Hello All,
It's been a while since my last post. My apologies, but I have been swamped getting up to speed in my new job. I'll post in the near future about that, but right now there's something *much* more important going on that affects anyone who may have a computer within arm's length of a minor. If you have know a teacher, librarian, Internet Cafe owner or any other person that accesses the Internet in front of anyone under the age of 16, take heed.
You may have read about Julie Amero, a substitute teacher in Norwich, CT who was arrested and convicted of multiple felony counts of risk of injury to a minor or impairing the morals of a child. She is due to be sentenced to up to 40 years in jail on March 2, 2007. While it is unlikely that she will get the full sentence, what is not unlikely is that she will have to register as a sex offender and will never teach again. For a little background color, see:
http://www.norwichbulletin.com/apps/pbcs.dll/article?AID=/20070106/NEWS01/701060312/1002/NEWS17
Why did this case ever make it to trial? Short and quick answer based on the actual facts of this case (and we'll get to those in a moment):
- A scapegoat was needed to cover for someone. Who that might actually be is an open matter of discussion, and pure speculation at this point. The transcripts will be posted online soon, so you can connect the dots from there.
While I am not a lawyer, it would appear that when the professor was discussing Mens Rea in law school, the prosecutor in this case must have thought he heard "Mens Room" and left for an hour. Let's ponder the definition for a moment:
Mens rea:
"The mental component of criminal liability. To be guilty of most crimes, a defendant must have committed the criminal act (the actus reus) in a certain mental state (the mens rea). The mens rea of robbery, for example, is the intent to permanently deprive the owner of his property."
Source:
http://www.nolo.com/definition.cfm/Term/CDBD25E2-0C22-4452-89C87F8A413EE73B/alpha/M/
Do you mean to tell me that a 40 year old substitute teacher who was 4 months pregnant at the time *intended* to show porn to a room full of 12 year olds, get arrested and probably never teach again? All of the forensic evidence indicates otherwise. Let's look at the facts here, and let you be the jury.
- Fact - The jury never got to hear the full testimony of an actual computer expert in this case. Herb Horner was only able to present 2 powerpoint slides.
- Fact - Expert analysis establishes the fact that spyware/adware was found on the suspect hard drive. Popups did in fact direct the web browser to porn websites.
- Fact - No forensic analysis was ever conducted by the prosecution to establish that popups did not cause the porn to display. If you are going to accuse someone of something, wouldn't you first want to first establish actual intent? In my eyes, this would include eliminating the possibility of other causes.
- Fact - The computer in question was Windows 98 with IE6. Cheyenne Antivirus was installed (Cheyenne for Windows 95 4.00 Trial version, build 048), but was not updated (signature version 47.35). At that point in time (October 2004) most antivirus packages did not detect spyware anyway, much less a package like Cheyenne that was due to be EOL'd soon by CA anyway. In fact, the last date known that the AV signature changed was June 7th, 2004. One more tidbit: the whole product line went officially out of life March 17th 2004, but unofficial updates continued until June 30th, 2004. The School's content filter was likewise grossly out of date by almost 3 months. Anyone who has ever run this OS knows that it is notorious for allowing popup loops to happen. My mother-in-law is 78, and has been caught in a similar loop from by simply mistyping a URL for a cooking site. I've seen it with my own eyes. If you've never been a witness to how this happens, (there may be one or two of you out there), check out: http://www.benedelman.org/scripts/video/?v=dr-jun06
- Fact - No antispyware was running on the computer.
- Fact - The "expert" in this case, Detective Mark Lounsbury, testified that "You have to physically click on it to get to those sites," . "I think the evidence is overwhelming that she did intend to access those Web sites." This erroneous testimony was based entirely on the fact that the forensic software used (ComputerCop) found these links in the TypedURLs registry key. Any forensic expert worth his salt would tell you that the presence of this in the registry *DOES NOT* distinguish between popups, popunders or physically followed links. Saying that this testimony was misleading to a jury would be an understatement. Especially when evidence to the contrary was not allowed to be admitted. While I do not know the Detective's qualifications, I've trained many Law Enforcement people over the years on a variety of computer investigative situations, and Ghosting a hard drive image is generally frowned upon. Especially when the proper flags are not set to allow for an exact bit copy.
