Monday, June 10, 2019

Could companies like Facebook and Best Buy face civil liability for helping law enforcement bring child-porn charges against individuals who prove to be not guilty?

Dr. Mark Rettenmaier
The ongoing Scott J. Wells child-pornography case in Missouri started when Facebook sent a "cyber tip" to federal law enforcement. A similar case in California started roughly two years ago when a Geek Squad supervisor at Best Buy reported child porn was found on a computer that had been turned in for repair.

Dr. Mark Rettenmaier, an Orange County physician who owned the computer in California, wound up facing child-porn charges that were eventually dropped. Our review of the Wells case file indicates the charges against the Springfield resident also should be dropped. In fact, I recently discovered new evidence that points to the government having no case against Wells. (More on that in an upcoming post.)

Documents in the Rettenmaier case showed FBI agents paid Best Buy employees to act as informants -- and the charges were dropped after a judge threw out almost all of the evidence as unlawfully obtained. We have reported on multiple cases where individuals lives were turned upside down because of child porn found on computers that they did not put there and were not aware of. (See here, and here.) In the Missouri case, Scott Wells has been detained in federal prison for more than two years, even though he's had no trial and been convicted of nothing.

Given the suffering wrongfully accused can experience because of baseless child-porn charges, we have this question: Is it wise for companies like Facebook and Best Buy to get involved? My answer is no. Could they face civil liability for siccing law enforcement on individuals who are proven to have violated no law? Under a legal doctrine known as malicious prosecution, I suspect the answer is yes.

Federal law, under 18 U.S.C. 2258A requires anyone engaged in providing an "electronic communication service" or a "remote computing service" to the public . . . who obtains actual knowledge of any facts or circumstances "described in paragraph (2)" shall, as soon as reasonably possible [file a report with the Cyber Tipline of the National Center for Missing and Exploited Children (NCMEC).

What does the all-important paragraph (2) say? Here it is, straight from the statute:

(2) Facts or circumstances.—The facts or circumstances described in this paragraph are any facts or circumstances from which there is an apparent violation of—

(A) section 2251, 2251A, 2252, 2252A, 2252B, or 2260 that involves child pornography; or

(B) section 1466A.
What are the chances that a Facebook or Best Buy employee can accurately dissect those provisions of law? My guess is zero. In the case of Best Buy, it almost certainly does not qualify as an "electronic communication service" or a "remote computing service." It is a retailer or merchandiser, so it's hard to see how it would fall under federal reporting guidelines.

Our research indicates about 20 states have laws that require certain professionals or individuals to report suspected images of child pornography. We suspect these laws use a variety of wording, so it's difficult to say which ones might be lawfully sound and which ones are not. But we see at least three likely problems with reporting laws at the federal or state level:

(1) Receipt, possession, or distribution of child pornography is not a clear-cut offense. If you witness someone punch another person, you can be reasonably assured some kind of law was violated, and authorities should be notified. But the presence of child pornography on a computer is not necessarily an indicator of criminal activity. The images must be there "knowingly," under the users' "dominion and control." to amount to a possible crime.

(2) Thanks to viruses, spam, malware, hackers, and the like, child porn can wind up on a computer without the user's knowledge.

(3) By law, child pornography involves a minor (under 18 years old), engaged in "sexually explicit conduct." How is a Facebook or Best Buy employee going to know the age of a stranger in a photograph? How are such employees going to know how "sexually explicit conduct" is defined under the law?

Statutes seem to be written with a mindset of, "Hey, if you see anything that you think resembles child porn, let's turn it over to authorities and let 'the professionals' handle it." In the Scott Wells case, we've already shown "the professionals" don't always handle cases professionally, and we recently discovered a screw-up in the criminal complaint that is a real jaw-dropper.

Law enforcement handled the Rettenmaier case in California in a farcical manner. This is from a 2018 report at NPR:

The FBI paid Best Buy Geek Squad employees as informants, rewarding them for flagging indecent material when people brought their computers in for repair.

That's according to documents released to the Electronic Frontier Foundation (EFF), a digital civil liberties organization, which filed a Freedom of Information Act lawsuit seeking records that might show warrantless searches of people's devices.

EFF filed its complaint last year after revelations about the FBI's interactions with Geek Squad technicians emerged in the case of Mark Rettenmaier, an Orange County physician and surgeon who took his computer in for repair when it wouldn't boot up. Rettenmaier faced child pornography charges after a Geek Squad employee flagged his computer to the FBI.

