I suppose it's remotely possible the charges are valid. But the story doesn't add up. It seems far more plausible from the accounts I'm reading that this woman, who had no prior criminal record and a clean teaching history, was using an insecure edition of Internet Explorer and was hit with an adware infestation she didn't know how to deal with.
Some reports indicate the teachers at this school were prohibited by policy from turning off school computers, which would answer the "why didn't she just shut down the PC?" questions. Amero testified that she told four other teachers and the school's assistant principal about the popup problem, and nobody responded with help. The school's internet filter license had expired, and the detective in the investigation was quoted in one local paper's account as saying "there was no search made for adware, which can generate pop-up advertisements". So if that's true, and the arguments of the defense are valid -- wow, 40 years in jail for using a lame browser? Insane. That's more time than some convicted murderers get.
And beyond the question of what constitutes justice for Ms. Amero, how might this ruling affect other teachers using computers with children? Will some teachers limit their use of technology in the classroom, fearing greater liability risks if porn they didn't ask for shows up on an unsecured, school-owned PC?
Julie Amero, 40, of Windham, was convicted Friday on four counts of risk of injury to a minor in connection to pornography the students saw on her computer screen. Prosecutors said sexually graphic computer images she accessed were seen by several of her Kelly Middle School students in October 2004.Link to AP item. Amero is scheduled to be sentenced on March 2.
During the trial, Amero said any inappropriate images on her computer screen were from adware, which can generate pop-up ads and not from sites specifically keyed. Prosecutor David Smith contended Amero physically clicked onto the graphic Web sites, which included meetlovers.com and femalesexual.com.
Ben Edelman's blog has a good entry on how adware infestations work -- in particular, the kind that generate sexually explicit content: Link.
Previously on BoingBoing:
Reader comment: Jonathan says,
I'm not sure if you noticed this: the Norwich Bulletin article had a VERY troubling quote on it -- the prosecution used an expert witness that said a highlighted link was proof that the accused had clicked on the URLs.Technocrat says,
That is simply not true. The expert witness is either lying or a fucking idiot. Visited links are highlighted if a browser had ever loaded a URL-- I've yet to find a browser that highlights visited links on a "source | destination" basis -- every one i've ever encountered highlights links on "destination" alone.
I made a quick demo over here to illustrate my point: Link.
I'm the Technology Coordinator for a school district in Illinois, and would like to point out that if the school's internet filters are expired, they no longer are in compliance with the Child Internet Protection Act. This makes them ineligible for federal funding for telecommunications/computer monies (including 20-90% discounts on specific network/servers/internet connections under the E-Rate program, not to mention being held liable as an organization for anything exposed to minors.) Since we're currently in the e-Rate window for 2007-2008, an admission that they don't have proper internet filters very well could make them ineligible for e-Rate, which translates to a very sizable amount for any school. If they apply for e-Rate anyway (and part of the process is guaranteeing that you comply with CIPA), they can be kicked out of the program!Brett Osborne says,
In any case, the school is required to have filters by law and in order to be eligible for e-Rate, so if they let the filters expire, they're going to have quite the mess on their hands.
I'm a certified information security professional. From the Norwich Bulletin article, I also see obvious problems with both "experts" for defense and the detective.
Of course I haven't seen the transcript. But there appears to be significant factual problems.
I've found the defense lawyer's information on FindLaw.com.
During the time frame of the alleged offence, one only needs to go to any antivirus company list, bugtrack, microsoft technet security, or any of about 25 other sites that I use to show the state of windows (patches, SP, etc.) and malware in the wild. This is simple (very) forensic reconstruction.
I doubt that Amero should have been charged let alone convicted. The fact that there was no up to date anti-virus/anti-spyware alone tells me that it was not a question of if it was an infection/intrusion.
And the apparent fact that the licences were allowed to expire would be significant enough to remove any culpability from Amero. If anyone were to be culpable, I would believe that the school administration should be at fault (this is a moral and ethical judgement, not a legal one). Isn't it the protection of the children their responsibility?