Home / Blogs

North Dakota Judge Gets it Wrong

...WAY wrong. This is just mind blowing.

Ever been prosecuted for tracking spam? Running a traceroute? Doing a zone transfer? Asking a public internet server for public information that it is configured to provide upon demand?

No? Well, David Ritz has. And amazingly, he lost the case.

Here are just a few of the gems that the court has the audacity to call “conclusions of law.” Read them while you go donate to David’s legal defense fund. He got screwed here, folks, and needs your help.

“Ritz’s behavior in conducting a zone transfer was unauthorized within the meaning of the North Dakota Computer Crime Law.” You might not know what a zone transfer is, but I do. It’s asking a DNS server for all the particular public info it provides about a given domain. This is a common task performed by system administrators for many purposes. The judge is saying that DNS zone transfers are now illegal in North Dakota.

“The Court rejects the test for “authorization” articulated by defendant’s expert, Lawrence Baldwin. To find all access “authorized” which is successful would essentially turn the computer crime laws of this country upside down.” That’s untrue. The judge is trying to hang David out to dry, even when provided evidence of what actually constitutes hacking or cracking. Accessing a server on the public internet that is set up to provide that public info is not a crime, and saying that it is not a crime doesn’t suddenly damage computer crime law. The judge just amended the definition of “unauthorized” to include public internet servers that were expressly configured to provide info to anybody who asks for that info.

“Ritz has engaged in a variety of activities without authorization on the Internet. Those activities include port scanning, hijacking computers, and the compilation and publication of Whois lookups without authorization from Network Solutions.” I’m not touching the “hijacking computers” statement—who knows what the judge means, and I don’t think it’s wise to assume that the judge’s definition matches the common one. But what really jumps out here is this: Publication of WHOIS information. You know, business records. Who owns a domain. Public information. The judge has arbitrarily decided that it is illegal to take information from WHOIS data—necessary information when compiling a report on a company or activity, to make sure you’re talking about the right person—and put it in a spam report or on a website.

Mickey Chandler calls the court documents in this case “12 pages of bad law,” and I couldn’t agree more.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Al Iverson, Spam Policy Enforcement Director and Deliverability Consultant

Filed Under

Comments

Michele Neylon  –  Jan 16, 2008 11:35 PM

I had to check the date after reading this. It sounds like a bad April’s Fool.

So basically if you have servers in Dakota you might want to move them!

Neil Schwartzman  –  Jan 16, 2008 11:43 PM

Michele Neylon said:

So basically if you have servers in Dakota you might want to move them!

I’d be more about the ‘figure out a way to blackhole all of North Dakota’ just to ensure the safety of the rest of the Internet.

I’m thinking of a couple of expletives from Deadwood, South Dakota to describe the judge at his point.

Joe Wagner  –  Jan 17, 2008 12:38 AM

Here is a literal worst-case scenario of what can happen when a court fails miserably to understand technology. The judge ruled:

Ritz has engaged in a variety of activities without authorization on the Internet. Those activities include port scanning, hijacking computers, and the compilation and publication of Whois lookups without authorization from Network Solutions.

The port scanning/hijacking computers is posting a test message through one of Verizon’s machines to prove to Verizon they had an open relay—i.e. posting to 0.verizon.security via the relay a note to Verizon’s security saying “What’s it going to take to get you to secure this gaping hole in what you call your network,” or words to that effect. Verizon apparently had no problem with the demo post and closed the relay.

Take note, for those anti-spammers out there, this Judge is ruling that if you post the whois record for a spammer’s domain your are doing a malicious, tortious act.

Paul Arbour  –  Jan 17, 2008 1:57 PM

Maybe I’ll start an international incident here….

Trying “www.court.state.nd.us”
;; ->>HEADER<

<- opcode: QUERY, status: NOERROR, id: 23766
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;www.court.state.nd.us. IN A

;; ANSWER SECTION:

http://www.court.state.nd.us.  28800   IN   A   165.234.159.34

;; AUTHORITY SECTION:
state.nd.us.      7200   IN   NS   ns3.state.nd.us.
state.nd.us.      7200   IN   NS   ns3.ndnic.com.

;; ADDITIONAL SECTION:
ns3.ndnic.com.      163383   IN   A   165.234.72.11

Received 116 bytes from 209.68.2.41#53 in 71 ms
Trying “www.court.state.nd.us”
;; ->>HEADER<

<- opcode: QUERY, status: NOERROR, id: 57310
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.court.state.nd.us. IN AAAA

;; AUTHORITY SECTION:
state.nd.us. 300 IN SOA ns3.state.nd.us. ipadmin.state.nd.us. 1063 3600 600 604800 300

Received 87 bytes from 209.68.2.41#53 in 75 ms
Trying "www.court.state.nd.us"
;; ->

>HEADER<<- opcode: QUERY, status: NOERROR, id: 31628
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.court.state.nd.us.      IN   MX

;; AUTHORITY SECTION:
state.nd.us.      300   IN   SOA   ns3.state.nd.us. ipadmin.state.nd.us. 1063 3600 600 604800 300

Received 87 bytes from 209.68.2.41#53 in 71 ms

Jon Thorson  –  Jan 17, 2008 4:23 PM

I’m going to sum this up so that maybe someone will have a grasp of what actually is the issue here.

This kid attacks sites on a hosting provider.  The hosting provider asks him to stop.  He tells them where to go.  The hosting provider goes to the courts and asks for an injunction, they get it.  The kid continues his attacks.  The hosting provider goes back to the court.  The court says “show us proof that he’s violating the injunction.”  The hosting provider shows the court the zone transfer.  The kid is prosecuted.

Honestly, this seems like a lot of Chicken Little and little of researching the facts.  The kid admits he’s been intending to do harm to the hosting provider.  He admits attacking other providers.  He is clearly a menace.  But post a judgment saying that what he did was wrong (it was, it violated the injunction) and everyone immediately assumes that he is the victim and the judge has no clue what is going on.

I live in North Dakota, I know first hand that there aren’t a lot of people in the state’s judicial system that have an understanding of technology.  This isn’t the case here.

