eCases

• Filed 10/27/16
  CERTIFIED FOR PUBLICATION
  IN THE COURT OF APPEAL OF THE STATE OF CALIFORNIA
  FIRST APPELLATE DISTRICT
  DIVISION ONE
  THE PEOPLE,
  Plaintiff and Respondent,
  A145162
  v.
  RICHARD PATRICK EVENSEN,                           (Napa County
  Super. Ct. Nos. CR165642, CR168007)
  Defendant and Appellant.
  Defendant Richard Patrick Evensen pleaded guilty to various sex crimes after the
  trial court denied his motion to suppress evidence. The evidence leading to his arrest was
  obtained when police used software that targets peer-to-peer file-sharing networks to
  identify Internet Protocol (IP) addresses associated with known digital files of child
  pornography. A public website revealed one such identified IP address to be registered
  with Comcast, and the execution of a search warrant on Comcast showed the subscriber
  of the IP address to be Evensen’s mother. A second search warrant was then executed on
  the mother’s home, where Evensen lived, and further inculpatory evidence was found.
  After Evensen was arrested, more evidence of wrongdoing, some involving different
  victims, came to light.
  Evensen argues that the trial court wrongly denied his motion to suppress because
  all of the evidence against him emanated from the police’s use of the software that targets
  peer-to-peer networks. According to him, the use of this software violated his Fourth
  Amendment rights by infringing on his reasonable expectation of privacy in his
  computer. We reject the argument and affirm.
  1
  I.
  BACKGROUND
  By using a set of software tools known as RoundUp, police learned that an IP
  address,1 later determined to be assigned to Evensen’s mother, had downloaded child
  pornography. RoundUp enables law enforcement officials to detect child pornography on
  peer-to-peer file-sharing networks. Peer-to-peer networks allow users to share digital
  files over the Internet. To access these networks, users need only download onto their
  computers a free software program. The program allows a network user to upload a file
  onto his or her computer, and it then allows other users to access and download the file
  onto their own devices. A user who buys a music CD, for example, can convert it into a
  digital file and upload it onto the peer-to-peer network, thereby allowing other users to
  access and download the file.
  When a network user uploads a file, it is placed in a “shared folder” on the user’s
  computer. Other users can find files in shared folders by using a keyword search. When
  a user finds a desired file, the user can download it from one or multiple hosts. Using
  multiple hosts accelerates the download. A user could, for example, take the beginning
  of a video file from a computer in San Francisco, the middle from a computer in Berlin,
  and the end from a computer in Sydney. The peer-to-peer software reassembles the
  pieces into a single file.
  In this case, Evensen used a peer-to-peer network called eDonkey, which he
  accessed through a program called eMule. The program creates a shared folder on each
  user’s computer, and downloaded files are automatically placed in it. The shared folder
  is accessible to all other users unless the downloading user changes the default setting by
  selecting an option called “Nobody.” Another way a downloading user can prevent
  1
  “[A]n IP address . . . is a unique number identifying the location of an end[-]
  user’s computer. When an end-user logs onto a[n] internet service provider, the user is
  assigned a unique IP number that will be used for that entire . . . session. Only one
  computer can use a particular IP address at any specific date and time.” (United States v.
  Henderson (10th Cir. 2010) 

