Skip navigation
× You have 2 more free articles available this month. Subscribe today.

Child Porn Investigations May Snare the Innocent

by Mike Rigby

A new threat looms in the Internet age – the threat of improper prosecutions and wrongful convictions for the unwitting receipt, possession or attempted possession of child pornography. Everyone is at risk, as these offenses can be committed by hackers who gain remote control of your computer, by malicious software that directs your PC to websites with illegal videos and images, or by sexual predators who use your unsecured wireless connection to conduct illicit activity.

Even something as simple as clicking on the wrong hyperlink – set up as part of an FBI sting operation – can land you in prison. So can being a victim of credit card fraud, if hackers use your card information to buy child porn. More disturbing is the fact that even when people are acquitted of such crimes they are nevertheless convicted in the court of public opinion, often resulting in ruined reputations, careers and relationships.

Computer Viruses and Malware

A 2009 investigative report by the Associated Press described several cases where innocent people were labeled as pedophiles or sexual perverts after family members or co-workers found porn on their computers.

Michael Fiola, a former employee of the Massachusetts Department of Industrial Accidents, was one of those innocent defendants. In 2007, Fiola’s state-issued laptop was checked by his boss after someone noticed that he used four times more data than his co-workers. A technician discovered child pornography in a folder that stores images viewed online. Fiola was fired and charged with possession of child porn.

However, an examination by Fiola’s defense counsel found that the laptop had a severe virus infection and was programmed to visit as many as 40 child porn sites per minute. “The overall forensics of the laptop suggest that it had been compromised by a virus,” admitted Jake Wark, spokesman for the Suffolk District Attorney’s office.

The charge was eventually dropped, but not before Fiola and his wife had spent $250,000 fighting the case. They used up their savings, took out a second mortgage and sold their car. They also suffered stress-related health problems. “It ruined my life, my wife’s life, and my family’s life,” Fiola said.

Julie Amero, a 37-year-old substitute teacher in Norwich, Connecticut, suffered a similar fate. In 2004 she was charged with risk of injury to a minor after a classroom computer began displaying pornographic images after she left the class to go to the restroom. Amero tried to close the offending pop-up screens when she returned, but they kept reappearing and were seen by several children.

She was convicted on four of the original ten counts in January 2007, but a bevy of computer experts following the case disagreed with the verdict. Following their outcry, prosecutors had the computer examined by the state police forensics lab, where the true culprit was discovered – a malicious spyware program that generated the pop-ups.

Amero’s conviction was dismissed, but for 18 months prosecutors considered retrying the case. Citing stress-related health concerns, Amero agreed to plead guilty to misdemeanor disorderly conduct in 2008 and the felony charges were dropped. “They got a pound of flesh,” said Amero, who was fined $100 and effectively barred from teaching. “The doctors all agreed that I would not make it through another trial.” See: State v. Amero, Superior Court, New London Judicial District (CT), Case No. CR-04-93292.

As bad as it was, the outcome in Amero’s case was still better than that of Nathaniel “Ned” Solon, a Wyoming resident who received a six-year federal prison sentence in January 2009 after traces of child porn were found on his home computer. The illegal files, consisting of partially-downloaded videos, were in a folder used by Limewire, a peer-to-peer file sharing program.

Tami Loehrs, a computer forensics expert who was also involved in the Fiola case, testified that Solon’s antivirus program wasn’t working properly. It apparently shut down for long periods of time – a sign of a virus infection.

Loehrs found no proof that the traces of child porn on Solon’s computer had been viewed or fully downloaded, stating, “There is no conclusive evidence that any of the five files containing suspect child pornography were ever viewed, saved or copied to another location including storage media such as CD-ROMs.”