Amazingly, the first link in the story takes you to the judgment which spells the whole saga out.  Also amazingly, the author in that link states they’ve been watching the story for “a long time.”  Why they made it into a “the sky is falling” issue, I can’t tell you.  I can tell you that they got it wrong.

Go back and read the judgment.  Read it all the way through.  You’ll see that zone transfers in and of themselves are not being ruled illegal, just that the kid doing them against the hosting provider is.

Al Iverson  –  Jan 17, 2008 4:34 PM

First, not a kid. He’s a long time, respected spam tracker, who is a very smart guy and has done a lot of good things to help people stop spam.

Secondly, I fully agree on one bit—read the whole thing, and decide for yourself. The mis-application of the law sticks out very obviously from my view, and I’m sure others will see the same.

It’s true that not all the facts here are public. I am given to believe that the court transcripts are sealed, which seems a bit odd. Others are looking into why.

BTW, the one lone technology professional in ND create an account today just to rebut my post in comments? Forgive me if I suspect this is a troll.

(Seems to be right up there with the pseudo-anonymous emails I’ve gotten from people trying to see if I know more about the case than I’m letting on. Nice try, guys, but no.)

Mickey Chandler  –  Jan 17, 2008 4:59 PM

I’m the guy who runs Spamsuite.com and who obtained a copy of the judgment from the clerk of the court.  So, let me take a moment to defend my “chicken little” comments.

I say what I say about the use of “host -l” because of Conclusion of Law #1: “behavior in conducting a zone transfer was unauthorized within the meaning of the North Dakota Computer Crime Law.” That zone transfer was accomplished by the use of “host -l” (Finding of Fact #2). Notice that the “behavior in conducting” the zone transfer is the unauthorized action which constitutes a violation, not the republication or subsequent use of the information.

Yes, there are some disturbing allegations there about misconduct regarding a preliminary injunction.  But remember that the injunction was granted subsequent to the filing of the suit.  So, that does nothing to change the fact that the suit was originally brought because the plaintiff claimed that the zone transfer was a violation of the North Dakota Computer Crimes statute, and that this argument was bought by the judge.

Jon Thorson  –  Jan 17, 2008 5:02 PM

I stand corrected on the kid part.  Practice what I preach on the researching, eh?  :-)

I certainly understand the suspicion of trolling, but be assured that isn’t the case here.  I’m just concerned that people may be over-reacting to something that may not be what it seems.  I could have posted a response on Slashdot, where I first heard about this, but I chose to sign up here and post my comments directly.

In my eyes, this appears that justice is served.  Mr. Ritz was instructed not to do something, and he failed to follow those instructions.  I’ll admit that I probably don’t have every last fact in this case, but from where I sit, violating an injunction is criminal no matter what the purpose for it is.  Assuming that the intent was to stop spam from this provider, surely there are other ways of doing it?

Mickey Chandler  –  Jan 17, 2008 5:06 PM

Jon Thorson said:

In my eyes, this appears that justice is served.  Mr. Ritz was instructed not to do something, and he failed to follow those instructions.

What you’re assuming here is that the injunction was in place when the case started and that the accusation here is that he violated the injunction.  That is NOT the case.

First the zone transfer happened.  Then the case was filed alleging a violation of the North Dakota Computer Crimes law.  Then the injunction was granted.  Then the alleged violation(s) of the injunction happened.

Jon Thorson  –  Jan 17, 2008 6:31 PM

First the zone transfer happened.  Then the case was filed alleging a violation of the North Dakota Computer Crimes law.  Then the injunction was granted.  Then the alleged violation(s) of the injunction happened.

Ok, I’m with you on the timeline.

Sierra states in their complaint against Mr. Ritz and Mr. Falk that all of Sierra’s computing equipment have warnings that are presented upon access stating that access is permitted by authorization only.  The North Dakota Computer Crime Law (which is amended to a Racketeering and Organized Crime law, not sure why that is) states:

12.1-06.1-08. Computer fraud - Computer crime - Classification - Penalty.
1. A person commits computer fraud by gaining or attempting to gain access to,
altering, damaging, modifying, copying, disclosing, taking possession of, or
destroying any computer, computer system, computer network, or any part of the
computer, system, or network, without authorization, and with the intent to devise or
execute any scheme or artifice to defraud, deceive, prevent the authorized use of, or
control property or services by means of false or fraudulent pretenses,
representations, or promises. A person who commits computer fraud is guilty of a
class C felony.
2. A person commits computer crime by intentionally and either in excess of
authorization given or without authorization gaining or attempting to gain access to,
altering, damaging, modifying, copying, disclosing, taking possession of, introducing
a computer contaminant into, destroying, or preventing the authorized use of any
computer, computer system, or computer network, or any computer software,
program, or data contained in the computer, computer system, or computer network.
A person who commits computer crime is guilty of a class A misdemeanor.
3. In addition to any other remedy available, the owner or lessee of a computer,
computer system, computer network, or any part of the computer, computer system,
or computer network may bring a civil action for damages, restitution, and attorney’s
fees for damages incurred as a result of the violation of this section.

So, Mr. Ritz completes his ‘host -l’ of the Sierra network.  Sierra files a complaint stating that said host command was not authorized and of ill intent referencing the computer crime law and Mr. Ritz should be prosecuted.  The court has no choice but to comply.  The law is the law.

Obviously Sierra knew Mr. Ritz was on the offensive.  I am assuming that the point of this offensive is because Sierra is hosting/harboring a spammer.  That’s all well and good, but I have to question the method of the offensive.  The method was proven to be criminal in a court of law.  Did the judge make a mistake?  No.  The law clearly states that if access is not authorized, it is criminal intent.  Does the law need to be rewritten?  Absolutely.  It is too vague in its definition of access.

But I have to wonder why, after the complaint was filed, and an injunction granted, did Mr. Ritz continue?  This is an important question.  If Mr. Ritz would have replied to the complaint with “oops, my bad, didn’t realize it was illegal to do that,” the injunction would have been dropped and Mr. Ritz would have simply had to use a different method to stop the spam, if that was his intention.  Instead, he continued his attempts to infiltrate the network and that solidified Sierra’s case against him.  Again, the law as it stands is clear.