- Fact - Ms. Amero was explicitly told not to turn off the computer or log off of it under any circumstances. This was held against her by the jury. One juror's exact words are:
- "The fact that a teacher in a public scol system did absolutly nothing to keep it away from the children is what was wrong. Yes we were told that she was given no permissions to turn off the computer, she also said she was not allowed to use any other school equipment. If a 40 year old school teacher does not have the sense to turn off or is not smart enough to figure it out, would you or any other person wanting her teaching your child or grandchild?" Source: http://blogs.pcworld.com/tipsandtweaks/archives/003741.html
- Fact - Ms. Amero turned down a plea bargain that would have gotten her only probation. Why would she do that unless she truly believed in her innocence?
- Fact - Ms. Amero did, in fact, seek help for the popups but was told "not to worry about it". She also physically turned another students face away from the screen. This flies right in the face of the juror's comment of "did absolutly nothing to keep it away from the children".
The fact that Ms. Amero was never instructed or even knew how to turn off the computer never entered the jury's mind, evidently. Don't we all have someone we know that is not computer savy? Even more assonine was the assertion that a coat or sweater should have been placed over the monitor. Why not stick a fork in a toaster while you're at it? A fire hazard such as this would place the students at more risk than popups ever could.
Those of you who know Mark Rasch know that he is a very level-headed person, and with a keen legal eye. He is also very objective. Even he agrees that this is should never have gone to trial :
http://www.securityfocus.com/columnists/434
If you are privy to any more facts about the case, feel free to post them here. Dave Aitel and I did a session for the Northeast chapter of the HTCIA a few years ago about this exact type of scenario happening. It is trivially easy to take over a Windows 98 computer today, and was almost as easy in 2004/2005. I wish the Detective could have been in attendance for that one.
More links:
http://windowssecrets.com/comp/070222#story0
http://www.gameshout.com/news/substitute_teacher_could_see_jail_time_for_exposing_kids_to_porn/article8928.htm
http://csriu.org/
http://www.state-v-amero.com/
How was the classroom set up?
http://www.imagination3.com/LaunchPage?aFileType=&_nolivecache&aDrawingID=20070211_112912832_1493180511_usa&lscid=184982417
And while I'm not one to "panhandle" (Heck, my wife can't even get me to bring my daughter's school cookie sales flyers into work), I urge anyone who is capable of doing so to contribute what you can to her defense.
http://julieamer.blogspot.com/2007/02/contribute-to-julie.html
A precedent like this being set opens *anyone* to potential liability and criminal prosecution. When's the last time you updated your content filter at home? Is it truly effective? Do you have a wireless access point setup? Can you prevent a minor from using it and displaying inappropriate content? There are a hundred roads that liability could go down should this be allowed to stand. And think about this for a moment: If a computer security vendor can't prevent a computer from being 0wn3d or inappropriate content from being displayed on a public computer at the world's largest security conference, what success will the "Average Joe" have doing it?
http://blog.wired.com/27bstroke6/2007/02/rsa_conference_.html
Your thoughts?
I feel for Julie Amero, it is quite possible she is entirely innocent.It happened to my family while were researching homework info with my kids when one of these gross porno pop-ups hit us, startled and disgusted I worked fast to get rid of it apologising to my kids about the sick filth there is out there, but the faster I deleted the stuff the faster another site came on line like a deluge,as soon as i realised what I was being hit with I pulled the plug,but it was too late, my kids had in seconds been exposed to filthy hardcore in what was an innocent homework search.I checked our computer later and saw that our firewall had expired it's certificate leaving us open to any deluge of this kind.I now have scanning firewalls on all our computers that update new patches daily.Parents beware , make sure your kid's PC's have adequate and updated protection.Julie:Get your lawyers to have that ITEM:school computer's drive caches analysed to locate the codes that caused the invasion deluge effect.
I think it would be more appropriate to put her in the stocks for a day and then make her wear a large scarlet letter "A" (for Amateur) around her neck. Then we could stone her, with those of us who have never been guilty of not knowing everything, especially as it relates to technology, casting the first stones. This is, after all, Connecticut.
Sorrel Jakins
Disgusted in Provo.