The cautionary tale of Matthew Bandy is burning up the Internet, especially tech sites. Until recently, the 16-year-old Arizona boy faced life imprisonment for possessing child pornography; each of the nine images on his computer carried a possible 10-year sentence.
Matt adamantly denied the charge, although he admitted visiting adult sites.
The caution: Your computer could be storing and distributing child pornography without your knowledge. It could be what is called “a zombie.” A virus, worm or “bot” may have almost invisibly infected your operating system, perhaps when you opened an email attachment or clicked on the “wrong” (not necessarily adult) website.
The “infection” allows another person to remotely access your hard drive. Often, the third party tries to capture financial information such as bank account numbers. Often, he stores data on the hard drive and uses your computer to distribute spam, including pornography.
(For a fuller explanation of this process, click on “Are You In Danger, Too?”)
Like ID theft in the ’90s, the problem of zombie PCs is just emerging. Estimates of its prevalence vary, with the upper bound being about 8 million active zombie computers. The respected computer firm Symantec offers the more conservative estimate of 4 to 5 million; one fourth are believed to be in America.
According to Microsoft, zombie computers are currently the major threat to security industries. Dmitri Alperovitch, a research scientist at CipherTrust, observes that, during one recent outbreak, new zombies “went up from 214,000 every day in the previous week [mid-August ’06] to 265,000 every day.” Windows operating systems are most vulnerable.
Estimates may be speculative, but the consequences of having child porn on your computer are clear...as the Bandy case illustrates.
Matt’s story is one of over-zealous prosecution under a law that should not exist: that is, the mere presence of images on your computer should not result in criminal charges because they result from an infection.
By all accounts, Matt was a normal teenager from a good family who had no run-ins with authority before Dec. 16, 2004. At 6 a.m. that morning, several policemen pounded on Bandy’s front door, ordering his mother and sister outside and waking his father at gunpoint; he was sleeping in late due to his duties as an emergency room physician.
What caused the raid? Child pornography had been uploaded to a Yahoo Group from an IP address associated with the family’s computer; law enforcement was alerted.
The police found several child porn images on the Bandy’s computer along with traces of the email address used to upload the pictures. Police dismissed the fact that, on one of the dates indicating “activity” related to the images, no one had been in the Bandy home. They also disregarded two polygraph tests that Matt voluntarily took and passed as well as a voluntary psychiatric exam that found him to be a normal teenager and not a “pedophile.”
Clearly, the detectives investigating Matt’s case had little training or interest in computer forensics. For example, they refused to examine the hard drive for evidence of infection. The County Attorney’s office fought requests from the Bandy’s to have their confiscated hard drive forensically examined. Only after the Arizona Supreme Court ruled against the Attorney’s office was an examination performed by expert Tami Loehrs.
She found more than 200 infected files and, on Sept. 25, 2005, she reported, “With no firewall protection in place, it would be virtually impossible to determine if, when or by whom the system was compromised. [I]t would be impossible to state with certainty which activities were conducted by users within the household and which activities were the result of one of the many malicious software applications and/or outside sources such as hackers.”
Benjamin Edelman, a computer security expert, indicates how quickly a computer can become infected. “I recently tested a WindowsMedia video file...On a fresh test computer, I pressed Yes once to allow the installation. My computer quickly became contaminated...All told, the infection added 58 folders, 786 files, and an incredible 11,915 registry entries to my test computer. Not one of these programs had showed me any license agreement, nor had I consented to their installation on my computer.”
Such infections are usually invisible to the average computer user. (To see how this can happen to your computer, click on “What was done to Matthew Bandy can happen to you.”)
Matt was indicted on nine counts of posession of images of child porn—class 2 felonies just one level below murder. He could have received a 90-year prison term from a judge who had no discretion in sentencing. On Dec. 2, 2005, Matt pleaded “not guilty” but was required to wear an electronic monitoring band around his ankle thereafter.
Meanwhile, as the boy’s innocence become increasingly apparent, the District Attorney offered a series of plea bargains. Matt ultimately pleaded “guilty” to three “class 6 undesignated offenses.” These are “non-dangerous, non-repetitive offenses under the criminal code” which result in probation, not imprisonment. His specific “crime” was showing a Playboy to 3 schoolmates, an act of “furnishing harmful or obscene material to minors.”
Matt’s attorney commented “this may be the only time an American teenage boy has ever been charged with a felony for showing adult pornography to his friends.” Nevertheless, Matt’s case had become high-profile and the State seemed determined to successfully charge him with something.
The “guilty” plea was not a real admission of guilt. Matt’s mother explained, “Over the last year our belief and faith in the judicial system has eroded. Fundamental beliefs such as innocent until proven guilty, the police are there to serve and protect, they would never lie to you, everyone has a right to a FAIR trial have become no more than fairy tales to us.”
His parents knew that a young boy convicted of sex offenses in state prison was vulnerable to constant rape, with suicide a real possibility.
Instead, Matt chose 18 months probation, with “sex offender” terms attached. Matthew explained what the latter meant: “I have to stay away from children, I cannot be around any area where there might be minors, including the mall, or the movies, or restaurants or even church. To go to church I have to have written consent from our priest, I have to sit in a different pew, one that doesn’t have a child sitting in it.”
He did not leave the house for fear of encountering a child and, so, violating his parole.
After ABC’s news show 20/20 took an interest in the case—it was featured on a Jan. 12 broadcast—the “sex offender” terms were dropped.
The Bandy’s two-year nightmare might be winding down, but the family has been financially ruined by over $250,000 in legal costs.
Whatever is written about this case should end in a conclusion that is phrased as a demand: the mere presence of child pornography on a computer must not be illegal. Laws must be rewritten or repealed to take into account the technological realities with which we all live.
Unfortunately, states and Congress are heading in the other direction by pushing for “harder” laws and penalties for mere possession. If such laws prevail, then you may find yourself in the same position as Matt: innocence will not be a defense.
