Connecticut v. Amero

State of Connecticut v. Julie Amero is a court case in the 2000s concerning Internet privacy and DNS hijacking (specifically involving New.net). The defendant in the case, Julie Amero (born 1967), a substitute teacher, was previously convicted of four counts of risk of injury to a minor, or impairing the morals of a child, as the result of a computer that was infected with spyware and DNS hijacking software; the conviction was vacated on appeal.

Timeline
On October 19, 2004, Julie Amero was substituting for a seventh-grade language class at Kelly Middle School in Norwich, Connecticut. The teacher's computer was accessed by pupils while the regular teacher, Matthew Napp, was out of the room. When Amero took charge, the computer started showing pornographic images.

On January 5, 2007, Amero was convicted in Norwich Superior Court on four counts of risk of injury to a minor, or impairing the morals of a child. Her sentencing was delayed four times after her conviction, with both the prosecution and judge not satisfied that all aspects of the case had been assessed. The felony charges for which she was originally convicted carry a maximum prison sentence of 40 years.

On June 6, 2007, a New London superior court judge threw out the conviction of Amero, she was granted a new trial and entered a plea of not guilty.

On November 21, 2008, Julie Amero pleaded guilty to a single charge of disorderly conduct before Superior Court Judge Robert E. Young in Norwich, paying a US$100 charge and forfeiting her teaching credentials.

Controversy
The old computer, along with the school network, lacked up-to-date firewall or anti-spyware protection to prevent inappropriate pop-ups. The school used the Symantec WebNOT filter; however, it was not licensed for software updates and so did not block newly discovered pornographic websites.

Computer experts believe that spyware and malware programs hijacked the machine's browser so that it visited pornography sites without prompting and created the computer logs that helped convict Amero. According to the defense's expert witness, W. Herbert Horner, the defense at the first trial was not permitted to present prepared evidence in support of this theory. On March 6, 2007, a $2,400 advertisement appeared in the Hartford Courant signed by 28 computer science professors who said that they think that Amero could not have controlled the pornographic pop-ups. It was eventually discovered that the uncontrollable pop-ups were spawned by a Spyware program named NewDotNet which had been installed on October 14, 2004, 5 days prior to the alleged crime.

Norwich Police Detective Mark Lounsbury is the "computer forensics expert" who was used by the prosecution to help convict her. Lounsbury testified that he solely relied on ComputerCop Professional for his forensic analysis. By the company's own admission, the program is incapable of determining whether a site was visited intentionally or accidentally.

A paper in the 2007 Virus Bulletin Conference highlighted many other blunders. Amongst the most noteworthy, Detective Lounsbury stated in the trial that a red link proved that Amero had deliberately clicked on the link to visit a particular pornographic page. Huge blown up pictures were shown to the jury. In fact, forensic investigation showed that the link visited color for the browser was olive green. The link was colored red because there was a font tag on the page turning the link red. Further analysis of the cache on the machine and also of independent firewall logs showed that the page had never even been visited, let alone deliberately visited. Thus, one of the key pieces of prosecution evidence was actually completely technically incorrect.

An essay on the case by Nancy Willard (J.D.) at CSRIU describes Amero going for help when she was unable to prevent images popping up. At the original trial Detective Mark Lounsbury for the prosecution testified that the computer was never checked for the presence of malware. The case gained national attention when Alex Eckelberry, then president of Sunbelt Software, championed the case on his blog and led a team of forensic researchers to examine the trial testimony and the contents of the school computer's hard drive.