Charged With an Internet Sex Crime in Utah?
The Case Was Built Before You Knew It Existed.
Internet Sex Crimes Defense Lawyer in Northern Utah
Internet sex crime investigations develop quietly, often for months, before law enforcement makes contact. By the time someone learns they are under investigation, the State has already built its case. Understanding how that case was built — and where it is most vulnerable — is where the defense begins.
Internet sex crime cases develop differently from almost every other category of criminal matter.
There is rarely a moment of confrontation. There is rarely a clear event that the person being investigated knows has occurred and that they understand is being treated as criminal. Instead, the case develops in the background — through device examination, platform record requests, IP address identification, undercover online communication, and forensic analysis that happens without any notice to the person being investigated. By the time law enforcement makes contact, the investigation may have been running for weeks or months. The State's theory of what happened has already been formed. The digital evidence has already been collected, examined, and interpreted. And the person at the center of it has almost certainly had no opportunity to challenge any part of that process.
That asymmetry — between what the State has built and what the person being investigated knows — is what makes internet sex crime cases uniquely dangerous. And it is also what makes early, strategic defense intervention more consequential in this category of case than in almost any other.
At McAdams Law PLLC, Andrew McAdams represents individuals throughout Utah facing internet sex crime investigations and charges with a focus on examining how the digital evidence was gathered, whether the legal process used to obtain it holds up under scrutiny, and what the evidence actually proves when it is examined carefully rather than accepted at face value.
Before focusing exclusively on defense work, Andrew McAdams spent years as a former prosecutor — making charging decisions, evaluating digital evidence, and understanding from inside the system what causes internet sex crime prosecutions to succeed and where they are most vulnerable to challenge. That perspective is the foundation of how every internet crimes defense at McAdams Law gets built.
If detectives have made contact, if a device has been seized, if you are aware that an investigation may be underway, or if charges have already been filed — the defense that starts earliest has the most to work with. Call (801) 449-1247 for a free confidential consultation — available 24 hours a day. Everything discussed is protected by attorney-client privilege from the very first call.
The Charges That Arise From Internet Sex Crime Investigations
Internet sex crime investigations in Utah produce a range of charges that carry significantly different elements, different levels of exposure, and different long-term consequences. Understanding what each charge actually requires the State to prove — and where the evidence supporting each charge is most vulnerable — is the foundation of how the defense is built.
Enticing a Minor — Utah Code Section 76-4-401
Enticing a minor is one of the most commonly charged internet sex crimes in Utah and one of the most frequently misunderstood by people facing it.
The charge does not require that the defendant ever meet or have physical contact with a minor. It does not require that the alleged victim was actually a minor. It requires that the defendant, using any electronic communication device, transmitted a communication to someone the defendant believed to be a minor — and did so with the intent to commit a sexual offense.
That last element — intent — is the center of almost every enticing a minor defense. Intent is established by the prosecution through the content of the online communication, and that communication is almost always the product of an undercover law enforcement operation where officers created the contact, directed the conversation, and documented everything that was said. The alleged victim was never a real child. The danger was never real in the way the charge suggests. What was real was a conversation — and the question of what that conversation actually proves about the defendant's intent and predisposition is where the defense has its most significant opportunities.
Enticing a minor is a second-degree felony in Utah, carrying a potential sentence of one to fifteen years in prison. Because the charge can arise entirely from an online conversation without any physical contact, without any real minor being involved, and without any conduct beyond typed messages, it is also one of the charges where the entrapment defense and the challenge to how the undercover operation was conducted are most directly relevant.
Attempted Enticing of a Minor
Attempted enticing of a minor arises when the State cannot establish that the defendant completed the statutory elements of enticing but can establish that the defendant took a substantial step toward doing so.
In practice, the distinction between the completed offense and the attempt is often determined by how far the online conversation progressed before law enforcement made contact or ended the interaction. The defense examines what the conversation actually showed — whether the defendant's messages demonstrated genuine intent or something more ambiguous, whether the undercover officer pushed the conversation in a direction it was not going naturally, and whether what was said actually constitutes a substantial step toward a completed offense or reflects something that falls short of the statutory requirement.
Attempted enticing carries third-degree felony exposure — one to five years in prison — which is meaningfully less severe than the completed offense. Understanding the distinction between these two charges, and whether the evidence supports the more serious charge or only the attempt, is part of what the defense needs to evaluate carefully from the outset.
Sexual Exploitation of a Minor — CSAM Possession
Sex crimes defense in Utah involving child sexual abuse material begins with understanding what the State must actually prove. Sexual exploitation of a minor under Utah Code section 76-5b-201 covers the possession of child sexual abuse material and is one of the most serious charges that arises from device examinations in internet sex crime investigations.
