UNITED STATES OF AMERICA, Plaintiff - Appellee, v. GUY ROSENSCHEIN, Defendant - Appellant.
No. 23-2017
United States Court of Appeals, Tenth Circuit
May 12, 2025
PUBLISH.
Submitted on the briefs:*
Alexander M.M. Uballez, United States Attorney, and Tiffany L. Walters, Assistant United States Attorney, Albuquerque, New Mexico, for Plaintiff-Appellee.
Before HARTZ, EID, and CARSON, Circuit Judges.
EID, Circuit Judge.
In 2016, an anonymous user uploaded images of child pornography to Chatstep, an internet chatroom service. Using a Microsoft product called PhotoDNA, Chatstep identified and reported the uploads to the National Center for Missing & Exploited Children (“NCMEC“). Based on location data derived from the IP address accompanying the files, NCMEC forwarded the reports to the Bernalillo County Sheriff‘s Office (“BCSO“) in New Mexico. BCSO investigated the reports, identified the user as Guy Rosenschein, and obtained a warrant to search Rosenschein‘s home in Albuquerque. The search uncovered approximately 21,000 images and videos of child pornography on electronic devices in Rosenschein‘s possession.
A grand jury indicted Rosenschein on charges of possession and distribution of child pornography, in violation of
The district court denied each of Rosenschein‘s motions. Rosenschein subsequently pleaded guilty to one count of possession of child pornography and seven counts of distribution of child pornography, reserving his right to appeal the district court‘s decision to deny his motions.
Exercising jurisdiction under
I.
As part of its efforts to combat child victimization, NCMEC operates the CyberTipline, which functions as a “national online clearinghouse for tips and leads about child exploitation.” Supp. R. Vol. IV at 71. Federal law requires electronic service providers (“ESPs“) to report to NCMEC any apparent child pornography of which they are aware.
In July and August of 2016, Chatstep submitted two CyberTipline reports to NCMEC after detecting several uploads of pornographic images by a user named “Carlo.” Chatstep uses a Microsoft program called PhotoDNA to scan the “hash values” of suspect files on its site and compare them to the list of hash values of known child pornography images already in circulation.1 A “hash match” occurs when an uploaded image‘s hash value matches the hash value of a known image of child pornography.
Each of Chatstep‘s reports included the uploaded image and the IP address of the user. NCMEC investigated the reports and traced the IP address to a computer in Albuquerque, New Mexico, with CenturyLink as its internet service provider. NCMEC referred the information to the Internet Crimes Against Children (“ICAC“) Task Force at the Office of the New Mexico Attorney General, which obtained grand jury subpoenas for CenturyLink. CenturyLink identified “rosenscheinguy” as the
subscriber for the IP address and gave ICAC the physical address associated with the account. BCSO obtained and executed a search warrant for Rosenschein‘s residence and recovered a thumb drive containing child pornography. The execution of subsequent search warrants at Rosenschein‘s home revealed several additional devices containing evidence of possession and distribution of child pornography. In total, law enforcement discovered devices containing over 19,000 images and 2,000 videos of child pornography.
Rosenschein was indicted by a grand jury for possession and distribution of child pornography in violation of
Rosenschein also moved to suppress the evidence under Franks v. Delaware, 438 U.S. 154 (1978). He argued that the search warrant affidavit contained materially false or misleading statements and omitted information
Beyond his suppression motion, Rosenschein moved to compel discovery of the computer algorithm used by NCMEC for CyberTipline reports from ESPs. He also framed this motion as a motion to dismiss the case based on failure to produce evidence. Finally, he moved to require the government to disclose expert reports for the Microsoft and NCMEC witnesses it planned to call at the suppression hearing.
The district court denied each of Rosenschein‘s motions. Under a Rule 11(c)(1)(C) plea agreement, Rosenschein pleaded guilty to seven counts of distribution and one count of possession of child pornography. Rosenschein reserved his right to appeal the denial of his suppression motions, his motion to dismiss the case or compel discovery, and his motion for expert reports. The district court sentenced Rosenschein to 210 months’ imprisonment, and Rosenschein timely appealed.
II.
We begin by addressing the district court‘s denial of Rosenschein‘s suppression motions. Following the denial of a motion to suppress evidence, we review the district court‘s legal determinations de novo and its factual findings for clear error. United States v. Muhtorov, 20 F.4th 558, 592 (10th Cir. 2021). A district court‘s factual finding is made in clear error only if “the error [is] pellucid to any objective observer,” the finding is “without factual support in the record,” or the panel is “left with a definite and firm conviction that a mistake has been made.” United States v. Madrid, 713 F.3d 1251, 1256–57 (10th Cir. 2013) (quotations omitted). In conducting this review, “we view the evidence in the light most favorable to the government.” Muhtorov, 20 F.4th at 592 (quotation omitted).
A.
Rosenschein first argues that Microsoft and Chatstep violated his Fourth Amendment right to be free from unreasonable searches and seizures when they created and used PhotoDNA to search his Chatstep uploads without a warrant. We disagree. Because Microsoft and Chatstep were not acting as governmental agents, their actions cannot implicate the Fourth Amendment. And even if they were governmental agents, Rosenschein‘s claim fails because he had no reasonable expectation of privacy in images he uploaded to a reportable internet chatroom with strangers.
The Fourth Amendment protects “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures[.]”
To determine whether a private party is acting as a governmental agent, we employ a two-pronged inquiry. United States v. Souza, 223 F.3d 1197, 1201 (10th Cir. 2001).
First, we ask “whether the government knew of and acquiesced in the [party‘s] intrusive conduct[.]” Id. (quotation omitted). Second, we consider “whether the party performing the search intended to assist law enforcement efforts or to further his own ends.” Id. (quotation omitted). “Both prongs must be satisfied considering the totality of the circumstances before the seemingly private search may be deemed a government search.” United States v. Poe, 556 F.3d 1113, 1123 (10th Cir. 2009).
Here, neither Chatstep nor Microsoft was a governmental agent because each “acted to further [its] own ends.” Souza, 223 F.3d at 1201 (quotation omitted). As the district court noted, Chatstep began monitoring its site for child pornography out of concern that the presence of child pornography would hurt the company‘s reputation, drive away users, and violate advertisers’ policies. Chatstep independently turned to PhotoDNA to automate the monitoring of child pornography; it was not directed by a government entity to use that product. Instead, Chatstep found PhotoDNA after conducting a web search and applied twice before receiving approval to use the product.2
Microsoft‘s sole tie to the Rosenschein investigation was its creation of PhotoDNA. But Microsoft‘s independent creation of a product that assists both private and public parties in combatting the distribution of child pornography does not transform it into a governmental agent. See United States v. Alexander, 447 F.3d 1290, 1297 (10th Cir. 2006) (noting that “an agency relationship does not develop where the government is an incidental beneficiary of another party‘s actions“). And here, the record contains ample evidence showing that Microsoft created PhotoDNA to advance its independent business interests. See, e.g., R. Vol. III at 741–42 (“Protecting our brand and our reputation means reducing illegal and harmful activities on our services.“); id. at 100–02 (noting that Microsoft creates similar services and offers them to third-party platforms as part of its “vision in protecting customers more broadly,” “purg[ing] the ecosystem of explicit material[,] . . . [and making] it a better environment for [Microsoft] to operate in“).3
Rosenschein‘s Fourth Amendment claim fails under the second prong of the governmental-agent inquiry.4 Souza, 223 F.3d at 1201.
Even if Chatstep and Microsoft were governmental agents, Rosenschein‘s Fourth Amendment claim falls short because he has not presented evidence sufficient to establish a Fourth Amendment search. The Supreme Court has identified two types of searches that give rise to a Fourth Amendment claim. First, “[w]hen an individual seeks to preserve something as private, and his expectation of privacy is one that society is prepared to recognize as reasonable, . . . [an] official intrusion into that private sphere generally qualifies as a search and requires a warrant supported by probable cause.” Carpenter v. United States, 585 U.S. 296, 304 (2018) (quotation and internal quotation marks omitted). Second, a Fourth Amendment search occurs where the government “physically occupie[s] private property for the purpose of obtaining information.” United States v. Jones, 565 U.S. 400, 404–05 (2012).
On appeal, Rosenschein has not argued that the conduct in this case amounted to a physical trespass for the purpose of obtaining information. Accordingly, we
deem that argument waived. See United States v. Leffler, 942 F.3d 1192, 1196 (10th Cir. 2019).
Chatstep‘s inclusion of a “report image” function—which, when utilized, allowed users to view the IP address of the image‘s sender—further supports this conclusion. Chatstep created this feature “as a deterrent to Chatstep users sharing illegal photos because they would know that other users could report them” either to Chatstep or to law enforcement. R. Vol. II at 330. Thus, even in a small chatroom
with generally anonymous users, no reasonable user would have believed that images uploaded to Chatstep would remain private.
