Can You "Possess" a File If You Don't Realize It Exists?:
One of the interesting questions raised by the application of traditional contraband concepts to digital files is whether a suspect who views a contraband image using a web broswer but does not realize the image is stored in the browser cache "possesses" that image based only on the presence of the file in the cache. In a decision handed down today, United States v. Kuchinski, involving charges of possessing child pornography images, the Ninth Circuit concluded that the answer is "no":
Where a defendant lacks knowledge about the cache files, and concomitantly lacks access to and control over those files, it is not proper to charge him with possession and control of the child pornography images located in those files, without some other indication of dominion and control over the images. To do so turns abysmal ignorance into knowledge and a less than valetudinarian grasp into dominion and control.
  I think this is correct as a matter of doctrine. If you don't know an image is there, you can't possess it. In most cases this isn't an issue: a suspect who seeks out an image and knowingly retrieves it will be guilty of knowing receipt, and there will usually be some evidence of dominion and control other than presence in the browser cache. But it seems to me that mere presence of a file in the browser cache shouldn't be enough to establish possession of the file. (For more on this issue, see my casebook, pages 224-32.)

  Thanks to Howard for the link.
Clayton E. Cramer (mail) (www):
Especially because there is so much activity going on in most people's computers that they do not know about (especially some of the viruses that take advantage of weak firewall security to turn your PC into a redistribution method), proving that someone has knowingly downloaded child porn seems like it requires more than just the presence of such files on someone's computer.

Of course, there are circumstances where you may have unintentionally done so. I can remember my disgust and horror when I clicked on a file in the Internet newsgroup (for astrophotographs) and what came down was unquestionably child pornography--there was nothing ambiguous about the child's age.
11.27.2006 3:23pm
SailorDave (www):
Note that some browsers "prefetch" by loading links into your browser cache before you click on them. If you're using firefox, you will have lots of images in your cache that you never viewed and never tried to view. see this explanation for more details.
11.27.2006 3:27pm
WHOI Jacket:
Invicible ignorance as legal doctrine?

(I think this is a smart ruling, knowing how little most people know about what is actually on their computers.)
11.27.2006 3:56pm
Ragerz (mail):
I disagree with this ruling. I think things in the cache should be considered possession. One should be held responsible for the logically forseable results of one's actions.

It seems this ruling could lead to some bizarre results. Like, if a computer scientist looks at a website with child pornography and knows it will end up stored in the cache, but then a non-computer scientist looks at the same exact material and doesn't know it will end up stored in the cache, the computer scientist is liable for possession but the other individual is not, even though they both took the same exact actions and had the same evil intentions. This ruling is wrong. While the computer scientist is surely a vile individual deserving of punishment, so to is the less sophisticated pervert.

As for the previous commentators, the mere existence of child pornography files in a person's cache in a situation where the receipt of those files was wholly unintentional, would not be a crime if this ruling would have come out the other way. In that case, the mens rea requirement would not have been fulfilled.

This ruling is unfortunate, as it will lessen the consequences of viewing child pornography where that pornography is stored in the cache.
11.27.2006 3:59pm
Parsi (mail):
When you embed an image in a web page, you have the option of specifying the pixel dimensions that it will display as. If you specify that size as a single pixel then nobody visiting the site will even realize the image is there. But your browser will still have loaded the (full-size) image into the cache.

A spoof "anti-child-porn" site could be packed with such hidden, but potentially incriminating, images. Some or all of them would be retained in cache on your PC for some time after your visit.
11.27.2006 4:09pm
BGates (mail) (www):
Suppose I'm the cashier at a diner. A guy buys a $9 meal, pays for it with a 20, and I give him 11 in change. After he leaves I realize I accidentally gave him a 1 and a 100. I chase after him, and rather than explaining what happened and risk his refusal, I pick his pocket.

Have I stolen from him? Did he have possession of the $100, since he didn't know it was there?
11.27.2006 4:18pm
HLSbertarian (mail):

As for the previous commentators, the mere existence of child pornography files in a person's cache in a situation where the receipt of those files was wholly unintentional, would not be a crime if this ruling would have come out the other way. In that case, the mens rea requirement would not have been fulfilled.

