Slashdot Mirror
Some DNS Requests Ruled Illegal in North Dakota
jgreco writes "A judge in North Dakota has just ruled that requesting a zone transfer from a public DNS server is criminal activity within the meaning of the North Dakota Computer Crimes Law. A zone transfer is a simple request that a DNS server hand over information in bulk, and a DNS server may be configured to allow or deny such requests. That the owner of a DNS server would configure the server to allow such requests, and then claim such requests were unauthorized, is simply stunning."
So now there is a good chance i can go buy some adwords and advertise my website and then sue anyone who will access it... A good business model.
set your threshold at -1 if you want to see me
This in effect means that you cannot set up a secondary DNS server in North Dakota. Any ISPs in the state should probably relocate!
Most states have computer crime laws that pretty much say this: It is illegal to access a computer that you are not authorized to access.
This basically means that if you don't have written permission to access a computer, you can't access it legally.
So everyone who uses computers breaks the law, and the law is only truly defined by who prosecutors decide to prosecute.
This state of affairs is completely ridiculous, but unless you find a tech savvy Judge, the situation is unlikely to be changed through the courts.
If you had super powers, would you use them for good, or for awesome?
Might want to read the actual court ruling instead of the populistic and alarmist comments surrounding it. As I read it, the defendant already had been told by the court to stop bothering the plaintiff, and he then proceeded to ignore that. In and of itself the ruling doesn't outlaw dns requests, altough the judge's grasp of the technology clearly could stand improvement.
I didn't mean for anyone to read this post on the internet. So it illegal.
Because eventually their going to make most of my job illegal so I can move onto other more interesting things... like working in marketing or middle management
How the hell are you supposed to run redundant DNS setups when zone transfers aren't allowed? Sure there are inventive ways, but... DNS WAS FRIKKEN DESIGNED FOR THIS!
BIND 9.x and earlier allow this activity by default. This being the case, a new and/or ignorant system administrator may not realize their zone file is available for the taking.
One more example of the law having to protect the stupid, but I can *sorta* see the point of it. This falls in line with stealing wifi from unprotected networks. Just because it's not secured doesn't mean it OK to break in.
It's a civil case.
The worst that can be said about it is that it's bad precedent and the judgment was wrong.
The judge did not make DNS requests illegal.
Asking a public internet server for public information that it is configured to provide upon demand?
This quote from the article is debatable and the reason why its not a good idea to allow zone transfers. A lot of times, information that you would rather not be public is in zone files. I've seen a some people put processor information in HINFO records. This is bad because there was a cryptographer in the 90s that discovered that its possible to determine random number generation sequences based on your processor model and frequency. So it wouldn't be good for that info to be public.
Its not a good idea to allow zone transfers. Although its useful when an ISP that you are transfering a zone from doesn't want to give you all the zone records.
To expect a Judge to be able to understand one iota of network technology is is simply expecting too much. A Judge that tech savvy would not be a Judge for very long!
I suspect many wind up in Law and various civil servant positions precisely because they fail at technology and understanding it.
Being a Judge comes under the rubric of:
If you're smart enough to do the job,
You're not dumb enough to do the job!
Ruby Neural Evolution of Augmenting Topologies
A door can be set to allow visitors to enter or block them. That the owner of a house could configure his door to allow visitors to enter and then claim such entrances are trespass is simply stunning.
I'm not saying this is the case, but it's possible the server was misconfigured, and it's possible that the "hacker" knew it was misconfigured but took advantage of this.
He can't email them, because clearly that's zomg h4xx0rz1ng their email server.
If you were blocking sigs, you wouldn't have to read this.
One should send all the comments on this article to the judge (yes the goatse.cx links also :) ).
Shakespeare poems - infinite monkeys with infinite time.Computer tech support - a few trained ones working from 9 to 5.
Those who can: write code. Those who can't: write laws.
Can you imagine if every politician in the house and senate knew how to program? Granted a good portion of them would still be writing awful spaghetti code... but for the most part at least they would not be able to compile it.
Zone transfer is not illegal in itself, zone transfer for certain purposes are illegal.
It seems more and more that the Law is heading towards penalizing anyone that employs some knowledge in the technical arena that worries people who don't understand it.
The end result is that people in the countries where the laws preventing basic (and in some cases slightly cavalier) activities becomes a criminal offense, thus dissuading a large amount of the indigenous populace from testing the limits themselves (without doing hard time/losing the shirt).
