United States District Court, S.D. New York
For Frank DiTomasso, Defendant: Lee Alan Ginsberg, Nadjia Limani, Esq., Freeman Nooter & Ginsberg, New York, NY.
For Government: Margaret Graham, Assistant U.S. Attorney, U.S. Attorney's Office for the Southern District of New York, New York, NY.
OPINION AND ORDER
SHIRA A. SCHEINDLIN, UNITED STATES DISTRICT JUDGE.
Frank DiTomasso faces criminal charges for the production and transportation of child pornography. Much of the government's case against DiTomasso depends on evidence found on his computer -- evidence that he claims was obtained in violation of the Fourth Amendment. Accordingly, DiTomasso has moved to suppress (1) evidence obtained when internet service provider (" ISP" ) American Online (" AOL" ) examined the content of his email, (2) evidence obtained when ISP Omegle.com LLC (" Omegle" ) examined the content of his chats, and (3) all " information and tangible and intangible evidence obtained through subsequent searches by [law enforcement]" as fruit of the poisonous tree.
For the reasons set forth below, DiTomasso's motion to suppress is DENIED in part.
A. AOL Emails
DiTomasso has an AOL email account -- firstname.lastname@example.org. When AOL users send or receive emails that contain attachments, AOL runs two background monitoring systems designed to scan for illicit material, including, but not limited to, child pornography. The programs work by assigning " hash numbers" to image and video files. In essence, hash numbers are unique number-strings that can be used to archive packets of data -- " fingerprint[s]" for electronic media.
AOL employs two different hashing programs. The first -- the Image Detection and Filtering Process (" IDFP" ) -- sweeps for one-to-one matches with known child pornography. If an attached file is a one-to-one match, the email is quarantined -- i.e., diverted from the recipient's inbox -- and an automatic report is generated and sent to the National Center for Missing and Exploited Children (" NCMEC report" ).
AOL's second hashing program -- " photoDNA" -- looks for similarities among hash numbers. If photoDNA identifies an attachment with a hash number close enough to known child pornography to raise alarm, the email is once again quarantined, and " an AOL employee reviews the flagged file to confirm the presence of apparent child pornography."  Once the presence of apparent child pornography is confirmed, the employee " submit[s] a [NCMEC report],"  and the file's hash number is entered into the IDFP database.
On August 17, 2012, two emails intended for email@example.com were hashed and quarantined, giving rise to two corresponding NCMEC reports. The first email, which formed the basis of NCMEC report #1560137, was hashed using photoDNA -- and its contents were reviewed by an AOL employee. The second email, which formed the basis of NCMEC report #1558963, was hashed using IDFP. No AOL employee reviewed its contents.
conditions. First, they forbade users from " post[ing] content that contains explicit or graphic descriptions or accounts of sexual acts or is threatening, abusive, harassing, defamatory, libelous, deceptive, fraudulent, invasive of another's privacy, or tortious."  Second, AOL's terms provided that " AOL reserves the right to take any action it deems warranted" in response to illegal behavior, including " terminat[ing] accounts and cooperat[ing] with law enforcement."  Third, AOL's terms made clear that if users " disclose information about [themselves] publicly . . . others outside of AOL may obtain access to [such] information," and furthermore, that AOL itself may disclose to others -- including law enforcement -- " information [that is] relevant to a crime that has been or is being committed." 
C. Omegle Chats
Omegle.com is an online platform that " randomly pairs a user in a one-on-one session with a stranger, and allows strangers to communicate via text and video chats."  Omegle monitors " for inappropriate content . . . by capturing snapshots from chats that are conducted on Omegle,"  which are then " analyze[d]" by an automated program " for content that is likely to be inappropriate, including, but not limited to, child pornography."  When the automated program flags inappropriate content, the chats are " passed on to two human reviewers,"  and if a reviewer finds evidence of child pornography, a NCMEC report is filed.
On three separate occasions -- November 30, 2012, January 4, 2013, and December 11, 2013 -- snapshots of DiTomasso's Omegle chats were flagged for evidence of child pornography. This led to the filing of three NCMEC reports: #1704143, #1741964, and #2235394, respectively.
charts . . . and monitored," on an ad hoc basis, " for misbehavior." Third, Omegle's policy cautioned users to be " careful about what information [they] reveal" during chats, because " strangers can potentially tell other people ...