  595 F.3d 1198

  , 1199, fn. 1.)
  2
  others from accessing a file is to transfer it elsewhere on his or her computer and delete
  the copy in the shared folder.
  Evensen used eMule between September 9, 2011, and December 16, 2012. At the
  hearing on his motion to suppress, Evensen testified that he took several measures to
  prevent other users from accessing his files. To begin with, he modified eMule’s default
  settings by selecting the “Nobody” option. But, as Evensen acknowledged, the feature
  did not always work or he did not always activate it. One time, he saw another user
  downloading a pornographic file from his computer, and he canceled the download.
  Evensen testified that he also transferred files from his shared folder to other
  places on his computer that were inaccessible to other network users. He admitted,
  however, that he did not always transfer them immediately. He testified: “At times when
  I was downloading I would usually move all of them, but sometimes I wouldn’t move all
  of ‘em due to the file progress. The files not actually being what they say they would be.
  They would be either viruses or zip folders . . . . So when I used that I didn’t have time
  or I didn’t want to take the time to unzip those folders that I downloaded of those files
  and so they’d sit in my shared folder.”
  Finally, Evensen testified that he “max[ed] out” his download speed at 999
  downloads, meaning he could download material from 999 sources at once, and reduced
  to “one” the speed by which another user could download his files. These settings
  apparently accelerated the speed by which Evensen could download a file, and they
  restricted other users to downloading only one file at a time from his shared folder. The
  full extent to which these settings impeded other users’ ability to access his files is
  unclear from the record.
  At the suppression hearing, Officer Daniel Ichige2 also testified, and he explained
  how RoundUp works. He described how it retrieves information from peer-to-peer
  2
  Officer Ichige is a police officer with the San Jose Police Department’s Child
  Exploitation Detail—Internet Crimes Against Children Task Force. He is also a certified
  instructor in the use of the Gnutella network RoundUp tool. He has had about 90 hours
  of training with RoundUp tools, 20 hours of which was specific to eMule.
  3
  networks, uploads the information onto a server, and makes the information available to
  law enforcement officials. Officer Ichige explained that RoundUp is specifically used to
  search for known and verified digital files of child pornography. Each digital photograph
  has a “hash,” a digital fingerprint or serial number, which, according to Officer Ichige, is
  more distinctive than DNA. Law enforcement officers feed RoundUp a set of hashes of
  known child pornography files, and RoundUp then searches peer-to-peer networks for
  them. Officer Ichige explained that RoundUp compiles information from files stored in
  network users’ shared folders but not from files stored elsewhere on users’ computers.
  Apparently, RoundUp runs unattended and constantly searches peer-to-peer networks for
  files with hashes matching known child pornography. By using the program, law
  enforcement officers avoid the need to search networks with keywords, identify
  suspicious files, download those files, and confirm whether they depict child
  pornography.
  The RoundUp website reports IP addresses of computers that have downloaded
  files with hashes of known child pornography. Law enforcement officers can focus their
  RoundUp searches on IP addresses that are likely to be associated with computers
  physically located in the officers’ jurisdiction. Officer Ichige explained that RoundUp
  can show the “history” of an IP address, starting “[f]rom the time that the first child
  pornography file was made apparent” to the program.
  In this case, Officer Darlene Elia of the Napa Police Department used the
  RoundUp website in February 2013 to look for Napa County IP addresses used to
  download or share child pornography. She searched all available peer-to-peer networks.
  The search returned an IP address, eventually determined to be Evensen’s mother’s, that
  was first seen using eMule on September 9, 2011, and last seen on December 16, 2012.
  RoundUp flags files known to be child pornography by coding them in red. Looking at
  RoundUp’s historical list for this particular IP address, Officer Elia saw over 200 red
  flags.
  Using a public website, Officer Elia determined that the IP address was registered
  to Comcast. Officer Elia then obtained and executed a search warrant for Comcast
  4
  records and discovered that on December 16, 2012, the subscriber for the IP address was
  Evensen’s mother. Officer Elia then obtained a second search warrant for the mother’s
  home. Evensen was present when Officer Elia executed the warrant on the morning of
  April 11, 2013. After searching Evensen’s room, Officer Elia arrested Evensen and read
  him his Miranda3 rights.
  Evensen told Officer Elia he had been viewing child pornography for some time
  and would generally watch it one to two hours per day. He confirmed that all of the
  computers and hard drives in his room were his, and he estimated that he had about 30
  gigabytes of child pornography on his hard drives. He said he obtained child
  pornography primarily by using peer-to-peer file-sharing software. A forensic
  examination uncovered over 200 videos and images of child pornography on Evensen’s
  laptop and external hard drives.
  Evensen’s arrest was made public, and evidence of more sex crimes came to light.
  After hearing of the arrest, Jane Doe 1 came forward and claimed that Evensen had raped
  her and performed other sex acts on her while she slept. Jane Doe 2, whom police
  identified from images on one of Evensen’s external hard drives, revealed that she had, at
  Evensen’s request, sent sexually explicit images of herself to him when she was 16 years
  old. And Jane Doe 3, who was identified by Jane Doe 1 from an image seized from
  Evensen’s home, told police Evensen had performed various sex acts on her while she
  slept.
  In his motion to suppress, Evensen argued that the use of the RoundUp program
  amounted to an unconstitutional search and that all of the evidence against him should be
  suppressed because all of it emanated from this search. After a hearing, the trial court
  denied the motion, and Evensen then pleaded no contest to one count of advertising for
  sale obscene matter depicting a minor (Pen. Code, § 311.10), three counts of oral
  copulation of an unconscious person (id., § 288a, subd. (f)), one count of rape of an
  unconscious person (id., § 261, subd. (a)(4)), two counts of using a minor for sex acts
  3
  Miranda v. Arizona (1966) 