What the State must prove is that the defendant knowingly possessed material that depicts a minor engaged in sexually explicit conduct. The word knowingly carries significant weight — the State must establish that the defendant was aware of the material's existence and character, not simply that the material existed somewhere on a device the defendant used or had access to.
A meaningful number of these investigations originate not from sting operations or device searches initiated by local law enforcement, but from automated reports filed by platform providers — including cloud storage services like Google Drive and Dropbox — with the National Center for Missing and Exploited Children. When a platform's automated detection system flags content and generates an NCMEC report, that report becomes the foundation of the investigation. Understanding the specific reporting pathway that initiated the investigation — what triggered the automated detection, whether the flagged content was accurately identified, and what the report does and does not establish about the defendant's knowing possession — is part of how the defense evaluates the strength of the State's attribution evidence from the very beginning.
The knowing possession requirement creates defense opportunities that are more significant than most people realize when they first learn that CSAM was found on a seized device. Shared devices create genuine uncertainty about who accessed or downloaded specific material. Malware and peer-to-peer file sharing software can result in material being cached on a device without the user's knowledge or intent. Files can be downloaded in bulk through applications without individual review.
Hash value matching is the specific technical process by which CSAM files are most commonly identified on seized devices. Law enforcement forensic databases contain cryptographic hash values — essentially digital fingerprints — of known CSAM files, and forensic tools compare files found on seized devices against those databases. When a file's hash value matches a value in the database, it is flagged as known CSAM. That process is presented by prosecutors as definitive identification — but it has significant limitations that the defense needs to examine. Hash matching can produce results that do not establish knowing possession: files that were hash-matched but never opened by the user, cached thumbnail images generated automatically by the operating system when a webpage loaded without any intentional download, and files that arrived through peer-to-peer software caching without the user selecting or viewing them. The forensic examination methodology — how investigators identified the files, how they established when and how they were acquired, and what evidence links the specific defendant to specific files rather than to the device generally — is where the defense examination begins.
Sexual exploitation of a minor is a second-degree felony in Utah for a first offense and a first-degree felony for subsequent offenses, carrying mandatory sex offender registration consequences that must be analyzed from the very beginning of the case.
Distribution and Production of Child Sexual Abuse Material
Distribution and production charges represent the most serious tier of internet sex crimes in Utah and carry the most severe sentencing exposure.
Distribution charges arise when the State can establish that CSAM was shared, uploaded, or transmitted — not merely possessed. In many cases, distribution charges are generated automatically by peer-to-peer file sharing software that shares files with other users on the network without the defendant's specific awareness that sharing was occurring. Whether the defendant understood that the software was sharing files, and whether that sharing constitutes knowing distribution under the statute, is a critical defense issue in many of these cases.
Production charges arise when the State alleges that the defendant created CSAM — through recording, photographing, or generating material depicting a minor in sexually explicit conduct. These are among the most serious charges in Utah criminal law, carrying first-degree felony exposure and the most severe registration consequences available under the statute.
The defense in distribution and production cases examines the technical operation of whatever software or platform was involved, the forensic evidence establishing what the defendant actually did versus what the application did automatically, and whether the evidence of knowing distribution or production meets the statutory standard or relies on assumptions about technical processes that the defendant may not have understood or controlled.
Dealing in Material Harmful to a Minor — Utah Code Section 76-10-1206
Dealing in material harmful to a minor is a distinct charge from CSAM offenses and covers a broader range of material — content that is harmful to minors under the statutory definition but does not necessarily meet the legal threshold for child sexual abuse material.
The charge arises most commonly in the context of online communications where explicit material was sent to someone the defendant believed to be a minor, or in device examinations where material was found that does not meet the CSAM standard but falls within the harmful to minors definition. It also appears in cases where the prosecution cannot establish the elements of the more serious exploitation charges but can establish that harmful material was distributed or possessed with intent to distribute.
Understanding the distinction between this charge and the more serious exploitation offenses matters enormously for plea strategy and long-term consequence planning. The registry implications of a dealing in harmful material conviction differ from those of a sexual exploitation conviction — and those differences need to be analyzed from the very beginning of the case, not at the sentencing stage when the plea has already been accepted and the options have narrowed.
Dealing in material harmful to a minor is a class A misdemeanor for a first offense involving distribution to a single minor, but escalates to felony exposure for repeat offenses or distribution to multiple minors. The elements the State must prove — that the material meets the statutory definition of harmful, that the defendant knew the recipient was a minor or believed them to be, and that the distribution was intentional — all create defense opportunities that a careful examination of the facts will identify.
