Spammer Can't Have Accuser's Hard Drive

Bennett Haselton writes "Parties have reached a settlement in Joel Hodgell vs. EFinancial LLC, an anti-spam case in which I got involved because after Joel sued the defendant over spams he had received, the defendant asked the judge to make Joel turn over a copy of his hard drive." That might not sound that strange until you realize that the case in question was over webmail that was obviously never actually stored on his hard drive. And the witnesses knew it.

This was a pretty silly request because Joel was suing over spams he received at Hotmail and Yahoo Mail accounts, e-mails which were never stored on his hard drive at all. I think the absurdity of it stands as a good example of what you should be prepared for if you try to take a spammer to court, even if you're represented by a lawyer.

Joel had originally sued the defendant for 49 separate spams under the Washington anti-spam law, RCW 19.190. I generally support anti-spam plaintiffs since I've been one myself a few times. When I've written about this before, a lot of people have wondered if the hourly returns were really worth the amount of time you put into it. I should have made that more clear; even after factoring in clerical errors and judicial bias, the answer really is Yes. Once you get a feel for which spammers and telemarketers can be easily tracked down, and which ones are likely to have money, you have a decent chance of getting a settlement for $500 or more for less than an hour's worth of work, if you do it right , e.g. requesting the forms by mail instead of going downtown to stand in line. (The case takes months to move through the courts, but it's possible to keep your total amount of work spent under 1 hour.) And if you're in Washington, and the same spammer sends you a large number of spams and you save them all, then you have a shot at an even larger prize if you're willing to split it with a lawyer. (Lawyers often work on contingency, after all, and they won't take on the case if they don't think there's a good chance of getting paid.)

But in Joel's case, the defendant had hired their own expert witness, Larry G. Johnson, who wrote a declaration in which he acknowledged that the mails were Yahoo and Hotmail messages, and still said that the only way to determine the "authenticity and source" of the e-mails Joel was suing over, was to get a mirror copy of Joel's hard drive. After Joel showed me that declaration by their "expert witness", and re-iterated that he was suing over Yahoo and Hotmail messages that never touched his hard drive, I volunteered to write my own expert witness declaration for free pointing out, basically, how skull-crushingly stupid the defendant's request was.

At first, I tried looking for some alternative interpretation that might make their request seem less absurd. Johnson's declaration technically requested a copy of "the computer storage media on which the purported emails allegedly reside (e.g. hard drives, CDs, DVDs, floppy disks, etc.)". Perhaps by this he meant that he wanted a mirror copy of one of the hard drives at Hotmail or Yahoo? (Knowing, of course, that they'd fight it to the death, and the case could drag on for years?) But no, the order drafted by the defendant for the judge to sign, said "Plaintiff is ordered to allow Defendants inspection of its computers, computer storage media and subject emails as outlined in Defendants' CR 34 Request for Production and Inspection" -- Joel's computer specifically, not Hotmail's RAID array.

I also said publicly at the time that the real outrage was that their "expert witness" could make this statement when there was no chance he believed it. Larry Johnson's CV lists his credentials: educated at Harvard, admitted to the bar and licensed to practice law in Washington, doing computer consulting for 21 years, and (really) appearing in a movie called "Easier Said" as "Sheriff Tiny". And here he was making a statement, under oath, that could be refuted by a reasonably computer-literate 12-year-old. Not just outrageous that he said it. Not just that he got paid for it. (Actually, that doesn't make me too mad, because it was the spammer who paid him, so it was just transferring money from a full-time societal leech, to someone who is usually gainfully employed and merely amoral.) Outrageous that in the best-case scenario the judge would just ignore the testimony, instead of fining him or putting him in jail, which is what is supposed to happen in theory if someone gets caught lying under oath.

Well, one constant in this business is that the record for Biggest Judicial Outrage in the History of the World gets broken every three weeks.

On June 9, 2006, Judge Richard Jones of King County Superior Court signed the defendant's order commanding Joel to turn over a mirror copy of his hard drive to Sheriff Tiny. Which in practice meant: turn over a copy of your hard drive, or drop the lawsuit, or spend thousands more on an appeal.

