United States v. Tolbert, (D.N.M. 2018)
Donald Tolbert is a sex offender who had been released from prison on parole. The terms of his parole agreement included unannounced parole officer visits to Tolbert’s home and work; warrantless searches upon reasonable belief of violation of parole terms; disclosure of any computer usernames and passwords; and searches of any of his electronic devices for inappropriate content, expressly including child pornography.
AOL’s servers automatically detected the presence of suspected child pornography on certain email accounts associated with Tolbert. AOL submitted CyberTip reports concerning suspected child pornography to the National Center for Missing and Exploited Children (NCMEC). NCMEC forwarded the tips to the New Mexico Attorney General Internet Crimes Against Children Task Force. An investigator obtained a grand jury subpoena for information associated with the IP address, as well as information from AOL regarding the two email addresses associated with the CyberTip.
Investigators identified Tolbert as the owner of the email addresses and as a sex offender on parole. The investigators then obtained several search warrants, including warrants for Tolbert’s residence and his mother’s residence. At his mother’s residence, investigators found photos and videos depicting child pornography on two computers. Tolbert’s mother stated she and her son were the only persons with access to the computers.
Tolbert challenged admission of the evidence, claiming the recent United States Supreme Court decision in Carpenter v. United States (138 S.Ct. 2206 (2018)) requires search warrants—not subpoenas—to obtain IP address and subscriber information. In Carpenter, the Court held individuals have a reasonable expectation of privacy in their physical movements and accessing historical cell site location information (CSLI) requires a search warrant.
The court held Tolbert was trying to “stretch Carpenter too far,” reasoning that the information obtained by the subpoenas in this case “is much more like the bank and telephone records […] than the comprehensive, detailed, and long-term location information in Carpenter.” Furthermore, the grand jury subpoenas ordered AOL to provide “the name and address of the person who opened the account, the date the account was opened, the detailed method of payment, telephone numbers used to access the internet, email address, connection address, IP address, and any identifying information. The privacy interest in this type of identifying data, which presumably any AOL or CenturyLink employee could access during the regular course of business, simply does not rise to the level of the evidence in Carpenter such that it would require law enforcement to obtain a search warrant.”
Since the CSLI holding is limited in scope, the court rejected Tolbert’s other arguments for exclusion of the evidence.