A man who “accidentally” downloaded and then subsequently deleted child pornography faces a possible 20 year sentence, even though he claims he immediately deleted the files and police had to reconstruct the images from deleted files.
The 22-year-old California man claims he was using the Limewire P2P network to download pornography, specifically “College Girls Gone Wild,” but that when he downloaded it he discovered he had also unwittingly downloaded pornography featuring minors.
He maintains he deleted the files and thought nothing of it. However, a year later the FBI asked to search his family home, and whilst prying into the depths of his hard drive they discovered illegal material which had been deleted.
“It didn’t appeal to me. I was looking for women my age, so I just wanted to download ‘College Girls Gone Wild’ and accidentally downloaded underage pornography.
I asked them, ‘Where did you get that? I don’t remember that.’ I asked them, ‘Could I access that if I wanted to?’ They said no.”
He has pleaded guilty in the hopes of securing the mercy of the courts – he faces a maximum of 20 years for possessing child pornography, but his counsel is hoping for a “lenient” 3 and a half year sentence, 10 year probation and registration as a sex offender.
The FBI advises people in similar circumstances to turn themselves in to authorities, although there is no guarantee they will escape prosecution, and (frequently permanent) confiscation of computers is likely.
Unencrypted P2P networks such as Limewire are heavily monitored by police looking to nab people sharing underage pornography – IP addresses can easily be gathered and traced to physical addresses, likely what happened in this case.
Deleting files from a hard drive in the conventional manner actually only removes the information as to where on the disk the data is stored – the actual data remains in place until overwritten with new data, likely what happened in this case. Data recovery tools and computer forensics software enable such fragments to be reconstituted or at least identified.
It is also possible to discover previously overwritten data by inspecting the physical structure of the disk, though this is far harder – only repeatedly overwriting the affected sections of the disk with random data can prevent this.
Computer users wishing to prevent such “accidents” resulting from the presence of previously deleted files can use secure deletion tools to overwrite previously deleted files with random data – such procedures prevent forensic recovery of deleted data and are approved for military use in ensuring classified files are rendered irrecoverable.
Complete hard drive encryption using utilities such as TrueCrypt is similarly effective, as is the use of P2P networks which are fully encrypted in the first place.
Fortunately for governments the use of such tools is still not common knowledge…