Viewing Files on the Web Considered Possession?

Packet Pusher writes "A Georgia lawyer is taking a case to appeals court to prove that the mere act of viewing a website does not constitute possession of the materials that were automatically cached on your hard drive." While the case in question involves pornographic photos, the implications of such a declaration could reach far further.

You ARE kidding, right? Images can be hidden.

[WidescreenFreak]

Apparently, you need to learn a bit about HTML. You could have a 1,600 x 1,200 image of some pervert doing a kid. If the image source reference in HTML explicitly stated "height=1 width=1" the image would be a single blip on the browser screen but the full image would still have been downloaded. And in the world of broadband, that image could have taken 1/2 second to download or less, meaning that the viewer would probably not have noticed.

Anyone who wants to be a real jerk could easily hide hi-res porn images on a site this way. And if the person was duped to visiting a web site that appears to be legitimate, he might never know what kind if images just ended up on his system. We often see this same type of thing on /. by those incompetent jackasses who like to link supposedly valid pictures that end up being tubgirl or lemon party. Well, guess what's then in our cache even though we probably don't want it there.

And the vast majority of people don't even know what a cache is, let alone how to clean it out regularly, so the argument about "They should know to clean it out regularly" doesn't work.

Re:You ARE kidding, right? Images can be hidden.

[andreMA]

You could have a 1,600 x 1,200 image of some pervert doing a kid. If the image source reference in HTML explicitly stated "height=1 width=1" the image would be a single blip on the browser screen

Doesn't even need to be that. Prefetching images using javascript (eg, for responsive mouseovers) is commonplace.

begging the question?

[mblase]

This all begs the question of why viewing anything should ever be illegal.

No, it raises the question. Begging the question [wikipedia.org] is another thing entirely.

Re:Holely Cheese

[yuri benjamin]

Here's a possible solution:

rm -rf ~/.mozilla/{randomstring}/Cache
rm -rf ~/.mozilla/{randomstring}/history.dat
rm -rf ~/.mozilla/{randomstring}/cookies.txt
dd if=/dev/urandom of=bigfile #this will create a file filling all empty space

Wait for Device Full error.

rm bigfile

Repeat the last two commands. Might want to script it for a few hundred repetitions.

Theoretically it is still possible to recover the undelying data that was over-written. In practice it is very expensive and not 100% guaranteed.

Re:20 years, not hours

[VidEdit]

I think we are going to disagree on this issue. I'm more interested in the principle than the individual in this case.

The principle is that Walker County can charge you with possession even if you have never requested the images or viewed them. The images could be preloads, popups, or even downloaded via mal-ware. They don't care. They will charge you with a count for every image that your computer viewed--and pop-ups or mal-ware could download images for four hours.

Given that the Bush Administration believes that even pr0n that features consenting adults is illegal, this prosecution should be seen as extremely dangerous to your civil rights. It won't take vile child porn to get you thrown in jail--just anything the Administration doesn't approve of. It is guilt by association. Guilt for seeing. Guilty knowledge. And we are talking big time jail.

You are very impressed that he viewed the images for four hours. If that is what impresses you so, then the law should just state that viewing the images is illegal rather than possession. But laws don't do that because we know that we shouldn't throw people in jail for having seen something--hence the reason we require possession. If he had seen the images on TV we wouldn't be talking right now, but web browsers keep a temporary cache that is meant to be *temporary* and should not be considered possession anymore than the fact you could type in a URL and get the images should be considered possession.

Mind you, child molesters need to go to jail, but thought crimes and laws that presume guilt are a danger to us all.

PS, Orwellian *is* capitalized since it is based on Orwell's name.

http://en.wikipedia.org/wiki/Orwellian [wikipedia.org]

Re:A flurry of frame-ups?

[Bill Walker]

I'm not a lawyer either but in the US, entrapment [wikipedia.org] is something only policemen can be guilty of.

Re:How to go to jail

[mabinogi]

I know that was a joke, but destructive actions should never be the result of a GET request anyway - for exactly that sort of reason.
GET should just get a page, and should be (relatively) repeatable. Modification should only happen on a POST.

Defendant not your average Joe

[Rogs]

According to another Walker County Messenger article, [mywebpal.com] this guy was found "not guilty on five counts of child molestation and guilty of 106 counts of sexual exploitation of children" at his trial. Sounds like the child molestation charges were what prompted the case - and the forensic investigation of his computer - to begin with.

It also sounds like Superior Court Judge Kristina Connelly might not have been in agreement with the not guilty verdict (or for that matter, terribly pleased by it) and handed him a 20-year sentence for possessing child porn by (ab-)using consecutive sentencing - a sort of reverse "jury nullification." Now I don't know for sure that's what happened, and I hate pedophiles as much as the next guy, but every time a judge reshapes a jury verdict to his own liking during sentencing, justice loses. If pedophiles felt at risk of getting 20 years in jail for every 4 hours of binging on kiddie porn, they'd figure they might as well go out and try the real thing.

