David Winkler appeals from two counts of his four-count conviction for receipt and possession of child pornography, challenging the sufficiency of the evidence supporting his conviction. Primarily, he argues that his conviction for knowing receipt of child pornography cannot stand because it was based on images found only in the temporary storage of his computer hard drive. We now AFFIRM.
I.
Winkler’s name came to the attention of law enforcement during two national investigations led by elements of Immigration and Customs Enforcement (ICE) during 2005 and 2006. The first, “Operation Emissary,” was initiated in 2005. That investigation led to the discovery of a child pornography website. In order to access that website, a potential user visited a welcome page that offered samples of child pornography, and unlimited memberships for $79.95 and $90.00 for twenty days and a month respectively. Once a purchase had been made, the user would receive an email from an unrelated address a day later containing a link to the illicit content. Following the link led to a sign-in screen which required a username and password, after which the website warned that its contents were illegal in all countries. Evidence at trial established that after enter *694 ing the website through those initial screens, a user could access approximately 1,000 images of child pornography, including videos. Having executed a search warrant for the physical internet server hosting the website, ICE agents discovered that the e-mail account of “dcwink@ktc. com” together with a zip code, city and street address, was transmitted to the website as part of a membership sign-up procedure. Agents then investigated payments made to the website. They found that a credit card belonging to David Winkler was used to make purchases of child pornography on two dates.
“Operation Flicker,” a second ICE investigation initiated in 2006, focused on a specific commercial child pornography service which contained within it links to hundreds of individual child pornography websites. The agent in charge of the investigation accessed the website to confirm that it contained child pornography, and also conducted undercover purchases of access to discover the contents of the various linked sites. In the course of his investigation, the agent determined that someone using a paypal account associated with David Winkler had purchased access to one of those linked sites.
David Winkler’s name was then referred to local ICE agents in February 2007. By obtaining credit card records, those agents were able to determine that Winkler’s credit card was used for transactions in the same dates and amounts that were discovered in the Operation Emissary and Operation Flicker leads. The credit card records verified those purchases and showed that they were never credited back to the account or disputed. ICE then executed search warrants for Winkler’s home and office addresses. As a result of its investigation, ICE seized several computers and hard drives belonging to Winkler. Three of the seized hard drives are relevant to this case: the Quantum Fireball hard drive, the Seagate hard drive and the Maxtor hard drive.
Agent James Beard, a computer forensics agent, conducted a forensic investigation on each of those hard drives. He discovered images and videos of child pornography on all three. Specifically, Beard found 261 images of child pornography on the Quantum hard drive, 26 video files containing child pornography on the Max-tor hard drive, and 261 images and 18 videos containing child pornography on the Seagate hard drive. Many of the files found on the Quantum hard drive were located in the utilities CD-ROM toolkit extras folder, a folder normally dedicated to files related to the Apple CD-ROM toolkit application. As Beard testified, that was not a normal place for the computer to store files downloaded by the user, but rather a special directory reserved for files associated with a specific hardware utility. To save a file there, an individual would have to browse his hard drive’s contents and specifically choose that obscure directory. On the Seagate hard drive, most of the child pornography files were contained in the program files directory, in a folder entitled “wait2.” That is also not a default location for user downloaded files. Moreover, Beard discovered a text file in the program files directory entitled “med study list.” Instead of containing a list of medical publications as the file name indicates, however, the file contained links to child pornography sites.
As for the Maxtor hard drive, which contains all the child pornography specifically at issue in this appeal, Beard testified that he found two user accounts. The first was an account named “user” — which Winkler admits was intended for his use— and the second a “staff’ account, used by Winkler’s office staff. Both accounts were *695 password protected, and the password for the “user” account was the same password Winkler used for his home computer. Beard testified that the “staff’ account on the Maxtor hard drive did not contain any child pornography. In his forensic investigation of the “user” account, however, Beard found a total of 26 video files of child pornography.
Five of those video files were located in a temporary internet cache — where internet browser software automatically saved the content of visited websites for the purpose of reducing page-loading time if the user revisits the site — including the only two files alleged in Count One. Evidence elicited by the government showed that those two files had been downloaded from the “members only” section of a child pornography website. Beard further testified that a video file is copied to a temporary internet cache when the user takes an affirmative action such as clicking on the video in order to play it. Thus, Beard explained, a video file differs as a technological matter from a still photo displayed on a web site, which is downloaded automatically to an internet cache when the web page it is displayed on is loaded.
