U.S. v. Kendall
U.S. v. Kendall
2019 WL 7593893 (E.D. Ky. 2019)
August 30, 2019

Atkins, Edward B.,  United States Magistrate Judge

Privacy
Search and Seizure
Criminal
General Objections
Download PDF
To Cite List
Summary
Chatstep, a private actor, used hashing technology to search and identify an image file as containing an image of apparent child pornography. The National Center for Missing and Exploited Children (NCMEC) then queried the IP address and forwarded the tip to Kentucky law enforcement authorities. The Kentucky State Police (KSP) opened and viewed the image, which fell within the private search doctrine and did not violate the Fourth Amendment. The court recommended that Kendall's motion to suppress be denied.
UNITED STATES OF AMERICA, PLAINTIFF,
v.
GARY KENDALL, DEFENDANT
CRIMINAL ACTION NO. 0:18-CR-19-DLB
United States District Court, E.D. Kentucky
Filed August 30, 2019
Atkins, Edward B., United States Magistrate Judge

RECOMMENDED DISPOSITION

*1 Gary Kendall seeks to suppress all evidence in this case as the product of a warrantless search by the government, in violation of the Fourth Amendment. [R. 50]. The salient facts are that Chatstep, a website that allows users to create or enter online chatrooms and share images, reported to the National Center for Missing and Exploited Children [NCMEC] that a suspected image of child pornography had been uploaded by a user of its internet chat service. The information submitted from Chatstep through the Microsoft PhotoDNA Cloud Service indicated that the file was child pornography, contained the date and time the file was uploaded, the screen or username of the person being reported, and an IP address. NCMEC queried the IP address provided by the Cyber Tip and, after locating the IP address in Greenup, Kentucky, forwarded the tip to Kentucky law enforcement authorities. On March 2, 2017, Kentucky State Police [KSP] received the NCMEC Cyber Tipline Report and viewed the one file that was uploaded with the Cyber Tip. The KSP detective found that the file contained an image of what appeared to be a child pornography. The detective independently researched the IP address, and subpoenaed the provider for subscriber information associated with the IP address during the time that the image had been uploaded. The subscriber came back to Gary Kendall's residence in Raceland, Kentucky. Execution of a search warrant for Kendall's residence led to the discovery of multiple electronic devices containing images of child pornography.
 
Kendall moves to suppress all evidence in this case charging that NCMEC is a governmental entity, as federal statutes mandate its collaboration with federal, as well as state law enforcement authorities. Kendall therefore charges that a search warrant was required to authorize NCMEC's role in this investigation. However, for reasons explained below, Kendall's argument is misplaced as NCMEC's conduct in this investigation did not constitute a search.
 
The Fourth Amendment provides in relevant part that “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.” U.S. Const. amend. IV. Fourth Amendment protections attach when a “search” occurs.
 
A “search” occurs when the government infringes on an expectation of privacy that society is prepared to consider reasonable, see United States v. Jacobsen, 466 U.S. 109, 115 (1984), or where the government physically intrudes on a constitutionally protected area for the purpose of obtaining information, see United States v. Jones, 565 U.S. 400, 407-08 (2012). Fourth Amendment protections do not apply to a private search. Jacobsen, 466 U.S. at 113. Nor do they apply if the government merely replicates a prior private search. Id. at 115.
 