This part of the decision was about what satisfies the mens rea requirement for knowing possesion of child porn (18 U.S.C. § 2252A(a)(5)(B)). What's your basis for saying that an opposite decision would still exclude "unintentional" cache contents?
11.27.2006 4:30pm
lucia (mail) (www):
BGates. Did you steal from him? Yes, because you, the alleged thief, knew it was there, picked his pocket with the intention of taking it and then took it.

Your intended victim, the customer, on the other hand, didn't know he had the money. If you are sneaky enough, he may never know you took it. If you'd asked if he stole the money, well, no.

In the case of pictures in cache, the alleged viewer of kiddie porn did not know it was there may be like the customer who was given the $100 in change: He doesn't know it's there.
11.27.2006 4:35pm
a question arises (mail):
This brings up a useful question: How exactly do you clear up your cache? Is there any way to do it for free, or must you buy some sort of special program? I know how to delete temporary internet files, but my understanding is that the cache still keeps a record that is not removed by the standard procedure.
(Please note that I'm not asking this because of the crime in this post. I'm asking because of curiousity, and I would like to clean my computer after three years of use so that it perhaps might function more effectively.)
Any answers would be greatly appreciated.
11.27.2006 4:51pm
Ragerz (mail):

This ruling is about mens rea with respect to possession, not mens rea about knowing that an image one is about to receive is child pornography.

If someone gives me a bag full of photographs, and I intentionally take possession of them, then mens rea with respect to possession is satisified. But if some of those photographs have child pornography, and I did not know that, then mens rea with respect to knowledge that the photographs are child pornography is not satisfied. I obviously have committed no crime. Just as when individual X gives store owner Y a roll of film to develop, and it turns out that that roll of film contains child pornography, Y is not guilty of possession of child pornography. Even though Y intentionally took possession of the role of film from the customer. Obviously.

In the cases the previous comments, they all went to knowledge of whether the thing in question was child pornography or not. In this case, there is no question that the sick individual involved did in fact know that they were dealing with child pornography.
11.27.2006 4:51pm
Ragerz (mail):

Not exactly. In that case, there is no evil act. A person who receives $100 in change, thinking it is a $10, has done no wrong. Someone who views child pornography on a website, in contrast, is far from an innocent party.

The analogy also doesn't work because $100 bills are not copied so easily as photographs on the Internet. In general, we should be careful about make real world analogies to acts on that occur online; it is better to be specific about what actually occurs. We don't really need an analogy to understand what happens when an individual visits a website; the act can be describe directly.
11.27.2006 4:58pm
Joe7 (mail):
To clear your cache:

With Internet Explorer: Click Tools|Internet Options|Delete Files.

With Firefox: Click Tools|Options|Privacy. Depending on the version, a Clear button should be somewhere in the dialog box.

With both, I have them clear the cache on browser shutdown, not for any nefarious reasons, but because there is little reason to fill my hard drive with digital refuse from my browsing.
11.27.2006 5:07pm
mls (mail):
Ragerz writes:

This ruling is about mens rea with respect to possession, not mens rea about knowing that an image one is about to receive is child pornography.

If someone gives me a bag full of photographs, and I intentionally take possession of them, then mens rea with respect to possession is satisified. But if some of those photographs have child pornography, and I did not know that, then mens rea with respect to knowledge that the photographs are child pornography is not satisfied.

Another way to think about it that might clear up confusion, is to see "knowing possession" as the actus reus for the offense. As everyone knows, actus reus must be voluntary, and when it comes to possession, knowing that you possess is what makes the action voluntary.

Thus, in Ragerz' hypothetical, taking the package of photos equals volunary actus reus. That, alone, isn't an offense. In addition, we need mens rea, knowing the photos are child porn.

The Ninth Circuit ruling looks to me to be a ruling about voluntary actus reus.

