A Comprehensive Guide to Federal Criminal Defense (2025)

This article is an excerpt from:

Contact Ron

For a Complete Guide…

With over 150 Federal Criminal Acquittals, Ron Chapman II has been hailed as one of the nation’s best federal criminal defense attorneys. Now you can learn how he has achieved resounding success in the court room and often - before the case gets to court.

Cell Phone Search Warrants and Privilege Filter Protocols

Probable Cause and Warrant Requirements for Cell Phone Searches

The Supreme Court’s decision in Riley v. California established that police must obtain a warrant supported by probable cause before searching the digital contents of a seized cell phone .  Cell phones are not mere physical containers; they hold “the privacies of life” for many Americans, so the Fourth Amendment’s protections apply with full force . In practice, this means officers must demonstrate to a magistrate judge that there is a fair probability that evidence of a specific crime will be found on the phone, just as with any other search warrant . Generalized assertions that “criminals often use cell phones” are not enough – courts usually require some case-specific nexus between the suspect’s alleged criminal activity and their phone. For example, the D.C. Circuit overturned a warrant for a suspect’s phone where the affidavit relied only on an officer’s experience-based claim that gang members use phones to communicate; the court found that, without more particularized facts, authorizing a search “anytime there is probable cause to suspect [someone] of a crime” would come too close to the general warrants the Fourth Amendment forbids . In contrast, other courts have been willing to infer such a nexus when the nature of the crime suggests the likely use of a phone – e.g., conspiracies or drug trafficking that typically involve coordination via calls or texts . The prevailing principle is that probable cause to search a phone must be grounded in more than mere possession of the device by a suspect; there should be some factual link (direct or inferential) indicating the phone was used in, or contains evidence of, the crime under investigation . In sum, Riley requires a warrant for cell phone data, and that warrant must clear the same probable cause hurdle as any other – one that is informed by the massive scope of data phones hold. Courts are mindful that because phones contain uniquely extensive personal information, probable cause should not be based on boilerplate or assumptions alone .

Scope and Particularity: Limits on What the Government Can Search

Even with a valid warrant, the Fourth Amendment demands that the warrant be appropriately particular – it must describe the place to be searched and items to be seized with reasonable specificity so as to avoid an exploratory rummaging. In the context of cell phones (and other digital devices), this particularity requirement guards against “general warrants” that authorize sweeping, unchecked searches of an entire device .  The warrant should ideally limit the search to evidence related to the suspected offenses that provided probable cause. In practice, many warrants for phones will list certain categories of data to be seized (e.g. “texts, emails, photos, and location data relating to X crime between Date A and Date B”), or will otherwise specify the crime and types of information sought. Courts have taken varying approaches on how granular this must be.

On one hand, several federal circuits have held that a warrant which ties the search to evidence of specific criminal conduct is sufficiently particular, even if it effectively allows officers to review all files on the device in the process of identifying the evidence . For example, the Seventh Circuit upheld a warrant that authorized searching a suspect’s entire phone for “any evidence…of [his] identity, motive, or plan” related to a drug crime and shooting – even though this meant police could look at every application and file – because the warrant clearly limited the search to evidence of the specified crimes . The court reasoned that digital evidence could be hidden anywhere in the phone, and “[c]riminals don’t advertise where they keep evidence,” so a broadly worded warrant was acceptable so long as it was cabined by the subject matter of the investigation (here, evidence of drug dealing and the shooting) . Likewise, the Sixth Circuit has stated that a warrant meets particularity requirements if it confines the search to evidence of a particular offense or scheme under investigation; it need not enumerate every type of file or application to be searched . In these courts’ view, describing the crime (or even a broad category of items related to the crime) sets an objective boundary for the executing officers, analogous to a warrant for a physical house search that allows officers to look in any location where the sought evidence might logically be found .

