Internet

Posts filed under Internet

Network Solutions Dhimmitude

Filed in Politics, Religion, Social IssuesTags: Internet, War on Terror

Are you in need of web hosting services, but your web site may in some way violate the ever-so-fragile sensibilities of Muslims? If so, don't even think about using Network Solutions.

Dutch lawmaker and filmmaker Geert Wilders made this mistake when developing a website for his forthcoming Fitna movie, which he describes as a "last warning for the West." The movie is critical of the Koran - which means that the adherents to the "Religion of Peace", when not calling for his death and threatening worldwide retaliation, are actively pushing for the movie (and the website) to be censored.

Apparently, they have been successful in that censorship, since Dutch broadcasters have refused to air the movie, and Network Solutions, the company that provides Wilders' web hosting services, has suspended the website. The FitnaTheMovie web site currently has the following notice:

This site has been suspended while Network Solutions is investigating whether the site's content is in violation of the Network Solutions Acceptable Use Policy. Network Solutions has received a number of complaints regarding this site that are under investigation. For more information about Network Solutions Acceptable Use Policy visit the following URL: http://www.networksolutions.com/legal/aup.jsp

In case you're curious, the only potentially relevant section of that Acceptable Use Policy is the first clause under the "Prohibited Uses" section (emphasis added):

Transmission, distribution, uploading, posting or storage of any material in violation of any applicable law or regulation is prohibited. This includes, without limitation, material protected by copyright, trademark, trade secret or other intellectual property right used without proper authorization, and material that is obscene, defamatory, libelous, unlawful, harassing, abusive, threatening, harmful, vulgar, constitutes an illegal threat, violates export control laws, hate propaganda, fraudulent material or fraudulent activity, invasive of privacy or publicity rights, profane, indecent or otherwise objectionable material of any kind or nature. You may not transmit, distribute, or store material that contains a virus, "Trojan Horse," corrupted data, or any software or information to promote or utilize software or any of Network Solutions services to deliver unsolicited e-mail. You further agree not to transmit any material that encourages conduct that could constitute a criminal offense, gives rise to civil liability or otherwise violates any applicable local, state, national or international law or regulation.

One little catch, though: the web site, at the time of being suspended, had absolutely no content other than the words ""Geert Wilders presents Fitna, 23 March 2008."

Network Solutions, say hello to Dhimmitude, and say goodbye to business, because you're about to be mass-boycotted.

(H/T: LGF. More from Jihad Watch, Hot Air, Michelle Malkin, Kyros.)

P.S. Apparently, hoax sites and movie trailers are popping up, in an apparent signal-to-noise attack strategy to keep people from seeing the real thing. Don't be fooled. The real site is registered to Geert Wilder. This UK hoax site is registered to one Los Bol. These "trailer" videos on YouTube are also all either fakes or fanpics.

This just in, from Newsbleat: Network Solutions' actions are even more insidious. These coward Dhimmis are not merely doing the bidding of their Islamic overlords; they are also bought and paid for by terrorists. Network Solutions hosts the hizbollah.org website.

The MSM’s Photo Faux Pas

Filed in UncategorizedTags: Copyright, Fair Use, Internet, Media Bias, Photos

Imagine, if you will, a blogger who decides to focus his work on exposing the inaccuracy of the mainstream media's photojournalism. In order to do so, this blogger would need to post the photos to be discussed (be that discussion editorial, critical, or corrective in nature). Certainly, any rational person would understand that such action would constitute fair use of copyrighted works.

Such a blogger exists, and his blog is Snapped Shot.

The AP apparently disagreed with his fair use of their photos, and sent him a cease-and-desist letter. (The fair-use defense in this instance is pretty cut-and-dry. Snapped Shot has a run-down of the blogosphere's reaction, so there's no need for me to re-hash it all here.) After some consultation, Snapped Shot decided to comply rather than to place his family in jeopardy. After all, who can afford to fight the AP's legal department?

Here's the irony, though: the AP, who disputes Snapped Shot's fair-use right to their own copyrighted photos for the purpose of discussing the very photos themselves, apparently finds a fair-use right to others' copyrighted photos, even though the photos used were in no way related to the story (unless the AP can prove some link to a photo of a bikini-clad Ashley Alexandra Dupre in the Caribbean to a story about Eliot Spitzer's use of her call-girl services in New York).

Oh, but the irony gets even thicker: CNN is in on the copyright violations, too.

Hypocrisy: good for me, but not for thee.

Beware Sears Spyware

Filed in Social IssuesTags: Computers, Internet, Privacy, Technology

Slashdot posts about Sears installing spyware under the guise of the "My SHC Community" service. Instead of an innocuous service, users who agree to install the software get ComScore spyware, including a software proxy capable of tracking every transaction performed on the internet - from web sites visited, to login credentials, to emails.

More information from the CA Community Advisor Security Research Blog, which indicates that the spyware has been found on the sears.com and kmart.com websites.

If you see a pop-up window soliciting participation in "My SHC Community" do not pass go, do not collect $200, close the pop-up. Better yet, avoid doing business - if at all possible - with companies that would attempt to install spyware (especially companies that do so as deceptively as this).

