Slashdot Mirror
Spammer Can't Have Accuser's Hard Drive
This was a pretty silly request because Joel was suing over spams he received at Hotmail and Yahoo Mail accounts, e-mails which were never stored on his hard drive at all. I think the absurdity of it stands as a good example of what you should be prepared for if you try to take a spammer to court, even if you're represented by a lawyer.
Joel had originally sued the defendant for 49 separate spams under the Washington anti-spam law, RCW 19.190. I generally support anti-spam plaintiffs since I've been one myself a few times. When I've written about this before, a lot of people have wondered if the hourly returns were really worth the amount of time you put into it. I should have made that more clear; even after factoring in clerical errors and judicial bias, the answer really is Yes. Once you get a feel for which spammers and telemarketers can be easily tracked down, and which ones are likely to have money, you have a decent chance of getting a settlement for $500 or more for less than an hour's worth of work, if you do it right , e.g. requesting the forms by mail instead of going downtown to stand in line. (The case takes months to move through the courts, but it's possible to keep your total amount of work spent under 1 hour.) And if you're in Washington, and the same spammer sends you a large number of spams and you save them all, then you have a shot at an even larger prize if you're willing to split it with a lawyer. (Lawyers often work on contingency, after all, and they won't take on the case if they don't think there's a good chance of getting paid.)
But in Joel's case, the defendant had hired their own expert witness, Larry G. Johnson, who wrote a declaration in which he acknowledged that the mails were Yahoo and Hotmail messages, and still said that the only way to determine the "authenticity and source" of the e-mails Joel was suing over, was to get a mirror copy of Joel's hard drive. After Joel showed me that declaration by their "expert witness", and re-iterated that he was suing over Yahoo and Hotmail messages that never touched his hard drive, I volunteered to write my own expert witness declaration for free pointing out, basically, how skull-crushingly stupid the defendant's request was.
At first, I tried looking for some alternative interpretation that might make their request seem less absurd. Johnson's declaration technically requested a copy of "the computer storage media on which the purported emails allegedly reside (e.g. hard drives, CDs, DVDs, floppy disks, etc.)". Perhaps by this he meant that he wanted a mirror copy of one of the hard drives at Hotmail or Yahoo? (Knowing, of course, that they'd fight it to the death, and the case could drag on for years?) But no, the order drafted by the defendant for the judge to sign, said "Plaintiff is ordered to allow Defendants inspection of its computers, computer storage media and subject emails as outlined in Defendants' CR 34 Request for Production and Inspection" -- Joel's computer specifically, not Hotmail's RAID array.
I also said publicly at the time that the real outrage was that their "expert witness" could make this statement when there was no chance he believed it. Larry Johnson's CV lists his credentials: educated at Harvard, admitted to the bar and licensed to practice law in Washington, doing computer consulting for 21 years, and (really) appearing in a movie called "Easier Said" as "Sheriff Tiny". And here he was making a statement, under oath, that could be refuted by a reasonably computer-literate 12-year-old. Not just outrageous that he said it. Not just that he got paid for it. (Actually, that doesn't make me too mad, because it was the spammer who paid him, so it was just transferring money from a full-time societal leech, to someone who is usually gainfully employed and merely amoral.) Outrageous that in the best-case scenario the judge would just ignore the testimony, instead of fining him or putting him in jail, which is what is supposed to happen in theory if someone gets caught lying under oath.
Well, one constant in this business is that the record for Biggest Judicial Outrage in the History of the World gets broken every three weeks.
On June 9, 2006, Judge Richard Jones of King County Superior Court signed the defendant's order commanding Joel to turn over a mirror copy of his hard drive to Sheriff Tiny. Which in practice meant: turn over a copy of your hard drive, or drop the lawsuit, or spend thousands more on an appeal.
I tell people this and I find they can't really believe a judge would go along with a request like that, they think I must be leaving something out. So I urge you to follow the links to the documents above. The defendant asked the judge to sign an order permitting inspection of Joel's hard drive, I wrote a response saying it was bogus, the judge signed the order anyway, and that was really all there was to it.