Kendall seeks suppression of all evidence in the case on the premise that the single file reported by Chatstep to NCMEC, and forwarded to KSP was the product of a warrantless search by the government. Kendall stands on the case of United States v. Ackerman, 831 F.3d 1292 (2016), in which the Eighth Circuit Court of Appeals found that NCMEC was not acting as a private actor, but as a government entity, when it viewed images of alleged child pornography that had been reported to it by an internet service provider. Id. at 1305-06. The Court reasoned that the two primary authorizing statues, 18 US.C.§ 2258A and 42 U.S.C. § 5773(b), mandate NCMEC's collaboration with law enforcement authorities and the exercise of duties and powers enjoyed by NCMEC well beyond those enjoyed by private citizens. Id. at 1296. That Court goes on to explain that NCMEC's statutory duties are to: (1) maintain an electronic tipline for ISPs to report possible internet child exploitation violations to the government; (2) ISPs must report any known child pornography violations to NCMEC; (3) when NCMEC has confirmed that it has received a report that ISP must treat that confirmation as a request to preserve evidence issued by the government itself and (4) NCMEC is statutorily authorized to received contraband knowingly and review its contents...action that would normally subject private persons to criminal prosecution. Id. As a result, based on the reasoning in Ackerman, Kendall contends that the evidence in his case should be suppressed. However, facts essential to that position do not exist in the instant case. For example, in Ackerman, NCMEC actually opened and viewed reported images of child pornography, and thus conducted a search of the reported images. In the present case, NCMEC did not open or view the reported image of child pornography, but merely merely queried the IP address provided by the Cyber Tip and determined that the IP address was located in Greenup, Kentucky, before forwarding the tip to the appropriate Kentucky law enforcement authorities. Rather, the case is analogous to United States v. Reddick, 900 F.3d 636, 638 (5th Cir. 2018), where the defendant uploaded digital images onto Microsoft SkyDrive, a cloud hosting service. In Reddick, Microsoft sent the Cyber Tip, which included the uploader's IP address information, to NCMEC based on the hash values of the files the defendant had uploaded to SkyDrive. Id. NCMEC then forwarded the Cyber Tip to law enforcement based on the IP address information. Chatstep, like Microsoft in Reddick, is a private entity rather than a government actor, and was not acting as a government agent when it detected and reported to NCMEC that Kendall had uploaded an image. It is well-settled that the Fourth Amendment does not apply to a private search or government replication of a prior private search. United States v. Jacobsen, 466 U.S. 109, 113 and 115 (1984). The private search doctrine permits a government agent to verify the illegality of evidence discovered during a private search provided the agent stays within the scope of the private search. United States v. Lictenberger, 786 F.3d 478, 481-83 (6th Cir. 2015). Therefore, where the court found no basis for suppression based upon the acts of Microsoft, a private actor, there is now no basis to suppress the evidence in this case upon any act taken by Chatstep in reporting Kendall's activity.
 
*2 Although not clearly stated in his motion to suppress, the Court also construes Kendall's motion as challenging the KSP detective's act of opening and viewing the single image it received from NCMEC, without a warrant. However, this is without merit because the officer's act of viewing the image did not exceed the scope of the search conducted by Chatstep, a private actor.
 
The private search doctrine permits a government agent to verify the illegality of evidence discovered during a private search provided the agent stays within the scope of the private search. United States v. Lichtenberger, 786 F.3d 478, 481-83 (6th Cir. 2015) (citing Jacobsen, 466 U.S. at 119-20). A government agent's invasion of a defendant's privacy “must be tested by the degree to which [the agent] exceeded the scope of the private search.” Jacobsen, 466 U.S. at 115 (citing Walter, 447 U.S. 649); Lichtenberger, 786 F.3d at 482. The Supreme Court has explained that “[o]nce frustration of the original expectation of privacy occurs, the Fourth Amendment does not prohibit governmental use of the now-nonprivate information.” Jacobsen, 466 U.S. at 117. The private search doctrine originates from the Supreme Court's decision in Jacobsen, 466 U.S. at 109. In Jacobsen, Federal Express (“FedEx”) employees discovered a damaged package and proceeded to examine its contents, which was consistent with company policy involving insurance claims. Jacobsen, 466 U.S. at 111. The container itself was made of cardboard packaging, but inside of it were crumpled newspapers concealing a 10-inch tube made of silver duct tape. Id. The employees proceeded to cut open the tube and discovered four zip-lock bags filled with an unidentified white powder. Id. FedEx notified the Drug Enforcement Agency (“DEA”) of their discovery and placed the tube and its contents back in the cardboard container. Id. Upon arrival, a DEA agent discovered the partially opened container, and observed a slit in the duct tape tube. He then removed the zip-lock bags, took a sample from each, and field-tested it. The test positively identified the substance as cocaine. Id. at 112. The Supreme Court analyzed whether the DEA agent's after-occurring warrantless search had exceeded the scope of the FedEx employees' initial private search of the package. The Court found that the agent's removal of the cocaine from the package remained within the scope of the private search because “there was a virtual certainty that nothing else of significance was in the package and that a manual inspection of the tube and its contents would not tell him anything more than he already had been told.” Id. at 119. As for the chemical test, the Court held that the field test “could disclose only one fact previously unknown to the agent–whether or not a suspicious white powder was cocaine.” Id. at 122. The Court concluded that no search occurred because the defendant did not have a legitimate expectation of privacy in whether the powder was contraband, and the test could not disclose any other arguable private fact. Id. at 123-24.
 