And when I used this as an exam hypo a couple of years ago, I expected my students to discuss both actus reus and mens rea problems . . .
11.27.2006 5:24pm
HLSbertarian (mail):
Ragerz: Possession and receipt are two different offenses. As I read it, this decision overrules a judgment that having child porn in your cache, without proof of knowledge of the cache, suffices for the possession charge due to dominion and control. That would mean that an opposite decision (that knowledge of the cache is unnecessary for a finding of dominion and control, and so a proved possession charge) wouldn't allow a mens rea defense if one was caught with the pictures in his cache. Am I understanding it incorrectly?
11.27.2006 5:26pm
HLSbertarian (mail):
mls: But doesn't one swallow the other in this context? If the court had ruled otherwise (that ignorance of the cache doesn't get you off on actus reus), you still couldn't fulfill mens rea -- how can you know something is child porn when you don't know that it exists?

It seems that the mens rea Ragerz is talking about relates back to the receipt of the child porn, and that's a different offense entirely.
11.27.2006 5:34pm
elChato (mail):
I haven't studied the decisions interpreting this statute; but it seems to me that "possession" should be satisfied, as a matter of statutory construction, by proof that he knowingly visited these websites and viewed these images; he was able to exercise dominion and control over the images and "enjoy" them via his computer. To reduce it to whether he actually knew it was going to his browser cache seems to have missed the mark; I don't see why the knowing visitation of sites containing this illegal material should get a pass because the defendant lacks knowledge about the browser cache. Even if possession were defined as I think it should be, the government would still have to prove the acts were intentional, and perhaps overcome the technical problems suggested by Parsi.

But if "possession" is interpreted as the court says here, I guess the decision is correct.
11.27.2006 6:17pm
lucia (mail) (www):
Ragers: I think HLS Libertarian gave part of what I would reply to you.

However, there is another issue: browsers sometimes pre-cache. So, it's actually possible for a person surfing to take their browser "somewhere" (say an adult porn site), spend a bit of time examining the "interesting" photos of adult porn, and while the person is doing this, their browser, might, hypothetically, download some child porn -- pre-caching it. (This is done to make browsing seem faster to the user.)

The person visiting porn sites never, ever knows the child porn image is in cache. The actual person didn't seek child porn; they didn't view child porn. They have no idea the child porn is there in the cache, where, if they were awared of the porn and wished to view it, they could fish it out and view it.

So, the person surving really is like the guy who didn't seek to have the $100 in his wallet and didn't know it was there.

As to the admonition that one should take care with real world and internet analogies: I agree and would take that further. One should be careful with all analogies and remember they are analogies, which means they are similar in some ways and not others. That doesn't mean analogies aren't useful or that they should not be used or avoided even in this case.
11.27.2006 6:19pm
mls (mail):
HLSbertarian: You're basically suggesting that the distinction between mens rea and actus rea is one without a difference in this context. That's always been the problem with offenses of possession, including drug and firearm offenses, because actus reus has to presuppose a state of awareness, and so does mens rea. I agree, there is considerable overlap between the two, in the sense that defeating one often defeats the other. But that isn't always the case, especially when you complicate things with willfull blindness or ostrich defenses.

But it is analytically important to make distinctions between AR &MR, because, for one thing, different defenses may apply. Consider a jurisdiction that disallows intoxication as a defense to mens rea -- you may still be able to raise it as a refutation of voluntary actus reus. This also works with some mental health issues. Say your client resists using an insanity defense (mostly because they're afraid they'll end up in a psychiatric facility for far longer than they would be in prison), you may be able to use the same expert witnesses to attack voluntariness of actus reus without having to plead an insanity defense. In some jurisdictions there are other procedural issues where the distinction between mens rea and actus reus makes a difference.

So I think it is important to be analytically precise about mens rea and actus reus.
11.27.2006 6:21pm
lucia (mail) (www):
Here's a bit from Wikipedia on how browser might prefetch stuff a person never visits and store the material in cache:

Link prefetching is a standards compliant mechanism used by some web browsers, which utilizes browser idle time to download or prefetch documents that the user might visit in the near future. A web page provides a set of prefetching hints to the browser, and after the browser is finished loading the page, and after an idle time has passed, it begins silently prefetching specified documents, storing them in its cache. When the user visits one of the prefetched documents, it can be served up quickly out of the browser's cache.