It’s interesting though, this law.  As vague as it is, why not use it as an advantage.  I don’t authorize spam to enter my mail servers.  Under this law, the person sending the spam is in criminal violation.

I’m curious as to the point of this crusade against Sierra.  I mean, I see a few one sided arguments here, but coming in as an outsider, having gone through what publicly available documentation I can find, I’m seeing that Mr. Ritz clearly has something against Sierra.  Is it that they are hosting/harboring a spammer?  If it’s true then proof should be provided so that the world can have a good understanding of Mr. Ritz’ side of the story.  I’m not even seeing that in the court documents.

Mickey Chandler  –  Jan 17, 2008 6:53 PM

Jon Thorson said:

Ok, I’m with you on the timeline.

Good.

So, Mr. Ritz completes his ‘host -l’ of the Sierra network.  Sierra files a complaint stating that said host command was not authorized and of ill intent referencing the computer crime law and Mr. Ritz should be prosecuted.  The court has no choice but to comply.  The law is the law.

The court has nothing to do with it.  Prosecution of a criminal statute falls to the prosecutor’s office, not the court.  And a court does not have to allow things to go through to completion.  Cases are dismissed all the time.  Just ask Jonathan Lee Riches.

Obviously Sierra knew Mr. Ritz was on the offensive.  I am assuming that the point of this offensive is because Sierra is hosting/harboring a spammer.

Actually, if my understanding of things is correct, Sierra WAS the spammer and the information from the zone transfer was used to prove that.

That’s all well and good, but I have to question the method of the offensive.  The method was proven to be criminal in a court of law.  Did the judge make a mistake?  No.  The law clearly states that if access is not authorized, it is criminal intent.  Does the law need to be rewritten?  Absolutely.  It is too vague in its definition of access.

And excessive vagueness is on reason that a lot of suits based upon statute are thrown out of court by judges.  Also, remember that when the zone transfer happened, there was no such ruling that would put anyone on notice that zone transfers violate North Dakota law.

But I have to wonder why, after the complaint was filed, and an injunction granted, did Mr. Ritz continue?  This is an important question.

That’s an interesting question that we’ll never hear the answer to, given the terms of the judgment (Order for Judgment #11 and #13).

If it’s true then proof should be provided so that the world can have a good understanding of Mr. Ritz’ side of the story.  I’m not even seeing that in the court documents.

That’s because the transcripts are sealed (Order for Judgment #13) and Mr. Ritz is forbidden from discussing anything having to do with Sierra, presumably including the case itself (Order for Judgment #11).

Jon Thorson  –  Jan 17, 2008 7:47 PM

While you may think that the judge ruled incorrectly, I have to disagree.  She was presented facts from both sides.  She heard the arguments, and ruled.  Sierra’s high paid attorneys obviously made the most compelling argument.  It has to be said that Mr. Ritz’ actions did not help his case.

The law used in this situation is vague.  It was Mr. Ritz’ responsibility to educate the judge about it.  Really, that’s the point of the whole legal system.  Two sides argue facts and the judge interprets the law accordingly.  I guess that’s really all I can say about this.  The good guys don’t always win.

Jeremy Stack-Ellsworth  –  Jan 17, 2008 8:09 PM

Al Iverson said:

BTW, the one lone technology professional in ND create an account today just to rebut my post in comments? Forgive me if I suspect this is a troll.

As someone who falls into the category of “technology professional” who lives in North Dakota, I take serious exception to this.  Come on over and I’ll give you a tour of the engineering areas of Microsoft’s buildings here in Fargo.

Al Iverson  –  Jan 17, 2008 8:59 PM

Make an (at least) four digit contribution to David’s legal defense fund, and then I will happily visit Fargo and the MS campus to meet you and whomever else you want, on my own dime. Let me know when done with details and then we can plan it out.

Brian McNett  –  Jan 17, 2008 9:20 PM

Jon Thorson said:

While you may think that the judge ruled incorrectly, I have to disagree.  She was presented facts from both sides.  She heard the arguments, and ruled.  Sierra’s high paid attorneys obviously made the most compelling argument.  It has to be said that Mr. Ritz’ actions did not help his case.

The law used in this situation is vague.  It was Mr. Ritz’ responsibility to educate the judge about it.  Really, that’s the point of the whole legal system.  Two sides argue facts and the judge interprets the law accordingly.  I guess that’s really all I can say about this.  The good guys don’t always win.

The full truth of the matter is now under a judge’s seal.  I strongly suspect that Mr. Ritz was prevented by both the court and machinations of the plantiff from properly presenting his side of the case.  The judge’s decision is nearly word-for-word identical to the plantiff’s original complaint as I understand it (recalling that the acutal documents are now under seal and I have no access to them). This includes grammatical errors and misstatements.

I am not a lawyer.  However, my job as a professional network-abuse analyst keeps me deeply involved in the legal aspects of fighting spam.  What Mr. Ritz did, is what anyone in my profession would do.  These things have been interpreted by this judge as violations of the law in North Dakota.

Let there be no doubt. Mr. Reynolds, from the period of 1999 to 2001 was engaged in USENET spam.  Subsequent to this he engaged in a campaign of forged cancels to remove evidence of his past behavior.  When this proved unsuccessful, Mr. Reynolds engaged in lawsuits against those who had exposed his past activities.

There is a legal doctrine which should have been applied in this case, and was not.  It is the doctrine of unclean hands.  Mr. Reynolds is in fact guilty of many of the exact crimes he is falsely accusing David Ritz of.  He should, by definition have no standing to lodge a complaint.

This ruling is bad on multiple levels. It injures my ability to lawfully police my employer’s network, and to prevent known spam operations like Mr. Reynolds’ from obtaining service with us.  It places prior restraint on free speech.  It puts common network administration tools off limits for their intended purpose.  Regardless of the harm done to Mr. Ritz, which is substantial, this ruling cannot be allowed to stand.