I tell people this and I find they can't really believe a judge would go along with a request like that, they think I must be leaving something out. So I urge you to follow the links to the documents above. The defendant asked the judge to sign an order permitting inspection of Joel's hard drive, I wrote a response saying it was bogus, the judge signed the order anyway, and that was really all there was to it.

The way that Washington lower-court judges have handled anti-spam cases so far has been interesting. My experience has been that many of them don't take the cases seriously, but they usually try to find an obscure legal technicality on which to reject the case; probably they don't want a few victories to bring everybody out of the woodwork clutching a copy of their most recently received porn spam. (For example, one judge said the statute only allowed you to "recover" up to $4,000, and claimed that wouldn't apply in my anti-spam cases because I hadn't lost any money. However, in legal jargon, including some Supreme Court cases that I cited, the word "recover" is often used to mean simply taking something from another party, not necessarily something that you've lost. And anyway I doubt that the legislature, when they specified $500 in damages per message, intended for people to first have to prove that they'd actually lost $500.) I think most judges figure that if anybody tries to complain about their treatment in the courts, people's eyes will glaze over at the discussion of the legal technicalities, and it will just sound like someone complaining because they lost.

But once in a while a judge fudges an issue that involves no arcane legal jargon and that everybody can understand. If someone sues over spams received at Hotmail and Yahoo accounts, and a judge makes them turn over their hard drive, that doesn't have enough of an eye-glaze factor. People hear that and understand what it says about the courts.

Still, the judge's ruling stands. Lawyers have a saying that if a judge rules the sky is green, there's not much you can do about it unless you're willing to spend a ton of money.

Uhhh...

[Peyna]

webmail that was obviously never actually stored on his hard drive

Yeah.... all of those websites you visit and all of the data that comes with them is never stored on your hard drive.

Re:

[tpjunkie]

Are you kidding, did you skip the above article, or are you the "expert witness" hired by the defendant?

Webmail that is accessed via a web browser is not something thats going to be cached, so what the heck are you saying?

Re:

[LiquidCoooled]

Using Internet explorer (on windows...) go onto hotmail and read a few emails.
Then go into your internet cache and find the pages.

They exist.

Re:Uhhh...

[Rob the Bold]

Using Internet explorer (on windows...) go onto hotmail and read a few emails. Then go into your internet cache and find the pages.

How do you know he uses Internet explorer?

How do you know he runs Windows?

How do you know he doesn't have a crazy diskless webstation of some kind?

How do you know he doesn't read hotmail at the library?

How do you know he doesn't read hotmail on your computer?

How do you know he didn't read the email on his mobile phone?

How do you know he owns a computer?

So you see, receiving web mail doesn't necessarilly mean caching (not storing, but caching) the message in the Internet explorer cache on a Windows PC. He could have printed that spam using an impact transfer ribbon-type printer. By your logic, the defendant could ask for all his old printer media. The demand that he produce his hard drive contents is, like you post, a red herring.

Re:

[Peyna]

So you see, receiving web mail doesn't necessarilly mean caching

It doesn't mean the opposite either. If there is a chance he might recover something useful, he should get access to the hard drive. Welcome to the world of civil discovery.

Re:

['nother poster]

Ummm. I believe you meant fishing expedition there. ;)

Re:Uhhh...

[Brian See]

It doesn't mean the opposite either. If there is a chance he might recover something useful, he should get access to the hard drive. Welcome to the world of civil discovery.

That's not entirely true. Just because something MIGHT contain relevant evidence doesn't mean that it's automatically going to be within the scope of civil discovery. The revisions to the Federal Rules of Civil Procedure that will go into effect in a month specifically provide that absent "good cause", you don't have to produce data that is "not reasonably accessible due to undue burden or cost".

