Monday, June 10, 2019

Could companies like Facebook and Best Buy face civil liability for helping law enforcement bring child-porn charges against individuals who prove to be not guilty?


Dr. Mark Rettenmaier
The ongoing Scott J. Wells child-pornography case in Missouri started when Facebook sent a "cyber tip" to federal law enforcement. A similar case in California started roughly two years ago when a Geek Squad supervisor at Best Buy reported child porn was found on a computer that had been turned in for repair.

Dr. Mark Rettenmaier, an Orange County physician who owned the computer in California, wound up facing child-porn charges that were eventually dropped. Our review of the Wells case file indicates the charges against the Springfield resident also should be dropped. In fact, I recently discovered new evidence that points to the government having no case against Wells. (More on that in an upcoming post.)

Documents in the Rettenmaier case showed FBI agents paid Best Buy employees to act as informants -- and the charges were dropped after a judge threw out almost all of the evidence as unlawfully obtained. We have reported on multiple cases where individuals lives were turned upside down because of child porn found on computers that they did not put there and were not aware of. (See here, and here.) In the Missouri case, Scott Wells has been detained in federal prison for more than two years, even though he's had no trial and been convicted of nothing.

Given the suffering wrongfully accused can experience because of baseless child-porn charges, we have this question: Is it wise for companies like Facebook and Best Buy to get involved? My answer is no. Could they face civil liability for siccing law enforcement on individuals who are proven to have violated no law? Under a legal doctrine known as malicious prosecution, I suspect the answer is yes.

Federal law, under 18 U.S.C. 2258A requires anyone engaged in providing an "electronic communication service" or a "remote computing service" to the public . . . who obtains actual knowledge of any facts or circumstances "described in paragraph (2)" shall, as soon as reasonably possible [file a report with the Cyber Tipline of the National Center for Missing and Exploited Children (NCMEC).

What does the all-important paragraph (2) say? Here it is, straight from the statute:

(2) Facts or circumstances.—The facts or circumstances described in this paragraph are any facts or circumstances from which there is an apparent violation of—

(A) section 2251, 2251A, 2252, 2252A, 2252B, or 2260 that involves child pornography; or

(B) section 1466A.
What are the chances that a Facebook or Best Buy employee can accurately dissect those provisions of law? My guess is zero. In the case of Best Buy, it almost certainly does not qualify as an "electronic communication service" or a "remote computing service." It is a retailer or merchandiser, so it's hard to see how it would fall under federal reporting guidelines.

Our research indicates about 20 states have laws that require certain professionals or individuals to report suspected images of child pornography. We suspect these laws use a variety of wording, so it's difficult to say which ones might be lawfully sound and which ones are not. But we see at least three likely problems with reporting laws at the federal or state level:

(1) Receipt, possession, or distribution of child pornography is not a clear-cut offense. If you witness someone punch another person, you can be reasonably assured some kind of law was violated, and authorities should be notified. But the presence of child pornography on a computer is not necessarily an indicator of criminal activity. The images must be there "knowingly," under the users' "dominion and control." to amount to a possible crime.

(2) Thanks to viruses, spam, malware, hackers, and the like, child porn can wind up on a computer without the user's knowledge.

(3) By law, child pornography involves a minor (under 18 years old), engaged in "sexually explicit conduct." How is a Facebook or Best Buy employee going to know the age of a stranger in a photograph? How are such employees going to know how "sexually explicit conduct" is defined under the law?

Statutes seem to be written with a mindset of, "Hey, if you see anything that you think resembles child porn, let's turn it over to authorities and let 'the professionals' handle it." In the Scott Wells case, we've already shown "the professionals" don't always handle cases professionally, and we recently discovered a screw-up in the criminal complaint that is a real jaw-dropper.

Law enforcement handled the Rettenmaier case in California in a farcical manner. This is from a 2018 report at NPR:

The FBI paid Best Buy Geek Squad employees as informants, rewarding them for flagging indecent material when people brought their computers in for repair.

That's according to documents released to the Electronic Frontier Foundation (EFF), a digital civil liberties organization, which filed a Freedom of Information Act lawsuit seeking records that might show warrantless searches of people's devices.

EFF filed its complaint last year after revelations about the FBI's interactions with Geek Squad technicians emerged in the case of Mark Rettenmaier, an Orange County physician and surgeon who took his computer in for repair when it wouldn't boot up. Rettenmaier faced child pornography charges after a Geek Squad employee flagged his computer to the FBI.

Were EFF's concerns well founded? Absolutely:

In May, a federal judge threw out almost all the evidence (which prosecutors said included hundreds of images of child pornography) because of "false and misleading statements" an FBI agent made in an affidavit to get a search warrant for Rettenmaier's house. The government ended up dropping the charges against him.

The records now released to EFF shed a bit more light on the relationship between Best Buy and the FBI. The documents show a range of interactions: a $500 payment from the FBI to a Geek Squad employee, a meeting of the agency's Cyber Working Group at Best Buy's computer repair facility in Kentucky, and a number of investigations in which Geek Squad employees called the FBI field office in Louisville after finding suspected child pornography.

A key question is whether Best Buy employees "go fishing" in customers' devices with the goal of helping the FBI.

That's what Rettenmaier's attorney James Riddet argued a Geek Squad technician had done when he searched the "unallocated space" of Rettenmaier's computer, where he found an image that was used to persuade a judge to grant a search warrant for his home.

"Their relationship is so cozy," Riddet told The Washington Post last year, "and so extensive that it turns searches by Best Buy into government searches. If they're going to set up that network between Best Buy supervisors and FBI agents, you run the risk that Best Buy is a branch of the FBI."

Best Buy officials seem convinced they are following the law, but we aren't so sure about that:

Best Buy tells NPR that it does indeed report discovery of child pornography to law enforcement, citing a "moral and, in more than 20 states, a legal obligation" to do so — but it says it prohibits employees from looking for "anything other than what is necessary to solve the customer's problem." 
EFF says it is concerned the FBI is using Geek Squad informants to conduct private searches as a means of circumventing Fourth Amendment protections against warrantless searches.

The following from NPR should serve as a caution light for employers who might stumble onto supposed evidence of child porn:

The FBI would not comment on the matter, citing ongoing litigation. "In addition," a spokesman said in an email to NPR, "the FBI does not provide any information on the dealings with informants, for obvious reasons."

We are not sure about the status of ongoing litigation, but if it helps companies refrain from fingering innocent people for child-porn charges, that should be a good thing.

No comments:

Post a Comment