain certain “contents,” including contents of electronic communications that have been held in storage for more than 180 days, these provisions are out of line with the decision in United States v. Warshak, 631 F.3d 266 (6th Cir. 2010), which held that a warrant is required to pursue any electronic communications’ contents, no matter the source or age. Since Warshak is followed by virtually every Federal court, and thus almost assuredly to be adopted by military courts in the near future, practitioners are advised not to use RCM 703A court orders to obtain content.
30. 2019 MCM, supra note 3, R.C.M. 703A(a)(1)–(4).
31. Id. R.C.M. 703A(c)(1)(A).
32. Id. The House Report accompanying the 1994 amendment to 18 U.S.C. § 2703(d), the Federal analog to the RCM 703A court order, states: “This section imposes an intermediate standard to protect on-line transactional records. It is a standard higher than a subpoena, but not a probable cause warrant....The intent of raising the standard for access to transactional data is to guard against ‘fishing expeditions’ by law enforcement.” Searching and Seizing Computers, supra note 4, at 131.
33. While evidence of this advantage is anecdotal, our office has received order returns faster than warrant returns.
34. 2019 MCM, supra note 3, R.C.M. 703A(c)(1)(A).
35. JAGConnect—MJA16 MTT, milSuite, https://www.milsuite.mil/book/groups/jagconnect-mja16-mtt (last visited June 24, 2020).
36. Some social media platforms, such as Whisper, encourage, or even require, their users to remain anonymous or semi-anonymous. See Explainer: What is Whisper? Webwise, https://www.webwise.ie/parents/explainer-whisper/ (last visited May 19,
2020).
37. If the victim or undercover agent informed CID or the prosecutor of
the messages, but for whatever reason lacks originals or even copies of
said messages although remembers the suspect’s username (most commonly
the case when victims previously deleted the messages for a multitude of
personal reasons), the government might very well lack probable cause
(dependent on the judge) for a warrant and
need to use a court order. Alternatively, even if the messages are provided and the government has probable cause for a warrant, it may be more advantageous to utilize a court order, which can be quickly assembled and sent to the military judge, and likewise quickly returned by the service provider.
38. See Dukes & Rees, supra note 19, at 113–14.
39. Respect for a suspect’s Fourth Amendment rights dictates that warrants “particularly describe the place to be searched, and the persons to be seized.” U.S. Const. amend. IV. For guidance on particularity as it pertains to digital evidence searches, see United States v. Richards, 76 M.J. 365 (C.A.A.F 2017).
40. While there are many sub-definitions, Cloud storage can generally be defined as the storage of data on hardware (often servers in warehouses) maintained by third-party service providers, accessible via the internet. See Cloud Storage: What is it and how does it work? How It Works (Apr. 25, 2019), https://www.howitworksdaily.com/cloud-storage-what-is-it-and-how-does-it-work/. Cloud storage has grown exponentially over the last decade, providing individuals and businesses with vast benefits, including the ability to securely store data without using limited (and fragile) device hardware space, and to access that data from many devices. Id.
41. Cloud storage is typically provided by the personal electronic device maker’s parent company. See Back Up or Restore Data on Your Android Device, Google, https://support.google.com/nexus/answer/2819582?hl=en (last visited May 19, 2020); Manage and Access your Samsung Cloud Storage, Samsung, https://www.samsung.com/us/support/answer/ANS00060518/ (last visited May 19, 2020).
42. On default settings, Apple’s iCloud backup includes the following: “app data, Apple Watch backups, [d]evice settings, HomeKit configuration, [h]ome screen and app organization, iMessage, text (SMS), and MMS messages, [p]hotos and videos on your iPhone, iPad, and iPad touch, [p]urchase history from Apple services, like your music, movies, TV shows, apps, and books, [r]ingtones.” Here’s What iCloud Backup Includes, Apple (Jan. 16, 2020), https://support.apple.com/en-us/HT207428.
43. See Carpenter v. United States, 138 S.Ct. 2206 (2018).
44. Id.