Net effect: Foreign countries that are immune from prosecution by the Law of the Land have a huge advantage, as no well meaning "White Hat" can help a company shore up its defences. There is no adaptation and evolution of the security mechanisms.
If some group then decides en masse to perform some disruption, the security is far less than it ever should be (i.e. non-existent). Resulting in huge damage to the infrastructure (possibly unrecoverable).
Not to say this is new behaviour; back in the Medieval period, distinctly unpleasant lords would 'shoot the messenger' when soldiers disagreed with their defence arrangements. However, historically, the bloodlines of these particular lords were thinned out as their defences were overwhelmed in battle and they were slaughtered.
Not that I'm making any predictions, I just think it's an interesting historical trend.
What I find interesting is that "computer systems" i.e. networks, disk drives, files, etc. ae well understood by us computer folk. What is "obvious" to us has come from a lot of experience and learning. More over, in constructing things like the internet, we develop a lot of "rules" that make sense within this context.
In the non-nerd world, a lot of the rules created by us nerds run afoul of what most people expect. DNS is a perfect example. To us, it is MADE to serve data. If you put data into DNS, you've made it public. To the rest of the world, however, that doesn't make sense. Its the same issue with HTTP. We see putting stuff on a web site as making it public, but non-nerds see things like deep linking a violation of their site because it does not promote the interaction they expect (viewing ads etc.) and have invested in. To them, you are circumventing their revenue model.
I'm not 100% sure we're 100% right. I don't think we are wrong in our views, but I see the gray area between the two.
If Ritz had previously been ordered to leave Sierra alone, and hadn't, then that's a basis for the ruling right there, completely ignoring any aspect of DNS. From the court documents, the guy sounds like quite a piehole.
I was going to make this same point.
Well said, morgan_greywolf.
I don't understand, can anyone put it in terms of tubes or trucks?
Why the hell aren't we celebrating this, people? Okay, for DNS, it sucks... but look at it this way...
It doesn't matter if you set up your system to 'automaticly' share the files you just downloaded... people who accessed them did so without authorization. It can't be considered 'sharing' if you didn't authorize people to download them from you... could this ruling be a tool agaisnt the MAFIAA?
I can lock my house, but even if I do not do so, you will still be trespassing if you enter my house.
http://www.casscountynd.gov/
I'd be embarrassed to be from there right about now.
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"
Our government is completely fucking out of control in the United States.
I wonder if that judge is living inside the new Lakota Nation?
If so his bullshit fucking (fuck the common sense) laws no longer apply.
http://users.dma.ucla.edu/~estevancarlos/images/lakotanation.jpg
http://en.wikipedia.org/wiki/Lakota_Nation
You can all use my DNS servers. Like, whenever you want. It's cool.
-thegnu
Please stop stalking me, bro.
I can tape a poster of my wife naked to the outside of the front door, and anybody who looks at it is invading her privacy.
Obviously hypothetical as.
According to the Findings of Law, item 31, he is guilty of using the name "Bastard Operator From Hell" when his name is really David Ritz.
You just don't do that in North Dakota.
No word in TFA if he plans to appeal... let's hope so!!!
My bicyles
All he did was read the house numbers on your street.
It's much safer, legally, to be a leech.
By the same logic, the guys who found those nasty papers Diebold didn't want published, or the Halloween memoirs, or the Guantanamo files, or any other material accidentally left in a public place that embarrassed a company or government, are guilty of the same crime.
What's next, being arrested for looking up corporate records in a public library?
There should be no legal difference between making a DNS request for a zone transfer and photocopying a prospectus.
but there is NOTHING ILLEGAL mentioned here. This is a civil trial, not criminal. The acts may be found illegal later in Ritz's later criminal trial, but that remains to be seen. Also, the issue is a question of whether Ritz was authorized to do the DNS request. The DNS request is legal for the administrators without problem. Obviously, the issue of Ritz's requests is worth debating. The article summary is horrible, as is the linked article. But, the linked blog entry has yet another link which gives the whole opinion as well as some more informed commentary. For those that want to be informed before spewing, I would suggest checking it out. (for the the other 99% of slashdotters, please feel free to ignore this at will).
Even if I did leave my doors and windows unlocked anyone that entered without my person would be doing so illegally and subject to my wrath.
--
Just because the door is unlocked does not mean you have permission to enter.
