Julie Amero Case - Witch Hunt in Connecticut

Wednesday, January 10, 2007
Is this a miscarriage of justice?

A substitute school teacher in Connecticut has been found guilty of exposing children to porn.

She could face up to 40 years in prison.

However, there are some interesting aspects to this case:

* The defense contends this was a case of spyware on the school machine — a barrage of popups.

* The school did have content filtering but the license was expired.

* According to another article, “Computer expert W. Herbert Horner, who performed a forensic examination of the computer for the defense, said Amero may have been redirected to the sexually-oriented sites through a hairstyling site accessed from the computer. He said the site allowed spyware to be downloaded onto the computer which allowed the pop-ups.”

* And, according to one source, the Trial Judge, Hillary Strackbein, “was seen falling asleep during proceedings and made comments to the jury that she wanted the case over by the end of the week. It was also reported that Judge Strackbein attempted to pressure the defense into an unwanted plea deal, in place of a trial. The defense attorney for Amero, moved for a mistrial shortly before closing arguments Friday, based on reports that jurors had discussed the case at a local restaurant.” (I believe that the judge questioned the jurors subsequently and they denied having discussed the case.)

* And, the detective in the investigation "admitted there was no search made for adware, which can generate pop-up advertisements".

Was justice done here? A bad spyware infestation can splatter a machine full of porn popups and it’s a bit unnerving to think that a teacher could get hard prison time for something that was likely to have been completely innocent.

Alex Eckelberry

More Details Emerge in the Julie Amero Case

by Andy Carvin, 3:51PM

Ever since substitute teacher Julie Amero was convicted last month of exposing her students to pornography on her classroom computer, bloggers have been debating who’s to blame, with most siding with her. Now, a published interview with a tech consultant who analyzed the Internet user logs for the day of the incident raises some difficult questions about potential failures of the school’s IT department.

The blog Network Performance Daily, which has been following the Amero case closely, published an interview with Internet consultant Herb Horner. Horner analyzed the user logs of the PC accessed by Amero, but was not allowed to present all of his findings to the jury.

Note: I’ve removed the URLs of websites referencing porn.

On October 19, 2004, around 8:00 A.M., Mr. Napp, the class’ regular teacher logged on to the PC because Julie Amero being a substitute teacher did not have her own id and password. It makes sense that Mr. Napp told Julie not to logoff or shut the computer off, for if she did she and the students would not have access to the computer. The initial user continued use of the PC and accessed Tickle.com, cookie.monster.com, addynamics.com, and adrevolver.com all between 8:06:14 - 8:08:03 AM. During the next few moments Julie retrieved her email through AOL.

[Link] was accessed at 8:14:24 A.M., based upon the hair style images uploaded to the PC we were led to believe that there were students using the computer to search out hair styles. The user went to http://www.crayola.com at 8:35:27 A.M. The user continued accessing the original hair site and was directed to [link]. This site had pornographic links, pop-ups were then initiated by [link]. There were additional pop-ups by realmedia.com, cnentrport.net, and by 9:20:00 A.M., several java, aspx’s and html scripts were uploaded. A click on the [link] icon on the [link] site led to the execution of the [link] script along with others that contained pornographic links and pop-ups. Once the aforementioned started, it would be very difficult even for an experienced user to extricate themselves from this situation of porn pop-ups and loops.
All of the jpg’s that we looked at in the internet cache folders were of the 5, 6 and 15 kB size, very small images indeed. Normally, when a person goes to a pornographic website they are interested in the larger pictures of greater resolution and those jpgs would be at least 35 kB and larger. We found no evidence of where this kind of surfing was exercised on October 19, 2004.

According to this interview, it would seem that Horner believes that the chain of events leading to the appearance of pornographic images began with accidental access to a porn site bearing a similar name to a legitimate site. His remarks regarding the size of the images also suggest that the offending images were pop-up images rather than the full-size images one would expect to find when purposefully visiting a particular site.

Horner goes on to comment on his inability to present all of these findings to the jury, and its impact:

We asked the prosecution to arrange for the defense to have unfettered access to the internet so that we could reenact the events of October 19, 2004. It was not granted. I went to court with two laptops and a box full of reference material prepared to very clearly illustrate what happened to Julie Amero. But, the prosecution objected because they were not given “full disclosure” of my examination. I was allowed to illustrate two screens, that of the [link], and [link] sites.

This was one of the most frustrating experiences of my career, knowing full well that the person is innocent and not being allowed to provide logical proof.

If there is an appeal and the defense is allowed to show the entire results of the forensic examination in front of experienced computer people, including a computer literate judge and prosecutor, Julie Amero will walk out the court room as a free person.
Let this experience stand as a warning to all that use computers in an environment where minors are present. The aforementioned situation can happen to anyone without fail and without notice if there is not adequate firewall, antispyware, antiadware and antivirus protection. That was not provided by the school administration where Julie Amero taught.

Brian Boyko, blogger at Network Performance Daily, considers the implications of these events and wonders what it means to IT managers:

There’s tons of commentary on the web railing about the outcome of the Julie Amero case itself, but what I think we need to talk about is, what does it mean for IT?

This case hints at a possible “worst case scenario” for IT departments and network managers in particular: will IT ultimately be held responsible, just as Julie Amero was, for the material that gets distributed over their network?
Today, IT isn’t just responsible for uptime - they’re also, in many ways, responsible for the experience of end-users of the network. In the Amero case, this appears to have been taken a bit too far. In this case, there was no record of network activity during and before the event. If the computer could have been shown to access some of the offending Web sites before Ms. Amero entered the classroom that morning, for example, it would have been powerful evidence for the defense. If the pornography sites were only being loaded after Ms. Amero walked in, it would seem powerful evidence for the prosecution. Either way, this case would have been better served if there was an existing record of what packets were downloaded when.

While Boyko’s post doesn’t specifically address school technology directors, it easily could have done so. I haven’t seen a huge amount of discussion from the IT management perspective, but that may change, particularly if she is given a prison sentence. Whether you blame Amero or not for what happened, there’s no denying that the network in place that day allowed pornographic images to appear on the computer screen. If incidents like this happen again - and they will, no doubt - will schools’ IT departments find themselves guilty of negligence? -andy

Filed under : Internet Safety, People, Policy
Responses

Thank you for your coverage; if you plan to do any follow-up, I’ll be happy to share any information we’ve uncovered.

— Brian Boyko
— Editor, Network Performance Daily.

By Brian Boyko 12:11PM on 06 Feb 07

I really feel I need to comment. This trial has all the earmarks of a kangaroo court, or justice fitting of some uncivilized nation. That the defense was barred from presenting the most obvious and logical of arguments is infuriating. I write because the same thing happened in our household. Whenever we would access the MSN home page, disgusting porn pop-ups would appear and there was no getting rid of them. We have young kids in the house that frequently open my wife’s computer. Fortunately, we saw the problem and addressed it before any “damage” was done. The solution? Remove and re-install MSN software. Apparently, the adware was attached somehow to the MSN program from some point forward until we took the link away. I pray that someone in the legal system will listen, open the case again and conduct a fair, civilized trial. Not knowing all espects of the case, I can’t go so far as to declare innocence for Ms. Amero, but two things are clear - 1)it CAN happen to anyone and 2) the trial should be declared invalid.

Respectfully submitted - Larry Christianson, Oregon

By Larry Christianson 6:19PM on 13 Feb 07

Again, a travesty, a witch hunt, successful.

Mr. Napp logged on, told Julie Amero to NOT log off or turn off, and, Julie Amero left the room for a restroom break, Then, Mr. Napp, the regular teacher, left for the day, prior to her return!

7th grade students, unsupervised, roamed the web, on an old Gateway, running Microsoft’s Windows 98 on a school network that had let their firewall/AV program licenses lapse.

Julie returned, pop-ups were happening, she blocked the view, went for help, was promised by a teacher in the lounge that the Principle, Mr. Fain, would respond, which he never did, and he, plus the IT department, gets off scot free?

Now, the Detective had two hours training, via telephone, and a simple $19 program, but is suddenly proclaimed by the prosecutor to be their ‘expert’, who admits he never searched for malware on the system.

What a perfect case for judicicial and Prosecutorial
misconduct, being that the Judge Hillary Steinberg is alleged to have slept through some of the case, had instructed the jury that she wanted a quick verdict, and had attempted to coerce Julie Amero into a guilty plea bargain! It smacks of bias!

Oh, the jury was alleged to have discussed the case over lunch in the nearby diner, but, without being sworn in, stated to the Judge they had not.

This case cries for Appelate reversal. All you folks running Microsoft, should simply run a LiveCDrom, which would have got her class on the Internet, without any pop-ups, and no history!

By Old Techy 8:48PM on 13 Feb 07

A brief scan of the news of the day led me to the story of Julie Amero. My initial reaction was “How great a tragedy that someone’s life has been turned upside-down by an act not within her control.” Moreover, facing the idea of up to 40 years in prison for it — even if this were a true crime, is this a legitimate punishment?

I thought that before I go out and start my own crusade to “Free Julie Amero,” it would be appropriate for me to get a few more facts about the case. A quick Googling and that’s just what I got when I read your piece. I’m truly baffled by the lack of knowledge, understanding, and the willingness to accept the truth about the Internet: it PREYS on people like Mrs. Amero — constantly entering into our personal space (i.e. � our computer hard drives) carrying out tasks without showing itself, loading unwanted, harmful software and “toolbars” that do nothing but collect more data to use for commercial purposes, steal personal information, and slow your computer down to a snail’s pace. And for this, we get the first American teacher to face up to 40 years in prison � yes, prison — for something where from the facts the readers of “Windows for Dummies” could derive “reasonable doubt.”

This country needs to do something about the high-jacking of John and Jane Doe’s privacy. Companies and individuals alike are force-feeding us more junk mail, circulars, pop-up ads and unwanted email then EVER. If porn, print advertising, spam and the software programs that generate it all didn’t pump BILLIONS of the Almighty Dollar into the economy, we’d all be standing at the steps of Capitol Hill demanding that our elected officials — who supposedly represent our best interests — put an end to it all. No, REALLY, put an end to it all!

And lo, the proponents stand behind the cloaks of �free enterprise� and my personal favorite, “free speech.” Ah, the good �ol Constitution….

But what if no one wants to hear it?

Julie Amero is a sacrificial lamb to the Gods of Ignorance and Enterprise, while the greater good of the Internet continues to bear a world-wide-bad-rapp.

And Johnny Cochran is furiously tossing in his grave.

By Christopher 2:42AM on 14 Feb 07

Hmm.. Why is it that people are so willing to accept the story that students accesses a malware-laden website?

Was it not Ms. Amero’s statement that she didn’t know which students were at the computer? Did the investigating officer not indicate that he was unable to locate any student who could corraborate Ms. Amero’s version of the events (except to say that they saw porn on the computer while she was sitting in front of it)?

Is it not true that Ms. Amero purposely went to dating websites and her personal email accounts - in violation of district policy which forbid using school computers for personal entertainment? Is it not true that these accounts were accessed while Ms. Amero was to be teaching a class?

Does Ms. Amero not have a computer in her home with many of the same “cookies” from these porno sites logged in? Is it not true that Ms. Amero, when interviewed by police, responded that she, “couldn’t remember” why she went to cookiemonster.com, eharmony.com, or tickle.com? Is it not true that there was less than 1 minute between Ms. Amero’s accessing of her personal AOL account and the offending “hairstyle” website?

C’mon people, malicious spyware wasn’t even part of her defense! Her statements to police (and her own attorney’s opening arguments) were that she didn’t expose children to pornography.

Note too, that Ms. Amero didn’t notify anyone (not even the teacher that was logged in) of the incident? It came to light only after 12yr old students complained to other school officials that she had been “watching naked people on the school computer.” Even by the defense’s own expert, no pornographic sites were ever logged in prior to Ms Amero’s day in front of the computer… Nor were any pornographic sites logged after her day of “teaching.” (Incidently, the computer in question was not removed from the classroom until several days later.) Why is it that the malware only became active when Ms. Amero was sitting at the computer?

Why didn’t she turn off the monitor? Throw a coat over it? Why did her students report that she simply sat at her computer for the entire period?

Finally, why hasn’t anyone actually published the transcripts of the case to reveal the details? The lead detective says:

“No one’s called or written me to ask for the facts. I have received a deluge of hate email and phone threats. I’ve returned the emails, offering the facts. I’ve returned calls to those who would leave their number, offering the facts. They just call me names and hang up. I offer the facts (in the form of recovered source code et all) to anyone who would request it. I’m not hard to find.
You have based your opinion on the disinformation fed to you by the media and by defense. As a result, the real victims have been forgotten and I have been the target of ridicule and death threats.
The verdict reached by a jury of the accused’s peers was just. The evidence presented in court was factual and forensically sound. The “clicked link” story has been turned into something other than what it is.
Once sentencing is done I intend on presenting the evidence to anyone who wants to know the truth, though I doubt the conspiracy mongers want the truth. I have explained the process of investigating these types of crimes to Network Performance Daily.
You may also read the tale spun by the Expert on the same site. I have the evidence to prove this charlatan is being less than truthful and I would appreciate someone demanding from him the source code containing the malicious active content of which he speaks. As for the trojans, viruses, worms, and adware he spoke of: what were they? when were they created locally? what do they do?? He didn’t say.
To all those of little faith who believe the Government (aka: BIG Brother) and its minions would conspire to persecute innocent, GOD fearing individuals for entertainment I say GET A GRIP.
Again, once sentencing is completed I would be very happy to share with you the evidence so that you are better able to form an educated opinion. Your missing 990 pieces of this 1000 piece puzzle.” - Mark Lounsbury

By Robert 2:57AM on 14 Feb 07

I am absolutely appalled in this day and age of technology that the answer isn’t obvious to everyone with the slightest experience with computers. I, too, shed tears for Ms. Amero and am outraged that “innocent until proven guilty” didn’t prevail.

