Network News

X My Profile
View More Activity

Buggy Justice in Connecticut

Ever gone to the wrong Web site by mistake, then thanked the deity of your choice that you were able to back out of there before any coworkers noticed? If you'd done that in a school in Norwich, Conn., you might be facing 40 years in jail.

No joke: Substitute elementary schoolteacher Julia Amero was convicted on Jan. 5 of four counts of "Risk of Injury to a Minor" for exposing a classroom of middle schoolers to pornographic images on her computer on Oct. 19, 2004. She faces a maximum penalty of 40 years in jail and was due to be sentenced today, but on Monday, Superior Court Judge Hillary Strackbein postponed her sentencing to March 29.

If you spend much time on computer-security issues, this is old news (for instance, Security Fix blogger Brian Krebs wrote an excellent analysis last month). But if you don't, this case is a tangled mess... read on for the ugly details.

First, let me summarize the case, based on my readings of the trial transcripts posted by the Norwich Bulletin.

The core of the prosecution's argument comes in the testimony of school IT manager Robert Hartz. He reported that network-use logs and Web pages cached by Amero's Internet Explorer browser showed her visiting AOL and Orbitz, followed by a series of porn sites.

But Hartz also testified that the school-wide firewall had not been updated in weeks ("when we went out to do the update, the company which was Symantec was saying no, you are not authorized to update"), the computer's anti-virus software was a week out of date and he didn't check for spyware or adware on the computer Amero had used. This inattention to security would be especially dangerous on a network of PCs running Windows 95, 98 and 2000--all less secure than the post-Service Pack 2 version of Windows XP.

The Norwich police also did not conduct a spyware search.

Amero's students that day, meanwhile, said that they caught glimpses of the pictures on these sites, although she tried to block their view of the screen or pushed them away from her desk.

The defense was not allowed to present evidence of a spyware problem on the computer--it had not submitted that as required during the pretrial discovery period--though computer consultant W. Herbert Horner did explain how one Web site redirected Amero's computer into an endless loop of pop-ups.

Amero testified that she attempted to close the porn pop-ups but they never stopped opening. She tried keeping the screen out of view of the students but did not pull the plug on the computer "because I was taught never to touch anything in the teacher's classroom." She didn't even turn off the monitor: "I don't know where the buttons are."

Amero had earlier declined a plea-bargain deal that would have left her with probation; after a three-day trial, a six-member jury found her guilty on all four counts.

OK, now my thoughts on this.

I know that people can do depraved things online. A friend of mine works in e-mail security at AOL, regularly catches one sicko or another trying to share child porn and has helped put these creeps in jail. But is this case anything like that? I see lots of mistakes all around, but none that justify sending anybody off to prison.

Here's what I'd say to the parties involved:

* To the people responsible for setting up this school's computers: If you use Windows, not keeping anti-virus software current or screening for spyware constitutes computing malpractice. I don't want you overseeing any network in any schools near me.

* To Ms. Amero, and anybody else who thinks a computer is so foreign that they're leery of turning one off: If you're going to take a job that requires you to use a computer, learn how. Read a book. Take a class. Do what you have to to do.

* To the jurors and judge: Don't think that everybody is in control of their PC all the time. There is such a thing as browser hijacking, and it can happen to the innocent.

How do I know this? In 2004, my colleague Amy Joyce learned of a case like Amero's: An employee at a major Army command around the Washington area was busted for having dozens of folders' worth of links to porn sites bookmarked on his browser. But the employee's supervisor, who had worked with the employee for the previous five years, thought this didn't make sense: Why would this guy have taken the time to file away his porn preferences in such obvious, gratuitous detail at work?

(The supervisor told this story on the condition that his name and his office not show up in print.)

Then he read a story about browser hijacking--my column--and asked the IT department to check out the employee's computer. They found no evidence that any of the bookmarked sites had ever been visited on that machine. The employee kept his job.

