tag:blogger.com,1999:blog-65889583590699538222024-03-08T10:21:00.379-05:00The Julie GroupWhile a small bird attempts to save a burning forest, engaged in a seemingly futile mission, she flies back and forth from the river dripping water from her beak. As the lone bird is running out of energy, the Buddhist gods, representing a compassionate function in the universe, see her desperate efforts and are so moved by her sincerity that they begin to cry. The "rain" of their tears extinguishes the fire and the forest survives.
- A Buddhist parableThe Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.comBlogger25125tag:blogger.com,1999:blog-6588958359069953822.post-89528612351135306252010-05-18T19:08:00.005-05:002010-05-18T19:18:27.399-05:00OnStar ReduxBack on October 12, 2007, we posted a piece <a href="http://thejuliegroup.blogspot.com/2007/10/should-onstar-shut-your-car-down.html">Should OnStar Shut Your Car Down?</a> on this blog. Well, lo and behold, the New York Times just reported this past Friday that,<br /><br />"Automobiles, which will be increasingly connected to the Internet in the near future, could be vulnerable to hackers just as computers are now, two teams of computer scientists are warning in a paper to be presented next week." (See <a href="http://www.nytimes.com/2010/05/14/science/14hack.html?ref=science">Cars’ Computer Systems Called at Risk to Hackers</a> by John Markoff, May 14, 2010, web version May 13, 2010.)<br /><br />The two groups found that, "they were able to remotely control braking and other functions," and "the car industry was running the risk of repeating the security mistakes of the PC industry" (before PCs became widely networked and there were relatively few security incidents).<br /><br />The stuff they could do was really scary,<br /><br /><blockquote>"We demonstrate(ed) the ability to adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.”<br /></blockquote><br />Can you imagine what it would be like to be in a car traveling at high speed while being subjected to such an attack?<br /><br />And what would happen when you had to answer to the cops if you somehow survived? Well, the researchers<br /><br /><blockquote>"also demonstrated what they described as 'composite attacks' that showed their ability to insert malicious software and then erase any evidence of tampering after a crash"</blockquote><br />Oh boy! Things look bad. But how could a malicious hacker get access to your car's electronics when your car is not connected to the internet? Well, the Times article pointed out that, "Wireless connections are increasingly becoming available in a wide range of automobiles," and it singled out "services like the OnStar system from General Motors (which) now report(s) vehicle position and diagnostic information to the manufacturer."<br /><br />In our original OnStar post, we asked for legitimate security researchers "to try to hack into OnStar (and other systems) just to find out how easy or hard it is to do."<br /><br />The good news is that security researchers have started to do just that. The bad news is that it turns out to be easy to do. Toyota and GM and other automobile manufacturers, TAKE NOTICE.<br /><br />The researchers report is <a href="http://www.autosec.org/">Experimental Security Analysis of a Modern Automobile</a>, and will be presented at a computer security conference this week in Oakland California.<br /><br /><span style="font-size:85%;"><span style="font-style: italic;">The opinions expressed in this post are those of the author and should not be interpreted as an official position of The Julie Group.</span></span><br /><br />--Chip NevilleThe Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com0tag:blogger.com,1999:blog-6588958359069953822.post-61083258206490714392010-01-14T20:25:00.002-05:002010-01-14T20:31:50.711-05:00Haiti Earthquake Donation ScamsTom Kelchner, Sunbelt blogger, is reporting on malware that's targeting Haiti Relief efforts.<br /><br />Schools and community organizations who are collecting relief funds or encouraging donations should caution everyone to be sure of the legitimacy of the web sites claiming to offer aid.<br /><br />The Sunbelt blog link is here: http://sunbeltblog.blogspot.com/<br /><br />As an ethical disclaimer, Alex Eckelberry, one of the founding members of The Julie Group is an executive at Sunbelt Software. Nonetheless, the warnings on that blog are worth noting.<br /><br />- krasickiThe Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com0tag:blogger.com,1999:blog-6588958359069953822.post-77107404237846742302009-09-27T16:50:00.004-05:002009-09-27T17:42:31.631-05:00Poorly Written Law, Chemical Neurowarfare, and HackingThe intersection of recent technological advances and law are troubling.<br /><br />YouTube documentation of the treatment of college students in Pittsburgh during the G20 summit raise serious questions about legislation that allows unconstrained, maliciously cruel, and disproportionate crowd control tactics to be used against unarmed civilian populations.<br /><br />If we have learned in recent months that corporate behavior that goes unregulated can lead to disastrous social and economic consequences then just as surely we are witnessing warning signs that government empowered by ambiguous law and selective prosecution can strangle, intimidate, and muzzle constitutionally protected free speech.<br /><br />The Stanford Law and Biosciences blog entry called, <a href="http://lawandbiosciences.wordpress.com/2009/09/03/militarized-neurotechnology-incapacitating-chemical-agents-2/">Militarized Neurotechnology: Incapacitating Chemical Agents by Kelly Lowenburg</a> is a siren call.<br /><br /><blockquote><span style="font-style:italic;">Two recent pieces in Nature, an opinion and an editorial, discuss how non-lethal neuroactive chemical agents have been used by military forces (e.g. fentanyl-induced unconsciousness) and speculate about the potential development of more non-lethal weaponized chemicals (drug-induced lack of aggression, oxytocin-induced trust). Although using these chemical agents is prohibited by the Chemical Weapons Convention, an exception allows their use by law enforcement, for example, in domestic riot control (which may or may not include intrastate military actions).</span></blockquote><br /><br />And Kelly goes on to ask:<blockquote><span style="font-style:italic;">The divergent views on policy regarding incapacitating neuroactive chemicals leads me to ask, what about these chemicals makes them more alarming than other weapons? An understanding about why incapacitating chemical agents are uniquely worrisome should inform how they will be regulated.<br /><br />Is it that they are difficult to defend against and therefore more effective? Is this a problem even though these weapons create non-lethal alternatives in otherwise deadly situations? Or is our real concern that, by incapacitating, they facilitate brutality toward a defenseless prisoner? If so, then the conversation should be about illegal soldier/police abuse, not the chemical agents themselves. Or is there something inherently unacceptable about militarized neuroactive chemical agents? Is acceptability determined by the intended effect (temporary unconsciousness)? By the mechanism (manipulating the brain)? By the amount of pain (fentanyl was developed as an anesthetic, so likely none)? By the size of its therapeutic index and how safe it is (when used to end a siege in a Moscow theater, fentanyl-derived gas killed 124 of the over 750 hostages)?<br /><br />Should the Chemical Weapons Convention be amended to prohibit the use of incapacitating chemical agents by law enforcement? Or to permit their use by the military? Does permitting them in either context place us at the tip of a too steep slope of biological weapons with more prolonged and devastating effects (attacking fertility or the immune system)? Or does it save lives?</span></blockquote><br /><br /><br />The questions are both urgent and critical in light of a recent 'hacking' conviction in Ohio.<br /><br />Kim Zetter authored a Wired article called, <a href="http://www.wired.com/threatlevel/2009/05/court-upholds-hacking-conviction-of-man-for-uploading-porn-pics-from-work-computer/">Court Upholds Hacking Conviction of Man for Uploading Porn Pics from Work Computer</a>.<br /><br />She describes the case;<blockquote><span style="font-style:italic;">An Ohio appellate court has upheld the felony hacking conviction of a man who was found guilty of unauthorized access for misusing his computer at work.<br /><br />Richard Wolf acknowledged that his behavior was inappropriate when he used his work computer to upload nude photos of himself to an adult web site and view other photos on porn sites, but he didn’t think he should be convicted of hacking for doing so.<br /><br />A jury disagreed and felt he exceeded his authorization on the computer, which the appellate court recently upheld (.pdf).<br /><br />Mark Rasch, a former federal prosecutor of computer crimes, called the conviction a misuse of the computer hacking law.<br /><br />“This goes to the whole concept . . . that violation of an internal policy on the use of a computer can be piggybacked to make a crime,” said Rasch, who now works as a consultant for Secure IT Experts. “His uploading of nude pictures is certainly inappropriate and something he could be terminated for, but it was perfectly legal. When you use the heavy hand of the criminal law to prosecute inappropriate behavior, it’s just an abuse of the criminal statutes.”<br /><br />Wolf was also convicted of soliciting a dominatrix online for sexual services, a misdemeanor. Rasch says using the computer evidence for proof of this crime is appropriate, but charging him separately for felony hacking goes too far.<br /><br />Rasch said the problem stems from an amendment that was made to the federal Computer Fraud and Abuse Act — the federal anti-hacking law — that states have added to their own statutes.<br /><br />“The early statute only talked about unauthorized access — which is breaking into computer,” he said. “But then they amended it to say ‘or exceeding the scope of authorization to access a computer’.”