  384 U.S. 436

  .
  5
  (id., § 311.4, subd. (c)), and two counts of sodomy of an unconscious person (id., § 286,
  subd. (f)). He was sentenced to fifteen years, eight months in prison.
  II.
  DISCUSSION
  Evensen maintains that the use of the RoundUp program violated his Fourth
  Amendment rights “because he had a subjective expectation of privacy in his computer,
  which was objectively reasonable.” (Capitalization omitted.) We are not persuaded.
  We begin with the applicable standards of review. In ruling on a motion to
  suppress, the trial court “(1) finds the historical facts, (2) selects the applicable rule of
  law, and (3) applies the latter to the former to determine whether the rule of law as
  applied to the established facts is or is not violated.” (People v. Williams (1988) 

  45 Cal. 3d 1268

  , 1301.) “The court’s resolution of the first inquiry, which involves questions
  of fact, is reviewed under the deferential substantial-evidence standard. [Citations.] Its
  decision on the second, which is a pure question of law, is scrutinized under the standard
  of independent review. [Citations.] Finally, its ruling on the third, which is a mixed fact-
  law question that is however predominantly one of law, viz., the reasonableness of the
  challenged police conduct, is also subject to independent review. [Citations.]” (Ibid.)
  With these standards in mind, we turn to the governing law. “ ‘The Fourth
  Amendment protects an individual’s reasonable expectation of privacy against
  unreasonable intrusion on the part of the government.’ ” (People v. Hughston (2008) 

  168 Cal. App. 4th 1062

  , 1068.) It “protects people, not places. What a person knowingly
  exposes to the public, even in his [or her] own home or office, is not a subject of Fourth
  Amendment protection. [Citations.] But what he [or she] seeks to preserve as private,
  even in an area accessible to the public, may be constitutionally protected.” (Katz v.
  United States (1967) 

  389 U.S. 347

  , 351.) “A person seeking to invoke the protection of
  the Fourth Amendment must demonstrate both that he [or she] harbored a subjective
  expectation of privacy and that the expectation was objectively reasonable. [Citation.]
  An objectively reasonable expectation of privacy is ‘one society is willing to recognize as
  reasonable.’ [Citation.]” (People v. Hughston, at p. 1068.)
  6
  Computer users generally have an objectively reasonable expectation of privacy in
  the contents of their personal computers. (United States v. Ganoe (9th Cir. 2008) 

  538 F.3d 1117

  , 1127 (Ganoe).) But there are exceptions to this general rule, and one of them
  is that computer users have no reasonable expectation of privacy in the contents of a file
  that has been downloaded to a publicly accessible folder through file-sharing software.4
  (Ibid.) The Ninth Circuit Court of Appeals’s decisions in Ganoe and United States v.
  Borowy (9th Cir. 2010) 

  595 F.3d 1045

  (Borowy) are instructive.
  The defendant in Ganoe shared child pornography through LimeWire, a publicly
  available peer-to-peer file-sharing program. 

  (Ganoe, supra

  , 538 F.3d at p. 1119.) A law
  enforcement officer used the same program to download a movie depicting child
  pornography from the defendant’s computer. (Ibid.) After downloading additional child
  pornography files from this computer, the officer obtained a warrant and searched the
  defendant’s home. (Ibid.) On appeal, the Ninth Circuit affirmed the district court’s
  denial of the defendant’s motion to suppress. (Id. at p. 1127.) The Ninth Circuit held
  that the defendant could not have had a reasonable expectation of privacy once he
  decided “to install and use file-sharing software, thereby opening his computer to anyone
  else with the same freely available program.” (Ibid.) The court also rejected the
  defendant’s contention that his expectation of privacy was reasonable because he did not
  know that other users would be able to access files stored on his computer: “To argue
  4
  Computer users also have no reasonable expectation of privacy in electronic data
  that is not itself content. (See, e.g., In re Zynga Privacy Litig. (9th Cir. 2014) 

  750 F.3d 1098

  , 1108-1109 [“courts have long distinguished between the contents of a
  communication (in which a person may have a reasonable expectation of privacy) and
  record information about those communications (in which a person does not have a
  reasonable expectation of privacy)”]; United States v. Forrester (9th Cir. 2008) 

