Thursday, February 01, 2007

Was This Teacher "Framed" By A Computer Run Amok?

Former substitute teacher Julie Amero has been tried and convicted of allowing seventh graders to view pornographic material in her Connecticut classroom. Amero faces up to 40 years in the slammer.

Proclaiming her innocence, Amero says that it was the popups: (
via Huffington Post)
On October 19, 2004, Julie Amero arrived at Kelly Middle School to teach a 7th grade language arts class. Mr. Matthew Nett, the class's regular teacher, logged Amero into the classroom computer and left, warning her not to turn the machine off.

Amero let the students surf the web for a few minutes. The kids visited several innocuous sites including an innocent-looking page on hair styles. Suddenly, pornographic popups started to fill the screen. Soon, the machine was frozen in an endless porn loop.

Nobody in that classroom clicked on any porn that day. The popups were generated automatically by a piece of malicious code from the hair site. Readers with a technical bent can learn exactly how the malware hijacked Amero's computer from defense expert Herb Horner and security consultant Alex Eckelberry.

Amero immediately got the students away from the computer. She even pushed one student's face away when she caught him looking at the monitor.

Amero had no idea that this computer was full of malicious software (malware). Nor did she realize that the school's content filter license had expired, leaving the computer completely unprotected from malware and obscene content. All she knew was that she'd been told not to turn the computer off. So, she did her best to keep the kids away from the monitor.

A few weeks later, Amero was arrested and charge with multiple felonies.

At trial, a police witness for the prosecution claimed that Amero must have "physically clicked" on porn links to generate the popup storm. In fact the software that the police used to analyze Amero's hard drive cannot distinguish between a user's clicks and automatic redirects caused by malicious software. Under cross-examination the officer admitted that he never even checked for malware.

The defense's expert witness performed an independent forensic analysis of the computer and found that it was infected with multiple pieces of malicious code, including the script from the hairdressing site that spawned all those popups.

The jury didn't get to hear most of the defense expert's testimony because Amero's attorney failed to bring up malware during the discovery phase of the trial.

On January 5, 2007 a Norwich jury found her guilty on four counts of "injury or risk of injury to, or impairing morals of, children." Each count carries a maximum sentence of 10 years in prison. It seems unlikely that Amero will get the maximum sentence, jail remains a very real possibility. Felony convictions could also end Amero's career as a teacher. She will be sentenced on March 2.

Amero will appeal her conviction.
Read more from The Washington Post's Brian Krebs here.

So... who, if anyone, should be held accountable? The substitute teacher, or the individual who allowed the school's filter license to expire causing the protective firewall to go down?

Or should the whole thing be considered an awful accident in which punishment should not be sought but lessons should be drawn?

You make the call.
--------------------------------
See our latest EduPosts.