APPEAL
FROM THE GARLAND COUNTY CIRCUIT COURT [NO. 26CR-17-295]
HONORABLE JOHN HOMER WRIGHT, JUDGE
Ben
Motal, for appellant.
Leslie
Rutledge, Att'y Gen., by: Chris R. Warthen, Ass't
Att'y Gen., for appellee.
BRANDON J. HARRISON, Judge.
A
Garland County Circuit Court jury found Gerald Lee Groomes
guilty of twenty counts of distributing, possessing, or
viewing matter depicting sexually explicit conduct involving
a child. On appeal, he argues that some of the images do not
depict sexually explicit conduct, that there was insufficient
evidence that he knowingly viewed or possessed prohibited
material, and that his convictions violate constitutional
prohibitions on double jeopardy and cruel and unusual
punishment. We affirm.
In May
2017, Groomes was charged with thirty counts of distributing,
possessing, or viewing matter depicting sexually explicit
conduct involving a child.[1] At a jury trial in May 2018, Special Agent
Michael Hendrix, an employee of the Arkansas Attorney
General's Office Special Investigations Division,
testified that he works in the cybercrimes unit and primarily
investigated child-exploitation cases. He explained that as
an investigator, he has specialized tools that monitor
peer-to-peer networks, which allow the transfer of digital
files over the internet from one computer to another. These
tools focus on anyone who offers to participate in the
sharing of child-exploitation material and makes such files
public. The system identifies that user's IP address,
which can provide the user's geolocation, service
provider, and physical address or name assigned to the
account.
Hendrix
testified that on 5 October 2016, he connected with IP
address 99.43.27.24; that user was offering to participate in
the sharing of child pornography. Hendrix's computer
connected with that user's computer and was able to
download 185 files of alleged child-exploitation material
between October 5 and 8 January 2017. On 19 March 2017,
Hendrix connected with the same IP address and downloaded one
additional file of alleged child pornography. At that point,
Hendrix assigned the case to another agent to initiate the
legal process of obtaining a subpoena for that user's
service provider and to proceed with the case.
On
cross-examination, Hendrix confirmed that the IP address he
had connected with belonged to Groomes's home computer.
He also said that Groomes used a program called uTorrent to
download and share the images. Hendrix agreed that he cannot
tell if a person opened a file on his or her own computer,
but he can show that a file was downloaded and stored in a
shared folder.
Drew
Evans testified that in January 2017, he had been a special
agent with the Arkansas Attorney General's Office and
worked in the cybercrimes unit. Evans took over Hendrix's
investigation and identified approximately 280 files
containing suspected child pornography in the files he
received from Hendrix. Evans personally viewed each image and
identified it as sexual-exploitation material. He subpoenaed
AT&T to obtain the subscriber information for the IP
address; the subscriber was identified as Gerald Groomes. On
1 March 2017, Evans and Agent Jeremiah Terrell went to
Groomes's address and confirmed that Groomes had lived
there by himself since 2011. On March 19, with Groomes's
computer still actively sharing child-exploitation material,
Evans began drafting a search warrant. The warrant was
executed on March 23, and agents seized Groomes's
computer and hard drive. Special Agent Chris Cone, a
computer-forensics expert, examined the evidence at the scene
and confirmed the presence of explicit images, so Groomes was
arrested.
Cone
testified that agents found a desktop computer that was
powered off in Groomes's residence. Cone explained that
he removed the side panel, disconnected the power and
data-connection cables on the back of the hard drive, and
connected them to his own laptop, which allowed him to read
the information contained on the hard drive. He was able to
quickly determine that file-sharing software was installed on
the hard drive and that there were "files of interest to
this investigation" on the hard drive. He then stopped
his examination and transported the hard drive to his lab in
Little Rock, where he created an "acquired forensic
image, " meaning a copy, of the hard drive so he could
work from the copy without jeopardizing the original. Cone
applied a filter that allowed him to view all the still
images or videos containing child pornography regardless of
where those images were stored on the hard drive. Cone also
determined that the hard drive's current Windows
operating system had been installed on 1 March 2017,
twenty-two days before the search warrant was executed, and
contained one user-created account named "great."
Cone confirmed the presence of file-sharing software,
specifically uTorrent, on Groomes's computer, and
explained that uTorrent stores data in the user account
associated with the software-in this case the
"great" account. Cone described that within each
user account there is a hidden folder named "AppData,
" which is
a folder that is just placed there by the operating system
and it is typically hidden from the user's view. It's
not to say that a user couldn't make changes to the
system and look at it, but by default it's hidden.
And within the AppData folder are three additional folders
and they're labeled "Local, LocalLow, and
Roaming." And in the Roaming folder with uTorrent,
there's an entry for the uTorrent software. And not just
with uTorrent, but with a lot of programs that you install on
a computer, they make entries into the Local or the Roaming
and sometimes LocalLow folder with an AppData. And it's
just a mechanism for Microsoft Windows to store settings and
features and preferences about that program that's
installed on the system.
Cone
explained that "when a user is interacting with folders
and files and they double-click a folder or they double-click
a file and they open it, a link file is created in the-in an
area within AppData for a recent file."
In this
case, Cone identified six files within the uTorrent folder
with names that, in his experience, are consistent with child
sexual-abuse material: "LS Star, " "LS Little
Guests, " "LS Land Issue 18 Alien Stars, "
"LS Barbie, " "Lolita Magazine 8YO, " and
"Flower Power 7YO." He said that a
"shortcut" link to the uTorrent software had been
"pinned" to the computer's task bar by the
"great" Windows user account. Cone also found names
of video files associated with VLC media-player software in
the AppData folder corresponding to VLC; the most recently
played videos included "9YO Girl Masturbate on Webcam
and Piss on Floor, " ...