</span></blockquote><br /><br />Richard Wolf may be guilty of many things but the inappropriate application of a computer hacking law targeting malicious hacking of machines is judicial malfeasance. So much so, that the courts need declare such laws unconstitutional and reject them not only for their blanket indifference to criminal behavior but for their dysfunctional effect on regulating such behaviors.<br /><br />The vigilance of courts in ensuring the veracity of the claims of criminality against individuals must increasingly become a function of such prosecutions. Poorly written technology law must not be tolerated. In an age of mind-numbing technological change, the judicial branch of government must defer to and insist on clear and unambiguous language and appropriate application of law.<br /><br />The concept of hacking is rapidly evolving from the quaint confines of computers and entering the realm of genetics and human self-determinism. The laws governing illegal activity concerning malicious modification to processes, machines, and human activity need to be re-examined and refined not by the politics of pornography, unbridled military industrial enthusiasms, or provincial social engineering tyrants.<br /><br />Criminal behavior needs to be distinctly defined rather than broadly implied. And the governments of this world whose resources are unlimited in relative comparison to its citizenry must be constrained from loosing technology in its most punishing and draconian abuse against the inalienable rights of men and women.The Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com0tag:blogger.com,1999:blog-6588958359069953822.post-40563114657376062082008-11-22T18:00:00.001-05:002008-11-22T18:00:15.365-05:00Julie Amero: Unjust Justice<div xmlns='http://www.w3.org/1999/xhtml'>The felony charges against Julie Amero have been dropped. Instead of facing prison, she was allowed to surrender her teaching license, pay a $100 fine, and plead to a misdemeanor charge of disorderly conduct.<br /><br />I am thrilled that Julie Amero has no more charges hanging over her head. And she is thrilled, too. But you should know that no justice was done here. None whatsoever.<br /><br />Justice would have been full exoneration with a deep, heartfelt apology from the prosecutor for not fully investigating the possibility that malware had infected the computer in the classroom where she was substituting.<br /><br />Justice would have been a public statement from the prosecutor and Mark Lounsbury, the so-called police forensic "expert" who gave false testimony in her trial.<br /><br />Justice would have been a proper investigation at the outset before she lost her baby, her reputation, her job, and ultimately, her good health.<br /><br />Justice would have been placing the responsibility for the whole debacle at the feet of the school network administrator who did not have a full version of anti-virus or anti-spyware software installed, had almost no security policies in place, and hadn't updated the virus definitions on what was on the computer for over three months.<br /><br />Justice would be seeing the jerks who create malware thrown in jail with the key thrown out, forced to watch the same pornographic images they fed to unwitting PC owners over, and over, and over again, while handcuffed behind their back. <br /><br />Julie Amero was hospitalized last week for symptoms relating to stress and a possible heart condition. Just four short years ago she was looking forward to the birth of her child and a life with her husband in a community she loved. She enjoyed substitute teaching, loves kids, was well-liked by the students in the school where she taught, and had prospects for a nice, quiet, drama-free life.<br /><br />One day substituting in a classroom with a badly-infected computer changed her life, her future, and her career. <br /><br />I went ballistic when I read <a href='http://blogs.courant.com/rick_green/2008/11/connecticut-drops-felony-charg.html#more'>this</a> a few minutes ago:<br /><br /><blockquote>But since that dramatic reversal, local officials, police and state prosecutors were unwilling to admit that a mistake may have been made -- even after computer experts from around the country demonstrated that Amero's computer had been infected by "spyware."<br /><br />New London County State's Attorney Michael Regan told me late Friday the state remained convinced Amero was guilty and was prepared to again go to trial.<br /><br />"I have no regrets. Things took a course that was unplanned. Unfortunately the computer wasn't examined properly by the Norwich police," Regan said.<br /><br />"For some reason this case caught the media's attention,'' Regan said.</blockquote><br /><br />So that we're clear, it didn't catch the media's attention "for some reason". It caught the media's attention and the attention of forensic experts across the country because they all KNEW that typical behavior of a PC infected with malware is exactly what happened to Julie Amero in that classroom on that day. They were utterly appalled when she was convicted on those four counts of endangering the morals of a minor.<br /><br />They saw unjust justice.<br /><br />They saw Mark Lounsbury flat-out give testimony to falsehood. I am not saying that Lounsbury testified that way out of malice. I do, however, think he was untrained, had very little knowledge of viruses and spyware, and a full-blown ego that didn't allow for the possibility he was wrong.<br /><br />They saw an investigation with very little process or integrity.<br /><br />They saw Julie. And they knew this was not a woman who would walk into a classroom, boot up a computer, and start surfing porn sites in the middle of class.<br /><br />They saw the truth. And when they saw it, they knew they couldn't sit idly by and watch an innocent person go to jail when the truth had not been told.<br /><br />Experts, lawyers, and loudmouthed bloggers like me said "Not this time." They stepped up, they gave their time and expertise for free, and the loudmouthed bloggers started doing what we do best -- blogging it. Telling the truth. Telling those who want the real story to come over here and read about what really happened.<br /><br />It is unfortunate that politics, or ego, or self-righteous certitude prevents Mr. Regan from understanding what everyone who has ever had a PC without the proper virus protection knows: <span style='font-weight: bold;'>Without proper anti-virus and spyware protection, your computer and maybe even your life is at risk.</span><br /><br />Regan's pronouncement of his certainty of her guilt speaks to his ignorance and unwillingness to learn the facts of this case, and the facts of what PC viruses can do to a computer and in some cases, a life.<br /><br />Julie Amero should have her teaching certificate back. She should have her hundred dollars back. She should be compensated for malicious prosecution. She should have her child in her arms.<br /><br />She should. But she doesn't. Because a prosecutor thinks he knows it all, and has listened to a cop with enough information to be dangerous but no facts with which to be right.<br /><br />Julie deserves better. But she accepts gratefully what she got. I only wish I could do the same.<br /><br />More information and posts about Julie's case can be found <a href='http://www.drumsnwhistles.com/tag/julie-amero/'>here</a>.</div>Karolihttp://www.blogger.com/profile/16709478610875267603noreply@blogger.com12tag:blogger.com,1999:blog-6588958359069953822.post-58251252822926940742008-10-04T15:55:00.001-05:002008-10-04T15:56:21.465-05:00Star Simpson UpdateAn interview with Star Simpson from Boing Boing TV. Simpson has left MIT.<br /><br /><object id="ep_player" name="ep_player" height="390" width="480" data="http://cdn.episodic.com/player/EpisodicPlayer.swf?config=http%3A%2F%2Fcdn.episodic.com%2Fshows%2F21%2F164%2F10%2Fconfig.xml" type="application/x-shockwave-flash"><param name="movie" value="http://cdn.episodic.com/player/EpisodicPlayer.swf?config=http%3A%2F%2Fcdn.episodic.com%2Fshows%2F21%2F164%2F10%2Fconfig.xml"><param name="AllowScriptAccess" value="always"><param name="allowfullscreen" value="true"></object>The Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com2tag:blogger.com,1999:blog-6588958359069953822.post-70805090964495580912008-08-26T19:14:00.004-05:002008-08-26T19:22:49.638-05:00Justice for Julie Petition Tops 1,000THE <a href="http://www.thepetitionsite.com/57/Justice-for-Julie-Amero">JUSTICE FOR JULIE</a> PETITION REACHED 1,000 SIGNATURES a few days ago, and is now closed. We presume it will be sent on to Chief State's Attorney Kevin Kane, Thomas Griffin, and the various State's Attorneys in Connecticut. Thanks to all who signed.<br /><br />FREE JULIE NOW!<br /><br /><span style="font-size: 85%;">The opinions expressed in this post are those of the author and should not be interpreted as an official position of The Julie Group</span>.<br /><br />--Chip NevilleThe Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com0tag:blogger.com,1999:blog-6588958359069953822.post-40416835257635064322008-08-19T18:19:00.015-05:002008-08-19T18:42:24.246-05:00Julie Amero: 432 Days, No Resolution. StillWe're just going to re-post <a href="http://www.drumsnwhistles.com/2008/08/19/julie-amero-432-days-no-resolution-still/">today's blog piece</a> by Karoli Kuns:<br /><span style="font-size:180%;"><br />Julie Amero: 432 Days, No Resolution. Still</span><br /><br />Or, as Rick Green said so well today, <a href="http://www.drumsnwhistles.com/?s=julie+amero">Julie Amero</a> is <a href="http://mt.courant.com/rick_green/2008/08/julie-amero-held-hostage-day-4.html#more">held hostage</a> for 432 days.<br /><br /><blockquote>I’m <a href="http://www.courant.com/news/local/columnists/hc-rgreen0708.artjul08,0,2843628.column">waiting</a> for the state to admit that this poor substitute teacher should never have been arrested, tried and convicted. I’m waiting for prosecutors in Norwich to do something: come up with some real evidence and try her — or drop the charges. Amero’s supporters, who include Internet security experts from around the country, have a <a href="http://www.thepetitionsite.com/57/Justice-for-Julie-Amero">petition</a> urging Chief State’s Attorney Kevin Kane to drop all charges.