Lewdness Involving a Child Through Electronic Communication
Lewdness involving a child through electronic communication covers conduct that is sexually explicit but falls below the threshold of the more serious exploitation charges — typically the transmission of images or messages of a lewd or sexual nature to someone the defendant knew or believed to be a minor.
These charges frequently arise from online conversations that began on social media platforms, dating applications, or gaming platforms where age verification is minimal or nonexistent. Some charges in this category arise from situations where the defendant was misled about the other person's identity or age — where the online persona presented did not accurately reflect who the defendant believed they were communicating with — and the defense examines the full record of how the interaction developed rather than accepting the prosecution's characterization of what the defendant knew or believed. The defense also examines what the defendant actually knew or believed about the alleged victim's age, whether the platform's design made age verification impossible or misleading, and whether the communication actually meets the statutory definition of lewdness as opposed to something that was sexually suggestive but does not rise to the legal standard the charge requires.
Online Solicitation and Communication Charges
Beyond the specific statutory charges discussed above, internet sex crime investigations in Utah frequently generate additional charges based on the content of online communications — solicitation of a minor, communication with a minor for unlawful purposes, and related offenses that arise from what was said in the digital record the investigation captured.
Each of these charges has its own statutory elements and its own evidentiary requirements. Each creates its own defense opportunities based on what the communication actually shows when examined in full context rather than in the selective presentation the prosecution will offer. And each carries its own consequences for registration, sentencing, and long-term professional and personal impact that need to be analyzed as part of the overall defense strategy from the outset.
Law Enforcement Sting Operations and the Entrapment Defense
A significant percentage of Utah internet sex crime prosecutions do not arise from complaints by real victims. They arise from law enforcement sting operations — undercover investigations where officers create online personas, initiate contact with individuals on social media platforms, dating applications, or chat forums, and direct conversations in a direction that generates evidence of criminal intent.
Understanding how these operations work is essential to understanding where they are most vulnerable to challenge.
In a typical Utah internet sting operation, an undercover officer creates a profile on a platform, makes contact with the target, and introduces the theme of sexual interest in a minor — either by revealing that the persona is underage or by steering the conversation in that direction. The officer documents the conversation and, if the target continues engaging after the minor's age is introduced, uses the subsequent messages as evidence of intent. In many cases, the officer pushes the conversation toward explicit content, toward a meeting, or toward specific statements that can be used to establish the elements of the charge.
The entrapment defense in Utah requires establishing two things. First, that the idea of committing the offense originated with law enforcement rather than with the defendant. Second, that the defendant was not predisposed to commit the offense before law enforcement made contact.
That second element — predisposition — is where most entrapment defenses succeed or fail. The State will argue that regardless of what the officer did, the defendant's response demonstrated that he was already predisposed to engage with minors sexually. The defense examines the full record of the conversation — not the excerpts the prosecution presents — to establish that the defendant's engagement was the product of persistent pressure, escalating direction by the undercover officer, and a conversation that was shaped and driven by law enforcement rather than initiated and driven by the defendant.
Entrapment is not available in every sting case. Whether it applies depends entirely on the specific facts of how the operation was conducted. But in cases where officers pushed, pressured, or escalated a conversation that the defendant was not driving, the defense has real traction — and the full conversation record, examined carefully rather than in the selective version the prosecution will present, often tells a very different story than the charges suggest.
Device Searches and Warrant Challenges
The digital evidence in an internet sex crime case almost always comes from a seized device — a phone, a laptop, a tablet, or a combination of devices. The legal validity of the search that produced that evidence is often the most consequential issue in the entire case.
Search warrants for electronic devices must satisfy specific constitutional requirements under both Utah and federal law. The warrant must be supported by genuine probable cause — a real and specific connection between the alleged criminal conduct and the device being searched, not a generalized suspicion that the device might contain relevant material. The affidavit used to obtain the warrant must accurately represent what investigators actually knew at the time they sought it, without overstating evidence, omitting facts that would have affected the judge's analysis, or drawing conclusions from assumptions rather than established facts.
Scope limitations are among the most important and most frequently violated constitutional requirements in digital device searches. A warrant authorizing a search for evidence of one specific offense does not authorize unlimited forensic examination of every message, photograph, financial record, browsing history, and personal communication on the device going back years. When investigators use a single allegation as authorization to conduct a comprehensive review of a person's entire digital life, that overreach creates a direct basis for challenging the scope of the search and suppressing the evidence obtained beyond the warrant's actual authorization.