11.27.2006 6:28pm
Freddy Hill (mail):

The procedures you detail will indeed clear the cache, and they are advisable in order to save disk space. They, however, do not guarantee that the evidence is not recoverable. The "1"s and "0"s that form the offending image are not immediately erased, and they may be recovered with relative ease if the computer is seized shortly after the clearing (or to use a drug term, the flushing).

In order to completely delete the information, you must write new information over it, such as an string of zeroes. You can buy programs that do this, but, to pick a term from a different sub-thread of this post, I wonder if possesion of such a program could be interpreted as supportive of a mens rea.
11.27.2006 6:48pm
Peter Wimsey:
I am somewhat familiar with how child porn crimes are investigated in my state, where none of the police with whom I have spoken will refer a case for prosecution unless there is a file structure for storing the porn present. I've always thought that this made a lot of sense, precisely for the reasons discussed in this thread.
11.27.2006 7:14pm
Tennessean (mail):
Prof. Kerr:

Regarding the implications of this ruling for other cases, I have two questions/thoughts:

First, I wonder how often it is that someone requests a particular image, as opposed to clicking on a link to an HTML page that may have many images or clicking on a link to an HTML page based upon a description (which, again, might lead still to a contest about the results).

Second, and perhaps more practically an issue, I recall from my days within the courts that the number of images played a significant role in sentencing, and so even if this ruling might not place many convictions in doubt, might it not have a dramatic effect on sentencing (even if just to change the way in which plea bargaining works)?
11.27.2006 7:39pm
Brother Bark (mail):
It is revoltingly evil to have laws on the books that make criminal the mere possession of the filth that is child pornography, because of the reasons mentioned above and others for why it is so easy to inadvertently download this crap (into a cache or other hidden portions of today's huge hard drives). Making innocent people afraid is the tactic of thugs, not of so-called "protectors of children".

Also consider that criminal gangs have taken to extorting money from people by threatening to use stealth programs to upload child pornography or other illegal materials to their computers, followed by anonymous tips.

Finally, another way to entrap people is to embed illegal pictures into multi-image animated GIF-format files, then set the rotations to be so slow that the illegal pictures rarely show in time to be actually seen, leaving the victim with the mistaken impression that all his images (of nature scenes, say, or pictures of gadgets) are innocent. One can easily image all kinds of nasty revenge scenarios based on this possibility.
11.27.2006 7:40pm
Daniel Chapman (mail):
"It is revoltingly evil to have laws on the books that make criminal the mere possession of the filth that is child pornography"

Who talks like this? Do we really need to preface every argument against child pornography laws with this sort of over-the-top denouncement of the porn itself? It reminds me of that Seinfeld episode where they ended every line with "not that there's anything wrong with that."

On another note... got a link to your story about gangs uploading child porn and calling in a tip?
11.27.2006 8:08pm
Mark Draughn (mail) (www):
It's good to hear that law enforcement is taking a reasonable approach to this. According to the statistics from my last virus scan, I have 3 million files on my computer (counting files embedded in archives). I doubt I had individual control over even 1 percent of them. I'm probably atypical, but I'm guessing most power users have a few hundred thousand files.
11.27.2006 8:20pm
Brother Bark (mail):
As requested, here are a couple of child-pornography extortion links:

IMJ article
BBC article

Frankly, the anti-child-pornography laws in the U.S.A. in particular are themselves a large problem rivalling the problem itself of child pornographers and the perverts who fund them, somewhat similar to how the anti-drug laws are actually a far larger problem than drug abuse itself.
11.27.2006 8:59pm
A. Zarkov (mail):
It’s true that emptying the cache does not delete content immediately. You can download free utilities to do this. For Windows machines use “Wipe” where you can overwrite individual files or a whole disk. But be warned it’s actually very difficult to securely scrub a disk. For classified information the government will usually grind up the disk platter because with electron microscopy you can recover the original bits even with multiple overwrites. Using “TrueCrypt” is another approach. This free utility will encrypt your disk or a designated partition on the fly. It also provides two levels of plausible deniability in case you are forced to reveal your password. You might really want to use TrueCrypt on your laptop when traveling to a foreign country where you could get your disk scanned on entry. Be warned it’s illegal to bring a bible into Saudi Arabia, or to possess one. The USSR also had laws against bringing in a bible.

