Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

United States v. Crawford

United States District Court, N.D. Ohio, Western Division

July 16, 2019

United States of America, Plaintiff,
Michael S. Crawford, Defendant.




         In August 2018, Defendant Michael Crawford was indicted for receipt and distribution of child pornography in violation of 18 U.S.C. § 2252(a)(2) (Doc. 1). The charges stem from searches of his two Google accounts and his Synchronoss account. Both Google and Synchronoss detected child pornography on their platforms and sent tips to the National Center for Missing and Exploited Children (NCMEC). NCMEC, in turn, forwarded these tips to law enforcement, which executed search warrants on the accounts in February 2018.

         Crawford moved to suppress evidence obtained from the accounts (Doc. 20). The Government responded (Doc. 23), and Crawford replied (Doc. 26). This Court held a Record Hearing in February 2019 and denied Crawford's Motion (Doc. 28). This Opinion follows.


         NCMEC is a private, nonprofit organization that works to reduce child sexual exploitation (Doc. 24-10 at ¶ 2). It operates a national clearinghouse for investigative tips about online child exploitation called the CyberTipline (id. at ¶ 5). The CyberTipline allows electronic-service providers -- like Google and Synchronoss -- to report online, child-exploitation activity (id.).

         Google Accounts Google provides a variety of online services, including email and cloud storage. To create an account and use Google applications, users must agree to Google's Terms of Service. The Terms prohibit use of Google applications in violation of the law and state that Google “may review content to determine whether it is illegal” (Doc. 24-11 at 4).

         Google, using hashing technology, scans files uploaded to its platform for suspected child pornography (Doc. 23 at 16). After a Google employee views an image and determines it to be child pornography, the image is given a digital fingerprint -- or hash -- and is added to a database with other hashes corresponding to apparent child pornography. See United States v. Miller, 2017 WL 2705963, at *2-3 (E.D. Ky. 2017). See also Richard Salgado, Fourth Amendment Search and the Power of the Hash, 119 Harv. L. Rev. F. 38, 38-41 (2005) (discussing hashing technology). When a user later uploads a file matching a known hash, Google confirms the image is child pornography and then reports it to NCMEC in the form of a CyberTip (Doc. 24-11 at ¶ 7).

         Here, from August to September 2014, Google sent three CyberTips to NCMEC stating that child-pornography images were recently uploaded to a Google account named (see Doc. 24 at ¶ 22). The CyberTips included the account's secondary email address, (see Doc. 24-2 at 6). The images were not attached to an email but rather were uploaded to Google's photo-sharing application, Google Photos (id. at 7). A Google employee viewed the images and determined they were child pornography before sending the CyberTips to NCMEC (id.).

         After receiving the CyberTips, NCMEC investigated. NCMEC first viewed the images and confirmed they were child pornography (id. at 10). Next, through searches of publicly available information, NCMEC determined Crawford owned a business near Lima, Ohio, called Countrywide Transport Services, with an email address of (id. at 11).

         Google suspended due to the apparent child-pornography activity. Shortly after that account was suspended, a new account,, was created. This new account registered with the same secondary email address as the suspended account (Doc. 24 at ¶¶ 22-23).

         One year later, in September 2015, Google detected 21 child-pornography images uploaded to Google Photos by Google viewed the suspected content and sent another CyberTip to NCMEC (Doc. 24-3 at 8-14; see also Doc. 24-11 at ¶ 11). NCMEC linked this latest CyberTip to the three earlier ones from 2014 (Doc. 24-10 at ¶¶ 24, 28, 39). NCMEC searched publicly available information using and found Facebook and MeetMe accounts in Crawford's name (Doc. 24-3 at 19-20). It also found several phone No. associated with Crawford and Countrywide Transport Services (id. at 21-22).

         NCMEC forwarded tips of Crawford's suspected activity to the Cuyahoga County Prosecutor's Office (Doc. 24-10 at ¶ 33). But due to the large No. of tips that office receives, that office mistakenly failed to act on the tips (Doc. 24-7 at ¶ 7).

         Synchronoss Account Synchronoss manages cloud-storage accounts linked to Verizon cell phones. Verizon subscribers can use Synchronoss accounts to back up their phone contents and to store photos and videos (Doc. 23 at 3). The Synchronoss Terms of Service, which users must acknowledge before using the service, bar illegal content and state that Synchronoss may monitor content uploaded to the accounts (id.).

         Like Google, Synchronoss uses hashing technology to detect suspected child pornography (Doc. 24-12 at ¶ 3). But unlike Google, where employees confirm that images are child pornography before sending CyberTips to NCMEC, the Synchronoss system is automated. “Once files are flagged as being potentially identified as child pornography, Synchronoss reports the information to [NCMEC]” (id.). “Synchronoss does not view any of ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.