What You Don't Know Can Hurt You -- When it's on Your Laptop

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

In what sounds like a frightening modern update of a Franz Kafka novel -- albeit with a different and marginally happier ending -- child pornography charges were dropped against a Massachusetts man who had been an investigator for the appropriately named Massachusetts Department of Industrial Accidents.


Michael Fiola was facing 2 1/2 years in prison after the state attorney general's office accused him of downloading the content. Fiola, according to this account on PCWorld.com, was saved when an investigation concluded that his laptop was poorly configured and full of malware that could have been responsible for the downloads.


Specifically, the investigators found that the Microsoft Systems Management server software was misconfigured and not receiving updates and the Symantec antivirus also was misconfigured or was not working properly. Malware could also have accounted for Verizon broadband usage that was four times the average, the yellow flag that caused the initial investigation.


It doesn't get much scarier than being falsely accused of downloading child pornography. The tragic thing is that it is unlikely that the cloud over Fiola will ever completely disperse. His wife was hospitalized for stress and the family has health insurance payments greater than its mortgage. The story refers to a similar case, in which a teen was accused of downloading child pornography. The individual pleaded to a lesser charge. Now, the story says, experts believe he may have been victimized by a worm.


This CNET commentary on the situation blames Windows and Fiola's IT department. The writer hedges his statements somewhat. For instance, he says that a Mac or Linux-based machine is a better bet than earlier versions of Windows. This revisits an older debate, one that was more common before Microsoft fully addressed the security liabilities of its operating systems.


Though its security status has undoubtedly improved, IT departments must keep abreast of Microsoft. The company's June security update, which addressed 10 vulnerabilities, could not use the System Center Configuration Manager to update machines through the Systems Management Services client. The problem is an error in the wsyncmgr.log file in the Inventory Tool for Microsoft Updates component.


IT departments must pay attention to this case and redouble efforts to protect the employees who rely on them, especially those who take laptops through customs on a regular basis. The Electronic Frontier Foundation and The Association of Corporate Travel Executives last week filed an amicus brief with the 9th U.S. Circuit Court of Appeal supporting reversal of the decision in United States v. Arnold. That decision gives customs agents wide latitude to look at data on computer equipment. Actions can be taken if illegal material is found, even if there was no prior expectation that it was there. This, obviously, can be a big problem if the traveler is the victim of surreptitiously downloaded content.


Unfortunately, cases are common involving objectionable images found on work computers. On one hand, there are few things more frightening than being falsely accused of such a terrible crime. It also is true that not having a clear idea of whether laptops are properly configured could create enough uncertainty that potentially guilty parties could evade justice.