The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Thursday, January 17, 2008

Excellent comment on the Ritz affair

ZWithaPGGB at Slashdot has written an excellent editorial on the judge's decision in this case. I take the liberty of quoting the key part here:

When a jurist with little or no technical understanding attempts to make a ruling in a case where much of the evidence is technical, there is often a serious case of cognitive dissonance. This is the case in Judge Rothe-Seeger's ruling in the Ritz case.

I am not a lawyer, and make no comment about the merits of the behavior of Mr. Ritz. I am, however, a network engineer, and someone actively involved in information security, particularly using DNS.

In ruling that querying a nameserver that was configured to provide a zone transfer for a list of all the hosts in a zone illegal, Judge Rothe-Seeger has demonstrated a fundamental misunderstanding of the technical design of the Internet, not just of DNS, but of ALL the applications and protocols. Further, the comment that Mr. Ritz's querying and republication of the public WHOIS data "without Network Solutions permission" was illegal also completely misunderstands the nature of Whois data.

What the judge has done is, effectively, to say that each person who asks a public server for information that it is explicitly designed to provide to all and sundry needs to get specific permission for that content from that publisher. This is completely at odds with how the Internet works. The Internet is designed in such a way that servers provide content to anyone who asks, unless the owner has configured the server not to do so.

Sierra could easily have prevented zone transfers from their name servers if they so chose. If they did not do so, then the presumption is that they intended to allow it. There are many very good reasons why a service provider would want their zone to be transferrable, and by configuring their nameservers in that way, they were, in effect, doing the same thing as someone leaving a stack of maps out in public, for all to take at their leisure. What the judge has ruled would be analogous to finding a crime when someone took a copy of an ad that included a layout of a house from a realtor's office.

The WHOIS data, on the other hand, is public record BY DESIGN. It is part of the basic design of the DNS that you be able to find out who the registrant for a given domain is. How else are all the legal remedies for copyright infringement, illegal content, abuse of service, etc. to be exercised if there is no way to find out who to serve notice on and in what jurisdiction they reside?

It is clear from Judge Rothe-Seeger's bio that she has little or no experience of life beyond North Dakota. It is also clear from her ruling that she has little or no understanding of the Internet. Based on her age, it is time for the judge to retire, as she clearly fails to understand the world in which she now lives.

Labels: , ,


Post a Comment

<< Home