Off course if they sneak in the locked back door, after hours and take all the candy from the "take one" bin then it is reasonable. :-)
Its seems reasonable to assume that if you can easily get information from a machine using "reasonably common" techniques and tools then its publicly available. The discussion seems to revolve around the term "reasonably common". What is common to a techie is not common to the average user. At the same time I can see how it becomes a real challenge when tools that can be easily used for cracking and/or security scanning are commonly available.
host -l -v -t any sierracorporatedesign.com. ns63.worldnic.com
I'd like to have a look and see if it is still open and responding to all.
Goodbye crewl werld
host -al slashdot.org
Having to work for a living is the root of all evil.
I think it's long overdue that any judge that is called to preside over a case involving computer technology, should be required to show that they can first turn on a computer first.
It's just so damn embarassing seeing case after case where judges are so out of touch with their collective 1950's Beaver Cleaver mindset.
If a judge cannot turn on a computer, or the last new car they purchased was a Studebaker, then they need to resign. I think we should have a questionairre given to judges... Ask questions such as, "What is the cost of a Gallon of Gas?", if they should respond with "$0.75".. resign.
Awesome!
That's it, I'm moving to Sweden
"Teach a man to build a fire, and he's warm for a day. Set a man on fire and he's warm for the rest of his life."
Exactly his point -- the server was configured to allow this access and had no security measure in place. On the internet it is accepted that when lacking anything to the contrary it is legal to push every available button and to walk through every unlocked door.
On the internet?!? Pray tell, what law says this? You use "it is legal" and I do not think you know what it means.
Maroon.
Infuriate left and right
Given the choice between concluding that the judge was an idiot, or the plaintiff lied, or Dave Ritz lied, I'd say that it was more likely that the judge and/or plaintiff were in error than that Dave Ritz lied. He's not a liar by nature. He could have been mistaken on something (so many spammers, it's hard to tell them apart sometimes), but I do not believe it likely that he intentionally lied.
This is an exceedingly bad ruling.
Some background reading:
http://thespamdiaries.blogspot.com/2007/10/help-fight-spammer-slapp-suit-donate-to.html
http://www.spamsuite.com/node/351
And, of course, the legal defense fund, desperately needed for an appeal:
http://sfldf.org/
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
I hear SCO is looking for a new business model, but they want to stay with what they know...
The kid was not convicted for a "zone transfer". He was convicted for repeatedly hacking into an ISP's server, and one of the many things he did was a zone transfer. This is like saying that opening doors is now illegal in Arizona, after a burglar was convicted for opening a door (and forgetting to mention that he used a crowbar, entered the house and stole anything of value).
I kid you not. The Judge ruled that "In all intended uses of a zone transfer, the secondary server is operated by the same party that operates the primary server." The original complaint is here.
Ritz was a thorn in Reynolds' side during the years when Ritz was trying to get the Netzilla/Sexzilla porn spam operation to stop spamming. Reynolds has been quite aggressive in trying to get his past erased from the net (including forged cancel posts). The North Dakota Judge also awarded attorneys fee which could theoretically make the total bill over $500k for doing a domain zone transfer. (I believe they had claimed $250k in attorney fees in their failed suit against Ed Falk) Reynolds also filed a criminal complaint against Ritz which was on hold pending resolution of this trial.
Here is a literal worst-case scenario of what can happen when a court fails miserably to understand technology. The judge ruled:
Ritz has engaged in a variety of activities without authorization on the Internet. Those activities include port scanning, hijacking computers, and the compilation and publication of Whois lookups without authorization from Network Solutions.The scary sounding port scanning/hijacking computers is posting a test message through one of Verizon's machines to prove to Verizon they had an open relay --i.e. posting to 0.verizon.security via the relay a note to Verizon's security saying "What's it going to take to get you to secure this gaping hole in what you call your network," or words to that effect. Verizon apparently had no problem with the demo post and closed the relay.
Take note, for those anti-spammers out there, this Judge is ruling that if you post the whois record for a spammer's domain your are doing a malicious, tortious act. If you telnet to a spammer's mail server and type HELO or VRFY you're illegally impersonating a mail server.
It seems clear that the Judge for whatever reason really, really, really didn't like the Defendant Ritz. But the Judge seems to want no sunshine on her trial because she ordered the entire affair sealed, except of course for her judgments of "facts."