</blockquote><br /><br />Perhaps the citizens of Norwich should tie yellow ribbons around their trees. It might even be more effective for them to ask their law enforcement officials to focus on real criminals and let the innocent be.<br /><br />Please <a href="http://www.thepetitionsite.com/57/Justice-for-Julie-Amero">sign the petition</a>. It’s time for Julie Amero to be freed from the chains she’s worn for 432 days.<br /><br />And thank you, Rick Green, for being a responsible voice for justice.<br /><br />--Chip Neville (quoting Karoli Kuns blog piece from today in its entirety)<br /><br /><span style="font-size:85%;">The opinions expressed in this post are those of the author and should not be interpreted as an official position of The Julie Group.</span>The Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com1tag:blogger.com,1999:blog-6588958359069953822.post-57969913032006894382008-07-20T20:32:00.004-05:002008-08-19T18:18:30.989-05:00And She Still WaitsJulie Amero is still waiting for word that she will be retried or her case dismissed. Meanwhile, there is a moving piece by Wes on the Julie Amero blog <a href="http://julieamer.blogspot.com/">here</a>. And please don't forget to sign the petition <a href="http://www.thepetitionsite.com/57/Justice-for-Julie-Amero">here</a>.<br /><br /><span style="font-size:85%;">The opinions expressed in this post are those of the author and should not be interpreted as an official position of The Julie Group</span>.<br /><br />--Chip NevilleThe Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com0tag:blogger.com,1999:blog-6588958359069953822.post-82016752160547060792008-07-20T20:24:00.003-05:002008-08-19T18:17:26.831-05:00Julie Amero PetitionA plea to the Connecticut's State's Attorneys. Please sign.<br /><br />Link <a href="http://www.thepetitionsite.com/57/Justice-for-Julie-Amero">here</a>.<br /><br /><span style="font-size:85%;">The opinions expressed in this post are those of the author and should not be interpreted as an official position of The Julie Group</span>.<br /><br />--Chip NevilleThe Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com0tag:blogger.com,1999:blog-6588958359069953822.post-47920566375434672692008-07-10T10:48:00.003-05:002008-07-10T10:57:26.915-05:00Julie Amero Still WaitsNoted security exert Alex Eckelberry and Hartford Courant Columnist Rick Green report that Julie Amero's case is still on the trial docket in Connecticut. Details are <a href="http://sunbeltblog.blogspot.com/2008/07/julie-amero-situation-over-one-year.html">here</a> and <a href="http://www.courant.com/hc-rgreen0708.artjul08,0,1673816.column">here</a>. It is disappointing that 13 months after it was conclusively proved that Julie was the victim of adware and spyware, and 13 months after she was granted a new trial on this basis, the case still drags on. But the best and most optimistic scenario is that her legal team is negotiating with the State as you read this. (We don't actually know, in fact we are as much in the dark as you.) But if this scenario is correct, things may be in a delicate state right now. So we would ask bloggers to be extremely restrained in their comments. In other words, if you must blog, please follow the sage advice, "Don't PO the prosecutor, don't PO the judge."<br /><br /><span style="font-size:85%;"><span style="font-style: italic;">The opinions expressed in this post are those of the author and should not be interpreted as an official position of The Julie Group</span></span>.<br /><br />--Chip Neville<br /><br />Notes added:<br /><br />The Hartford Courant has a new editorial <a href="http://www.courant.com/news/opinion/editorials/hc-amero.artjul10,0,3294514.story">here</a>. California journalist and blogger Karoli Kuns has a new piece <a href="http://www.drumsnwhistles.com/2008/07/10/julie-amero-one-year-later-still-no-liberty-or-justice/">here</a>.The Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com0tag:blogger.com,1999:blog-6588958359069953822.post-38448087946268938412008-06-16T21:40:00.003-05:002008-06-16T22:17:58.263-05:00The Effects of Justice Delayed<a href="http://www.bostonherald.com/news/regional/general/view/2008_06_16_Ex-official_readies_suit_over_bogus_child_porn_rap/srvc=home&position=7">An article in the Boston Herald by Laurel J. Sweet entitled <span style="font-weight:bold;">Probe shows kiddie porn rap was bogus</span></a> is a sobering reminder of how certain accusations are as bad and worse than being found guilty of more pedestrian crimes.<br /><br />Michael Fiola's ordeal within the justice system well documents what Julie Amero's and other's lives are like as they await her day of vindication.<br /><br />The disastrous effect of rogue virues and malware on the lives of unsuspecting, innocent citizens across this country is incalculable. As you read this article, imagine a family member of yours getting caught up in a judicial system quick to punish, unwilling to seek out truth, and slow to absolve.<blockquote><span style="font-style:italic;">Nationally recognized computer forensic analyst Tami Loehrs told the Herald Michael Fiola’s ordeal was “one of the most horrific cases I’ve seen.”<br /><br />“As soon as you mention child pornography, everybody’s senses go out the window,” she said.<br /><br />Loehrs, who spent a month dissecting the computer for the defense, explained in a 30-page report that the laptop was running corrupted virus-protection software, and Fiola was hit by spammers and crackers bombarding its memory with images of incest and pre-teen porn not visible to the naked eye.<br /><br />Two forensic examinations conducted by the state Attorney General’s Office for the prosecution concurred with that conclusion, Wark said.<br /><br />Still, Fiola, 53, whose wife, Robin, described as “computer-illiterate,” wants his day in court. He intends to sue the DIA for “destroying our lives.”<br /><br />“Our lives have been hell,” said Fiola, a former state park ranger now living in Rhode Island. “I hope to recover my reputation, but our friends all ran.”<br /><br />- snip-<br /><br />“There is no evidence to support the claim that Michael Fiola was responsible for any of the pornographic activity,” she wrote.<br /><br />All the porn, she said, was located in the laptop’s cache, a computer feature that stores copies of Web pages. Consistently, Loehrs’ findings noted, there was “no apparent origin or user interaction preceding the pornographic activity,” some of which was downloaded “fast and furious.”</span></blockquote>Citizens all over the country work on computers whose connections continue to be insecure due to expired anti-virus subscriptions or absence or lack of adequate anti-spyware and anti-malware software.<br /><br />Yet in far too many cases, employers, police, and crazed fellow citizens are quick to assume that the people accused of <span style="font-style:italic;">possessing unlawful images</span> must be guilty of something far more nefarious no matter what the evidence, their peer relationship, or common sense might indicate to the contrary.<br /><br />The combination of manufactured and magnified fear, a relentless and mindless moral extremism, and poorly drafted laws that eliminate common sense are creating an ethical nightmare that threatens the very rule of law and guarantee to a fair trial for those falsely accused.<br /><br />The judicial branch of government needs to reassess the concept of possession and intent in the virtual realms where the transfer and location of data and content may be wholly co-incidental to anything a real person on a given computer is actually responsible for.<br /><br />Julie Amero and Michael Fiola are just two very visible examples of the need for more sophisticated law and guidance in cyberspace criminal proceedings.The Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com4tag:blogger.com,1999:blog-6588958359069953822.post-54848422486340893672008-06-15T16:08:00.005-05:002008-06-15T16:51:28.932-05:00The Star Simpson ResolutionA number of members of the Julie Group were paying attention to protracted case of Star Simpson. Of interest was how the judicial system in Massachusetts would handle the case of a college student sporting a decorative wearable computing device that was mistaken as a potential terrorist threat by local airport authorities.<br /><br />Mit's The Tech newspaper in an article called, <a href="http://www-tech.mit.edu/V128/N27/simpson.html"><span style="font-weight:bold;">Star Simpson Receives Pretrial Probation</span><br />by Joyce Kwan</a> reported,<blockquote><span style="font-style:italic;">An East Boston District Court judge sentenced Simpson to one year of supervised pretrial probation on a charge of disorderly conduct and ordered her to perform 50 hours of community service, half of which much be completed with veterans, and to publicly announce that she had made a mistake.<br /><br />“I want to apologize for the results of my conduct on September 21, 2007. Although I never intended to act in a disorderly fashion, I now realize that the shirt I created caused alarm and concern at Logan Airport,” Simpson said in a statement released Monday by her attorney, Thomas E. Dwyer, Jr. “I am appreciative to the Massachusetts State Police for their diligence in protecting our citizens and apologize for the expense that was caused that day.”</span></blockquote> And...<blockquote><span style="font-style:italic;">Simpson was originally charged with “possession of a hoax device,” a charge which would require prosecutors to show she meant to scare people with her circuit board, which contained light-emitting diodes in the shape of a star. But they “determined that they could not move forward on that count and dismissed it to the disorderly [conduct] charge,” according to a press release supplied by Wark.</span></blockquote>Apparently this resolution is satisfactory by both sides but from the perspective of an interested observer, the public declaration that Simpson had "made a mistake" looks to be prosecutorial coercion.