The jury, which was shown graphic images of child pornography by the prosecution, despite the fact that such images were not viewable on Solon’s computer, disregarded Loehrs’ findings. Further, the federal judge berated Loehrs at trial and left the bench for six minutes during the defense’s closing argument. Solon was convicted and sent to prison for 72 months. “I don’t think it was him, I really don’t,” said Loehrs. “There was too much evidence that it wasn’t him.” She added, “It can happen to anyone connected to the Internet. Period.”

Courts have upheld convictions for possession of child porn despite defenses claiming infection by computer viruses or other malware programs. Solon’s conviction was affirmed by the Tenth Circuit in February 2010. See: United States v. Solon, 596 F.3d 1206 (10th Cir. 2010), cert. denied.

In another case, United States v. Miller, the Third Circuit held that even if malicious software or a virus was responsible for downloading or storing illegal content on someone’s computer, the defendant could still be convicted of knowingly possessing child porn.

At issue in the Miller case was a zip disk containing 1,200 to 1,400 digital images, 13 of which were deemed by prosecutors to constitute child pornography. The defendant, Donald R. Miller, claimed the photos were downloaded in large batches from websites featuring adult porn; he claimed he never saw the illegal images and didn’t know how they got on the disk.

Nevertheless, the appellate court held that Miller’s conviction for knowingly possessing child pornography could stand even if he didn’t knowingly receive the illicit photos (which requires an “intent” element), because he chose to retain the material on the zip disk – despite not knowing that it contained child porn. See: United States v. Miller, 527 F.3d 54 (3d Cir. 2008).

Hackers and Trojans

Another complication in child porn prosecutions involves hackers using backdoor Trojans to gain remote access to personal and business computers. If so inclined, a hacker can use another person’s computer to store illegal pornographic images or even plant child porn as an extortion tactic. Hackers can also pretend to be someone else online by “spoofing,” or faking, another computer user’s Internet Protocol (IP) address.

In October 2002, Julian Green was arrested in Devon, England after cops searched his home computer and found child porn. A computer forensics expert hired by the defense found Trojans hidden on Green’s PC. The Trojans – designed to piggyback his browser and log into porn sites – were probably downloaded as e-mail attachments, the expert concluded, and allowed hackers backdoor access to Green’s computer. The charges were ultimately dismissed.

In December 2003, companies worldwide began reporting a new breed of cyber extortion that had apparently been going on for about a year. The extortionists threatened to either wipe hard drives or plant child porn and then call the police if the companies didn’t pay a nominal fee of $30. The threats were credible, considering the possibility of Trojans and the ease with which such attacks could be carried out, reported Mark Rasch, former head of the U.S. Department of Justice’s computer crimes unit.

Another concern with these types of cases, Rasch stated, is that evidence consistent with guilt can be planted (such as in child pornography cases) and traces of manipulation hidden from even computer experts, making it “virtually impossible to determine that your target was not guilty.” And with sentencing guidelines “becoming ever more draconian for computer-related offenses,” Rasch wrote, “it is only a matter of time before not only cyber extortion but cyber set-ups become a reality, if they aren’t already.”

Hackers gaining remote access to a computer and using it to store illegal files was a defense raised in the case of Matthew Bandy, 16, who was prosecuted for possession of child pornography by Arizona officials. Police conducted a dawn raid on Matt’s home on December 16, 2004 after they were notified by Yahoo.com that someone using his IP address had uploaded images of child porn.

While Matt admitted to viewing adult pornography, he denied viewing or uploading the illicit images found on his family’s computer. Although it is known that hackers can control other computers and use them as “zombies” to distribute spam, store files or coordinate attacks on websites, experts disagreed as to whether that happened in Matt’s case. Notably, the prosecution objected to providing Matt’s attorney with a copy of the computer’s hard drive so the defense could conduct its own evaluation; prosecutors even appealed to the Arizona Supreme Court, to no avail.

When Tami Loehrs, Matt’s computer forensics expert, finally examined the hard drive, she found 200 infected files and concluded “[i]t would be virtually impossible to determine if, when or by whom the system was compromised. [I]t would be impossible to state with certainty which activities were conducted by users within the household and which activities were the result of one of the many malicious software applications and/or outside sources such as hackers.”

