In the digital age, hash values are increasingly a way of identifying data—functioning as a digital fingerprint or serial number. When a digital file—like a picture—is uploaded online, an algorithm assigns it a hash value, which is a theoretically unique value that can be used to identify the image. Hash values don’t reveal anything about the image but are a way of identifying an image and comparing it to other images. When the hash values of two different images match, it tells you that you have 2 copies of the same image but not what the images show.
This is particularly relevant in the world of digital child pornography. Google, for instance, reviews its platform for images of potential child pornography; and, if a file is determined to be child pornography by Google, Google assigns the file a hash value and removes the file from its platform. Google then adds the hash value to database against which future uploads are automatically compared to uncover copies of that file.
When Google identifies an upload with a flagged hash value it sends a report to the National Center for Missing and Exploited Children (NCMEC). Sometimes Google manually reviews the upload, but most of the time the report is done automatically. During this process, the only thing that labels the upload as child pornography is the previously assigned hash value. There isn’t a comparison between the new upload and the original upload that was flagged because Google doesn’t retain the files. So unless Google manually reviews a flagged upload and learns what it depicts, its report to NCMEC doesn’t contain any information about the what the upload depicts.
This can become a Fourth Amendment problem when law enforcement receives a NCMEC report and views the flagged upload without first obtaining a warrant. The Second Circuit recently joined the Ninth Circuit in requiring law enforcement to obtain a search warrant to review files contained in a NCMEC report when the originally reporter—such as Google did not actually review the flagged file before making a report to NCMEC.
In United States v. Maher, the Second Circuit held that the private search doctrine did not apply and salvage the warrantless search of a file Maher emailed to himself through his Google email. Under United States v. Jacobsen, 466 U.S. 109 (1984), the private search doctrine allows law enforcement to repeat a previous search undertaken by private persons without a warrant. As an example, if person A has child pornography on his computer and person B discovers the child pornography while using A’s computer, law enforcement does not need a warrant to search A’s computer for child pornography if B reports finding child pornography on A’s laptop. But, when law enforcement goes beyond the scope of B’s search, the private search doctrine no longer applies and law enforcement needs a search warrant.
In Maher, the Second Circuit held that the private search doctrine did not allow law enforcement to view the reported file without a warrant because the only thing Google reported about the image was that its hash value matched previously flagged child pornography. Google did not manually review Maher’s emailed file and couldn’t compare the actual file in Maher’s email to the originally flagged file because Google no longer possessed the original file. So when law enforcement viewed the reported file, it exceeded the scope of Google’s search—matching the hash value—and needed a search warrant. Critically, if Google had manually reviewed the file, then law enforcement’s later viewing the file would have been within the scope of Google’s private search.
In doing so, the Second Circuit joined the Ninth Circuit’s 2021 decision in United States v. Wilson, 13 F.4th 961 (9th Cir. 2021), which the Ninth Circuit has reaffirmed recently in United States v. Holmes. In Holmes, law enforcement viewed images sent to NCMEC from Facebook before obtaining a warrant and used the information learned from viewing the images to obtain a search warrant. Because this information was obtained without a warrant, it tainted the evidence uncovered from the search warrant obtained using that information.
An important aspect of this is that the Second and Ninth Circuit’s decisions are in conflict with decisions from the Fifth and Sixth Circuits in United States v. Reddick, 900 F.3d 636 (5th Cir. 2018), and United States v. Miller, 982 F.3d 412 (6th Cir. 2020). Although those courts used different reasoning, both held that the private search doctrine allowed law enforcement to view flagged files based solely on the hash value. Other circuit courts have yet to rule on this issue, but it is likely only a matter of time before they or the United States Supreme Court decides to settle the conflict.
