Computer technician cleared of child sex abuse material charges

A court has acquitted a 55-year-old man of knowingly producing and distributing child sexual abuse material involving minors under the age of nine.

Although illegal material was discovered on digital storage devices linked to him, the prosecution failed to prove beyond reasonable doubt that he knowingly possessed or intentionally accessed the files.

The judgment expressly draws attention to a potential legislative and policy gap affecting computer technicians and other professionals engaged in data recovery work.

The investigation originated from a cybercrime operation involving GRIDCOP, a tool provided by UK police to assist in identifying IP addresses associated with searches or downloads of child sex abuse material.

Investigators linked suspicious online activity to an IP address attributed to the accused and alleged that the material appeared to be connected to eMule, a peer-to-peer file-sharing platform. One particular search on eMule had read “pre-teen hard core”.

Warrants for search and arrest were issued. Officers first went to a property in San Ġwann, which was found to be unoccupied. Investigators later traced the accused to Ħamrun, where multiple electronic devices and loose storage drives were seized.

Police cybercrime personnel, together with court-appointed expert Keith Cutajar, testified regarding the extraction and analysis of large volumes of data, amounting to approximately eight terabytes across all seized devices.

A police analyst had told the court that one drive from a work computer contained illegal material involving minors, described as “hentai”, while a separate drive contained illegal images and videos involving minors.

At face value, the presence of illegal content on drives associated with the accused appeared to substantiate the charge of possession and access.

In his defence, the accused explained that he had worked for decades as a computer technician, including operating his own company and providing data recovery services to clients. Clients would ask for the recovery of lost files or files on faulty hard drives. He stated that clients regularly left computers and storage drives in his possession and that some allegedly instructed him to retain certain devices after work had been completed.

He argued that data recovery processes can involve scanning, reconstructing and transferring large volumes of information, sometimes overnight, without the technician necessarily opening or reviewing individual files.

He further suggested that certain illegal downloads could be attributable to viruses or adware present on client devices, and that some file formats do not reveal their actual content unless specifically opened.

His former wife corroborated that he had long worked as a computer technician, routinely stored numerous devices at home for professional purposes, and regularly carried out data recovery operations. She also stated that she did not believe her ex-husband would commit such offences.

It resulted that a substantial portion of the material came from data recoveries. Some of the files were “orphaned”, meaning they were no longer properly linked to the computer’s filing system, but traces of the data still remained. Other material was located in parts of the hard drive known as “unallocated space”, which are areas not connected to active files and cannot normally be seen by an ordinary user.

This technical context was crucial because, even where illegal material is physically present on a device in someone’s possession, criminal liability depends on proof that the individual knowingly and intentionally possessed or accessed it.

In this case, the court found that there was a significant possibility that the accused lacked the necessary guilty intent, particularly if the material originated from client hard drives and existed primarily as deleted or recovered data.

Technicians such as the accused were left exposed to offences that were actually committed by the owners of the devices.

In essence, while the prosecution established that illegal material was present on the seized devices, it failed to prove beyond reasonable doubt that the accused downloaded it, was aware of its presence, or intentionally acquired or accessed it. Accordingly, the court acquitted him of both charges.

The court also ordered that the decision be brought to the attention of the Speaker of Parliament and the Economy Minister, urging them to take note of what it described as a significant gap in the law.

The court observed that data recovery professionals may face serious legal exposure if illegal material is found on client media in their possession.

It said that legislation should be enacted to protect technicans such as the accused. Lawmakers need to consider clearer regulatory safeguards to protect the public interest without unfairly criminalising professionals who, in the course of their legitimate work, may inadvertently come into contact with unlawful data without the requisite criminal intent.

Inspectors Joseph Busuttil and Dorianne Tabone prosecuted. Magistrate Claire Stafrace Zammit presided over the case.