Wednesday, February 13, 2019

Spam, pop-up ads, and viruses can make almost all of us unwitting recipients of child porn -- and innocent targets of federal prosecutors hungry for arrests

Many Americans probably do not think much about child-pornography cases because they figure, "Hey, I'm not a pervert, I'm not going to look at that junk, so why worry about it?" In our postmodern, digital world, suspect images -- often called "contraband by law enforcement -- can appear on electronic devices without our knowledge and without us doing anything to put them there.

Many of us spend major chunks of every day -- at home, work, on the go -- with our eyes glued to desktops, laptops, tablets, mobile phones, you name it. That means you -- even if you show zero signs of being a pervert -- could be caught in a child pornography trap.

Our review of U.S. v. Scott J. Wells, an ongoing federal child-porn case in Missouri, suggests authorities are likely to seek search warrants and arrest warrants -- with federal magistrates granting them in a rubber-stamp fashion -- and they even can seek detention of an accused who hasn't been convicted of anything. Scott Wells has been detained for two years -- in Leavenworth, Kansas (due to his health issues, such as a benign brain tumor) and various county jails in Missouri -- even though charging documents suggest the government likely cannot prove central elements of the offense, as described in statutes and case law. (The complaint and affidavit in Wells is embedded at the end of this post.)

Detained is a soft word for "imprisoned" Imagine being behind bars for two years when you have not been tried or convicted of anything -- and feds consider you a "threat to society," even though you must use a walker or wheelchair to get around.

Scott Wells and his middle-class family are living an American nightmare, but abuse of child-porn laws can hit any of us, especially if we use computers and other electronic devices.

Under federal law -- of which prosecutors and investigators tend to be ignorant or oblivious -- an accused in a child-porn case can be convicted only if he is found (beyond a reasonable doubt) to have acted "knowingly," taking "affirmative actions" to exert "dominion and control" over images that match the statutory definition of child pornography. (For example, images of naked children likely are "child erotica," not child pornography, and generally do not constitute contraband.)

But what if images of child pornography appear on your electronic devices without your knowledge? How can this happen? A 2009 article at Harvard Law Review spells it out. Here is an overview, under the heading (on page 2011) "MEANS OF INNOCENT RECEIPT AND POSSESSION VIA COMPUTER":

The ease of internet communication and the low cost of transmitting electronic files have created new ways for individuals to become unintentional recipients of child pornography, and these means of delivery bear little resemblance to the bricks-and-mortar exchanges that Congress envisioned when drafting the original statute in 1977. There are at least three new ways in which individuals might become unintentional recipients of child pornography in computer-based transactions: through unsolicited “spam” e-mails, pop-up advertisements during legal internet searches, and viruses. Suppose an unintentional recipient acquires illegal material, notices its presence on the computer, and either does not know how to delete it or thinks he need not delete it so long as he does not view it. That recipient may “knowingly” possess the material, yet still be the type of “unwary” recipient that Congress intended to protect by including the knowledge standard in the statute. This Part briefly surveys the mechanics of the internet that have made the possibility of unwitting receipt increasingly salient in cases involving computer-based receipt and possession of child pornography.

Let's take a closer look at each of the three new ways individuals might become unintentional recipients of child pornography. From Harvard Law Review (HLR):

(1) Spam e-mails
Child pornography can easily be transferred among individuals in the form of electronic images sent as e-mail attachments. Although e-mails containing illicit images can be solicited by participating in certain online chat rooms or websites, a person could also receive e-mails that are entirely unsolicited. Once an image is sent, the recipient’s computer may be equipped with software that automatically downloads the e-mail’s contents onto the computer’s hard drive. The user can, of course, choose to delete or retain any e-mails — including illegal spam — that he receives. This feature of e-mail communication suggests that while unintentional receipt may occur, subsequent knowing possession only occurs if a recipient chooses not to delete the file. In the course of evaluating probable cause to conduct a search of a defendant’s computer in United States v. Kelley, Judge Rymer, writing for the court, acknowledged “the possibility that these e-mails could have been spam,” but she ultimately found it unlikely that spammers would distribute the kind of illegal material that Kelley received. Judge Thomas, dissenting in Kelley, disagreed, citing to a string of sources indicating that spam messages can contain illegal child pornography or links to illegal sites. Though federal judges have disagreed about the likelihood that individual defendants came to possess electronic images of child pornography through unsolicited spam e-mails, they have nonetheless recognized that spam is at least a possible source of such images.

(2) Pop-up ads and caches

Personal computer web browsers have a “cache” function in which they store copies of web pages viewed by a user, creating a second way that users might accidentally possess child pornography. Because a computer’s cache has a limited capacity, files are automatically deleted through a “first in, first out” system. As an alternative, users can manually delete files from the computer’s cache or use commercial software to remove the files. Because web browsers automatically save cached files, a person need not take any affirmative step to acquire the files in order for them to be saved to his computer. Typically, because files are saved from websites that a computer user has viewed on his screen, people who possess images of child pornography in their computer cache have also sought out the websites that display the original images. But even accidental viewing of an illegal image can lead to caching, giving rise to the possibility that a person can possess child pornography — even knowingly, having seen the unsought image and realizing that his computer has saved it in the cache — without ever having had any intent or desire to do so. If an individual lacks the technological sophistication to remove files from his cache or to ensure their permanent deletion, he “knowingly possesses” electronic images of child pornography within at least one reading of § 2252(a)(4).

(3) Viruses
A third means of unintentionally acquiring child pornography arises when a computer becomes infected with a virus. United States federal courts have considered this possibility, but they have been slow to find that a virus was responsible for procuring the images on which child pornography charges are based. For example, in United States v. Miller, the court relied on expert testimony to conclude that “a person may come to knowingly possess a computer file without ever knowingly receiving it.” The court articulated one way in which unknowing receipt could lead to knowing possession: “This could happen . . . if the person’s computer is infected with a virus or ‘spyware’ software that surreptitiously installs advertising images. Thus, when a defendant is charged with downloading a computer file, the court must rigorously scrutinize whether there is sufficient evidence to establish the intent-element of the crime.”

Though the Third Circuit ultimately rejected Donald Miller’s claim that a computer virus had automatically downloaded illicit files, at least one plausible account of a virus that did just that has been reported. In 2003, a British man was acquitted of child pornographycharges in Exeter Crown Court “after arguing that the material had been gathered without his knowledge by a rogue program created byhackers — a so-called Trojan horse — that had infected his PC, probably during innocent Internet surfing.” Mark Rasch, a former U.S. federal computer-crime prosecutor, expressed concern over the implications of the British case: “The scary thing is not that the defense might work . . . . The scary thing is that the defense might be right . . . . The nightmare scenario . . . is somebody might go to jail for something he didn’t do because he was set up.” While adequate forensic examination of a suspected individual’s computer should be able to determine whether a virus may have downloaded child pornography, the British case suggests that prosecutorial investigation and discretion in deciding which cases to bring may be imperfect mechanisms — on their own — for ensuring that only truly culpable individuals are charged and convicted in child pornography cases.

Do spam, pop-ups, or viruses account for the contraband allegedly found on Scott Wells' computer? We don't know yet. More importantly, prosecutors don't appear to know, and we see little sign they've even considered the possibility. The information we have so far suggests they simply wanted an arrest, followed by a likely guilty plea, and Scott Wells was a convenient target.

(To be continued)

No comments: