Feeds

Was Julie Amero wrongly convicted?

Mouse-trapped

Next gen security for virtualised datacentres

What the jury didn't see

The police detective indicated that the police never examined the school computer for the existence of Trojan horses, logic bombs, spyware, adware or other malicious code. They reportedly didn't do this because the defense did not raise the "malware defense" prior to trial. Indeed, many have conjectured that the "pop-up" defense was manufactured for the trial, and that Julie never told anyone about the pop-ups at the time, or indeed at any time prior to trial.

However, if you wanted to assert that the defendant deliberately clicked on pornographic websites, and offer expert testimony to that effect, it would be incumbent upon you to eliminate the possibility – indeed, the probability – of the existence of malware. Indeed, the police detective himself suggested that a normal procedure would be to look for malware created before or at the time of the alleged criminal acts.

This may be a case where the defendant was wrongfully convicted because of a technicality – not just because of spyware or pop-ups. You see, Connecticut law requires the defense to give the government any written reports or tangible evidence they intend to introduce at trial, or evidence "[w]hich is a report or statement as to a...scientific test or experiment made in connection with the particular case prepared by, and relating to the anticipated testimony of, a person whom the defendant intends to call as a witness."

It is not clear whether the defense expert prepared such a written report, or whether if so, it was disclosed to the prosecution. In 1992, the Connecticut Supreme Court in a case against Adrian Genotti (220 Conn. 796, 1992) held that there was no legal obligation to prepare and therefore disclose a written report, and that an expert should not be prevented from testifying just because no written report was created and/or disclosed.

It appears that the government did not rebut the argument that the substitute teacher was the victim of pop-ups because they didn't know that was going to be the defense. In fact, Amero may not have even raised this as a defense until immediately before trial. It also appears that, as a result the defense wasn't fully able to present this defense because they didn't give the government sufficient notice of the expert's reports.

Indeed, despite the fact that the investigation and the case had been pending for almost two years, it appears that nobody even brought up the possibility of the pop-up defense until shortly before trial. This may have been tactical on the part of the defense, or it may have been because the defendant simply didn't focus on what caused the porn to be displayed. In any event, the cops didn't look for evidence to rebut a defense about which they weren't aware, and so they never looked for spyware and adware. Because the defense may not have given notice of the existence of the expert report, the court curtailed the expert's testimony. So Ms Amero goes to jail for a failure to produce some paper?

The IP address history logs of the school apparently were not reviewed. What is worse, it appears that nobody attempted to recreate the sessions with live internet accounts to see whether the pop-ups actually occurred at the time. The defense expert's request to do so in court was denied. However, while some of the particular sites may no longer have been active at the time of the trial three years later, archives of these sites indicate that they were likely sources of malware. Indeed, even an immediate reconstruction of the events might not yield an identical result, as malware sites are polymorphic – changing URLs sometimes within minutes, and the results would only be useful if it used a similarly outdated computer, with a similar lack of controls, and similarly un-updated software and browser.

As a result, it is impossible, without an independent forensic examination, to determine whether Julie (a) deliberately surfed for porn; (b) inadvertently went to a porn website; (c) was the victim of pop-up porn sites; or (d) merely sat by while students did any of the acts. It makes little difference for purposes of her termination (for not paying attention in class), but makes a huge difference for criminal purposes.

The essential guide to IT transformation

More from The Register

next story
Super Cali signs a kill-switch, campaigners say it's atrocious
Remote-death button bad news for crooks, protesters – and great news for hackers?
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
Oz biz regulator discovers shared servers in EPIC FACEPALM
'Not aware' that one IP can hold more than one Website
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?