Buggy Justice in Connecticut
Ever gone to the wrong Web site by mistake, then thanked the deity of your choice that you were able to back out of there before any coworkers noticed? If you'd done that in a school in Norwich, Conn., you might be facing 40 years in jail.
No joke: Substitute elementary schoolteacher Julia Amero was convicted on Jan. 5 of four counts of "Risk of Injury to a Minor" for exposing a classroom of middle schoolers to pornographic images on her computer on Oct. 19, 2004. She faces a maximum penalty of 40 years in jail and was due to be sentenced today, but on Monday, Superior Court Judge Hillary Strackbein postponed her sentencing to March 29.
If you spend much time on computer-security issues, this is old news (for instance, Security Fix blogger Brian Krebs wrote an excellent analysis last month). But if you don't, this case is a tangled mess... read on for the ugly details.
First, let me summarize the case, based on my readings of the trial transcripts posted by the Norwich Bulletin.
The core of the prosecution's argument comes in the testimony of school IT manager Robert Hartz. He reported that network-use logs and Web pages cached by Amero's Internet Explorer browser showed her visiting AOL and Orbitz, followed by a series of porn sites.
But Hartz also testified that the school-wide firewall had not been updated in weeks ("when we went out to do the update, the company which was Symantec was saying no, you are not authorized to update"), the computer's anti-virus software was a week out of date and he didn't check for spyware or adware on the computer Amero had used. This inattention to security would be especially dangerous on a network of PCs running Windows 95, 98 and 2000--all less secure than the post-Service Pack 2 version of Windows XP.
The Norwich police also did not conduct a spyware search.
The defense was not allowed to present evidence of a spyware problem on the computer--it had not submitted that as required during the pretrial discovery period--though computer consultant W. Herbert Horner did explain how one Web site redirected Amero's computer into an endless loop of pop-ups.
Amero testified that she attempted to close the porn pop-ups but they never stopped opening. She tried keeping the screen out of view of the students but did not pull the plug on the computer "because I was taught never to touch anything in the teacher's classroom." She didn't even turn off the monitor: "I don't know where the buttons are."
Amero had earlier declined a plea-bargain deal that would have left her with probation; after a three-day trial, a six-member jury found her guilty on all four counts.
OK, now my thoughts on this.
I know that people can do depraved things online. A friend of mine works in e-mail security at AOL, regularly catches one sicko or another trying to share child porn and has helped put these creeps in jail. But is this case anything like that? I see lots of mistakes all around, but none that justify sending anybody off to prison.
Here's what I'd say to the parties involved:
* To the people responsible for setting up this school's computers: If you use Windows, not keeping anti-virus software current or screening for spyware constitutes computing malpractice. I don't want you overseeing any network in any schools near me.
* To Ms. Amero, and anybody else who thinks a computer is so foreign that they're leery of turning one off: If you're going to take a job that requires you to use a computer, learn how. Read a book. Take a class. Do what you have to to do.
* To the jurors and judge: Don't think that everybody is in control of their PC all the time. There is such a thing as browser hijacking, and it can happen to the innocent.
How do I know this? In 2004, my colleague Amy Joyce learned of a case like Amero's: An employee at a major Army command around the Washington area was busted for having dozens of folders' worth of links to porn sites bookmarked on his browser. But the employee's supervisor, who had worked with the employee for the previous five years, thought this didn't make sense: Why would this guy have taken the time to file away his porn preferences in such obvious, gratuitous detail at work?
(The supervisor told this story on the condition that his name and his office not show up in print.)
Then he read a story about browser hijacking--my column--and asked the IT department to check out the employee's computer. They found no evidence that any of the bookmarked sites had ever been visited on that machine. The employee kept his job.
I'm sorry to say that this story never made it into the paper. I wish it had; maybe then somebody on the jury in Connecticut could have read it and learned a thing or two.
For other perspectives on this case:
* Alex Eckelberry, president of Clearwater, Fla.-based security-software developer Sunbelt Software, has been blogging regularly about Amaro's case (his blog is worth reading in general if you're interested in computer security).
* USA Today columnist Andrew Kantor, who has been reporting about the Internet for longer than I've been on it, argues for the defense in this recent column.
Posted by: Nancy Willard | March 2, 2007 5:09 PM | Report abuse
Posted by: Phil | March 2, 2007 5:44 PM | Report abuse
Posted by: Brian | March 3, 2007 9:49 AM | Report abuse
Posted by: Nadia | March 3, 2007 1:36 PM | Report abuse
Posted by: Alan | March 5, 2007 12:46 PM | Report abuse
Posted by: H Rich | March 5, 2007 1:20 PM | Report abuse
Posted by: umm.huh | March 5, 2007 1:28 PM | Report abuse
Posted by: Chris G. | March 5, 2007 2:59 PM | Report abuse
Posted by: Ann | March 5, 2007 3:35 PM | Report abuse
Posted by: herm | March 5, 2007 3:39 PM | Report abuse
Posted by: Gary Goldberg | March 5, 2007 3:48 PM | Report abuse
Posted by: Tom Krotchko | March 5, 2007 9:33 PM | Report abuse
Posted by: Greg Moreau | March 5, 2007 11:32 PM | Report abuse
Posted by: Carl | March 6, 2007 12:38 AM | Report abuse
Posted by: lart from above | March 6, 2007 6:18 PM | Report abuse
Posted by: john | March 6, 2007 8:19 PM | Report abuse
The comments to this entry are closed.