On the other hand, some judges and courts (as well as commentators) have voiced concern that allowing warrants to simply authorize “search all data for anything related to crime X” risks becoming a license for general exploratory searches, given the sheer volume of personal information on a phone . They argue that officers and magistrates should, whenever feasible, incorporate limiting protocols – for example, restricting the search to a specific time frame, to certain types of data most likely to yield the evidence sought, or even using keyword searches – in order to avoid intrusion into unrelated private information . The Supreme Court in Riley did not articulate specific ex ante limits on search scope, leaving this to lower courts to develop . As a result, approaches have diverged. For instance, the original panel opinion in the Fifth Circuit’s United States v. Morton case took a stricter stance: it found the warrant defective to the extent it allowed a search of categories of data (like the entire photo gallery) that had no shown nexus to the drug offense under investigation . That panel would have required the warrant to exclude or carve out such irrelevant data categories, but the en banc Fifth Circuit ultimately set aside the issue by applying the good-faith exception (finding the officers reasonably relied on the broad warrant) . Still, the trend is that courts frown on “any and all data” warrants unless the breadth is truly justified by probable cause. As one court observed, officers will “rarely, if ever” be able to demonstrate probable cause to search every file on a phone without limitation . Warrants should therefore “effectively limit the discretion of the searching officers so as not to intrude on…privacy interests any more than reasonably necessary,” using tools like date ranges, specified data types, or search protocols to narrow the scope . In short, the warrant’s description of the items to be seized from the phone must be as specific as possible under the circumstances. If it is too general or overbroad, a court may later deem it an unconstitutional general warrant – though in practice the remedy is often to suppress only the evidence obtained beyond the proper scope, or to rely on the good-faith exception if agents reasonably tried to stay within the law .

Safeguards Against Overbroad or Improper Searches

Two-Step Execution – Imaging and Subsequent Review: In federal practice, warrants for electronic storage like cell phones are often executed in a two-phase process. First, agents may seize or image the entire device (creating a forensic copy), and second, they later examine the data for the particular evidence described in the warrant. This procedure is explicitly authorized by Federal Rule of Criminal Procedure 41(e)(2)(B), which recognizes that an off-site review of an entire digital copy may be necessary to locate the relevant information . The rationale is that digital data cannot be effectively searched on-site or by eyeballing the device; investigators need to capture all the data to sift through it with forensic tools. Importantly, however, having the full image does not give the government carte blanche to use or peruse every piece of information on it. The contents of the phone must still be searched only to the extent consistent with the warrant’s limits – any data outside the warrant’s scope should not be examined or retained (absent a separate lawful basis). For instance, if the warrant is for evidence of a drug conspiracy, the agents may scan the whole image, but only to find files, messages, etc. that relate to that crime. Federal guidelines instruct that non-responsive data (data not covered by the warrant) should be segregated or left unexamined to avoid turning a specific search into a free-ranging exploration . In practice, forensic software can assist in narrowing the search: modern mobile forensic tools allow examiners to filter results by date, by keyword, by file type, and other parameters . Agents can, for example, run targeted keyword searches across the phone’s contents or restrict their review to certain apps or time periods, which helps ensure they are not opening files or conversations with no relevance to the investigation. While not legally required in every case, such self-imposed search protocols are a best practice to demonstrate respect for the Fourth Amendment’s particularity and to fend off suppression arguments. Indeed, Justice Department policy expects prosecutors and agents to employ “adequate precautions” and review procedures to minimize exposure to irrelevant or privileged material during digital searches .

Plain View Doctrine in Digital Searches

A frequent concern is what happens if, during a lawful search of the phone for X, agents come upon evidence of crime Y (not covered by the warrant). Generally, under the plain-view doctrine, if investigators are legitimately searching in a place (or file) where the warrant allows them to look, and they inadvertently discover obviously incriminating evidence of another crime, they may seize it or note it for future warrants . For example, in the Morton case, officers executing a broad drug-related phone warrant found child pornography images; they stopped and obtained a second warrant to fully investigate the child pornography after that initial discovery . The key limitation is that the officers must not use a valid warrant as a pretext to go hunting for unrelated wrongdoing. Some courts have warned that the plain-view exception can be misused in the digital realm – because if a warrant effectively lets the government open every file, the government could invoke “plain view” to scoop up any evidence found in those files, even if unrelated. To address this, the Ninth Circuit once suggested ex ante restrictions (like having a filter team or magistrate conduct an initial screen) to prevent prosecutors from simply roaming through all data under the guise of the warrant . Those suggestions are not binding rules, and most courts still allow plain-view seizures from electronic searches so long as the initial search was within the warrant’s scope. Nevertheless, judges are increasingly attentive to how warrants are executed. Some may require the government to return or destroy non-responsive data after the search, or to report on how the search was conducted, as a safeguard against retaining vast troves of personal information that have no investigative value . In one Second Circuit case, agents had lawfully copied an accountant’s hard drives; the warrant allowed seizure of evidence of a specific fraud, but agents retained a copy of all data (including unrelated personal files) for years. A panel court viewed that retention of non-pertinent data as problematic, essentially an unreasonably overbroad seizure, though the en banc court later found no Fourth Amendment violation on the unique facts (the data was preserved but accessed only with a new warrant) . The lesson is that over-seizing electronic data is allowed to the extent necessary to execute the warrant, but the government must not use or keep beyond that scope without further judicial approval.

