Slashdot Mirror
Kiddie Porn - The Virus Did It
The New York Times reports on a British man who was accused of downloading child pornography, and who successfully convinced the court that a virus did it. This is at least the second time this has happened. These cases are extremely interesting since they bring together all sorts of issues of computerized agents - who is actually responsible when your computer does something?
One evening late in 2001, Julian Green's 7-year-old daughter came upstairs from the computer room of their house in the resort town of Torquay, in western England, and said, "The home page has changed, and it's something not very nice."
When Green checked the family PC, he found that it seemed almost possessed. The Internet home page had been switched so that the computer displayed a child pornography site when the browser software started up. Even if he turned the computer off, it would turn itself back on and dial the Internet on its own.
Green called the manufacturer and followed instructions to return his PC to a G-rated condition. The porn went away, but the computer still often crashed and kept connecting to the Internet even when "there was no one in the blinking house," he said.
But Green's problems were only beginning. Last October, police knocked on his door, searched his house and seized his computer. They found no sign of pornography in his house but discovered 172 images of child porn on the computer's hard drive. They arrested Green.
This month, Green was acquitted in Exeter Crown Court after arguing that the material had been gathered without his knowledge by a rogue program created by hackers -- a so-called Trojan horse -- that had infected his PC, probably during innocent Internet surfing. Green, 45, is one of the first people to use this defense successfully.
While a case that played out in the British legal system sets no precedent in the United States, legal experts say the technical issues raise two troubling possibilities. For one, actual child pornographers could arm themselves with a new alibi that would be difficult to disprove. Or, unknowing Web surfers could find themselves charged with possessing illegal material that a lurking software program has acquired.
"The scary thing is not that the defense might work," said Mark Rasch, a former federal computer crime prosecutor. "The scary thing is that the defense might be right," and that hijacked computers could be turned to an illegal purpose without the owner's knowledge or consent.
"The nightmare scenario," Rasch said, "is somebody might go to jail for something he didn't do because he was set up."
Green was eventually exonerated, and he said he had no clue how the rogue software showed up on his computer. "I never download anything, and as far as I knew, no others had," he said.
When his solicitor, Chris Bittlestone, hired a computer security consultant to examine the PC, nearly a dozen Trojan horse programs showed up on the hard drive.
"When the report came in, it was very much what you would call a eureka moment," Bittlestone said. But Green took the news differently.
"He was very quiet and said, 'See? I told you,' " Bittlestone recalled.
"There's some little sicko out there who's doing this," Green said, "and he's ruined my life. I've got to fight to get everything back."
Green's case could point the way to a new defense in U.S. courts , said Andrew Grosso, a lawyer and former federal prosecutor. The presence of a Trojan could mean that the computer is "not entirely under your control," he said, and a defendant could "legitimately point a finger elsewhere."
I would think that whoever caused the computer to act would be ultimatly responsable. If that someone wrote the OS with malicious code, then whoever wrote the OS. If that someone was a malicious remote user, than the remote user, and if that someone is the PC's owner, then the owner.
The trick is prooving who caused the effect. It's not as simple as prooving who was behind the wheel of a car.
Touch everywhere, even when inappropriate.
who is actually responsible when your computer does something?
If it's passively, this could either be the user's or the software architect's fault (if some OS's security hole allow one to get into trouble).
This could also be due to the ISP's neglect.
if it's actively, the answer should be the same but now, the problem is that we (as in "the consumers") would have to argue about this against some ISP's or worse, against a software editor's lawyer, in which case, we don't weight enough not to be in trouble.
concerning the present situation, I'd be somehow concerned if I learnt that like my ISP, my OS was actually logging whichever off my actions in order to prove the Law how bad I am actually behaving...
Trolling using another account since 2005.
Many of the common adult newsgroups are polluted by paedophile images sent by hard-core porn sites. It's a serious problem because it means that the majority of newsnet-carrying ISPs and servers are actually carrying large amounts of kiddie porn.
Roughly twenty years ago it was hyperbole for the Dead Kennedys to "sing" about things like this. I forgot which song it was, and you have to remember the culture was more conservative in some ways twenty-odd years ago, but the words went like this:
Pissed at your neighbor?
Don't bother to nag.
Pick up the phone.
Turn in a fag.
Well add about a million times as many transistors and just a little bit extra effort on the part of the spiteful neighbor, and change the setup, and bingo--instant permanent damage to the private citizen you hate, for whatever reason!
