Trojan Horse a Valid Defense

A British Court has acquitted Julian Green, an individual accused of possessing child pornography when police siezed his computer in October 2002.

This month, Mr. Green was acquitted in Exeter Crown Court after arguing that the material had been gathered without his knowledge by a rogue program created by hackers -- a so-called Trojan horse -- that had infected his PC, probably during innocent Internet surfing. Mr. Green, 45, is one of the first people to use this defense successfully.

This case may pave the way for the legitimation of the defense for computer crimes generally, and has extensive implications upon the evidential requirements for successful cyber-criminal prosecutions. Part of the dubidity of this defense is that it is a difficult, highly technical process to prove whether or not the alleged actions (or, in this case, accesses of illicit materials) were performed knowingly and with mens rea.

Many backdoor (Trojan) programs are capable of depositing files onto an unsuspecting user's hard drive, delete or modify files and preferences, and potentially fabricate a trail of misleading evidence. Careful analysis of system logs and temporary files is essential, but a competent cracker (or accused, for that matter) could easily cover their tracks sufficiently to mislead investigators. The practical effect is to render proof beyond reasonable doubt very difficult to attain, meaning that future possessors of illicit materials may be incorrectly acquitted.

The highly specialised nature of computer evidence and the often megre technical knowledge of legal professionals, juries, and judges is troubling. A careful prosecuting attorney may be able to misleadingly construe evidence against an innocent accused, or we may enter a new era of expert witness battles. One approach adopted by the Fourth Circuit Court of Appeals was to accept evidence obtained by a vigilante hacker who spied on the accused and reported illicit material to law enforcement authorities. His defence counsel claimed that the means by which evidence was obtained was unlawful and in violation of his Fourth Ammendment rights, but the appeals panel - reversing the decision of the Virginia District Court - held that there was no violation because the hacker was not a member of or working in collaboration with government law enforcement at the time of obtaining the evidence.

While this approach has its merits, it does appear to condone the illegal use of computers by individuals and vigilante law enforcement thereby (even if for the sake of society's current spectre). Vigilante hackers get off scott-free, while others face jail terms longer than purveyors of the illicit materials in question! A fair (but practicable, lawful) way to examine digital crimes must be implemented if we are to prevent injustice, but exactly how this might be done remains largely uncertain.