<br /><br />Unfortunate as the incident was, Simpson had not made any mistake to speak of. While her university garb certainly frightened airport security, it is a difficult argument to make that Simpson or anyone else might know, a priori, that an LED device would be treated with near deadly force except the airport information administrator who translated teenage belligerence into a potential terrorist threat.<br /><br />The feel-good one-upsmanship of the prosecution in this case is childish and demeaning to those who care about establishing civil operating procedures in sensitive public places. Simpson's apology for being young and impulsive will not prevent the next teen from being young and impulsive.<br /><br />A smarter judicial system would have Simpson's community service be served at an airport educating information officers on what to look for in dangerous devices and what to ignore. And the airport itself would do well to re-examine the responses of information personnel to situations such as Simpson's.<br /><br />One must also question the court's insistence that Simpson's community service "half of which much be completed with veterans". Why veterans? Why not active armed agents who can meet and talk to the person they were about to kill because an airport greeter got their nose out of joint? This would be a far more productive use of Simpson's time.<br /><br />It is hard to understand why the court is establishing separate class distinctions in the defining community service. It seems to me that the community and not the courts should establish the guidelines to Simpson's service.<br /><br />The final troubling footnote to this episode is that <blockquote><span style="font-style:italic;">During the time between her arrest and the June 2 hearing, Simpson was banned from Massport property, including Logan Airport, and had to fly out of other New England airports. “It also meant I couldn’t attend the international symposium on wearable computing, as it was held at the Hyatt at Logan Airport,” Simpson said in an e-mail to The Tech.<br /><br />It is unclear who issued the ban. Wark said the district attorney’s office had not requested this restriction. Dwyer could not be reached by press time.</span></blockquote>This implies that the rule of law is suspended for those who are awaiting trial even though there sufficient evidence that the incident is an unfortunate mistake by all involved.<br /><br />It is of special interest to know how the rights of American citizens awaiting trial can be suspended so mysteriously.<br /><br />- krasickiThe Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com1tag:blogger.com,1999:blog-6588958359069953822.post-84831338068610633572007-12-08T19:38:00.000-05:002007-12-08T23:07:58.826-05:00Clarifying the Securing Adolescents From Exploitation-Online Act, or SAFE ActBob Johnston's observations:<blockquote><span style="font-style:italic;">It appears that early reporting was very misleading and undoubtedly will create urban legend. When I read the first reporting it indicated that anyone with public Wi-Fi, including you or me should we be so foolish, could be prosecuted if someone used it to transport child porn. My immediate reaction was how would someone even know without monitoring all activity? A virtual impossibility.<br /><br />Later coverage makes it clear that is not the issue and I wonder why the current bill is even necessary other than raising the penalties from $150,000 to $300,000. The current law makes it clear that if anyone sees child porn wherever....that is, not only digitally but also in print, that we must report it to law enforcement or risk prosecution for failure to do so. Knowledge of this law is important for anyone within the digital computer trade whether a forensic investigator, repairman or simply being a friendly neighbor.<br /><br />Yes. If you help a neighbor fix his/her computer and observe child porn you must report it. When I take a forensic case, I always advise the client of this obligation. When I help a neighbor, I do not as I do not want to offend a friend but am beginning to wonder whether I should advise them as well. Not because I suspect anyone, but just because it could happen.<br /><br />Do not misunderstand...I abhor child pornography but I do question laws that hold me accountable for reporting to law enforcement what I observe while practicing my trade. I recently saw a prosecution in the State of Connecticut of an attorney who did not see but had believable knowledge of the presence of child pornography on a laptop. He took the laptop and disposed of it. He was prosecuted under the federal statute and convicted. To me that is a stretch of the statute as I understand it. He was an attorney. When will we see the common man similarly prosecuted?<br /><br />By way of example...I advise a potential client of my obligation to report child porn if I see it and the client decides not to engage me. Is that "believable knowledge"? <br /><br />Should I report that to law enforcement? <br /><br />Can I be prosecuted if I do not? <br /><br />Should I be prosecuted if I do not? <br /><br />What say you?</span></blockquote><br />Since Bob discussed this in the private Julie Group blog <a href="http://www.news.com/8301-13578_3-9830648-38.html">a second issue is being discussed by Declan McCullagh over at CNet:</a><blockquote><span style="font-style:italic;">The definition of which images qualify as illegal is expansive. It includes obvious child pornography, meaning photographs and videos of children being molested. It also includes photographs of fully clothed minors in unlawfully "lascivious" poses, and certain obscene visual depictions including a "drawing, cartoon, sculpture, or painting."<br /><br />Most reasonable adults, including home Wi-Fi providers or the Web sites affected by this legislation, can figure out what actual child pornography is. But when it comes to photographs of fully clothed minors in "lascivious" poses, and overly risque cartoon anime that might be "obscene" in one area of the country and permissible in another, it becomes trickier--especially when, legally, only a jury can determine whether an image violates local community standards. </span></blockquote>The part I find a bit unsettling is the inclusion of pieces of art in these definitions.The Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com3tag:blogger.com,1999:blog-6588958359069953822.post-6446093111021623532007-10-26T10:21:00.000-05:002007-10-26T20:46:29.374-05:00Don't Get Burned TwiceAs Randy Abrams in his blog piece <a href="http://www.eset.com/threat-center/blog/?p=88">Don't Get Burned Twice</a> points out, "The current fires in Southern California are causing misery to hundreds of thousands of people ... As is the case with all disasters there are good people rallying to help and bad people trying to exploit the situation for profit. It may be a good time to remind people about some best practices to make sure that the money you earmark for helping people goes to helping people."<br /><br />He offers some sage advice about how to avoid getting scammed, "First of all, do not respond to email messages soliciting donations, even from legitimate charities. These messages often are not sent by the charity itself. If you get an email from The American Red Cross and you wish to donate to this respected organization, do not use any information in the email as it may have been sent by a scammer that will redirect you to their fake Red Cross web site. Instead, look up the phone number for the Red Cross, or open your browser yourself and type in <a href="http://american.redcross.org/">http://american.redcross.org</a>." He then goes on to say that if the American Red Cross is not your favorite charity, "A site that can assist you with determining the legitimacy and effectiveness of a charity is <a href="http://www.charitynavigator.org/">http://www.charitynavigator.org/</a>." And above all, "do not give cash to people claiming to represent charities. At LAX or other public places a person may approach you claiming to be collecting for victims of this or other disasters. They may even have impressive documents that are easily printed on a home PC. Some of these people are undoubtedly legitimate, but unless you are a psychic you probably won’t know. Take the information about the charity they represent and look it up before you part with your money."<br /><br />As he says, "A few simple precautions will help prevent you and the victims you seek to help from being victimized."<br /><br />And congratulations to Randy and his fellow employees at <a href="http://www.eset.com/">ESET LLC</a> for volunteering their time and money to assist victims.<br /><br /><span style="font-size:85%;"><span style="font-style: italic;">The opinions expressed in this post are those of the author and should not be interpreted as an official position of The Julie Group</span>.</span><br /><br />--Chip Neville<br /><br />PS. Fellow Julie Group blogger Karoli has a dead-on post, <a href="http://www.drumsnwhistles.com/2007/10/24/attention-mainstream-media-quit-comparing-soca-fires-to-katrina/">Attention Mainstream Media: Quit Comparing SoCa Fires to Katrina!</a> at <a href="http://www.drumsnwhistles.com/">odd time signatures</a>.The Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com1tag:blogger.com,1999:blog-6588958359069953822.post-16969139705778960202007-10-12T19:59:00.000-05:002007-10-12T20:21:21.417-05:00Should OnStar Shut Your Car Down?There has been quite a commotion over at <a href="http://hardware.slashdot.org/article.pl?sid=07/10/09/2110216">Slashdot</a> about General Motors' plan to "install OnStar systems on almost 1.7 million 2009-model cars." It seems our friends at GM plan to incorporate a "feature" which will allow "law enforcement (or anyone who cracks the system) to remotely shut down vehicles." And <a href="http://lauren.vortex.com/archive/000313.html">Lauren Weinstein</a> writes, "Ready to turn over the keys of your vehicle to the cops, or that clever hacker in the next lane? How about that creepy guy following you on a lonely country road?"