I'm sorry to say that this story never made it into the paper. I wish it had; maybe then somebody on the jury in Connecticut could have read it and learned a thing or two.

For other perspectives on this case:

* Alex Eckelberry, president of Clearwater, Fla.-based security-software developer Sunbelt Software, has been blogging regularly about Amaro's case (his blog is worth reading in general if you're interested in computer security).

* USA Today columnist Andrew Kantor, who has been reporting about the Internet for longer than I've been on it, argues for the defense in this recent column.

By Rob Pegoraro  |  March 2, 2007; 2:52 PM ET
Categories:  The business we have chosen  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: A Digital Deadline Dawns
Next: Unplugged But Not Unwired

Comments

I have written a review of this case that is on my web site at http://csriu.org. There is also a second document that provides guidance for schools on how to address the concern through effective security, education, and investigation of incidents -- none of which was done properly in Julie's case.

I have personally reviewed the police investigation records. It is clear that Julie was striving to the best of her ability, based on the instrucitons she was given, to deal with a "porn trap" situation. Of the 60 students who were in that classroom, only 10 saw anything -- and most of these students, by their own admission, were trying to look after becoming aware of the problem. Further, they clearly only saw brief glimpses, primarily of mild erotica. The lurid images shown to the jury were the ones that Julie effectively blocked those students from seeing.

A recent study by the Crimes Against Children Research Center revealed that 42% of young people between the ages of 10 and 17 have either accidentally or intentionally seen online pornography. This is a concern we need to address.

But trying to address this concern by convicting any adult who happens to be responsible for the young people to whom this happens is clearly NOT the way to do so.

Nancy Willard, author of Cyber-Safe Kids, Cyber-Savvy Teens

Posted by: Nancy Willard | March 2, 2007 5:09 PM | Report abuse

In light of this case, if I was a teacher in a public school I would refuse to teach in a room equipped with a Windows computer. I cannot imagine a worse situation than being held criminally responsible for bugs and viruses in Microsoft software.

Posted by: Phil | March 2, 2007 5:44 PM | Report abuse

I live here in Connecticut, and have been following this case since the first articles appeared in the Norwich Bulletin in early January. What Rob doesn't mention, but what is apparent from reading the trial transcript, is the incompetence of nearly everyone involved. The police officer who is the Norwich "computer expert" testified that one has to physically click on the links to get them to open -- patently false. The computer administrator for the school has blamed various others for the failure to adequately protect the system computers, from Symantec to a consultant using an incorrect e-mail address to not receiving an invoice. The prosecutor in the case emphasized the need to physically click on the links to get them to open in his closing argument to the jury. Subsequently, as information has come out about the spyware infestation, he has backtracked, saying now that it was her failure to protect the students that caused her to be prosecuted and convicted. Various jurors have spoken out publicly, one revealing his ignorance in an e-mail exchange with PC Worlds' Steve Bass. Finally, if you read the transcripts, you will also say that Julie Amero unfortunately had very poor counsel. Fortunately, the best lawyer in Connecticut, Willie Dow, has offered his services pro bono. The IT community has also stepped forward big time. Hopefully, the intervention of these people will make a difference.

Posted by: Brian | March 3, 2007 9:49 AM | Report abuse

Phil: your comment is infantile. Microsoft is responsible for all malware out on the internet? It's like blaming your parents for not making you disease resistant.
---------------------

I think Symantec make updates for their software super difficult for the non-computer minded. I've been called in to "rescue" friends computers -usually with Symantec products preloaded - but expired, and they can't figure out how to update it because of the knots it gets into.

Posted by: Nadia | March 3, 2007 1:36 PM | Report abuse

This is one tragic mess and it is pleasing ton note that there are people who understand and will really help. Now! when running spybot to check on spyware the names of files appear at the bottom of the screen. I note that I have such as 'sexy whatever'and other, but I have never visited any site that could possible be related to porn. And when I set the Microsoft 'search' going to look for the file, with the name, it isn't found - I have lots of such and I am very uneasy (I have MacAfee everything up to date). So when we are innocent, we are in possible trouble?