Matt, charged with nine counts of possession of child pornography, faced up to 90 years in prison. Instead he pleaded guilty in October 2006 to three “class 6 undesignated felonies” that were unrelated to the child porn found on his computer. He received 18 months’ probation; certain sex offender restrictions were initially included as probation requirements but later dropped. Matt’s family reportedly spent more than $250,000 on his defense. See: State v. Bandy, Maricopa County Superior Court (AZ), Case No. CR2005-014635-001 DT.

Whether or not Matt was in fact guilty of knowingly possessing child porn is unknown. The prosecutor’s computer expert, Detective Larry Core, admitted that he didn’t look for viruses, evidence of hacking or backdoor access attempts on Matt’s computer. However, the prosecution noted that several CD ROMs containing child pornography also were found at Matt’s house. The Bandys claimed the CDs were from a backup of the computer’s hard drive, and the images may have been reloaded on the computer without their knowledge during a system restore.

“They don’t have to prove you’re guilty – you have to prove yourself innocent,” observed Gregory Bandy, Matt’s father.

Questionable Investigative Methods

The FBI has recently adopted a new form of sting operation: posting hyperlinks that supposedly point to files containing child porn. In October 2006, undercover FBI agents used this technique to post hyperlinks on a child porn message board site called “Ranchi.” The links sent web surfers to a government server, where the FBI identified the users who clicked on the links by their IP addresses. They then obtained warrants and staged raids of homes in Nevada, New York, Iowa and Pennsylvania.

Roderick Vosburgh, a doctoral student at Temple University and a history teacher at LaSalle University, was subjected to one of those early-morning raids in February 2007 after he was suspected of clicking on the FBI’s hyperlinks. He apparently destroyed his computer hard drive and a thumb drive when agents arrived with a search warrant, but several thumbnail files of child porn were found on an external hard drive.

There was dispute as to whether the actual images associated with the thumbnail files had been present on Vosburgh’s computer, and he was prosecuted under a federal law that criminalizes “attempts” to download child pornography. He was convicted at a jury trial and sentenced on November 13, 2008 to 15 months in prison and three years’ supervised release.

“I thought it was scary that they could do this,” said Anna Durbin, Vosburgh’s attorney. “This whole idea that the FBI can put a honeypot out there to attract people is kind of sad.
It seems they’ve brought a lot of cases without having to stoop to this.” Due to his conviction, Vosburgh – who had no previous criminal record – will be effectively barred from teaching and required to register as a sex offender after he is released from prison.

The implications of the FBI’s hyperlink-bait technique are sweeping. According to an article on CNET News, “Using the same logic and legal arguments, federal agents could send unsolicited e-mail messages to millions of Americans advertising illegal narcotics or child pornography – and raid people who click on the links embedded in the spam messages. The bureau could register the ‘unlawfulimages.com’ domain name and prosecute intentional visitors. And so on.”

Even more frightening, the courts have given their stamp of approval to this prosecutorial approach. Vosburgh’s conviction was affirmed on appeal by the Third Circuit in April 2010. See: United States v. Vosburgh, 602 F.3d 512 (3d Cir. 2010).

Previously, on March 6, 2008, a U.S. District Court judge in Nevada upheld a magistrate’s ruling that the hyperlink sting operation constituted sufficient probable cause to justify an FBI search warrant. Travis Carter, the defendant in that case, argued that any of his neighbors could have used his wireless network to access the link. With the aid of an investigator, the public defender’s office confirmed that dozens of homes were within range of Carter’s Wi-fi connection.

Further, an expert’s affidavit submitted by Carter’s defense counsel noted there were “many problems with using an IP address to decide the location of a computer allegedly using an IP address on the Internet. The IP address can be ‘spoofed.’ A single IP address can be used by multiple computers at multiple locations through a wireless router. The MAC address of a cable modem can be spoofed to allow access to another’s Internet connection. A neighborhood with several houses can share one Internet connection and therefore have the same IP address.”