Cloud storage warrants operate under a different legal framework than device warrants and create their own set of challenges. A warrant authorizing the search of a physical device does not automatically authorize access to cloud-stored data — iCloud accounts, Google Drive, Dropbox, and similar services require separate legal process to access. When investigators obtain cloud data without proper legal authority, or when they use a device warrant to access cloud services the warrant did not specifically authorize, the motion to suppress that evidence can remove material the prosecution is depending on.
Consent searches create their own set of issues. When a device is searched based on consent rather than a warrant, the validity of that consent — whether it was genuinely voluntary, whether it was given under the kind of implied authority or situational pressure that the law does not recognize as true consent, and whether the scope of the consent covered what investigators actually examined — is subject to challenge. A consent search that was not truly voluntary, or that exceeded the scope of what was consented to, produces evidence that may be suppressible regardless of what it contains.
When the warrant affidavit contained material misrepresentations or omissions that affected the judge's probable cause determination, a direct challenge to the warrant's foundation may result in the warrant being voided and the evidence obtained through it being suppressed. This is the Franks challenge — an examination of whether the warrant should have been issued at all based on what the affiant actually knew and how they chose to present it.
Digital Forensic Methodology — Where the Science Can Be Challenged
Even when the search was lawful, the forensic examination of a seized device is subject to challenge on multiple grounds that have nothing to do with the constitutional questions about the search itself.
Digital forensic examination is a technical process that is supposed to follow established methodology — specific procedures for preserving the integrity of the device, creating a forensic image before any examination begins, documenting every step of the examination process, maintaining chain of custody, and using validated forensic tools in ways that produce reliable and reproducible results.
Utah law enforcement most commonly uses tools such as Cellebrite UFED and Magnet Axiom to conduct device examinations. These tools are powerful, but they are not infallible — each has known limitations, documented error rates, and specific operating parameters within which results are considered reliable. When these tools are used outside their validated parameters, when the version deployed had known bugs affecting the type of data being examined, or when the examiner's interpretation of the tool's output goes beyond what the methodology actually supports, the reliability of the forensic findings is directly at issue. A qualified digital forensics expert examining the specific tool, the specific version, and the specific examination methodology applied to the specific device can identify departures from established standards that affect the credibility of the State's technical evidence.
Metadata interpretation is one of the most common areas where forensic conclusions are presented with more certainty than they actually deserve. File creation dates, modification dates, access timestamps, and download timestamps all carry specific technical meanings that are frequently misrepresented in prosecution exhibits. A file's metadata does not always establish when it was first acquired, who acquired it, or whether it was intentionally accessed — and the defense examines exactly what the metadata shows versus what the forensic examiner is claiming it shows.
Cached thumbnails and browser artifacts represent a specific and frequently misunderstood category of digital evidence. Operating systems and browsers automatically generate thumbnail images and cache files as part of their normal operation — when a webpage loads, when a folder is opened, when files are previewed. These automatically generated artifacts can appear in a forensic examination as images that were never intentionally downloaded, never intentionally viewed, and never deliberately saved by the user. The presence of a thumbnail or cached image in a forensic report does not establish that the user ever sought out, opened, or possessed the underlying file in any meaningful sense — and the defense examines exactly what the forensic record shows about how each piece of identified material arrived on the device and whether it was the product of intentional user conduct.
Deleted file recovery creates its own interpretive challenges. The fact that a file was deleted does not establish guilt — people delete files constantly for reasons that have nothing to do with criminal conduct. The fact that a file was recovered from unallocated space does not establish that it was ever intentionally accessed or viewed. The forensic analysis of when a file was created, when it was deleted, and what the device's activity record shows about whether the file was ever opened requires careful examination of the technical record rather than acceptance of the examiner's conclusions.
Chain of custody requirements exist to ensure that the device that was examined is the same device that was seized and that it has not been altered between seizure and examination. When chain of custody documentation is incomplete, when the device was handled in ways that could have altered its contents, or when the examination was conducted on a device that cannot be definitively established as the one seized from the defendant, the reliability of the forensic findings is directly at issue.
Digital Evidence Interpretation — What the Messages Actually Show
Prosecutors in internet sex crime cases frequently present digital evidence as though it is objective and self-explanatory. It is neither.
Every piece of digital evidence requires interpretation — and the interpretation the prosecution offers is almost never the only reasonable one. Understanding how that interpretation can be challenged is a core part of internet sex crime defense.
Screenshots are among the most commonly misused forms of digital evidence. A screenshot captures a single moment in a conversation, removed from everything that preceded it and everything that followed. The surrounding context — messages the prosecution did not include, the tone and direction of the conversation before the captured portion, the defendant's responses after the screenshot ends — frequently changes what the captured messages actually mean. The defense examines the full conversation record, not the excerpts the prosecution selected.