There is a legal defense fund that was set up for his case. I believe he does not have the resources to appeal and this would be a very bad precedent to stand.
Here's the code the _civil_ lawsuit is based on:
12.1-06.1-08. Computer fraud - Computer crime - Classification - Penalty.2. A person commits computer crime by intentionally and either in excess of authorization given or without authorization gaining or attempting to gain access to, altering, damaging, modifying, copying, disclosing, taking possession of, introducing a computer contaminant into, destroying, or preventing the authorized use of any computer, computer system, or computer network, or any computer software, program, or data contained in the computer, computer system, or computer network. A person who commits computer crime is guilty of a class A misdemeanor.
Ritz also got a $10k fine by the Judge for violating the preliminary Injunction, but since the Judge sealed the records, it is hard to tell what the story behind that.Sometimes when I see things like this I have to wonder - are they all really that tech ignorant; or is this part of a strategy to put vaguely interpretable laws on the books with respect to the net so that anyone can be charged with ridiculous crimes at any time.
Your DNS server is not your house. It's your store. Yes, it's private and belongs to you, but it has a public interface. People walk into your store when it's unlocked because the door is the public interface, and the lock on the door is how the owner meters or controls access. DNS servers are much the same. They serve up a public interface. Making a DNS request of an open server should be no more illegal than walking into the 7/11. If they don't lock it, how am I supposed to know it's closed?
You know back in the 80s people on usenet notiuced that there were no uucp connections going into North Dakota and therefore Noth Dakota didn't actually exist. Now I think I know why there were no uucp connections going into North Dakota.
I hear the ladies love a Bad Boy. I just did a zone transfer from a North Dakota nameserver. I am SUCH a rebel. Come get me, biotches.
Now if you'll excuse me I'm going to tear the labels off some mattresses and jaywalk. I be bad, yeah I be bad.
Need Mercedes parts ?
This is excellent news for whoever had a pending lawsuit from the RIAA for file sharing. Think of it a little bit...
:(
"Yes, Mr. Judge, I did share my MP3s on the internet, but I didn't authorized anyone to download them. It's for my very own usage, truly!"
This is ridiculous. Unfortunately, this kind of things happen way too often
First off, I have to define what I think SHOULD BE improper access. I say "should" because my comments have nothing to do with the law and the law isn't very clear on that, anyhow. So I'll do my best to define what I think should be considered unauthorized access.
IMHO, and only IMHO, unauthorized access should require that:
A) A person intentionally instructed their computer to access some resource.
B) That person knew or should have known that the access was unauthorized.
C) That person deceived a person or computer into providing the access.
Feel free to ask lawyers to suggest this test to judges. It would be a LOT more reasonable, given that they almost always ignore part C when they want to rule against someone doing something they don't understand.
I feel that the element of deceit should be required because otherwise, you end up with a lot of techies in trouble for accessing things that normal people don't know about and fear simply because they don't know about it. Then you get people blaming those who point out horrible misconfigurations being blamed merely for finding them.
If applied to this case, I can't find that it was unauthorized because there was no deception that I know about. He may be wrong for other reasons, as people point that he had an injunction filed against him so he shouldn't have been doing that. I think that the company in question sounds like a slimeball spam company, too, but that's another matter.
Now how does that apply to spammers? It doesn't, except for botnets, where it should be clear that they trick or exploit people into joining them, which should be clear-cut. I also hate those spammers who offer up illegal schemes and scams for the scam itself.
But what about "honest" spammers, you might say? Aside from the fact that I have a hard time finding any that aren't unlicensed pharmacies, stock scams, etc. I would have to say that I hate them because it's advertising and I don't want it.
But I'm not blaming them due to some double-standard of unauthorized access. I hate them for other reasons.
Concept seems compelling. Now whether you can expand that to "Communication Apparatus With Interfacing Means" and "Unsolicited Interaction With Existing Apparatus" really raises an interesting question... ;)
A little bit of topic but zone transfer could be quite useful and I have written a small program that use zone transfer to be able to navigate the dns-database in similar way as navigating the file system. It is open source called dnsexplore and could be downloaded from sourceforge.net
This makes DNS no more illegal than having a back yard. If someone you have previously warned (generally with notice, like via police or registered letter) not to come on your property enters your back yard, he gets fined and/or goes to jail for a few days. Does this make it illegal for me, during the day (I know some places have prowling laws), to walk across your unfenced backyard? No. Not unless you officially told me to go away previously.
