Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

United States v. Tolbert

United States District Court, D. New Mexico

July 27, 2018

UNITED STATES OF AMERICA, Plaintiff,
v.
DONALD ALVIN TOLBERT, Defendant.

          MEMORANDUM OPINION AND ORDER

         This matter is before the Court on Defendant's Motion to Suppress Evidence Obtained in Violation of the Fourth Amendment Under United States v. Ackerman [Doc. 90] in which he asks the Court to suppress all evidence obtained either directly or indirectly as a result of the National Center for Missing and Exploited Children (“NCMEC”) opening his emails and the attachments thereto. Defendant argues that under United States v. Ackerman, 831 F.3d 1292 (10th Cir. 2016), NCMEC is a government entity or agency, and therefore its warrantless searches of his emails violated his rights under the Fourth Amendment, and all evidence obtained thereafter is “fruit of the poisonous tree.” The Government filed a response [Doc. 93] and Defendant filed a reply [Doc. 114]. On April 24-25, 2018 and June 12, 2018, the Court held an evidentiary hearing on the motion to suppress, at which Defendant was present and the Government presented evidence in the form of witness testimony and exhibits. On July 3, 2018, both parties filed written closing arguments. Docs. 123 and 124. After considering the evidence, the briefs, and the arguments of counsel, the Court concludes that the motion to suppress should be denied.

         FINDINGS OF FACT

         Defendant Donald Alvin Tolbert (hereafter, “Tolbert”) has a 2006 state court conviction on two counts of criminal sexual contact of a child under age thirteen, among other charges. Tolbert served a term of years in prison until November of 2009, at which point he began serving concurrent terms of probation and parole. In 2010, the state arrested Tolbert for violating the terms of his probation and parole and reincarcerated him for 330 days. Then, the state released Tolbert a second time, subject to conditions of probation. As part of his release, Tolbert agreed to various standard conditions of probation, including allowing any probation or parole officer to visit him at his home or place of employment at any time, and permitting a warrantless search by the officer if he or she had reasonable cause to believe the search would produce evidence of a parole violation. Ex. A at 6-7. As a convicted sex offender, Tolbert also promised to provide all of his email addresses, usernames, and passwords to his probation officer. Ex. A at 3. Further, he agreed that any computer or electronic device to which Tolbert had access could “be examined for inappropriate content [which expressly included child pornography] at any time.” Ex. A at 3.

         On September 1, 2012, five emails with a total of fifteen attachments were sent through American Online (“AOL”) by a user with the email address ddt123abc@aol.com —an email address allegedly belonging to Tolbert. See Exs. D1-D5 (NCMEC Cyber Tipline Report IDs 1576684, 1576685, 1576686, 1576688, and 1576689). Three of these emails were sent to a user with the email address donnieisagod@aol.com —also allegedly belonging to Tolbert. See Exs. D1, D2, and D3. The other two emails were sent to a third party email address, widd2703@web.de. Exs. D4 and D5. In accordance with its practice in 2012, AOL did not initially open or view the files attached to the emails. Trans. 4/25/18 at 35; Trans. 6/12/18 at 129-30, 135.[1] However, by scanning the emails and attachments using software employing “hash value” matching[2], AOL detected the presence of suspected child pornography. As it is required to do by law, AOL electronically submitted the five emails and corresponding CyberTip reports concerning suspected child pornography to the National Center for Missing and Exploited Children (“NCMEC”). Exs. D1-D5; Trans. 4/24/18 at 18-20, 24; 18 U.S.C. § 2258A. These CyberTips provided by AOL to NCMEC included (1) the email addresses of both the senders and the recipients of the emails, (2) the subjects of the emails, along with all of their attachments; (3) identification of the specific attachments which had been hash value matched as child pornography; and (4) the IP address[3] corresponding to the email sender for all five emails. Exs. D1-D5. See, e.g., Ex. D1 at 191.

         AOL's software also automatically prevented the five emails and their attachments from reaching their intended recipients, then terminated and saved a snapshot of the user's account. Trans. 4/25/18 at 8, 15. The entire process was fully automated, meaning no AOL employee opened or read the emails or attachments before AOL sent the CyberTip to NCMEC. Trans. 4/25/18 at 14, 18, 64; Trans. 6/12/18 at 128-30. However, in 2012 an AOL employee did open and view the email and attachments the next business day after the CyberTip was sent to NCMEC in order to confirm that the hashed image did in fact belong in AOL's database of images of child pornography. Trans 4/25/18 at 14. 35, 64; Trans. 6/12/18 at 130.