Do not be stupid. Of course it is a valid defence.
Most viruses do not need an unsecure os, just a clueless person. Of course I do not think it was
a virus, but *if* it was a virus, then of course it would be an excuse.
Joe Average is an easy victim for the countless malicious trojans floating around. Visiting a straight porn site is no crime. Being deceived by messages like "Install browser enhancement (OK/Cancel)" is no crime. I have removed countless porn-related trojans from friends' PC's. If someone wants to put kiddie porn on unsuspecting victims' computers, this is no hard task. Removing a trojan when your anti virus software detects it would be the sensible thing to do. If the trojan has downloaded contraband to your PC, it will still be there, but you have removed the proof that you didn't dowload this intentionally. I would say proving intentional downloading of child porn should be pretty hard.
"And you are dying so slowly, you believe to be living" - Bertrand Besigye
Sure kiddie porn is awful, but the right to privacy should not be eroded even if few people abuse this right. I'd say the freenet's uncompromising position is the only way to go.
BOO! TERRO
I am not a lawyer (I still can't bring myself to write that abbreviation,) but if it is a valid defense in a criminal child pornography case to say I wasn't responsible for downloading it, could this not set a precedent for Civil copyright cases? Or are the RIAA's rights more compelling than that of the victims of Child pornography?
"I was hacked. You know, ever since all the Lawsuits started happening, there has been an increase of people hacking computers to download music."
I think a case could be made of that.
> What ISP keeps such records?
...as a result no-one really does it, and I've worked at quite a few ISP's. It's a waste of storage space, and equipment - i.e. racks of proxy/logging servers - needed to handle such an operation are just prohibitably expensive and not financially viable (unless you want to nearly double subscription costs)...
It's the law in the UK! The law requests this (and that you keep said logs for something like ~>3 months) but it's very vauge in what your specifically asked to keep track of...
...I've seen this one before (by the description). When I was working on PCs for a living, an optomologist's secretary brought in her computer, which was acting "strangely" and all sorts of "foul things" were coming up on her screen. I figured something had just replaced her homepage on IE with a porn site or something like that, so I plugged the machine up and let it boot, explaining to her "well, there's some bad shit you have to look out for, but there's always worse". I was quite wrong. This was worse.
When I fired up IE on the system, it went straight to a child pornography site that was obviously a typoed URL (freecilpart.com or something like that...don't hold me to it since my memory's terrible), and the default homepage setting was being updated constantly (like kak). This program was listening on some oddball high-numbered port.
Since the box was inside a Novell network and wasn't exposed to the outside world (much) I figured it wasn't a normal compromise. I told her to contact the FBI over the site, and I went looking for the malware, but couldn't track it down (limited time on it, though) and wound up wiping the box clean and reinstalling Win98. She's very religious about keeping the a/v definitions updated now (:
If people can throw their hands in the air and say "The trojan did it", then the law will change to catch the paedophiles who are using it as an excuse.
If it becomes popular to do so, and easy to get off if that is the case (and it seems like it might be, I'd hate to have a court disbelieve me if a trojan downloaded kiddie porn to my computer) - then who gets the blame?
This might lend some power to the palladium protocol (nothing's impregnable, but the guff is pretty air-tight) - "get rid of all viruses and trojans" - can now be replaced with "protect your children from being brutalized and their pictures sold to sickos all over the world while you rot in jail forever"?
Johns: Well, how does it look now? Riddick: Looks clear.
You are presuming that downloading/buying child porn is a victimless crime like say growing weed. Quite how you seem to arrive at this conclusion is a bit of a mysterie to me.
Anyway there recently was a case against an american who run a huge hosting network for the purpose of selling childporn. I forgot the names involved and googling for "child porn" is not that enjoyable. He was sentened to over a 1000 years. What however apperently a lot of people saw was the profits he has made.
There are now a great number of sites hosted and created in russia that make and sell child porn to western customers (since they are the ones who got the money). Childeren are being molested raped and killed to generate these images. This is being done because people are willing to pay for them. Wipe out the customers and the suppliers will go away.
Personally I think a few years in jail for a child porn collector causes a bit less grieve then a child being raped and killed. Apperantly you don't.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Anyone then faced with an RIAA lawsuit can just accidently install it and claim that the virus did it. Am I missing something here? And why isn't there any mention of wich virus did it?
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
The computers of the future will be capable of rendering a picture indistinguishable from a real one. In this case no real harm is done to anybody by making such a picture. So, the defendant will claim he/she just rendered those pictures. Can anyone be arrested for rendering a picture?
