Switch to Linux, stay out of JAILby Nikola Strahija on August 15th, 2003 Unknowing Web surfers could find themselves charged with possessing illegal material that a lurking software program has acquired.
One evening late in 2001, Julian Green's 7-year-old daughter came upstairs from the computer room of their home in the resort town of Torquay, in western England, and said, "The home page has changed, and it's something not very nice."
When Green checked the machine, he found that the family PC seemed almost possessed. The Internet home page had somehow been switched so that the computer displayed a child pornography site when the browser software started up. Even if he turned the machine off, it would turn itself back on and dial the Internet on its own.
Green called the computer maker and followed instructions to return his PC to a G-rated state. The pornography went away, but the computer still often crashed and kept connecting to the Internet even when "there was no one in the blinking house," he said.
But Green's problems were only beginning. Last October, local police knocked on his door, searched his home and seized his computer. They found no sign of pornography in his home but discovered 172 images of child pornography on the computer's hard drive. They arrested Green.
This month, Green was acquitted in Exeter Crown Court after arguing that the material had been gathered without his knowledge by a rogue program created by hackers--a so-called Trojan horse--that had infected his PC, probably during innocent Internet surfing. Green, 45, is one of the first persons to use this defense successfully.
While a case that played out in the British legal system sets no precedent in the United States, legal experts say the technical issues raise two troubling possibilities. For one, actual child pornographers could arm themselves with a new alibi that would be difficult to disprove. Or, unknowing Web surfers could find themselves charged with possessing illegal material that a lurking software program has acquired.
"The scary thing is not that the defense might work," said Mark Rasch, a former federal computer crime prosecutor. "The scary thing is that the defense might be right," and that hijacked computers could be turned to an evil purpose without an owner's knowledge or consent.
"The nightmare scenario," Rasch said, "is somebody might go to jail for something he didn't do, because he was set up."
Green was eventually exonerated, but his life has been turned upside down by the accusations. His ex-wife went to court soon after his arrest and gained custody of their youngest child and his house. Green, who is disabled because of a degenerative disk disease, spent nine days in prison and three months in a "bail hostel," or halfway house, and was allowed only supervised visits with his daughter.
"There's some little sicko out there who's doing this," Green said, "and he's ruined my life. I've got to fight to get everything back."
He said he had no clue how the rogue software showed up on his computer. "I never download anything. And as far as I knew, no others had," he said.
When his solicitor, Chris Bittlestone, hired a computer security consultant to examine the PC, nearly a dozen Trojan horse programs showed up on the hard drive. "When the report came in, it was very much what you would call a 'eureka moment,'" Bittlestone said. But Green took the news differently.
"He was very quiet and said, 'See? I told you,'" Bittlestone recalled.
Tony Dearsley, the computer investigations manager for Vogon International, the company that examined the machine, says Trojan horse programs are increasingly common.
"Any Web site could contain this sort of thing," he said. "The reputable ones don't. The less reputable ones may." Anyone who uses a computer who visits sites that offer legal adult fare, gambling or even music file-swapping might pick up malicious software, he said.
Green, who now lives with his son and his 83-year-old mother in the nearby town of Paignton, said it was possible that some member of his family had accidentally infected the computer in that way. "I know my son had a look at some iffy sites," he said. "He's a teenager."
Antivirus software and programs like Ad-aware can ferret out and disable Trojans, but they must be kept up-to-date to be effective in a fast-changing field. Green said he had antivirus software on his computer, but that it was outdated.
The police would not disclose the source of the original tip in the case, but Green noted that the raid came two weeks after he had won custody of his daughter in court. Bittlestone would not comment directly on the matter. "Calls may well have been made," he said. "I'm not quite sure what the dynamics were within the family at that time."
Bittlestone said he was troubled that prosecutors did not mention the Trojan programs after his client's arrest: "Either the police didn't spot this issue, or if they did spot it, they chose not to pursue it." Green, he said, is now considering a lawsuit against the police.
Calls to the local police in Green's area were referred late on Friday to the pedophile unit at Ashburton, which could not be reached. But the prosecutor in the case, David Sapieca, told the BBC: "We don't accept the conclusions of the defense expert report, but there were already other issues in the case regarding the history of the computer itself. We cannot show that Green downloaded the images on to the computer, so the Crown reluctantly offer no evidence in this case."
Green's case could point the way to a new defense in courts in the United States, said Andrew Grosso, a lawyer and former federal prosecutor in Washington. The presence of a Trojan could mean that the computer is "not entirely under your control," he said, and a defendant could "legitimately point a finger elsewhere."
A senior official at the U.S. Department of Justice said the defense, while novel, might not hold up in court. "There are ways to look at the evidence to see if something like this--even if it is present--is responsible for the conduct at issue," the official said. A prosecutor would thus scan the computer to make sure that it did, in fact, have rogue software and would try to determine whether the software could do what the defendant claimed that it had done.
In a child pornography case, he said, investigators would also try to discover other corroborating evidence, like Internet communications with known pedophiles or a stack of child pornography in the suspect's home.
Bittlestone said: "You will only be able to use this defense if you can show that Trojan horse viruses have infected" a computer. If not, he said, "You have to account for your actions."
Green said that, despite the disruption in his life, things could have been much worse: He could have spent years in prison, lost all visitation rights to see his daughter and have been entered into lists of sex offenders. "There would have been no point to living after that," he said. "Everything is just taken away from you."
But he said he had no sympathy for pedophiles and users of child pornography, many of whom he met in the bail hostel. He called them "nasty little people" and said, "Whatever they do to them isn't enough."
Things are beginning to turn around for Green since the British press has written about his acquittal, he said. One of the parents from his daughter's school, who hadn't spoken to him since the arrest, began talking to him the other day.
"She must have said, 'Perhaps he's not a pervert after all,'" Green said.
(copyright: New York Times)