In summary, there are built-in safeguards and evolving practices to prevent digital searches from becoming unconstitutionally broad. Imaging an entire phone is a standard, lawful step – but it is coupled with careful filtering during review. Warrants are interpreted in a common-sense but confined manner: agents can only search those areas of the phone where the specified evidence could reasonably be, and must stop when the evidence is found (or when they have searched all authorized locations). If agents encounter sensitive or unrelated material, they should cordon it off. Courts ultimately will suppress evidence or impose remedies if agents grossly exceed the warrant’s scope. But equally important, a well-drafted warrant and prudent search methodology on the front end are the primary means of ensuring the government looks only where it is entitled to look, and for what it is entitled to seize .

Attorney-Client Privilege and Filter Teams in Cell Phone Searches

A specific concern in our scenario is protecting attorney-client communications that may be stored on the seized phone. When law enforcement executes a search warrant on a device likely to contain privileged communications (such as messages with legal counsel), the Department of Justice has established protocols to “safeguard” privileged material and prevent the investigative team from viewing it inadvertently . In fact, the DOJ’s Justice Manual mandates that prosecutors “employ adequate precautions” in such searches, including use of “filter protocols” (also known as “taint teams” or “privilege teams) . A filter team is a group of agents or attorneys walled off from the main prosecution team; their job is to isolate any potentially privileged material before it reaches the investigators and trial attorneys . Typically, the filter team will review data or documents first, flag and segregate anything that involves communications with the identified defense attorneys, and only pass on to the prosecution team those items that are not privileged (or that a court has determined fall under an exception to privilege) .

The prosecutor’s offer to let defense counsel supply a list of attorney names is a textbook example of implementing a filter protocol. By providing those names, you enable the filter agents to, say, run keyword searches on the phone’s data for those attorneys’ emails, phone numbers, or messaging handles, so they can quarantine those communications. This procedure is in line with DOJ guidance, which even suggests that warrant affidavits mention the intended use of privilege-filtering procedures to reassure the judge that investigators will not be improperly reading attorney-client materials . The Justice Manual explicitly notes that in all cases involving seizures of possibly privileged material, prosecutors must ensure privileged documents are reviewed in a manner that does not taint the investigation – whether by a filter team, a court-appointed special master, or other means, depending on the circumstances .

Legality of Filter Teams

The use of a government filter team is generally accepted as a lawful mechanism to protect privilege, but it has been subject to some debate and differing approaches in the courts. Most courts have allowed the government to employ filter teams, recognizing the practicality of having government attorneys (not involved in the case) do an initial privilege screen. However, courts also emphasize that the filter process must truly be insulated from the prosecution, and some have imposed additional checks to ensure fairness. Notably, the Fourth Circuit in In re Search Warrant Issued June 13, 2019 (Baltimore Law Firm) took a very strong stance against unsupervised filter teams . In that case, which involved the search of a law firm (where virtually all seized materials could be privileged), the Fourth Circuit held that having DOJ’s own personnel review the seized files for privilege was an improper “delegation of judicial functions to the executive branch,” and it enjoined the filter team’s review . The implication was that a neutral third party (or the court itself) should handle privilege determinations, not the prosecution, even via a screened team . This 2019 Fourth Circuit opinion cast doubt on the filter-team practice, at least in the context of searches targeting attorneys or law offices.