Update: RIAA Still Completely Insane, Just Not Acting On It (Yet)

Filed in Social IssuesTags: Computers, Copyright, Fair Use, Internet, Music, Technology

Yesterday I wrote about an RIAA lawsuit against someone solely for ripping legally purchased music CDs. Engadget posted an update that the lawsuit is not for ripping CDs, but rather is one of RIAA's garden-variety MP3 distribution lawsuits. A commenter on their previous post linked to the summary judgement that states as much.

While I pointed out in the previous post that the RIAA still states its belief that ripping CDs - even for personal use - is a copyright violation, they (thus far) have yet to make that argument in court. Here is a key statement from the brief (pg. 6, lines 11-20 - emphasis added):

Howell also objects to liability on the grounds that he owns compact discs (“CDs”) containing the disputed sound recordings and that he “translated” them to his computer for personal use. In support of this argument, Howell attached photographs of CDs and cases to his Response. However, the question is not whether Howell owned legitimate copies of some of the sound recordings on CD, but instead whether he distributed copies of the recordings without authorization. Howell’s right to use for personal enjoyment copyrighted works on CDs he purchased does not confer a right to distribute those works to others without Plaintiffs’ authorization. 17 U.S.C. § 106(3). As he admitted that the sound recordings were “being shared by [his] Kazaa account,” Howell is liable for distributing them in violation of the recording companies’ exclusive right.

That said, given the RIAA's rumblings, don't b e surprised when they eventually sue someone merely for ripping legally purchased CDs.

I would also point out something that may prove to be the impetus for not only the downfall of the RIAA's war on consumers, but also for the application of current copyright law - and that is the application of current statutory damages for copyright infringement to MP3 distribution. Current law allows for damages from $750 to $30,000+ per infringed work.

Given that the going rate for an MP3 is on the order of $1 per song, awarding a statutory damage of even the minimum $750 per song is absolutely outrageous - especially considering that the lawsuit is a case of distribution-by-making-available claim. Here, the RIAA made no effort to prove any actual distribution, but only that the defendant violated laws against distribution of copyrighted work merely by making it available in a publicly accessible, "shared" folder.

Clearly, the RIAA here cannot show anything close to $750 per song in actual damages - and even if the award is considered punitive rather than statutory, the punishment far outweighs the crime. The RIAA's continual pursuit of these statutory damage awards will not only result in a consumer revolt, but may actually lead to public outcry for a revision of the copyright law in question.

Of course, music labels - and thus, the RIAA - are on the verge of going the way of the dinosaur. More artists will produce and distribute their works independently, cutting out the middlemen represented by the RIAA.

IMO, it can't happen soon enough.

Facebook, Beacon, and Privacy Rights

Filed in Social IssuesTags: Internet, Privacy, Technology

Recently, social networking site Facebook has undergone intense scrutiny and backlash for the implementation of its third-party advertising system called Beacon.

For those unaware of the Beacon application, here's a brief primer. Beacon is a JavaScript application used by third-party web sites (such as epicurious, travelocity, blockbuster, etc.) in conjunction with Facebook. The third-party website implements JavaScript code that sends certain data to Facebook. These data may include movies rented at Blockbuster, recipes searched at epicurious, or travel plans booked on travelocity. The websites send these data to Facebook, and if the user of the third-party website can be identified as a Facebook user, the data are published in that user's update feed.

Without re-hashing the explanations given elsewhere, see here for more technical details of the application. Others have listed the third-party websites that have implemented Beacon.

You may be asking yourself why you should care; well, here's why: these third-party websites are sending your personally identifiable user data to Facebook - whether or not you are a Facebook member (as is demonstrated by the previous link explaining the technical details).

It appears that much of the scrutiny has been on Facebook's implementation of the application, and the site's publishing of user-identifiable data. That scrutiny was much-deserved, and Facebook has made significant changes both to the implementation of Beacon and to their privacy policy. In fact, Facebook users can now opt-out of the application entirely - at least on the Facebook side.

However, it appears to me that a lot of heat has been placed on Facebook, and not enough on the third-party websites. While it is somewhat more comforting to know that Facebook will not publish user-identifiable information without my approval, the fact remains that all those data are still sent from the third-party websites to Facebook. If those data are tied to a user who has opted out of the application, Facebook has simply indicated that it will discard, not save, and not publish those data.

While I think Facebook has handled the implementation of Beacon poorly, I have a far greater problem with the third-party websites, who have implemented the Beacon application without any notice to or prior approval from its users. (In fact, one lawyer has speculated that Blockbuster is in clear violation of a law that prohibits the release of movie rental data.)

Facebook would certainly be in the wrong for publishing such data without user permission; however, the third-party websites that gather and send those data to Facebook have committed a far more egregious wrong. Sending to a third party data about my purchases and other activities without my permission has to be a clear violation of any worthwhile privacy policy.

Personally, I don't have a problem with the Beacon application; I only oppose its current implementation. Websites should be free to implement the application, but it should be done openly, and in an opt-in manner. If BrandNameWebsite wants to implement Beagle, and send data about my purchases to Facebook, it should give prior notice to its users, update its privacy policy, and require users to opt-in to having their data collected and sent.