The other 21 illicit videos were stored in various subfolders within the “mydoeuments” folder of the Maxtor hard drive. Two of the files listed in Count Five were saved to the “lpackl9vi” folder. Beard also discovered a zip file of the same name saved on the Maxtor hard drive. By cracking the password protecting the zip file, he discovered that those two files listed in Count Five had been extracted into the lpackl9vi folder from that zip file. The other two video files listed in Count Five were saved to the “lpack20vi” and “lpack21vi” folders respectively. Beard testified that those video files also appeared to have been extracted from zip files of the same name as the directory in which they were saved. Beard testified that all four zip files he discovered on the Maxtor hard drive were downloaded to the Maxtor hard drive in the password protected “user” accounts between 9:49 p.m. and 9:56 p.m. on December 21, 2004.
In the course of his forensic investigation, Beard also checked whether any type of viruses or malware had infected the Maxtor hard drive. He found none. He also found no indication of remote access to the Maxtor hard drive that could indicate that a trojan or other kind of virus or invasive software downloaded illicit files to the hard drive without Winkler’s knowledge.
As a result of the ICE investigation, Winkler was charged with receiving and possessing child pornography under 18 U.S.C. 2252(a)(2) and 18 U.S.C. 2252A(a)(5)(B), and his case was tried to a jury in 2009. He was convicted, and sentenced to 72 months imprisonment on Count One, and. 73 months imprisonment on Counts Three, Four and Five, all to run concurrently, followed by concurrent 15 year terms of supervised release on each count. No fine was imposed, but Winkler was ordered to pay a $100 special assessment as to each of the four counts of conviction. In this appeal, Winkler disputes only his convictions on Counts One and Five. Specifically, Count One alleges, under 18 U.S.C. 2252(a)(2), that Winkler “did knowingly receive” two video files depicting minor females engaging in sexual activity with adult males. Count Five alleges, under 18 U.S.C. 2252A(a)(B)(5), that Winkler “did knowingly possess” four video files depicting minor or prepubescent females engaging in sexual activity.
II.
Winkler makes two claims on appeal. First, he claims that because the images alleged in Count One were found only in *696 his temporary internet cache, there was insufficient evidence to support his conviction for “knowingly receiving” those images under 18 U.S.C. 2252(a)(2). Second, he claims that the evidence at trial was insufficient to support his conviction, on Count Five, for possessing certain other images under 18 U.S.C. 2252A(a)(5)(B). In support of that argument, he offers various alternative explanations for the presence of the files on his hard drive, and also contends that the government failed to show that the images alleged in Count Five of his indictment traveled in interstate commerce.
A challenge to the sufficiency of evidence following a proper motion for acquittal is reviewed by this court de novo.
United States v. Valle,
A. Winkler’s Conviction for Knowing Receipt of Child Pornography
Winkler argues that his conviction for Count One must be set aside because the government failed to prove that he knowingly received the two files at issue. 1 He argues that the most the evidence shows is that he viewed those two videos over the internet, and that he was unaware that the files would be automatically downloaded into the temporary cache on his staff computer. Thus, he asserts that those facts cannot support a conviction for knowing receipt of electronic child pornography.
We disagree. To be sure, the exact contours of the crime of “knowingly receiving” electronic child pornography in a constantly shifting technological background are murky. Part of the problem is that computers connected to the internet store vast quantities of data about which many users know nothing. As a user browses the internet, the computer stores images and text and other kinds of data in its temporary memory the way a ship passing through the ocean collects barnacles that cling to its hull. Thus, there is some risk that the computer of an internet user not intending to access child pornography may be infected with child pornography. Understandably, our sister circuits have struggled with whether to impute knowledge from the presence of illicit files found in such temporary storage. 2
*697
The Tenth Circuit recently reversed a conviction for knowing receipt of child pornography based entirely on two electronic photographs found only in the defendant’s internet cache.
United States v. Dobbs,
By contrast, in two other cases involving child pornography found in a user’s internet cache, the Tenth Circuit upheld convictions where a review of the evidence showed that the evidence did point eonvincingly towards the defendant’s intent.
