Search Upheld

Corned beef hash value
State v. Lizotte, 2018 VT 92

By Elizabeth Kruska

This is interesting. Well, to law-nerds like me who like Fourth Amendment issues it’s interesting. If that’s not you, you may not find it interesting. And now the fourth sentence of this paragraph contains the word interesting.

Very, very briefly, the defendant in this case, Mr. Lizotte, was charged with and ultimately convicted of offenses relative to child pornography. I don’t usually take a stand in my summaries, but I think we can all agree child pornography is a bad thing.
  The issue here is how he got caught. I’m going to issue a spoiler alert: SCOV says legally-speaking, the search that led to Mr. Lizotte’s arrest was A-OK, and affirms the trial court.

Let’s take a step back. Mr. Lizotte had an AOL address. Seriously. AOL is, as likely everyone knows, an internet service provider, or ISP. AOL is sort of like a postal or delivery service. It generally doesn’t get involved in what people are sending back and forth through the interwebs: it just provides the ability to do so. Well, mostly.

AOL has the ability to scan emails, attachments, and other things sent by users to ensure that child pornography isn’t being sent. AOL doesn’t have to actually open the files to see what they are, though. Every photo has a unique hash value, like a digital fingerprint. If I take a picture of my cat and send it to my friend, that picture has a hash value. If she takes a picture of her dog and sends that to me, it’s got a different hash value. Supposing we both use AOL (but we don’t because it’s 2019), AOL automatically scans the hash values using Image Detection Filtering Process, “sees” that these aren’t illegal photos, and does nothing. It rolls its digital eyes at yet another cat photo.
Child pornography, on the other hand, is highly illegal. Just like the cat and dog photos, each separate child pornography file also has hash values. And because it is SO BAD to have it, and because files circulate very easily online, internet service providers and law enforcement retain a cache of known hash values. It’s entirely possible that people will circulate the same photo or video over and over, and using the hash values, it’s possible to know where it was and where it went. If such a file travels via AOL, AOL’s alert system will pick up on that and make an alert.
OK, so then what? AOL isn’t law enforcement. But AOL definitely has an interest in making sure it’s not doing anything illegal or helping others do anything illegal. And also, AOL has an interest in making money. It’s a big hit to the bottom line in a lot of ways if a company is permitting unlawful activity. There’s no law that says AOL has to scan email attachments, but it chooses to do so as a part of its business. If AOL finds suspected child pornography, by law it must report it to law enforcement.
AOL (and other service providers) will make a tip based on an alert to the National Center for Missing and Exploited Children (NCMEC). NCMEC is a nonprofit, non-governmental organization, although it gets a lot of funding from the government, and there are a lot of federal laws that regulate some of their programs.

One program the center runs is the CyberTipline. The CyberTipline is the method by which internet service providers report suspected child pornography. The suspected files are sent via the service provider to NCMEC through a secure, dedicated line. Once NCMEC receives the report it gets locked and isn’t able to be altered or amended. From there, NCMEC staff uses whatever publicly-available tools it can to figure out as much as possible about where the image came from and where it was going. The staff member then sends all this information to law enforcement. Law enforcement can then use this information to engage in investigation.

In this particular case, the allegation was that Mr. Lizotte sent or received (or both) certain child pornography files. AOL’s scanning software did its thing and alerted. AOL wisely said, “we’re not touching this – here you go, NCMEC, this is for you,” and sent the alert files and related information to NCMEC. NCMEC opened the files and determined that they were what they were suspected to be, did some investigation, and were able to figure out that this particular alert was associated with a registered user in or around Rutland, Vermont.

The information then went to Vermont law enforcement. A Vermont detective opened the information, and based on what he learned, applied for a search warrant, which was granted. Based on the fruits of that warrant, Mr. Lizotte was charged with several charges. He filed a motion to suppress the warrant, saying he had a reasonable expectation of privacy in his emails and the attachments related to them.

The trial court denied his motion, finding that neither AOL nor NCMEC acted as law enforcement agents. Mr. Lizotte pled guilty and appealed the denial of the motion to suppress. SCOV affirmed the trial court. Mr. Lizotte also raised an issue about the sufficiency of his plea colloquy, which I will just say right here is a) not the big issue in the case and b) SCOV didn’t reverse on that.