Fortunately, you have options to control your experience with the Beagle application. As mentioned previously, you can opt-out entirely on the Facebook side. You can also use various browser plug-ins to notify you of websites using the Beagle application and to block the application altogether. (Websites that use the application put a few lines of JavaScript code into their website. That code makes a remote call to a known directory on the Facebook website. The plugins work by detecting and/or blocking the URL for the JavaScript code on the Facebook website.)

Sitemeter: Scandalous Site Statistics Systems

Filed in Web DevelopmentTags: Internet, Web Site

When I made my first web page, well over ten years ago, site statistics-gathering was limited to a very basic pageload counter (want to see "You are number 100 to visit this page"? Load the page and refresh 99 times; see also: how a college nerd spends his free time).

Now, however, site statistics-gathering has become much more sophisticated and elaborate. I have used SiteMeter for years to track my site's statistics, and I am able to know, for example, what search-engine search strings lead people to my web site, the entry and exit pages, duration of a visit, and what link a visitor clicks to leave my web site.

Unfortunately, it has come to my attention that SiteMeter is now pushing spyware browser cookies (specifically, the specificclick.net and variant tracking cookies) on unsuspecting visitors to members' web sites.

Therefore, I will be in the process of phasing out sitemeter, and in its place I am experimenting with both StatCounter and Google Analytics.

Bloggers are furious, and by all accounts are leaving sitemeter in droves. For the sitemeter-specificclick.net saga, see Eric Odom's coverage here, here, here, and here. See also Debbie's Blatherings, Progressive Gold, Phantom Scribbler, NetWizard (with follow-up), Small But Disorganized, and Geek News Central.

Thus far, SiteMeter's response has been one of damage control and implicit confession of the change, under the guise of a "feature" being passed on to SiteMeter member websites. To date, no response has been forthcoming on the company's official blog, but several email responses and blog comments have surfaced. The following is representative:

To be clear, SiteMeter fully vets out all potential 3rd parties that we work with to make sure that they are reputable companies that are completely above board and are industry leaders. In keeping with this, we did extensive due diligence on Specific Media and found them to be a trustworthy and reputable company. In fact, Specific Media is a board member of the Network Advertising Initiative (NAI) (one of 10 companies) which is tasked with the protection of consumer privacy on the Internet and related legislative issues. We found that Specific Media’s technology completely protects consumer privacy and also allows users to permanently opt out of the cookie if they so choose to do so via the NAI website, which was a big factor in us choosing Specific Media. In addition, many of the Internet’s biggest web publishers utilize Specific Media’s technology including Foxnews, CBS, NBC and Time.com. These companies utilize this technology in the same way that we are using it, to provide useful information about the users who visit their websites so that they can create relevant content on their websites. The only difference is that SiteMeter, which is primarily a free service, has licensed the technology and are passing it onto our customers.

The specificclick.net cookie is being inaccurately characterized as Spyware, as it is only a cookie and does NOT install any software. The specificclick.net cookie is NOT spyware. The specificclick.net cookie performs no such activities that can be construed as spyware. We cannot control the fact that anti-spyware software companies incorrectly mark cookies as spyware. However, the specificclick.net cookie IS a cookie that enables SiteMeter to accurately provide true unique user counts, user demographics, content interests, heat mapping and other useful information about your website’s visitors, see a full list here.

SiteMeter is a community driven company and we would never do anything that would compromise the integrity of our customers or their users’ privacy. All of our customers can opt out by requesting that we move them to a separate server that does not include the specificclick.net cookie or you can simply begin using the HTML version of our code which does not include the specificclick.net cookie. We have also posted a survey on our homepage where customers can vote if they think this type of information is useful. As previously stated, we are a community driven company, the SiteMeter community is what drives our innovation and development. We feel that this information will help our customers attract more users to their site and keep them engaged in relevant content offerings. If our customers vote on the site that they do not think that certain information is useful, then we will not provide that information.

We hope that clearly defines our use of the specificclick.net cookie and that SiteMeter has in no way sold out to Spyware, nor would we engage in any such activities. We are strictly committed to providing the best service to possible to our customers. We hope that this will help earn your trust and that we may be able to have you as a customer again.

Thus, sitemeter's response/defense is two-fold: 1) we're not doing anything wrong, because a third-party tracking cookie isn't "spyware" and doesn't compromise privacy, and 2) it's okay to use a tracking cookie because big-name websites use them and because we are providing a service/feature to our members. The former point uses semantics to avoid the issue, and the latter point is almost Orwellian in its spin.

First, on sitemeter's assertion that the specificclick.net cookie is not spyware:

The specificclick.net cookie is being inaccurately characterized as Spyware, as it is only a cookie and does NOT install any software. The specificclick.net cookie is NOT spyware. The specificclick.net cookie performs no such activities that can be construed as spyware.