The alternative would be to isolate North Dakota, and not transact with it over the Internet.

Larry M. Smith  –  Jan 17, 2008 9:26 PM

Jon Thorson said:
(snip)

I’m curious as to the point of this crusade against Sierra.  I mean, I see a few one sided arguments here, but coming in as an outsider, having gone through what publicly available documentation I can find, I’m seeing that Mr. Ritz clearly has something against Sierra.  Is it that they are hosting/harboring a spammer?  If it’s true then proof should be provided so that the world can have a good understanding of Mr. Ritz’ side of the story.  I’m not even seeing that in the court documents.

This this is part of the problem, the case transcripts are sealed and Sierra has worked very hard to bury data on the Internet about their spammy past.

Some interesting URLs;
http://www.onlisareinsradar.com/archives/002533.php
http://www.chillingeffects.org/notice.cgi?sID=469
http://www.harmonyridgemusic.com/falk/Nz/Documents/
http://www.rahul.net/falk/Nz/
http://jamroll.net/support/about21835.html

Jon Thorson  –  Jan 17, 2008 10:26 PM

Brian McNett said:

The full truth of the matter is now under a judge’s seal.  I strongly suspect that Mr. Ritz was prevented by both the court and machinations of the plantiff from properly presenting his side of the case.  The judge’s decision is nearly word-for-word identical to the plantiff’s original complaint as I understand it (recalling that the acutal documents are now under seal and I have no access to them). This includes grammatical errors and misstatements.

I can’t say for Mr. Ritz being prevented from arguing his story, but I suspect the seal was punishment for Mr. Ritz illegally viewing Attorney Eyes Only documents.

I am not a lawyer.  However, my job as a professional network-abuse analyst keeps me deeply involved in the legal aspects of fighting spam.  What Mr. Ritz did, is what anyone in my profession would do.  These things have been interpreted by this judge as violations of the law in North Dakota.

Indeed, I am no lawyer either, however I am also not a vigilante.  As described in the court documents available for viewing, Mr. Ritz was apparently interested in more than asking Sierra nicely to stop what they were doing.  I don’t know anyone that would attack the site of an alleged spammer to defend their own network.  I certainly wouldn’t.

Let there be no doubt. Mr. Reynolds, from the period of 1999 to 2001 was engaged in USENET spam.  Subsequent to this he engaged in a campaign of forged cancels to remove evidence of his past behavior.  When this proved unsuccessful, Mr. Reynolds engaged in lawsuits against those who had exposed his past activities.

Sadly, this isn’t the issue.  Mr. Ritz removed this as an issue when he violated the injunction.

There is a legal doctrine which should have been applied in this case, and was not.  It is the doctrine of unclean hands.  Mr. Reynolds is in fact guilty of many of the exact crimes he is falsely accusing David Ritz of.  He should, by definition have no standing to lodge a complaint.

Again, this isn’t the issue.  I doubt any court in America would say “pot, kettle, black” if Mr. Reynolds went before them and claimed that Mr. Ritz was causing him harm.

This ruling is bad on multiple levels. It injures my ability to lawfully police my employer’s network, and to prevent known spam operations like Mr. Reynolds’ from obtaining service with us.  It places prior restraint on free speech.  It puts common network administration tools off limits for their intended purpose.  Regardless of the harm done to Mr. Ritz, which is substantial, this ruling cannot be allowed to stand.

This ruling hinders no one from doing their job.  It’s a civil ruling that says Mr. Ritz was wrong for pursuing Mr. Reynolds the way he did.  No precedent is set, you can continue with your port scans and digs all you want.

The alternative would be to isolate North Dakota, and not transact with it over the Internet.

That is your choice.  There are no laws stating you must accept traffic from a particular state.

I think there is something that people are missing.  In the eyes of the court, Mr. Ritz is a menace to Sierra.  It’s pretty hard to argue otherwise.  Whether or not he was doing it for the greater good is irrelevant.  His case was doomed the minute he went back after Sierra after the injunction.  That’s what this whole thing is about.  Mr. Ritz went against the court, and when you do that you lose, no matter what state you are in.

Here’s a recommendation.  Call the Electronic Frontier Foundation and ask them to get involved.  If this ruling is truly detrimental to the Internet community as a whole, they should be more than happy to help out.

I know this thread is a year Edward Falk  –  Jan 30, 2009 8:08 AM

I know this thread is a year old, but I'm just stumbling across it now, and I just can't let such unadulterated rubbish go unchallenged.

I can't say for Mr. Ritz being prevented from arguing his story, but I suspect the seal was punishment for Mr. Ritz illegally viewing Attorney Eyes Only documents.
I am unaware of his doing any such thing. What is your basis for such a claim?
Indeed, I am no lawyer either, however I am also not a vigilante. As described in the court documents available for viewing, Mr. Ritz was apparently interested in more than asking Sierra nicely to stop what they were doing. I don't know anyone that would attack the site of an alleged spammer to defend their own network. I certainly wouldn't.
Believe me, we worked long and hard at asking Netzilla/Sexzilla (before they changed their name to Sierra) nicely to stop what they were doing. We spent literally years trying to get them to stop what they were doing. At the time, they were the largest spammer on the internet and nothing could get them to stop. What David (and many others) did was the same as any network engineer would do when trying to track a spam infestation to its source. We ran whois queries to see who the registered owner was. We ran traceroutes to find out who their peers were. We ran DNS queries to find out what their associations were. These are all standard best practices.
Sadly, this isn't the issue. Mr. Ritz removed this as an issue when he violated the injunction.
No, Reynolds claimed Ritz violated the injunction (I don't believe that he did), and the judge believed it.
Here's a recommendation. Call the Electronic Frontier Foundation and ask them to get involved.
We did; they have bigger fish to fry. Interested parties, however, may contribute to his defense fund; see http://sfldf.org/donations.html

Al Iverson  –  Jan 17, 2008 11:07 PM

Uh, actually, it’s very easy to argue otherwise, especially when we know more about spam tracking and network security than you do, apparently. You may describe him as a “vigilante,” but those of us like Brian and I, who actually work in security and spam prevention, would describe him as a strong ally.

