Feeds

Was Julie Amero wrongly convicted?

Mouse-trapped

High performance access to file storage

Where was the school's filter?

While the Norwich school's Information Services Director Bob Hartz reportedly told a school board hearing in January 2007 that the school was running Symantec's WebNOT filtering software [Editor's note: SecurityFocus is owned by Symantec Corp], Hartz stated that the automatic update feature was not activated – possibly due to an unpaid invoice. Thus, for at least three months, the system was not blocking many pornographic websites, including the ones seen by the 7th grade class. There did not appear to be any kind of adware blocking software on the school machines. This could explain why there had never been an incident involving pop-ups prior to that date, and – assuming, as Hartz later told the school board, a new filter was installed (and updated) it hasn't happened since. Filters aren't perfect – but outdated filters are much less than perfect. Now who again exposed the kids to materials that impaired their morals?

Now I am not suggesting, without a full review of the evidence, that it was impossible that Ms Amero voluntarily visited the porn sites while sitting as a substitute teacher in the 7th grade class. Stranger things have happened. I also don't think that the mere presence of spyware, adware, or even remote control or Trojan horse software should act as a perfect defense to any crime or fraud that someone might conduct. This is not a "twinkie-defense" – "gee, I have malware, you can't convict me of anything". I have previously written about the so-called Trojan horse defense to allegations of hacking or downloading pornography. Indeed, the defense may be misused, and only an independent forensic examination can say for sure. However, the facts of this case strongly suggest that the substitute teacher was the victim of mouse-trapping, and not a porn surfer.

Not only could Amero be sentenced to 20 years in jail, there is nothing to prevent the Connecticut legislature from requiring – years hence – that she register as a sex-offender, and have her name posted on the internet in that capacity. She rejected a government plea offer which would have guaranteed a probationary sentence and a non-felony conviction. Nobody seems to suggest that a 20 year sentence is appropriate, and indeed, it is likely that Amero will get probation anyway. But the real question here is: does the evidence support the criminal conviction for knowingly displaying pornography (as opposed to not doing her job, surfing other websites during class time, or failing to react properly to the pornographic websites.)

This seems to be an example of bad – or at least incomplete – lawyering on both sides, and the vagaries of a "jury of your peers". Firstly, neither the prosecution nor defense experts fully presented their cases – the prosecution because they had no notice that adware would be an issue, the defense because they weren't permitted to because of possible discovery violations. The jury was asked to render a verdict on incomplete evidence and vague and ambiguous jury instructions about exactly what the crime was. Moreover, juries tend to believe expert testimony, and experts frequently display a degree of certainty that is not supported by the facts. And that is the real crime here. How is it that you can have two experts examine the same computer and conclude – with equal degrees of certitude – that the defendant deliberately typed in the URLs, and that she did not? The answer lies not with science, or forensics, but with humans. People naturally come to forensic examinations with preconceived ideas, and trying to prove something. This dictates what files they examine, and what they conclude from these files. They shade their testimony and examination. What is possible becomes likely. What is merely unlikely becomes impossible. The truth is, we will see more people wrongfully convicted of crimes they did not commit because the computer indicates that they did it. And computers never lie, right HAL?

Combat fraud and increase customer satisfaction

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
Reprieve for Weev: Court disowns AT&T hacker's conviction
Appeals court strikes down landmark sentence
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.