Terry Zink has a good post on the Ritz case

From Terry Zink's anti-spam blog: Maybe the North Dakota judge should watch more South Park...

In a nutshell, Terry comments on the judge's ruling that David Ritz was guilty, in part, because he used tools the average user wouldn't have known about; as if expertise in a subject was criminal all by itself.

Terry compares the case to an episode of South Park which is a parody of the TV series 24, but in which the kids perform their investigation with the tools already in everybody's hands.

The point being that maybe David knows what the whois database is, or how to do a zone transfer, while the average end-user (or North Dakota judge) has no clue, but the fact remains that these tools are in every internet user's hands and their use for what they were intended is not a criminal act.

And while I'm on the subject, I'd like to remind my readers that David's defense fund still does not have the money required to defend against the oncoming criminal case, let alone to appeal this inane decision.

Please take a minute and donate to David's defense fund, either at this web page or by sending a check directly to his lawyers at:

David Ritz
c/o Debra S. Koenig
Godfrey and Kahn, S.C.
780 N Water Street
Milwaukee WI 53202

Heise Security picks up the story

Anti-spammer fined for accessing DNS records of private network

UK Inquirer picks up the story

DNS zone transfers ruled illegal.

Money quote:

What worried the judge was if she didn't convict Ritz of being a hacker, then the computer crime laws in the Land of the Free would be turned on their head.

It was much tidier to make it a crime to access a server on the internet that is set up to provide that public info. It seems that no one explained to the judge what the Internet was.

Citizen Media law project carries the case

This has actually been up for months, but I just found out about it.

• Reynolds v. Falk (lawsuit)
• Sierra Corporate Design v. Falk & Ritz
  

Excellent comment on the Ritz affair

ZWithaPGGB at Slashdot has written an excellent editorial on the judge's decision in this case. I take the liberty of quoting the key part here:

When a jurist with little or no technical understanding attempts to make a ruling in a case where much of the evidence is technical, there is often a serious case of cognitive dissonance. This is the case in Judge Rothe-Seeger's ruling in the Ritz case.

I am not a lawyer, and make no comment about the merits of the behavior of Mr. Ritz. I am, however, a network engineer, and someone actively involved in information security, particularly using DNS.

In ruling that querying a nameserver that was configured to provide a zone transfer for a list of all the hosts in a zone illegal, Judge Rothe-Seeger has demonstrated a fundamental misunderstanding of the technical design of the Internet, not just of DNS, but of ALL the applications and protocols. Further, the comment that Mr. Ritz's querying and republication of the public WHOIS data "without Network Solutions permission" was illegal also completely misunderstands the nature of Whois data.

What the judge has done is, effectively, to say that each person who asks a public server for information that it is explicitly designed to provide to all and sundry needs to get specific permission for that content from that publisher. This is completely at odds with how the Internet works. The Internet is designed in such a way that servers provide content to anyone who asks, unless the owner has configured the server not to do so.

Sierra could easily have prevented zone transfers from their name servers if they so chose. If they did not do so, then the presumption is that they intended to allow it. There are many very good reasons why a service provider would want their zone to be transferrable, and by configuring their nameservers in that way, they were, in effect, doing the same thing as someone leaving a stack of maps out in public, for all to take at their leisure. What the judge has ruled would be analogous to finding a crime when someone took a copy of an ad that included a layout of a house from a realtor's office.

The WHOIS data, on the other hand, is public record BY DESIGN. It is part of the basic design of the DNS that you be able to find out who the registrant for a given domain is. How else are all the legal remedies for copyright infringement, illegal content, abuse of service, etc. to be exercised if there is no way to find out who to serve notice on and in what jurisdiction they reside?

It is clear from Judge Rothe-Seeger's bio that she has little or no experience of life beyond North Dakota. It is also clear from her ruling that she has little or no understanding of the Internet. Based on her age, it is time for the judge to retire, as she clearly fails to understand the world in which she now lives.

Chris Jester of Suavemente donates $5000

It's only fair that the really big donors get a public "thank you" on these pages, so I'd like to start the ball rolling by thanking Chris Jester of Suavemente for his generous $5000 donation.

