Yes it is outside of the skill level of the average computer user, but in many cases it is inside the skill level of a novice hacker with a bit of a technical background and some time to spend reading some .pdf files. The attack against Gnutella that allows the attacker to cause nodes to download whatever the hell they want is trivial to implement, and it is sufficient of an attack to get the targets convicted for CP trafficking. Of course, there are other extremely advanced vectors that could be utilized as well, some of which will result in a system that is *forensically indistinguishable* from a system owned by somebody who actually downloaded and shared CP. But it doesn't really matter if it can be done by 100% of computer users or only the top 1% most skilled computer users. The simple fact of the matter is that it can be demonstrated that computer forensics can be entirely misleading, it can be demonstrated that CP can end up on somebodies computer in such a way that forensic technicians have no choice but to say that the CP was intentionally downloaded and distributed, and in hundreds of thousands of CP cases the integrity of the evidence used to convict the so-called offender is 100% dependent on there not being somebody trying to frame the person convicted, or even random people. They don't allow traffic analysis by itself to secure a conviction (judges dismiss cases where the only evidence is from traffic analysis), but traffic analysis + the presence of CP + a forensic analysis showing that a user of the seized PC intentionally downloaded and distributed CP is enough for a conviction in 99.99% of cases. This is despite the fact that the presence of CP and a forensic analysis showing that a user of the PC intentionally downloaded it is just as prone to failure as traffic analysis. Due to people using open and hacked WiFi, plus people using proxy exit nodes, hacked cable modems, plus ISP's / websites / police / etc not being 100% accurate when it comes to keeping logs, the justice department has essentially determined that traffic analysis by itself can only be used for intelligence. Perhaps there needs to be a massive botnet that creates systems forensically indistinguishable from those owned by CP collectors before the justice department will realize that even the presence of CP and a forensic analysis showing how it got there are not reliable enough to be considered evidence either.