To the search!
First, Mr. Lizotte said he had a reasonable expectation of privacy in his emails. Yeah, that’s probably true. Mr. Lizotte signed/clicked on/agreed to a terms of service agreement with AOL. SCOV jumps over this like a game of hopscotch and says the terms of service agreement issue isn’t even a thing here because AOL wasn’t acting as a government agent.

Up next SCOV considers the issue of whether AOL or NCMEC acted as a government agent. So, it happens sometimes that a private entity does a search. That doesn’t necessarily implicate the government. Think about it like this: Lucinda works at XYZ Corporation and has a work email address. XYZ Corporation may be monitoring her work emails. This doesn’t make it a search within the bounds of the Fourth Amendment. But if the FBI goes to the XYZ CEO and says, “do us a solid and search Lucinda’s email and turn over evidence she’s committing crimes, and if you don’t we’ll shut you down” starts to look more like XYZ acting on behalf of the government without a warrant. Suppose instead the CEO of XYZ Corporation somehow oversaw that Lucinda had child pornography on her computer, and on his own called law enforcement. That’s not going to turn him in to a government agent. It just makes him a citizen reporting a crime.

The key is knowing the government’s role in the private person’s action, and the person’s motivation for doing the search.

Through that lens, SCOV looks at both AOL’s actions, and NCMEC’s actions. They find that AOL didn’t act as a government agent. The government has nothing to do with the company’s day to day operations. They decided on their own to use a scanning tool because they made the business decision that they didn’t want their customers trafficking child pornography through their business. If they find it, they have to report it, which is what they did. This is not enough to say they’re a government agent.
NCMEC is a different story. NCMEC, by law, acts as a clearinghouse for child pornography tips from internet service providers. If AOL or Yahoo! or MSN or any of the others find child pornography on their tubes, NCMEC is who they have to tell. NCMEC gets bucketloads of funding from the government. They have a special secure network for receiving tips and forwarding those tips to law enforcement. They’re not required to open the images they get, but they’re also not prohibited from doing so. Quick aside: I don’t want that job. NCMEC says their motivation is to protect kids, not to act as an arm of law enforcement. That might be true, but they’ve also got a pretty sophisticated method of collecting information and sending it to the government. So, SCOV finds that NCMEC acts as an agent here.

But. That’s not really the end of things. Mr. Lizotte challenged the fact that NCMEC opened the attachments. Any time the government – or here an agent of the government – takes an affirmative step to do something to further its knowledge, and that doing something is more than freely just happens in nature, it becomes a search. Opening an email. Opening a letter. Moving a curtain to see a little better inside. These are all actions and they’re all searches. Let’s use our example from above. Let’s suppose the FBI and CEO at XYZ are looking passively at Lucinda’s computer monitor and it’s clearly displaying illegal content. Probably not a search. Suppose there’s an obvious email attachment but unless someone clicks on it they can’t see what it is. The FBI agent nudges the CEO and says, “open it” so he does. BAM! Search.

There’s more. The thing is that AOL knew what the email attachments were because of the unique hash values. Their child porn siren went off and said “alert! Alert! Known hash value! There’s child porn!” Or maybe it didn’t say it that way exactly, but because of what it was they already knew what they had. They forwarded it to NCMEC and gave them that information. When NCMEC opened the video attachment, they didn’t learn anything they didn’t already know. It’s like when you buy a can of peas at the grocery store. It’s got a picture of peas on the outside and you buy it knowing it’s peas. You don’t need to open it yet to know it’s peas.

The problem, as far as Mr. Lizotte was concerned, was the fact that NCMEC staff actually opened and read the text of the email that went along with the alerting attachments. And the problem with that was that the substance of the email suggested that Mr. Lizotte knew what he was sending and receiving.

AOL didn’t read the email – it just scanned the attachments. By opening the email and learning additional information from the email itself, NCMEC expanded the search. The better move would have been to take the identifying information it had and forward the whole kit and caboodle to law enforcement to let them get the warrant.

SCOV said that even with the expanded search in this case, that the warrant was fine. There was enough other information to establish probable cause that evidence of child pornography would be found at the location associated with the registered owner of the AOL account. A warrant can still be valid if it’s based in part on unlawfully-gotten information. If that information could be excised from the affidavit and there was still enough for probable cause, then the warrant is fine. SCOV says that there was enough information other than what was contained in the body of the email itself, so the warrant was valid.

So, with all that, SCOV affirms.

Comments