U.S. v. Ackerman (2016)
Since its founding in 1984, the National Center for Missing & Exploited Children (NCMEC, often pronounced “Nick-meck”) has served as a national clearinghouse and resource center for information about missing and exploited children. The organization’s toll-free hotline has received millions of calls reporting information on missing children. NCMEC assists law enforcement in locating missing children. It has volunteers who provide resources and emotional support to families of missing and exploited children.
NCMEC commonly comes up in my cases through its Cyber Tipline. This is a portal where electronic service providers, such as Google, Yahoo, and AOL, can report instances of suspected child sexual exploitation, including possession of child pornography.
If an electronic service provider suspects that a user’s account contains child pornography, they will send a report to the Cyber Tipline. That report will specify the username, the user’s IP address, and the files that appear to contain child pornography.
How would an ESP know that a file contained child pornography? Every individual piece of computer information, be it a document, image, or video file, has a specific code that is unique to the document or image; think of it as an electronic finger print. That code, known as a hash value, is just a long string of numbers and letters. As long as the information is not altered, the hash value remains the same, no matter how many times the information is copied or transmitted. Over time, law enforcement agencies have compiled a list of hash values of many child pornography images and videos in circulation.
The ESP can search a user’s files for any of the known child pornography hash values. If they get a match, they send a report to NCMEC. In many cases, NCMEC then opens the files or emails to verify that they contain child pornography. If they do, NCMEC notifies a local or federal law enforcement agency.
That process has been accepted for years. NCMEC has been allowed to open and search through people’s computer files and emails as they saw fit.
But what about the constitution’s Fourth Amendment, every American’s protection against improper searches? Doesn’t NCMEC need a warrant or something?
Remember, if the police search your house without a warrant, or probable cause and an exception to the warrant requirement, it’s a violation of your Fourth Amendment rights. But if your neighbor searches your house, it may be an invasion of your privacy and perhaps a crime, but it does not violate the Fourth Amendment. That’s because the Fourth Amendment (like most rights in the constitution) protects you only against actions by the government. Your nosey neighbor is not the government; therefore, they cannot violate your Fourth Amendment rights.
NCMEC is a private non-profit corporation, formed and staffed by private citizens. When a guy sitting at a computer in Bellevue or Bellingham or Yakima is charged with possessing something NCMEC found on his computer, I have not been able to help him by arguing that his constitutional rights were violated. Courts have said the Fourth Amendment didn’t come into play because NCMEC is a private organization, not a government agency.
But wait! NCMEC is statutorily mandated to collaborate with federal, local, and state law enforcement. The federal statutes also confer duties and powers on NCMEC that are not enjoyed by any other private person or entity. The Cyber Tipline itself is statutorily mandated for NCMEC to operate. By statute, NCMEC is obligated to forward every report it receives to law enforcement.
Also, NCMEC is statutorily authorized to receive and view child pornography. Such actions subject other persons to criminal prosecution.
NCMEC has many law enforcement agents working at various levels in the organization, and government officials represent a large portion of its board of directors. And as much as 75% of its budget comes from the federal government.
Isn’t what quacks like a duck, a duck?
Lately, the courts have started to answer “yes.” Some judges have rejected the notion that NCMEC is shielded from Fourth Amendment scrutiny.
In 2013, a United States District Court in Massachusetts found that NCMEC was acting as a government agent when it searched the defendant’s computer files, thus implicating the Fourth Amendment. U.S. v. Keith, 980 F.Supp.2d 33 (D. Mass. 2013). In August of 2016, the United States Court of Appeals for the Tenth Circuit held that NCMEC was a government agent and that its unwarranted search of the defendant’s emails implicated the Fourth Amendment. U.S. v. Ackerman, 831 F.3d 1292 (10th Cir. 2016).
I hope the days of NCMEC searching people’s private and sensitive computer files without regard to the protections of the Fourth Amendment are coming to an end. As the Ackerman court noted, the government should not be able to “evade the most solemn obligations imposed in the Constitution by simply resorting to corporate form.”