This man was told to go away, never to touch anything to do with this company ever again, by a judge. He decided to step over the lines the judge gave him. The judge gave him the electronic equivalent of a trespass infringement, and the story ends.
And yes, if I manage to get a judgment against any of you that says you better stay the fuck off my equipment, guess what, if you're in an area with an extradition treaty (or in the same country), you've broken the law. What's next? Using the internet is illegal because a 2nd time loser spammer gets another account at an ISP and is told that he's not allowed to use the internet by a judge (there... of course not included in the blurb, he's still allowed to get internet access anywhere where he is willing to abide by the terms and conditions).
I feel quite certain this person will be allowed to, say, make a zone transfer of microsoft.com, assuming microsoft is dumb enough to leave it authorized in their servers. Assuming MS doesn't have an order against him too.
As one of the people involved in this, I think I should take a minute to set the record straight.
Sexzilla was once one of the largest porn spammers on usenet. I wrote about them on my web site. The owner, Jerry Reynolds, sued me for defamation. I asked the other spam-fighters for whatever they had on Sexzilla so I could defend myself.
David Ritz responded with something along the lines of "Oh, it's true alright, here's the dns zone information that proves it." He also published his results on-line.
Reynolds then sued David for an "unauthorized zone transfer".
That zone transfer is the entirety of Reynolds' case against David. The rest of the stuff in the judge's decision was all a bunch of bullshit spoon-fed to the judge by Reynolds. Most of it has nothing to do with the case at hand, and most of it is either untrue or gross distortions of the truth. For example, the "hijacked" computer was an open relay that Ritz used to send one message to Verizon security, proving to them that they had an open relay.
You can read the whole sorry saga here.
What this is doing is setting a precedent for allowing the law to destroy commonly-accepted specifications for BACKBONE OPERATIONS on the public internet.
No, "destroy" is not hyperbole. This zone transfer ruling very much IS a slippery slope.
+++ATH0
This is classic. Attorneys should know to perhaps talk to someone with a technical background to find out about zone transfers.
Hopefully sanity will break out in ND.
kid was not convicted for a "zone transfer". He was convicted for repeatedly hacking into an ISP's server, and one of the many things he did was a zone transfer. This is like saying that opening doors is now illegal in Arizona, after a burglar was convicted for opening a door (and forgetting to mention that he used a crowbar, entered the house and stole anything of value).
Done an nslookup or a dig lately? You violated ND law. Visited a web page, you violated ND law. Sent email? Violated ND law.
The judiciary is there to protect us from bad law, not to litigate more bad law. This is what happens when clueless ideologues are appointed as jurists.
I'm sure the judge has plenty of legal tools to use against someone who pisses him off, without the need to mix up the case like that. He could have ruled for the defendant but fine him for contempt or something like that.
So what you're saying is that there's a *stronger* case protecting these documents that HAVE been treated as public record than DNS records.
Than you for making my argument even stronger than I intended.
(ie: I think you'll find we're in agreement)
n/t.
info@ndcourts.gov works
-----------SNIP-----------
I was at Cynthia A. Rothe-Seeger, District Judge (url http://www.court.state.nd.us/court/bios/rothe-seeger.htm) and I have this comment:
When a jurist with little or no technical understanding attempts to make a ruling in a case where much of the evidence is technical, there is often a serious case of cognitive dissonance. This is the case in Judge Rothe-Seeger's ruling in the Ritz case.
I am not a lawyer, and make no comment about the merits of the behavior of Mr. Ritz. I am, however, a network engineer, and someone actively involved in information security, particularly using DNS.
In ruling that querying a nameserver that was configured to provide a zone transfer for a list of all the hosts in a zone illegal, Judge Rothe-Seeger has demonstrated a fundamental misunderstanding of the technical design of the Internet, not just of DNS, but of ALL the applications and protocols. Further, the comment that Mr. Ritz's querying and republication of the public WHOIS data "without Network Solutions permission" was illegal also completely misunderstands the nature of Whois data.
What the judge has done is, effectively, to say that each person who asks a public server for information that it is explicitly designed to provide to all and sundry needs to get specific permission for that content from that publisher. This is completely at odds with how the Internet works. The Internet is designed in such a way that servers provide content to anyone who asks, unless the owner has configured the server not to do so.
