United States v. Ackerman, 2014 WL 2968164 (July 2014)

* This is a District Court Judge’s opinion and has not yet withstood appellate review, but is relevant to show a split in the courts regarding whether an ISP and NCMEC are  “Government Actors” triggering 4th Amendment scrutiny.*

AOL and its Image Detection Filtering Process (IDFP).  IDFP is an automated program that scans images sent, saved, or forwarded from an AOL email account.  AOL has a database of more than 100,000 hash values of pictures meeting the definition of child sexual abuse images.  If the IDFP hits on a hash value within the database, the email is captured, AOL terminates the users email account (pursuant to its terms of service).  Next, AOL generates a report and an email to send to NCMEC’s CyberTipline (pursuant to statutory requirement).  The report includes the captured email, the attached file, the user’s account information, and the IP address of the user at the time of the email.

NCMEC’s CyberTipline.  CyberTipline was launched in 1998 as a way for online users, members of the public, and internet service providers a way to report suspected child sexual exploitation.  The reports can be made online or via the hotline number.  By statute, NCMEC must forward any report to the appropriate local law enforcement agency.  Once a report is made, an analysis opens the file to determine if the photo meets the definition of child sexual abuse images.  The IP address and the email address provided in the report is then run through publicly available online tools to determine the geographic location of the user.  Law Enforcement uses NCMEC’s secure VPN to access the report and the images.

Facts: On April 22, 2013 AOL’s IDFP detected a match on a hash value associated with  a child sexual abuse image sent from Defendant’s email account.  The aforementioned process was triggered, and the Defendant’s location was Kansas.    The Kansas ICACTF solicited the help of DHS.  The DHS Agent reviewed the image and began his investigation.  A subpoena for the IP Address was issued on April 22, 2013.  Results revealed Defendant’s wife’s information, and that Defendant was an authorized contact on the account.  On May 22, a preservation letter to AOL was issued for Defendant’s user account.  A search warrant was also issued for Defendant’s home that same week.  Incriminating evidence was found during the search. In a non-custodial interview, two LEOs informed Defendant about the search just executed at his house.  Defendant told the LEOs he knew the search warrant must have been about “child pornography.”  Defendant was indicted for distribution of child sexual abuse images.

Procedural Posture: Defendant moved to suppress the email and its attachment arguing that it was obtained through an illegal search and seizure.

Issue:  Whether NCMEC and AOL are agents of the Government for 4th Amendment purposes.  Even if NCMEC is deemed to be a state actor, did it expand AOL’s search in a constitutionally significant way? Law: “ A search by a private person becomes a government search if the government coerces, dominates, or directs the actions of a private person conducting the search.” United States v. Souza, 223 F.3d 1197, 1201 (10th Cir. 2000) (quotation marks and citation omitted). To determine whether a search by a private person becomes a government search, there is a two-part inquiry: “1) whether the government knew of and acquiesced in the intrusive conduct, and 2) whether the party performing the search intended to assist law enforcement efforts or to further his own ends.” Id. (citing Pleasant v. Lovell, 876 F.2d 787, 796 (10th Cir. 1989)).

Analysis:  AOL: The first part of the test requires knowledge and acquiescence by a government official.  Defendant argued that Congress pressured ISPs to gather information regarding child sexual abuse images to assist law enforcement through its passage of 18 U.S.C. 2258A(a).   Thus, Defendant argues, a government official had knowledge and acquiesced to AOL’s search. Although Congress enacted 18 U.S.C. § 2258A(a) to require internet service providers to report discovered child pornography, 18 U.S.C. § 2258A(f) specifically states that an internet service provider is not required to monitor its users or affirmatively seek child pornography transmitted by its users. Compliance with a reporting statute is quite different than a government agent directing one’s actions. Furthermore, there is no evidence to suggest that the government and law enforcement knew of or acquiesced in AOL’s conduct with regard to the search of this Defendant’s email in this case in any way. Here, AOL, through its IDFP, simply compared the hash value of a transmitted file to its database of hash values previously associated with child pornography with no government involvement. Thus, Defendant has no evidence with regard to the first prong of the Tenth Circuit’s test that the government knew of or acquiesced in AOL’s conduct.  The second part of the test is easily answered by AOL’s employee testifying that AOL’s IDFP is designed to protect its own business interests, not to assist law enforcement.

