Knetzger and Muraski note that under Section 2703 of the ECPA, investigators have five enforcement mechanisms against an ISP to disclose information that may be useful in investigating a hacker’s activities. A well-written subpoena or search warrant allows the investigator of a high-tech crime to gather evidence effectively.
A search warrant is preferable to a subpoena for documents. There are not enough subpoenas to receive the unopened letters listed in paragraph two. Moreover, Knetzger and Muraski note that under paragraph five, the ECPA does not require notification of the subscriber when using a search warrant. The subpoena directs the business to turn over the records to law enforcement rather than letting investigators go and conduct a search and/or seizure.
Another factor that goes into the use of subpoenas and search warrants is the element of secrecy. When using a subpoena, the ISP may have the policy to notify the client that the client’s records have been released to law enforcement. This could cause problems in the current case, warning the suspect that law enforcement is on the trail.
Moreover, the suspect can remove the necessary information, which can become substantial evidence. In turn, the person receiving the search warrant cannot legally notify the suspect about the search. While both procedures may require nondisclosure or deferral of disclosure to the defendant, a search warrant is more powerful.