Announcement

Collapse
No announcement yet.

It's now illegal to get public info from public servers... in North Dakota anyway

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • It's now illegal to get public info from public servers... in North Dakota anyway

    This is Just Fucking Sad™

    Ever been prosecuted for tracking spam? Running a traceroute? Doing a zone transfer? Asking a public internet server for public information that it is configured to provide upon demand? No? Well, David Ritz has. And amazingly, he lost the case.
    you can read the whole article about a guy who fights spam by doing the customary lookups, checking for open relays, and posting his findings publicly as well as to relevant administrators. more from the judge in the case who apparently has sawdust where her brain should be...
    “Ritz has engaged in a variety of activities without authorization on the Internet. Those activities include port scanning, hijacking computers, and the compilation and publication of Whois lookups without authorization from Network Solutions.”
    want to know the most serious offense this man committed? you know, the "hijacking computers" part of his crime? when some large providers refused to agree with him that open relays were present on their networks, he dispatched his abuse report email to their relevant contact address while routing it through the open relay saying something along the lines of "NOW do you believe me? shut this asshole customer down, please."

    yeah... and for that, the man was hit with fines and court penalties in excess of $60,000.

    looks like the Register also picked up this story.
    Last edited by Deviant Ollam; January 18, 2008, 08:28.
    "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
    - Trent Reznor

  • #2
    Re: It's now illegal to get public info from public servers... in North Carolina, any

    Damn.

    It's hard not to be depressed when crap like this happens.

    Guess I'll go ask permission to cross the street and buy a cup of coffee. Not looking forward to finding someone with enough authority to grant permission to dispense of the used coffee cup in a public trash bin.

    Comment


    • #3
      Re: It's now illegal to get public info from public servers... in North Carolina, any

      Sounds like the judges are spam customers.

      Comment


      • #4
        Re: It's now illegal to get public info from public servers... in North Carolina, any

        Don't panic yet.

        First of all, the ruling is probably flawed, in that the judge doesn't seem to know squat about what is public information information on the Internet, and what isn't, and that her conclusions about this are incorrect. I suspect that it may get overturned based on her incorrect technical interpretations and how those are applied under North Dakota criminal statutes.

        It's also less than clear what the findings of fact are in this case since much of it is sealed, so we're drawing conclusions from less than full information. That the case was sealed in the first place seems to be because of Mr. Ritz's actions in violating a prior injunction.

        Secondly, since this is a civil ruling that essentially says Mr. Ritz was wrong doing what he did, and as such, no precedent is set under future interpretations of criminal law. Civil law is entirely different arena than criminal law. The rules are a lot looser, and both sides get to pull more sneaky punches than are allowed in criminal court. Mr. Ritz has not been charged with a crime under ND law, at least according to the reports on the case thus far. While the judge appears to think that he may have violated the criminal law, it would take a prosecutor to make the actual determination, draw up charges against Mr. Ritz, and subsequently have another judge to rule that way in a criminal trial. If all that were to happen, then it might be an issue.


        Bottom line: While this is something to be concerned about, and to watch, there is not reason to panic yet. Judges get overturned on this type of thing fairly regularly.
        Thorn
        "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

        Comment


        • #5
          Re: It's now illegal to get public info from public servers... in North Carolina, any

          Why should compiling the results of whois lookups make any difference? It's public information anyway.

          By the way, it's North Dakota, not Carolina.
          One Nation Under Surveillance
          "War is Peace, Freedom is Slavery, Ignorance is Strength."

          Comment


          • #6
            Re: It's now illegal to get public info from public servers... in North Carolina, any

            It doesn't sound like the judge has any kind of knowledge in this arena to begin with, although I would question his attorneys ability to effectively represent his client as well.


            It could very well be he got stuck with a public defender, and you can imagine how that works out for ya.

            It's a good thing there is an appeals process. Hopefully he'll seek better representation.
            Cliff Stoll...because real IT history is cool.

            Comment


            • #7
              Re: It's now illegal to get public info from public servers... in North Carolina, any

              Originally posted by blackhawk View Post
              It doesn't sound like the judge has any kind of knowledge in this arena to begin with, although I would question his attorneys ability to effectively represent his client as well.


              It could very well be he got stuck with a public defender, and you can imagine how that works out for ya.

              It's a good thing there is an appeals process. Hopefully he'll seek better representation.
              Public defenders only do criminal cases, never civil cases. This is a civil case. If you're going to make an inflammatory and derogatory statement regarding a group of professionals, you might at least give them the courtesy of knowing what areas they work in, and the kind of cases they represent. Not that it applies here, because, again, this is a civil case, but public defenders are usually very poorly paid in comparison to their colleagues in private practice, have extraordinarily high caseloads, but usually maintain a belief in giving their clients the best possible defense.

              Disclaimer: Criminal defense attorneys and I would rarely ever see eye-to-eye on what the clients did, or what court decision would best serve justice. However, I recognize that the majority or them, including public defenders, honestly were trying to do the best for their clients, even when (or maybe especially when) they were giving me a grilling on cross-examination.
              Thorn
              "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

              Comment


              • #8
                Re: It's now illegal to get public info from public servers... in North Carolina, any

                Originally posted by Thorn View Post
                Public defenders only do criminal cases, never civil cases. This is a civil case. If you're going to make an inflammatory and derogatory statement regarding a group of professionals, you might at least give them the courtesy of knowing what areas they work in, and the kind of cases they represent. Not that it applies here, because, again, this is a civil case, but public defenders are usually very poorly paid in comparison to their colleagues in private practice, have extraordinarily high caseloads, but usually maintain a belief in giving their clients the best possible defense.

