Supporting Safe and
Responsible Internet Use
Malware and Porn Traps:
What Schools Can Do
Many educators are aware of the tragic case of Julie Amero, a 40-year-old substitute teacher who was convicted in January 2007 of impairing the morals of minors" for allegedly showing students online pornography. All indicators are, however, that Julie, rather than deliberately accessing online pornography, was the victim of a computer that had been porn trapped" due to inappropriate online activity by students.
Pornographic images started to pop-up on the computer just as the first-period class entered the classroom where Julie was substituting. Julie, who has limited computer expertise, had been told not to turn off the computer. Moreover, she apparently didnt know how to turn off the computer or monitor. So she turned the screen away from students and tried to get the images to go away -- not realizing that it was an impossible task. Despite her efforts, a few students were able to briefly view images, primarily mild erotica. Most of those students, by their own reports, knew what was happening and were intentionally trying to see what was on the screen.
It is quite evident that in the case of Julie Amero, the districts technical security was woefully and sorely lacking. Amero had not been provided with appropriate instructions on use of the computer or of what actions to take if inappropriate materials appeared on the screen. It also is apparent that the investigation was thoroughly mishandled. (My report on the case is available on my Web site at http://csriu.org).
COULD IT HAPPEN TO ME?
While discussing the Amero case in online forums, I have gotten many e-mails from teachers stating, That could have been me" -- an entirely accurate statement.
But its also important to note that it could happen to any of your students as well. In August 2006, the Crimes Against Children Research Center issued a report
on the issue of youth access to online pornography. The researchers surveyed 1,500 youth between the ages of 10 and 17. The study revealed that 42 percent of youth reported being exposed to online pornography in the 12 months prior to being asked. Of that group, 66 percent said it was not intentional. The accidental access reportedly occurred because of misspelled Web addresses, pop-up advertisements, or spam e-mails. More than three-quarters (79 percent) of the unwanted exposures happened at home. Nine percent happened at school; five percent at friends homes, and five percent in other places, including libraries.
The following point must be made absolutely clear to all school administrators and police officers: There are various forms of malware" (malicious software) or Web sites with porn traps" or mouse traps" (a Web site feature that essentially takes control of the browser and causes pornographic sites to pop up when the user tries to exit). Malware and porn traps are lurking on the Internet, just waiting for someone to make a mistake that will result in the display of objectionable material. Mistyping URLs or accidentally clicking unknown links also can result in unintentional access to inappropriate material.
Because of the presence of malware, porn traps, and other ways to get to inappropriate material, three essential strategies must be followed by schools to prevent accidental access as much as possible and to provide everyone -- adults and children -- with the specific knowledge of what to do if they get porn trapped. Those three strategies are:
- Technical security: Computers need effective firewalls, security software that protects against malware, and browsers that limit pop-ups. Filtering software can provide some protection (while presenting other concerns), but is less effective against malware and porn traps because such software allows users access to sites that have not yet been identified by the filtering company. Obviously, peer-to-peer networking software never should be installed on any computer a child has access to because such software can be a source of pornography and malware. Younger students only should use the Internet in protected environments -- previewed sites and closely controlled exploration. It is critically important, however, that everyone understand that none of those technologies or precautions will provide 100 percent protection!
- Education: All school Internet users -- all staff (including substitute teachers) and all students -- must understand how to avoid accidental access -- and know exactly what to do if they do get porn trapped." Unfortunately, the false security that is grounded in reliance on fallible filtering software has resulted in a failure to teach those strategies. All uses must know:
- Read, think, then click. Never click a link unless good indicators exist that the link will go to appropriate materials. If in doubt, dont click.
- Dont type URLs. Some porn sites use URLs that are similar to popular sites, hoping the porn site will be accessed when the user mistypes the URL. Rather than typing URLs, users should type the name of the site in a search engine and then carefully evaluate the search return to make sure they are accessing the desired site.
- Watch out for porn spam. Dont open suspicious e-mail messages and never click a link in an e-mail message unless all indicators are that it is legitimate.
- Turn off the monitor and ask for help. If inappropriate material appears on the screen, the appropriate response for any child or adult with limited computer skills is to turn off the screen (make sure the user knows exactly how to do that) and contact someone for assistance. More sophisticated computer users can force quit the browser by holding the Control-Alt-Delete keys, highlighting the browser name, and clicking "End task" or Force quit," or simply shut down the computer. After any event such as that, someone with computer expertise must evaluate the computer and incident to determine how it occurred and take corrective measures.
- Appropriate investigation. Anyone who is accused of intentionally accessing inappropriate material deserves the presumption of innocence, because accidental access is clearly highly possible. The determination of whether such access was accidental or intentional must involve a full analysis of the situation, especially what the individual was doing before the incident and how that person responded, as well as an analysis of the computer itself. The following guidelines are recommended:
Thanks to Joel VerDuin, Director, Information Services, Wausau School District, WI, for his help in outlining these standards.
- Authorize specific, qualified personnel to conduct such analysis and establish guidelines for notification of district leadership to be followed whenever such analysis is conducted.
- Secure the computer. Image the hard drive so that the analysis is made of a copy and the original is not damaged during the investigation.
- Examine the computer for any evidence of "unusual" software -- spyware, adware... Those programs almost always leave signature traces in the registry, list of services, or start up menu.
- Examine logfiles of Internet traffic to determine if the pattern of access appears to be intentional or random. When evaluating the logfiles, it usually is possible to tell if someone was engaged in intentional access. For example, a Google search, using search terms associated with inappropriate material, followed by use of links on the search return is evidence that the person specifically searched for inappropriate material. The investigator can retrace the sites in the log and see if it is possible to go from one page to another by selecting links. If malware or a porn trap is involved, the sites usually appear in a random manner and do not use any links on a given page. Another indicator is the length of time between page loads. Someone intentionally looking for material generally will spend some time looking at the site, whereas pop-ups likely will emerge in a more rapid manner.
If there is any possible silver lining to the tragedy of the experience suffered by Julie Amero, it is this: The case clearly has raised awareness of the problem of accidental access of pornographic material, the need for more attention to security measures and education, and the dangers of falsely accusing totally innocent individuals.
The opinions expressed in this article are those of the author and do not necessarily reflect the opinions of Education World.
Copyright © 2007 Education World