Was Julie Amero wrongly convicted?


Choosing a cloud hosting partner with confidence

A battle of forensics

At her trial, Norwich Police Detective Mark Lounsbury testified that there was evidence that, while the class was in session, the computer logged entries into websites like meetlovers.com and femalesexual.com, and other graphic sites. Elsewhere, Detective Lounsbury has explained that his forensic procedure is that:

Physical evidence and electronic evidence is collected...This evidence includes internet history, content, and registry data, including "typed URLs". It's these "typed URLs", gleaned from the registry, which are identified - not pop ups. I use a simple tool [ComputerCOP Professional v.3.16.3] to search for the evidence. The tool provides me with an audit trail, evidence log, the evidence, web content log, and visited sites log.

Nobody contested the fact that sites containing pornography were displayed on, and therefore accessed by, the computer in Mr Napp's 7th Grade class. The question, of course was, did Julie Amero do it, and more importantly, did she do it knowingly and intentionally?

This is where the evidence gets fuzzy. The State's Attorney, David Smith, reportedly told the jury: "You have to physically click on it to get to those sites." Other times he appears to have gone further, and suggested not only that Amero clicked on the URLs, but that she physically typed them in. Oh really? The theory that Amero deliberately typed the URLs into the computer is the same idea as that expressed outside the courtroom by school officials, like Norwich Schools Superintendent Pam Aubin who reportedly said: "This wasn't just [someone clicking on] popups [advertisements]."

Pop-ups are irrelevant to forensics?

Others have suggested that Amero's crime was not deliberately going to porn sites, but simply failing to prevent the pop-ups from being seen by the students. Indeed, this may have been the government's theory as well, or an alternate theory that the government came up with after the defense tried to show the existence of pop-ups and spyware. The prosecutor told the jury that Amero was guilty of exposing the children to pornography because she "should have thrown a sweater over the monitor" as a means of protecting the students. The angora defense? This despite the fact that as at least one student testified, the substitute teacher "physically reached up and pushed his face away from her computer".

Indeed, it is possible that the statute permits conviction for merely "permitting" a child to be placed in a situation that might impair their morals. So did the jury convict her for merely pushing the kids away and not yanking the extension cord? It is impossible to say. We all know that Microsoft Windows almost yells at you if you try to turn of your computer this way (well, at least when you reboot) – and that this kind of hard reboot can not only lose important data but can potentially damage the spinning hard drive.

There are significant forensic reasons not to simply unplug a misbehaving computer. Sure, the question now is whether there was malware, spyware, pop-ups, or possible a Trojan horse on the computer. But what if the computer was being actively attacked, through a Trojan or back-door? Turning off the CPU likely would prevent the tracking needed to find the source of the attack. Unplugging the computer, for example, would prevent the creation of certain registry entries that are created only when, for example, the browser is closed properly – such as the registry entry indicating what URLs were typed into the browser – an important evidentiary issue in this case.

The decision about how to respond to this "incident" should not be left exclusively to the substitute teacher, and she should not be faulted – much less prosecuted – for not yanking the cord. There are conflicting reports about how long she kept the offending computer on, with Fox News' Bill O'Reilly reporting that the computer was left on all day, although it is not clear if the monitor remained visible to the students the whole time, and there is no allegation that there was porn on the computer for anything other than the few minutes after around 9am. Apparently neither she, nor any other faculty member, administrator or the principal or assistant principal ever considered just turning off the monitor – assuming that this was easy to do. Amero probably didn't turn off the monitor because she wanted to keep surfing.

Even the local newspaper, calling her acts "disgusting and merit[ing] punishment", failed to distinguish whether Amero's crime was going to pornographic websites in the presence of minors, or just not reacting properly when the pop-ups started coming, noting that Amero "...was accused and convicted of intentionally accessing several pornographic sites - not pop-up ads or windows, as she suggested. And she did not turn off the computer when the students saw the images." OK. Which one was it? If they can't distinguish which crime she was convicted of, how could the jury?

Even the Connecticut model jury instructions simply say that you are guilty of the crime if you "without legal right or justification" permit a person under sixteen, "to be placed in a situation that...was likely to...impair his morals". The jury was also told that "morals" means good morals, living, acting and thinking in accordance with those principles and precepts which are commonly accepted among us as right and decent.

So Amero could be convicted even if she didn't type any URLs or click on any porn sites – in fact, even if (and maybe specifically because) she never even touched the computer! Indeed, she could have been convicted even if there was no porn on any of these sites – all the law appears to have required was that the materials be "indecent" – a four letter word would have supported a decade in the pokey. Perhaps it is the government's theory that not yanking the plug placed the members of the seventh grade class in a situation that was likely to impair their morals. If that was the case, then why present any forensic testimony? Talk about strict liability! Without individually interviewing each of the jurors, we have, quite frankly no idea what the jury convicted her of. I love the law.

Whether or not the government thinks that Amero's crime was not yanking the cord, they asserted in court and out of court that the forensic evidence conclusively demonstrated that she actually typed the URLs – deliberately went to porn sites. And this is clearly not the case, as we'll see with further analysis.

Business security measures using SSL

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
OECD lashes out at tax avoiding globocorps' location-flipping antics
You hear that, Amazon, Google, Microsoft et al?
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.