<br /><br />These are good points. But so is the point made by the Cal Highway Patrol Deputy Commissioner, Joe Farrow, that about 15 percent of the pursuits are at speeds of 90 miles per hour and greater, and that, "There are some high-speed chases that we have out here that we'd like to bring to a halt." You don't have to be a rocket scientist to figure out that this stuff is dangerous, and as the <a href="http://ap.google.com/article/ALeqM5gn55yegRAw_W9RfFKNKkCFTECxHQD8S5H7N80">AP story</a> where Farrow is quoted points out, 404 people were killed in the US last year in high speed police pursuits.<br /><br />Clearly, there is a balancing act here. We, the public, need to balance the number of injuries and deaths to be prevented by installing OnStar against the certainty that those nasty folks at evil.wicked.hackers.org will try, and for a time succeed, in hacking the OnStar system.<br /><br />One way to do this balancing would be to demand public hearings in states like California on this issue. And the computer security community needs to be prepared to provide timely and accurate input. Perhaps we should ask the people over at <a href="http://www.shmoo.com/">The Shmoo Group</a>, the people who gave us AirSnort and exposed just how vulnerable the WEP encryption scheme is, to try to hack into OnStar just to find out how easy or hard it is to do.<br /><br />We need some data here folks! This is too important an issue to leave to GM (or slashdot). And GM, if legitimate security researchers need your exalted permission to hack OnStar, you need to be prepared to give it.<br /><br /><span style="font-size:85%;"><span style="font-style: italic;">The opinions expressed in this post are those of the author and should not be interpreted as an official position of The Julie Group.</span></span><br /><br />--Chip NevilleThe Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com0tag:blogger.com,1999:blog-6588958359069953822.post-32223643893049447332007-10-01T21:12:00.000-05:002007-10-01T21:31:27.590-05:00A Welcome Court DecisionArstechnica today reports that an Ohio judge understands the issues involved with child pornography laws, teens, and computing. In an entry called <span style="font-weight:bold;"><a href="http://arstechnica.com/news.ars/post/20071001-judge-bars-ohios-attempt-to-keep-harmful-internet-content-away-from-minors.html">Judge bars Ohio's attempt to keep "harmful" Internet content away from minors</a></span> by Nate Anderson, he reports,<blockquote><span style="font-style:italic;">The state of Ohio this week found itself on the losing end of a judicial decision that struck down a state law banning all Internet transmission of content that is "harmful to minors" if the sender should know that someone on the receiving end is a minor.<br />Federal judge Walter Rice issued a permanent injunction against the law after pointing out the many ways that it could restrict legitimate speech between adults. The Supreme Court has already found that Internet users have reason to believe that there are minors present in every chat room, for instance; under the Ohio law, anything deemed obscene for minors that was uttered in a chat room could therefore possibly lead to prosecution.<br /><br />The law was first passed in 2002 and immediately challenged by Media Coalition, a group of booksellers, newspapers, and providers of sexual health information. The judge soon granted a preliminary injunction, and the state amended the law in order to avoid several of the original problems. Despite the changes, Judge Rice still found the bill too broad when applied to the Internet, where it can be difficult or impossible to know the ages of every person that one interacts with.<br /><br />Media Coalition's executive director, David Horowitz, praised the decision. "While we should have adequate legal safeguards to shield children from objectionable content," he said, "those safeguards cannot unreasonably interfere with the rights of adults to have access to materials that are legal for them." </span></blockquote>Today, legislators, judges, and informed citizens must insist an end to witch-hunt prosecutions of citizens, in many cases minors, for possession of material that they may encounter due to legitimate online activity.<br /><br />Consenting adults enjoy broad cultural interests that will occasionally intersect the lives of others. The underlying personalization automata of the internet is indifferent to social norms. Perfectly innocent people's computers are daily assaulted by malware, viruses, and ingenious scripts that can control and contrive artificial and unwelcome content on anyone's computer. If that content comes to the attention of the authorities, the unfortunate party can find themselves accused of crimes they did not commit.<br /><br />Knowing what we know about artificial intelligences influencing personal computers, we need more judges insisting on free speech who can couple that conviction with an intolerance for nuisance prosecutions based on synthetic digital realities.<br /><br />- krasickiThe Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com3tag:blogger.com,1999:blog-6588958359069953822.post-7922612836893465272007-08-03T15:17:00.000-05:002007-08-05T15:21:36.839-05:00The Child Safe Viewing Act of 2007 Tackles the Wrong ProblemThe Senate Commerce Committee today passed the Child Safe Viewing Act of 2007 (S. 602), which requires the Federal Communications Commission (FCC) to study the "existence and availability" of filtering technologies for audio and video content transmitted over "wired, wireless, and Internet" platforms, as well as other devices.<br /><br />The stated purpose of the bill is to develop the "next generation of parental control technology."<br /><br />While I have no objection to parental controls and filters overall, I am concerned that there is an over-reliance on these devices as a method to shield children from objectionable content while shifting the focus away from the source of the content -- those who create, distribute, and profit from pornography by employing deceptive marketing techniques, adware, and malware as their primary method of distribution.<br /><br />There's also nothing wrong with studying different methods to protect children. However, this bill calls for the FCC to "consider measures to <font style="font-weight: bold;">encourage or require</font> the use of advanced blocking technologies that are compatible with various communications devices or platforms." It goes on to define those platforms as "wired, wireless, and Internet platforms."<br /><br />The Center for Democracy and Technology released this <a href="http://www.cdt.org/headlines/1032">statement</a> earlier this week in response to the language contained in the measure:<blockquote><br /><br />The Senate Commerce Committee today passed the Child Safe Viewing Act of 2007 (S. 602), which requires the Federal Communications Commission (FCC) to study the "existence and availability" of filtering technologies for audio and video content transmitted over "wired, wireless, and Internet" platforms, as well as other devices. CDT does not oppose a purely fact-finding study, but maintains that a neutral, non-regulatory body such as the National Academy of Sciences would be better suited to such a project. More importantly, CDT is concerned that this legislation may represent a step toward expanding the FCC's censorship authority to include Internet content.</blockquote><br />This measure aims at the wrong end of the beast. It would be far more productive for the lawmakers in this country to concentrate their resources at the creators and beneficiaries of illegal content on the Internet and leave decisions regarding what parents do and do not wish for their children to view to the parents. This is the view of the <a href="http://www.pff.org/">Progress & Freedom Foundation</a> as well, as expressed in their paper released earlier this week <a href="http://www.pff.org/issues-pubs/pops/pop14.17pryorchildsafetyviewingact.pdf">discussing the implications</a> of content regulation. From their press release:<br /><br /><blockquote> In his paper, Thierer asserts that there is no need for Congress or the FCC to mandate tools that already exist. Moreover, if the FCC starts "approving" certain technologies, it is likely to slow the development of new blocking technologies.<br /><br />Thierer's view is that the measure, while well intentioned, would create unnecessary regulation where there is no market failure at work.As he pointed out in his recent Progress and Freedom Foundation book,<a href="http://www.pff.org/parentalcontrols/index.html"> Parental Controls and Online Child Protection: A Survey of Tools and Methods</a>, "There has never been a time in our nation's history when parents have had more tools and methods at their disposal to help them decide what is acceptable in their homes and in the lives of their children."</blockquote><br /><br />Everyone wants to protect children from rogues, no matter what space they inhabit. That's why I taught my kids not to talk to strangers, not to walk anywhere by themselves, and other basic safety measures to keep them safe on city streets, playgrounds, and even their front yard. Safe internet, television and wireless phone use is also a parental responsibility. What I rely on lawmakers and associated agencies to do is enforce the laws to hold the lawbreakers -- those who create, produce and distribute harmful content -- accountable for the harm they do with their selfish acts.<br /><br />Filtering content on a mandatory basis pushes all of us down the slippery slope of accepting others' value judgments about what is, and what isn't "dangerous content" that should be subject to blocking. This measure calls for the FCC to craft rules that ignore existing rating systems in favor of defining the scope of the filters through some other subjective basis.