I have a lot of trouble with the notion of making it illegal to possess an image or text without intent to do something with it other than personal use.
11.27.2006 9:19pm
Brother Bark (mail):
I would like to see only the actual manufacturers and distributors of actual child pornography sent to hard time in prison, especially the sickos who physically handle children, with a corresponding very public *civil* exposure of the perverts who apparently get their jollies from viewing such materials. The perverts may find being fired and blackballed and evicted and occasionally beaten up by random enraged parents sufficient incentive to find other ways of amusing themselves.
11.27.2006 9:45pm
BruceM (mail) (www):
Possession always means knowing possession. If you don't know it's there, you can't be knowingly possessing it. You may know your friends use cocaine, but you do not know that last time they were over at your apartment, a small bag of coke fell out of Billy's back pocket and into your couch cushions.
11.27.2006 10:11pm
TLB (mail) (www):
I wrote a cache-clearing program once, and:
1. Windows (or at least XP) has a "secret" cache that the instructions provided by Joe7 above don't affect.

2. The recommended practice for removing classified information from a disk drive is physical destruction, such as by burning. Simply writing over the previous data with more data will work somewhat, but the information can still be recovered. In fact, I think there was a thread about this here a while back.

And, note that Javascript (such as the "AJAX" TLA) can do interesting things, like swap in images while you're reading a web page. It might even swap in large images into those 1x1 images refered to above. And, it might even swap the image into a section of the page that's off the screen, so you'd never even see it (whether the browser would then cache that image isn't known).

Note that many advertisers use 1x1 gifs for tracking purposes, such as Amazon. (That's, of course, different from a 100x100 image displayed as 1x1). And, 1x1 images are even embedded in email messages for tracking whether you read an email or not (such as a commercial newsletter). HTML messages might be rendered by IE's HTML displayer control, the same one IE uses to show web pages. They might end up in the cache.

And, of course, there's all the viruses that, if activated, could take full control of a machine including adding things to the cache outside the browser.
11.27.2006 11:41pm
CMcLean (mail) (www):
I had no idea what valetudinarian meant. And after looking it up I'm not sure that it was properly used. Any thoughts? (See definition and link below). I guess it could be a "less than sickly grasp" but it just doesn't seem like proper usage.

See: Yahoo! Dictionary Definition

A sickly or weak person, especially one who is constantly and morbidly concerned with his or her health: "She affected to be spunky about her ailments and afflictions, but she was in fact an utterly self-centered valetudinarian" (Louis Auchincloss).

1. Chronically ailing; sickly.
2. Constantly and morbidly concerned with one's health.
11.28.2006 1:00am
Could somebody with more knowledge of the law than I have expand on the idea of "possession always means knowing possession" as it pertains to use of the modern internet browsing technology? Caching is employed by all browsers, and this fact is in no way disguised or hidden, so why can't somebody be held responsible for knowing what the device he is using is doing?
11.28.2006 1:45am
CLS (mail) (www):
Ragerz says that an image in a cache file is possession because one should “be held responsible for the logically foreseeable results of one’s actions.” What action did the person take logically resulted in the image being in the cache he doesn’t say.

Anyone who has browsed the net at all will know that there are some devious ways in which some sites basically take command of your computer for some time and start downloading pages you don’t want. Attempts to stop are sometimes useless. I’ve suddenly had page after page start opening on my screen and the only way to stop it was to force crash the computer by turning it off improperly.

The presence of an image in a cache can not reveal anything about the intentionality of the computer owner. I wouldn’t know what to do to find such images on my computer in order to delete them. Yet the images that came up did so without my trying to download them.

In the case of the $11 change. The real analogy is this. You accidentally give the guy $101 instead of $11 in change. He doesn’t realize it. You do. So you have him arrested for theft. Is he guilty of stealing? No. You gave him the money and he didn’t realize he had the wrong amount. He is not a thief. Ditto for the images which are easily placed on computers unaware.