  512 F.3d 500

  , 510 [computer users have no reasonable expectation of privacy in “to/from
  addresses of their messages or [] IP addresses of [] websites they visit”].) Here, without
  opening or viewing any pornographic file, the police used RoundUp to learn that a public
  folder on a computer associated with Evensen’s mother’s IP address had contained
  known digital images of child pornography. The parties have not addressed, and we
  therefore do not decide, whether Evensen had a reasonable expectation of privacy in the
  electronic data RoundUp analyzed in tying his IP address to child pornography.
  7
  that Ganoe lacked the technical savvy or good sense to configure LimeWire to prevent
  access to his pornography files is like saying that he did not know enough to close his
  drapes.” (Ibid.)
  The Ninth Circuit reached a similar decision in 

  Borowy, supra

  , 

  595 F.3d 1045

  . In
  that case, an officer used LimeWire to search for a term known to be associated with
  child pornography. (Id. at p. 1046.) From the list of hits, the officer identified known
  child pornography images using a software program “that verifies the ‘hash marks’ of
  files and displays a red flag next to known images of child pornography.” (Ibid.) At
  least one of the pornographic files was shared through what was later determined to be
  the defendant’s IP address. (Ibid.) Based on the results of this investigation, the officer
  obtained a search warrant for the defendant’s residence and found more than 600 images
  of child pornography. (Id. at p. 1047.)
  Citing 

  Ganoe, supra

  , 

  538 F.3d 1117

  , the Ninth Circuit held that the defendant did
  not have a reasonable expectation of privacy because he used a peer-to-peer file sharing
  program. (

  Borowy, supra

  , 595 F.3d at pp. 1047-1048.) The defendant argued that Ganoe
  was distinguishable because, unlike the defendant in Ganoe, he at least made efforts to
  prevent LimeWire from sharing his files. (Borowy, at p. 1048.) The Ninth Circuit
  disagreed. “Despite his efforts, Borowy’s files were still entirely exposed to public view;
  anyone with access to LimeWire could download and view his files without hindrance.
  Borowy’s subjective intention not to share his files did not create an objectively
  reasonable expectation of privacy in the face of such widespread public access.” (Ibid.)
  The Ninth Circuit also rejected the defendant’s contention that the search was unlawful
  because the police used a “ ‘forensic software program’ ” that was unavailable to the
  public to confirm his files contained child pornography. The court explained that
  “Borowy had already exposed the entirety of the contents of his files to the public,
  negating any reasonable expectation of privacy in those files.” (Ibid.)
  Evensen argues that, unlike the defendants in Ganoe and Borowy, he took several
  measures to keep the contents of his computer private, including transferring files from
  his public folder to inaccessible locations, changing the default setting to prevent others
  8
  from accessing his shared public folder, and preventing more than one other user from
  downloading his files from his shared drive at any given time. But substantial evidence
  was presented from which the trial court could properly find that, notwithstanding these
  measures, Evensen had no reasonable expectation of privacy. As we have mentioned,
  Evensen testified that he did not always immediately move files out of his shared folder
  and that another network user once partially downloaded one of his pornographic files.
  He cannot claim that his shared folder was private at all times or that he believed it to be.
  Moreover, RoundUp would not have even detected Evensen’s files if they had never been
  publicly accessible. According to Officer Ichige, RoundUp compiles information from
  files stored in network users’ shared folders and cannot search files stored elsewhere on
  users’ computers.
  Evensen argues that it somehow matters that no evidence established that any of
  his files of child pornography could be downloaded from his shared drive by the time
  Officer Elia began her investigation in February 2013. He argues that the evidence
  showed only that child pornography files had at one time been in a shared folder on a
  computer with an IP address matching that of the computer he was using. But whether
  Officer Elia could view the child pornography in February is not determinative.
  RoundUp reported that known digital images of child pornography had been downloaded
  to Evensen’s computer, and Evensen does not point to any evidence suggesting that the
  report was inaccurate. The information in this report constituted probable cause for the
  issuance of the ensuing search warrants. (Illinois v. Gates (1983) 

  462 U.S. 213

  , 238;
  People v. Camarella (1991) 