The way that Washington lower-court judges have handled anti-spam cases so far has been interesting. My experience has been that many of them don't take the cases seriously, but they usually try to find an obscure legal technicality on which to reject the case; probably they don't want a few victories to bring everybody out of the woodwork clutching a copy of their most recently received porn spam. (For example, one judge said the statute only allowed you to "recover" up to $4,000, and claimed that wouldn't apply in my anti-spam cases because I hadn't lost any money. However, in legal jargon, including some Supreme Court cases that I cited, the word "recover" is often used to mean simply taking something from another party, not necessarily something that you've lost. And anyway I doubt that the legislature, when they specified $500 in damages per message, intended for people to first have to prove that they'd actually lost $500.) I think most judges figure that if anybody tries to complain about their treatment in the courts, people's eyes will glaze over at the discussion of the legal technicalities, and it will just sound like someone complaining because they lost.
But once in a while a judge fudges an issue that involves no arcane legal jargon and that everybody can understand. If someone sues over spams received at Hotmail and Yahoo accounts, and a judge makes them turn over their hard drive, that doesn't have enough of an eye-glaze factor. People hear that and understand what it says about the courts.
Still, the judge's ruling stands. Lawyers have a saying that if a judge rules the sky is green, there's not much you can do about it unless you're willing to spend a ton of money.
webmail that was obviously never actually stored on his hard drive
Yeah.... all of those websites you visit and all of the data that comes with them is never stored on your hard drive.
What?
It's going to cost a certain amount of money to mirror a harddrive (say 60-70 dollars for a medium size drive and maybe 40 tops for commercial software. Not that bad. I assume they're trying to draw into question whether the email was ever received and will use the mirror to prove no copies were ever stored on the drive. Is it spam if you don't store it on your computer? (Obviously I still think it is but the law's a twisty thing if it hasn't been bolted down.)
So you cheerfully hand over your live CD with Knoppix.
Settlement? What settlement? What FA?
Why were there no counter requests for
1) copy of hard drives of all spammers computers
2) list of all online identities and accounts used by spammer in last year
If they make it hurt for you, hurt back.
(I have been watching the SCO case)
Move over, Dred Scott, and make way for Subpoenaed Hard Drive Guy!
Incidentally, perhaps given Subpoenaed Hard Drive Guy's Buddy's vast knowledge of computing, perhaps he could have put this on a web page and submitted a link?
What I'm listening to now on Pandora...
It does make you want to know in whos's interest the judge is acting. In his own, in my opinion, as hes' trying to make fighting spammers hard (and even dangerous). That's not his job.
http://what-is-what.com/what_is/spam.html/
I would ask from Yahoo Mail or Hotmail that they turn over a tape containing an image of their customer's inboxes in the datacenter.
But fortunately I am not a lawyer!
-b.
It's Catch 22
1. Maybe they are looking for evidence that you've solicited their spam. That could be on your hard drive
2. They're trying to pry a settlement out of you. People keep lots of personal stuff on their Hard drives, that's why they don't like giving copies away
Starbucks, Harbuckle of Breath.
Ok the title of the summary says the "Spammer can't Have Accuser's Hard Drive", but the entire summary says "Well he was ordered to turn it over, and as much as the judge, witness, defendant are asshats and idiots,the ruling stands". So where the fuck does the can't come from?
Your hair look like poop, Bob! - Wanker.
If you feel entirely convinced that the "expert witness" demonstrably lied under oath, use your right to make a citizens arrest, and formally charge him with perjury. Lying under oath is a crime.
I wonder how many new email addresses that the spammers can extract from that harddrive. They're probably hoping for Joel to forget about all the stored passwords, too.
[sig]
And all this time I've been deleting spam I could have been using it to fund my retirement! Not sure what the wife will think when she logs into our joint e-mail account and finds a folder called "Special evidence" filled with Viagra and Penile enlargement ads though.
Crack - Free with every butt and set of boobs
I'm only half kidding with this.. it wouldn't surprise me if they were looking for anything to slander the plaintiff with, or to at least muddy the waters of the case. Illegally downloaded music, etc..
Oh come on. I would seriously consider this myself. The request in itself is assinine. You can easily boot up the computer with Knoopix, log on to hotmail and yahoo and view the spam. Once you do that, technically, it is the system you viewed and recieved the spam on. If however you deleted the mail already, well I suspect your case is screwed anyway.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
Perhaps a somewhat fitting real-world comparison for this lunacy would have been asking for someone's VCR tapes to prove that a certain television program had been looked, where ofcourse no recording had been made on the program with that VCR.