Message sequencing matters enormously in evaluating what a conversation actually shows. Conversations that are presented in order may still be missing messages. Conversations on platforms that allow message deletion, editing, or disappearing features may reflect a partial record that cannot establish what was actually communicated. The defense examines what the platform's technical record shows about message completeness — whether any messages are missing, whether any were deleted, and by whom.
Timestamps affect meaning in ways that prosecutors do not always acknowledge. A message sent at 2:00 AM in one time zone may be received and appear in a forensic report in a different time zone. Platform timestamps may reflect server time rather than local time. The sequence in which messages were sent and received, and what the timestamp record actually establishes about the timeline of the conversation, requires careful technical examination.
Shared device issues create genuine uncertainty about who sent specific messages or accessed specific content. When multiple people have access to a device — family members, roommates, coworkers — the forensic record of what is on the device does not automatically establish who put it there or who accessed it. The defense examines the device's user activity records, login history, and the specific evidence linking the defendant individually to the content at issue rather than to the device generally.
Platform-specific features affect what the digital record shows. Many platforms allow message editing after sending, leaving no record of the original content. Others use end-to-end encryption that limits what can be recovered forensically. Some platforms store data on servers rather than devices, creating gaps in what a device examination can establish. Understanding the technical architecture of the specific platform involved in the investigation is part of what the defense brings to the examination of digital evidence.
The Pre-Charge Investigation Stage — The Most Important Window
In internet sex crime cases more than almost any other category of criminal matter, the pre-charge investigation stage is where the defense has the most room to work — and where the decisions being made have the greatest long-term impact on the case.
By the time someone learns they are under investigation for an internet sex crime, law enforcement has typically already done the following: identified the target through IP address records or platform data, obtained records from the platform provider, conducted a forensic examination of a seized device or obtained the device contents through a consent search, reviewed the digital evidence and formed a theory of the case, and begun the process of deciding what charges to file and how strong the prosecution will be.
All of that has happened without any defense involvement. Without any challenge to how the evidence was gathered. Without any opportunity to present context that contradicts the State's theory. Without any input from the person being investigated about what the evidence actually shows.
Early criminal investigation defense intervention can change that dynamic in several meaningful ways. It can stop damaging interviews before they happen — interviews that are designed to lock the target into statements that will later be used as evidence rather than to genuinely understand what occurred. It can challenge the scope and validity of device searches before the prosecution has organized its entire case around evidence that may not be legally usable. It can preserve and present exculpatory digital evidence — messages, platform records, technical data — that contradicts the prosecution's theory before prosecutors have publicly committed to a charging decision that is hard to reverse. And in some cases, it can present the full factual context to the prosecutor's office before charges are filed, changing the trajectory of the case before it has become a formal prosecution.
The window for that intervention is real — but it does not stay open indefinitely. Once charges are filed, prosecutors are defending a decision they have already made. Before filing, there is still room to influence that decision. And in internet sex crime cases, where the digital evidence is fixed at the time of seizure and the investigation stage is where the most important work gets done, that window matters more than in almost any other context.
If there is any indication that an investigation has begun — a law enforcement contact, a device seizure, awareness that people connected to the situation have been questioned, or any other signal that the State is building a case — the time to act is now. Call (801) 449-1247 — there is no charge for the initial consultation and nothing discussed leaves that conversation.
What Not to Do After Learning About an Investigation
The mistakes people make in internet sex crime cases are often distinct from the general mistakes people make in other criminal investigations — and they are often more damaging because the digital record captures everything.
Do not attempt to contact anyone connected to the investigation — the alleged victim, the undercover officer, or anyone who may have been questioned by law enforcement. Any contact will be documented and will be presented as evidence of consciousness of guilt or, in cases involving a real minor, as potential witness tampering.
Do not delete, modify, or transfer files, messages, accounts, or any digital content after learning that an investigation exists. Even if the material is entirely innocent, deletion after notice of an investigation creates separate obstruction exposure and will be presented as evidence that the defendant was aware of incriminating content and attempted to conceal it.
Do not consent to additional device searches or interviews after law enforcement has already made contact. The initial contact is designed to create an opportunity for the target to provide additional evidence — through statements, through voluntary device access, through explanations that create admissions or inconsistencies. After law enforcement has made contact, any additional cooperation should happen only with legal counsel present and only after a careful evaluation of what it is likely to produce.
Do not take a law enforcement polygraph. Polygraphs are investigative tools used to create admissions and build momentum toward formal charges. They are not admissible in Utah courts, and a result that investigators characterize as deceptive will be used in the charging decision regardless of the instrument's reliability.