You seem pretty clear that Mr. Ritz did X, Y, and Z. Either you have knowledge of the case beyond what you’ve read in the documents we’ve all seen, or you’re quick to accept a clearly faulty ruling as accurate. The latter suggests you believe everything you’re spoon fed, even if questionable. The former suggests a learning opportunity. If so, would you care to school us on what else you know about the case?

There are a whole bunch of clear, easy to grasp flaws in this ruling. It’s funny how you’re quick to read around them and grasp on to the bits you like. Many more of us are questioning all of it, because there are a lot of important technical bits that are wrong. If it’s possible that those were wrong, it’s possible (and indeed, likely) that other bits latched on to by you are also wrong.

I think there is actually nothing here that we are missing. We see that the court apparently considers David a menace. Well, duh. Why do you think I posted this? Because I read this, and I see the flaws in it. Even from the small amount of public information available, it appears to be an opinion built upon a faulty foundation.

Robert Spies  –  Jan 18, 2008 12:32 AM

Here we have a perfect example of a judge minding business that is not his, while at the same time demonstrating his incompetence in the area he judged.

This sort of thing does no one any good and in addition a waste of taxpayer time and money and shows the judicial to be ridiculous.

One major flaw with the judicial is that ridiculous ‘judgements’ (of which this is a prime example) cannot be laughed out of existence, or otherwise eliminated, while at the same time earning the judge a significant ‘demerit’. (Two or three such demerits would mean he was out—without appeal.)

Brian McNett  –  Jan 18, 2008 3:23 AM

Jon Thorson said:

Here’s a recommendation.  Call the Electronic Frontier Foundation and ask them to get involved.  If this ruling is truly detrimental to the Internet community as a whole, they should be more than happy to help out.

Mr. Thorson,

(I apologize for not being able to directly identify my employer in this forum.  Doing so might imply that I am speaking on their behalf.  Many of the frequent posters here do know me by reputation at least.  I have had a nearly ten-year career doing anti-spam research and investigation in various capacities, and now find myself being adequately compensated for my work on behalf of a major network services provider.  My employer is very large, and any business decision which might be informed by my advice would have broad and reaching effects.  It is, therefore of vital importance that I NOT speak on their behalf here.  I am known to Mr. Iverson, Mr. Schwartzman, Mr. Smith, and Mr. Chandler, as well as others who frequent this site but have not posted here.)

My colleagues would no doubt find a delicious irony in it having been me contacting the likes of John Gilmore considering the history involved. Moreso, had it been done by my immediate superior at my employment.  Let us just say that the EFF hasn’t always stood side-by-side with the interests of network abuse professionals and leave it at that.  In fact, if the EFF does get involved, which is nearly a certainty, it means that traditional adversaries have arrayed against the court in North Dakota.

Before leaving work this evening, I took a quick poll of the engineering staff at my employer’s Network Operations Center.  Many of them know, or are at least aware of who David Ritz is.  Reliable and consistent research into the often intentionally obscured identities of spammers is rare and difficult to come by. Furthermore, USENET is now something of a backwater, and those with an interest in protecting it are rarer than those offering their help in other areas.  My co-workers are chagrined that someone they regard as an upstanding volunteer has been essentially railroaded into a dubious rubber-stamp court judgment.  The opinions of my counterparts at other organizations are already recorded on this page.

During the period of David’s anti-spam activity, which ended around 2001 with a tragic accident which nearly took his life and has left him permanently disabled, I myself volunteered my time, resources and expertise to track down and identify spammers.  It is only because I was more circumspect in my public postings to USENET, that I myself did not draw the attention of the plaintiff in this case.  It is only because I was available for employment, and not in a medically induced coma, that I was able to become a professional, and now do my investigation in an official capacity.

Mr. Ritz performed the alleged criminal acts during a time when Mr. Iverson, Mr. Chandler, Mr. Schwartzman, and myself would also have been considered criminals had we fallen under the gaze of the plaintiff.  Thus, Mr. Thorson, you are, knowingly or otherwise, continually impunging the defendant and acting as an apologist for the plaintiff among a group of professional who, were it not for a twist of fate, would also include David Ritz.  Many of the “crimes” (isn’t this a civil case?) Mr. Ritz is accused of, are things all of us have done at one time or another as a routine part of both our efforts as volunteers, and our jobs as professionals.  Mr. Iverson’s reputation as a professional was largely established based on his ability to, as the ruling puts it “disguise himself as a mailserver”.  Mr. Schwarztman, has carried what the court calls “vigilantism” to the point of being Canada’s foremost expert on spam.  Mr. Chandler has taken his legal, advocacy, and forensic skills (developed in the late 1990’s in what the court judges to be “criminal activity”) to a position at one of Mr. Iverson’s employer’s direct competitors. Mr. Iverson and Mr. Chandler work for companies whose business is sending commercial email.  Their needs and the needs of their customers are frequently at odds with the likes of Mr. Schwartzman, Mr. Smith and myself. Nonetheless, we are all here, firmly in opposition to the decision of your beloved North Dakotan legal system.

Mr. Thorson, the reputations and professionalism of all those present are well established.  We would not, a single one of us, speak a word out of line if we felt it would reflect badly upon us and our employers.  We have been civil and courteous, and it is clear that you will be eternally unconvinced.  I have, to the best of my ability respected my colleagues in not openly identifying who they work for.  However, the minimal background I have provided, could easily be used to confirm what I have by necessity, not said.  You, however, are unknown to us, and the only voice in this thread speaking in advocacy of widely-regarded injustice.  This places us at a disadvantage.  In fact, simple internet searches would reveal the identities and employers of all participants in this thread, save yourself.

I would like to thank you for abiding by the code of conduct of this forum, and providing us with a suitable straw-man argument on behalf of the plaintiff. However, this discussion serves no further purpose.