Nevertheless, the magistrate judge held that the mere possibility of other people accessing an open Wi-fi connection “would not have negated a substantial basis for concluding that there was probable cause to believe that evidence of child pornography would be found on the premises to be searched.” See: United States v. Carter, 549 F.Supp.2d 1257 (D.Nev. 2008). The Fifth Circuit had reached a similar conclusion in United States v. Perez, 484 F.3d 735 (5th Cir. 2007).

A large-scale child porn investigation in the United Kingdom has also faced criticism. Jim Bates, 67, a computer specialist, testified as an expert witness in cases involving some of the approximately 4,000 defendants charged as a result of Operation Ore – a 2002 criminal investigation into U.K. users of Landslide, a U.S.-based website that facilitated the purchase of child pornography.

Bates, who believes many of the men arrested as part of Operation Ore may be innocent, used the website of his former company, Computer Forensics, to criticize investigators and the technical competence of other computer experts. “I have evidence to prove Operation Ore was based on a completely false series of premises and police officers should have been aware of this if they had done their job properly,” he said.

There was evidence that some of the people prosecuted due to Operation Ore had actually had their credit card information stolen, which was used to purchase child porn without their knowledge. It was later learned that credit card fraud was a major problem with the Landslide website, information provided by U.S. law enforcement officials was faulty, and dozens of defendants may have been wrongly prosecuted.

One such defendant, Dr. Paul Grout, proved that at the same time he had used his credit card at a restaurant in Yorkshire, England, someone else was using it in Lake Tahoe in the U.S. The charges against him were dismissed. Peter Johnson, a U.K. police officer involved in Operation Ore, quit over the witch-hunt nature of the investigation. “I began to doubt the validity of the evidence surrounding the circumstances of the initial investigation in America ...,” he said. “I found it difficult to rationalize how offenders had been identified [based] solely on a credit card number.”

At least 33 people accused in Operation Ore of purchasing child porn committed suicide. Bates called the investigation a “shambles.”

Bates was himself prosecuted and found guilty of four counts of making a false written witness statement for falsely claiming he had a degree in electronic engineering. He had testified for both the prosecution and defense in cyber-crime cases. [See: PLN, Oct. 2010, p.1]. Bates was also arrested in 2008 for conspiracy to possess indecent images of children, apparently related to child porn images in case files in which he had testified as an expert, which he kept at his house. However, the search warrant used to search his home was tossed out by the High Court in May 2009.

Conclusion

The cases described above highlight related problems – the demonization of sex offenders and people accused of viewing or possessing child pornography. Because child predators engender such an innate revulsion, most people tend to scoff when defendants offer even plausible explanations for child porn found on their computers, such as malicious software or hackers.

These cases are further complicated by the fact that real pedophiles often blame other persons or viruses for illegal files on their computers – claims that the police, the public and the judiciary view with natural skepticism. “It’s an example of the old ‘dog ate my homework’ excuse,” said Phil Malone, director of Harvard’s Cyberlaw Clinic. “The problem is, sometimes the dog does eat your homework.”

Sources: CNET News, Associated Press, www.securityfocus.com, www.tgdaily.com, www.washingtonpost.com, BBC News, www.vnunet.com, www.theregister.co.uk, www.guardian.co.uk, www.law2000.net, www.foxnews.com, “International Electronic Evidence” (British Institute of International and Comparative Law 2008), www.phoenixnewtimes.com, www.framedforchildporn.com, www.northcountrygazette.org

As a digital subscriber to Prison Legal News, you can access full text and downloads for this and other premium content.

Subscribe today

Already a subscriber? Login

Related legal cases

United States v. Vosburgh

United States v. Solon

State v. Amero

United States v. Carter

United States v. Miller

United States v. Perez

State v. Bandy