North Dakota Judge Gets it Wrong

....WAY wrong. This is just mind blowing.

Ever been prosecuted for tracking spam? Running a traceroute? Doing a zone transfer? Asking a public internet server for public information that it is configured to provide upon demand?

No? Well, David Ritz has. And amazingly, he lost the case.

Here are just a few of the gems that the court has the audacity to call "conclusions of law." Read them while you go donate to David's legal defense fund. He got screwed here, folks, and needs your help.

"Ritz's behavior in conducting a zone transfer was unauthorized within the meaning of the North Dakota Computer Crime Law." You might not know what a zone transfer is, but I do. It's asking a DNS server for all the particular public info it provides about a given domain. This is a common task performed by system administrators for many purposes. The judge is saying that DNS zone transfers are now illegal in North Dakota.

"The Court rejects the test for "authorization" articulated by defendant's expert, Lawrence Baldwin. To find all access "authorized" which is successful would essentially turn the computer crime laws of this country upside down."
That's untrue. The judge is trying to hang David out to dry, even when provided evidence of what actually constitutes hacking or cracking. Accessing a server on the public internet that is set up to provide that public info is not a crime, and saying that it is not a crime doesn't suddenly damage computer crime law. The judge just amended the definition of "unauthorized" to include public internet servers that were expressly configured to provide info to anybody who asks for that info.

"Ritz has engaged in a variety of activities without authorization on the Internet. Those activities include port scanning, hijacking computers, and the compilation and publication of Whois lookups without authorization from Network Solutions." I'm not touching the "hijacking computers" statement -- who knows what the judge means, and I don't think it's wise to assume that the judge's definition matches the common one. But what really jumps out here is this: Publication of WHOIS information. You know, business records. Who owns a domain. Public information. The judge has arbitrarily decided that it is illegal to take information from WHOIS data -- necessary information when compiling a report on a company or activity, to make sure you're talking about the right person -- and put it in a spam report or on a website.

Mickey Chandler calls the court documents in this case "12 pages of bad law," and I couldn't agree more.

2 comments:

  1. Wow. I'm not sure the last time I read a document that clueless.

    I especially like He also disguised himself as a mail server. I can picture David with a couple of muffin fans on the side of his head...

    ReplyDelete
  2. Good article, Al.

    David definitely needs a lot of help and soon.

    ReplyDelete

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.