Both our precedents and several out-of-circuit cases also reaffirm what common sense makes clear: Individuals have no reasonable expectation of privacy in images they post to a reportable online chatroom with strangers. See, e.g., United States v. Morel, 922 F.3d 1, 10 (1st Cir. 2019) (concluding that a defendant had no reasonable expectation of privacy in images uploaded to a publicly accessible image hosting website); United States v. Lifshitz, 369 F.3d 173, 190 (2d Cir. 2004) (“Individuals generally possess a reasonable expectation of privacy in their home computers. . . . They may not, however, enjoy such an expectation of privacy in transmissions over the Internet or e-mail that have already arrived at the recipient.“); Guest v. Leis, 255 F.3d 325, 336 (6th Cir. 2001) (holding, in a non-criminal context, that “computer users do not have a legitimate expectation of privacy in their subscriber information because they have conveyed it to another person—the system operator“); United States v. Perrine, 518 F.3d 1196, 1205 (10th Cir. 2008) (concluding that a defendant had no reasonable expectation of privacy in subscriber information given to an internet provider); United States v. Charbonneau, 979 F. Supp. 1177, 1185 (S.D. Ohio 1997) (concluding that a defendant had no reasonable expectation of privacy in statements made in AOL chatrooms in part because the defendant “ran the risk of speaking to an undercover agent“). Accordingly, we reject Rosenschein‘s first set of arguments for suppressing the evidence under the Fourth Amendment.
B.
Rosenschein next argues the district court should have suppressed the evidence found in his home under Franks v. Delaware, 438 U.S. 154 (1978). To establish a Fourth Amendment violation under Franks, a defendant must show that “(1) an officer‘s affidavit supporting a search warrant application contains a reckless misstatement
Rosenschein challenges three statements as materially false or misleading. First, he argues the affidavit‘s claim that “using hash values is another common technique used to identify users and specific electronic files” is false because PhotoDNA identifies only images, and not users or other electronic files. Supp. R. Vol. IV at 43; Aplt. Br. at 30. But this statement refers to hash values generally—which can be used on usernames, passwords, and email addresses, or to determine what user saved or uploaded a file, see R. Vol. III at 471–72—and not merely to PhotoDNA‘s capabilities. Thus, the statement is accurate. Although it is not wholly applicable to PhotoDNA—the only product used in this case—it was not intentionally or recklessly misleading. See id. at 564–65 (explaining that the detective who authored the affidavit did not understand the precise differences between PhotoDNA‘s hash values and hash values generally).
Second, Rosenschein contends the affidavit‘s claim that “hash values are mathematical algorithms that produce a 25-character pattern that is specific to a single file” is false because hash values are the product of algorithms, and not themselves algorithms. Supp. R. Vol. IV at 43; Aplt. Br. at 30. But whether hash values are algorithms or products of algorithms is immaterial. As the affidavit makes clear, “the salient point for purpose[s] of a probable cause determination is that a hash value is unique to any given image and thus is a reliable way to identify an image.” R. Vol. II at 368. And here, the government has provided ample evidence that hash values are a reliable way to identify an image. See R. Vol. III at 89–90 (describing PhotoDNA‘s error rate as one in fifty billion); id. at 166, 177 (explaining that PhotoDNA has an accuracy rate of over ninety-nine percent); id. at 91, 213 (stating that false positives—that is, matches that are not child pornography—are extremely rare).
Third, Rosenschein claims that the authoring detective‘s statement that “Chatstep provided the photograph . . . I reviewed it” was misleading. Supp. R. Vol. IV at 44–45; Aplt. Br. at 31. Specifically, he argues that the term “review” may have misled the judge issuing the warrant to believe that Chatstep had also viewed the images. We agree with the district court that this language did not reasonably suggest that Chatstep had viewed the images. And even if the language was ambiguous, we conclude the mistake was immaterial because the affidavit correctly stated that a detective had viewed the images and confirmed that they contained child pornography before applying for the warrant.
Rosenschein also claims the affidavit omitted several key facts. First, he notes that the affidavit did not include a detailed description of PhotoDNA. But he does not explain how this omission negated probable cause. And in any event, the government has offered significant evidence showing that PhotoDNA is a reliable method of identifying child pornography. See supra p. 15. Thus, Rosenschein has not shown this omission was material.