                Disclaimer: Criminal defense attorneys and I would rarely ever see eye-to-eye on what the clients did, or what court decision would best serve justice. However, I recognize that the majority or them, including public defenders, honestly were trying to do the best for their clients, even when (or maybe especially when) they were giving me a grilling on cross-examination.
                My mistake on the civil / criminal case thing.


                While public defenders WANT to give the best to their clients ( I can agree there) their overwhelming case load would dictate that they cannot.
                Last edited by blackhawk; January 19, 2008, 06:40.
                Cliff Stoll...because real IT history is cool.

                Comment


                • #9
                  Re: It's now illegal to get public info from public servers... in North Carolina, any

                  Originally posted by blackhawk View Post
                  It doesn't sound like the judge has any kind of knowledge in this arena to begin with, although I would question his attorneys ability to effectively represent his client as well.


                  It could very well be he got stuck with a public defender, and you can imagine how that works out for ya.

                  It's a good thing there is an appeals process. Hopefully he'll seek better representation.
                  I really begin to wonder how safe any of us are out here when the lawyers and judges lack the fine technical knowledge to differentiate between all the harmless free flowing Internet noise generated out here and a penetrating intentional breach of security.

                  Comment


                  • #10
                    Re: It's now illegal to get public info from public servers... in North Carolina, any

                    I think the real problem was that in his zeal to see open relay servers stopped; then using one where he had no clear or legal authorization is where the line was crossed. The rest is simply legal pile on to make the case more substantial.

                    xor

                    You can draw from a lot of regular criminal laws even though it wasn't a criminal case. Just because a door is open, doesn't mean you have the right or permission to come in and enter. Usually when it's related to business people aren't as quick to press criminal charges, civil however as Thorn indicated are a totally different game; just ask O.J. For all we know it could have been a honey pot for the ISP trying to stop & track spammers. When it comes to business there isn't as much money to be made pressing criminal charges, civil charges are where the money is to be made. You put someone in jail though righteous isn't going to get you your damages quickly having said person making $0.40/day. You really want that person out in the real world making money so they can pay you your damages.
                    Last edited by xor; January 19, 2008, 14:28.
                    Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                    Comment


                    • #11
                      Re: It's now illegal to get public info from public servers... in North Carolina, any

                      Originally posted by Greyhatter View Post
                      I really begin to wonder how safe any of us are out here when the lawyers and judges lack the fine technical knowledge to differentiate between all the harmless free flowing Internet noise generated out here and a penetrating intentional breach of security.
                      Another part of the problem with all of us looking at this case (aside from the lack of facts due to the sealing) is that we know and understand these technical details, and can see that the quite obvious flaw in the decision because we know how things like whois are designed and are intended to work. The courts do not.

                      But it's important to note that courts never do know these things.

                      At least in general; there is on notable exception which I'll come back to later.

                      It isn't just technical knowledge about the Internet, judges and lawyers don't know squat about most any other subject besides law. That's why there are expert witnesses.

                      Take a completely different -yet still highly technical- example: A liability suit involving a product. Let's be specific, and make it an automobile. Now most judges and lawyers probably drive, but aside from having to put gas in it when the Fuel Gauge approaches "E", and changing the oil at the recommended interval, you'd probably be hard pressed to get the average lawyer or judge to name the basic, rudimentary four cycles of internal cobustion used in most cars today, never mind the more complicated interactions of an automobile functioning at high speed on a road surface. Sure, you'll find some that are Saturday afternoon mechanics, just like you probably find some lawyers who know some computer technology, but the vast majority of them do not. So what do they do? Do they all take 4 years to become experts themselves on automobile engineering? Do they then add on an additional 6 to 10 years to study the subjects like physics, tire engineering, and hydrodynamics needed to know what happens when a car crashes on a rain covered roadway? Hell no, they call in expert witnesses who already know all of those things, and can lend their expertise and professional opinions to the court.

                      Will this change in regards to the Internet? Maybe. The exception I noted above, and the precedent that make make for a "computer/technology court" in the future are environmental courts that the Federal Government and most states have now instituted. You take a group of judges and give them specialized training in the rudiments of the sciences behind the given subset of laws and hopefully they then make sound judgments based on both the law and the science.

                      But the it was a long time before the environmental courts were set up in most cases. Many of the environmental laws were first passed in the late 1960's and early 1970's. A widespread need for a specialized court system well versed in both those specific laws and those specific sciences really didn't start to be realized until the late 1980's and to mid-1990's, at which time the environmental courts started to be created. That's a span of twenty to thirty years before the need was perceived and acted upon. I'm sure before those courts came along, there were a lot of bad decisions based on incomplete (or completely lacking) technical knowledge of the judges and lawyers.

                      The Internet, at least the "Internet" used by the general public today as most know it, was not really functional until about 1995. That's just 13 years ago. While that may be a huge number in the technology arena where anything over six months is old and quaint, it is a very small number for court systems. Courts commonly make decisions based on prior cases that are easily 50 to 60 years old, and it is not uncommon for precedents to be well over a century.

                      If the environmental court model holds true, you might see a series of specialized tech/Internet/computer courts come into existence in the next 10 to 15 years. In the meantime, a lot of courtroom decisions involving these things will probably be dead wrong from a technical point of view.

                      Does this seem logical? No, not at all, but as Oliver Wendell Holmes, Jr. wrote in 1881, "The life of the law has not been logic; it has been experience."
                      Thorn
                      "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                      Comment

                      Working...
                      X