Update: There was confusion caused by PayPal holding the donation. This has been resolved.

More coverage of David Ritz case

Anti-Spam Blog: Breaking the Law
Bricks: WHOIS lookups criminal??
Taint.org: Bad law in North Dakota

UK Register picks up the story

This one was pretty good: Anti-spammer fined $60K for DNS lookup 'hack'.

Slashdot picks up the story

Some DNS Requests Ruled Illegal in North Dakota.

Circle ID picks up the Ritz story

See Al Iverson's article in CircleID: North Dakota Judge Gets it Wrong. It's an excellent article. Al goes into some detail as to the absurdity of the judge's ruling.

Reminder: you can donate to David's defense fund at this web site.

Apalling judgement in the David Ritz case

I've been waiting with bated breath for the last few weeks to find out how David Ritz's lawsuit turned out. It turns out that the reason I hadn't heard is that the court slammed him with an unbelievable gag order. Among many other things, he's not allowed to discuss this case in detail. The transcripts have even been sealed.

Luckily, Mickey Chandler, who runs Spamsuite has been able to obtain a copy of the court judgement.

Spamsuite describes this as "12 pages of bad law". That's putting it mildly to say the least. The court has ruled, in essence, that because Ritz knows more about network administration than the average user, that everything he does with that knowledge is criminal. The court ruling is full of statements that I find frankly outrageous, but without access to the court transcripts, they're impossible to refute in detail.

I'm hoping that it will be possible to get this case unsealed so we can see what actually happened in the courtroom.

I'm also hoping that this will be appealed. I've never seen such an ignorant decision in a court case before, and this needs to be fought not only for David's benefit, but for the benefit of anybody who wants to continue using standard forensic tools in the fight against spam.

But appeal or no appeal, David's legal expenses continue to pile up. Please take a minute and donate to David's defense fund, either at this web page or by sending a check directly to his lawyers at:

David Ritz
c/o Debra S. Koenig
Godfrey and Kahn, S.C.
780 N Water Street
Milwaukee WI 53202

Intellectual Intercourse on Reynolds lawsuits

I've been waiting until after David Ritz's court case was over to discuss certain issues, but MickC of Intellectual Intercourse has brought them up in in a column he wrote yesterday. It's good stuff; take a moment to read it and then come back here ...

Are you back? Good. Here's the scoop. You may have heard the news that the RIAA is suing Usenet or something to that effect. Actually, who they're suing is usenet.com. It's an internet site which specializes in uncensored and unlogged downloads, as well as a very complete feed. From their advertising: "... its service is the best way to get 'free' music now that 'file sharing websites are getting shut down..."

Update: I'm told that the real issue isn't so much unlogged downloads as anonymized uploads.

There's more to the story, but the interesting point is this: usenet.com is owned by Jerry Reynolds. The same porn spammer who sued me and who is currently suing David Ritz. It looks like Reynolds is going to be spending a lot of time in court over the next few months, and for a change, it won't be harassing anti-spammers.

More on the story:

• Billboard: Labels Sue Usenet Service
• c|net: RIAA tries to pull plug on Usenet. Seriously.
• Tech.Blorge: Usenet.com are idiots, get sued.
• Slashdot: RIAA Sues Usenet.com
  
• Usenet.com: Free downloads

An excerpt from the usenet.com web page:

What Exactly Can You Download in Usenet? Anything and everything. Literally. There are movies, mp3s, cartoons, wallpapers, sounds, videos, pictures, warez, games, software and much more...

There's more to this case and others, but that will still have to wait until David's case is out of court. This hasn't happened yet, and David's legal expenses are still astronomical. I remind my readers that donations to his legal fund can be made directly through his lawyers at

David Ritz
c/o Debra S. Koenig
Godfrey and Kahn, S.C.
780 N Water Street
Milwaukee WI 53202

Or via Paypal or credit card.

News on David Ritz case

As I've written before on occasion, former porn spammer Jerry Reynolds filed a couple of SLAPP lawsuits against me over my old anti-spam website. In addition, he sued spam-fighter David Ritz for running "unauthorized" DNS lookups on his servers.*

Obviously David isn't really being sued over a few DNS lookups; he's being sued for being a thorn in Reynolds' side during the years when he was trying to get the Netzilla/Sexzilla porn spam operation to stop spamming.

At any rate, the trial in David's case started this week. I don't have access to a lot of information coming from the trial, but I did just receive word that plaintiff's motion to exclude David's expert witness was denied. It's not much, but it's good to know that the first news from the trial is good news.

Just a reminder that David's legal expenses are mounting. You can help by donating to his legal fund at: David Ritz; c/o Debra S. Koenig; Godfrey and Kahn, S.C.; 780 N Water Street; Milwaukee WI; 53202. Or, if you like, you can donate by paypal or credit card.

And finally, the auction for a copy of the Encyclopedia of Spam closes in just one day. Currently, the bidding is so low that the winner will get it for less than it cost me to have it bound. Here's your chance to own a very rare conversation piece. Proceeds go to David's defense fund. (Sorry, not available in North Dakota.)

---------
*For those unfamiliar with the inner workings of the internet, a DNS lookup is equivalent to calling up a switchboard and asking for a phone number. For example, if you want to call your local library, you don't punch L-I-B-R-A-R-Y into your phone, you first look up the number that belongs to the library, and then punch that in. By the exact same token, if you want to connect your web browser to library.org, you first go do a DNS server lookup to get the IP address of library.org and then make your connection. The difference is that the lookup process is done automatically for you by your browser.

That's right, every single one of you do hundreds of DNS lookups every day. You had to do one just to read this blog. Yet this is exactly what David Ritz is being sued for.

The other things David are accused of doing are a zone transfer and a whois lookup. A zone transfer is equivalent to calling the library and asking for a copy of their phone list. A whois lookup is equivalent to going to the county clerk's office and looking up the owner of a property.

Help fight a spammer SLAPP Suit — donate to defense fund

Spam-fighter David Ritz needs your help.

In previous editions of the Spam Diaries I've told the tale of a SLAPP lawsuit brought against me by spammer Jerry Reynolds.

In a nutshell, Reynolds sued me for defamation over his entry in my anti-spam website. The purpose of this lawsuit, obviously, was to suppress information about his prior spamming activities, and to extract revenge against an anti-spammer who had caused him trouble in the past. For more information about this lawsuit, see my entries About the lawsuits and SLAPP Lawsuits by Jerry Reynolds.

One issue which I've only brushed on is another lawsuit filed by Reynolds, against anti-spammer David Ritz. David is a spam-fighter of long standing, and one of the most meticulous I have ever met. If you ever need hard data on a spammer, contact David. (Just be prepared to wade through megabytes of evidence.) David has apparently been more of a thorn in Reynolds' hide than I have, so Reynolds is pursuing this case with a vengeance.

The case has been going on for more than a year, with Reynolds and his lawyer attacking viciously and repeatedly. David has been repeatedly deposed. His computers have been repeatedly subpoenaed. At his lawyer's request, we've only communicated to each other through our lawyers, so I'm not privy to everything that happened since the lawsuit against me was dismissed, but I do know that his expenses have been astronomical.

SLAPP lawsuits by spammers against anti-spammers are nothing new. Spamhaus has been sued twice. MAPS has been sued multiple times. Numerous other spam-fighters have also been sued. One of the differences here is that David is not an organization with resources or an individual with means. Unlike Spamhaus, he has no pro-bono lawyer. Frankly, I'm surprised he's survived this long.

The actual trial comes up very soon, and so I expect his expenses to increase vastly over the next few weeks.

The purpose of this entry is to ask that people give as generously as they can to David's defense fund.

Checks may be mailed to

David Ritz
c/o Debra S. Koenig
Godfrey and Kahn, S.C.
780 N Water Street
Milwaukee WI 53202

I have also created a web page where you may make donations by Paypal or credit card. This is more convenient, but a check directly to his lawyer's office will get there quicker.

Just for fun, I've created an added incentive: those who donates $500 or more will receive a bound copy of my Encyclopedia of Spam. The cost of producing this will be part of my donation to David's defense fund. This book is the source of this blog's logo.

Please give as much as you can.