         On September 5, 2012, NCMEC[4] opened and then viewed the five emails and their attachments forwarded by AOL along with the CyberTips and determined that the attachments appeared to contain child pornography. Ex. D1 at 195. It did so without seeking or obtaining a search warrant. It then conducted various searches on various publicly available databases for the IP address associated with the five emails, for the two email addresses listed above, as well as for the names “Donnie T” and “Don Tolbert.” See Ex. D1 at 195-217. The open source searches on the IP address were conducted in order to locate the sender in a particular geographic area—in this case, Albuquerque, New Mexico. Trans. 4/24/18 at 38-41 and 72-76; Ex. D1 at 197-203. NCMEC then performed public, online searches on some of the information sent by AOL in the CyberTip, including the two email addresses noted above that were associated with the five emails and other unique identifiers, such as “YUNGMUFFMAN” and then eventually to someone named “Donnie, ” then “Don Tolbert, ” then Margaret Tolbert and her Albuquerque address, and then eventually to a Donald Alvin Tolbert in Albuquerque, New Mexico with a specific address and date of birth. Trans. 4/24/18 at 77-87; Ex. D1 at 203-217.

         NCMEC then forwarded the CyberTip reports containing those emails and attachments, as well as the results of its public record searches, to the New Mexico Attorney General's Office, Internet Crimes Against Children (“ICAC”) division. See, e.g., Ex. D1 at 216. The ICAC is the clearinghouse for CyberTips with a connection to New Mexico. Trans. 4/24/18 at 164. An analyst with the Attorney General's Office reviewed the CyberTips, including the hash-matched images, and ran open source searches regarding the associated IP address to determine that the source of the emails is in New Mexico. Id. at 168-170. Then, the analyst refers the CyberTips to the Special Agent in Charge, who assigns them to law enforcement for further investigation. Id. at 171. Certain types of cases, including those involving registered sex offenders on probation, take high priority. Id. at 172-73, 194-96.

         On September 7, 2012, Special Agent Owen Pena of the AG's office was assigned to conduct an investigation regarding the five CyberTips relating to “Donald Alvin Tolbert.” Trans. 4/24/18 at 180, 183, 193. By using open source searches on the IP address associated with the email addresses donnieisagod@aol.com and ddt123abc@aol.com listed in the CyberTip reports, Pena verified the geographical connection between the IP address and Albuquerque, New Mexico. Id. at 182-83. Using that information, Pena obtained grand jury subpoenas duces tecum for information associated with the IP address from ISP CenturyLink as well as information from AOL regarding the two email addresses. Id. at 183; Ex. J. AOL's response to the subpoena resulted in information linking donnieisagod@aol.com with “Donald Tolbert” at an address in Albuquerque, New Mexico, 87105. Id. at 184-85. Century Link responded to the subpoena with information linking the IP address with “Margaret Tolbert” at an address on 57th Street in Albuquerque, New Mexico. Id. at 186. Pena further found that the IP address associated with the above was also associated with an account on a Russian file uploading website, IMGSRC, under the name YUNGMUFFMAN. Id. at 187. That public account contained pictures of young girls, some of them naked. Id. at 187-88; Ex. L. The “real name” listed for the owner of the account was “Donnie, ” with the email address ddt666abc@gmail.com. Ex. L. Under “user info, ” it states: “I love girls between 8-15. Someone told on me got my other 2 email accounts cancelled. AOL has something that reads your emails.” Ex. L. After determining that the emails in the CyberTips were associated with Donald Tolbert, Pena called Tolbert's probation officer and confirmed that he was a registered sex offender on probation in New Mexico. Trans. 4/24/18 at 189-90.