Re:A good example

[Anonymous Coward]

Possessing something doesn't create demand. Buying or paying money for something does.

Re:Holely Cheese

[Qzukk]

Actually, if you tried to do that, you'd probably get the drive to hit at least one sector that wasn't quite right, and it would begin remapping sectors. Once it starts remapping blocks on the drive, you've got no way of knowing that you've overwritten everything, since the naughty bits might end up mapped out of the visible part of the drive by the drive's firmware.

Re:Newsgroups

[Alinabi]

Unfortunately that is true for US and most countries, not just Bali.

Re:Holely Cheese

[koreaman]

If you want a more secure and efficient method, take a look at Peter Gutmann's work.

Actually, I'll save you a trip to google, just because I'm that nice.

http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_ del.html [auckland.ac.nz]

Re:Holely Cheese

[EvilSporkMan]

You can't shred a file if it's on, say, ReiserFS because the filesystem doesn't overwrite data in place. shred's manpage actually reveals that shredding just plain doesn't work nowadays, as it doesn't work on journalled filesystems. You would have to boot a live CD and run shred on the block device to be sure.

Re:Newsgroups

[amliebsch]

No, that is incorrect. They only must show knowledge of possession, not intent. 18 USC 2252A (excerpted):

(a) Any person who -

(5) either - (A) in the special maritime and territorial jurisdiction of the United States, or on any land or building owned by, leased to, or otherwise used by or under the control of the United States Government, or in the Indian country (as defined in section 1151), knowingly possesses any book, magazine, periodical, film, videotape, computer disk, or any other material that contains an image of child pornography; or

(B) knowingly possesses any book, magazine, periodical, film, videotape, computer disk, or any other material that contains an image of child pornography that has been mailed, or shipped or transported in interstate or foreign commerce by any means, including by computer, or that was produced using materials that have been mailed, or shipped or transported in interstate or foreign commerce by any means, including by computer, shall be punished as provided in subsection (b).

Interestingly, the statute explicitly provides an affirmative defense once the possession becomes knowingly:

(d) Affirmative Defense. - It shall be an affirmative defense to a charge of violating subsection (a)(5) that the defendant -

(1) possessed less than three images of child pornography; and

(2) promptly and in good faith, and without retaining or allowing any person, other than a law enforcement agency, to access any image or copy thereof -

(A) took reasonable steps to destroy each such image; or

(B) reported the matter to a law enforcement agency and afforded that agency access to each such image.

The way I read that, if you immediately take "reasonable" (note does not have to be absoultely effective) steps to destroy any images you receive as soon as you become aware of them, this is an affirmative defense. If you let them sit around on your hard drive without even trying to delete them, and you knew about them, then you have a problem.

Re:20 years over 4 hours?

[Anonymous Coward]

Excuse me, but I do not think you have any idea just how much child pornography is out there. I worked with the Red Cross for a short while, tracking these sites down so they could be nullrouted.

A single site can contain more child pornography than a pedophile human could ever hope to wank to without his/her penis/clit falling off.

You don't need to add more content.

Besides, P2P eliminates the need for someone to pay in order to obtain it, so the point isn't entirely valid. I agree that it's a very fine line to walk between just viewing (fine by me; don't see what's worse with this than watching Checznians cutting some poor bastard's throat), and actually contributing to the production (raising demand, causing profit), but the line is still there, IMHO.

Re:A flurry of frame-ups?

[Fëanáro]

If the 1x1 pixels are changed back to dots, and the victim visits the page again, the new version will replace the old version in the cache, but the images stay.
You could even make it so that the 1x1 pixels are only included for the first access from the same IP. Then make the page reload itself.

better yet, use a javascript that silently submits a form in a hidden iframe. The target of that form is a page with the discriminating images. results of POST requests are not cached.

Re:Holely Cheese

[Anonymous Coward]

easy :
apt-get install wipe
wipe -f ~/.mozilla/{randomstring}/Cache

it does erase content and rewrite on it. quiet efficient ;)

Re:Holely Cheese

[cortana]

mount -t tempfs none ~/.mozilla

Put this at the beginning of your Mozilla launch script

mountpoint ~/.mozilla || { echo 'Mozilla profile directory not a tempfs'; exit 1; }

Re:How to go to jail

[hacker]

"Step one, install Mozilla and turn on the background prefetching."

As I'm sure you've been told already, prefetching DOES NOT fetch hrefs, it fetches

<link ../>

tags, when specified. I'd wager that less than 5% of all web designers are actively using these.