Sierra could easily have prevented zone transfers from their name servers if they so chose. If they did not do so, then the presumption is that they intended to allow it. There are many very good reasons why a service provider would want their zone to be transferrable, and by configuring their nameservers in that way, they were, in effect, doing the same thing as someone leaving a stack of maps out in public, for all to take at their leisure. What the judge has ruled would be analogous to finding a crime when someone took a copy of an ad that included a layout of a house from a realtor's office.
The WHOIS data, on the other hand, is public record BY DESIGN. It is part of the basic design of the DNS that you be able to find out who the registrant for a given domain is. How else are all the legal remedies for copyright infringement, illegal content, abuse of service, etc. to be exercised if there is no way to find out who to serve notice on and in what jurisdiction they reside?
It is clear from Judge Rothe-Seeger's bio that she has little or no experience of life beyond North Dakota. It is also clear from her ruling that she has little or no understanding of the Internet. Based on her age, it is time for the judge to retire, as she clearly fails to understand the world in which she now lives.
First let me begin that calling North Dakota a black hole is an old joke my Mother used to mention in the 1960s. The joke was there was "no such place" but they had a blank spot on the map and had to call it something.
So this leads me to my basic question, how DO you block North Dakota anyway? Do they assign IP addresses by Zip Code within the U.S.? Probably not.
P.S. My DNS is down now it can only be seen at hardcoded IP 198.212.189.111
Tracy Johnson
Old fashioned text games hosted below:
http://empire.openmpe.com/
BT
I 've spent about 10 minutes looking around,I what I've found is apparently this incorporated computer business/web design shop has access to a total of 45 IP's,designates themselves as an Internet Service Provider,yet I can't seem to find any self hosted website to sell their services,Hell, I got a website ,and I've only got 1 IP!!!
This sounds more like an inept sysadmin running this outfit,some one complained about open relays,and his first thought is,"Call the lawyer,We'll fix this complainer".
GET a GRIP and learn your craft,If you're gonna run an ISP,you Should Know what you are doing.
Before I comment I'll say I completely agree with your statement and would probably shoot a trespasser.
The precedence in America has now been set that this is not the case. According to the RIAA by leaving my computer insecure and not changing the default share settings in Kazaa or eMule (or whatever) I am liable for sharing all the files that it detects even though people should know better than to download them.
You want to see something scary? Go to emule and type in "xls" or something.
There is a point where this makes sense. As a business owner, I often had to sign confidentiality agreements. These agreements specified that I not only could not blab my clients' secrets, but I had to take active measures to protect them (locked file cabinets, passwords, encryption, etc.). If I left a file on my desk unprotected and it was stolen, I would be responsible, even if I did not actively publish the information.
Going a step further, if I have an item on consignment at a store and the store owner allows it to be stolen, that owner is at fault because they have a responsibility to take reasonable measures to protect my property while it is in their care.
Going one more step, the argument could be made (whether or not I agree with it) that one has a responsibility to protect copyrighted digital data which belongs to someone else while it is in your care. It does not matter if you are reckless with your own things, but being reckless with other peoples' things is not necessarily a right. I do not know if I buy this argument, but that is where the RIAA is going with it. By extension, you would have to keep your dime-store romance novel under lock and key as well to keep someone from maliciously photocopying, scanning, or photographing any of the pages. There has to be a point where 'reasonable measures' is effectively 'whatever you normally choose to do with your own things' and depends, to some extent, on active prior agreement.
An ISP provides a DNS server for two purposes. The first is so that it's customers can receive name resolution while they suft the web... The second is so the the ISP's mail server can deliver email. In both cases, the DNS server exists for the explicit purpose of serving the interests of the paying customers. There is plenty of case history where unauthorized use of equipment has found to be actionable. For instance, when a fax spammer sends unexpected fax's to your machine, the basis for your objection is that he was an unauthorized person accessing your fax equipment. The courts don't have much of a sense of humor about knob twisting. It's obvious this guy had been told to cease and desist, but had a hard on about this ISP.
You are wrong. He didn't hack into any servers. He executed zone transfers and sent VRFY and EXPN commands to a mail server in order to prove that Jerry Reynolds was the owner of Sexzilla. That's all he did.
And not even the sidewalk from the street to the door.
Private property. First, you can lose your claim to your exclusive right of way on your own property in most states of the US if you fail to prevent public access.
An example: You have (say) a church in the middle of a block. It has a parking lot that opens on the street in front and the street in back. The parking lot tends to get used as a shortcut by people who don't want to go around the block.
