Digg this story   Add to del.icio.us   (page 2 of 7 ) previous  next 
Mouse-Trapped
Mark Rasch, 2007-02-12

Story continued from Page 1

This is where the evidence gets fuzzy. The State’s Attorney, David Smith reportedly told the jury, "You have to physically click on it to get to those sites." Other times he appears to have gone further, and suggested not only that Amero clicked on the URLs, but that she physically typed them in. Oh really? The theory that Amero deliberately typed the URL’s into the computer is the same idea as that expressed outside the courtroom by school officials, like Norwich Schools Superintendent Pam Aubin who reportedly said, "This wasn't just [someone clicking on] popups [advertisements]."

Pop-ups are irrelevant to forensics?

Others have suggested that Amero’s crime was not deliberately going to porn sites, but simply failing to prevent the pop-ups from being seen by the students. Indeed, this may have been the government’s theory as well, or an alternate theory that the government came up with after the defense tried to show the existence of pop-ups and spyware. The prosecutor told the jury that Amero was guilty of exposing the children to pornography because she “should have thrown a sweater over the monitor” as a means of protecting the students. The angora defense? This despite the fact that as at least one student testified, the substitute teacher "physically reached up and pushed his face away from her computer."

Indeed, it is possible that the statute permits conviction for merely “permitting” a child to be placed in a situation that might impair their morals. So did the jury convict her for merely pushing the kids away and not yanking the extension cord? It is impossible to say. We all know that Microsoft Windows almost yells at you if you try to turn of your computer this way (well, at least when you reboot) – and that this kind of hard reboot can not only lose important data but can potentially damage the spinning hard drive.

There are significant forensic reasons not to simply unplug a misbehaving computer. Sure, the question now is whether there was malware, spyware, pop-ups, or possible a Trojan horse on the computer. But what if the computer was being actively attacked, through a Trojan or back-door? Turning off the CPU likely would prevent the tracking needed to find the source of the attack. Unplugging the computer, for example, would prevent the creation of certain registry entries that are created only when, for example, the browser is closed properly – such as the registry entry indicating what URLs were typed into the browser – an important evidentiary issue in this case.

The decision about how to respond to this “incident” should not be left exclusively to the substitute teacher, and she should not be faulted – much less prosecuted – for not yanking the cord. There are conflicting reports about how long she kept the offending computer on, with Fox News’ Bill O’Reilly reporting that the computer was left on all day, although it is not clear if the monitor remained visible to the students the whole time, and there is no allegation that there was porn on the computer for anything other than the few minutes after around 9 AM. Apparently neither she, nor any other faculty member, administrator or the principal or assistant principal ever considered just turning off the monitor – assuming that this was easy to do. Amero probably didn’t turn off the monitor because she wanted to keep surfing.

Even the local newspaper, calling her acts “disgusting and merit[ing] punishment,” failed to distinguish whether Amero’s crime was going to pornographic websites in the presence of minors, or just not reacting properly when the pop-ups started coming, noting that Amero “. . . was accused and convicted of intentionally accessing several pornographic sites - not pop-up ads or windows, as she suggested. And she did not turn off the computer when the students saw the images.” OK. Which one was it? If they can’t distinguish which crime she was convicted of, how could the jury?

Story continued on Page 3 



Mark D. Rasch is an attorney and technology expert in the areas of intellectual property protection, computer security, privacy and regulatory compliance. He formerly worked at the Department of Justice, where he was responsible for the prosecution of Robert Morris, the Cornell University graduate student responsible for the so-called Morris Worm and the investigations of the Hannover hackers featured in Clifford Stoll’s book, "The Cuckoo’s Egg."
    Digg this story   Add to del.icio.us   (page 2 of 7 ) previous  next 
Comments Mode:
Mouse-Trapped 2007-02-12
Matthew Murphy
Mouse-Trapped 2007-02-13
Anonymous (1 replies)
Re: Mouse-Trapped 2007-02-13
Anonymous
Mouse-Trapped 2007-02-13
Anonymous
Mouse-Trapped 2007-02-13
Frank Krasicki (2 replies)
Re: Mouse-Trapped 2007-02-14
Mark D. Rasch
Re: Mouse-Trapped 2007-02-15
Elc0chin0
Mouse-Trapped 2007-02-13
Anonymous (6 replies)
Re: Mouse-Trapped 2007-02-13
Anonymous (1 replies)
Re: Re: Mouse-Trapped 2007-02-15
Anonymous
Re: Mouse-Trapped 2007-02-13
Dr. Anonymous (2 replies)
Re: Re: Mouse-Trapped 2007-02-14
Mark D. Rasch
Re: Re: Mouse-Trapped 2007-02-14
Elc0chin0
Re: Mouse-Trapped 2007-02-14
Anonymous (1 replies)
Re: Mouse-Trapped 2007-02-14
Anonymous
That arguement makes no sense 2007-02-14
Anonymous (1 replies)
Re: That arguement makes no sense 2007-02-14
ElC0chin0
Mouse-Trapped 2007-02-14
Anonymous
Mouse-Trapped 2007-02-15
Anonymous
Mouse-Trapped 2007-02-15
Negrodamus
Proxy missing? 2007-02-15
Anonymous
Mouse-Trapped 2007-02-17
Anonymous
Daniel Axelrod 2007-02-18
Anonymous
Mouse-Trapped 2007-02-21
FreewheelinFrank (2 replies)
Re: Mouse-Trapped 2007-02-21
FreewheelinFrank
Re: Mouse-Trapped 2007-02-22
Anonymous (1 replies)
Mouse-Trapped 2007-02-24
Mihaela Lica
Typed URL's 2007-02-26
DL_Zero
Mouse-Trapped 2007-08-07
Anonymous
Mouse-Trapped 2008-07-29
Cate Groves


 

Privacy Statement
Copyright 2010, SecurityFocus