There's lots of wiggle room in those words, but in the example above, taking a look at printer ribbon wouild be unduly burdensome in most cases. (Technically, printer ribbon isn't "electronically stored information subject to 26(b)(2)(B), but that's pretty esoteric.) More to the point, in many cases items in the browser cache or in unallocated space on hard drives will NOT be "reasonably accessible" and thus is NOT within the scope of civil discovery (absent a showing of "good cause").

IAAL and I do this stuff for a living.

Re:Uhhh...

[ClassMyAss]

If there is a chance he might recover something useful, he should get access to the hard drive. Welcome to the world of civil discovery.

Um, no. That's just not the way it works. There is always a chance that if given access to a person's hard drive their courtroom adversary will find something useful. Do you seriously mean to suggest that if any person enters into IT related litigation they should be automatically required to offer a copy of their hard drive to their opponent? Because that's where your logic leads. This case has absolutely nothing whatsoever to do with what is on the plaintiff's hard drive, given that all the relevant evidence exists on a webmail server.

An analogy: if the government was prosecuting an child pornography case, and the defendant's website had kiddie porn up, it would be absolutely ludicrous for the defendant to request a mirror copy of the government computers used to find said kiddie porn under the theory that there might be something useful in the cache. It's irrelevant, it's distracting, and it's clearly being used in the current spam case as an attempt to intimidate the plaintiff.

Also (relating to the article, not this thread), shouldn't the title read "Spammer Can Have Accuser's Hard Drive," given the results of the ruling, or am I just too high on a coffee buzz to read properly?

SCO - Pint Sized!

[Ahnteis]

Let us examine everything you own. You might have done something wrong!

Re:

[LiquidCoooled]

I am not a red herring but I am wrong (I'm more like an angry sea bass)
I had outdated information on the cachability of hotmail mails (i posted an explanation a few minutes ago as a reply to my original post).

You are 100% correct about all the other methods and the only possible detail the spammer could require are the mail headers which are available on any device which downloads a view of the mail.

It is all just a stalling tactic.

Re:

[ZachPruckowski]

Yes, but that doesn't help with determining the authenticy or source of the email, does it? That might prove that they were read, but unless he had read them pretty recently, they're not going to be in a cache (assuming he does a lot of browsing and/or cleans it regularly.

Re:

[MCraigW]

but unless he had read them pretty recently, they're not going to be in a cache

I happen to set my browsers caches to a RAM disk, and I wipe my paging file at every shutdown. So I would have had to have read those emails very recently.

Re:

[GoMMiX]

Interesting, I had no idea that viewing a message body and parsed headers on hotmail would actually store the entire unaltered message, headers included, in my browser cache.

That, of course, is ignoring the fact my browser cache is cleared each time I close the browser.

I guess I learn something new each day. /sarcasm

Re:

[varmittang]

Well, when you browser empties the cache, it doesn't mean the data is deleted to the point it can't be recovered. It just means the computer thinks the space is free for use. So your viewed hotmail, yahoo emails can be recovered long after you viewed them.

Re:

[deathy_epl+ccs]

Well, when you browser empties the cache, it doesn't mean the data is deleted to the point it can't be recovered. It just means the computer thinks the space is free for use. So your viewed hotmail, yahoo emails can be recovered long after you viewed them.

If the defendant had been ordered to hand over his physical hard drive, then your statement might have some validity. However, he was asked to hand over a copy of his hard drive. A copy of a hard drive, even an image, is not likely to reflect sectors th

Re:

[zippthorne]

dd if=/dev/hda of=crazybigimage.img

It is just as good as turning over the hard drive itself in regards to recovering freed, but un-overwritten data. Did you mean that the image is unlikely to reflect previous states in sectors which have been overwritten with new data?

Re:

[deathy_epl+ccs]

I was referring to most imaging tools that I've used on Windows, though my actual expertise lies in a different realm so I imagine there are imaging tools available that would allow a forensic analysis of his hard drive. It didn't appear to be so carefully worded, though.

Re:

[Brian See]

I suspect that when most judges and lawyers talk about producing a "copy" of a hard drive, they mean for a bitstream image of the drive (in other words, "dd if=/dev/hda of=crazybigimage.img"). Because that's what law enforcement agencies so commonly do, absent a clear understanding with the other side, I would be really reluctant to make any other assumptions.

