Was Julie Amero wrongly convicted?


SANS - Survey on application security programs

A battle of forensics

At her trial, Norwich Police Detective Mark Lounsbury testified that there was evidence that, while the class was in session, the computer logged entries into websites like meetlovers.com and femalesexual.com, and other graphic sites. Elsewhere, Detective Lounsbury has explained that his forensic procedure is that:

Physical evidence and electronic evidence is collected...This evidence includes internet history, content, and registry data, including "typed URLs". It's these "typed URLs", gleaned from the registry, which are identified - not pop ups. I use a simple tool [ComputerCOP Professional v.3.16.3] to search for the evidence. The tool provides me with an audit trail, evidence log, the evidence, web content log, and visited sites log.

Nobody contested the fact that sites containing pornography were displayed on, and therefore accessed by, the computer in Mr Napp's 7th Grade class. The question, of course was, did Julie Amero do it, and more importantly, did she do it knowingly and intentionally?

This is where the evidence gets fuzzy. The State's Attorney, David Smith, reportedly told the jury: "You have to physically click on it to get to those sites." Other times he appears to have gone further, and suggested not only that Amero clicked on the URLs, but that she physically typed them in. Oh really? The theory that Amero deliberately typed the URLs into the computer is the same idea as that expressed outside the courtroom by school officials, like Norwich Schools Superintendent Pam Aubin who reportedly said: "This wasn't just [someone clicking on] popups [advertisements]."

Pop-ups are irrelevant to forensics?

Others have suggested that Amero's crime was not deliberately going to porn sites, but simply failing to prevent the pop-ups from being seen by the students. Indeed, this may have been the government's theory as well, or an alternate theory that the government came up with after the defense tried to show the existence of pop-ups and spyware. The prosecutor told the jury that Amero was guilty of exposing the children to pornography because she "should have thrown a sweater over the monitor" as a means of protecting the students. The angora defense? This despite the fact that as at least one student testified, the substitute teacher "physically reached up and pushed his face away from her computer".

Indeed, it is possible that the statute permits conviction for merely "permitting" a child to be placed in a situation that might impair their morals. So did the jury convict her for merely pushing the kids away and not yanking the extension cord? It is impossible to say. We all know that Microsoft Windows almost yells at you if you try to turn of your computer this way (well, at least when you reboot) – and that this kind of hard reboot can not only lose important data but can potentially damage the spinning hard drive.

There are significant forensic reasons not to simply unplug a misbehaving computer. Sure, the question now is whether there was malware, spyware, pop-ups, or possible a Trojan horse on the computer. But what if the computer was being actively attacked, through a Trojan or back-door? Turning off the CPU likely would prevent the tracking needed to find the source of the attack. Unplugging the computer, for example, would prevent the creation of certain registry entries that are created only when, for example, the browser is closed properly – such as the registry entry indicating what URLs were typed into the browser – an important evidentiary issue in this case.

The decision about how to respond to this "incident" should not be left exclusively to the substitute teacher, and she should not be faulted – much less prosecuted – for not yanking the cord. There are conflicting reports about how long she kept the offending computer on, with Fox News' Bill O'Reilly reporting that the computer was left on all day, although it is not clear if the monitor remained visible to the students the whole time, and there is no allegation that there was porn on the computer for anything other than the few minutes after around 9am. Apparently neither she, nor any other faculty member, administrator or the principal or assistant principal ever considered just turning off the monitor – assuming that this was easy to do. Amero probably didn't turn off the monitor because she wanted to keep surfing.

Even the local newspaper, calling her acts "disgusting and merit[ing] punishment", failed to distinguish whether Amero's crime was going to pornographic websites in the presence of minors, or just not reacting properly when the pop-ups started coming, noting that Amero "...was accused and convicted of intentionally accessing several pornographic sites - not pop-up ads or windows, as she suggested. And she did not turn off the computer when the students saw the images." OK. Which one was it? If they can't distinguish which crime she was convicted of, how could the jury?

Even the Connecticut model jury instructions simply say that you are guilty of the crime if you "without legal right or justification" permit a person under sixteen, "to be placed in a situation that...was likely to...impair his morals". The jury was also told that "morals" means good morals, living, acting and thinking in accordance with those principles and precepts which are commonly accepted among us as right and decent.

So Amero could be convicted even if she didn't type any URLs or click on any porn sites – in fact, even if (and maybe specifically because) she never even touched the computer! Indeed, she could have been convicted even if there was no porn on any of these sites – all the law appears to have required was that the materials be "indecent" – a four letter word would have supported a decade in the pokey. Perhaps it is the government's theory that not yanking the plug placed the members of the seventh grade class in a situation that was likely to impair their morals. If that was the case, then why present any forensic testimony? Talk about strict liability! Without individually interviewing each of the jurors, we have, quite frankly no idea what the jury convicted her of. I love the law.

Whether or not the government thinks that Amero's crime was not yanking the cord, they asserted in court and out of court that the forensic evidence conclusively demonstrated that she actually typed the URLs – deliberately went to porn sites. And this is clearly not the case, as we'll see with further analysis.

High performance access to file storage

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Reprieve for Weev: Court disowns AT&T hacker's conviction
Appeals court strikes down landmark sentence
prev story


Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.