Jon Thorson  –  Jan 18, 2008 4:00 AM

Brian McNett said:

I apologize for not being able to directly identify my employer in this forum.  Doing so might imply that I am speaking on their behalf.

I understand completely the need to remove oneself of association with ones employer in forums such as this.  I am in the same boat.

I would like to thank you for abiding by the code of conduct of this forum, and providing us with a suitable straw-man argument on behalf of the plaintiff. However, this discussion serves no further purpose.

I agree we have sufficiently debated this topic.  I would like to offer a couple of final comments, if I may be so bold.

First, my intention here was not to slander or attack Mr. Ritz, directly or indirectly.  Looking back at some of my posts, I can see that it could be interpreted that way.  I felt different tactics from those I understood to have happened would have been more proper.  My intention was, for the most part, to defend what I felt was an attack on the state that I call home.  To be honest, my first thoughts were, “great, someone else that thinks we’re just a bunch of hicks.”

Secondly, there was no intention of defending Mr. Reynolds.  I did not come here to play Devil’s Advocate, I certainly apologize if it appeared so.

I thank you all for the spirited debate.

Michael Hammer  –  Jan 18, 2008 8:58 PM

The discussion ending so soon? I’m always late to the party.

One aspect of the statements of fact that I believe raises the hackles of some (such as myself) is that the finding of fact(s) asserts that a particular act is criminal without regard to the context of the act. This makes the assertion of fact much broader than it might otherwise be. There are also (potential) factual errors in the statments of fact.

For example, let’s consider #6:

“Sierra’s internal domain structure as copied by Ritz into the zilla queries file included private host names, private and non-routable IP addresses, and privately registered domain names. The non-mutable IP addresses were not directly accessible from the Internet and would not be known to Ritz had he not accomplished a zone transfer. The private host names could not be ascertained from any publicly available source and were only known to Ritz by virtue of the zone transfer.”

The broad declarative that the private host names could not be ascertained from any publicly available source…. how many times have “you” googled domain names for a particular domain and come up with “private” host names?

I have more than rarely found “leakage” of RFC1918 address space IPs from behind multiple layers of NATs. Just look at SMTP headers on many emails.

If the judges recital of facts were stated more narrowly there might be substantially fewer people considering those findings objectionable.

I think it is clear to knowledgable individuals that the “facts” asserted are not necessarily factual regardless of the other merits of the case.

Chris Lewis  –  Jan 18, 2008 9:26 PM

I thought it might be worth while amplifying a bit on what Brian, Al and others said.

Much of what Brian said about identifying our employers, and knowing more about the situation (and the other commenters - Hi Brian, Al, Neil… ;-)) applies to me as well (only more so).

I worked directly with David on similar situations back in those days on Usenet (tho not this issue in any detail specifically).  He was always extremely meticulous and careful. If you had asked me then, and I still believe now, that he would NEVER partake in anything most would agree are hacking (logging into/breaking into/altering systems etc), and only used publically available information and that derived by standard protocol queries.

In other words, staying well within the law (or at least how it should be interpreted).

Secondly, even if he were so inclined to violate a court order (which I still really don’t believe), he was not only hospitalized but absolutely incapable of violating it for much of the period I believe is in question.

So, not only (as Al says) do I believe there are severe problems with the technical rulings (eg: legality of performing zone queries), I believe as well there are major errors in the findings of fact.

I find it difficult to interpret the whole business as anything other than well funded petty vengeance on someone who has through life circumstances very little ability to defend himself.

It could quite literally have been any of us (perhaps especially me), and still could be even for that which we do on behalf of our employers.

As such, I believe David deserves our full support. Please donate if you can.

Larry Seltzer  –  Jan 19, 2008 1:58 PM

It’s clear we don’t have all the information here that we need to make a completely informed analysis. It’s also clear that the judge got pissed off at Ritz because (so the ruling says) he ignored an injunction and accessed attorney eyes-only documents. This lost Ritz a lot of credibility and benefit of the doubt. Does anyone have any evidence that he didn’t violate an injunction?

Another point in the judgment that caught my eye was this:

CONCLUSIONS OF LAW
3. The Court rejects the test for “authorization” articulated by defendant’s expert, Lawrence Baldwin. To find all access “authorized” which is successful would essentially turn the computer crime laws of this country upside down. Any backer could allege that any form of access was authorized because he was able to penetrate the system, regardless of whether the commands utilized were well-formed.

I think there’s an important and valid argument here, assuming the judge is properly representing the expert’s opinion. Just because you can get in doesn’t mean you’re authorized. If I leave my house unlocked that doesn’t give you permission to walk in.

From the judgment and above posts it sounds important under ND law that there is notice that certain access is or isn’t authorized. Perhaps the web site has a footer that says such things, but if I were to run “host -l” on their DNS would I see a warning that unauthorized access was prohibited?  This seems to me to leave big open questions about what Internet users can assume. And when you get the warning, if it comes with the content you asked for, what are you to do? It reminds me of a comic strip I once saw with a posted sign that says “DO NOT READ THIS SIGN Under penalty of law”

Finally, this really caught my attention:

CONCLUSIONS OF LAW
6. Ritz has engaged in a variety of activities without authorization on the Internet. Those activities include port scanning, hijacking computers, and the compilation and publication of Whois lookups without authorization from Network Solutions.

I guess this violates Network Solutions’ terms of use for their whois server, but are they a party to this suit?

Joe Wagner  –  Jan 19, 2008 6:52 PM

Larry Seltzer said:

CONCLUSIONS OF LAW
3. The Court rejects the test for “authorization” articulated by defendant’s expert, Lawrence Baldwin. To find all access “authorized” which is successful would essentially turn the computer crime laws of this country upside down. Any backer could allege that any form of access was authorized because he was able to penetrate the system, regardless of whether the commands utilized were well-formed.

I think there’s an important and valid argument here, assuming the judge is properly representing the expert’s opinion. Just because you can get in doesn’t mean you’re authorized. If I leave my house unlocked that doesn’t give you permission to walk in.