Posted by: Alan | March 5, 2007 12:46 PM | Report abuse

Can someone update us on this--has the new lawyer appealed? Will she be released till the appeal is heard? WIll she be allowed to teach (not that she'd want to after this experience!).

This is shameful! Yes, it is regrettable that the kids 'saw' anything, but as everyone else has said, it is all but inevitable in many cases, esp. when those responsible for security don't keep things updated.

This teacher is going through a Kafka-esque experience that no one should have to go through. Shame on the prosecutor, parents and PTAs who pushed the prosecution and the judge for not being sure their 'experts' were actually experts! What a nightmare!

Posted by: H Rich | March 5, 2007 1:20 PM | Report abuse

Spybot checks against a known list, it doesn't mean you visited the site. Or as Rob clearly writes at the beginning, you don't have to visit the site nor click it to have it listed on your computer's bookmarks.

Secondly, I have Norton it works well! Thirdly, on most computer systems, such as one that a school should employ, I don't believe any individual can randomly make changes to anything on the computer without being an administrator, which clearly as a sub or temp, Ms. Amero was not. (Yes, I am sure now she would just pull out the plug.)

Since I live in the South, I haven't read any articles that mention the school even tried to help or educate their staff. They certainly seem willing to let Ms. Amero hang, though!

If Symantec products are preloaded, but expired, there is no update until the user's forks over money - like the rest of us - and gets the yearly subscription. That's clearly stated for those of us who take the time to read what we are agreeing to. Don't click if you're not sure!

Again, as Rob states, Ms. Amero should have more computer skills then what she apparently has, but got thrown into a bad situation...

Posted by: umm.huh | March 5, 2007 1:28 PM | Report abuse

I am not suprised at this situation. Being a former teacher I know how totally disorganized and chaotic school systems can be. And how people can be put in positions knowing nothing of the subject but knowing someone in authority. Obviously the 'computer expert' was an idiot and if I was the teacher I would sue him for everything since his ignorance of the job might be sending her to jail. But I also agree, how in this day and age can the teacher be so stupid. I heard those excuses 20 years ago but now if in doubt, pull the plug. If sparks were shooting out of the computer would she have let the building burn down?

Posted by: Chris G. | March 5, 2007 2:59 PM | Report abuse

A few years ago I was managing a bookstore that specialized in spirituality, and when I got our phone bill it was unusually large. Then I saw a series 900 calls, that were enormous. I did my detective work and called one and it was a porno line! It was a small bookstore and I knew my employees pretty well, but I had the embarrassing duty of asking the males if they had made such calls. They were horrified at the thought, and perhaps more horrified to be asked. When I looked closer, I realized the calls were being made from a co-workers dedicated computer line. Not only that they were made while I was likely sitting with him in the office a few yards away. This fellow is the most scrupulous person I've ever met. Even if he was making calls to porno lines, making calls to porno lines with me in the room would be like making such calls with your mother in the room! The phone company told me that computers could be hijack (this was some years ago, and I was unaware of that). The phone company removed the charges. I blocked 900 numbers. No jobs were lost, and I had to convince the poor fellows, I really did believe that didn't make the calls!

Posted by: Ann | March 5, 2007 3:35 PM | Report abuse

Chris G.: You might find the article by Brian Krebs about this case at http://blog.washingtonpost.com/securityfix/2007/01/substitute_teacher_faces_jail.html
interesting. Note that it says "'I dared not turn the the computer off. The teacher had asked me not to sign him out' of the computer, she recalled." So there is a reason she didn't pull the plug- fearing being in trouble for disobeying the instructions of the teacher she was substituting for.