Absent such an understanding, being ordered to "produce a copy" of the drive and only producing, say, a Norton Ghost image of the drive, is likely to

Re:

[GoMMiX]

True, perhaps. However, the defense request and court order were for a copy, not a forensic analysis of the drive.

Now, were the orders for a forensic analysis of the drive to be ordered - that would be different. The order is vague, and simply refers to the defendants request. In the defendants request they ask merely for a copy of the files.

Really what this was about was posturing. The defense was betting it could find something it could use as leverage about the plantiff. Not determine authenticity of the

Re:Uhhh...

[LiquidCoooled]

oooops

I just tried to put my money where my mouth was.

I fired IE6 up went to hotmail and read a mail.
After closing its no longer there.
They must have changed something fairly recently (ie since I started using firefox) because they used to be there for all to see.

MOD PARENT UP

[networkBoy]

At least he admitted he was utterly wrong :-)
that deserves a couple mod points for informative ...
-nB

Re:

[Sierpinski]

Using Internet explorer (on windows...) go onto hotmail and read a few emails.
Then go into your internet cache and find the pages.

They exist.

You're wrong, thank you, drive through.

I explicitly turn off all web caches the second after I install them, because I always want to make sure I have a fresh copy of whatever I am browsing. No cache here, don't assume everyone is as big of an idiot as you are.

Re:

['nother poster]

No one deserves to get spam! Well, except other spammers. And they also deserve to be excluded from the No-Call-List. Oh, and they need lots and lots of unsolicited junk snail mail also.

And one more thing. They need annual IRS audits that continue for 5 years after they stop spamming. Just to be sure.

Re:

[KillerBob]

Actually, I think he was going for sarcasm. He probably should have used italics instead of bold face on the word "never", but meh.

It's a ridiculous request. And more importantly... among the information stored on his hard drive, theoretically, is his address book. Spammers pay big money for known-good e-mail addresses.... (well, used to. not so sure about that since they started using dictionary attacks)

Re:

[UbuntuDupe]

Well, as a non-(inner-workings-of-email)-savvy guy, it just seems like a moot point. Even if it was stored, so what? The lawsuit has long since started, and the plaintiff's hard drive was not seized at that time. So he's had plenty of time to manipulate his hard drive to add or delete anything he wants, right? So what's the point of admitting it as evidence, when it can't really prove anything?

Some lawyer can probably fill in the blanks about chain-of-custody issues.

Missing the point...

[Vellmont]

Assuming for the moment that the email was stored on the plaintiffs HD (it isn't), then it's the defendants job to find any evidence that still exists on the HD. It's true that there will likely not be anything on it that's relevant to the case, but the defendant should have a right to determine that.

Re:

[UbuntuDupe]

Actually, I think it should be decided by which side has the most power. If the plaintiff is wealthy, yeah, string him up. But if the plaintiff is poor, he shouldn't have to provide shit.

Right? Isn't that how you think it should work?

Re:

[j00r0m4nc3r]

Did he say "all of those websites" and "all of the data" that the guy visited? No. He said specifically webmail from specific vendors, which in all likelihood is never cached on the user's hard drive.

Re:

[Smidge204]

Two problems:

First problem is, sites like Yahoo! mail and Hotmail use a lot of Javascript to render the message. (Especially GMail which uses nothing but AJAX.) When you visit a site, your browser downloads the javascript code and base HTML and caches it. However any additional data the javascript downloads, and any modifications to the HTML the script makes, are NOT cached.

Second problem is: <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">

In either case, the data never touches the hard drive exce

Re:

[xoyoyo]

>>Second problem is:

That's not what no-cache means. No-cache means that the caching client cannot use its cache to handle any subsequent requests without revalidfating with the server, so any further request to the same URI must be checked against the server. If the rtesponse from the server effectively says "your cache is valid" then it *can* use the cache.

