Last week, Supreme Court issued a decision in State v. Lizotte, 2018 VT 92, affirming a lower court decision holding that AOL did not act as an agent of law enforcement in violation of the defendant's Fourth Amendment rights when it searched his emails for child pornography and reported its findings to the National Center for Missing and Exploited Children (NCMEC).

The AOL terms of services allowed it to access communications of its users if it believed they were being used for criminal purposes. The decision details how AOL uses its Image Detection Filtering Process to generate MD5 hash values for images sent as email attachments. AOL blocks emails sending images that have hash values of known prohibited images; terminates the email accounts; and then preserves the messages for the NCMEC. AOL does not necessarily open and review emails that it forwards to NCMEC.

NCMEC is a private organization, but 70% of its funding comes from the Department of Justice and the Department of Homeland Security. It is required by law to forward reports to law enforcement authorities and does not always actually open the emails it analyzes.

The Supreme Court did rule that NCMEC was functioning as an agent of government when it opened and processed email received from AOL that it then forwarded to law enforcement. The data at issue in this case consists of a video file identified as contraband by its hash value and an email with an attachment. AOL did not open and view the email, but it did view the video file. The opinion states that, "We conclude that NCMEC and law enforcement did not expand the search conducted by AOL when they opened the video file because at sometime prior AOL had already viewed that document and through the hashing technology law enforcement already knew what was contained therein. To the extent that NCMEC or law enforcement opened and viewed the contents of the email itself, we conclude that this was an expansion of the search conducted by AOL. We hold, however, that because the information from the content of the email was not necessary to provide probable cause, this expansion did not invalidate the warrant." Id. at *P18.

In evaluating whether or not AOL was an agent of government, the Court noted that while the law requires AOL to report violations of federal law prohibiting the sexual exploitation of children, it does not require AOL to search internet communications, and when it does so it uses a tool that it did not develop with government assistance. NCMEC was acting as a government agent because it is required by law to forward reports to law enforcement authorities, and its legal obligations anticipate that it will preserve data and search through it.

Under the Fourth Amendment, there is no government search if law enforcement only views evidence in the scope of a private search. In this case, the Court did not need to open the email attachment in question to know it was contraband because the AOL report on its hash value indicated that it was child pornography. Actually opening the attachment did not expand the search performed by AOL. The Court found that, "a hash value is not like a label written on a box; rather, it is a digital fingerprint that conveys that the information in the file is exactly the same as what was previously viewed." Id. at *P31.