Posted by: herm | March 5, 2007 3:39 PM | Report abuse

There's no reason to repeat the technical details -- Ms. Amero has been railroaded.

Here's what I can't understand --

You have a substitute teacher with considerable teaching experience, with no hint of previous transgression, who comes into a new classroom situation and we're supposed to believe that:

1. She's going to sit there in front of a class of elementary school students and ignore them while she surfs porn?

2. Even if she lost her mind and did what she's been accused of, her non-existant criminal and disciplinary record combines with the minimal impact on the students (who have undoubtedly seen much of what displayed on the screen before, probably in the same school given how the machine in the class was configured) --

-- and school administrators, town police, the local prosecutor and the jury all agree that the most appropriate punishment is incarceration for potentially up to 40 years??? Isn't this unbelievably out of proportion to the 'crime'?

Something is seriously broken in Connecticut.

Posted by: Gary Goldberg | March 5, 2007 3:48 PM | Report abuse

First of all, this conviction is utter nonsense. The prosecutor should be in jail for attempting to jail a poor young woman who was just trying to teach kids.

Second, I agree with the comment that if I was a teacher in Connecticut, I would refuse to teach if a computer (particularly a Windows computer) was in the classroom. The risk is too great.

Third, this obsession with "Think of the children" has got to stop. It's a sickness; It prevents rational thought and forces us to play the big pretend game where we treat our children as veal and that any little bruise or scratch is a life-scarring event. I have two teenage children and I don't filter their internet. The computers are only in allowed in the family room (everyone has their own portable) and I explain that if they will see things on the internet that are unfiltered, they will get email that will embaass them, and that they should ignore it. If they're concerned, come see me. And I don't freak out when I see a naked person. Guess what... the kids almost never see these images (Macs don't have malware!) and when they do, they don't try to hide it because I don't freak out.

Now, down to specifics.

First, anyone who uses Symantec is advertising their ignorance. Don't use it. Instead, get a hardware router/firewall. I've convered 95% of the risks on the internet. Now you no longer have to screen around with magical firewalls in Windows. Now add a free antivirus. AVG by Grisoft is superior in every way to Symantec and all the pay antivirus. Except it's free. Finally, download firefox and turn on the popup blocker.

There. I've fixed your PC for free and it's safe. If you're more sophisticated, you can run Webroot Spysweeper. Optional for most users.

And consider a Mac. I use both, and I think the Mac is better for most people. By a lot.

Posted by: Tom Krotchko | March 5, 2007 9:33 PM | Report abuse

I say inundate Lieberman's office: http://lieberman.senate.gov/contact/index.cfm?regarding=issue

and Dodd's office: http://dodd.senate.gov/

with email pleas to wake up and pull some strings to bring some justice to this madness.

Some high profile political people need to get involved and do something about this idiocy. People who are technically challenged making legal decisions involving technical matters? Ugh.

Connecticut is clearly "Dis-Connected"...

Posted by: Greg Moreau | March 5, 2007 11:32 PM | Report abuse

The problem is, child protection laws have gotten so fine and precise, that almost any negative situation like what Julia faced, can result in huge amounts of prison time. Frankly, I have no idea what Julia was or was not doing. I am not sure anyone else does either. Facing prison time for what did or did not occur in this case makes absolutely no sense. At the most, she should be fired for incompetence. What happened in the good old days when people could be fired? Now its prison, I really dont get it.

Posted by: Carl | March 6, 2007 12:38 AM | Report abuse

The teacher should sue the school for their failure to secure their computers, causing significant damage to her earning ability.

I've only taken a couple of law courses, but my recollection is that you can't commit a crime without having some intent to do so. Must be different in Connecticut.

Posted by: lart from above | March 6, 2007 6:18 PM | Report abuse

"you can't commit a crime without having some intent to do so"?

Sue your law class teacher!

Involuntary manslaughter comes to mind.

Posted by: john | March 6, 2007 8:19 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company