This argument is purely semantic. According to strict definition, "spyware" refers to installed applications on one's computer, while a "cookie" is a snippet of HTML code contained in a web page served to a browser. Regardless, when the cookie in question is a third-party tracking cookie, the purpose of both spyware and the cookie is indistinguishable - to collect information about the user in question, to report that information, and to do so without disclosing its activity.

While third-party tracking cookies may not meet the strict definition of spyware, nevertheless, their purpose is considered to be an invasion of privacy equal to that of spyware. In the Web 2.0 website-as-application world of today, the argument that a tracking cookie doesn't meet the strict definition of "spyware" becomes ever weaker as the line between website and installed application becomes blurred almost to the point of imperceptibility.

On the company's assertion that their use of the specificclick.net cookie doesn't compromise security, sitemeter is on shaky ground at best with this claim. True, their use of the cookie conforms with their own privacy policy in that the cookie doesn't collect any personally identifiable information, as defined by that policy:

Site Meter may from time to time also authorize and facilitate the use of cookies from trusted third party business partners to gather and aggregate additional, anonymous, and non-Personal Information data from general internet visitors for the purpose of providing our customers with additional information about their viewing audience.

I challenge this assertion on at least two counts: 1) the nature of the information gathered by the specificclick cookie can be considered personal information, and 2) sitemeter cannot guarantee or ensure that such information cannot be correlated with truly personally identifiable information; therefore, this information cannot be guaranteed to be anonymous.

Sitemeter details what information is collected by this cookie when the company touts what information will be available to members due to use of the cookie. This information includes (but is not necessarily limited to) demographic information and information about visitors' interests. (Note that Specific Media advertises that it provides - or will soon provide - such information as age/gender/income/education demographic information, behavioral information, and country/state/DMA/city/ZIP geographic information. Many - if not most - people would consider such information to be personal, even if, without correlating information, it is not explicitly "personally identifiable."

First-party cookies can gather quite a bit of information; however, this information is limited to what is gathered/used on the site in question. It cannot be correlated with a visitor's other information gathered/used on a different web site. Therefore, the user in question has a reasonable expectation that he will remain as anonymous on any given web site as the information explicitly given to that site.

However, with third-party cookies, the same user has no such expectation of anonymity. Since multiple web sites can use the same cookie, the information gathered by that cookie on one web site can be correlated with the information gathered by that cookie on a different web site. This information can all be maintained in a database, resulting in a complete loss of anonymity across all sites. Consider the "big name" web sites using the specificclick cookie, indicated in sitemeter's response above:

In addition, many of the Internet’s biggest web publishers utilize Specific Media’s technology including Foxnews, CBS, NBC and Time.com.

Note that most/all of these web sites utilize some form of registration process that gathers a great deal of demographic and personally identifying information (including name, address, phone number, etc.), and realize that every site that you visit that uses this cookie now potentially has access to this information.

Therefore, sitemeter implicitly violates its own privacy policy, since it cannot ensure that it does not gather or use information about web site visitors that is not anonymous and non-personal.

On sitemeter's latter contention that the use of the specificclick cookie is an added "feature" for members:

These companies utilize this technology in the same way that we are using it, to provide useful information about the users who visit their websites so that they can create relevant content on their websites. The only difference is that SiteMeter, which is primarily a free service, has licensed the technology and are passing it onto our customers.

Instituting the use of a third-party tracking cookie on my web site and without my knowledge or consent, thereby making me an unwitting accomplice in the invasion of the privacy of visitors to my web site, is not something I consider a "feature" or an "added benefit" to my use of the sitemeter service. If this addition were such a beneficial added feature, why were sitemeter members not made aware of the specific nature of this "feature" prior to its implementation? Why is any reference to Specific Media in particular, or third-party tracking cookies in general, conspicuously absent from the sitemeter blog, privacy policy, and general correspondence with the company's users?

I do not buy sitemeter's justification for the use of third-party tracking cookies, and I cannot in good conscience partner with a company with either such a lack of understanding of the issues of internet security and privacy, or else such a lack of respect for the privacy rights of visitors to my web site and also such disregard for the trust relationship between those visitors and me.

The change will mean a loss of two years' worth of statistical information on the web site, but it will also mean that I will no longer be an unwitting pawn in the invastion of my site visitors' privacy.

Thanks, Richard from GoStats, for your clarifying email. P.S. - to the GoStats people who are comment-spamming every other sitemeter-related blog post in the 'sphere: please refrain from doing so here. This post is not an open invitation for you to advertise, especially when doing so under the surreptitious guise of a non-affiliated blogger/commenter. Thanks.

Julie Amero Update

Filed in Social IssuesTags: Computers, Education, Internet, Technology

An update on the miscarriage of justice in the Julie Amero case, about which I previously wrote:

PC World's Steve Bass reports on responses he received from both a juror in the trial, and also from the detective in the case against Julie Amero. Both responses only further prove the gross injustice in Amero's arrest, trial, and conviction.

First, the juror. Bass does a decent job fisking the juror's email, and the comment thread further rebuts the juror. Here are the words of the anonymous juror, who identifies himself only as ConnYankee1951 [Bass' comments interspersed]:

I was on the jury and yes we did find her guilty.

