Kudos to the security community for its role in overturning the conviction of a Connecticut school teacher.
Turns out, Julie Amero needed a CISO more than she needed a lawyer.
Amero is the Norwich, Conn., substitute teacher who was facing up to 40 years in jail after she was convicted in January on charges she put the morals of her students at risk by not doing enough to prevent them from viewing an onslaught of porn pop-ups that had overtaken a classroom PC.
She was granted a new trial in early June after an outpouring of support from the security, legal and education professions, and pro-bono forensics work from a team of experts that turned up enough evidence to put the guilty verdict in question. Judge Hillary Strackbein, in ordering a new trial, said a detective who testified for the defense had provided erroneous testimony, and there's a good chance the case will get thrown out and Amero's ordeal will be over.
Amero, an admitted computer noob, became a cause celebre among security and forensics folks. The evidence was spotty against her and technicalities prevented the defense's best witness from introducing forensics evidence that likely would have spared Amero the conviction. From the forensics, it appeared the classroom's Windows 98 machine (an upgraded Windows 95 relic) was unpatched and its antivirus and content filtering software subscriptions had expired. Logs showed adware present on the machine up to a month before Amero's October 19, 2004 gig as a substitute teacher. Suddenly, the contention Amero may have been surfing for porn was doused in cold water.
Sunbelt Software president Alex Eckelberry was part of the forensics dream team that was given a copy of the classroom's hard drive to examine. Their findings were then backed up by a state crime lab investigation. The team's goal was to compare testimony given at trial with what was on the drive. His personal goal was to right a wrong.
"The driving goal for me was to get someone off the hook and help her out," he says. "We found a number of issues with what was said at trial compared to physical evidence. Statements were made that were not backed up by [fact]. The judge said it: there were inaccuracies that may have led the jury to make a different decision."
Most importantly, Eckelberry and the team he was part of--forensics experts Glenn S. Dardick, Robin Stuart and Joel Folkerts; and Eric Sites of Sunbelt and Alex Shipp of MessageLabs--righted a wrong. But they also highlighted some gaps law enforcement has in dealing with sophisticated computer forensics tools, and just how insecure school IT systems are, and how woefully untrained some teachers are in dealing with such a situation.
"Society has decided that pornography is dangerous for children and impairs their morals. OK, if that's society's decision, you've got a machine [in Amero's case] that is dangerous and needs to be controlled," Eckelberry says. "This speaks to so many issues like teacher education, and how schools are protecting students. A half-day of training would have helped this."