Despite that dramatic pronouncement, other courts – and even the Fourth Circuit itself in later cases – have not categorically banned filter teams. Instead, the emerging consensus is a middle ground: filter teams are permissible, but the privilege holder (the defendant or law firm whose materials were seized) should often be given some role or additional protection in the process. For example, the Eleventh Circuit approved a modified filter protocol in a case where agents searched a business that included an in-house attorney’s office: the magistrate required that after the seizure, the privilege holder get a chance to review all seized items and submit a privilege log, and only then would the filter team (and ultimately the court) resolve any disputes before handing materials to prosecutors . The Eleventh Circuit in U.S. v. Korf found this procedure adequate and seemed to endorse the principle that giving the defendant a pre-review or the ability to contest privilege calls before the prosecution sees the material is an effective safeguard . Similarly, in a high-profile S.D.N.Y. case involving Rudy Giuliani (himself an attorney), the court allowed a DOJ filter team to review seized electronic data from email accounts, but for later physical device searches the U.S. Attorney’s Office voluntarily agreed (and the court ordered) that a special master be appointed to review items – largely to ensure “the perception of fairness” in such a sensitive scenario . In that ruling, the judge explicitly distinguished the Fourth Circuit’s Baltimore Law Firm case and disagreed with its suggestion that all filter teams are unconstitutional, finding that a properly siloed filter team can protect privilege effectively .

Moreover, even the DOJ filter team process is not infallible, and courts have intervened when mistakes occur. The Fifth Circuit, in an unpublished but illustrative decision, criticized the government’s filter team in a health care fraud investigation for failing to prevent privileged documents from being passed to the prosecution team . In that case (Harbor Healthcare Sys., L.P. v. U.S.), some privileged communications (between the target company and its lawyers) were inadvertently given to the investigative team by the filter team, which obviously undermined the very purpose of the filter. The Fifth Circuit ordered the government to return those materials and imposed remedies, pointedly noting that a filter team is pointless if it doesn’t fully shield privileged material – once the prosecution has seen the confidences, the bell can’t be unrung . The clear message is that courts expect strict adherence to privilege protocols: any breach can lead to suppression of that evidence or even disqualification of tainted government personnel. This is also why, from the government’s perspective, using a filter team and being careful is in their own interest – a misstep with attorney-client communications can jeopardize an entire prosecution if it violates the defendant’s Sixth Amendment right to counsel or attorney-client privilege in a way that prejudices the defense.

In our context – a client’s phone (not a law office) – the volume of privileged material is likely smaller, but the principle is the same. The prosecutor’s proposal is a standard DOJ practice to avoid accidentally reading privileged texts or emails between the client and his attorneys. Legally, there is nothing improper about the government using a filter team to do this initial screening. Courts have widely accepted that measure as a way to balance law enforcement’s investigative needs with the defendant’s privilege rights . Especially because the warrant has already been issued (meaning a judge found probable cause to search the phone), the remaining question is just how to conduct the search in a manner that respects legal privileges. The DOJ’s own guidance emphasizes tailoring the search as specifically as possible to avoid intrusion into privileged communications . It even advises that before searching a device likely to contain such materials, the prosecution team consult the DOJ’s filter protocols and consider whether the review should be done by a privilege team, a magistrate judge, or a special master . For a typical filter team scenario, DOJ policy instructs that the filter team must not disclose any privileged content to the investigators unless a court permits it (for instance, if the privilege is deemed waived or subject to the crime-fraud exception) . Filter attorneys should be available to advise agents if questions come up during execution, and often the search warrant affidavit will note that a filter team will handle any potentially privileged material, which magistrates view favorably . All these procedures are designed to ensure that your client’s confidential communications with legal counsel are not seen by those building the case against him.

It is worth noting that if for some reason the defense distrusted the filter team process in this case – for example, if the phone contains an extensive privileged archive – we could ask the court to intervene and perhaps appoint a neutral special master to conduct or supervise the privilege review. Courts have shown more openness to such requests after the publicity of recent cases . In fact, recent decisions indicate a “modified” filter process is ideal: one where the privilege holder gets to have input (like providing keywords, negotiating the protocol, or reviewing results) before anything flows to prosecutors . If prosecutors declined to accommodate reasonable privilege protections, a court might order those steps anyway. Here, however, the U.S. Attorney is proactively giving us the chance to flag known attorney communications. Providing those names is advisable to make the filter as effective as possible. It does not waive any privilege; on the contrary, it helps enforce the privilege by enabling the government to identify which communications not to read. Under professional responsibility rules, the prosecution team should cease reviewing any content recognized as attorney-client communications, and by segregating such content through a taint team, they fulfill that duty.