But everything seems to be misquoted by the papers and reporters envolved [sic]. The bottom line was that it didn't make a difference who or how the porn sites showed up on the computer.

The fact that a teacher in a public scol [sic] system did absolutly [sic] nothing to keep it away from the children is what was wrong. Yes we were told that she was given no permissions to turn off the computer, she also said she was not allowed to use any other school equipment.

Bass' comments: According to the trial transcript, Amero testified that she made every attempt to keep the children from seeing the images. In fact, a number of children at the trial testified that she had attempted to block them from seeing the screen. Also, another substitute teacher testified that Julie had asked for help in the teachers lounge.

If a 40 year old school teacher does not have the sense to turn off or is not smart enough to figure it out, would you or any other person wanting her teaching your child or grandchild?

Bass' comments: At the trial Amero testified that she didn’t, in fact, know how to turn a computer on or off.

The juror states: "The bottom line was that it didn't make a difference who or how the porn sites showed up on the computer." Curious statement, that. Let's explore it in more depth, shall we?

First, we need to understand the statute of which Amero was convicted. The germane clause in the statute is as follows:

(a) Any person who (1) wilfully or unlawfully causes or permits any child under the age of sixteen years to be placed in such a situation that the life or limb of such child is endangered, the health of such child is likely to be injured or the morals of such child are likely to be impaired, or does any act likely to impair the health or morals of any such child

The previously linked blog also quotes the jury instruction that accompanies the "risk of injury to a minor" charge:

To find the defendant guilty of wilfully or unlawfully causing or permitting any child under sixteen years to be placed in such a situation that the life or limb of such child is endangered, the health of such child is likely to be injured or the morals of such child are likely to be impaired, the state must prove the following elements beyond a reasonable doubt: (1) that at the time of the incident, the alleged victim was under the age of sixteen years; and (2) that the defendant wilfully or unlawfully caused or permitted the victim to be placed in a situation that endangered the child's life or limb, or was likely to injure his health or impair his morals.

The conduct to be punished must involve a child under the age of sixteen years. The statute also requires wilfulness or unlawfulness in causing or permitting the child to be placed in a situation that his life or limb is endangered, or his health is likely to be injured, or his morals are likely to be impaired. This is the conduct of a person that is deliberately indifferent to, acquiesces in, or creates a situation inimical to the child's moral or physical welfare.

''Wilfully'' means intentionally or deliberately. ''Unlawfully'' means without legal right or justification. Causing or permitting a situation to arise within the meaning of this statute requires conduct on the part of the defendant that brings about or permits that situation to arise when the defendant had such control or right of control over the child that the defendant might have reasonably prevented it.

I am not a lawyer, nor do I play one on tv (nor on my blog). However, the statue and jury instruction seem pretty clear to any reasonably intelligent reader. The entire case rests upon the prosecution's ability to fulfill the burden of proof "that the defendant wilfully or unlawfully caused or permitted the victim to be placed in a situation that endangered the child's life or limb, or was likely to injure his health or impair his morals."

In order for conviction, the prosecution must have proved that Amero 1) intentionally navigated to the illicit web sites in question, and/or 2) did not prevent the students from viewing the illicit images in question. Thus, the juror's statement that the manner in which the images appeared on the computer did not ultimately matter is demonstrably incorrect.

According to both the juror's own statements (following below) and known facts surrounding the trial, the prosecution based their case around - and the jury convicted upon - in part the former allegation. That Amero allegedly navigated to the web sites in question appears to have been a key point in demonstrating her intent (or mens rea). Proving this allegation is critical to proving that Amero was responsible for willfully or unlawfully placing the students in a situation that would impair their morals. The prosecution clearly made the case (and the jury apparently believed) that Amero intentionally navigated to the illicit web sites. If the prosecution's case rested merely on the latter allegation, then the questions of browser history, pop-ups, javascripts, and links would never have arisen, as they would not have mattered.

I will address the allegation itself below, with the juror's comments concerning the prosecution's evidence attempting to prove it.

Back to the juror:

If you and your wife were watching an xxx rated movie the you put into the dvd player, you powered it up and you hit play, then went into the other room for a snack and your child or grandchild entered the room would you expect your wife to stop the dvd or just let it play because she didn't start it. No you would be upset as all get out.

Even giving Julie the benefit of doubt, not knowing enough about a computer to be able to turn it off. Some paper and tape would have covered the screen or a coat or sweater, it was October after all.

First, the juror's analogy does not apply; the premise is entirely different. That said, let's explore his argument: illicit material was on display on the computer's monitor, and Amero did not take appropriate action to prevent the students from viewing it.

If we ignore the former allegation (that Amero created the situation by navigating to the illicit web sites), then no basis exists to claim that Amero's actions were willful or deliberate. Thus, in order to prove that Amero was guilty of "conduct of a person that is deliberately indifferent to, acquiesces in, or creates a situation inimical to the child's moral or physical welfare", the prosecution had to prove that her actions were unlawful. In other words, the prosecution had to prove that Amero, without legal right or justification, permitted a "situation to arise when the defendant had such control or right of control over the child that the defendant might have reasonably prevented it."