Don't you guys know anything about SMTP e-mail headers?
The purpose of inspecting the plaintiff's hard drive is to recover evidence that the e-mails were not sent by the defendant, right? And the plaintiff states the spam was sent to his webmail account, right?
There's no way that his browser cache would contain enough verifiable evidence to determine the true origin of the spam. What his browser downloads is an HTML representation of the original e-mail text, and a snippet of info from the mail headers. You won't be able to see all the mail headers in the file. The only way would be to download the e-mails from Yahoo and Hotmail via POP3, or IMAP, or possibly using HTTP if supported, to an authentic e-mail client on the plaintiff's PC - like Outlook, Thunderbird, Evolution, Eudora, etc... Are you still with me?
The only thing the defendant can hope to show is that the plaintiff lied to the court about downloading copies of the actual e-mails including the headers...
Somebody needs to use a clue stick on the judge. Why would somebody go to the trouble of faking e-mail headers to "extort" a measly $500 from an alleged spammer? Well, SCO maybe - but at least they publicly said they'd get 5 billion dollars, not 5 hundred...
"A little misunderstanding? Galileo and the Pope had a little misunderstanding."
At least he admitted he was utterly wrong :-) ...
that deserves a couple mod points for informative
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Discovery is granted casually. You can't stop it.
But protective orders are also routinely granted.
Generally you can arrange it so that neither the opposing party nor their lawyers will be able to actually touch the hard disk, only an independent forensic analyst.
1. buy a brand new pc
2. bring to court
3. log into web mail
4. ?
5. profit!
mod me funny
After reading the declaration, it appears that Mr. Johnson does indeed understand that the emails may not be stored on the plaintiffs HD. And it appears he also is aware that the actual email may be located on the mail servers DB:
... or is available to extract from a computer server database that seamlessly has integrated within it the message text, metadata"
"An email as original electronic 'document' or file is either a single computer file that can be extracted as an intact electronic file from a recipient's 'mailbox'
"The only way to reliably know what the emails in this case actually look like and what information they in fact contain is to view them in the computer environment which they were generated or received"
So he's not actually requesting the plaintiffs computer but instead the computer that was used to recieve the emails. Perhaps to inspect the cache, who knows. But in the declaration he says he wants the HD to be able to view the email in the environment that the plantiff viewed it. The reason is because the plaintiffs 'evidence' is being called into question and if his declaration is accurate on what the plaintiff is providing as the evidence of the emails then I can hardly blame him.
Nice long tirade you have there. The only problem is you are wrong.
There is a fairly good chance that at least some of the web pages viewing those webmails are recoverable in swap space, file slack space, and unallocated space.
- For the complete works of Shakespeare: cat
To which I can only say - let's come on out anyway! That's the point of these statutes - if everybody clogged the judicial system as much as spammers clogged our inbox, someone might do something just to get us off their backs.
And after all, filing lawsuits is a legal right - sending spam is illegal. So we have the upper hand in both regards.
so what would happen if you gave them a clean, freshly installed hard-drive that's just been used to view these particular spam mails in your webmail? I imagine they'd moan that it had been formatted to the judge, but then you get another forum to state that the emails are not stored on the hard-drive they are stored on the hard-drives of the webmail provider and that the other defense counsel is simply hand-waving. how annoyed would the judge be at that sort of tactic?
Assuming for the moment that the email was stored on the plaintiffs HD (it isn't), then it's the defendants job to find any evidence that still exists on the HD. It's true that there will likely not be anything on it that's relevant to the case, but the defendant should have a right to determine that.
AccountKiller
1. When you read webmail, the emails that you read are in fact stored on your hard drive, in your web browsers cache, at least temporarily. If the plaintiff submitted copies of the emails with full headers (which I sincerely hope he did), then there is no reason for this, other than to try to invade his privacy. If not, then that (emails with full headers) should be what they subpeona, not an entire hard drive.
2. I'd read his declaration, but it seems to be in some strange sort of proprietary binary file named with a ".DOC" at the end. I can't seem to find an RFC or any other sort of reference on this file from which to write a suitable interpreter.
