Feeds

Amero case spawns effort to educate

Julie Group seeks to avoid future wrongful convictions

Boost IT visibility and business value

A group of security professionals, legal experts, and educators who helped former Connecticut substitute teacher Julie Amero overturn a conviction on charges of exposing her students to pornographic pop-up ads has formed a permanent organisation that aims to educate the courts and legislators about technology, crime, and digital forensics.

Taking the name of the person who brought them together, the members of the Julie Group intend to teach lawyers and end users about issues of technology and criminal law, lobby policy makers for fairness in criminal codes and regulations, and bring to light unfair prosecutions. The group will likely again offer their computer-security expertise to prosecutors and defense attorneys in future cases.

"Our helping Julie Amero was about two things: Getting Julie out of jail and making sure that something like this doesn't happen to other people," said Alexander Eckelberry, president of security firm Sunbelt Software. "We learned with Julie that giving people a voice makes a big difference."

On January 5, a six-person jury found Amero, a former substitute teacher at Kelly Middle School in Norwich, Connecticut, guilty of four counts of risk of injury to a minor, a Connecticut law that includes endangering a the morals of a minor. The charges stem from an incident on 19 October, 2004, when Amero's classroom computer started displaying pornographic pop-up advertisements.

Prosecutors argued that the images appeared because Amero visited porn sites while in class, while the former teacher's defense attorney argued that spyware installed from a hairstyling website caused the deluge of digital smut. The four convictions could have resulted in a maximum of 40 years in prison for the former schoolteacher.

Following the conviction, Eckelberry and others formed a group to analyse the evidence, producing a digital-forensics report that refuted many of the statements made by the prosecution's cybercrime expert, Mark Lounsbury, a detective with the Norwich Police Department, Eckelberry said.

The analysis was not straightforward. Other people, including the middle school's information technology administrator, had accessed the hard drive of the classroom's computer - a Windows 98 SE machine sporting Internet Explorer 5 and expired security software - following the pop-up incident.

Moreover, the investigators only gave the defense a copy of the files on the hard drive, not a bit-for-bit copy of the disk, said Joe Stewart, senior researcher for security firm SecureWorks and a member of the Julie Group's forensic analysis team.

"We had to go with what the prosecution gave to the defense," Stewart said. "You couldn't tell after the fact what had happened. You could tell that things were changed, but you couldn't tell how they were changed."

The security researcher hacked together a web server that could use the browser cache and temporary files to recreate the last web pages that appeared on the computer. The researchers used that and other digital forensics techniques to piece together some of what happened and refute the prosecution's interpretation of events.

The independent group's analysis of the classroom computer, and vocal criticism from technology professionals across the internet, convinced the prosecution to request its own digital forensics report from the state's crime laboratory. Following that analysis - and after delaying Amero's sentencing four times to allow any new evidence to be uncovered - the judge granted on 6 June a motion by the defense to overturn the verdict and allow a new trial.

"When the motion was accepted for a new trial, that was kind of a huge milestone for the group," said Sunbelt Software's Eckelberry. "You get a bunch of people together and this whole community thing is amazing."

The Amero case would not the first time that confusion about technology has led problematic prosecutions. In 2002, a 29-year-old network administrator was convicted under the Computer Fraud and Abuse Act for sending 5,600 email messages to customers of his former employer - the now-defunct email provider Tornado Development - warning about a security hole in Tornado's service that left private messages vulnerable to unauthorised access.

The prosecutors in the case argued, and the judge agreed, that McDanel was guilty of unauthorised access and abused Tornado's email servers to send the messages. The prosecutors have since admitted their mistake and the case was overturned on appeal, but not before McDanel served 16 months in prison.

While such cases appear to account for a small number of prosecutions, the increased sophistication employed by bot masters and fraudsters in compromising victims' computer could mean that more muddled cases might be ahead.

"Thinking about the implications - that any teacher could get infected after going online, have porn show up on their computer, and go to jail for 40 years - that's bad," said SecureWorks' Stewart. "My own sister is a teacher and she is not that far from Norwich. This could happen to her."

The Julie Group has started forming committees to focus on different tasks and continues to be run as an all-volunteer organisation, Eckelberry said. The group has already started considering other cases.

This article originally appeared in Security Focus.

Copyright © 2007, SecurityFocus

Build a business case: developing custom apps

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.