Feeds

Was Julie Amero wrongly convicted?

Mouse-trapped

Secure remote control for conventional and virtual desktops

What the jury didn't see

The police detective indicated that the police never examined the school computer for the existence of Trojan horses, logic bombs, spyware, adware or other malicious code. They reportedly didn't do this because the defense did not raise the "malware defense" prior to trial. Indeed, many have conjectured that the "pop-up" defense was manufactured for the trial, and that Julie never told anyone about the pop-ups at the time, or indeed at any time prior to trial.

However, if you wanted to assert that the defendant deliberately clicked on pornographic websites, and offer expert testimony to that effect, it would be incumbent upon you to eliminate the possibility – indeed, the probability – of the existence of malware. Indeed, the police detective himself suggested that a normal procedure would be to look for malware created before or at the time of the alleged criminal acts.

This may be a case where the defendant was wrongfully convicted because of a technicality – not just because of spyware or pop-ups. You see, Connecticut law requires the defense to give the government any written reports or tangible evidence they intend to introduce at trial, or evidence "[w]hich is a report or statement as to a...scientific test or experiment made in connection with the particular case prepared by, and relating to the anticipated testimony of, a person whom the defendant intends to call as a witness."

It is not clear whether the defense expert prepared such a written report, or whether if so, it was disclosed to the prosecution. In 1992, the Connecticut Supreme Court in a case against Adrian Genotti (220 Conn. 796, 1992) held that there was no legal obligation to prepare and therefore disclose a written report, and that an expert should not be prevented from testifying just because no written report was created and/or disclosed.

It appears that the government did not rebut the argument that the substitute teacher was the victim of pop-ups because they didn't know that was going to be the defense. In fact, Amero may not have even raised this as a defense until immediately before trial. It also appears that, as a result the defense wasn't fully able to present this defense because they didn't give the government sufficient notice of the expert's reports.

Indeed, despite the fact that the investigation and the case had been pending for almost two years, it appears that nobody even brought up the possibility of the pop-up defense until shortly before trial. This may have been tactical on the part of the defense, or it may have been because the defendant simply didn't focus on what caused the porn to be displayed. In any event, the cops didn't look for evidence to rebut a defense about which they weren't aware, and so they never looked for spyware and adware. Because the defense may not have given notice of the existence of the expert report, the court curtailed the expert's testimony. So Ms Amero goes to jail for a failure to produce some paper?

The IP address history logs of the school apparently were not reviewed. What is worse, it appears that nobody attempted to recreate the sessions with live internet accounts to see whether the pop-ups actually occurred at the time. The defense expert's request to do so in court was denied. However, while some of the particular sites may no longer have been active at the time of the trial three years later, archives of these sites indicate that they were likely sources of malware. Indeed, even an immediate reconstruction of the events might not yield an identical result, as malware sites are polymorphic – changing URLs sometimes within minutes, and the results would only be useful if it used a similarly outdated computer, with a similar lack of controls, and similarly un-updated software and browser.

As a result, it is impossible, without an independent forensic examination, to determine whether Julie (a) deliberately surfed for porn; (b) inadvertently went to a porn website; (c) was the victim of pop-up porn sites; or (d) merely sat by while students did any of the acts. It makes little difference for purposes of her termination (for not paying attention in class), but makes a huge difference for criminal purposes.

Security for virtualized datacentres

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
Inside the EYE of the TORnado: From Navy spooks to Silk Road
It's hard enough to peel the onion, are you hard enough to eat the core?
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.