I think this is an excellent point, and an excellent analogy, but you only said half of it.  Here is what I propose is the whole part:

If I leave my house unlocked that doesn’t give you permission to walk in. However, if I leave my public library’s front doors open to all visitors, that IS an invitation to come in and read what is on the shelves.

You are announcing your name server as a public library when you publish it in the TLD root zones. You are not just implying permission for the entire Internet permission to send queries to it, you are actively inviting such queries.

That is not to say that one can’t break the law by abusing a public library: destroying records; blocking the front door, climbing in the back windowto mess with the card catalog system behind the desk. 

But Ritz did none of these things. He walked in the open front door and looked at a phone book on the public shelf of the publicly advertised, publicly accessible library. 

The judge is fining him $50k plus likely $500k attorneys fees because he looked at a whole page of the phone book, rather than just one name on the page. 

Finally, this really caught my attention:

[...]and the compilation and publication of Whois lookups without authorization from Network Solutions.

I guess this violates Network Solutions’ terms of use for their whois server, but are they a party to this suit?

Here is Network Solutions’ prohibition:

). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of Network Solutions.

(e.g. from http://www.networksolutions.com/whois/results.jsp?domain=netsol.com )

A better question is does Network Solutions have the authority to make these prohibitions.  I would say the answer is no, as ICANN states:

“The purpose of the gTLD Whois service is to provide information sufficient to contact a responsible party for a particular gTLD domain name who can resolve, or reliably pass on data to a party who can resolve, issues related to the configuration of the records associated with the domain name within a DNS nameserver.”

This is required to be public information. If it is information required to be in the public sphere, you cannot prohibit it’s dissemination or compilation.

IMHO,

Joe

Al Iverson  –  Jan 19, 2008 7:30 PM

On the WHOIS point, what’s really confusing to me is that this is a civil case and Network Solutions is not a party to this case. They haven’t alleged that he misused their data. So I’m not sure how random third parties are allowed to draw that conclusion.

Brian McNett  –  Jan 20, 2008 1:45 AM

Al Iverson said:

On the WHOIS point, what’s really confusing to me is that this is a civil case and Network Solutions is not a party to this case. They haven’t alleged that he misused their data. So I’m not sure how random third parties are allowed to draw that conclusion.

Parts of this finding read like some twisted absurdist fantasy.

15. Ritz has participated in approximately eighteen UseNet death penalties (“UDP”). A UDP is an attempt to force a Usenet service provider to change its behavior by threatening to have peers cancel their relationships with the target of the UDP, canceling messages propagated from the target of the UDP and if that fails, to go to other providers to convince them to cease doing business with the target. Once he was armed with Sierra’s internal domain structure and published that information. Ritz called for a UDP against Sierra.

This “description” of the Usenet Death Penalty, were it not signed by a judge, would produce howls of derision.  This entirely aside from the fact that the plaintiff has made no case for having been the *subject* of any of these UDPs, only that Ritz requested one against Sierra. In fact, there is no evidence suggesting that Ritz did anything of the sort. These matters are approached with much caution, and what Ritz actually did was call for discussion.

Thanks to this ruling, certain speech regarding the UDP is prohibited in regards to North Dakota.

As explained in wikipedia, UDPs are not a casual act.  There is much discussion before hand, warnings are issued, and all parties must agree to participate, or the UDP will lose effect.

At no point does the UDP involve “and if that fails, to go to other providers to convince them to cease doing business with the target.”  This was no doubt penned by the very hand of Mr. Reynolds, who, as a provider of usenet services, knows better.  The judge simply signed off on it. I will be posting a further analysis on my own blog.

KathyH  –  Jan 22, 2008 5:10 AM

I was going to suggest that the NoDakians vote that judge out of office.  But it looks like she is planning on retiring at the end of ‘08:
http://www.ndcourts.gov/court/notices/20070368/notice.htm

Anyone have any clues as to how long it would take an appeal to reach the court?

Jennifer Samson  –  Jan 22, 2008 9:30 AM

KathyH said:

I was going to suggest that the NoDakians vote that judge out of office.  But it looks like she is planning on retiring at the end of ‘08:
http://www.ndcourts.gov/court/notices/20070368/notice.htm

Anyone have any clues as to how long it would take an appeal to reach the court?

I learned the same earlier today, Kathy H - the Judge is on track to retire and will be long gone before any appeal is finished.  In my opinion, working with this particular Judge was a purposeful strategy for Jerry Reynold’s/Sierra’s counsel, the Larkin Hoffman Daly and Lindgren law firm located in Bloomington Minnesota.

Poor woman. It appears she had a reputable career while holding the title “Honorable” and now it’s reduced to being the laughing stock of North Dakota as an example for the USA? I suspect she was caught between a rock and a hard place ~ and in those kind of circumstances, the seemingly “little” person, David Ritz, gets the brunt of it. 

I also found it alarming that the court records are sealed. Now, this case will be used to shut down and silence anyone who’s in the way of someone else who’s interested in devious schemes to make money - such as spam or pornography, let’s say.  All they have to do is cite this case law - and ignore the lying, cheating, and manipulation that bullied it into “fact.” Removing context is another common tactic of the said law firm. 

Surprisingly, I feel sad for the RIAA. Now that the testimony presented about Sierra and Jerry Reynolds is “sealed” it’s prevented from being investigated or presented by the RIAA who announced last October that they were suing usenet.com, also owned by Jerry Reynolds…

Thus, we witness another “legal” way of destroying evidence, which is the reason this whole situation with David Ritz started, isn’t it? 

A woman in North Dakota was being sued by the Reynolds/Sierra/anonymous/? for defamation because it was alleged she said Reynolds was a pornographer.  Suddenly, all the evidence that she needed to defend herself was erased from the internet and she appealed for help. 

If not for the diligence of a volunteer, she would have suffered the same sort of assault David Ritz has endured… Luckily, the company hired by the Larkin Hoffman law firm (from what I understand of the public information on the internet)forgot about the servers in the UK and the evidence was recovered. All for the rescue of a woman under attack - and to honor truth and our freedom of speech.

