A Florida man was sentenced Monday to 10 years in prison after pleading guilty to charges in connection to hacking the e-mail accounts of actress Scarlett Johansson and dozens of other celebrities. Christopher Chaney, 35, of Jacksonville, Florida, had hijacked …
Tags: hacking, Hacks and Cracks, privacy
Washington state is halting its defense of a landmark law requiring online companies to verify the ages of people posting ads offering “adult services.”
Dean Boland. Photo: Courtesy of Dean Boland
An Ohio lawyer who serves as an expert witness in child pornography cases is on the hook for $300,000 in civil damages for Photoshopping courtroom exhibits of children having sex, a federal appeals court ruled Friday.
Attorney Dean Boland purchased innocent pictures of two juvenile girls from a Canadian stock-image website, then digitally modified them to make it appear as if the children were engaged in sexual conduct.
Boland was an expert witness for the defense in a half-dozen child porn cases and made the mock-ups to punctuate his argument that child pornography laws are unconstitutionally overbroad because they could apply to faked photos.
As a result, in 2007 he found himself the defendant in a deferred federal child-porn prosecution in Ohio, even though his exhibits helped clear at least one client of child-porn-related allegations. Now, a federal appeals court is upholding a $300,000 verdict in a lawsuit brought by the parents of two of the girls whose images Boland doctored.
“This $300,000 award undoubtedly amounts to tough medicine for Boland,” the 6th U.S. Circuit Court of Appeals ruled (.pdf) Friday. “When he created morphed images, he intended to help criminal defendants, not harm innocent children. Yet his actions did harm children, and Congress has shown that it ‘means business’ in addressing this problem by creating sizeable damages awards for victims of this conduct.”
Boland, a former state prosecutor, transformed a picture of a 5-year-old girl eating a doughnut into one of her having oral sex. Another photo was of a 6-year-old girl’s face placed on the body of an adult woman having sex with two men. He purchased the pictures from iStockPhoto, according to court records, and morphed them to help child porn defendants make a nuanced legal defense.
The parents of the children, who were not named in the case, lodged the complaint (.pdf) against him in 2007 after learning of the photo morphing from the FBI. Under the 1986 Child Abuse Victims Rights Act, each victim is entitled to a minimum $150,000 in damages.
Boland argued that he was immune from such a lawsuit because, among other reasons, he’d created the images for use in court, never distributed them, and that the First Amendment protected him.
But the court ruled that it was immaterial that Boland never displayed the images outside of court and never transmitted them electronically.
“The creation and initial publication of the images itself harmed Jane Doe and Jane Roe, and that is enough to remove Boland’s actions from the protections of the First Amendment,” the appeals court ruled.
The law under which the parents sued demands proof that the girls suffered “personal injury.” But Boland argued that the children didn’t know about the pictures, a point the appeals court said was immaterial.
“Even if Doe and Roe never see the images, the specter of pornographic images will cause them ‘continuing harm by haunting [them] in years to come,” the appeals court said.
Child-porn laws prohibit “knowingly” accessing child pornography. The morphed images were a bid to demonstrate that the law violated the First Amendment on “vagueness and over-breadth grounds,” because a defendant could not know whether what he was viewing was an actual or virtual image of a child having sex.
Boland did not immediately respond for comment.
Tags: child porn, The Ridiculous
Photo: bloomsberries/Flickr
A federal appeals court ruled that peer-to-peer file sharers can be prosecuted for distributing child pornography by having the illicit files in their open share folders.
That was the ruling by the nation’s largest federal appeals court, the 9th U.S. Circuit Court of Appeals. “Following the First, Eighth, and Tenth Circuits, we hold that the evidence is sufficient to support a conviction for distribution,” a unanimous three-judge panel of the San Francisco-based appeals court ruled for the first time Friday. (.pdf)
California defendant Max Budziak maintained that he believed he disabled the share folder in 2007, before the FBI detected child porn on his computer and downloaded it using the bureau’s “EP2P” program. Budziak was also prosecuted for possession, which he did not challenge on appeal.
The defendant, who had used the now-defunct program LimeWire, claimed that the federal judge presiding over the trial erred when the court failed to instruct the jury that distribution required a jury to find that Budziak took “affirmative steps” to send child pornography to another person. It was an assertion the appeals court did not buy.
Because of the open nature of peer-to-peer file sharing, IP addresses of users are exposed, and easily traced to their owners if they are not using a virtual private network, on an open public Wi-Fi connection or TOR.
The appeals court, which covers nine states in the West, however, did not immediately uphold Budziak’s conviction. That’s because the trial judge did not require federal prosecutors to turn over to the defense the EP2P program and its technical specifications.
“Budziak also identified specific defenses to the distribution charge that discovery on the EP2P program could potentially help him develop,” the appeals court wrote. “In support of his first two motions to compel, Budziak presented evidence suggesting that the FBI may have only downloaded fragments of child pornography files from his ‘incomplete’ folder, making it ‘more likely’ that he did not knowingly distribute any complete child pornography files….”
The appeals court added that “Budziak submitted evidence suggesting that the FBI agents could have used the EP2P software to override his sharing settings.”