Ragenz again gets it wrong when he says that he “who views child pornography on a web site, is far from an innocent party.” The case here was not about whether someone intentionally sought out and viewed such material but whether it was on his computer without his knowledge! Unless Ragenz thinks us all psychics the fact is that we don’t know what will appear on a web page before we open it. Someone can be looking for legal erotica and suddenly find a page of illegal material that they neither wanted nor sought out. And as I have said I have had strange things happen when suddenly my browser is out of my control and dozens of pages start opening one after the other. I can’t close them fast enough and the only way to stop it is by crashing the system. Am I responsible for images on those pages?

elChato says that the defendant was “getting a pass” claiming he knowingly visited the sites containing illegal material. But is that the case? Is there evidence he knew what was on the site before he visited the site? Again I’ve had pages pop up I never searched for. I didn’t knowingly visit them. Now I can’t say if they had illegal images or not (though they always seem to be porn sites) because I crashed the system to stop the downloads. By the time the system crashed I could have had 20 pages on screen and I couldn’t tell you what was on them. I believe those images would appear in my cache. Possession in a cache is not evidence of voluntary action.
11.28.2006 11:09am

In order to completely delete the information, you must write new information over it, such as an string of zeroes. You can buy programs that do this, but, to pick a term from a different sub-thread of this post, I wonder if possesion of such a program could be interpreted as supportive of a mens rea

So much for wiping HIPPA, information, securing Identity thef-ready information at the VA, etc. THere are lots of reasons that are not only legal but that support good public policy to be able to securely wipe your drives.
11.28.2006 12:32pm
elChato (mail):
elChato says that the defendant was “getting a pass” claiming he knowingly visited the sites containing illegal material. But is that the case?

I didn't say THIS DEFENDANT did so. That is a matter for proof at trial. My point was that the law seems to have been misinterpreted, in particular the phrase "dominion and control." The 9th Circuit's decisions seems to interpret the statute so that only a person who knows the images are stored in the browser cache can be guilty of possession. I think that's wrong-- I think it should have been interpreted to mean that a person who intentionally viewed child pornography on the internet is exercising "dominion and control" over the images while he's viewing them, without regard to his knowledge of the browser cache. The govt would still have to prove each element of the offense.

But hey, it's only my opinion. And I didn't read the legislative history. It just seems like an odd interpretation.
11.28.2006 2:56pm
It strikes me that there's an important distinction between the possession of the image at the time it is acquired/downloaded, and the later possession in browser cache. The latter may be unwitting -- and thus not criminally punishable -- but the presence of the file in cache is nevertheless circumstantial evidence of knowing possession at the earlier date.

I say circumstantial, of course, because this isn't conclusive proof of knowing possession. (In addition to the reasons detailed by other commenters, there's the trivial case of an image, never actually observed by the browser user, at the bottom of a web page longer than the user's screen size.) But it is probative, and in conjunction with other evidence -- say, the browser history sequence -- one could build a pretty good case for the intentionality of the original possession.
11.28.2006 2:57pm
Riskable (mail) (www):
I think this is a good judge trying to inject reason into a law that has none in order to protect the innocent. If the ruling stands, ignorance will become a valid defense. It is the type of thing that conservative pundits love to complain about: Americans not taking responsibility for their actions.

There's really two big problems here:

1) The physical--and classical--definition of possession should not apply to virtual goods. In the same way that copyright violation is not theft, having a copy of work on a computer is not possession of the item.

2) The law in question is very poorly written and doesn't take intent into account. There's degrees to almost every crime, but not when it comes to child pornography apparently. The line of this law was drawn to far and too wide. It is extreme, and extreme justice is extreme injustice.

Laws like this are ripe for abuse. It places all the power in the hands of the accuser, punishes the accused before conviction, and temps the honest into becoming dishonest. How many portraits of the innocent will be framed and burned before the plug is pulled on this wicked machine?

"A damn is a gift everyone can afford."
11.29.2006 10:43pm