Perhaps for the first time, the RIAA is on the right track in my opinion.  You see, instead of going after moms and college kids who download music without the intent to sell it, the RIAA is interested in what Jerry Reynolds is doing through usenet.com (as he continues to make enough money to bully people with frivious lawsuits while he races cars wearing a sort of Frankenstein costume)...Specifically, it’s the uploads that are most interesting to the RIAA.  Hmmm.

Earlier, I implied that David Ritz was perceived by the Court as a “little” person in a concept of hierarchy which is usually based upon the tax bracket you’re in (whether or not you filter funds into Swiss bank accounts a la Scott Carlson’s assertion - something he was paid millions to keep silent from what I heard through the grapevine, but since a gag order was signed, difficult to prove)

But I want to emphasize, that in my opinion, David Ritz is the kind of Cowboy that made America great - a maverick - with principals that leave him no choice but to stand up, alone as it appears, to bear the brunt of his refusal to allow fear to keep him silent. What did he do?  He said the emPORNer has no clothes, by helping others read a public whois search…

I don’t know… I guess pedophiles have to announce where they’re living to protect the neighborhood…but, porn spammers get to keep where they do business private, at least in North Dakota? Why go to China anymore? 

It’s easy enough to sit on the sidelines isn’t it, Jim Q or Jon THORson, or whomever you are? Especially if you lack such integrity to attempt to pin anyone of these geniuses down into stating something you can sue them or their companies for (after getting a cease and desist, of course)

Internet business appears to be the new wild, wild west -and you know what?  If there was an “internet” in the old days, I’m guessing those railroad bullies wouldn’t have had such an easy time destroying the “little” guys who were standing up for what truly was “honorable”

I respect everyone of you who speaks out about what’s happening and cares about an individual who is singled out, burned at the stake, because of some witch hunt conceived by dominators who want to make it “legal” to squash anyone who gets in their way.

David Ritz is a hero.  It’s a matter of time before everyone knows it. We are responsible for caring about his wellbeing and I hope all of us will act upon just a bit of the courage he has by doing all we can to dispell any attempts anyone makes to spin this circumstance into anything other than what it is—- injustice.

And I hope you’ll help protect me when they continue to try to silence me, too!  The most I can do is to do the same as David Ritz, not shying away from my opinions, and by doing all I can to live according to the truth known to me.  (hope that’s enough of a disclaimer!)

Jon Thorson  –  Jan 23, 2008 12:50 AM

Jennifer Samson said:

It’s easy enough to sit on the sidelines isn’t it, Jim Q or Jon THORson, or whomever you are? Especially if you lack such integrity to attempt to pin anyone of these geniuses down into stating something you can sue them or their companies for (after getting a cease and desist, of course)

Well, here we are beating the dead horse…

Obviously, Ms. Samson, you assume that I am some tool for the plaintiff.  I guess I wasn’t clear in my arguments so I’ll try to clarify.  I don’t care about the plaintiff.  I am pretty apathetic to this whole case outside of everyone assuming that we’re just dumb, simple folk up here in the frozen North.  I take offense to the generalization.

There are many cases like this every day in courts throughout America.  Cases where the lone stranger is trying to make a difference, but the bad guy is just too big and has too many resources to be defeated.  This isn’t a Hollywood movie.  Clint Eastwood isn’t going to ride into town with his six-shooters blazing and make things right.  The villain won.

A judgment was made.  It was based on information presented to the judge, as is what happens in all the other cases in this country.  The judge takes the information processes it and comes to a decision.  In this particular case, the judge sealed the information, so we aren’t entirely sure what all happened.  We can only assume.

And that’s what everyone is good at, assuming.  We can sit here and speculate and hypothesize all we want.  We’re all experts, so we can accuse people of being trolls, or call them pawns, and question their character.  We can call the judge a moron, a fool, really, because she hasn’t memorized the RFCs like we have.  It’s pretty easy to do when we’re hiding behind a keyboard, playing armchair lawyer.  Yes, of course, we’re more qualified to be making the decision in this case, not her.  We’re experts, after all.

You’re an expert on who I am apparently, Ms. Samson.  You know that I just “side on the sidelines” waiting for someone to sue.  Yes, that must be it.  I couldn’t be a third party, an outsider, doing what I can to combat the evils of the Internet, because that would be absurd.  You know, being an expert, that everyone who works in the industry worships the ground Mr. Ritz walks on and holds him in divine status.

Indeed, I must be one of “them” because googling me reveals little about who I am other than sharing a name with a biology professor from Wisconsin and a mayor in the Southwest.  I’m one of “them” because I don’t have websites singing the accolades of who I am, or what I do.

I respect everyone of you who speaks out about what’s happening and cares about an individual who is singled out, burned at the stake, because of some witch hunt conceived by dominators who want to make it “legal” to squash anyone who gets in their way.

Much like you’ve singled me out, burning me at the stake over some assumption you’ve made because I disagree with the consensus of everyone here?

It is unfortunate that people with opposing views are quickly dismissed as being in league with “the enemy.”  It must make it hard to recruit allies that way.

Mr. Ritz is fortunate to have friends with such passion about what he does.  He should feel proud to have such friends.  I wish him well in his appeal and hope that his friends can focus just as much energy, if not more, towards the appeal as they have in defending him in public forums.

KathyH  –  Jan 23, 2008 1:38 AM

Jon Thorson said:

I don’t care about the plaintiff.  I am pretty apathetic to this whole case outside of everyone assuming that we’re just dumb, simple folk up here in the frozen North.  I take offense to the generalization.

I don’t know why there’s all this hyper-sensitivity to the frozen North.  I don’t feel dumb or ‘simple’ just because the judge happens to live up north.  And, last I checked, Int’l Falls trumped anything that NoDak had to offer for northerly climates.  (I win.)

I really think you should care about the plaintiff.  He could be coming after anybody else he doesn’t like next.  He’s showing himself to be pretty lawsuit slap-happy.

Even better yet, support the defendant and everyone else on the front lines.  Getting hit by these ridiculous lawsuits is no picnic and these folks need our help and support:
http://www.sfldf.org/donations.html

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign