Slashdot Mirror
Spammer Can't Have Accuser's Hard Drive
This was a pretty silly request because Joel was suing over spams he received at Hotmail and Yahoo Mail accounts, e-mails which were never stored on his hard drive at all. I think the absurdity of it stands as a good example of what you should be prepared for if you try to take a spammer to court, even if you're represented by a lawyer.
Joel had originally sued the defendant for 49 separate spams under the Washington anti-spam law, RCW 19.190. I generally support anti-spam plaintiffs since I've been one myself a few times. When I've written about this before, a lot of people have wondered if the hourly returns were really worth the amount of time you put into it. I should have made that more clear; even after factoring in clerical errors and judicial bias, the answer really is Yes. Once you get a feel for which spammers and telemarketers can be easily tracked down, and which ones are likely to have money, you have a decent chance of getting a settlement for $500 or more for less than an hour's worth of work, if you do it right , e.g. requesting the forms by mail instead of going downtown to stand in line. (The case takes months to move through the courts, but it's possible to keep your total amount of work spent under 1 hour.) And if you're in Washington, and the same spammer sends you a large number of spams and you save them all, then you have a shot at an even larger prize if you're willing to split it with a lawyer. (Lawyers often work on contingency, after all, and they won't take on the case if they don't think there's a good chance of getting paid.)
But in Joel's case, the defendant had hired their own expert witness, Larry G. Johnson, who wrote a declaration in which he acknowledged that the mails were Yahoo and Hotmail messages, and still said that the only way to determine the "authenticity and source" of the e-mails Joel was suing over, was to get a mirror copy of Joel's hard drive. After Joel showed me that declaration by their "expert witness", and re-iterated that he was suing over Yahoo and Hotmail messages that never touched his hard drive, I volunteered to write my own expert witness declaration for free pointing out, basically, how skull-crushingly stupid the defendant's request was.
At first, I tried looking for some alternative interpretation that might make their request seem less absurd. Johnson's declaration technically requested a copy of "the computer storage media on which the purported emails allegedly reside (e.g. hard drives, CDs, DVDs, floppy disks, etc.)". Perhaps by this he meant that he wanted a mirror copy of one of the hard drives at Hotmail or Yahoo? (Knowing, of course, that they'd fight it to the death, and the case could drag on for years?) But no, the order drafted by the defendant for the judge to sign, said "Plaintiff is ordered to allow Defendants inspection of its computers, computer storage media and subject emails as outlined in Defendants' CR 34 Request for Production and Inspection" -- Joel's computer specifically, not Hotmail's RAID array.
I also said publicly at the time that the real outrage was that their "expert witness" could make this statement when there was no chance he believed it. Larry Johnson's CV lists his credentials: educated at Harvard, admitted to the bar and licensed to practice law in Washington, doing computer consulting for 21 years, and (really) appearing in a movie called "Easier Said" as "Sheriff Tiny". And here he was making a statement, under oath, that could be refuted by a reasonably computer-literate 12-year-old. Not just outrageous that he said it. Not just that he got paid for it. (Actually, that doesn't make me too mad, because it was the spammer who paid him, so it was just transferring money from a full-time societal leech, to someone who is usually gainfully employed and merely amoral.) Outrageous that in the best-case scenario the judge would just ignore the testimony, instead of fining him or putting him in jail, which is what is supposed to happen in theory if someone gets caught lying under oath.
Well, one constant in this business is that the record for Biggest Judicial Outrage in the History of the World gets broken every three weeks.
On June 9, 2006, Judge Richard Jones of King County Superior Court signed the defendant's order commanding Joel to turn over a mirror copy of his hard drive to Sheriff Tiny. Which in practice meant: turn over a copy of your hard drive, or drop the lawsuit, or spend thousands more on an appeal.
I tell people this and I find they can't really believe a judge would go along with a request like that, they think I must be leaving something out. So I urge you to follow the links to the documents above. The defendant asked the judge to sign an order permitting inspection of Joel's hard drive, I wrote a response saying it was bogus, the judge signed the order anyway, and that was really all there was to it.
The way that Washington lower-court judges have handled anti-spam cases so far has been interesting. My experience has been that many of them don't take the cases seriously, but they usually try to find an obscure legal technicality on which to reject the case; probably they don't want a few victories to bring everybody out of the woodwork clutching a copy of their most recently received porn spam. (For example, one judge said the statute only allowed you to "recover" up to $4,000, and claimed that wouldn't apply in my anti-spam cases because I hadn't lost any money. However, in legal jargon, including some Supreme Court cases that I cited, the word "recover" is often used to mean simply taking something from another party, not necessarily something that you've lost. And anyway I doubt that the legislature, when they specified $500 in damages per message, intended for people to first have to prove that they'd actually lost $500.) I think most judges figure that if anybody tries to complain about their treatment in the courts, people's eyes will glaze over at the discussion of the legal technicalities, and it will just sound like someone complaining because they lost.
But once in a while a judge fudges an issue that involves no arcane legal jargon and that everybody can understand. If someone sues over spams received at Hotmail and Yahoo accounts, and a judge makes them turn over their hard drive, that doesn't have enough of an eye-glaze factor. People hear that and understand what it says about the courts.
Still, the judge's ruling stands. Lawyers have a saying that if a judge rules the sky is green, there's not much you can do about it unless you're willing to spend a ton of money.
Two problems:
First problem is, sites like Yahoo! mail and Hotmail use a lot of Javascript to render the message. (Especially GMail which uses nothing but AJAX.) When you visit a site, your browser downloads the javascript code and base HTML and caches it. However any additional data the javascript downloads, and any modifications to the HTML the script makes, are NOT cached.
Second problem is: <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
In either case, the data never touches the hard drive except maybe as part of the memory pagefile, which is highly volatile.
=Smidge=
How do you know he uses Internet explorer?
How do you know he runs Windows?
How do you know he doesn't have a crazy diskless webstation of some kind?
How do you know he doesn't read hotmail at the library?
How do you know he doesn't read hotmail on your computer?
How do you know he didn't read the email on his mobile phone?
How do you know he owns a computer?
So you see, receiving web mail doesn't necessarilly mean caching (not storing, but caching) the message in the Internet explorer cache on a Windows PC. He could have printed that spam using an impact transfer ribbon-type printer. By your logic, the defendant could ask for all his old printer media. The demand that he produce his hard drive contents is, like you post, a red herring.
I am not a crackpot.
I'm only half kidding with this.. it wouldn't surprise me if they were looking for anything to slander the plaintiff with, or to at least muddy the waters of the case. Illegally downloaded music, etc..
oooops
I just tried to put my money where my mouth was.
I fired IE6 up went to hotmail and read a mail.
After closing its no longer there.
They must have changed something fairly recently (ie since I started using firefox) because they used to be there for all to see.
liqbase
And how [legally] savvy was [the OP]?
Rules of civil discovery are intentionally very liberal. There are many situations where pertinent information to the lawsuit that is discoverable could have been on his hard drive. Or should we just take his word that there are no copies of any of these messages on his hard drive? There are many possible circumstances where copies of the messages COULD be on his computer hard drive, and that alone should probably be enough to let the other side have a look.
What?
Discovery is granted casually. You can't stop it.
But protective orders are also routinely granted.
Generally you can arrange it so that neither the opposing party nor their lawyers will be able to actually touch the hard disk, only an independent forensic analyst.
I happen to set my browsers caches to a RAM disk, and I wipe my paging file at every shutdown. So I would have had to have read those emails very recently.
They settled, ending the case without discovery finishing, so the judges order didn't have to be followed, since it was a moot issue.
Yes, the title's stupid.
>>Second problem is:
. html#sec14.9.1
That's not what no-cache means. No-cache means that the caching client cannot use its cache to handle any subsequent requests without revalidfating with the server, so any further request to the same URI must be checked against the server. If the rtesponse from the server effectively says "your cache is valid" then it *can* use the cache.
See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14
no-store is the directive that is *supposed* to prevent storage of the response.
It doesn't mean the opposite either. If there is a chance he might recover something useful, he should get access to the hard drive. Welcome to the world of civil discovery.
That's not entirely true. Just because something MIGHT contain relevant evidence doesn't mean that it's automatically going to be within the scope of civil discovery. The revisions to the Federal Rules of Civil Procedure that will go into effect in a month specifically provide that absent "good cause", you don't have to produce data that is "not reasonably accessible due to undue burden or cost".
There's lots of wiggle room in those words, but in the example above, taking a look at printer ribbon wouild be unduly burdensome in most cases. (Technically, printer ribbon isn't "electronically stored information subject to 26(b)(2)(B), but that's pretty esoteric.) More to the point, in many cases items in the browser cache or in unallocated space on hard drives will NOT be "reasonably accessible" and thus is NOT within the scope of civil discovery (absent a showing of "good cause").
IAAL and I do this stuff for a living.
It actually would not surprise me that a computer forensics expert witness might not actually know what he's talking about. Almost every computer forensics person I know who work on the biggest cases, are actually ex-police detectives with some computer training. They have a habit of strictly adhering to "best practices" in their computer forensics investigations, because that is really all they know.
IAAL and my practice is 99% electronic discovery consulting.
Part of the theme that I saw (and was disturbed about) in the original affidavit was the suggestion that the "only" way to prove authenticity was to conduct a forensic examination. I've seen some vendors that are so used to conducting these types of examinations (and indeed have a financial incentive to do as many as possible) that they fall into this trap pretty easily.
So let's say that I'm in a routine contract dispute where the conduct in question happened three years ago, and I have a screenshot of an email message. And the original email message was deleted from the server and the laptop three years ago. How many forensic experts would suggest that we MUST take a full disk image to "prove" authenticity? Is there a 1% chance that a fragment of that original message might exist in the unallocated space? A 10% chance?
The problem is that to make a decision about HOW you go about "proving" authenticity and using the information at trial, you need to educate both the lawyers involved AND the judge invovled regarding what these technical terms really mean -- and what the associated costs and likelihood of finding something useful really is.
Not with IE (or other HTTP 1.1 compliant browser), when the "Cache-Control: no-store" option is used! Or any other more restrictive Cache-Control option.
Even so, it is likely in the many months it takes to get in court that the PC cache will still have the fragments on the HDD, due to LRU. And what if you use a HTTP proxy and have IE configured for no local cache.
Even more unlikely is to find anything in SWAP space after a few days or normal usage, let alone many months to get to court.
I say the best situation for this request is to have a laptop, booted up on Knoppix Live CD, without any HDD (and only USB mem stick storage), running Linux/Firefox, talking to your mobile handset via bluetooth for Internet connect. Connected to HotMail with Exhibit A clearly visible for the judge to see the very piece of SPAM email the court claim is about. "Sure your honour, here is it, can I have a receipt for that $6000 piece of hardware, or do you just want the CD and memory stick?"
Maybe from the fact the case was settled?
Well, the title says "Spammer CAN'T Have Accuser's Hard Drive", but the spammer was indeed allowed access. The only reason why the spammer DIDN'T have access to the hard drive was because there was a settlement. Therefore the title remains completely inaccurate.