There are cases in which innocent people have been branded as pedophiles after their co-workers or loved ones stumbled upon child porn placed on a PC through a virus. It can cost victims hundreds of thousands of dollars to prove their innocence. Of all the sinister things that Internet viruses do, this might be the worst: They can make you an unsuspecting collector of child pornography. Heinous pictures and videos can be deposited on computers by viruses — the malicious programs better known for swiping your credit card numbers. In this twist, it's your reputation that's stolen.
At any moment, about 20 million of the estimated 1 billion Internet-connected PCs worldwide are infected with viruses that could give hackers full control, Computers often get infected when people open e-mail attachments from unknown sources or visit a malicious Web page. Pedophiles can exploit virus-infected PCs to remotely store and view their stash without fear they'll get caught. Pranksters or someone trying to frame you can tap viruses to make it appear that you surf illegal Web sites.
Pedophiles can tap viruses in several ways. The simplest is to force someone else's computer to surf child porn sites, collecting images along the way. Or a computer can be made into a warehouse for pictures and videos that can be viewed remotely when the PC is online. But pedophiles need not be involved: Child porn can land on a computer in a sick prank or an attempt to frame the PC's owner.
In 2007 when Fiola was working in an organization his bosses became suspicious after the Internet bill for his state-issued laptop showed that he used 4½ times more data than his colleagues. A technician found child porn in the PC folder that stores images viewed online. Fiola was fired and charged with possession of child pornography, which carries up to five years in prison. He endured death threats, his car tires were slashed and he was shunned by friends. Fiola and his wife fought the case, spending $250,000 on legal fees. They liquidated their savings, took a second mortgage and sold their car. It ruined his life, his wife's life and his family's life. They have health problems from the stress of the case. They say they've talked to dozens of lawyers but can't get one to sue the state, because of a cap on the amount they can recover.
An inspection for his defense revealed the laptop was severely infected. It was programmed to visit as many as 40 child porn sites per minute — an inhuman feat. While Fiola and his wife were out to dinner one night, someone logged on to the computer and porn flowed in for an hour and a half. Prosecutors performed another test and confirmed the defense findings. The charge was dropped — 11 months after it was filed.
In the first publicly known cases of individuals being victimized, two men in the United Kingdom were cleared in 2003 after viruses were shown to have been responsible for the child porn on their PCs. In one case, an infected e-mail or pop-up ad poisoned a defense contractor's PC and downloaded the offensive pictures. In another case, a virus changed the home page on a man's Web browser to display child porn, a discovery made by his 7-year-old daughter. The man spent more than a week in jail and three months in a halfway house, and lost custody of his daughter. In these cases, the central evidence wasn't in dispute: Pornography was on a computer. But proving how it got there was difficult.
Even careful child porn collectors tend to leave incriminating e-mails, DVDs or other clues. Virus defenses are no match for such evidence. But while the virus defense does not appear to be letting real pedophiles out of trouble, there have been cases in which forensic examiners insist that legitimate claims did not get completely aired. However, forensic examiners say it would be hard for a pedophile to get away with his crime by using a bogus virus defense.
In the case of Solon of Casper, who is serving six years for child porn found in a folder used by a file-sharing program on his computer. Solon admits he used the program to download video games and adult porn — but not child porn. So what could explain that material? Loehrs testified that Solon's antivirus software wasn't working properly and appeared to have shut off for long stretches, a sign of an infection. She found no evidence the five child porn videos on Solon's computer had been viewed or downloaded fully. The porn was in a folder the file-sharing program labeled as "incomplete" because the downloads were canceled or generated an error.
This defense was curtailed, however, when Loehrs ended her investigation in a dispute with the judge over her fees. Computer exams can cost tens of thousands of dollars. Defendants can ask the courts to pay, but sometimes judges balk at the price. Although Loehrs stopped working for Solon, she argues he is innocent.
The prosecution's forensics expert, Randy Huff, maintains that Solon's antivirus software was working properly. And he says he ran other antivirus programs on the computer and didn't find an infection — although security experts say antivirus scans frequently miss things.
"Nobody believes me that I am innocent," says Solon, whose case is being appealed. "All I know is I did not do it. I never put the stuff on there. I never saw the stuff on there. I can only hope that someday the truth will come out." But can it? It can be impossible to tell with certainty how a file got onto a PC. Computers are not to be trusted, as it is painfully simple to get a computer to download something the owner doesn't want — whether it's a program that displays ads or one that stores illegal pictures. It's possible, that more illicit material is waiting to be discovered. Just because it's there doesn't mean the person intended for it to be there.
So it is quite possible that somebody will put child porn on your computer — and you might not realize it until police knock at your door. These situations become complicated by the fact that actual pedophiles often blame viruses — a defense rightfully viewed with skepticism by law enforcement. The Fiola's case made it very clear that sometimes innocent peoples are punished for the want of cyber evidence because still forensic computing is in the nascent stage. It may create a complex problem for the head of the organizations e.g. CEOs, directors of the companies and IAS officers who are in charge of the e-governance projects to avoid their liabilities in these situations because as per the IT amendment Act 2008 they are vicariously liable for any crime committed through their system and have to provide due diligence that their system is fool proof for any criminal activity.
Associate Professor of Law,
KIIT University, Bhubaneswar, India,
Research Papers: http://papers.ssrn.com/sol3/cf_dev/AbsByAuth.cfm?per_id=1189281