Slashdot Mirror
Spammer Can't Have Accuser's Hard Drive
This was a pretty silly request because Joel was suing over spams he received at Hotmail and Yahoo Mail accounts, e-mails which were never stored on his hard drive at all. I think the absurdity of it stands as a good example of what you should be prepared for if you try to take a spammer to court, even if you're represented by a lawyer.
Joel had originally sued the defendant for 49 separate spams under the Washington anti-spam law, RCW 19.190. I generally support anti-spam plaintiffs since I've been one myself a few times. When I've written about this before, a lot of people have wondered if the hourly returns were really worth the amount of time you put into it. I should have made that more clear; even after factoring in clerical errors and judicial bias, the answer really is Yes. Once you get a feel for which spammers and telemarketers can be easily tracked down, and which ones are likely to have money, you have a decent chance of getting a settlement for $500 or more for less than an hour's worth of work, if you do it right , e.g. requesting the forms by mail instead of going downtown to stand in line. (The case takes months to move through the courts, but it's possible to keep your total amount of work spent under 1 hour.) And if you're in Washington, and the same spammer sends you a large number of spams and you save them all, then you have a shot at an even larger prize if you're willing to split it with a lawyer. (Lawyers often work on contingency, after all, and they won't take on the case if they don't think there's a good chance of getting paid.)
But in Joel's case, the defendant had hired their own expert witness, Larry G. Johnson, who wrote a declaration in which he acknowledged that the mails were Yahoo and Hotmail messages, and still said that the only way to determine the "authenticity and source" of the e-mails Joel was suing over, was to get a mirror copy of Joel's hard drive. After Joel showed me that declaration by their "expert witness", and re-iterated that he was suing over Yahoo and Hotmail messages that never touched his hard drive, I volunteered to write my own expert witness declaration for free pointing out, basically, how skull-crushingly stupid the defendant's request was.
At first, I tried looking for some alternative interpretation that might make their request seem less absurd. Johnson's declaration technically requested a copy of "the computer storage media on which the purported emails allegedly reside (e.g. hard drives, CDs, DVDs, floppy disks, etc.)". Perhaps by this he meant that he wanted a mirror copy of one of the hard drives at Hotmail or Yahoo? (Knowing, of course, that they'd fight it to the death, and the case could drag on for years?) But no, the order drafted by the defendant for the judge to sign, said "Plaintiff is ordered to allow Defendants inspection of its computers, computer storage media and subject emails as outlined in Defendants' CR 34 Request for Production and Inspection" -- Joel's computer specifically, not Hotmail's RAID array.
I also said publicly at the time that the real outrage was that their "expert witness" could make this statement when there was no chance he believed it. Larry Johnson's CV lists his credentials: educated at Harvard, admitted to the bar and licensed to practice law in Washington, doing computer consulting for 21 years, and (really) appearing in a movie called "Easier Said" as "Sheriff Tiny". And here he was making a statement, under oath, that could be refuted by a reasonably computer-literate 12-year-old. Not just outrageous that he said it. Not just that he got paid for it. (Actually, that doesn't make me too mad, because it was the spammer who paid him, so it was just transferring money from a full-time societal leech, to someone who is usually gainfully employed and merely amoral.) Outrageous that in the best-case scenario the judge would just ignore the testimony, instead of fining him or putting him in jail, which is what is supposed to happen in theory if someone gets caught lying under oath.
Well, one constant in this business is that the record for Biggest Judicial Outrage in the History of the World gets broken every three weeks.
On June 9, 2006, Judge Richard Jones of King County Superior Court signed the defendant's order commanding Joel to turn over a mirror copy of his hard drive to Sheriff Tiny. Which in practice meant: turn over a copy of your hard drive, or drop the lawsuit, or spend thousands more on an appeal.
I tell people this and I find they can't really believe a judge would go along with a request like that, they think I must be leaving something out. So I urge you to follow the links to the documents above. The defendant asked the judge to sign an order permitting inspection of Joel's hard drive, I wrote a response saying it was bogus, the judge signed the order anyway, and that was really all there was to it.
The way that Washington lower-court judges have handled anti-spam cases so far has been interesting. My experience has been that many of them don't take the cases seriously, but they usually try to find an obscure legal technicality on which to reject the case; probably they don't want a few victories to bring everybody out of the woodwork clutching a copy of their most recently received porn spam. (For example, one judge said the statute only allowed you to "recover" up to $4,000, and claimed that wouldn't apply in my anti-spam cases because I hadn't lost any money. However, in legal jargon, including some Supreme Court cases that I cited, the word "recover" is often used to mean simply taking something from another party, not necessarily something that you've lost. And anyway I doubt that the legislature, when they specified $500 in damages per message, intended for people to first have to prove that they'd actually lost $500.) I think most judges figure that if anybody tries to complain about their treatment in the courts, people's eyes will glaze over at the discussion of the legal technicalities, and it will just sound like someone complaining because they lost.
But once in a while a judge fudges an issue that involves no arcane legal jargon and that everybody can understand. If someone sues over spams received at Hotmail and Yahoo accounts, and a judge makes them turn over their hard drive, that doesn't have enough of an eye-glaze factor. People hear that and understand what it says about the courts.
Still, the judge's ruling stands. Lawyers have a saying that if a judge rules the sky is green, there's not much you can do about it unless you're willing to spend a ton of money.
It's going to cost a certain amount of money to mirror a harddrive (say 60-70 dollars for a medium size drive and maybe 40 tops for commercial software. Not that bad. I assume they're trying to draw into question whether the email was ever received and will use the mirror to prove no copies were ever stored on the drive. Is it spam if you don't store it on your computer? (Obviously I still think it is but the law's a twisty thing if it hasn't been bolted down.)
If you feel entirely convinced that the "expert witness" demonstrably lied under oath, use your right to make a citizens arrest, and formally charge him with perjury. Lying under oath is a crime.
Don't you guys know anything about SMTP e-mail headers?
The purpose of inspecting the plaintiff's hard drive is to recover evidence that the e-mails were not sent by the defendant, right? And the plaintiff states the spam was sent to his webmail account, right?
There's no way that his browser cache would contain enough verifiable evidence to determine the true origin of the spam. What his browser downloads is an HTML representation of the original e-mail text, and a snippet of info from the mail headers. You won't be able to see all the mail headers in the file. The only way would be to download the e-mails from Yahoo and Hotmail via POP3, or IMAP, or possibly using HTTP if supported, to an authentic e-mail client on the plaintiff's PC - like Outlook, Thunderbird, Evolution, Eudora, etc... Are you still with me?
The only thing the defendant can hope to show is that the plaintiff lied to the court about downloading copies of the actual e-mails including the headers...
Somebody needs to use a clue stick on the judge. Why would somebody go to the trouble of faking e-mail headers to "extort" a measly $500 from an alleged spammer? Well, SCO maybe - but at least they publicly said they'd get 5 billion dollars, not 5 hundred...
"A little misunderstanding? Galileo and the Pope had a little misunderstanding."
-- Sorry, I can't think of anything funny to say here.
I also said publicly at the time that the real outrage was that their "expert witness" could make this statement when there was no chance he believed it.
I work in computer forensics, have submitted affidavits to court and appeared as a witness to be cross examined on my findings. It actually would not surprise me that a computer forensics expert witness might not actually know what he's talking about. Almost every computer forensics person I know who work on the biggest cases, are actually ex-police detectives with some computer training. They have a habit of strictly adhering to "best practices" in their computer forensics investigations, because that is really all they know. They don't understand enough to apply the creativity needed to extract all the important information or attack the other side with any really in-depth arguments. The more complex their affidavits, the greater the chance it and they will be ripped apart in court. They also want to play it safe and not stick their necks out under oath.
Although there are some "best practices" which should be adhered to (like evidence capture), evidence analysis can often benefit from creative approaches, since each case brings new challenges. Confining your analysis to
This often results in quite superficial opinion from expert witnesses on both sides. Few are capable or willing to get very creative and deliver the killer evidence. Regardless of whether they provide case winning evidence or just the stuffy old basics, they're still getting paid.
So what do I see as the end result in most cases where a judge does not understand that which he is judging? The situation where it does NOT come down to who is right, but rather it comes down to who has the most convincing expert witnesses. I see this time and time again and the lawyers all understand this. For them it seems to have become a game where it is all about manipulation of the judges perception, since that is where the weakest point in the whole game is. Not the other sides arguments, witnesses, testimony or affidavits. The judge is the focus, on both sides. The points of the case at hand comes second.