<br /><br />Will the art of the Old Masters be deemed to fall into the category of objectionable content? There are some who would say that it should be included if it includes depictions of genitalia, while others (including me) would not. What about sites which discuss legitimate issues surrounding sexuality and relationships? How would mandatory filtering be enforced? Through the telecommunications and cable companies or by the individual? <br /><br />Filtering technologies have proven inherent flaws that will not disappear, simply because human communication is too complex and too nuanced to be fed into a database of prohibitions. For every rule there are 10 exceptions. The appropriate approach is to identify and prosecute creators and distributors of clearly illegal content, and exercise parental discretion and supervision over Internet, wireless and television viewing.<br /><br />What do you think? Do filters work? Parents, how do you keep your children protected on the Internet?<br /><br /><small><br /><em>The opinions expressed in this post are those of the author and should not be interpreted as an official position of The Julie Group</em></small><br /><br />--Karoli<br /><br /><font style="font-weight: bold;">Bonus Link: </font><a href="http://blogs.law.harvard.edu/mediaberkman/category/projects/opennet-initiative/"> Berkman Center for Internet and Technology: 2007 OpenNet Initiative</a>Karolihttp://www.blogger.com/profile/16709478610875267603noreply@blogger.com0tag:blogger.com,1999:blog-6588958359069953822.post-4317721476930082192007-08-02T14:03:00.000-05:002007-08-02T14:23:09.347-05:00A Curious ConundrumThere I was, minding my own business - well, complaining about Adware - when the verdict from the <a href="http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/08/02/nlangham402.xml">Chris Langham trial</a> popped onto the TV. Though I missed the bulk of the news report, I did pick up one of the legal type guys saying something that can be summed up like this:<br /><br />"These sort of images (child pornography) don't just pop onto your screen. You have to go looking for it".<br /><br />Now, it's clear that in <span style="font-style: italic;">this</span> case, Langham did indeed "go looking for it", though only he can truly know if the motive was "research" or not.<br /><br />However. The above statement seemed to come across as a more general, sweeping, non-Chris Langham specific statement.<br /><br />This is sort of dangerous.<br /><br />Already, we've had a <a href="http://blogs.zdnet.com/Spyware/?p=812">web browser</a> that fires up illegal porn without the permission of the person using it. There are currently plans in the UK to make certain kinds of extreme porn - rape, for example - illegal. But here's a <a href="http://blog.spywareguide.com/2007/07/blog_hijackings_lead_to_zlob_r_1.html">hijack</a> from a few days ago involving supposedly normal blogs immediately redirecting the end-user to rape porn.<br /><br />Bam, just like that. Have some potentially illegal porn, on the house. Quick, free, easy and totally without warning.<br /><br />I have little faith in UK law at the best of times, especially where cases of a technological nature are concerned. To put out the message that you "have to go looking for it" is spurious at best, and not a mindset the public at large should be fooled into believing.<br /><br />I never liked TV anyway.Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-6588958359069953822.post-64795982586000021832007-07-29T14:21:00.000-05:002007-07-29T14:52:02.488-05:00Substitute Teachers and School Attendance SoftwareIn recent discussions of the Julie Group's volunteers an interesting observation surfaced that sheds considerable light onto the plight of Julie Amero's experience in the classroom when confronted by the <span style="font-style:italic;">porn</span>ado of inappropriate images on a school teacher's computer.<br /><br />In many schools across the country, the software that monitors attendance makes no accommodations for substitute teachers. The regular classroom teacher's account <span style="font-weight:bold;">exclusively </span>controls classroom access and privacy to that classroom's student attendance records.<br /><br />And attendance is critical to the central administration of the school. Administrators are made aware of unusual absences because regular and substitute teachers enter the data in realtime. Pulling the plug on the computer by a substitute teacher creates a crippling situation for that classroom and potentially the school.<br /><br />Critics of Julie Amero or other substitute teachers who follow the rules of not shutting off classroom computers do not understand the gravity of doing so. Shutting off that classroom computer compromises critical school administrative functionality that safeguards the students and staff in the event of a true emergency.<br /><br />Unfortunately, even school administrators are oblivious to the software's catch-22 defect. The software works fine only when regular classroom teachers are all present and accounted for <span style="font-style:italic;">or if all their logins are functioning properly</span>. Otherwise, substitutes are hostage to making sure the computer is not shutdown (because they can't get back in). This is a requirements blindspot in designing the software.<br /><br />In Julie Amero's case, no one mention the fact that Julie had done the right thing by leaving the computer running and logged in. The inference was that she should have done more to "protect the students". And the prosecution did nothing to disspell this idea either. The public was mistakenly lead to believe that pulling the plug on the computer was a no-brainer and legitimate option. It wasn't and isn't for most substitute teachers.<br /><br />In fact, Julie did the only thing she could - leave the software running and deal as best she could with an awful classroom crisis. When substitute teachers are put into compromising positions about turning off computers these facts must be presented fairly in their defense. They are justifiably following procedures that keep the system whole and healthy. They have no other real administrative choice.<br /><br />- krasickiThe Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com1tag:blogger.com,1999:blog-6588958359069953822.post-64109954289934331242007-07-10T21:42:00.000-05:002007-07-10T22:01:43.661-05:00Recent Decisions of InterestRecently two court decisions came to the attention of the Julie Group. Both demonstrate an enlightened approach toward ruling on digital porn cases.<br /><br />The first, from Pennsylvania, is linked from a site called out-law.com run by an international law firm that we are not in any way affiliated with. The link entitled, <a style="font-weight: bold;" href=" http://www.out-law.com/page-7467"><span style="font-size:100%;">Pennsylvania court says viewing child porn 'not illegal'</span></a><span style="font-weight: bold;"><span style="font-size:100%;"> </span></span><span style="font-size:100%;">goes on to clarify... "</span><span style="font-style: italic;">A US court has ruled that viewing child pornography on a website without deliberately saving it to a computer is not a crime. The judge said that the state penal code was ambiguous, so he must rule in favour of the defendant.</span><span style="font-style: italic;"><span style="font-size:100%;">"<br /></span></span><p></p><p></p><blockquote><p>Anthony Diodoro, a 26-year-old from Delaware County, Pennsylvania admitted knowingly viewing 370 child-porn images online. He also admitted that he had intentionally visited the websites for the purpose of viewing child porn.</p> <p>State law says that a person must have "knowing possession" of child pornography in order for it to be a crime. A panel of three judges in the Pennsylvania Superior Court concluded that Diodoro could not be convicted of knowingly possessing the images because there was no evidence that Diodoro knew that his computer was storing the images in its internet cache file.</p> <p>"Because this is a penal statute with an ambiguous term when it comes to computer technology, it must be construed strictly and in favour of the defendant," wrote Judge Richard Klein.</p> <p>"A defendant must have fair notice that his conduct is criminal," wrote Klein. "Because of the ambiguity, sufficient notice was not provided here. For this reason, we are constrained to reverse [a previous decision] and leave it to the Legislature to clarify the language if it intends to make the mere 'viewing' of child pornography a crime."</p></blockquote><p></p>The article further discusses this decision.<br /><br />The second case is detailed in <a href="http://www.law.com/jsp/article.jsp?id=1182848790153">Law.com</a>. The entry called, <span style="font-size:100%;"><span style="font-weight: bold;"></span>Appeals Panel 'Reluctantly' Tosses Child Porn Case</span> by Alyson M. Palmer, <a href=" http://www.dailyreportonline.com/" class="source">Fulton County Daily Report</a><span class="source"> discusses a case in which "<span style="font-style: italic;"></span></span><span style="font-style: italic;">Judges of the Georgia Court of Appeals last week said they must "reluctantly" issue an opinion that may make it more difficult for the state to prosecute people who look at child pornography.</span><span class="source">" It goes on to give us some details.<br /><br /></span><p style="font-style: italic;"></p><blockquote><p style="font-style: italic;">A three-judge panel on June 21 reversed the conviction of a North Georgia man on 106 counts of sexual exploitation of children because, the judges found, prosecutors didn't prove that the man knew he had pornographic images stored in his computer hard drive.</p> <p style="font-style: italic;">In what it said was an issue of first impression in Georgia, the panel of Judge M. Yvette Miller, Chief Judge Anne Elizabeth Barnes and Presiding Judge J.D. Smith narrowly construed what it means to "knowingly" possess child pornography under the state's sexual exploitation law. It's not enough, wrote Miller for the panel, to prove a defendant has pornographic images in the inaccessible cache files of his computer.</p> <p style="font-style: italic;">The district attorney whose office prosecuted the case, Herbert E. Franklin Jr. of Walker County, said the ruling will make his job harder.</p> <p style="font-style: italic;">"With the computer savvy folks out there ... it's going to limit our ability to prosecute, I would think," he said.