Were EFF's concerns well founded? Absolutely:

In May, a federal judge threw out almost all the evidence (which prosecutors said included hundreds of images of child pornography) because of "false and misleading statements" an FBI agent made in an affidavit to get a search warrant for Rettenmaier's house. The government ended up dropping the charges against him.

The records now released to EFF shed a bit more light on the relationship between Best Buy and the FBI. The documents show a range of interactions: a $500 payment from the FBI to a Geek Squad employee, a meeting of the agency's Cyber Working Group at Best Buy's computer repair facility in Kentucky, and a number of investigations in which Geek Squad employees called the FBI field office in Louisville after finding suspected child pornography.

A key question is whether Best Buy employees "go fishing" in customers' devices with the goal of helping the FBI.

That's what Rettenmaier's attorney James Riddet argued a Geek Squad technician had done when he searched the "unallocated space" of Rettenmaier's computer, where he found an image that was used to persuade a judge to grant a search warrant for his home.

"Their relationship is so cozy," Riddet told The Washington Post last year, "and so extensive that it turns searches by Best Buy into government searches. If they're going to set up that network between Best Buy supervisors and FBI agents, you run the risk that Best Buy is a branch of the FBI."

Best Buy officials seem convinced they are following the law, but we aren't so sure about that:

Best Buy tells NPR that it does indeed report discovery of child pornography to law enforcement, citing a "moral and, in more than 20 states, a legal obligation" to do so — but it says it prohibits employees from looking for "anything other than what is necessary to solve the customer's problem." 
EFF says it is concerned the FBI is using Geek Squad informants to conduct private searches as a means of circumventing Fourth Amendment protections against warrantless searches.

The following from NPR should serve as a caution light for employers who might stumble onto supposed evidence of child porn:

The FBI would not comment on the matter, citing ongoing litigation. "In addition," a spokesman said in an email to NPR, "the FBI does not provide any information on the dealings with informants, for obvious reasons."

We are not sure about the status of ongoing litigation, but if it helps companies refrain from fingering innocent people for child-porn charges, that should be a good thing.


Anonymous said...

I would say it's an unwise practice for employees of Facebook and Best Buy -- surely non-experts on the issue of child pornography law -- to turn in people for supposed crimes.

legalschnauzer said...

@9:45 --

It's particularly unwise when people like Scott Wells can be "detained" (imprisoned) for more than two years, with no trial and no finding of guilt on anything -- based largely on the word of a cyber tipper from Facebook.

Anonymous said...

Just an extension of the police state, now including Retail America and Big Tech.

Anonymous said...

Pretty interesting that the judge in California kicked out most of the evidence gathered by Best Buy.

Anonymous said...

So Best Buy employees were on the take from the FBI? Maybe if Best Buy paid living wages, its employees wouldn't need to have their palms greased.

Anonymous said...

Didn't your neighbor in Alabama sue you for malicious prosecution?

legalschnauzer said...

@2:33 --

Sure did. We filed a criminal trespass complaint, after watching him ignore multiple warnings and threatening to sue US for trying to protect our own property. The knucklehead admitted under oath to criminal trespassing, but managed to sue us for malicious prosecution anyway. That can't be done, under the law, of course, but that illustrates the shape of our courts in the year 2019. (This actually happened in 2002-04 time frame, and it's probably only gotten worse since then.)

Anonymous said...

Does anyone wonder what legal liability might attach if it is ever proven that prosecutions (much less wrongful convictions!) were caused by the employees of a corporation planting the evidence (during the course of performing their assigned corporate duties) for which the same employees later collect a bounty for? No reason and certainly no evidence to think this could ever happen, or for that matter might already have happened. After all, these corporations hire only the best and smartest people, and pay them very well compared to the average fast food and telemarketing opportunities.

e.a.f. said...

In answer to the question/title, with the right jury, in a N.Y. minute. Its corporate over reach, police state, etc. In the past we have seen corporations refuse to respond to police requests, now they want to? must be because there are rumblings of over sight and perhaps corporate break up. Now they want to play nice, but instead violated privacy laws. Police need to be very careful and my take on some American police forces, is they don't know the meaning of careful. Can hardly wait for the first case to go forward. Of course with all the follow up appeals I may not live long enough to see the end.