Playing the dumb game is a slippery road, and there are certainly many ways to outdumb the dumb:
1. Get a new hardrive (extra points for a non-standarized interface).
2. Install an obscure OS (GNU-Hurd, BeOS, etc) on a non NTFS partition. Make sure to boot into text mode by default!
3. Install lynx and visit Hotmail and Yahoo.
4. Enjoy the spammers and his hollywood expert witness expresion when booting!
Alternatively, buy the following auction at ebay: http://tinyurl.com/yjhav2 . I'm certain you'll know what to do next. =)
My other OS is the MCP!
I'm all in favour of making spamming unprofitable: it's the only way we're going to get the scum out of business. However it helps if you are right in both legal and technical respects before getting involved.
The OP is wildly - and legally dangerously wrong - in both his post and in the Declaration he provides. Other people in this discussion have provided ample evidence that yes, your mails are stored on your hard-drive, not deliberately (as in a POP3 client way) but through caching mechanisms. Even if the originating server sets every no cache mechanism known to man, it's up the client to determine whether it is going to pay attention to these instructions.
Secondly, the Declaration is an attempt to say that the screengrabs the plaintiff took should be adequate to *prove* the offense the defendent is supposed to have committed. The judge, unsurprisingly, disagreed with the OP's opinion and ordered the hard-drive turned over.
It's worth considering why that might be. Is it because the judge is a technical incompetent or because the judge is unhappy with the way the plaintiff is unwilling to hand over any evidence in support of their case apart from some screengrabs? The point is not, as it says in the declaration, that headers would be as easy to fake as the screengrabs, but that the plaintiff is unwillingly to do anything to support their case.
The judge might be a technical incompetent, but it doesn't sound like he is a legal incompetent, which unfortunately the OP presents himself.
There is a fairly good chance that at least some of the web pages viewing those webmails are recoverable in swap space, file slack space, and unallocated space.
Those of us who have dealt with swap space, slack space and unallocated space understand what MAY be found there. I think there is certainly a way for a lawyer to say, "Judge, we have some screencaps / printouts of emails and there's some question as to whether or not they're genuine. We want more evidence to test their authenticity and to re-create how they looked." Alternately, they might want to search for evidence in the browser cache or evidence that they're forgeries.
But does that mean that the "only way to reliably know" what they looked like is to do the forensic analysis? Or that it is "necessary" to do this "[i]n order to determine authenticity and source"? All of this evidence might have been planted by the CIA or by some hacker in Kazakhstan. Good luck trying to explain that to a judge not interested in technical details.
What a lot of tech folks (and lawyers) lose sight of is that there's a cost-benefit analysis to all of these decisions. Might there be some fragment of data that's relevant, that would tend to prove or disprove authenticity? Of course. But does whatever the other side stands to gain from this discovery justify the cost and burden that will be incurred?
IAAL and I do this stuff for a living.
Well, IMHO, IANAL, but I would have done the following:
Go into Internet Explorer. Go to tools|internet options|Termporary Internet Files|Settings.
Set the "Amount of disk space to use" to a 10G or so.
Go and open every spam email.
Clone the hard drive.
Send it to the judge.
Voila.
You could have defeated any intent to have the case dismissed by the "expert witness" by doing something very simple.
"Let the Cache flow through you"
no, the title is misleading and poor journalism, plus poor editorial control (ie NO editorial control - did the editors RTFA?)
Perhaps its time to give editor points away, like mod points, to people who actually care about the quality of the stories they read and not just click 'accept' or 'reject' randomly.
An analogy: if the government was prosecuting an child pornography case, and the defendant's website had kiddie porn up, it would be absolutely ludicrous for the defendant to request a mirror copy of the government computers used to find said kiddie porn under the theory that there might be something useful in the cache. It's irrelevant, it's distracting, and it's clearly being used in the current spam case as an attempt to intimidate the plaintiff.
Also (relating to the article, not this thread), shouldn't the title read "Spammer Can Have Accuser's Hard Drive," given the results of the ruling, or am I just too high on a coffee buzz to read properly?
Hmm... if suing a spammer, I'd recommend reading their emails via a browser from a computer at a library. Sure, maybe you read them elsewhere, but for the purposes of your complaint, go to the library and read them there, and mention that as your complaint. "I received spam, when I was checking my email as I often do via the PC at the library."
Then, if they need 'the hard drive', it's up to the ALA to fight it, and that's a fight no judge wants to start.
A.