I was interested in a post I read here a minute ago about avoiding charges by claiming your computer had a virus/worm.
In the thread there wasa bit of confusion about the liability a person takes on behalf of thier machine. So I decided to do a little research and came up with this.
In one case that was being watched as a bellwether by computer security experts, Aaron Caffrey, 19, was acquitted earlier this month in the United Kingdom on charges of hacking into the computer system of the Houston Pilots, an independent contractor for the Port of Houston, in September 2001.
Caffrey had been charged with breaking into the system and crippling the server that provides scheduling information for all ships entering the world's sixth-largest port.
Although authorities traced the hack back to Caffrey's computer, he said that someone must have remotely planted a program, called a "trojan," onto his computer that did the hacking and that could have been programmed to self-destruct.
In two other cases, British men were accused of downloading child pornography but their attorneys successfully argued that trojan programs found on their computers were to blame.
In all three cases, no one has suggested that the verdicts were anything other than correct.
Some legal and security experts say the trojan defense is a valid one because computer hijacking occurs all the time and savvy hackers can easily cover their tracks.
"I've seen cases where there is a similar defense and it could work or not work based on corroborating evidence" such as how technical the defendant is, said Jennifer Stisa Granick, clinical director of the Sanford Law Center for Internet and Society.
It is relatively easy to trace a hack back to a particular computer, but proving that a specific person committed the crime is much more difficult, she and others said.
Someone other than the computer owner could use the machine, either by gaining physical access or remotely installing trojan software that was slipped onto the computer via an e-mail sent to the computer owner or downloaded from a malicious Web site, they said.
"On the one hand, this is 100 percent correct that you can not make that jump from computer to keyboard to person," said Bruce Schneier, chief technology officer at Counterpane Internet Security based in Cupertino, California. "On the other hand, this defense could [be used] to acquit everybody.
"It makes prosecuting the guilty harder, but that's a good thing," he added.
Mark Rasch, former head of the U.S. Department of Justice computer crime unit, agreed.
"The more difficult problem is people could actually go to jail for something they didn't do" as a result of trojan programs, said Rasch, chief security counsel for computer security provider Solutionary. "If I want to do something illegal I want to do it on someone else's machine."
But Dave Morrell, a computer consultant for the Houston Pilots who worked with the FBI after the attack, said the defense also opened the door to hackers.
"It sets a precedent now in the judicial system where a hacker can just claim somebody took over his computer, the program vanished and he's free and clear," he said
Michael Allison, chief executive of computer forensics firm Internet Crimes Group in Princeton, New Jersey, said experts should have been able to prove if there had been a trojan on the computer in question.
The defense is likely to become more widespread especially given the increasing use of "spyware" programs that can be used by hackers to steal passwords and essentially eavesdrop on a computer user, experts said.
"The emergence of spyware will only enhance these claims," said Michael Geist, a law professor at the University of Ottawa Law School in Canada. "We're going to have to sort through the level of responsibility a person has for operating their own computer."
The trojan defense has not yet been put to the test in the United States.
If such a defence can be used for downloading Childporn and major hacks, then it would be very hard to block it from applying to P2P.
I mean it wouldnt be a hard case to argue.
Those EVIL people who use Kazaa have obviously hacked into my computer and without my knowledge installed a trojan which makes my computer act as a file sharer.
Because I have no Mens Rae (Intent) I cannot be liable for an offence.
The only case the prosecution could argue would be that by me not having the latest Firealls and protection I could be liable for allowing the Trojan onto my machine, If that was succesful and that a very big if, because there is a million arguments against it, at the most you would be liable for neglegence which in the circumstances would be very hard to gain a conviction.
So if you ever get caught jus tell em "My Computer Did It !"