Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

United States v. Reddick

United States District Court, S.D. Texas, Corpus Christi Division

April 13, 2017




         Defendant Henry Franklin Reddick (Reddick) is charged by indictment with four counts of possession of child pornography. D.E. 1. Before the Court is his motion to suppress evidence (D.E. 34). First, he seeks to exclude all of the alleged images of child pornography that a private party referred-in unopened electronic files-to law enforcement. His reasoning is that the officer engaged in a search beyond the scope of the private party's investigation by opening and viewing the contents of those electronic files without a warrant (Phase I search). Second, he seeks to exclude all evidence found in his home and on his computer because the search warrant used to search his property (Phase II search) was based, in part, on the information gleaned from the initial warrantless viewing.

         The Government argues that it did not engage in an unreasonable search and seizure because its Phase I search did not exceed the scope of the private investigation and referral. Alternatively, the Government argues that if it exceeded the scope of the private search, the good faith exception to the exclusionary rule permits admission of the evidence the officers found when executing what they believed was a valid search warrant. D.E. 36, 41. Reddick responds that the Phase I search exceeded the scope of any private search and the officer's conduct in securing the Phase II search warrant takes it outside the good faith exception to the exclusionary rule. D.E. 40.[1] For the reasons set out below, the Court DENIES the motion to suppress.


         PhotoDNA is a software program using an algorithm by which still and video digital images are converted to grayscale, broken down into grids of data, and assigned certain alphanumeric values associated with the hue gradient of the target material, arriving at what is called a “hash value.” The hash value has been described as an electronic equivalent of a fingerprint[2] in that two iterations of the same image will, to an over 99% level of accuracy, produce the same hash value.[3] Conversely, the chances of two different images generating the same hash value is nearly non-existent.

         Some of the advantages to using the PhotoDNA software include the ability to scan large numbers of electronic files for their hash values in very little time, and doing so without exposing the images to viewers. The software thus ferrets out child pornography and protects children from additional exploitation. While hash values are useful and reliable for identifying matches to known images, one cannot recreate an image or determine its content solely from its hash value. Therefore, without viewing the electronic image or the material from which the matching hash value was sourced, one cannot say with certainty that the electronic file is, in fact, contraband. The high likelihood that it is contraband stems from the integrity of the database of offending hash values used to test for matches.

         With the imprimatur of the federal government, [4] the National Center for Missing and Exploited Children (NCMEC) established a database containing the hash values of known images that contain confirmed or suspected child pornography. There are multiple contributors to the database and, on this record, it is uncertain what criteria govern and whose judgment is used when a particular hash value result is included in the NCMEC database. And, because the original images from which offending hash values were generated are destroyed, there is no readily available matching image to view to confirm the illegal nature of a matched hash value image.

         Reddick submits that the judgment call used to populate the NCMEC database may lead to adult pornography being submitted erroneously as child pornography or there may be contributions that cause other false positives in searching for contraband. D.E. 40, p. 2 n.1 (citing a New York Post article regarding one such misidentification of an adult as a child). However, there is no evidence that such over-inclusiveness has occurred in the NCMEC database or is widespread, impugning the overall integrity of the database. Instead, law enforcement regularly relies on a hash value match with the NCMEC database results to successfully identify images that are, indeed, images of child pornography.

         Many internet service providers, desiring to avoid any reputation for aiding those who possess or transmit child pornography, use PhotoDNA to scan files that customers upload through the service providers' browsers, applications, or cloud storage facilities. They then compare the hash value results with the hash values in the NCMEC database. When they get a match, they refer the files, along with subscriber information, to NCMEC as required by law. NCMEC, without opening the electronic file, generates a report and conducts an initial investigation, limited to confirming the hash value match and identifying the location of the internet user whose equipment uploaded the matching file. NCMEC then forwards the report (CyberTipline report) to the appropriate law enforcement agency with geographic jurisdiction over the internet user for further investigation.

         Reddick made use of software systems that stored his electronic files in a cloud maintained by Microsoft Corporation and referred to as Skydrive. At the suppression hearing, Reddick did not offer evidence of any terms on which his files were so maintained. The Government offered the standard end user agreement of Microsoft OneDrive for that purpose. While OneDrive is the current electronic system formerly referred to as Skydrive, the Government's witnesses could not testify that the current OneDrive agreement stated the same terms that were in place when the events of this case transpired-during the Skydrive period. The Court therefore excluded the OneDrive agreement from evidence. While the Government's witnesses then testified that there is a standard in the industry by which privacy rights are waived in cloud storage agreements, permitting PhotoDNA scans and law enforcement referrals, they were not able to opine that the specific agreement governing Reddick's account met that standard.

         At any rate, Microsoft Skydrive conducted a hash value examination of electronic files on its system, including those related to Reddick. Several of Reddick's files generated hash values that matched hash values in the NCMEC database. As required by law, Microsoft Skydrive copied the electronic files and referred them to NCMEC, along with Reddick's subscriber information and other metadata that identified when and how the files were uploaded. NCMEC determined that Reddick was within the jurisdiction of Corpus Christi, Texas.

         On March 10, 2015, the Corpus Christi Police Department (CCPD) Organized Crime Unit-Internet Crimes Against Children (ICAC) Task Force received three CyberTipline reports from NCMEC, containing 13, 50, and 16 electronic files, respectively. The NCMEC transmission of the files to CCPD-ICAC included the assertion that the files had been hash value matched, but had not been opened or viewed. Officer Michael Ilse, a CCPD-ICAC member, received the reports and opened and viewed the contents of the files (Phase I search) to confirm that the images depicted child pornography. He testified that he always visually confirms that the files contain child pornography before seeking a search warrant and that this is the established practice of all detectives he knows who investigate these crimes.

         Officer Ilse then submitted an affidavit with a request for a search warrant to search and seize Reddick's computer and related materials (Phase II search). In his affidavit, among other things, he recounts the NCMEC CyberTipline reports, describes the matching of hash values, lists some of the file names, [5] and recites that he opened and viewed the files, stating why they appear to contain child pornography. A state district judge issued the warrant on April 9, 2015. CCPD searched Reddick's residence, including several digital devices, and found evidence of child pornography, including 456 still images and 13 videos. Nine of those files matched those transmitted to CCPD in the NCMEC CyberTipline reports. Reddick was later arrested on November 10, 2016.


         A. Burden of Proof

         Reddick asserts that Officer Ilse's review of the files uploaded to Skydrive (Phase I search) was a warrantless search in violation of the Fourth Amendment. And because the subsequent Phase II search was conducted pursuant to a warrant that was based on information accessed through the Phase I warrantless search, the evidence obtained is fruit of the poisonous tree. Accordingly, all evidence obtained as a result of the Phase I warrantless search of the files uploaded to Skydrive must be suppressed. D.E. 34, p. 2.

         Unconstitutional ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.