985 N.W.2d 123
Wis. Ct. App.2022Background
- Detective Sgt. Steven Bowers created a password‑protected, paid Dropbox account using his Taylor County e‑mail address and used it to share files with producers of the TV show Cold Justice. He also provided a paper homicide file to the producers.
- County officials learned Bowers had shared two additional homicide case files without permission; Bowers admitted via e‑mail that he had done so.
- Taylor County IT director Melissa Lind reset Bowers’ Dropbox password by using a password‑reset link sent to his county e‑mail (to which IT had access), then accessed and searched the Dropbox account in the presence of county officials.
- Bowers was charged with misconduct in public office and moved to suppress the Dropbox evidence as the product of a warrantless Fourth Amendment search; the circuit court initially denied suppression but on reconsideration granted suppression, finding the Dropbox account was personal and Bowers had a reasonable expectation of privacy and that exigent circumstances did not justify a warrantless search.
- The State appealed, arguing (1) no reasonable expectation of privacy in the Dropbox account (pointing to use of county e‑mail and third‑party doctrine) and (2) alternately that probable cause and exigent circumstances justified the warrantless access.
- The Court of Appeals affirmed: it held Bowers had an objectively reasonable expectation of privacy in his password‑protected Dropbox account and, although probable cause existed, no exigent circumstances justified the warrantless search.
Issues
| Issue | Plaintiff's Argument (State) | Defendant's Argument (Bowers) | Held |
|---|---|---|---|
| Whether accessing Bowers’ Dropbox was a Fourth Amendment search because he had no reasonable expectation of privacy in the account | No — account tied to county e‑mail; IT policy and third‑party access remove any objective expectation of privacy | Yes — account was privately paid, password‑protected, stored off‑site, not on county property, and Bowers did not share his password | Held: Bowers had a subjective and objectively reasonable expectation of privacy; the third‑party doctrine did not defeat it; accessing the account was a Fourth Amendment search |
| Whether the warrantless access was justified by probable cause and exigent circumstances | Yes — probable cause existed and the State needed to act quickly to determine what had been shared and to prevent further dissemination | No — although probable cause existed, there was time to obtain a warrant; Dropbox retains deleted files for 30 days, so there was no imminent risk of destruction | Held: Probable cause existed, but exigent circumstances did not; warrantless access was not justified |
Key Cases Cited
- Carpenter v. United States, 138 S. Ct. 2206 (2018) (refused to extend Smith/Miller to exhaustive, revealing digital records; third‑party doctrine has limits)
- Riley v. California, 573 U.S. 373 (2014) (cell phone searches require warrants in most cases; recognized cloud‑stored data distinction)
- United States v. Miller, 425 U.S. 435 (1976) (third‑party doctrine for business records voluntarily conveyed to banks)
- Smith v. Maryland, 442 U.S. 735 (1979) (third‑party doctrine applied to dialed‑number metadata)
- State v. Dumstrey, 366 Wis. 2d 64 (2016) (Wisconsin factors for objective reasonableness of privacy expectations)
- United States v. Warshak, 631 F.3d 266 (6th Cir. 2010) (recognizing expectation of privacy in e‑mail contents despite third‑party intermediary)
- United States v. Chadwick, 433 U.S. 1 (1977) (privacy in locked containers analogous to password‑protected digital containers)
- Bowers v. County of Taylor, 598 F. Supp. 3d 719 (W.D. Wis. 2022) (district court found a reasonable expectation of privacy in the Dropbox account; persuasive on cloud‑privacy issues)
