This post is about the extent to which the finder of fact in a trial can infer mens rea from the use of data erasing software.
As I assume we all know, it is a crime to possess child pornography under both state and federal law. The possession of child pornography statutes often use “knowing” as the mens rea; that is, they often require that the defendant have “knowingly” possessed the child pornography.
I explained in an earlier post how U.S. criminal law defines “possession.” The definitions fall into two categories: actual and constructive. Constructive possession exists when you know you have control of the thing (here, child pornography) and had time and the ability to get rid of it, but didn’t.
That brings me to the case this post is about: People v. Scolaro, 391 Ill. App.3d 671, 910 N.E.2d 126 (Illinois Court of Appeals 2009). According to the opinion, a Department of Homeland Security investigation of online child pornography identified Scolaro as someone who subscribed to child pornography websites. People v. Scolaro, supra.
The DHS sent that information to the Westchester, Illinois police and Detective Dominick Luciano followed up on it by going to Scolaro’s home. People v. Scolaro, supra. Luciano told Scolaro he was investigating “inappropriate images on the Web that” might be on Scolaro’s computer and asked if he could enter Scolaro’s home. People v. Scolaro, supra. Scolaro let him in. Luciano then asked if he could conduct “`an image scan on his computer, which would pull images off his computer and let [police] view them.’” People v. Scolaro, supra. Scolaro agreed, signing a consent form authorizing Luciano or other officers “`or their agents, to conduct a complete search’” of his computer. People v. Scolaro, supra.
Luciano then installed a flash drive. . . Using software called `ImageScan,’ developed and owned by the Federal Bureau of Investigation, Luciano attempted to `pull’ images of child pornography from [Scolaro’s] hard drive. When Luciano booted up [the] computer, it froze. On a second try, the program started to produce certain nonpornographic images, but would not allow access to certain folders on the computer, so Luciano sought [Scolaro’s] permission to send it out for a forensic examination. [He] agreed. In addition to the computer, police officers confiscated pornographic videos and discs, none of which contained child pornography. According to Luciano, [Scolaro] told the officers he `had viewed images, but had never saved any on his computer.’
People v. Scolaro, supra.
A DHS Special Agent named Jarrod Winkle conducted the forensic examination of Scolaro’s computer using EnCase,
which is designed to perform complete forensic analysis on computers and/or computer-type equipment, or media, without altering the computer media itself. Winkle found a program on [Scolaro’s] computer hard drive called `Evidence Eliminator,’ which is . . . designed to eliminate files and/or evidence from a computer. Using EnCase, Winkle was able to obtain and recover some of the deleted computer files. Winkle found 689 images of child pornography in the unallocated section of [Scolaro’s] hard drive and 1 image in a temporary file. The unallocated section of a hard drive is considered the “free space” of the hard drive and is the area to which computer data or images are sent, sometimes automatically, by the Web site the user is visiting.
People v. Scolaro, supra.
Based on this, and other, evidence, Scolaro was charged with possession of child pornography. People v. Scolaro, supra. He was tried by a judge (in what I’ve noted is called a bench trial) and convicted, after which he appealed. People v. Scolaro, supra.
On appeal, Scolaro argued that the state failed to prove him guilty beyond a reasonable doubt. He based that argument on two contentions: (i) “no evidence was presented that he ever downloaded, saved, or printed, or in any other way exerted control over the images”; and (ii) “no evidence was presented that he knew such images existed on his computer”. People v. Scolaro, supra. The Illinois statute under which he was charged provided, in part, that the criminal provisions of the statute do “not apply to a person who does not voluntarily possess . . . [a depiction of] child pornography. . . . Possession is voluntary if the defendant knowingly procures or receives a . . . depiction for a sufficient time to be able to terminate his or her possession.” 720 Illinois Statutes 5/11-20.1(b)(5).
The Illinois Court of Appeals rejected Scolaro’s arguments. It found that the evidence presented at trial showed he “knowingly” possessed child pornography:
[T]he record shows that the child pornography was saved as temporary files on [his] home computer. Defendant `reached out’ for images by subscribing to Web sites that contained images of child pornography. Defendant admitted to forwarding images to others and receiving images of fully naked boys. Even if there had been no indication in the record that defendant had copied, printed, e-mailed, or sent images to others, defendant had the . . . Furthermore, . . . officers found the program `Evidence Eliminator’ installed on defendant's computer, which indicates that defendant knew the images were being automatically saved on his computer. See Bass, 411 F.3d at 1202. [V]iewing this evidence in the light most favorable to the prosecution, we find that the State proved that defendant had dominion and control over the images found in his cache and, therefore, that he `possessed’ child pornography within the meaning of the statute.
People v. Scolaro, supra.
I find the Court of Appeals’ use of Evidence Eliminator interesting. The court apparently believed Scolaro’s use of Evidence Eliminator supported the inference that he knew he had illegal material on his computer. It cited a federal case – U.S. v. Bass, 411 F.3d 1198 (U.S. Court of Appeals for the Tenth Circuit 2005) – as support for that proposition. In the Bass case, the Tenth Circuit Court of Appeals (a federal court of appeals) found that Bass’ use of History-Kill and Window-Washer “to delete child pornography because `he didn’t want his mother to see those images’” supported the same inference, i.e., that the use of software which erases/conceals data inferentially establishes that the user knows the computer contains illegal material.
Those are the only two reported cases I can find that specifically address this issue. Both of these courts found this to be a permissible inference from using data-erasing software. The defendant in the Bass case apparently admitted that he used the two programs for the specific purpose of concealing his possession of child pornography. I don’t know if Scolaro made such a concession or not, since the appellate briefs for the Scolaro case aren’t available online (at least not where I can find them).
I can see the logic behind the inference. I wonder, though, if the inference could be rebutted? That is, if a defendant said he/she used data-erasing software for purposes other than concealing the use of illegal data (such as contraband.). If a defendant said something like, “I used the software regularly to clean out files and data I thought were just taking up space on my computer” . . . something like that . . . would that rebut the inference of knowing possession?
Whether testimony like this could be used to rebut the use-of-data-erasing-software-as-showing-knowledge inference might also depend on a defendant’s ability to show the general purposes for which that particular software is used. If a defendant could show that a sizable number of computer users regularly ran a program – Disk Kleen-up, say – to clear useless or aggravating data off their hard drives, that MIGHT help rebut the inference the Scolaro and Bass courts relied on. It might also help if the program had a more innocuous name than Evidence Eliminator; while I’m perfectly willing to assume it’s a legitimate program commonly used for innocuous purposes, I can see where courts (and prosecutors) might at least implicitly rely on the name as further supporting the use-of-data-erasing-software-as-showing-knowledge inference.