AOLs terms of service amount notice to the user that AOL looks for illegal email content and reports it. Therefore, he lacks a reasonable expectation of privacy and he consented to AOL turning them over to NCMEC. [B]y agreeing to AOLs terms of service, DiTomasso consented to a search of his AOL emails by law enforcement, thereby waiving his Fourth Amendment rights. United States v. DiTomasso, 2014 U.S. Dist. LEXIS 152505 (S.D. N.Y. October 28, 2014) (Note: This conclusion was not arrived at easily.):
DiTomasso has an AOL email account firstname.lastname@example.org. When AOL users send or receive emails that contain attachments, AOL runs two background monitoring systems designed to scan for illicit material, including, but not limited to, child pornography. The programs work by assigning hash numbers to image and video files. In essence, hash numbers are unique number-strings that can be used to archive packets of data fingerprint[s] for electronic media.
AOL employs two different hashing programs. The first the Image Detection and Filtering Process (IDFP) sweeps for one-to-one matches with known child pornography. If an attached file is a one-to-one match, the email is quarantined i.e., diverted from the recipients inbox and an automatic report is generated and sent to the National Center for Missing and Exploited Children (NCMEC report).
AOLs second hashing program photoDNA looks for similarities among hash numbers. If photoDNA identifies an attachment with a hash number close enough to known child pornography to raise alarm, the email is once again quarantined, and an AOL employee reviews the flagged file to confirm the presence of apparent child pornography. Once the presence of apparent child pornography is confirmed, the employee submit[s] a [NCMEC report], and the files hash number is entered into the IDFP database.
On August 17, 2012, two emails intended for email@example.com were hashed and quarantined, giving rise to two corresponding NCMEC reports. The first email, which formed the basis of NCMEC report #1560137, was hashed using photoDNA and its contents were reviewed by an AOL employee.10 The second email, which formed the basis of NCMEC report #1558963, was hashed using IDFP. No AOL employee reviewed its contents.
. . .
Third, the government suggests that DiTomasso had no expectation of privacy in his electronic communications because the ISPs responsible for facilitating those communications AOL and Omegle warned him that they might be monitor[ing] his activity. Given DiTomassos clear and explicit notice that AOL reserved the right to . . . disclose the content of his communications to law enforcement, if [DiTomasso used] his email account for illegal activities, and that Omegle was using an automated system to screen [DiTomassos chats] and potentially share [them] with third parties, including law enforcement, the government argues that DiTomasso can claim no reasonable expectation that his emails and chats would not be review[ed].
Along with the Sixth and Ninth Circuits, both of whom have addressed variations on this argument,[Warshak and Quon] I conclude that it would subvert the purpose of the Fourth Amendment to understand its privacy guarantee as waivable in the sense urged by the government. In todays world, meaningful participation in social and professional life requires using electronic devices and the use of electronic devices almost always requires acquiescence to some manner of consent-to-search terms. If this acquiescence were enough to waive ones expectation of privacy, the result would either be (1) the chilling of social interaction or (2) the evisceration of the Fourth Amendment. Neither result is acceptable.
Originally posted here:
S.D.N.Y.: ‘[B]y agreeing to AOL’s terms of service …