Do not attempt to explain the digital evidence to family members, employers, or anyone else before speaking with counsel. Those explanations become statements. Those statements become part of the investigation record.
False Allegations and Investigative Overreach
Not every internet sex crime charge reflects conduct that actually occurred. Some arise from investigative errors that produce charges against the wrong person. Others arise from platform records that are incomplete, misread, or attributed to the wrong account. Others arise from shared networks or devices where the conduct that generated the investigation was not the defendant's.
IP address misidentification is one of the most common sources of wrongful attribution in internet sex crime investigations. An IP address identifies a network connection — not an individual. When multiple users share a network, when a router has been compromised or used without authorization, or when the IP address record contains technical errors, the connection between the IP address and the specific individual charged is subject to challenge. The defense examines the technical record carefully to determine whether the IP address evidence actually establishes what the prosecution is claiming.
Shared network issues create similar problems. An open WiFi network, a shared apartment connection, or an unsecured router can result in internet activity being attributed to the account holder rather than to the person who actually generated it. Establishing that the network was accessible to others and that the investigation did not adequately rule out alternative users is a legitimate and important defense in cases where the evidence of identity depends on network access records.
Malware and unauthorized device access can result in files being downloaded, stored, or transmitted without the device owner's knowledge or consent. Peer-to-peer file sharing software, in particular, often downloads and shares content automatically as part of its operation without the user being aware of specific files being acquired or distributed. The defense examines whether the forensic record is consistent with automated software behavior rather than intentional user conduct.
Platform record errors — including incorrect timestamps, misattributed messages, or incomplete records produced through legal process — can affect the reliability of the digital evidence the prosecution is presenting. When the platform's own technical documentation contradicts what is being presented as the definitive record of communications, that discrepancy is a legitimate defense issue.
Long-Term Consequences and Why Plea Strategy Begins at the Start
Internet sex crime convictions in Utah carry consequences that extend far beyond the criminal sentence — and many of those consequences depend on decisions made during the case rather than at sentencing.
Sex offender registration is the consequence that most clients are most focused on from the beginning of the case, and it is the one that most requires early and sustained strategic attention. Registration requirements, tier classification, duration of registration, residency restrictions, employment restrictions, and future eligibility for removal from the registry all depend on the specific charge to which the defendant ultimately pleads or is convicted, the specific statutory language in the plea agreement, and decisions that are made during negotiation — not afterward.
The distinction between charges matters enormously for registration consequences. A conviction for enticing a minor carries different registration requirements than a conviction for sexual exploitation of a minor. A conviction for dealing in material harmful to a minor may carry different registration requirements than either. These distinctions can mean the difference between a fixed registration period and lifetime registration — and that difference cannot be undone after the plea is accepted.
Employment consequences specific to internet crimes convictions are often more severe and more permanent than the employment consequences of other criminal convictions. Technology companies, educational institutions, healthcare providers, government contractors, and financial services firms all conduct background checks that will reveal an internet sex crime conviction — and many of those employers have categorical policies that make re-employment impossible regardless of the individual circumstances of the conviction.
Digital restrictions following an internet sex crime conviction can include conditions of probation or parole that restrict or monitor internet access, prohibit use of specific platforms or applications, and require submission to device searches without a warrant. For someone whose professional or personal life depends on regular internet access, those restrictions carry practical consequences that need to be analyzed as part of the overall case strategy from the beginning.
Immigration consequences for non-citizens facing internet sex crime charges are immediate and severe. Many internet sex crime offenses are categorically defined as aggravated felonies or crimes involving moral turpitude under federal immigration law, triggering mandatory deportation for lawful permanent residents and permanent bars to naturalization and re-entry. Immigration consequences must be analyzed from the very beginning of any internet sex crime case involving a non-citizen defendant — not as an afterthought when the criminal case is being resolved.
Professional licensing consequences arise before conviction in many cases. Licensing boards for healthcare professionals, educators, attorneys, financial advisors, and other licensed practitioners often begin administrative review based on the existence of a charge rather than a conviction. The criminal defense strategy and the professional licensing response must be coordinated from the beginning — decisions made in the criminal case can affect the licensing proceeding, and decisions made in the licensing proceeding can affect the criminal case.
How Internet Sex Crime Cases Are Prosecuted Across Utah
Internet sex crime cases are not prosecuted identically across every Utah jurisdiction. The agencies involved, the charging practices, the plea expectations, and the specific resources dedicated to digital evidence vary across counties in ways that affect how the defense is built.
