Was Julie Amero wrongly convicted?

What the jury didn't see

The police detective indicated that the police never examined the school computer for the existence of Trojan horses, logic bombs, spyware, adware or other malicious code. They reportedly didn't do this because the defense did not raise the "malware defense" prior to trial. Indeed, many have conjectured that the "pop-up" defense was manufactured for the trial, and that Julie never told anyone about the pop-ups at the time, or indeed at any time prior to trial.

However, if you wanted to assert that the defendant deliberately clicked on pornographic websites, and offer expert testimony to that effect, it would be incumbent upon you to eliminate the possibility – indeed, the probability – of the existence of malware. Indeed, the police detective himself suggested that a normal procedure would be to look for malware created before or at the time of the alleged criminal acts.

This may be a case where the defendant was wrongfully convicted because of a technicality – not just because of spyware or pop-ups. You see, Connecticut law requires the defense to give the government any written reports or tangible evidence they intend to introduce at trial, or evidence "[w]hich is a report or statement as to a...scientific test or experiment made in connection with the particular case prepared by, and relating to the anticipated testimony of, a person whom the defendant intends to call as a witness."

It is not clear whether the defense expert prepared such a written report, or whether if so, it was disclosed to the prosecution. In 1992, the Connecticut Supreme Court in a case against Adrian Genotti (220 Conn. 796, 1992) held that there was no legal obligation to prepare and therefore disclose a written report, and that an expert should not be prevented from testifying just because no written report was created and/or disclosed.

It appears that the government did not rebut the argument that the substitute teacher was the victim of pop-ups because they didn't know that was going to be the defense. In fact, Amero may not have even raised this as a defense until immediately before trial. It also appears that, as a result the defense wasn't fully able to present this defense because they didn't give the government sufficient notice of the expert's reports.

Indeed, despite the fact that the investigation and the case had been pending for almost two years, it appears that nobody even brought up the possibility of the pop-up defense until shortly before trial. This may have been tactical on the part of the defense, or it may have been because the defendant simply didn't focus on what caused the porn to be displayed. In any event, the cops didn't look for evidence to rebut a defense about which they weren't aware, and so they never looked for spyware and adware. Because the defense may not have given notice of the existence of the expert report, the court curtailed the expert's testimony. So Ms Amero goes to jail for a failure to produce some paper?

The IP address history logs of the school apparently were not reviewed. What is worse, it appears that nobody attempted to recreate the sessions with live internet accounts to see whether the pop-ups actually occurred at the time. The defense expert's request to do so in court was denied. However, while some of the particular sites may no longer have been active at the time of the trial three years later, archives of these sites indicate that they were likely sources of malware. Indeed, even an immediate reconstruction of the events might not yield an identical result, as malware sites are polymorphic – changing URLs sometimes within minutes, and the results would only be useful if it used a similarly outdated computer, with a similar lack of controls, and similarly un-updated software and browser.

As a result, it is impossible, without an independent forensic examination, to determine whether Julie (a) deliberately surfed for porn; (b) inadvertently went to a porn website; (c) was the victim of pop-up porn sites; or (d) merely sat by while students did any of the acts. It makes little difference for purposes of her termination (for not paying attention in class), but makes a huge difference for criminal purposes.