Defendant’s wife saw child pornography on his computer and told the police. She consented to a search of the computer. Even though he was the primary user of the computer, he did not leave the computer password protected from her nor hide his search history. The fact he was the primary user did not show that she could not consent. When he objected, they stopped the search, but they had probable cause by then. United States v. Thomas, 2016 U.S. App. LEXIS 5972 (11th Cir. April 1, 2016):
When the police obtained Olausen’s consent to search the HP computer and undertook the forensic scan, they knew that: (1) the computer was easily accessible and located in an unlocked room in the Thomas’s shared residence; (2) Olausen had access to the computer and had used it that morning; and (3) Olausen and Thomas shared the password to access the computer. Based on this information, it appeared that Olausen had control and authority over the HP computer, and could consent to a forensic search. See Matlock, 415 U.S. at 170, 94 S. Ct. at 993.
The fact that Thomas was the primary user of the computer, worked from home, and typically deleted his Internet history, used pop-up-ware and spam filters, and usually fully shut down the HP computer (although he did not on the night in question) were insufficient to show that Olausen lacked the requisite common authority to provide consent. Despite Thomas’s security measures, Olausen had “joint access or control [over the computer] for most purposes,” and Thomas did not isolate his Internet use in a manner that prevented Olausen from accessing it all together. See Randolph, 547 U.S. at 135, 126 S. Ct. at 1535 (Roberts, C.J., dissenting); Matlock, 415 U.S. at 171 n.7, 94 S. Ct. at 993 n.7.
We find it particularly significant that Thomas did not protect his Internet history from Olausen by maintaining a separate login name and password or by encrypting his files. See United States v. Stabile, 633 F.3d 219, 232-33 (3d Cir. 2011) (holding that there was valid consent to search and seize computer hard drives when the defendant did not password-protect the computers and the computers were located in a common area of the house); United States v. King, 604 F.3d 125, 137 (3d Cir. 2010) (determining that a defendant who placed his hard drive in a shared computer that lacked password protection assumed the risk that the other user would consent to a search); Trulock v. Freeh, 275 F.3d 391, 403 (4th Cir. 2001) (holding that the defendant did not assume the risk that other users of a shared computer would permit a third-party to search his password-protected files); see also United States v. Andrus, 483 F.3d 711, 718-20 (10th Cir. 2007) (stating that password protection and the location of the computer are factors in determining who has authority to consent to a forensic search of the computer). Without separate passwords, encryption, or like measures, Olausen and Thomas shared access to the HP computer and all of its data, and by doing so, assumed the risk that the other would allow the police to view the computer’s contents. See Matlock, 415 U.S. at 171 n.7, 94 S. Ct. at 993 n.7.
F. Heightened Privacy Interest
We also hold that Olausen had the authority to consent to a forensic search of the HP computer even in recognition that the Supreme Court, in Riley v. California, noted a heightened privacy interest in cell phones—which the Supreme Court called “minicomputers.” The Riley Court held that the search-incident-to-arrest exception to the warrant requirement does not empower law enforcement officers to search the contents of an arrestee’s cell phone. Riley, 573 U.S. at __, 134 S. Ct. at 2484-85. It noted that the typical search incident to arrest turns up a limited quantity of evidence—namely, those items that are on the arrestee’s person, such as a wallet—whereas the search of cell phone data could reveal more information than an “exhaustive search of a house.” Id. at __, 134 S. Ct. at 2489-91.
While this reasoning played a central role in the Supreme Court’s analysis of the search-incident-to-arrest rule, we find it less critical to our analysis because the Supreme Court has already approved of exhaustive searches in the consent-based search context. In Matlock itself, for example, the Supreme Court upheld the consent-based search of a home, including the defendant’s bedroom and closet. 415 U.S. at 166-67, 177, 94 S. Ct. at 991, 996. Again, the touchstone of the third-party consent rule is assumption of the risk, and a person sharing access to a computer, just as a person sharing access to a home, exposes himself to a police search based on another’s consent.
G. Summary: Fruits of the Search Warrant were Admissible
We hold that Olausen had authority to consent to the forensic search of the shared HP computer in her home, and thus there was no Fourth Amendment violation when Detective Monaghan conducted the OS Triage forensic scan based on Olausen’s consent. Even assuming arguendo that Randolph applied to the search, there was no Fourth Amendment violation because the officers stopped their search when Thomas seemed to object.