NCMEC:  Defendant relies heavily on US v. Keith 980 F. Supp. 2d 33, –, 2013 WL 5918524, at *5 (D. Mass. 2013)..  The Keith court  analyzed the issue as follows: “As to the first factor, the District of Massachusetts found that because Congress authorizes and funds the CyberTipline that the government instigated the search.Regarding the second factor, the court determined that 18 U.S.C. § 2258A(c)(1)-(2) requires NCMEC to report discovered child pornography to law enforcement, and thus the government “controlled” NCMEC’s search. Finally, as to the third factor, the court found that NCMEC’s CyberTipline served no private purpose for NCMEC, separate from assisting law enforcement. Thus, the court concluded that “NCMEC’s examination of the contents of that emailed image file violated the Fourth Amendment because it was not authorized by a duly issued warrant (or by some constitutionally adequate substitute).” This court finds the Keith court’s reasoning as to whether NCMEC’s conduct constitutes government action inapplicable here. Not only does the Court disagree with several of the Keith court’s factual conclusions, but the Keith decision employed a three-part test required by the First Circuit. This Court must employ the Tenth Circuit’s two-part test. Although the elements are similar, it appears that the Tenth Circuit requires more specific government involvement in the knowledge or the participation of the search.  Going through a number of previously decided cases on this issue, the court finds a trend that a Government agent was present at the time of the “private” search.  The court finds that there was no law enforcement agent present at the time of the NCMEC search, that NCMEC has no law enforcement agent employees, law enforcement is not party to any report, and cannot even access the report until it is completed by NCMEC. There is accordingly no evidence that a government agent affirmatively encouraged, initiated, or instigated NCMEC’s review of AOL’s report. With regard to the second part of the test, the evidence demonstrates that NCMEC is a private, non-profit corporation with the mission of reuniting families with missing children, reducing child sexual exploitation, and preventing child victimization. NCMEC operates its CyberTipline to provide the public a way to report suspected child sexual exploitation. Although NCMEC’s CyberTipline also benefits law enforcement, the Court must determine whether the private party had a “legitimate, independent motivation” in performing the search. And the Court answers this question in the affirmative. Mr. Shehan testified that the CyberTipline was created to provide a central location to report information regarding child sexual exploitation. Regarding the second issue about whether NCMEC (if a Gov. Actor) exceeded AOL’s scope of search.  The court found that NCMEC was not, but assuming arguendo it were, the court did a good analysis of two SCOTUS cases.  In Walter v. United States 447 U.S. 649 (1980) a package containing 8-millimeter film was mistakenly delivered to a private company.34The employees of the private company opened the package and found boxes of film which had labeling on its side, suggesting obscene material on the film. The other relevant case is United States v. Jacobsen 466 U.S. 109 (1984). In that case, a private party (FedEx) opened a box that had been damaged during transport and discovered what appeared to be illegal drugs. The private party then put the contents of the box back inside and contacted the DEA. The DEA then opened the box and removed the illegal drugs. This court found the facts closer to Jacobsen than Walter. “The key issue is determining the degree to which NCMEC’s actions exceeded the scope of AOL’s search. In this case, a hash value is significantly different than a label on a file. A label does not tell you anything about the file—except for what the file may contain. In contrast, a hash value is much more specific. A hash value that matches AOL’s database conveys that the image is that of child pornography.

Holding: “The Court concludes that AOL’s search was not a government search. In addition, NCMEC’s search was not a government search. And, alternatively, even if NCMEC’s search could be considered a government search, NCMEC’s search did not exceed the scope of AOL’s search in such a way that would be constitutionally significant.”

Practitioner Notes:  This case was decided very differently than U.S. v. Keith, and this court specifically addresses the errors they see in the Keith analysis.  The testimony of the AOL and NCMEC agents were instrumental to the analysis here; reminding us that prepping critical witnesses can make or break a case.

This entry was posted in Defenses, Expert Testimony, Fourth Amendment, Suppression. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s