Tuesday, November 11, 2008

In the workplace, Internet security problems can lead to false criminal charges


Previously I’ve mentioned the possible legal risks of home computers that are not properly protected (in conjunction with such proposals as an “Internet driver’s license”) but even work computers can be compromised and present a risk to employees. In fact, it is the workplace cases that get media attention now, and they may be becoming more common.

In Connecticut, a substitute teacher (Julie Amero) was arrested and convicted after a school computer went haywire and showed pornography in front of middle school students. The fact pattern in the case is quite disturbing. Apparently she was told not to touch the computer. Then, when the defense wanted to present evidence that the school’s network was poorly secured and that the computer could have been infected, the evidence was not allowed in court. It seems that the trial court at first simply did not understand how this kind of risk can come about. There are plenty of blogs about this case. One of them is by Andy Carvin on PBS, July 11, 2008, “No Resolution Yet for Julie Amero,” link here. The Carvin blog entries refers to some detailed op-eds in the local Hartford paper, the Courant. There is also a suggestion that the prosecution has dragged its feet on dropping the charges out of embarrassment.

There is no question about this: to be fair, law enforcement agencies and courts need to be brought up to speed just on how internet security issues play out and can endanger people, even in the workplace, and at home. They simply haven’t gotten the message in many jurisdictions around the country.

Another good blog entry is by Lindsay Beyerstein on the Huffington Post, Jan. 23, 2007, link here.

The Council for Secular Humanism has a thoughtful discussion of her case (as well as the excessive “enemy jurisprudence” sentence in Arizona for teacher Morton Berger in a c.p. case) here, by Wendy Kaminer.

Julie Amero has a Defense Fund entry on Blogger, here.

PC World has a good article, on June 16, 2008, about a Massachusetts worker who was accused of c.p. possession when it was later found that his state-issued laptop was poorly secured, link here, by Robert McMillan from IDG news, here.

The site Techdirt has a brief comparison of the Massachusetts case with the substitute teacher case in Connecticut, dated June 18 2008, here.

In the home computing environment, besides the case reported here Feb. 3, 2007 in Arizona, there was a case in Torquay, England in 2001, written up in the The New York Times by John Schwartz on Aug. 11, 2003, “Acquitted Man says virus put porn on his computer”, here. The concerns are that defense attorneys could abuse this theory as well as the fact that innocent people will be wrongfully prosecuted and have to spend huge sums defending themselves. Again, law enforcement (around the world, not just in the U.S.) needs to rein in on this problem. In the U.S., the "strict liability offense" concept (that theoretically holds the computer owner absolutely responsible for what others do to it, even if this theory is rarely followed) is also a problem, and probably could not survive a constitutional test.

1 comment:

Golden said...

Just for workplace security the employee should never use any company email and should check SSL Certificate before entering into any internet transaction.