To the extent that Kendall asserts that KSP exceeded the scope of Chatstep's search by opening the file, the Sixth Circuit has explained that “[u]nder the private search doctrine, the critical measures of whether a governmental search exceeds the scope of the private search that preceded it are how much information the government stands to gain when it re-examines the evidence and, relatedly, how certain it is regarding what it will find.” Lichtenberger, 786 F.3d at 485-86 (citing Jacobsen, 466 U.S. at 119-20). Thus, to determine whether the Fourth Amendment is implicated by KSP's opening and viewing of the attachment sent via the CyberTipline report, the Court must determine whether KSP was virtually certain that its “inspection of the [attachment] ... would not tell [him] anything more than he already had been told [by Chatstep via the CyberTipline report].” Lichtenberger, 786 F.3d at 488 (citing Jacobsen, 466 U.S. at 119).
 
*3 Again, contrary to Ackerman, there is no evidence or allegation that Chatstep sent anything to NCMEC other than one file of an image having a hash value match to a single image Chatstep's employees had previously identified as being apparent child pornography. Thus, the reasoning of the Ackerman court in finding the search exceeded the scope of AOL's private search is not applicable. Instead, the issue is whether KSP's act of opening and viewing of the attachment that Chatstep's private search detected as matching the hash value of an image previously identified as apparent child pornography risked exposing any private information beyond what Chatstep had reported.
 
Importantly, Kendall does not question the reliability of hashing technology, and it appears well established that it is, in fact, reliable. Ackerman contains language, albeit in dicta, indicating the reliability of hash value matching, stating it is “unlikely if not impossible” that a hash value match could have proven a mistake. Ackerman, 831 F.3d at 1306 (citing Salgado, Fourth Amendment Search and the Power of the Hash, 119 Harv. L. Rev. F. 38, 45-46 (2005)). In Ackerman, the court explained hash values as “a short string of characters generated from a much larger string of data (say, an electronic image) using an algorithm–and calculated in a way that makes it highly unlikely another set of data will produce the same value. Some consider a hash value as a sort of digital fingerprint.” Id. at 1294.
 
In addition, other courts, including our own, have found hash values to be highly reliable–akin to the reliability of DNA. See United States v. Dunning, No. 7:15-04-DCR, 2015 WL 5999818, at *3 (E.D. Ky. Oct. 15, 2015) (noting in a probable cause analysis that “as Magistrate Judge Atkins observed, hash values ‘boast a reliability and accuracy akin to DNA: 99.99%.’ ”) (citing United States v. Wellman, 663 F.3d 224, 226 n.2 (4th Cir. 2011) (also citing the 99.99% probability statistic); see also United States v. Cartier, 543 F.3d 442, 446 (8th Cir. 2008)). The Federal Judicial Center, in a guide for federal judges, has defined “hash value” as follows:
hash value: A unique numerical identifier that can be assigned to a file, a group of files, or a portion of a file, based on a standard mathematical algorithm applied to the characteristics of the data set. The most commonly used algorithms, known as MD5 and SHA, will generate numerical values so distinctive that the chance that any two data sets will have the same hash value, no matter how similar they appear, is less than one in one billion. “Hashing” is used to guarantee the authenticity of an original data set and can be used as a digital equivalent of the Bates stamp used in paper document production.
Barbara J. Rothstein et al., Managing Discovery of Electronic Information: A Pocket Guide for Judges 24 (Federal Judicial Center 2007).
 
