How to Prove That a Computer Uploaded Documents to the Cloud

In R. v Cusick, the Ontario Superior Court upheld a search warrant of a computer where that computer was suspected of having been used to upload child pornography to a cloud storage service.

What one searches for, apparently, are ‘artifacts’ – digital traces of the child porn files that passed through the computer on the way to the cloud. The case notes the difference between uploading from the computer’s hard drive (in which case the files may also still be on the computer) and uploading from a USB drive or mobile device (in which case they may not be, but there may be ‘artifacts’.)

When one has access to the images in the cloud and the artifacts on the suspect’s computer, a link can be sufficient to justify a conviction for possession (and presumably trafficking, if the evidence were right.)

Para 120ff of the judgment have some detail about linking the cloud images to the suspect’s computer.

So … it’s not that easy to hide things in the cloud (not that anyone reading this note would want to.)

Does that make sense to you?

[h/t Barry Sookman]

P.S. How did the police find the images in the cloud, in order to connect them with the suspect’s computer? Apparently Microsoft has developed with a university a photo recognition program and runs that program against all the stuff stored in its cloud service (Skydrive). When it finds a match, U.S. law requires it to report to a national clearing house, which then forwards material originating in Canada to a Canadian counterpart, which in turn forwards the information to local police for investigation. R v Cusick deals with how the police developed enough information to justify a search warrant for the suspects’ computers. So in this case, it started in the cloud and came to ground afterwards.

Query: if one encrypted the documents/images that one uploaded to the cloud, could the recognition tool work? One suspects not.