Government cannot make man richer, but it can make him poorer. - Ludwig von Mises
Agree 100%- But not everyone has the time or the ability to read and understand something of a technical nature. I'll use my sister as a case in point.
My sister and her husband bought a fax / scanner / printer machine from HP this past May. When I was visiting them, I was asked I would make it work, since they couldn't figure it out (two very smart people too).
'Of course' I told them, 'I'd be happy too'.
The first thing I did was sit down and read the instructions, and then started to install the software. While that was going on I hooked all the hardware together- which caused my sister to become all confused. So I asked her if she had read the instructions, to which she said 'Yes, I got to this point and it doesn't work'.
I then asked her if she had finished reading the instructions, to which she replied 'No, because I didn't see this' as she pointed to the page.
If she had read the whole instructions then she would have known what to do beyond the point where she was stuck, and had some solutions to make the PC and the printer / fax / scanner work together. (I would also place some blame on HP for their product, since the instructions where not the clearest written, but that's another topic)
My point is that even if someone does read the manual, and learns how to use the machine, understanding the WHY and HOW are equally important, and then there are people like my sister who just don't have the time, and expect things to just work. (And don't even get me started on the laptop connected to the net without a firewall...)
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
The driver rams into someone because his brakes don't work. Did
A) The repairman screw up on last check-up
B) Someone rig the brakes
C) He did it himself
However, going back to the "motive, means and opportunity", a car driver would hardly have much incentive to be in an accident. In this case however, you would because it would be a "get out of jail free" card. It's as if you happened to ram down a pedestrian that you had a motive to kill. Is that any evidence of who rigged the brakes? Nope, it could be just a coincidence. Would it still be relevant in court? Absolutely.
Kjella
Live today, because you never know what tomorrow brings
sorry, I don't agree. The answer is to make this stuff easier to understand and use, not restrict it's use. And yet it seems the same crowd who backs restricting usage ridicules the ease of use stuff like Macs, aol, etc.
DO NOT DISTURB THE SE
If I was seriously out to get someone I could do a much better job than this, and so could you.
1. Get him infected with a trojan. Just send him shit on email (from free accounts), icq, irc, latest windows exploits and whatever until you find something his antivirus doesn't bite on.
2. Drop him a shitload of illegal stuff. As techies, I'm sure you'd be able to find it, it's just that we don't *want* to. Maybe even download it directly to him through the trojan, keeping yourself completely clean. If he gets logged downloading it, all the better.
3. Jerryrig the dates, to make it seem as if they've been collected over extended period of time, accessed repeatedly etc.
4. Uninstall the trojan. Give him a total clean-up and remove any over shit he might have happened to have too.
5. Tip the cops. Payphone, anonymous note, whatever. Anything untracable.
OTOH, his life is pretty damn screwed already (even if you get aquitted, everyone will still wonder... did he *really* do it or not). This is if you want someone really thrown in jail and lose the key. Maybe I shouldn't give anyone the idea, but at the same time it might also get people to actually *care* about their security.
Kjella
Live today, because you never know what tomorrow brings
So, using that as an example and considering how much more common computers are in every day life than cars (know anyone how hasn't driven in the past 12 months? Now, know anyone who hasn't touched a computer in any way shape or form in the same time period?), why don't we have compulsory "basic operation" licsenses for computers?
Most people outside the IT Industry use computers as a tool, a means to an end. And yet there are NO requirements in place to ensure people are competant when using that (potentially dangerous) tool
Think about it this way; Truck drivers are forced to undergo rigerous driving training (in the form of logged experience and lessons from qualified staff) before they're allowed to sit for their license and operate the tool they use to make a living. Builders are required to undergo at least two years of apprenticeship plus TAFE (think community college) courses before they can build any type of large structure. People who pilot any form of marine vessel are required to sit a test and get their license before they can command a vessel capable of going over a certain speed/weighing more than a certain tonnage. Hell, even short-order *COOKS* are required to undergoe some form of food preperation and service training before most places will give them a job.
And yet companies all across the world will hire someone into a position that required daily, extended user of office type computers at the drop of a hat. At best you can expect "Can you touch type? DO you know Microsoft Word?" Hell, even that's only mostly for secretaries!