Thus, instead of merely describing what may be in the attachment, Chatstep's search of the attachment using hashing technology revealed it contained an image that duplicated an image a Chatstep employee had previously identified as apparent child pornography. Accordingly, when KSP opened and viewed the image Chatstep identified as matching the hash value of an image it previously identified as apparent child pornography, KSP was virtually certain to view an exact duplicate of the original image and was merely confirming what Chatstep had reported - that the attachment contained apparent child pornography. Defendant Kendall does not dispute that only the image Chatstep's private search identified as matching previously tagged images of apparent child pornography was attached to the CyberTipline report. Thus, there was little to no possibility that KSP's review of the image file would reveal other information beyond what the private search revealed–the image file contained an image of apparent child pornography.
 
*4 As discussed above, KSP's opening and viewing of the image Chatstep's private search identified as having a hash value matching that of a known image of apparent child pornography was virtually certain to reveal only the image Chatstep previously viewed and tagged. As in Jacobsen, there was a virtual certainty that nothing else of significance except suspected contraband, i.e. apparent child pornography, would be found in the attachments, and a manual inspection of the attachments would reveal nothing more than what Chatstep's private search revealed–the attachment contained apparent child pornography. Therefore, KSP's opening and viewing of the attachments to confirm Chatstep's report of apparent child pornography falls within the private search doctrine, and no Fourth Amendment violation occurred. See Jacobsen, 466 U.S. at 115; Lichtenberger, 786 F.3d at 485-86; Bowers, 594 F.3d at 524-26.
 

CONCLUSION
Because there was no search in violation of the Fourth Amendment, Kendall's motion to suppress should be denied. Chatstep, a private actor, was not acting as a government entity when it detected and reported to NCMEC that Kendall had uploaded an image of child pornography. NCMEC did not open or view the reported image of child pornography, but merely merely queried the IP address provided by the Cyber Tip and determined that the IP address was located in Greenup, Kentucky, before forwarding the tip to the appropriate Kentucky law enforcement authorities. Thus, it conducted no search in violation of the Fourth Amendment. Finally, KSP's did not exceed the scope of Chatstep's investigation and report by opening and viewing the image Chatstep's private search identified as having a hash value matching that of a known image of apparent child pornography, as it was virtually certain to reveal only the image Chatstep previously viewed and tagged.
 
Therefore, it is RECOMMENDED that Kendall's Motion to Suppress [R. 50] be DENIED.
 
The parties are directed to 28 U.S.C. § 636(b)(1) for a review of appeal rights governing this Report and Recommendation. Specific objections to this Report and Recommendation must be filed within fourteen (14) days from the date of service thereof or further appeal is waived. United States v. Campbell, 261 F.3d 628, 632 (6th Cir. 2001); Thomas v. Ann, 728 F.2d 813, 815 (6th Cir. 1984). General objections or objections that require a judge's interpretation are insufficient to preserve the right to appeal. Cowherd v. Million, 380 F.3d 909, 912 (6th Cir. 2004); Miller v. Currie, 50 F.3d 373, 380 (6th Cir. 1995). A party may file a response to another party's objections within fourteen (14) days after being served with a copy thereof. 28 U.S.C. § 636(b)(1)(C); Fed. R. Civ. P. 72(b).
 
This the 30th day of August, 2019.
 
Signed By: