Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

State v. Lizotte

Supreme Court of Vermont

August 17, 2018

State of Vermont
Stuart Lizotte, Jr.

          On Appeal from Superior Court, Rutland Unit, Criminal Division Cortland Corsones, J.

          Thomas J. Donovan, Jr., Attorney General, and Ultan Doyle, Assistant Attorney General, Montpelier, for Plaintiff-Appellee.

          Allison N. Fulcher of Martin & Associates, Barre, for Defendant-Appellant.

          Christopher J. Schmidt, St. Louis, Missouri, Logan Rutherford, Kansas City, Missouri, and Lawrence G. Scarborough, New York, New York, of Bryan Cave LLP, for Amicus Curiae The National Center for Missing and Exploited Children.

          PRESENT: Reiber, C.J., Skoglund, Robinson, Eaton and Carroll, JJ.

          SKOGLUND, J.

         ¶ 1. This case requires us to consider whether defendant's Fourth Amendment rights were violated when his online service provider, AOL, searched his transmissions, detected suspected child pornography, and sent information to the National Center for Missing and Exploited Children (NCMEC), which opened the email and attachment and provided it to law enforcement. We conclude that AOL was not acting as an agent of law enforcement when it searched defendant's transmissions, and that NCMEC and law enforcement did not expand AOL's private search by viewing the file already identified by AOL as containing child pornography. In addition, any expansion of the search by opening the related email did not invalidate the warrant because the other information in the affidavit independently provided probable cause to search. We affirm.

         ¶ 2. The following facts are not disputed. Defendant registered an account with America Online, now known as AOL, an electronic service provider (ESP) and internet service provider (ISP), which was in effect in March 2013. He registered it under the screenname "lilstuisthebest." This is the account used to send the emails and attachments at the heart of this case. To use AOL's services, AOL requires its users to agree to its Terms of Service and Privacy Policy (TOS). The terms are designed to protect AOL's rights and to control members' behavior online and when using its services. At the time in question, the TOS specifically stated, among other things, that AOL could access the content of communications if it believed a crime had been committed, and that users could not post, transmit, or distribute illegal content. In addition, the TOS explained that if illegal material was posted or transmitted, then AOL would cancel the account and cooperate with law enforcement.

         ¶ 3. AOL monitors the content users send on its network through tools including Image Detection Filtering Process (IDFP).[1] IDFP uses the MD5 algorithm to compute the hash value of attachments and embedded images in messages sent by, replied to, or forwarded by an AOL user. The MD5 hash values are obtained by applying a mathematical algorithm to a digital file or data set. The resulting hash value is a unique numerical representation of that digital file or data set. Two images that are pixel-for-pixel identical will have the exact same hash value, and therefore, the hash value is referred to as a digital fingerprint. See United States v. Henderson, 595 F.3d 1198, 1199 n.2 (10th Cir. 2010) (explaining that hash value is unique alphanumeric sequence developed from pixel-by-pixel analysis of particular image or video and called "digital fingerprint" because it is, "so far as science can ascertain presently, unique").

         ¶ 4. MD5 hash values are a well-established means of identifying and verifying electronic files. Using the hash algorithm, the scanning system can scan numerous files and identify those files with known hash values. The hash values used to identify images of apparent child pornography within AOL's system are created by AOL. All the hash values contained in AOL's data set were derived from images of apparent child pornography that have at one time been viewed by an AOL Graphics Review Team representative and determined to contain apparent child pornography. If the image is altered in any way, the hash value will not match.

         ¶ 5. When a file is identified by AOL using IDFP as having the same hash value as a file previously categorized as apparent child pornography, the file does not reach its intended destination, the sender's email account is terminated, the account is preserved, and AOL automatically files a report with NCMEC's CyberTipline. AOL sends a copy of the full email, the header information, and a copy of any image or files attached or embedded in the email. The header information is metadata about the email including routing information. AOL does not necessarily view the flagged file prior to submitting it to NCMEC, relying solely on the identification of the images by the hash value and its previous observation of the image with the same hash value. NCMEC cannot tell whether the file has been opened, but the report transmitted has a place for the ESP to indicate whether the file has previously been viewed.

         ¶ 6. NCMEC is a private, nonprofit corporation. Its mission is to help find missing children, reduce child sexual exploitation, and prevent child victimization. NCMEC has five main project areas: (1) missing children; (2) child sexual exploitation; (3) training; (4) safety and prevention; and (5) child victim and family services. NCMEC has 350 employees over several different departments and divisions. None of NCMEC's employees are government employees or active law enforcement officers. NCMEC is funded through private donations, federal grants, foundations, and corporate donations. Approximately seventy percent of its funding, around thirty-four million dollars, comes from federal grants from the Department of Justice and the Department of Homeland Security.

         ¶ 7. The Child Exploitation Division of NCMEC operates the CyberTipline and a child victim identification program. The child victim identification program uses hash values to identify images that contain child victims. The CyberTipline receives tips related to child exploitation. Reports can be submitted online. The CyberTipline was created through a grant and, at the time, law enforcement did not have any involvement in the program. The government was not involved in initiating the program and no statutes governed its operation. Since then, the federal government has enacted several laws related to the CyberTipline. Currently, federal law requires ESPs and ISPs to report apparent child pornography to NCMEC through the CyberTipline. See 18 U.S.C. § 2258A(a). NCMEC is then required to forward the report to law enforcement. Id. § 2258A(c)(1). Although ISPs and ESPs are not required to register with NCMEC, about twenty-five percent of them are registered, including AOL. Once registered with NCMEC, ESPs provide reports to the CyberTipline using a secure encrypted electronic connection that gives them the ability to upload files with their reports. Of the four million tips to the CyberTipline in 2015, ninety-eight percent were made by ESPs.