The appellate panel sent the case back to the lower court with directions to determine whether the EP2P materials Budziak requested would have led to a different verdict.
Tags: Crime, P2P file sharing
The New York Court of Appeals building. Photo: New York Court of Appeals
Accessing and viewing child pornography over the internet is not necessarily a crime under New York law, the state’s highest court ruled Tuesday.
The unanimous court said that child porn stored in a computer’s browser cache is not enough evidence to convict someone for child-porn possession under state law.
The New York Court of Appeals ruled that the authorities, under New York’s child-porn statutes, must prove that an internet surfer knew that his computer automatically stored cached images, or printed or downloaded the images.
“Nonetheless, that such images were simply viewed, and that defendant had the theoretical capacity to exercise control over them during the time they were resident on the screen, is not enough to constitute their procurement or possession,” Judge Carmen Ciparick wrote (.pdf) for the court.
(A cache contains images or portions of a web page that are automatically stored when that page is visited and displayed on a computer screen. If the web surfer visits a web page again at a later date, the images are recalled from the cache rather than being pulled from the internet, allowing the page to load more quickly.)
Judge Victoria Graffeo concurred with the results in a separate opinion but blasted it nonetheless. She said the decision “will, unfortunately, lead to increased consumption of child pornography by luring new visitors who were previously dissuaded by the potential for criminal prosecution.”
Patrick Trueman, president of Morality in Media, also decried the decision, saying the court has given “permission to pedophiles and child molesters to continue the sexual molestation and recording of child sex abuse.”
High courts in Georgia and Alaska have ruled similarly. To counter similar rulings by two federal appeals courts, Congress in 2008 amended federal child-porn statutes to include language making it a crime to “knowingly access” child porn.
Child pornography generally may be prosecuted as either a state or federal crime.
The case before New York’s highest court concerned James Kent, a former Marist College professor, who claimed the thousands of child pornography images found on his work computer were for a research project.
In 2007, his computer hard drive was malfunctioning. College technicians examined the hard drive for defects and encountered the porn, much of it downloaded and stored. The high court’s ruling did not alter James Kent’s 141 convictions in connection to downloaded child pornography, but it reversed the two convictions dealing with porn discovered in the cache.
He was sentenced to an indeterminate term of one to three years, which is unlikely to change under the court’s decision.
Tags: cache, child pornography, Crime
Naked Security readers have asked us once again to warn of a rapidly-spreading photo-tagging scam on Facebook, this time with the grammatically curious title This Girls Must Be Watch Out Of Her mind After Making This Video.
Here’s one wise Facebook user’s advice:
We first wrote about this sort of scam back in April. Just look at the Request for Permission dialog from a typical rogue application:
Let’s look at those permissions:
* Access my basic information. That seems OK, since you’re agreeing to share information which you’ve shared already.
* Post to my Wall. This lets an application act as if it were you. Think about this: it can post anything, about anyone, linking to anywhere, in your name. You are giving the application the right to offer statements and opinions on your behalf, without asking you. That’s an awful lot of power.
* Access my data any time. Combined with the previous permission – to speak on your behalf – this is very close to giving the application a power of attorney over your Facebook account. Do you ever really want to do that?
* Access my photos and videos. This effectively removes any privacy controls you enjoy over images of your personal life.
Now that Facebook has universally enabled its facial recognition service, whereby your friends can tag you in photos in which Facebook suggests you appear, photo-tagging has really taken off.
And a new way of abusing the abovementioned power of attorney is open to rogue Facebook applications: deliberately tagging you in images in which you don’t appear.
In this latest scam, which borrows a long-running prurient Facebook meme about “Girl must be out of her mind,” you appear to be tagged in a pornographic, or at least semi-pornographic, movie, which is then recommended to your friends.
Of course, this raises two questions about Facebook’s facial recognition. Firstly, now it’s universally enabled, why does it allow you to be tagged in photos in which you obviously don’t appear? (The April scam I linked to above tagged you in photos of food which contained nothing even vaguely resembling a human face.)
Secondly, is it really acceptable to allow tagging without the permission of the taggee? Back in March, we wrote about a judgment in the Kentucky courts which decided that the law does not require the taggee to be asked. But is that a good enough standard for Facebook to follow?
Facebook will notify you when a friend tags you, but I’d love to see that changed to a stricter default. You should be notified and be asked to approve the tag before it is accepted by the system.
Lastly – and this shouldn’t really need saying, but I shall say it anyway- DON’T APPROVE FACEBOOK APPS, TAKE SURVEYS, OR PROACTIVELY LIKE ANYTHING in return for access to a video.
If you really must see for yourself whether This Girls Must Be Watch Out Of Her mind After Making This Video, why don’t you just search for it on YouTube, thus sidestepping the Facebook scammers entirely?
Or learn a touch of restraint, because it goes a long way towards improving your security online. In short, THINK BEFORE YOU CLICK.
Keep abreast of the latest Facebook security threats by joining the 100,000 strong community up on the Sophos Facebook page.
Follow @duckblog
-
PS. My apologies for SHOUTING above. But we ought to know better by now!
