The cautionary tale of Matthew Bandy is burning up the Internet, especially tech sites. Until recently, the 16-year-old Arizona boy faced life imprisonment for possessing child pornography; each of the nine images on his computer carried a possible 10-year sentence.
Matt adamantly denied the charge, although he admitted visiting adult sites.
The caution: Your computer could be storing and distributing child pornography without your knowledge. It could be what is called a zombie. A virus, worm or bot may have almost invisibly infected your operating system, perhaps when you opened an email attachment or clicked on the wrong (not necessarily adult) website.
The infection allows another person to remotely access your hard drive. Often, the third party tries to capture financial information such as bank account numbers. Often, he stores data on the hard drive and uses your computer to distribute spam, including pornography.
(For a fuller explanation of this process, click on Are You In Danger, Too?)
Like ID theft in the 90s, the problem of zombie PCs is just emerging. Estimates of its prevalence vary, with the upper bound being about 8 million active zombie computers. The respected computer firm Symantec offers the more conservative estimate of 4 to 5 million; one fourth are believed to be in America.
According to Microsoft, zombie computers are currently the major threat to security industries. Dmitri Alperovitch, a research scientist at CipherTrust, observes that, during one recent outbreak, new zombies went up from 214,000 every day in the previous week [mid-August 06] to 265,000 every day. Windows operating systems are most vulnerable.
Estimates may be speculative, but the consequences of having child porn on your computer are clear...as the Bandy case illustrates.
Matts story is one of over-zealous prosecution under a law that should not exist: that is, the mere presence of images on your computer should not result in criminal charges because they result from an infection.
By all accounts, Matt was a normal teenager from a good family who had no run-ins with authority before Dec. 16, 2004. At 6 a.m. that morning, several policemen pounded on Bandys front door, ordering his mother and sister outside and waking his father at gunpoint; he was sleeping in late due to his duties as an emergency room physician.
What caused the raid? Child pornography had been uploaded to a Yahoo Group from an IP address associated with the familys computer; law enforcement was alerted.
The police found several child porn images on the Bandys computer along with traces of the email address used to upload the pictures. Police dismissed the fact that, on one of the dates indicating activity related to the images, no one had been in the Bandy home. They also disregarded two polygraph tests that Matt voluntarily took and passed as well as a voluntary psychiatric exam that found him to be a normal teenager and not a pedophile.
Clearly, the detectives investigating Matts case had little training or interest in computer forensics. For example, they refused to examine the hard drive for evidence of infection. The County Attorneys office fought requests from the Bandys to have their confiscated hard drive forensically examined. Only after the Arizona Supreme Court ruled against the Attorneys office was an examination performed by expert Tami Loehrs.
She found more than 200 infected files and, on Sept. 25, 2005, she reported, With no firewall protection in place, it would be virtually impossible to determine if, when or by whom the system was compromised. [I]t would be impossible to state with certainty which activities were conducted by users within the household and which activities were the result of one of the many malicious software applications and/or outside sources such as hackers.
Benjamin Edelman, a computer security expert, indicates how quickly a computer can become infected. I recently tested a WindowsMedia video file...On a fresh test computer, I pressed Yes once to allow the installation. My computer quickly became contaminated...All told, the infection added 58 folders, 786 files, and an incredible 11,915 registry entries to my test computer. Not one of these programs had showed me any license agreement, nor had I consented to their installation on my computer.
Such infections are usually invisible to the average computer user. (To see how this can happen to your computer, click on What was done to Matthew Bandy can happen to you.)
Matt was indicted on nine counts of posession of images of child pornclass 2 felonies just one level below murder. He could have received a 90-year prison term from a judge who had no discretion in sentencing. On Dec. 2, 2005, Matt pleaded not guilty but was required to wear an electronic monitoring band around his ankle thereafter.
Meanwhile, as the boys innocence become increasingly apparent, the District Attorney offered a series of plea bargains. Matt ultimately pleaded guilty to three class 6 undesignated offenses. These are non-dangerous, non-repetitive offenses under the criminal code which result in probation, not imprisonment. His specific crime was showing a Playboy to 3 schoolmates, an act of furnishing harmful or obscene material to minors.
Matts attorney commented this may be the only time an American teenage boy has ever been charged with a felony for showing adult pornography to his friends. Nevertheless, Matts case had become high-profile and the State seemed determined to successfully charge him with something.
The guilty plea was not a real admission of guilt. Matts mother explained, Over the last year our belief and faith in the judicial system has eroded. Fundamental beliefs such as innocent until proven guilty, the police are there to serve and protect, they would never lie to you, everyone has a right to a FAIR trial have become no more than fairy tales to us.
His parents knew that a young boy convicted of sex offenses in state prison was vulnerable to constant rape, with suicide a real possibility.
Instead, Matt chose 18 months probation, with sex offender terms attached. Matthew explained what the latter meant: I have to stay away from children, I cannot be around any area where there might be minors, including the mall, or the movies, or restaurants or even church. To go to church I have to have written consent from our priest, I have to sit in a different pew, one that doesnt have a child sitting in it.
He did not leave the house for fear of encountering a child and, so, violating his parole.
After ABCs news show 20/20 took an interest in the caseit was featured on a Jan. 12 broadcastthe sex offender terms were dropped.
The Bandys two-year nightmare might be winding down, but the family has been financially ruined by over $250,000 in legal costs.
Whatever is written about this case should end in a conclusion that is phrased as a demand: the mere presence of child pornography on a computer must not be illegal. Laws must be rewritten or repealed to take into account the technological realities with which we all live.
Unfortunately, states and Congress are heading in the other direction by pushing for harder laws and penalties for mere possession. If such laws prevail, then you may find yourself in the same position as Matt: innocence will not be a defense.