  54 Cal. 3d 592

  , 601 [probable cause for a warrant present
  where “there is a fair probability that contraband or evidence of a crime will be found in
  [the] place [to be searched]”].)5
  5
  At oral argument, Evensen’s counsel argued that the search was also illegal
  because the search warrant was not executed until April 2013, four months after Evensen
  was last seen on the peer-to-peer network. Counsel argued that by the time the warrant
  was executed the police had no reason to believe any contraband still remained on the
  premises. We are not persuaded. First, as a matter of procedure, Evensen forfeited this
  argument by failing to make it below or in his briefing. Second, on the merits, we
  9
  Evensen contends that this case is analogous to Kyllo v. United States (2001) 

  533 U.S. 27

  because the RoundUp program is enhanced technology. In Kyllo, the police used
  a thermal imager to scan the defendant’s home and detect high-intensity lamps typically
  used for indoor marijuana growth. (Id. at pp. 29-30.) Based in part on information
  gathered from the thermal scan, the police obtained a warrant to search the defendant’s
  home and found an indoor growing operation. (Id. at p. 30.) The Supreme Court held
  that the use of the thermal imager constituted an unlawful search. (Id. at p. 40.) The
  court reasoned that where the government uses sense-enhancing technology that is not in
  general public use “to explore details of the home that would previously have been
  unknowable without physical intrusion, the surveillance is a ‘search’ and is
  presumptively unreasonable without a warrant.” (Id. at pp. 35, 40)
  Kyllo v. United 

  States, supra

  , 

  533 U.S. 27

  does not control here. While it is true,
  as Evensen points out, that RoundUp may be sophisticated and only available to law
  enforcement officials, the software does not search for otherwise unknowable evidence of
  illegality. Instead, it monitors only activities on a public peer-to-peer network, a space
  where, as we have discussed, Evensen had no reasonable expectation of privacy.
  Evensen’s reliance on United States v. Ahrndt (D. Or. Jan. 17, 2013, No. 3:08-CR-
  00468-KI) 

  2013 WL 179326

  is also misplaced. In that case, the defendant unknowingly,
  and through a program default, shared content in his LimeWire folder over his home
  wireless network. (Id. at p. *7.) The defendant’s neighbor inadvertently accessed the
  defendant’s wireless network and alerted the police after seeing a list of file names on the
  defendant’s computer suggesting the presence of child pornography. (Id. at pp. *1-2.)
  The district court held that there was no Fourth Amendment violation when the police
  looked at data on the network that the neighbor, a private citizen, had previously
  searched. (Id. at p. *6.) At the same time, the court held that there was a Fourth
  Amendment violation when the police opened images the neighbor had not viewed. (Id.
  disagree that the passage of four months rendered the information too stale to support the
  search warrant’s execution. (See, e.g., United States v. Hay (9th Cir. 2000) 

  231 F.3d 630

  ,
  636.)
  10
  at p. *8.) It reached this holding because there was no evidence the defendant
  “intentionally enabled sharing of his files over his wireless network, and there [was] no
  evidence he knew or should have known that others could access his files by connecting
  to his wireless network.” (Id. at pp. *6-7.) In contrast, here the police did not violate any
  reasonable expectation of privacy because, unlike the defendant in Ahrndt, Evensen
  intentionally used a publicly accessible peer-to-peer network.
  In short, we reject Evensen’s Fourth Amendment claim because Evensen had no
  reasonable expectation of privacy in his shared folder associated with the peer-to-peer
  network. In light of this conclusion, we need and do not decide whether Evensen would
  have had a reasonable expectation of privacy if he had been able to successfully prevent
  other users from accessing his shared folders or if he had downloaded the digital
  pornographic material by means other than using a peer-to-peer network.
  III.
  DISPOSITION
  The judgment is affirmed.
  _________________________
  Humes, P.J.
  We concur:
  _________________________
  Margulies, J.
  _________________________
  Dondero, J.
  11
  Trial Court:
  Napa County Superior Court – Main
  Trial Judge:
  Honorable Mark Boessenecker
  Counsel for Appellant:
  Paul Richard Kleven, First District Appellate Project
  Counsel for Respondent:
  Kamala D. Harris, Attorney General
  Gerald A. Engler, Chief Assistant Attorney General
  Jeffrey M. Laurence, Senior Assistant Attorney General
  René A. Chacón, Supervising Deputy Attorney General
  Bruce Ortega, Deputy Attorney General
  People v. Evensen (A145162)
  12
  

• Sign In
• Sign Up