         ¶ 8. After NCMEC receives a report, the report is locked and cannot be altered. A staff member then uses publicly available tools to try to identify potential geographic information pertaining to the individual who is the subject of the report, as well as the geographic information of the ESP potentially used in the possession, receipt, or transmission of the apparent child pornography image files. After the staff member has determined a potential geographic location and the relevant ESP information, a CyberTipline report is made available to a law enforcement agency in the identified potential geographic location using a secured virtual private network. NCMEC is required by federal legislation to transmit or forward the report to the appropriate law enforcement agency for investigation. See 18 U.S.C. § 2258A(c)(1)-(3) (requiring NCMEC to forward each report "to any appropriate law enforcement agency designated by the Attorney General" and allowing NCMEC to forward report to state law enforcement or foreign law enforcement); 34 U.S.C. § 11293(b)(1)(P) (describing that annual grant to NCMEC should be used to "operate a cyber tipline to provide online users and electronic service providers an effective means of reporting Internet-related child sexual exploitation"). NCMEC staff do not always open and view files before forwarding them to law enforcement. Staff sometimes open images for two reasons: to make sure the file was transmitted properly and to identify the location of the image, and therefore the involved minor, in furtherance of their goal of helping victims.

         ¶ 9. Law enforcement uses the private network to access and obtain the report. NCMEC neither has control over any subsequent investigation nor does it follow up with law enforcement on any tips that NCMEC sent.

         ¶ 10. In this case, AOL identified two emails that contained files with hash values matching AOL's database of suspected child pornography. AOL isolated the transmissions and did not allow the emails to be sent to their intended recipient. AOL then submitted two reports to NCMEC labelled as 1812852 and 1812853.[2] AOL reported an individual using an email address of and provided the associated IP address. AOL identified the incident as child pornography based on its IDFP analysis. The attachment file name was referenced in the header information. The header also contained the MD5 hash value of the file that was sent. Staff at AOL did not view either the content of the two emails or the attachment at the time the report was made. Once received by NCMEC, a staff person at the CyberTipline viewed the video attachment and the opened the email. Using publicly available internet tools, that staff person determined that the IP address identified by AOL was associated with a Comcast account having a potential geographic location of Rutland, Vermont. Consequently, the CyberTipline sent a notification of reports 1812852 and 1812853 to the Office of the Vermont Attorney General for independent review and potential investigation.

         ¶ 11. The Attorney General's Office has a unit called Internet Crimes Against Children task force (ICAC). A detective from that unit received an email from NCMEC stating a tip was available. He logged onto the NCMEC virtual private network and downloaded the reports designated as 1812852 and 1812853. The reports indicated that AOL had not viewed the attachment. The detective opened and viewed both the emails and the video attachment. The detective applied for a warrant to search defendant's residence and any electronic devices found therein. The search warrant affidavit included information about NCMEC and the CyberTipline. The affidavit also provided the name of the attached video, a description of the video contents, information about the sender, and content from the emails. A subsequent search warrant was obtained to get information about the AOL account from AOL.

         ¶ 12. Based on information obtained from these searches, defendant was charged with four counts of possessing child pornography, three counts of promoting child pornography, three counts of aggravated sexual assault, and one count of lewd and lascivious conduct.[3] Defendant moved to suppress. He argued that he had a reasonable expectation of privacy in his emails and related attachments and that his rights under both the Fourth Amendment of the U.S. Constitution and Article 11 of the Vermont Constitution were violated because law enforcement opened the attachment and his email before obtaining a warrant.

         ¶ 13. The court denied the suppression motion. Based on defendant's agreement to the TOS with AOL, which notified defendant that his communications could be accessed or disclosed if there was a good faith belief a crime had been committed, the court held that defendant had no reasonable expectation of privacy in the transmissions involved in this case. With no expectation of privacy, the court concluded there was no violation of defendant's rights.

         ¶ 14. The court rejected the argument that AOL and NCMEC were acting as agents of law enforcement and therefore that their searches required a warrant. The trial court found the following: that law enforcement was not involved with AOL's process of identifying apparent child pornography and AOL was not working as an agent of same; no law enforcement or government entity was involved in setting up the CyberTipline and law enforcement did not direct NCMEC to establish it; the government neither directs nor provides guidance to NCMEC in its processing of CyberTipline reports; law enforcement is not involved with NCMEC's process of collecting reports; and NCMEC has no control over any subsequent criminal investigation and does not follow up with law enforcement on any tips that are sent. Based on these findings the court concluded that neither AOL nor NCMEC were functioning as agents of law enforcement and their private searches were not precluded by the Fourth Amendment. Finally, the court concluded that, even if NCMEC was a government agent, neither NCMEC nor law enforcement in the form of the detective, expanded the scope of the AOL search.

         ¶ 15. Defendant then entered a conditional guilty plea, pleading guilty to two counts of aggravated sexual assault, one count of possessing child pornography, and two counts of promoting child pornography. He reserved the right to appeal the denial of his motion to suppress. More information about the plea colloquy is set forth below. After a ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.