First, the prosecution had to prove that Amero had no legal right or justification for her actions. Second, the prosecution had to prove that Amero did not exercise rightful control over the children to prevent the situation.

On the first point, even the juror conceded that Amero had potential legal justification for her actions: her lack of expertise with computers, and her instruction not to turn off the computer. Again, I am no lawyer, but I question the legal precedent of the "paper and tape or sweater or coat" argument with respect to what Amero could have done and what she was legally compelled to have done. Let us recap Amero's actions in response to the situation:

  • Amero attempted to block students' view of the screen, and to push students' faces away from the monitor.
  • Amero attempted to close the pop-up windows that were displaying the illicit images.
  • Amero sought out assistance from another teacher (and was refused help).

Amero clearly and demonstrably attempted to resolve the situation. To claim that Amero was criminally responsible for the situation, as defined by the statute in question, because she did not think to resolve the situation by the entirely arbitrary means of "paper and scissors", "a sweater", or "a coat" seems to me to be incredibly specious.

On the second point, it appears that the prosecution attempted to prove that Amero did not exercise rightful control over the computer - but according to the statute, the burden of proof exists to demonstrate that the defendant did not exercise rightful control over the students. According to the statutes, what Amero did with respect to the computer has, at best, only indirect relevance to what Amero did with respect to the children in exercising her rightful control over the children in order to prevent the situation.

In other words, it is mostly irrelevant that Amero didn't unplug or turn off the computer, or cover the monitor, because such actions do not represent exercise or failure in exercise of rightful control over the students. To the contrary, Amero's actions demonstrated that she made a reasonable effort to exercise her rightful control over the students (see the list above). Further, note that, as a substitute teacher, Amero had considerably less "rightful control" over the students than a regular teacher would have had.

Speaking of "rightful control" over the students, why was the school's IT administrator not held accountable on the same charge? We know that the computer's web-site filtering software was out-of-date at the time the incident occurred. Clearly, the IT administrator was negligent in exercising his rightful control over the students, by allowing the filtering software to become outdated, thus allowing school computers to be used to navigate to illicit web sites. Also, the IT administrator did not maintain the security robustness of the school's computers: the computer had no firewall, its antivirus software was outdated, and the computer was infested with various forms of malware. This negligence is undoubtedly more egregious than anything Julie Amero did or could have done on the morning in question.

On this point, the school board continues to give the appearance of using Amero as a scapegoat for the school's own negligence. Commenting on the trial, current Norwich superintendent Pam Aubin has said, "this wasn't a computer out of control. People are complicating this too much. [Amero] had a responsibility to teach the students. That didn't happen." This blog post also quotes the superintendent at the time of the incident:

Michael J. Frechette, the Norwich superintendent at the time of Amero's arrest, said this was simply a teacher with pornography. "We were just reacting to the facts."

Clearly, either the school administration didn't know "the facts", or else they know the facts and are choosing to deny them. First, a computer openly exposed to the internet, with no firewall, outdated antivirus, outdated filtering software, and that is malware-infested is, by definition, "out of control". Second, Amero was not on trial for abdicating her "responsibility to teach the students." This statement is completely irrelevant. Third, no evidence yet exists that Amero had anything to do with the illicit web sites or images, other than trying to get them off the computer screen and trying to prevent the students from seeing them.

Back to the juror, here is his conclusion:

Finally she was pronounced guilty because she made no effort to hide or stop the porno, not just because she loaded the porno onto the machine. Going to the history pages it was obvious that the paged [sic] were clicked on they were not the result of pop-ups.

Bass' comments: Actually, the defense expert at the trial testified that the sites visited were from pop-ups.

Each web page visited showed where links were clicked on and followed to other pages. Pop ups go to sites without change lnk colors, as in used links.

Bass' comments: That’s incorrect. Pop-ups show as a changed type color, just like a normal site visit.

These statements by the juror proves exactly why this trial was a miscarriage of justice. Anyone with any knowledge whatsoever of the internet and web browsers knows that these statements are patently false. Browser history pages cannot differentiate between URIs to which the browser navigates via a mouse click and those navigated via javascript (e.g. a pop-up window). Also, all links to cached (visited) URIs will show as "visited", regardless of whether the URI was cached in the browser history due to a mouse click on a link or a javascript (pop-up window) command.

That a woman was convicted of a felony and faces up to 40 years of jail time because of such flimsy and outright false evidence of her guilt is an egregious injustice. I cannot fathom how this verdict doesn't get overturned on appeal. This trial was a complete farce, and the juror who responded above proved himself entirely ignorant of such computer technology as would be required to assess the evidence in the case, and completely incompetent to act as a juror in the trial.

Having addressed the juror's response, let's turn to this response from Detective Mark Lounsbury, the crime prevention officer with the Norwich Police Department:

Dear Mr. Bass, Unfortunately the truth in this matter is yet to be told to all those who were not located in the courtroom during the trial. Those in the courtroom saw and heard the truth. Once sentencing is done the truth CAN BE presented to the world IF they want it. I'm thinking the world doesn't want to hear the truth. IGNORANCE IS BLISS. The lies are exciting, bringing up STRONG emotions. OMG, that poor person, victimized by the Evil Government and its minions.