In Salt Lake County, Internet Crimes Against Children task force investigators and Salt Lake City Police Department's specialized units handle a significant volume of internet sex crime investigations. The Third District Court processes a high volume of these cases, and prosecutors in the Salt Lake County District Attorney's office are experienced with digital evidence and sting operation prosecutions. Pre-charge intervention in Salt Lake County cases requires understanding how that office evaluates digital evidence and what creates genuine leverage before a filing decision is made.
In Davis County, the Davis County Attorney's Office and Davis County Sheriff's Office investigators handle these cases with a pre-filing screening process that is more thorough than many other counties. Cases that reach charging in Davis County have typically been reviewed carefully, which means the defense needs to examine the investigation with the same level of care to find the vulnerabilities that survive that internal review.
In Weber County, Ogden Police Department and the Weber County Sheriff's Office handle internet sex crime investigations through the Second District Court in Ogden. The prosecutorial culture in Weber County and the specific patterns of how digital evidence is presented in these cases create strategic considerations that are distinct from what applies in the southern counties.
In Utah County, the Utah County Attorney's Office handles a significant volume of internet sex crime cases arising from the BYU and UVU student populations as well as from the growing professional community along the Silicon Slopes corridor. The Fourth District Court in Provo handles these matters with a prosecutorial approach that reflects the specific character of this jurisdiction.
Frequently Asked Questions
Should I talk to detectives if they say they just want to understand what happened?
No — and this is one of the most important decisions in an internet sex crime investigation. Law enforcement interviews in internet sex crime cases are not designed to help the person being investigated explain themselves. They are designed to obtain statements that support charges, create inconsistencies that can be used as evidence of consciousness of guilt, and lock the target into a version of events that can later be compared against the digital record in ways that damage credibility. Even truthful answers create problems when given under the stress of an unexpected law enforcement contact without legal counsel present. Before any interview — formal or informal — one call to a defense attorney is the most important decision that can be made.
Can internet sex crime charges be stopped before they are filed?
Sometimes yes — and this is often where the most valuable defense work happens. Pre-charge intervention in internet sex crime cases can involve challenging the scope and validity of device searches before the prosecution has organized its theory around the evidence, presenting exculpatory digital evidence that contradicts the State's interpretation before prosecutors commit to a charging decision, exposing credibility problems with the investigation methodology before the investigative record becomes locked in, and in some cases making a direct presentation to the prosecutor's office that changes how the case is being evaluated. The window for that intervention exists before charges are filed. After filing, prosecutors are defending a decision they have already made publicly. Before filing, there is still room to change direction — and criminal investigation defense at this stage is often the highest-value work in the entire case.
Is entrapment a real defense in Utah internet sting cases?
Yes — under the right facts. Entrapment in Utah requires establishing that the idea of committing the offense originated with law enforcement and that the defendant was not predisposed to commit the offense before law enforcement made contact. The predisposition element is where most entrapment defenses succeed or fail. The defense examines the full conversation record — including everything the undercover officer said and did to create, sustain, and escalate the interaction — and compares that record against what the defendant actually initiated and what he was responding to. In cases where officers pushed a conversation that the defendant was not driving, where escalation was the product of law enforcement direction rather than the defendant's own conduct, and where the full record tells a meaningfully different story than the prosecution's version, entrapment has real traction.
What if the phone or device that was searched did not belong exclusively to me?
Shared device issues are a significant and frequently underexplored area of internet sex crime defense. The forensic record of what is on a device does not automatically establish who put it there, who accessed it, or who is responsible for its contents. The defense examines the device's user activity records, account login history, the timing of file access relative to what is known about each user's access to the device, and any other technical evidence that bears on the question of individual attribution. When the prosecution cannot establish beyond a reasonable doubt that the specific defendant — rather than another person with access to the device — is responsible for the material at issue, that gap in the evidence is a direct and significant defense issue.
What is the difference between possession and distribution charges for CSAM?
The distinction matters enormously for sentencing exposure and registration consequences. Possession charges require the State to establish that the defendant knowingly possessed the material. Distribution charges require additionally establishing that the defendant shared, uploaded, or transmitted the material to others. In many internet sex crime cases, distribution charges arise from peer-to-peer file sharing software that automatically shares downloaded content with other users on the network — without the defendant specifically initiating or being aware of individual sharing transactions. Whether the defendant's use of peer-to-peer software constitutes knowing distribution under the statute, or whether it reflects automated software behavior that the defendant did not specifically control, is one of the central legal questions in these cases and one where the technical facts of how the software actually operates matter enormously.
What if police found CSAM on my device through hash value matching but I never knowingly accessed those files?
