Feeds

Was Julie Amero wrongly convicted?

Mouse-trapped

The smart choice: opportunity from uncertainty

Where was the school's filter?

While the Norwich school's Information Services Director Bob Hartz reportedly told a school board hearing in January 2007 that the school was running Symantec's WebNOT filtering software [Editor's note: SecurityFocus is owned by Symantec Corp], Hartz stated that the automatic update feature was not activated – possibly due to an unpaid invoice. Thus, for at least three months, the system was not blocking many pornographic websites, including the ones seen by the 7th grade class. There did not appear to be any kind of adware blocking software on the school machines. This could explain why there had never been an incident involving pop-ups prior to that date, and – assuming, as Hartz later told the school board, a new filter was installed (and updated) it hasn't happened since. Filters aren't perfect – but outdated filters are much less than perfect. Now who again exposed the kids to materials that impaired their morals?

Now I am not suggesting, without a full review of the evidence, that it was impossible that Ms Amero voluntarily visited the porn sites while sitting as a substitute teacher in the 7th grade class. Stranger things have happened. I also don't think that the mere presence of spyware, adware, or even remote control or Trojan horse software should act as a perfect defense to any crime or fraud that someone might conduct. This is not a "twinkie-defense" – "gee, I have malware, you can't convict me of anything". I have previously written about the so-called Trojan horse defense to allegations of hacking or downloading pornography. Indeed, the defense may be misused, and only an independent forensic examination can say for sure. However, the facts of this case strongly suggest that the substitute teacher was the victim of mouse-trapping, and not a porn surfer.

Not only could Amero be sentenced to 20 years in jail, there is nothing to prevent the Connecticut legislature from requiring – years hence – that she register as a sex-offender, and have her name posted on the internet in that capacity. She rejected a government plea offer which would have guaranteed a probationary sentence and a non-felony conviction. Nobody seems to suggest that a 20 year sentence is appropriate, and indeed, it is likely that Amero will get probation anyway. But the real question here is: does the evidence support the criminal conviction for knowingly displaying pornography (as opposed to not doing her job, surfing other websites during class time, or failing to react properly to the pornographic websites.)

This seems to be an example of bad – or at least incomplete – lawyering on both sides, and the vagaries of a "jury of your peers". Firstly, neither the prosecution nor defense experts fully presented their cases – the prosecution because they had no notice that adware would be an issue, the defense because they weren't permitted to because of possible discovery violations. The jury was asked to render a verdict on incomplete evidence and vague and ambiguous jury instructions about exactly what the crime was. Moreover, juries tend to believe expert testimony, and experts frequently display a degree of certainty that is not supported by the facts. And that is the real crime here. How is it that you can have two experts examine the same computer and conclude – with equal degrees of certitude – that the defendant deliberately typed in the URLs, and that she did not? The answer lies not with science, or forensics, but with humans. People naturally come to forensic examinations with preconceived ideas, and trying to prove something. This dictates what files they examine, and what they conclude from these files. They shade their testimony and examination. What is possible becomes likely. What is merely unlikely becomes impossible. The truth is, we will see more people wrongfully convicted of crimes they did not commit because the computer indicates that they did it. And computers never lie, right HAL?

Designing a Defense for Mobile Applications

More from The Register

next story
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.