The used of specialized software to scan a hard drive for hash values of child pornography is reasonable. Defendant argued that at least one adult image of pornography had been uploaded to NCMEC’s database, but that doesn’t make every search against the NCMEC database unreasonable. United States v. Reddick, 2017 U.S. Dist. LEXIS 56577 (S.D.Tex. April 13, 2017):
Reddick submits that the judgment call used to populate the NCMEC database may lead to adult pornography being submitted erroneously as child pornography or there may be contributions that cause other false positives in searching for contraband. D.E. 40, p. 2 n.1 (citing a New York Post article regarding one such misidentification of an adult as a child). However, there is no evidence that such over-inclusiveness has occurred in the NCMEC database or is widespread, impugning the overall integrity of the database. Instead, law enforcement regularly relies on a hash value match with the NCMEC database results to successfully identify images that are, indeed, images of child pornography.
Many internet service providers, desiring to avoid any reputation for aiding those who possess or transmit child pornography, use PhotoDNA to scan files that customers upload through the service providers’ browsers, applications, or cloud storage facilities. They then compare the hash value results with the hash values in the NCMEC database. When they get a match, they refer the files, along with subscriber information, to NCMEC as required by law. NCMEC, without opening the electronic file, generates a report and conducts an initial investigation, limited to confirming the hash value match and identifying the location of the internet user whose equipment uploaded the matching file. NCMEC then forwards the report (CyberTipline report) to the appropriate law enforcement agency with geographic jurisdiction over the internet user for further investigation.
Reddick made use of software systems that stored his electronic files in a cloud maintained by Microsoft Corporation and referred to as Skydrive. At the suppression hearing, Reddick did not offer evidence of any terms on which his files were so maintained. The Government offered the standard end user agreement of Microsoft OneDrive for that purpose. While OneDrive is the current electronic system formerly referred to as Skydrive, the Government’s witnesses could not testify that the current OneDrive agreement stated the same terms that were in place when the events of this case transpired—during the Skydrive period. The Court therefore excluded the OneDrive agreement from evidence. While the Government’s witnesses then testified that there is a standard in the industry by which privacy rights are waived in cloud storage agreements, permitting PhotoDNA scans and law enforcement referrals, they were not able to opine that the specific agreement governing Reddick’s account met that standard.