Using forensic search methods I was able to prove the case that the defendant had intended to send sensitive materials to the plaintiff's competitors via Hotmail. The cache file was partially overwritten, but there was no mistaking what the browser was able to display, even before cleaning the data space of the offending newer entry. I was able to prove the date, time, to and from addresses, subject, message and attachment as the sender saw it on his screen some weeks prior. What I couldn't prove was that the defendant actually hit the 'send' button. DOH! I was unable to find anything after that date/time showing his Sent folder and there were no replies in the two Inbox page caches I found.
So...just because it's webmail doesn't mean you're free and clear.
I also said publicly at the time that the real outrage was that their "expert witness" could make this statement when there was no chance he believed it.
I work in computer forensics, have submitted affidavits to court and appeared as a witness to be cross examined on my findings. It actually would not surprise me that a computer forensics expert witness might not actually know what he's talking about. Almost every computer forensics person I know who work on the biggest cases, are actually ex-police detectives with some computer training. They have a habit of strictly adhering to "best practices" in their computer forensics investigations, because that is really all they know. They don't understand enough to apply the creativity needed to extract all the important information or attack the other side with any really in-depth arguments. The more complex their affidavits, the greater the chance it and they will be ripped apart in court. They also want to play it safe and not stick their necks out under oath.
Although there are some "best practices" which should be adhered to (like evidence capture), evidence analysis can often benefit from creative approaches, since each case brings new challenges. Confining your analysis to
This often results in quite superficial opinion from expert witnesses on both sides. Few are capable or willing to get very creative and deliver the killer evidence. Regardless of whether they provide case winning evidence or just the stuffy old basics, they're still getting paid.
So what do I see as the end result in most cases where a judge does not understand that which he is judging? The situation where it does NOT come down to who is right, but rather it comes down to who has the most convincing expert witnesses. I see this time and time again and the lawyers all understand this. For them it seems to have become a game where it is all about manipulation of the judges perception, since that is where the weakest point in the whole game is. Not the other sides arguments, witnesses, testimony or affidavits. The judge is the focus, on both sides. The points of the case at hand comes second.
I'm all in favour of making spamming unprofitable: it's the only way we're going to get the scum out of business. However it helps if you are right in both legal and technical respects before getting involved.
The OP is wildly - and legally dangerously wrong - in both his post and in the Declaration he provides. Other people in this discussion have provided ample evidence that yes, your mails are stored on your hard-drive, not deliberately (as in a POP3 client way) but through caching mechanisms. Even if the originating server sets every no cache mechanism known to man, it's up the client to determine whether it is going to pay attention to these instructions.
Secondly, the Declaration is an attempt to say that the screengrabs the plaintiff took should be adequate to *prove* the offense the defendent is supposed to have committed. The judge, unsurprisingly, disagreed with the OP's opinion and ordered the hard-drive turned over.
It's worth considering why that might be. Is it because the judge is a technical incompetent or because the judge is unhappy with the way the plaintiff is unwilling to hand over any evidence in support of their case apart from some screengrabs? The point is not, as it says in the declaration, that headers would be as easy to fake as the screengrabs, but that the plaintiff is unwillingly to do anything to support their case.
The judge might be a technical incompetent, but it doesn't sound like he is a legal incompetent, which unfortunately the OP presents himself.
ask the Plaintiff in a burglary case to turn over the content of their HOUSE to the defendant (just to prove they had belongings?)?
Well, IMHO, IANAL, but I would have done the following:
Go into Internet Explorer. Go to tools|internet options|Termporary Internet Files|Settings.
Set the "Amount of disk space to use" to a 10G or so.
Go and open every spam email.
Clone the hard drive.
Send it to the judge.
Voila.
You could have defeated any intent to have the case dismissed by the "expert witness" by doing something very simple.
"Let the Cache flow through you"
Give him a blank hard drive, and a CD or DVD of Knoppix.
Why not simply go to your local library and access it through a PC there? Or, for that matter, access the files from a PC located in the courtroom building (if one is available)?
Ask for THEIR disk drives, too. If they need Joel's hard drive to validate the validity of their spamming activities, then Joel should have equal access to their disk drives to validate his claims. Declare that to do otherwise would prejudice the court. IANAL, but I'd be willing to fight just as dirty as them.