A basic computer competency test should be *compulsory* before anyone is allowed to purchase a computer. Said test should include the following areas;
- Basic hardware in a computer (stops the old "my cupholder is broken and the tv wont start!" support call when whats actually happened is that they've kicked out a cord at the back)
- Basic use of word processing, database, presentation and spreadsheet software (by basic I mean VERY basic. "This is a spreadsheet. It does simple simple calculations, like so")
- Basic Internet skills ("this is how to use email, this is SPAM - its bad, dont ever reply. This is how to browse the web" etc)
- Basic computer security (in fact, dont even include the word "security". Include this in the "basic operation" section. Cover topics such as viruses ("don't open email with attachments unless you have an UP TO DATE virus scanner running, and the file is NOT an exe/vbs/whatever", spyware, password security (and the importance of it, with say a "your internet banking and hotmail account are vulnerable! listen up!")
- How to report a problem (if you have a support line/helpdesk/manufacturer to call under warrenty.
When computers are in as widespread use as they are in our society today, rivaling even vehicles in their numbers, people should be forced to prove at least some BASIC competancies. I'm not talking about doing us out of a job (I am paid to fix problems, among *other* things), but ensuring that the damage/aggrivation/grief caused by computer-ignorant people is minimised.Janie took my gun...
...deliberately dled kid porn - which is clearly the majority of people with kp on their machines
This is a serious issue. It does absolutely no one any good when people like you make up bullshit facts to prop up your dubious point of view.
Lots of people who enjoy legitimate porn view it offline. E.G. - they suck entire newsgroups to their local computer. Only later do they peruse what they have. Perhaps much later. Perhaps never. What if someone injected some kiddie porn into the newsgroup? How do you distinguish kiddie porn from legitimate porn when you're downloading anyway? A lot of legitimate porn consists of middle-aged women in pigtails pretending to be teenagers. I'm not saying this is a turn-on or anything, but it is legitimate.
Your statement that people who have kiddie porn on their machine obtained it intentionally is what's really sick. It's sick because twisted made-up worldviews like that are what cause ignorant juries to put innocent defendants in jail. So straighten your head out, or shut the fuck up.
--Lawrence Lessig for Congress!
I had an interesting experience helping my cousin with his computer a few hours ago. I've done this plenty of times before, and I'm sure every computer professional has served as volunteer tech support for family members at least occasionally. The difference this time is, instead of simply doing a few quick fixes for the things that were broken/nonfunctional (which is what I usually do, in the interests of time), I actually thought long and hard about what was broken, and more importantly, how and why it got that way.
I will state from the top that I don't intend for this to be a Windows bash session. Though it's plainly a software environment I try to avoid when it's practical to do so, I recognize that I'm a kook and that most of the rest of the world has decided otherwise. Since, like death and taxes, Win32 is omnipresent, unavoidable, and in the end always victorious, it's prudent to learn how to efficiently work with it.
My cousin purchased a basic home system earlier this year, a modest (but powerful enough) system with Windows XP Home Edition preinstalled. It also came with Microsoft Works (which he's just starting to use for his classes) and the various and sundry shovelware that no user ever bothers to either run, nor uninstall. We live very close to each other, so we both have the same network provider -- in this town it's basically Comcast for broadband or the highway (read: craptacular dialup). He uses Yahoo as a portal page, and occasionally uses Yahoo Messenger. He likes tuning in to streaming radio, so he has dozens of stations bookmarked. And that's pretty much it -- he uses his machine for web surfing, internet radio, and the occasional short word processing or IM session.
I stopped by today to help him with a project he's starting up and he went to log into his computer. My first clue that something was very wrong: it took forever. The interval between the time when he entered his password and when he gained full control of the machine (i.e. when the busy cursor went away and the machine finally became responsive enough for him to do anything as basic as using the cursor to launch a new application) was at least 90 seconds. This box isn't a server, he's not compiling code or serving pages or rendering frames or anything else that ought to be stealing major cycles from the foreground UI. After that eternity has passed and he finally gains control of the machine, he gets a dialog box advertising cheap university degrees. By this time, I'm all like "what the f___?!?" It seems that in my time away from mainstream (i.e. Win32) computing, something known as "Windows Messenger Service Spam" has become a serious nuisance. How goddamned evil can they get? You don't even have to open your mailbox before some lowlife jumps in your face trying to sell you merde? How fricking evil is that? I do wonder what kind of krakk kokane your software engineering staff has to be smoking for them ship an operating system that, in its default configuration, allows an unauthenticated tcp message from any random spot on the internet to display a dialog on a client workstation, but, as I mentioned earlier, that's not where I want to go today. I felt a sick feeling in my gut, realizing that there are probably millions of grandmothers out there getting these stupid things popping up in their faces all day, without the vaguest clue of how to stop them.