It continues to amaze me how people can base their opinion on what is fed to them. Did anyone ask the Expert for the evidence he recovered which would support his claims? The "curlyhairstye script", those pornographic googlesyndication.com generated pop ups? BUNK also known as errors of commission. Would you like to know the truth? Once sentencing is over I'd be more than happy to let you see the source code, scripts, etc.

I've received allot [sic] of calls and emails regarding this. All from people interested only in TELLING me their opinions or TELLING me they're going to get me. Not once has anyone called or written me to ASK me a question. They apparently have what they want. I work hard every day for the victims of crime. I search for the truth not for me but for them. If what the newspaper reported about my testimony was my actual testimony, taken in context, don't you think there would have been some consequences, a rebuttal, something. Feel free to write if you wish.

With respect to Shakespeare, the detective protests too much, methinks. I find it highly ironic that he is apparently attempting to claim that he is the victim, when Julie Amero is the one facing 40 years in prison, because of his erroneous testimony. As for his testimony, rebuttal testimony by the defense's (bona fide) computer expert was not entered, because the prosecution blocked its admission; therefore, the detective's testimony was the only (so-called) "expert" testimony in the trial (to my knowledge).

Of course, Bass replied with several questions, and got this response:

Dear Mr. Bass, Once the sentencing phase for this case is done I can answer all your questions. I have all the information you seek. My opinion is not important but I am fleshing out a theory concerning site blocking software which was in place and how to circumvent it. I can provide you w/ the source code showing all the .htm and javascripting for each web page, images from those pages, date/time of creation, MD5 hashes, etc. I will contact you after sentencing. Thank you

While I am willing to reserve final judgment until all facts in the trial are revealed following the upcoming sentencing, I highly doubt that any salient facts will emerge that would change my opinion about the trial. Though, I'm extremely interested in Lounsbury's supposed "evidence" to support his testimony - evidence not yet publicly known.

I'm especially curious about the "theory" that he is fleshing out "concerning site blocking software...and how to circumvent it". I do hope that theory includes how a woman who was so computer-illiterate that she could barely read email and couldn't turn a computer on or off would implement such a site-blocking software circumvention. Do, tell, detective!

Other coverage: Nationwide awareness of Julie Amero injustice grows

Coverage of the Julie Amero Case:

Substitute Incrimination and Computer Injustice
Julie Amero Update

Substitute Incrimination and Computer Injustice

Filed in Social IssuesTags: Computers, Education, Internet, Technology

The other day I read this article on PC World about Julie Amero, a substitute teacher convicted for exposing students to pornographic material on the computer of the teacher for whom she was substituting. In summary:

The story is short: On October, 19, 2004, Amero was a substitute teacher for a seventh-grade language class at Kelly Middle School. A few students were crowded around a PC; some were giggling. She investigated and saw the kids looking at a barrage of graphic, hard-core pornographic pop-ups.

(Follow-up stories here, here, and here, with local newspaper coverage here, here, and here.) The prosecution alleged that Amero had used the computer to visit adult web sites, while the defense countered that the computer was already infested with various malware programs that caused the illicit pop-ups. The analysis of the case is drastically different, depending upon which story is true.

The prosecution alleged that Amero intentionally visited various adult web sites, but this report by the defense's expert computer witness refutes that claim. This expert was prepared to re-enact the events in the classroom with a clean laptop in the courtroom, but the prosecution objected to this defense, and the judge did not allow it. (And from the conclusion of the report, it appears that the judge also did not even allow the expert to present the results of his forensic examination of the computer.

This whole story appears to be a case of 1) the school using the substitute teacher as a scapegoat for its own failure to ensure the security of its students and its computer resources, and 2) the prosecutor, judge, and jury acting from a position of complete computer/internet illiteracy.

The computer in question was running Windows 98 and Internet Explorer 5, with no firewall, was infested with malware, and had outdated anti-virus signatures (according to an op-ed piece written by Alex Eckelberry). Thus, the first entity responsible for the incident is the school administration, for not having and/or following a procedure or policy for computer administration that would include ensuring that computers are protected against malware, and that antivirus signatures are maintained. In fact, the school admitted that their blacklist filter was not kept current during the time in question.

Also, school computers were allowed to be used for personal internet use, with only a blacklist filter in place. As this blog points out, this policy is a recipe for potential disaster, since blacklist filters that are not kept current are easily bypassed, and many malicious or illicit web sites intentionally use a practice called typosquatting (using typographic-error URLs in order to lure visitors who intend to go to one website but are instead directed somewhere else due to an incorrectly spelled URL - think "google" vs. "goggle").

The prosecution alleged two things: one, that Amero intentionally visited the web sites that served the illicit images, and two, that Amero did not prevent the students from continuing to see the images by immediately turning off the computer.