Hash value matching identifies files by their cryptographic fingerprint — it establishes that a file exists on the device and matches a known CSAM file in law enforcement databases. What it does not establish on its own is that the file was ever intentionally accessed, viewed, or downloaded by the user. Files that arrive through peer-to-peer caching, cached thumbnails generated automatically by the operating system, and files downloaded through bulk software processes without individual selection can all appear in hash match results without reflecting any intentional user conduct. The defense examines the specific forensic record — how each flagged file arrived on the device, what the activity logs show about whether it was ever opened, and whether the pattern of file acquisition is consistent with intentional downloading or with automated software behavior — to determine what the hash match evidence actually establishes versus what the prosecution is claiming it proves.
Can a charge for dealing in material harmful to a minor be distinguished from more serious exploitation charges?
Yes — and that distinction has significant strategic value. Dealing in material harmful to a minor under Utah Code section 76-10-1206 covers a broader range of material than the sexual exploitation statute and carries different elements, different sentencing exposure, and different registration consequences. In cases where the material at issue may not meet the legal threshold for CSAM but falls within the harmful to minors definition, or where the prosecution cannot establish all elements of the more serious charge, the distinction between these charges creates genuine plea negotiation leverage. Understanding exactly what each charge requires the State to prove and what the long-term consequences of each resolution look like is part of the defense analysis that needs to happen from the beginning of the case.
What if police found material on my device that I did not put there?
This is a legitimate and important defense in a meaningful number of internet sex crime cases. Malware, peer-to-peer software caching, unauthorized network use, and shared device access can all result in material appearing on a device without the owner's knowledge or intent. The defense examines whether the forensic record is consistent with the defendant having intentionally acquired and accessed the material, or whether it is equally consistent with the material having arrived through automated software behavior, network access by others, or device sharing. Expert digital forensic analysis of the specific technical evidence — how the files arrived on the device, when they were accessed, what the device's activity record shows about user behavior at the relevant times — is often what establishes this defense most effectively.
How does an internet sex crime conviction affect sex offender registration in Utah?
Registration consequences depend on the specific charge, the specific resolution, and the specific statutory language in any plea agreement — and they must be analyzed from the very beginning of the case, not at sentencing when options have already narrowed. Different internet sex crime charges trigger different registration tiers, different registration durations, different residency and employment restrictions, and different eligibility for future removal from the registry. The difference between a resolution that triggers lifetime registration and one that carries a fixed registration period can come down to specific plea language that must be negotiated before the plea is accepted. Waiting until sentencing to think about registry consequences is almost always too late.
What should I do tonight if I just learned about an investigation?
Stop. Do not call anyone connected to the investigation. Do not delete anything from any device or account. Do not consent to any additional searches. Do not attempt to explain the situation to family members, employers, or anyone else until you have spoken with counsel. The first twenty-four hours after learning about an internet sex crime investigation are among the most consequential of the entire case — and the most common mistakes people make in those hours are ones that hand the government evidence it would not otherwise have. One call to a defense attorney before any other decision is made is the single most important thing that can happen in that window. Call (801) 449-1247 — available twenty-four hours a day, seven days a week.
Your Defense Begins Before the Arrest
Internet sex crime investigations move on a timeline the person being investigated does not control. By the time law enforcement makes contact, the State has already spent weeks or months building its case — gathering digital evidence, examining devices, forming a theory, and deciding how strong the prosecution will be.
The defense that starts earliest has the most to work with. The defense that waits for an arrest is starting from behind.
Whether the matter involves a law enforcement sting operation, a device examination that produced serious charges, false attribution of digital conduct to the wrong person, or a situation where the digital evidence means something very different in full context than the prosecution is presenting — the quality of the defense built around the specific facts of the case determines what comes next.
A case built entirely on digital evidence is not an unbeatable case. Digital evidence has legal requirements that must be satisfied before it can be used. Forensic examination has methodological standards that must be followed. Interpretations of what digital evidence shows are contestable in ways that require both technical and legal expertise to challenge effectively.
McAdams Law PLLC represents individuals facing internet sex crime investigations and charges across Salt Lake County, Davis County, Weber County, and Utah County — and throughout northern and central Utah — with a focus on examining how the digital evidence was gathered, whether the legal process used to obtain it holds up under scrutiny, and what that evidence actually proves when it is examined carefully and completely rather than accepted at face value.
Call McAdams Law PLLC at (801) 449-1247 to schedule a confidential consultation. Available twenty-four hours a day for arrests and emergencies. There is no charge for the initial consultation, and everything discussed is protected by attorney-client privilege from the very first call.