I win my second lawsuit on jurisdiction!

This just in: Judge Irby has dismissed (pdf, 7 pages) Jerry Reynolds' computer crimes case against me for lack of jurisdiction.

The computer crimes case is this: Spam-fighter David Ritz is accused of computer crime for "stealing" Jerry Reynolds' DNS data by doing a "host -l" command to perform a DNS zone transfer. He's also accused — and I'm not making this up — of stealing Reynolds' Whois data.

Anyway, I was named as co-defendant because I linked to the Usenet post in which Ritz announced the results. Reynolds also obtained a TRO forbidding Ritz or myself from discussing Reynolds' servers in any way — achieving Reynolds' true goal of censoring my web page which discussed his spamming history. Armed with this TRO, Reynolds was also able to censor Usenet posts discussing his spamming activities.

As it is in the nature of lawyers to ask you not to discuss cases, I've mostly kept quiet about this one. Now that the case is no longer pending, and the TRO is no longer in effect, I have "unhidden" a number of previous posts about the case:

• Second court hearing — discusses the upcoming jurisdiction hearing on the case
• Today's court hearing — discusses how the hearing went. It dragged on forever and had to be continued. The best part was when my lawyer Kelly Wallace started tearing Reynolds' friend/sysadmin Brad Allison apart. When the questions got pointed and Allison started rocking back and forth in his chair, Reynolds' lawyer Harristhal stood up and used every trick he could think of to stop the hearing, finally obtaining success with "I have a plane to catch".
• Little bit of good news in jurisdiction hearing — Harristhal's request for more expert witnesses was denied.
• Legal documents — all legal documents are now available at rahul.net. Some are quite large (they're scanned pdfs) and most are quite boring. The high points are the parts where:
  • Harristhal quietly dropped my lawyer out of the loop and was thus able to obtain a default judgement against me.
  • The part where they admit to doing dns lookups on Ritz (which is exactly what Ritz is accused of)
  • Various conspiracy theory nonsense
  • Request for admission that I used whois. Yeah, really.
  • Request for admission from Ritz that he didn't have permission to use DNS.
  • The transcripts, which are plain text, quick to download, and kind of fun to read.
• Documentation on the forged cancels that Reynolds or someone helping him issued in order to delete all the evidence from the usenet archives that I would have used to defend myself in the defamation case.

Hmmm. Looks like I didn't write anything about the continued hearing. No matter, the transcript is available here (part 1, part 2). The second half wasn't very exciting.

After the court hearing, there really wasn't much to do but wait for Judge Irby's decision. Harristhal tried a couple of tricks in the meantime, such as insisting that our statute of limitations on opposing the default judgement had expired while we were waiting for the jurisdiction decision, but the judge wasn't buying it.

The computer crimes case against David Ritz is still pending, and I will report on this from time to time as it progresses.

Gartman and McDowell sentenced to federal prison

Rape porn spammer Tom Gartman was sentenced on obscenity charges July 27, along with his brother-in-law former Houston cop Brent Alan McDowell.

Gartman first surfaced on my radar in 1998 when he was spamming usenet with advertisements for rape and torture porn videos. Alt.sexual.abuse.recovery was one of the newsgroups he spammed.

Gartman advertised a web site hosted by Psi.net which PSI allowed to operated unfettered until at least June-November 1998 when UDP discussions begain. At that time, PSI moved Gartman to another block of IP addresses but took no other action. Finally, in early November, on the eve of a full UDP, PSI began to remove spammers, including allegedly, Gartman. In late November of 1998, Gartman posted to usenet to brag that PSI had never so much as written him a letter asking him to stop, and were in fact asking him to come back.

In 1999, Gartman attempted to sue fellow spam-fighter David Ritz and threatened to sue me for interfering with his porn spam business.

Interestingly enough, in his letter to me Gartman wrote

I have model releases and copyrights to sell these tapes.

Later it was learned that the porn he was selling had been stolen, so there was no way there could have been any model releases in his posession.

In October, 2001, Qwest was forced to disconnect his Fort Worth provider, Nationwide.net/DFW.net, in order to get their attention to make them do something about Gartman.