Digital Possession in Criminal Law
In December 2021, I defended a related case in the Larnaca District Court where the prosecution’s evidence hinged on thousands of images and videos found in browser cache files. The technical challenge was profound: proving that automatic app storage doesn’t constitute legal possession under Cyprus criminal law.
My client accessed content through Telegram groups and web browsers—ordinary internet usage that generated over 3,000 cached files without his knowledge or control. The prosecution argued these cached terrorism-related materials proved “possession” under Article 9 of the Counter-Terrorism Law. We demonstrated that cache files are ephemeral technical residues: created automatically, stored invisibly, and beyond user control. The case crystallized a fundamental question for the digital age: when machines store data autonomously, where does criminal liability begin?
The Legal Framework
Criminal possession requires both knowledge and control. The Cyprus Penal Code’s definition demands awareness that material exists and the ability to exercise dominion over it. Cache files fail both tests: users don’t know they exist, can’t access them without technical expertise, and have no control over their creation or deletion.
The Ninth Circuit’s landmark decision in United States v. Kuchinski established the principle that cached files without user knowledge cannot constitute possession. Cyprus courts have followed this reasoning, recognizing that viewing content online differs fundamentally from deliberately storing it. The distinction protects citizens from strict liability for their browsers’ automated processes.
Technical Realities
Browsers cache content to improve performance, not preserve evidence. Files appear and vanish according to algorithms users never see. The cache directory sits buried in system folders, inaccessible through normal navigation. Even finding these files requires specialized knowledge most users lack.
This automation matters legally. When prosecution conflates temporary technical storage with intentional possession, it criminalizes the act of browsing itself. Every click potentially becomes a crime if the wrong content gets cached. Such interpretation would make the internet legally unusable, turning standard web protocols into instruments of strict criminal liability.
Defending Digital Rights
Cache possession cases reveal how criminal law struggles with digital reality. The traditional mens rea framework—requiring both knowledge (Wissen) and will (Wollen)—remains essential for justice. Without it, automated processes become tripwires for prosecution, and technical ignorance becomes criminal negligence.
For defense counsel, the strategy is clear: distinguish deliberate downloading from passive caching, demonstrate the defendant’s lack of technical knowledge, and emphasize the absence of user control. Expert testimony on browser mechanics often proves decisive. Courts increasingly recognize that «possession» cannot extend to files users neither created, accessed, nor knew existed. This precedent protects not just individual defendants but the principle that criminal law requires human agency, not machine automation.