The forensic evidence (which was not allowed to be presented) clearly proved that the illicit images came to the computer through clicks on what was ostensibly a hair-style web site, and were of a size consistent with pop-up ads, not intentional image downloads. This evidence proves that the computer experienced what is known as a "pop-up storm" - something with which anyone who has used a computer with software older than Internet Explorer 6 running on Windows XP Service Pack 2 (or better) is experienced. Further - and worse - the police software used to examine the computer (ComputerCOP Pro) cannot differentiate between an explicit click and a script-generated window-open. The prosecution proved that the computer made a connection to an illicit web site, but had no means whatsoever, using the police software, to prove how the site was accessed.

Also, while some hold the assertion as fact), it does not appear that the prosecution proved (or even attempted to prove) that Amero herself, and not a student or students, was operating the computer at the time that the sites in question were visited. Given that the computers internet history cache shows that kid-centric websites such as crayola and hair-styling sites were visited, the prosecution's first argument appears to be unproven at best, and specious at worst.

The prosecution (and others) assert that Amero should have shut down the computer. This assertion makes some assumptions, namely that Amero was expert enough to know what was happening to the computer, and that Amero had the authority to remedy the situation by shutting down the computer. The prosecution proved neither. At the beginning of the day, the permanent class teacher logged onto the computer for Amero, giving explicit instructions not to log off from or shut off the computer. So, to shut down the computer - as the prosecution contended Amero should have done - would have been a direct violation of the teacher's instruction not to do so.

Also, when the incident occurred, Amero attempted to get rid of the popups by closing each popup window. Anyone with any experience with popup storms knows that this action will only invite further popup windows, usually at a rate beyond what is possible to keep up with. Amero, who is by no means a computer expert, did make a good-faith effort to get rid of the illicit images and to prevent the students from viewing them. She even asked for help from the school administration - help that, over the course of the school day, never came. So, the prosecution's second argument is an unproven claim based on an untrue assertion of the proper course of action in the incident.

In short, students - not Amero - were using the computer when the popup storm happened, the popups were generated by a script on a non-pornographic website, and Amero did try to prevent the students from viewing the images.

Worse than the prosecution's ridiculous case, is that nobody involved in the case (except the defense's expert, who was not allowed to present anything near his full testimony) has anything even resembling sufficient computer/internet literacy or expertise: the school board, the police, the prosecution, the defense attorney, the judge, the jury, or the defendant.

Perhaps I should exclude the school board; it is more likely that the board needed someone to take the fall for the incident, and chose Amero. Parents were outraged over their children being exposed to illicit images at school, and the board was forced to act. This action, of course, came after the vice principal initially told Amero not to worry at the end of the school day in question, when she went to the office for at least the second time that day, to report the incident. The first time she reported it, she was promised help, but nobody ever came to provide the promised help. If Amero's actions had been sufficiently criminal to warrant her arrest, why did the school not call the police at the time of the incident?

The police who investigated the case didn't even search for spyware on the computer, and the police investigator testified in the trial that an image coming from a given web site proves that someone had to intentionally go to that web site in order to see the image. This assertion is patently untrue. The defense's expert witness had evidence that the illicit images came first through a malware javascript link on ostensibly innocuous hair style web site. Both Amero and the students testified that the images were on popup windows, not a website proper.

Even to pursue this case proves the prosecution's lack of computer expertise. The defense attorney admitted to Alex Eckelberry that he had no computer expertise. This fact alone should be enough for an appeal - if not an outright mistrial. The judge upheld the prosecution's objection of perfectly reasonable defense testimony, was reportedly falling asleep during trial, and reportedly gave instructions to the jury for an expedited completion of the trial. The jury clearly had insufficient computer expertise, and were reportedly violating sequestering rules by discussing the case outside the courtroom. Amero's lack of computer expertise has already been addressed.

This case was a trial that should not have taken place, carried out by a judge, jury, and attorneys who should not have been involved, regarding a criminal charge that should not have been filed, against a completely innocent victim.

More commentary: ComputerWorld's Preston Gralla initially lauds the conviction. Alex Eckelberry refutes his opinion, after wich Gralla issues a mea culpa, and Eckelberry praises the change-of-opinion. Eckelberry also links to an AlterNet story about the case, as well as a Digg comment storm.

If you want to help, go to this website set up by Julie Amero's husband for information on the case and defense fund contributions.

Coverage of the Julie Amero Case:

Substitute Incrimination and Computer Injustice
Julie Amero Update

Blogrolling.com Down

Filed in MiscellaneousTags: Internet, Web Site

It appears that Blogrolling.com is down, which means that several third-party blogroll scripts are failing to load. The following blogroll scripts have been temporarily disabled:

  • One Year Bible
  • Alliance of Free Blogs
  • Blogs 4 Bush
  • Condi Blogs
  • Christian Bloggers

I apologize for the inconvenience.

Update: Blogrolling appears to be working again, so the blog rolls have been re-enabled.

Testing Zoomr

Filed in Web DevelopmentTags: Cats, Internet, Pets, Photos, Web Site
Princess 004Princess 004 Hosted on Zooomr

And, yes, this is a shameless attempt to get a free Zoomr Pro account (Hat Tip: Obvious Ideas)