After closing the messenger spam, my cousin started his browser, which happens to be IE 6. This took an extroardinarily long time. Once it came up, I noticed that he had a Yahoo toolbar underneath the standard Explorer toolbar, bristling with gewgaws, animated crap, pulsing buttons and links to, erm, "synergistic content". In addition, there was a vertical pane along the left side of the window, also Yahoo branded, also full of pulsing, flashing, irrelevant happy crap. In the middle of trying to throw up (and I do mean "throw
It's often said that ignorance isn't an excuse. I'd argue against that in many cases. Ignorance is an excuse where it would take 3-4 years of learning about IT to be aware of what's going on under that case.
I not sure I can agree although it sounds reasonable. How long does it take to go through law school? If I do something that seems reasonable and it turns out to be illegal, I'm screwed. The only way to know for sure is to become a lawyer and even then laws aren't static.
It doesn't take four years to teach someone the basic concepts of safe computing, it's that users are to lazy to actually learn something as it takes away from there TV time. I have seen a couple a freely available pages on the net that teach is in less than an hour but you have to read it. Ok well maybe it was an hour a day for a week, still much less time than learning how to drive a car. (I'm just talking about safe computing)
Sorry, I don't mean to sound angry, I have been doing tech support for over 16 years now and the majority of "problems" are just people who can't take the time to RTFM and not actually a problem at all.
Trying is the first step towards failure. H.J.Simpon
There are lots of issues to consider here, firstly the daughter claim... his daughter may have had a vendetta against him because he molested her, or she knew that he was commiting acts against children and just wanted him to get what was coming to him. Who knows...
also the other thing to consider (and i have some experience in this) when i was getting started in computers and did some stupid things (bruteforcing passwords from my own system), i always ran a copy of BO on my own pc, so i could blame "the evil hackers" if it came down to it. Possibly he was doing the same thing with much more sinister acts.
Either way, this defence is flawed and in my opinion the prosecution could have done a whole lot better on this one.
"Those who would give up Essential Liberty, to purchase a little Temporary Safety, deserve neither Liberty nor Safety"
Bollocks, say I. No stats here, just personal experience. I'm ex-resident of Amsterdam, now resident back in the UK. I have observed the drug scene in both situations with very similar people. I firmly think that people who want to take drugs simply want as much as they want and that legality is entirely incidental.
By criminalising drugs, the money goes to the crims, who have a vested interest in getting users on harder stuff. That's where the increased usage comes from.
Naturally, you may disagree.
Justin.
You're only jealous cos the little penguins are talking to me.
Yeah.. I remember this little thing that all the kids were playing... what was it called? Oh, Grand Theft Auto.
You really can't cause lots of monetary damage to anyone but yourself with a computer if you're an average, unless someone hacks you and uses your computer to do it. That kind of stuff takes savy. So, should the person be responsible if someone hacks their computer? I don't believe so. Would you be responsible if someone cut your brake lines and you hit and killed someone with your car? There is a line where you start being negligent, but I don't want to draw it right here.
Jack Valenti and Orrin Hatch will be first up against the wall when the revolution comes.
Even if he turned the computer off, it would turn itself back on and dial the Internet on its own.
Who's computer can turn on all by itself?
The reason so many computers are so insecure is that most computer users are completely unqualified. But the solution isn't to legislate them off the net. I think computer vendors should administer a test, and if you pass, you get a discount.
When you get auto insurance, they offer to give you a video and CD-ROM (Windows, ugh) training course, and if you pass it, you get lower premiums. Dell could do this: after all, competent users cost them less in tech support time. So all of us nerds would get cheaper hardware, and everyone else would have an incentive to learn the basics of computer use and security.
Litigious bastards
Is it illegal for a minor to download sexual pictures of people his or her own age?
I'm just curious. I bet there are at least a few horny 13-year-olds who would rather look at people their own age.
It is possible to cut the brake lines so that fluid leaks, and your brakes go out mid-drive. But lets use an even better example. Lets say someone steals your car. You left it unlocked. This person runs over 3 kids. He gets away and leaves no trace. Are you guilty of a crime?
Jack Valenti and Orrin Hatch will be first up against the wall when the revolution comes.
any with WOL or a bios that supports it. My old work dell used to turn itself on at 8am every weekday so it looked like i arrived early...