Hmm... if suing a spammer, I'd recommend reading their emails via a browser from a computer at a library. Sure, maybe you read them elsewhere, but for the purposes of your complaint, go to the library and read them there, and mention that as your complaint. "I received spam, when I was checking my email as I often do via the PC at the library."
Then, if they need 'the hard drive', it's up to the ALA to fight it, and that's a fight no judge wants to start.
A.
Ok, here's where you've got to nail them through use of technology... Whether or not the defense attorney was a moron and knew that the spammer was protected by the fact the email account in question is a Yahoo or Hotmail webmail account is no longer the issue. You got the goods on this weasel, download YahooPops! or a similar Outlook webmail protocol for Hotmail and get those spam emails downloaded to the hard drive of the plantiff. He'll have his evidence, and the judge will have no recourse but to find the spammer guilty. JoeyJam
... then you've got it copied onto your harddrive. Easy as pie.
To me the worst part is that the entire email account is going to be open to outside "experts", so he could kiss any illusions of privacy goodbye. It seems that if one wanted to cash in on the spam gravytrain the way to go about it would be to create a honeypot email account and only read it via a VMWARE or Virtual PC image, or boot from a CD.
A) You can't just escape discovery requests. Sorry. This is why you NEED some legal help. I believe that you're supposed to argue that it's unduly burdensome and apply for protective orders, but you need a lawyer to help you with stuff like that or you'll wind up in deep crap like this if you make a mistake. No protective order means bad things. We all know that the request for your HD is just BS to dig up something else, but it IS true that bits of the email would get cached on your HD. It is not true that it would do them much of any good.
B) In regards to a citizen's arrest, please make sure that you know what the hell you're doing first. Or you'll wind up in situations like, well, this. Honestly, I sincerely doubt you'll be able to do any such thing although it sounds nice. Your best bet is probably to impeach his credibility in the courtroom, but you CAN'T expect the judge to just know how computers work or to accept your say-so. You will need actual evidence or experts with recognizable credentials. Slashdot posts do not count. Try finding authoritative sources of information and pointing out how his statements do not match up with them.
C) You can do discovery too. But it may well be too late, and you can easily get in over your head. Discovery games are one of the places lawyers play hardball. It is one of the reasons why you need a lawyer on your side.
Disclaimer: This is not intended as legal advice. This is intended to point out that you will get screwed over without legal advice. Get help--it might not be too late, but the longer you wait, the more likely you are to get boned. You appear to be in over your head.
So apparently, they DO want everyone to be legal experts but shy away from being experts themselves in everything.
If you pull crap like that, you're likely to be hit with contempt of court charges. You do NOT want to try and game the courts. They're used to it and they punish people for trying to pull crap like this. You do NOT want to lie, especially when the law is on your side.
You need good legal advice. You cannot get that from Slashdot. If you do what the parent post recommends, you are likely to end up in big trouble. You will end up in jail or something equally bad if you attempt to defraud the court with phony evidence. (You can only get away with such things if you're a lawyer, because they know the only ways you can get away with lying to the court... although I suppose I shouldn't call it lying when it's more like intentionally unintentionally withholding the truth.)
But do not take my word for it. Read the FRCP (especially chapter V), the sanctions for violating it, and get legal advice.
Don't you guys know anything about SMTP e-mail headers?
of course we do and so does everyone involved except the judge and maybe the defendant, but that's not what it's about. It's about billable hours and if the lawyer/computer forensics expert (Larry G Johnson) gets to poke around a computer hard-disk for a couple hours, he's $600.00 richer and his client (the alleged spammer) is $600.00 poorer and the plaintiff is wondering if the $500.00 he might win is worth the feeling of being so violated.
Apocalypse Cancelled, Sorry, No Ticket Refunds
hey why doesnt he just use the pop3 services of the webmail to download the emails to his hard drive then its on his computer and badabing it all good
how about encrypting the hd before sending it over.
Let us examine everything you own. You might have done something wrong!
How is this defrauding or lying to the court. If it is the system that you used to access the mail, then it is the system you used to access mail. No lying or defrauding involved. Besides, sometimes the punishment is worth proving someones ignorance.