In sum, the use of a filter team is a legally sanctioned procedure to accommodate the attorney-client privilege during execution of a broad search warrant. The approach is supported by DOJ policy and has been upheld in federal cases, with the caveat that courts expect robust implementation to truly protect the privilege . The Fourth Circuit’s aggressive view against filter teams remains a minority position and was context-specific (a law office search). In most scenarios like ours, as long as the filter team is totally walled off and follows the agreed protocol, courts consider that an appropriate solution . We should, of course, monitor the process: we can request that the government provide an inventory or log of what was set aside as privileged and even seek court review of any close calls. DOJ guidance actually encourages giving copies of seized data to the affected attorney (here, that could be us or the client’s prior counsel) so we can assert privilege where applicable . This collaborative filtering is in everyone’s interest to avoid later litigation over privileged materials. If done properly, a filter team comports with the law – it is effectively an extension of the court’s in camera review powers, executed by a discrete DOJ team under strict instructions.

Conclusion

In a federal criminal case, the contents of a cell phone are protected by rigorous Fourth Amendment standards. Law enforcement must have a warrant supported by probable cause to believe the phone contains evidence of specific criminal conduct – a requirement underscored by the Supreme Court in Riley. Even with a warrant, the search of the phone is limited by principles of particularity and reasonableness. Agents can’t just roam at will through the device; they are constrained to search for the items and information tied to the suspected offenses, and they are expected to utilize sensible measures (like date filters or keyword searches) to avoid dredging up irrelevant private data. Overly broad warrants risk being invalidated or excised by courts, and any evidence seized outside the warrant’s scope can be suppressed. The two-step process of imaging a phone and later analyzing the data is common and lawful, but it comes with responsibility: the government must not exploit that process to conduct “general searches,” and courts stand ready to enforce that by requiring return or destruction of non-responsive data and by applying the exclusionary rule to evidence obtained through flagrant overreach.

Crucially, when a search implicates the attorney-client privilege – as is the case with your client’s phone – there are established safeguards to protect that privilege. The use of a taint/filter team, as offered by the prosecutor here, is a recognized method of shielding privileged communications from the eyes of investigators. Federal courts (and the Justice Department’s own policies) approve of filter teams provided that they operate with integrity and independence from the prosecution team. While a few courts have pressed for even greater neutrality (such as court-appointed special masters) in reviewing potential privilege materials, the norm in federal practice is that an internal filter team can conduct the initial screening, so long as no privileged information leaks to those actually handling the prosecution. The prosecutor’s invitation for us to supply attorney names aligns with these protections – it will help the filter team flag communications that must be withheld from investigators. We should take advantage of that opportunity. It does not undermine any legal position; rather, it reinforces the privileged nature of those communications by ensuring they are recognized and segregated.

Overall, the law strives to balance effective law enforcement access to evidence with privacy and privilege rights. Supreme Court and Circuit precedent make clear that digital devices like cell phones call for careful handling under the Fourth Amendment. Broad warrants are not a blank check: they must be justified by probable cause and executed with constraint. Similarly, the attorney-client privilege remains a vital right – one that does not disappear merely because a phone is seized. Filter teams and related protocols are tools to maintain that right without unduly impeding legitimate investigations. In our case, we can insist that the government adhere to these legal boundaries and best practices. By doing so – and by being proactive in the filter process – we protect the client’s confidences while allowing the government to fulfill the warrant’s narrow mandate. All the above jurisprudence and policy will guide the court’s oversight of this phone search, and we will be prepared to invoke these principles if there is any deviation. The bottom line is that any search of the phone must remain focused and lawful, and any privileged communications must remain off-limits to the prosecution, with the law providing remedies if those standards are not met .

Sources: Riley v. California, 573 U.S. 373 (2014) ; D.C. Circuit in United States v. Griffith, 867 F.3d 1265 (D.C. Cir. 2017) ; Fifth Circuit panel in United States v. Morton, 998 F.3d 993 (5th Cir. 2021) (vacated en banc on other grounds) ; Seventh Circuit in United States v. Bishop, 910 F.3d 335 (7th Cir. 2018) ; Sixth Circuit in United States v. Castro, 881 F.3d 961 (6th Cir. 2018) and United States v. Carter, 854 F.3d 210 (6th Cir. 2017) ; Justice Manual § 9-13.420 ( DOJ guidance on searches of attorney files/devices) ; In re Search Warrant Issued June 13, 2019 (Baltimore Law Firm), 942 F.3d 159 (4th Cir. 2019) ; United States v. Korf, 11 F.4th 1219 (11th Cir. 2021) ; Harbor Healthcare Sys., L.P. v. United States, 5 F.4th 593 (5th Cir. 2021) ; Justice Manual § 9-13.420 (privilege filter protocols) ; and related authorities as cited above.