In many states, if the church fails to provide gates or signs indicating that the parking lot is not a thoroughfare, the church may lose the right to close the thoroughfare. In some states, the church would have to actually close off access to the public at least one day a year to prevent the parking lot becoming a thoroughfare.
Similarly, say I have a vacant lot in the middle of the block, and the kids from the junior high at the end of the block have a habit of cutting through my vacant lot for lunch, and the neighbors, likewise, cut through to go play pool, etc. Say I want the police to do something about it, because some of those cutting through aren't on their best behavior. In many states, I can't really get the police to enforce anti-trespassing laws until I have made a serious effort to assert my control over the right-of-way on the property, efforts such as building a fence around the property.
The front yard, even without a fence, is, by custom, private property. The sidewalk to your door is access, but still private property.
Even if you don't put up a fence, custom dictates that your neighbors could get in trouble for holding an all-night beer bust on that sidewalk without your permission.
Even if you put up a fence, the newspaper carrier has a certain claim to the right to walk up the sidewalk to ring your doorbell to collect his subscription fees if you have deliberately subscribed.
Thinking about the sidewalk, even though you have a duty to shovel snow on the sidewalk by the street, you don't have any right to put up a fence that blocks access to people passing by your house.
It's going to be hard to get any traction in court if start trying to sue every salesman who comes to your door unless you lock the gate and put up signs that say things like, "No soliciting," and "No trespassing." It's going to be nigh impossible to take any legal action against a salesman you walks up to your front sidewalk and tries your get or looks around for "No trespassing" signs.
If some specific salesman (or private investigator) makes a nuisance of himself, you might get a court order that mandates that individual stay n meters away from your property, in which case, even the sidewalk on the street will be considered part of the property and will be off-limits to that person. This is what the judge thinks this case is about.
However, this case is complicated by the fact that the sidewalks in question appear to have been used in illegal activities, and the injunction has been issued to prevent evidence of that activity being gathered: No getting close enough to even take pictures of the front lawn. That's what the judge's mistake is. She has issued an injunction that was entirely inappropriate, not just making it impossible to get evidence against the owner of the house, but enabling the owner of the house to prevent the individual they are suing from getting essential evidence for his defense.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
Her name is Cynthia A. Rothe-Seeger, her email address is CRothe-Seeger@ndcourts.gov. Please keep is sane and civilized, but even after the damage is done, she should probably be educated about the technical background. Chances are, computer-related cases will increase.
i've started a discussion thread at OARC-dnsops on this ruling, and have tried to show the ways in which the judge might be looking at this. note, it's a bad ruling in my opinion, but not nec'ily proof of judicial idiocy.
OK, I'll look at that, but I can't promise you the ideal "open mind." I have clean copies of Liu's Cookbook and Liu & Albitz's DNS & BIND 5th Edition -- no pages of either dogeared yet, but you don't even have to be a newbie to know that functioning DNS servers and suitcases full of money don't just fall out of the sky.
All 19 hijackers were known terrorists 09-10-2001. Lack of FBI intelligence does not justify warrantless wiretaps..
http://www.spamsuite.com/node/351 9. The evidence presented at trial produced no treatises or authoritative sources to suggest that any other intended purpose exists for a zone transfer. The academic and technical resources put in evidence at trial uniformly indicate that zone transfers have no intended purposes beyond those mentioned above. Suddenly, this looks like a run-of-the-mill case of crappy lawyers, not a corrupt, stupid, ignorant or lazy judge. Nothing [unusual] to see here. These are not the headlines you're looking for. Move along, move along. 10. The literature available on the subject all refers to access attempts such as the host -l command issued by Ritz under the circumstances of this case as "unauthorized." Microsoft itself, as well as various other, authorities [there are authorities, 'other' than Microsoft?] all refer to zone transfers conducted by an individual other than the network administrator or an authoritative name server as "unauthorized." OK, like everybody else here I note the irony. But irony alone is not a Case, cyberpunks.
All 19 hijackers were known terrorists 09-10-2001. Lack of FBI intelligence does not justify warrantless wiretaps..
http://www.spamsuite.com/node/351
... "BOFH" ("Bastard Operator From Hell").'
'He also disguised himself as a mail server.'
'Ritz falsely stated in his interrogatory answers that his only name on the Internet was David Ritz, when he actually went by names including