</p> <p style="font-style: italic;">But the lawyer who won the appeal, Daniel J. Ripper, of Luther-Anderson in Chattanooga, Tenn., said the opinion just gives prosecutors a roadmap for handling child pornography cases. "This is a case that says, 'Here are the facts that you need,'" said Ripper, a member of the State Bar of Georgia who said about half of his work is in Georgia.</p></blockquote><p style="font-style: italic;"></p>In fact, the Julie Group is finding a disturbing number of nationwide prosecutions that are based on pornographic images stored on a person's computer. The unlikely suspects are teachers, police, teens, and others who find themselves fighting for their lives and, in some cases, bankrupting their resources to prove that they were unaware of the computer activity.<br /><br />Courts are wise to require clarity in the law where it may be ambiguous. Imprecise criminal statutes can lead to conviction by opinion rather than conviction under the law and can ensnare the innocent as well as the guilty. Innocent people are routinely subjected to automations whose sole purpose is to control content on that person's machine with benign (blind?) disregard for the consequences. The authorities too often assume the automations are invited or actively engaged or are unaware of the phenomenon altogether. Instead of tracing the pornography to its source, it is raced to its destinations - often unsolicited destinations.<br /><br />And laws that make no distinction between motive to possess such material and mere coincidental possession, entrap people who happen to use the internet. Everybody and anybody accused then becomes a target of the state to prove their immoral fitness to fit the crime.<br /><br />Judges, courts, and juries who demand and honor the concept of <span style="font-style: italic;">innocent until proven guilty beyond a reasonable doubt</span> are not promoting child pornography, violence, or immoral behaviors. They simply assert that innocent citizens are not criminals for co-incidental and the unsolicited, automated behaviors of computers in their charge. This is often referred to as <span style="font-weight: bold;">justice</span>.<br /><br />- krasicki/jsThe Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com3tag:blogger.com,1999:blog-6588958359069953822.post-46180709079074468562007-06-19T21:11:00.000-05:002007-06-19T21:54:06.551-05:00Slow ProgressDespite the appearance that nothing is going on, our volunteers are busy behind the scenes working on some basic needs the group has to create a working relationship and a professional delivery system.<br /><br />Aside from that we have once again identified some patterns of use and abuse that we will begin to invite all of you to participate in exploring to one degree or another. Some of the detective work will always need to be private.<br /><br />But some of it is a democratic conversation that only citizens can remediate.<br /><br />Something all of you can begin to think about is the question of <span style="font-style: italic;">what constitutes fair punishment for a given crime</span>? Julie Amero captured the world's attention by being found guilty of involuntarily exposing students to inappropriate content and potentially being sentenced to forty years in jail (the prosecutor - playing devil's advocate and enjoying the kill - whispered to Julie eighteen years). A teacher put in this position could in some places plea bargain <span style="font-style: italic;">down to a charge of murder</span> and get a lighter sentence. In fact local newspapers described murder cases with far lighter sentences concurrent to Julie's ordeal.<br /><br />Some of us believe the justice system is broken and absurd when it has to deal with disruptive technologies. For example, pornographers are the first adopters of artificially generated computer behaviors that make machines misbehave in the eyes of the law. Yet the authorities are charging the person closest to the misbehaving machine with the crime.<br /><br />A teacher exposed to the irresponsibilities of students commandeering computers are easy, unsuspecting targets. Are pornographic pictures suddenly found on infected computers indicative of rampant criminal intent by middle-aged, married, middle-school teachers or is there a more sensible conclusion we can come to? <br /><br />We'd like you all to think about this and let the world know your thoughts and ideas on fixing these legal issues. We'll attempt to feature the best ideas in later entries.<br /><br />Word of mouth is often the best educational process we can invest in.The Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com1tag:blogger.com,1999:blog-6588958359069953822.post-29490349806498442762007-06-13T22:28:00.000-05:002007-06-13T22:44:31.588-05:00What our Links of Interest RepresentThe opinions expressed here will vary among writers as will our links. When we post a link of interest we are pointing out to our readers some of the kinds of issues that are important to all of us.<br /><br />As a clarification, in the case of Matt Bandy, his case has been resolved and our interest is to use his experience as an example for others to learn from. You will hear more in the coming weeks. Unfortunately, we gave the impression initially that the Bandy case was something we would be pursuing pro-actively when in fact we will be doing some postmortems to glean insight into unresolved cases of the same archetype.<br /><br />We cannot undo or reopen cases that have been tried. Our interest is in learning from some of those that deserve our scrutiny as a society. The Bandy case is a prime example.<br /><br />Secondly, we invite developers who work for less than ethical spamming companies, pornographers, or otherwise sleazy operators to contact us when your conscience catches up to you. You can help us prevent or understand malicious machine behaviors better than anyone. Write to ask us for our most confidential contacts and start your conversation there.<br /><br />Preventing malicious behaviors is a very important goal for everyone. Lift yourself out of the mud here.The Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com0tag:blogger.com,1999:blog-6588958359069953822.post-67051745028292452632007-06-13T00:54:00.000-05:002007-06-13T00:59:53.431-05:00Connecticut Law Tribune: Set Evidentiary StandardsThe <a href="http://federalism.typepad.com/crime_federalism/2007/06/garbage_data_to.html">Crime & Federalism blog</a> has an article from the Connecticut Law Tribune:<blockquote>A similar issue arose not long ago in a case I tried against John Danaher, now the state's public safety commissioner. An FBI agent with a fine arts background testified about computer-enhanced images of a hat band that the federal government used to link my client to the robbery of a jewelry store. The agent's testimony about digital manipulation of images came down to this: it is reliable because we use it all the time.<br /><br /><a href="http://www.jud.state.ct.us/external/supapp/justiceRogers.html">Chief Justice Chase Rogers</a> is reaching out far and wide to tap lawyers and judges to sit on committees for all manner of things. How about a committee on evidentiary standards for computer-generated evidence? The bar is ignorant. And innocent people are getting hurt. Just ask Julie Amero.</blockquote><br />This would be an excellent beginning. If the courts were to set evidentiary standards for computer-generated evidence, there would be a foundation for local and state law enforcement agencies to form best practices guidelines around their investigations of crimes involving computers and Internet use.Karolihttp://www.blogger.com/profile/16709478610875267603noreply@blogger.com2tag:blogger.com,1999:blog-6588958359069953822.post-43468908755936828532007-06-10T17:05:00.000-05:002007-06-11T21:51:36.598-05:00Matt Bandy Could Be You. Or ME.<a href="http://justice4matt.com/">Matt Bandy's story</a> sent a chill up my spine as I read it this morning. Matthew was 16 when authorities arrested and charged him with possessing and uploading child pornography (<a href="http://justice4matt.com/MattsStory.html">Full Story</a>).<br /><br />Matt was the victim of at least one (and likely more than one) worm that turned his computer into a "<a href="http://en.wikipedia.org/wiki/Zombie_computer">zombie computer</a>". To give you an idea of the pervasiveness of zombies, vnunet.com reported on a foiled botnet operation that had put <a href="http://www.vnunet.com/vnunet/news/2144375/botnet-operation-ruled-million">1.5 million computers and servers under its control</a>. (A botnet is a collection of computers infected with the same worm). Botnets are used to send spam, infect other computers, and upload pornography, among other things.<br /><br />Here's the thing: <span style="FONT-WEIGHT: bold">Zombies operate transparently. The user has no idea what his own computer is doing.</span> That means you can be held responsible for activity originating with your computer for which you had no control, involvement or even knowledge.<br /><br />This is exactly what happened to Matt. Ultimately he accepted a plea bargain on the advice of his attorneys. even though the forensic examination of Matt's computer proved the presence of malware, even though he passed two independent polygraph examinations where he flatly denied any pornography uploads, even though two independent psychological evaluations concluded that he did not meet the profile for a diagnosis of paraphilia.<br /><br />The prosecutor would not back down. If a jury had convicted him, he could have spent up to 90 years in prison (This is not subject to judicial discretion -- more on that in a minute). If he accepted the plea bargain, he would have to register as a sex offender but would be sentenced to probation. After <a href="http://abcnews.go.com/2020/LegalCenter/Story?id=2785054&page=2">ABC's 20/20 aired a segment</a> on his plight in January 2007, the sex offender designation was removed by order of the court.<br /><br /><big><span style="FONT-WEIGHT: bold">Is this justice? How did this happen?