Second, Rosenschein argues that the affidavit wrongly omitted information about NCMEC‘s role in the investigation. He also contends the affidavit was misleading because it did not disclose that the reported
Third, Rosenschein contends that the district court should have suppressed all evidence from the search of his home because the affidavit used to obtain the search warrant did not inform the issuing judge that a detective had viewed the Chatstep uploads without obtaining a warrant. This omission is immaterial; as the district court correctly concluded, the detective did not need a warrant to view Rosenschein‘s uploads because they were posted to a reportable chatroom with strangers. See supra pp. 11-13. Further, Rosenschein has presented no evidence that suggests the omission was made to mislead the court.
Fourth, Rosenschein argues the affidavit wrongly omitted important information about the investigative process. For example, he notes that the affidavit did not state that law enforcement had corroborated the IP address listed in the CyberTips. This omission is immaterial. Rosenschein does not explain how the absence of a corroboration statement would have affected the judge‘s probable cause determination, particularly where law enforcement had no reason to believe the information in the CyberTips was unreliable.
Finally, Rosenschein argues that the affidavit‘s description of the images as “depict[ing] a child under 18 years old involved in a sex act” was conclusory and thus did not permit the judge to determine that there was probable cause to search Rosenschein‘s home. Supp. R. Vol. IV at 44–45; Aplt. Br. at 31–32. He contends that the affidavit should have described the particular sex act. This claim directly contradicts our precedents. We have previously held that generalized descriptions of child pornography sufficiently convey to the judge issuing the search warrant the type of evidence required to support probable cause. United States v. Simpson, 152 F.3d 1241, 1247 (10th Cir. 1998). Further, the affidavit‘s description aligns with the legal definition of child pornography. See
Rosenschein has not shown that the affidavit contained false statements or relevant omissions such that the warrant should not have issued. See Franks, 438 U.S. at 171–72. Accordingly, based on the information provided in the affidavit, the
district court correctly concluded that the government‘s evidence was sufficient to establish probable cause to justify the search of Rosenschein‘s home.
III.
Rosenschein next challenges the district court‘s denial of his motion to either dismiss the case or, in the alternative, to compel the discovery of the computer programs used by Microsoft and NCMEC to produce internal reports. To support his claim, he argues that Chatstep, Microsoft, and NCMEC conspired to destroy or withhold evidence as part of their effort to frame him for possessing and uploading images he never possessed.
We begin with Rosenschein‘s claim that the district court should have dismissed the case based on Chatstep‘s failure to preserve evidence of the uploaded
(concluding the government was not responsible for a private party‘s failure to preserve evidence).
We next turn to Rosenschein‘s claim that the district court should have compelled discovery of the computer programs and hash values used by NCMEC to generate reports of child pornography. “We generally review for an abuse of discretion the district court‘s denial of a discovery request for documentary evidence.” United States v. Cates, 73 F.4th 795, 811 (10th Cir. 2023) (quotation omitted). “[W]e will not disturb the district court‘s ruling unless we have a definite and firm conviction that the court made a clear error of judgment or exceeded the bounds of permissible choice in the circumstances.” Id. (quotation omitted).
At the hearing discussing this motion, the government stated (1) that it had produced all the information NCMEC had regarding the images in this case; (2) that NCMEC would present testimony regarding its child pornography database; and (3) that it had provided the defense with an outline of NCMEC‘s expected testimony on the issue. The government further explained that it could not produce what Rosenschein was requesting because there was no electronic report capturing the hash values, and that the information would instead be provided through testimonial evidence. Because Rosenschein would have had the opportunity to access that information—albeit through the examination of witnesses, rather than a report—we conclude that the district court did not abuse its discretion in denying Rosenschein‘s motion to require production of a report.
IV.
Rosenschein next claims that the district court erred in denying his motion to require the government to provide expert reports for two witnesses—John Shehan, who served as the vice president of the Exploited Children Division of NCMEC, and Jeff Lilleskare, who worked as a group manager for security and online safety at Microsoft—before the suppression hearing. See Fed. R. Crim. P. 16(a)(1)(G) (requiring the government to produce, at the defendant‘s request, expert reports for witnesses it intends to call during its case-in-chief). He further argues that Shehan and Lilleskare “had no knowledge of the case whatsoever, disqualifying [them] as [] factual witness[es].” Aplt. Br. at 28.
Both claims fall short. First, Rosenschein concedes that the Federal Rules of Evidence and Federal Rule of Criminal Procedure 16(a)(1)(G) do not apply to suppression hearings. R. Vol. I at 456 (“As a technical matter that is true.“). Although courts may, in certain cases, exercise their
V.
For the foregoing reasons, we AFFIRM the district court‘s denial of Rosenschein‘s motions.
EID
CIRCUIT JUDGE