         Pena contacted Christina Altamirano, an agent with Homeland Security Investigations specializing in internet crimes against children and sexual exploitation crimes. Trans. 5/25/18 at 67-69; Trans. 4/24/18 at 190. Altamirano met with Pena and reviewed the evidence that he had obtained regarding Tolbert. Trans. 5/25/18 at 69-70. This included subscriber information from AOL and Century Link, as well as five NCMEC reports and associated videos. Using that evidence, Altamirano prepared and obtained search warrants for AOL regarding the two email addresses mentioned in the CyberTip reports, ddt123abc@aol.com and donnieisagod@aol.com. Id. at 71. These warrants revealed subscriber information for the two email addresses, along with IP addresses, times, and dates the accounts were used. Id. at 71-72; Exs. M and N. Similarly, Pena obtained search warrants for Tolbert's residence, as well as that of Tolbert's mother. Id. at 74; Trans. 4/24/18 at 190-91; Exs. K1 and K2. At Tolbert's residence, officials seized cell phones, a notebook, photographs, books and videos. Trans. 5/25/18 at 74. At his mother's home, they found two computers, a digital camera, and a cell phone. Id. at 75. Police found photos and videos depicting child pornography on the two computers seized at Tolbert's mother's home. Id. at 75-76.

         After the Tenth Circuit released the Ackerman decision, the Rio Rancho police department obtained a new search warrant for the two computers without the benefit of the contents of the emails and the attached videos and images. Trans. 5/25/18 at 105. The computers were reexamined, and child pornography images and videos were again found on those machines. Id. at 76-77. In an interview, Margaret Tolbert told police that she and Defendant were the only ones with access to those computers. Id. at 79.

         Altamirano testified in some detail, and with credibility, about the steps that she would have taken and the investigation she would have conducted if the CyberTips in this case had come to her without the opened emails and attachments (photos and videos) for her to examine. See Trans. 4/25/18 at 80-97. Altamirano explained that even without the emails and attachments, she still would have conducted an investigation that would have ended in obtaining the emails and attachments, as well as connecting them to Tolbert. Id. For example, Altamirano could have used the fact that AOL obtained a hash value match to obtain a search warrant for the emails and their attachments, as well as to obtained the name and address of the user associated with that account. Id. at 81-83. She also explained that once she had a name and address of the AOL account user, she could use law enforcement and open source databases to find out more information about that person. In this case, that information would have led Altamirano to Tolbert, and information about his prior criminal case. Id. at 83-86. Altamirano also admitted that she had never actually done this, as all of the NCMEC CyberTips she had worked with in the past contained opened emails and/or attachments. Id.at 99-100.

         DISCUSSION

         Tolbert moves to suppress “all evidence obtained directly or indirectly as a result of NCMEC's warrantless search.” Doc. 90 at 9. He reasons that under the Tenth Circuit's decision in United States v. Ackerman, 831 F.3d 1292 (10th Cir. 2016), NCMEC is a government entity or agent and therefore was required to obtain a warrant prior to performing searches by opening his emails and their attachments. He contends that all evidence obtained as a result of the warrantless searches is “fruit of the poisonous tree” and must be suppressed.

         In its opposition to the motion to suppress, the Government relies on numerous arguments in support of the conclusion that the exclusionary rule does not apply. First, the government contends that Tolbert had no legitimate expectation of privacy in his emails because of both the terms of his probation and the terms of the AOL user agreement. Second, it contends that despite the Tenth Circuit's ruling to the contrary in United States v. Ackerman, 831 F.3d 1292 (10th Cir. 2016), NCMEC is not a governmental entity or agent and therefore cannot have violated Tolbert's Fourth Amendment rights. Third, it argues that the “special needs” exception to the warrant requirement applies here. Fourth, the government argues that under the “totality of the circumstances” exception to the warrant requirement, there was no constitutional violation. Fifth, the government contends that the “good faith” exception to the warrant requirement justified the search of Tolbert's emails. Sixth, the government argues that the email evidence should be not suppressed because it would have been inevitably discovered. Seventh, it contends that the evidence should not be suppressed due to the attenuation of the taint.

         The Court concludes that despite the fact that NCMEC opened the emails and attachments without a warrant, the evidence should not be suppressed because both the good faith and the inevitable discovery exceptions to the warrant requirement apply here. Having reached that conclusion, the Court will not reach the other arguments raised by the parties.

         I. Legal Standard

         The Fourth Amendment to our Constitution protects persons against unreasonable searches and seizures in their “persons, houses, papers, and effects.” U.S. Const. amend. IV. “The basic purpose of this Amendment . . . is to safeguard the privacy and security of individuals against arbitrary invasions by governmental officials.” Camara v. Mun. Court of City & Cnty. of S.F., 387 U.S. 523, 528 (1967). “The exclusionary rule has traditionally barred from trial physical, tangible materials obtained either during or as a direct result of an unlawful” search or seizure. Wong Sun v. United States, 371 U.S. 471, 485 (1963).

         II. The ...


Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.