</span></big><br /><br /><span style="FONT-WEIGHT: bold">I. Anti-Porn Policies and Initiatives Pressure Local Prosecutors to Produce</span><br /><br />There are certain initiatives in the halls of justice - national and state - that have top priority. <a href="http://www.projectsafechildhood.gov/">Project Safe Childhood</a> is one of those. Here is a description of the initiative from the PSC Guide:<br /><br /><blockquote>PSC creates, on a national platform, locally designed partnerships of federal, state, local, and tribal law enforcement officers in each federal judicial district to investigate and prosecute Internet-based crimes against children.</blockquote>and this:<br /><br /><blockquote>U.S. Attorneys will coordinate the investigation and prosecution of child exploitation crimes, and the efforts to identify and rescue victims. Establishing open and formal lines of infor-mation-sharing and case referrals is imperative, so that investigators and prosecutors can use all available tools for finding offenders and selecting the most appropriate forum in which to seek convictions. And aggressive investigations and prosecutions must be accompanied by strong victim-assistance efforts.</blockquote>Finally, there's this:<br /><br /><blockquote>"For these reasons, it is important for federal investigators and prosecutors to bring all available resources to bear upon investigations and prosecutions of Internet-based crimes against children, and for federal prosecutors to substantially increase the <span style="FONT-WEIGHT: bold">number of prosecutions of child pornography and enticement offenses</span>."</blockquote>This is an admirable goal. I am certainly all for the prosecution of those who commit crimes against children, aren't you?<br /><br />But there's a word missing from that final paragraph. An important one. The word is "legitimate", and it belongs here, so that the sentence reads this way:<br /><br />"...all available resources to bear upon investigations and LEGITIMATE prosecutions of Internet-based crimes against children, and for federal prosecutors to substantially increase the number of LEGITIMATE number of prosecutions of child pornography and enticement offenses."<br /><br />Common sense dictates that when the results of an investigation prove the existence of malware and worms which are linked to illegal activity OUTSIDE OF THE CONTROL of the user, a prosecution is not legitimate. Period.<br /><br />Prosecutors are expected to deliver the goods, and they are measured on the NUMBER OF CASES they prosecute successfully, either by conviction or plea-bargain.<br /><br />This sweeping initiative and mandate for federal, state and local law enforcement agencies creates an environment of rigidity and the need for prosecutors to give the impression of zero tolerance for pornography, regardless of its source. If you're convicted, the sentences are <span style="FONT-WEIGHT: bold">non-negotiable under federal and state sentencing guidelines</span>.<br /><br /><span style="FONT-WEIGHT: bold">II. Ignorance about Malware Left the Door Wide Open</span><br /><br />In the Bandy case, the ignorance wasn't simply on the prosecutor's end. Matt Bandy's parents had absolutely no clue about how to secure their computer and network properly. They're not unusual. As an admitted geek, I receive calls all the time from friends and family in a panic because their computer is infected with something and they have no idea how it got that way or what to do about it.<br /><br /><span style="FONT-WEIGHT: bold">Here's a fact: Kids can infect a computer faster than anyone else in the house.</span> They go to game sites, game hack sites, have their Instant Messenger programs open all the time, accept files from anyone and believe what they read. They're kids. They haven't learned to be cynical yet. So when they click on the blinking "You've just won a million dollars" window, they're believers. By the time they figure it out it's too late if they're out there on the Internet with inadequate safeguards.<br /><br /><span style="FONT-WEIGHT: bold">Here's another fact: Filters are a bandaid and nothing more.</span> Relying on site and word filters to protect kids from pornography doesn't work for anyone. That means schools, homes, and businesses. There are too many ways around them, they can't block every iteration of the word and they give a false sense of security.<br /><span style="FONT-WEIGHT: bold"><br />One last fact: It can happen even if you're a geek</span>. I love computers. I'm a geek. I've been on the Internet from the early days, I've built my own computers, I maintain our home and office network and I stay updated on Internet security issues.<br /><br />Yet, my 17-year old son managed to: a) Visit Internet porn sites; and b) infect his computer with 100 different flavors of malware in February of this year. This, despite what I thought was a locked-down network (he ended up on a neighbor's wifi connection), and up-to-date virus protection (his expired in January, I didn't check and he didn't tell me). As far as I can tell, it took about two surfing sessions to thoroughly infect his laptop.<br /><br /><span style="font-size:130%;"><span style="FONT-WEIGHT: bold">Matt Bandy's story could have been mine. It could be yours. It will be someone else's. It is already someone else's. </span></span><br /><br />Greater minds than mine are wrestling with this issue. Some of them participate here. While waiting to hear from them, visit the <a href="http://new.csriu.org/">Center for Safe and Responsible Internet Use</a>. Director Nancy Willard has some excellent information on the site about <a href="http://new.csriu.org/documents/">cyberbullying and keeping kids safe</a>. Read it. And start talking about it.Karolihttp://www.blogger.com/profile/16709478610875267603noreply@blogger.com12tag:blogger.com,1999:blog-6588958359069953822.post-61652468052899497742007-06-09T09:25:00.001-05:002007-06-10T15:04:51.951-05:00Welcome<strong><span style="font-size:130%;">Fear and stupidity combined with great power is a very dangerous thing. And that's exactly what's going on in this country right now.</span></strong><br /><br />In 2004, Julie Amero reported for duty as a substitute teacher in Connecticut as she had done for the past two years. Julie's life was on the upswing: She was pregnant with the child she and her husband Wes had wanted for years, they had a nice home in a nice town, and she was doing what she loved most, working with children. On October 19, 2004, Julie's life as she knew it was swept away by a "porn storm", or "pornado" caused by <a href="http://en.wikipedia.org/wiki/Malware">malware</a>. The computer in the classroom where Julie was teaching was flooding popup windows and ads, some of which were pornographic, and Julie didn't know how to stop them.<br /><br />She was accused, tried and convicted of causing the "<strong>risk of injury to a child</strong>", under Connecticut State Law. The law in Connecticut reads as follows:<br /><em><blockquote><em>Any person who willfully or unlawfully causes or permits any child under the<br />age of sixteen to be placed in such a situation that the morals of that child<br />are likely to be impaired shall be punished.</em> </blockquote></em><br />As I write this, her conviction has been overturned by the trial court and she is awaiting a new trial, as a result of the efforts of many: her lawyers, the Connecticut State Police crime lab, and computer forensic experts around the country.<br /><br /><strong><em>There are hundreds, if not thousands, of others who are in the same boat as Julie Amero.</em></strong><br /><br />Witness <a href="http://www.justice4matt.com/">Mathew Bandy</a>, the 16-year old, who almost went to prison for a false computer forensics charge. Or the teacher in your district (I assure you, there is one), who has spent all of their life savings trying to defend themselves from spurious computer "porn" charges -- when it likely that porn was downloaded on a classroom computer by a student.<br /><br />The problem is big. And it's not just schools. It's in business as well. We see trojans all day long that download nasty stuff, which aren't the result of anyone having done anything.<br /><br /><strong>And how many people are never charged but quietly fired?</strong><br /><br />As long as this society has made the decision that porn is a dangerous societal problem, then people all over the world are operating "dangerous" machinery. And when you get educators involved, it's a disaster waiting to happen.<br /><br />To us, Julie Amero's case has always been about two things:<br /><ul><li>Freeing Julie</li><br /><li>Making sure it doesn't happen to others</li></ul>Personal experiences have molded a lot of our thinking. One of our members wrote this, which was the spark that inspired us to undertake this project:<br /><blockquote><p>This is deeply personal to me. Years ago, a family member was charged with a very serious crime under the RICO act, for which I know without question that he was completely innocent. Tens of thousands of dollars later and a horrible experience, we finally got him out of prison. But do you know what RICO does? Your life, property, everything -- gone -- poof. </p><p>When people bang the drum about someone being "guilty!", I always pause -- and<br />look. Yes, most people charged with a crime are guilty. <em>But not all of them</em>, and that I know for certain. </p></blockquote>New technologies require education. DNA analysis and evidence has been misused to convict innocent people, bringing the <a href="http://www.innocenceproject.org">Innocence Project</a> into being for the purpose of education and reforming the system to fairly use a powerful forensic tool. Computers and computer networks are also powerful tools, but much education and reforms are needed to be sure that they are not used against innocent people. In general, judges are not computer experts, nor are many of the lawyers involved on the prosecution and defense.<br /><br />Our purpose here is twofold: First, to bring attention to those situations where injustice is being done through the misuse or misunderstanding of computers and computer forensics; and second, to prevent future injustice wherever we are able.The Julie Grouphttp://www.blogger.com/profile/10404319863936285563noreply@blogger.com2