As an testifying expert I'd like to introduce you to what you've just done to yourself. You see as an expert witness the article you just wrote can be taken and shown to the judge, who will know fully understand how much you respect his opinion and will really apperciate your comments to the public about the proceedings in general. Your friend should feel so lucky to have an expert like you on his side, there is no way this can't help your credibility in front of the judge!
Btw - this is sarcasm.
Is this just a situation where a judge is s*canning a case because he (a) knows that Yahoo or Gmail addresses are the equivalent of a blind P.O.Box address for a business, (b) knows the complaintant can just set up another email account when the first one's filters are clogged, or (c) has way too large a backlog of silly cases that are getting in the way of his reading Groklaw?
Do not mock my vision of impractical footwear
Get LOAd linux on a floppy. Boot it on a PC without a hardisk in it then say that the floopy disk is the hard disk. Its solid isnt it ?
Prove thats its possible to read your email from that system in a usable fashion and turn over the disk.
Or repeat that with the other method using a cd drive and hand over a cd-rom. Note the cd is also hard.
The best justice, is vigilante justice. Now everyone get busy!
I use YaHoo as well as Hotmail. While you can use these services as Webmail, they also can be used as POP3 services as well as forwarding services.
Both sides arguments are somewhat lacking. Having a clone of the users hard drive means nothing. How hard would it be to edit the "mailstore" so the headers are forged? Very simple. A clone proves nothing.
But the reply should have been briefer and said that at no time did the e-mail ever reside on the users hard drive, that he does use webmail (not that he could use it.) That, unlike an internet service providers POP3 mail server where the e-mail does reside on the users hard drive, webmail only resides on the providers hard drive and is viewed locally - not stored locally. That the hard drive required for forensic analysis would be that of Hotmails & YaHoo's. Sure, you don't want to bring them into this case - but what you did bit ya.
In any event, what this tells me is that if I am going to sue over e-mail that I need to have a very simple machine for reading e-mail from which I can before hand have the spam on.
Maybe we need to have a lobby on our side treating these judges to nice dinners and golf outings?
Could you send a copy of the hard drive in 15 kb chunks by email?
I'd be thinking along the lines of 'perjury' or 'attempting to pervert the course of justice'.
The referenced order by the judge said the order must be completed within 20 days from the 9th of June, 2006. -- The article doesn't say what happened, never mind that the title is wrong, and hasn't been corrected!
This is actually a very shrewd legal move. If the defendant could have demonstrated that the email never was on a computer solely under the control of the plaintiff, and that the only source of the email was on the Webmail server, and that the plaintiff voluntarily clicked on the email header to read it, then the anti-spam law might not apply. It wouldn't be spam if it can be demonstrated that the plaintiff took action intentionally to read or view the contents of the mails. I'm not saying that would necessarily be the decision of the court, but it's certainly one possible defense.
It could also be argued that a free webmail account might be considered a public resource, thus the spam laws would, again, not apply.
Thirdly, the defense argument could be based on the availability of anti-spam measures. If the plaintiff was negligent in setting his spam filters, then he could conceivably be viewed as having contributed to his receiving them. Taking reasonable steps to prevent the reception of spam might be viewed as a necessary component to have cause for legal action.
Lastly, if the defendants could demonstrate that other spam was received by the plaintiff, and no legal action was taken as a result, the defense could mitigate damages awarded, or possibly have the suit thrown out entirely, because of the plaintiff's selection of whom to sue based on content of the spam, not its existence.
As I said, that discovery request was a very good idea of the defense. I wouldn't be surprised to see it become a lot more common.
I guess the parent anonymous post is originated by spammer :)
There is no possible trouble in doing what the recipe says - i.e. get the disk-less terminal and reading e-mails from it. And I think then it will be easier to prove that e-mails were downloaded and are stored at Hotmail datacenter.
Yet another shining example of why there needs to be a lot more oversight of the judiciary in this country. And why doesn't anybody ever file a complaint with the nice overlords of the bar? If a lawyer knowingly lies under oath go after his license.
If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
Running off of a live cd system that uses ram instead of a harddrive will prove difficult to retrieve anything. Send them some ram chips, and a copy of knoppix.