See United States v. Bass,
Other circuits have agreed that while “the specter of spam, viruses, and hackers must not prevent the conviction of the truly guilty ... prosecutors, judges and juries have a duty to safeguard — as best as they are able — potential defendants when receipt of child pornography might well have been truly inadvertent.”
United States v. Pruitt,
No. 10-10829,
However, the Ninth Circuit has affirmed convictions where the evidence of knowledge was stronger than in
Kuchinski. See United States v. Romm,
What unites these cases is not the cache as such, but rather the broader concern that an internet user may find himself ensnared in a child pornography case unwittingly, by virtue of files that were copied to temporary storage and never knowingly received.
Cf United States v. Stulock,
The facts in this case are far more like those in
Tucker, Bass, Romm
and
Pruitt
than those in
Dobbs
and
Kuchinski.
“The mere presence of the files in the cache is certainly proof that the files were
received.” Dobbs,
The jury also heard testimony that Winkler had downloaded dozens of images of child pornography, and that the files he received from those sites were often hidden (albeit amateurishly) behind password walls in his own user account or in unnatural locations in the computer’s file hierarchy rather than the normal location for downloaded material. The jury also heard that Winkler kept a catalogue of child pornography links, masquerading as a list of medical studies, in one of his hard drives. Those facts speak to a pattern of child pornography receipt and possession that could also have caused a rational jury to conclude that Winkler knowingly received the files in Count One. In sum, this is not the exceptional case in which the government has persisted in bringing a criminal prosecution against the unknowing victim of a computer’s inner workings.
B. Sufficiency of the Evidence Supporting Count Five
Winkler makes a series of arguments disputing the proof the government adduced showing that he downloaded the files at issue in Count Five. He relies on a Wal-mart store receipt showing that he *700 purchased several items with his credit card at 10:52 p.m. on December 21, 2004. He argues that because the government’s evidence showed the illicit files in question were downloaded at 10:53 p.m. on the same day, “it would be impossible for him to be the person at the staff computer downloading the zip files at that time.” Winkler also points to other evidence in support of his innocence. For example, that there had been virus problems on that computer “several years ago,” that he had not changed his password in twelve to fifteen years and that several cleaning crews and other individuals had access to his computer area over the years. He also argues that the government failed to show that there had been an after hours opening of his medical office on December 21, 2004 and thus the government presented no evidence that Winkler had entered his office late at night to access child pornography. Finally, Winkler argues that because he himself chose to present the staff computer for review by pre-trial forensic experts, it is not plausible that he was aware of child pornography on that computer.
Viewing the evidence in the light most favorable to the verdict, the Government produced sufficient evidence for a reasonable juror to find that Winkler knowingly downloaded the files at issue in Count Five.
See United States v. Percel,
At most, Winkler posited plausible alternative explanations for how the illicit pornography came to be on his computer. But a jury is not required to accept
any
alternative explanation.
United States v. Moreno,
Winkler also argues that his conviction on Count Five should be reversed because “the Government offered no evidence to show that any of the files alleged in Count Five had ever traveled on the Internet, or had otherwise moved in interstate commerce,” and thus the government failed to prove the jurisdictional element of the crime. Winkler is incorrect. Evidence at trial established that the zip files housing
*701
the individual videos at issue in this count were obtained from a website. Evidence at trial further demonstrated the files at issue in Count Five were extracted from those zip files onto Winkler’s hard drive, and thus that the files came to Winkler’s computer from the internet.
See United States v. Runyan,
III.
For the foregoing reasons, Winkler’s conviction is AFFIRMED.
Notes
. At the threshold the government argues that Winkler waived his claims on Count One of the indictment by omitting the argument he now makes from his oral motion for acquittal during trial. Thus, the government argues, his conviction must be reviewed under the stringent "manifest miscarriage of justice” standard. See United States v. Phillips, 477 F.3d 215, 219 (5th Cir.2007). We need not decide that question, however, because we conclude that the evidence supports Winkler’s conviction under the standard for the review of a jury’s verdict.
. The other problem that courts have grappled with, and which Winkler raises in passing, is the difference between the quantum of proof necessary to show "knowing receipt” of child pornography as opposed to what some courts have characterized as the lesser included offense of "knowing possession.”
See, e.g., United States v. Miller,
. This court's only directly relevant case, an unpublished disposition, is consistent with the decisions of our sister circuits.
See United States v. Calderon,