Unfortunately, I know that she is telling the truth because almost the exact thing happened to me about 10 days ago. My husband googled “spyware” and shortly after that we had an ad for an antivirus program with pictures of graphic pornography become our homepage!!! Thank God that we discovered this and not our daughters. One of the pictures was a very young naked woman with a dog in a sexual position!! Very repulsive. I literally cried and had to leave the room and ask that my husband get rid of it. I wanted to throw the computer out the window. It can happen to anyone, uninvited. The whole thing is a tragedy.

By Susan 10:19AM on 14 Feb 07

‘Robert’ (above) asks, “Why is it that people are so willing to accept the story that students accesses [sic] a malware-laden website?”

It really doesn’t matter who accessed the malware-laden site. Even the Pope himself would have run into the same trouble considering that there is no way to definitively predict which sites contain malware before they are accessed, and on an unprotected PC, malware basically gets free reign to do what it wants anyways, despite what a user might do to attempt to curtail it.

Does Ms. Amero not have a computer in her home with many of the same “cookies” from these porno sites logged in?

What in the world does this have to do with anything? Her home PC was not on trial here.

Is it not true that Ms. Amero purposely went to dating websites…
not proven
… and her personal email accounts - in violation of district policy which forbid using school computers for personal entertainment? Is it not true that these accounts were accessed while Ms. Amero was to be teaching a class?

Let’s see - Substitute teachers tend to get called into a class at the last moment, usually due to some unforeseen circumstance (such as illness). Is it unreasonable (for example) to allow a teacher (who may not have been able to communicate with her spouse via other means) the chance to send a notification to her spouse that she’s been called out and will not be at home that day? As a husband, I’d sure like to know if my wife was unexpectedly going to be away from home for the day. And such notice could hardly be characterized as ‘personal entertainment’.

Is it not true that Ms. Amero, when interviewed by police, responded that she, “couldn’t remember” why she went to cookiemonster.com, eharmony.com, or tickle.com? Is it not true that there was less than 1 minute between Ms. Amero’s accessing of her personal AOL account and the offending “hairstyle” website?

These other sites could easily have been accessed automatically (without human intervention) by a compromised browser caught up in a popup storm. The timing of it all suggests that that is, in fact, just as likely.

Note too, that Ms. Amero didn’t notify anyone (not even the teacher that was logged in) of the incident?

Not true. There was testimony from at least one other teacher that Julie asked for assistance at the time it happened, and that she reported the incident to the vice principal of the school at the end of that day.

Why is it that the malware only became active when Ms. Amero was sitting at the computer?

An individual user has zero control over when and where malware will rear its ugly head on a compromised PC.

And concerning the quote attributed to Mark Lounsbury regarding some investigative work by “Network Performance Daily”, “I have the evidence to prove this charlatan is being less than truthful…” , I (and I’m certain many others) can’t wait to see this evidence.

Bring it on.

I predict it will simply be more evidence of shoddy police work, more shirking of responsibility by the school administration, and more evidence of inexcusable ignorance of technical matters within the legal system.

I hope this issue becomes the catalyst for an overhaul in the justice and education systems.

By Rob 3:54PM on 19 Feb 07

To anyone who yet blames Ms. Amero for this incident, I say hogwash. I spent five minutes researching this case, and I can tell you that I’ve heard enough.

I am willing to lay my livelihood on the line right now. A scan run on the computer in question absolutely will find multiple instances of various sorts of malware. This computer was a mess. It sounds exactly like something a client would bring me to fix. Once, and once only, because after that I would insist that it was time to get a new PC (Windows 98 is over, time to move on), and I would kit it out with all the anti-nonsense security software they’d need.

This is a travesty and a stupid, stupid disaster. I do hope that it does not stand.

By Derrill 4:52PM on 19 Feb 07
Post your response

Ground rules for posting comments:

1. No profanity or personal attacks.
2. Please comment on the subject of the blog post itself.
3. If you do not follow these rules, we will remove your post. Keep it civil, folks!

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)
Your name (required
Your email address (required)
Your web address
Remember personal info?

Comments: (you may use HTML tags for style)
Learning.Now via Email

What's this?
Subscribe Unsubscribe
RSS: Get a News Feed
Archives
Search Learning.Now