See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14. html#sec14.9.1 [w3.org]

no-store is the directive that is *supposed* to prevent storage of the respo

Re:

[makomk]

That's not what no-cache means. No-cache means that the caching client cannot use its cache to handle any subsequent requests without revalidfating with the server, so any further request to the same URI must be checked against the server. If the rtesponse from the server effectively says "your cache is valid" then it *can* use the cache.

In theory, that may be the case. In practice, I'm not sure if anyone bothers caching a no-cache response - especially as they're generally generated by server-side scri

Re:

[Himring]

I'm rather shocked that CT made that statement. Surely he is not saying that web pages are not written to the drive. Well, no, that's exactly what he said. This is computer geek-stuff 101....

Re:

[account_deleted]

Comment removed based on user account deletion

t's about billable hours

[budgenator]

Don't you guys know anything about SMTP e-mail headers?
of course we do and so does everyone involved except the judge and maybe the defendant, but that's not what it's about. It's about billable hours and if the lawyer/computer forensics expert (Larry G Johnson) gets to poke around a computer hard-disk for a couple hours, he's $600.00 richer and his client (the alleged spammer) is $600.00 poorer and the plaintiff is wondering if the $500.00 he might win is worth the feeling of being so violated.

Re:

[milamber3]

I see you have some skill at making important words bold. Too bad you don't have any at RTFA. Let me quote the part you should have read and make bold the important word which makes your whole post worthless dribble in regards to the actually point.

"still said that the only way to determine the "authenticity and source" of the e-mails Joel was suing over, was to get a mirror copy of Joel's hard drive.?

Re:

[Technician]

Yeah.... all of those websites you visit and all of the data that comes with them is never stored on your hard drive.
--
What?

When I'm in paranoid mode and running a live CD, that is exactly the case. I would love to hand him a copy of a screen capture of the offending e-mail displayed in firefox on the Ubuntu Live CD along with a copy of Ubuntu live CD.

Re:

[GuyverDH]

Don't forget that the most commonly used (by less technically inclined people) e-mail client, outlook express, would download and store hotmail web-mail just as easily as it did pop3 / smtp mail.

http://www.microsoft.com/windows/ie/ie6/using/howt o/oe/setup.mspx/ [microsoft.com]
http://help.yahoo.com/mail/pop/pop-06.html/ [yahoo.com]
http://mail.google.com/support/bin/answer.py?answe r=13276/ [google.com]

Yes, they are USUALLY web only mail servers, however, as shown above, they can ALL be configured by the user to be used locally on their computer.

Re:

[geoffspear]

Of course, the conclusions are obvious: the plaintiff simply needed to submit a linux boot CD to the courts in order to satisfy their demand.

Unless he actually does use the setup you describe, no it wouldn't. And he could get some serious jail time for fabricating evidence.

Re:

[budgenator]

if the spam was still in his folder at hotmail, yahoo ect, all he have to do is boot up knopix and access them problem solved; I'd even save copies as html and as source of the viewed page burnt to a cd to include.

Technicality?

[montyzooooma]

It's going to cost a certain amount of money to mirror a harddrive (say 60-70 dollars for a medium size drive and maybe 40 tops for commercial software. Not that bad. I assume they're trying to draw into question whether the email was ever received and will use the mirror to prove no copies were ever stored on the drive. Is it spam if you don't store it on your computer? (Obviously I still think it is but the law's a twisty thing if it hasn't been bolted down.)

Re:

[Ash Vince]

More likely is that they were looking for something illegal (MP3's, etc) on his hard disk they could use to make him drop the case.

Knoppix

[Anonymous Coward]

So you cheerfully hand over your live CD with Knoppix.

Mod Parent Up Funny!!!

[Fallen Kell]

Oh come on. I would seriously consider this myself. The request in itself is assinine. You can easily boot up the computer with Knoopix, log on to hotmail and yahoo and view the spam. Once you do that, technically, it is the system you viewed and recieved the spam on. If however you deleted the mail already, well I suspect your case is screwed anyway.

Why no counter requests?

[RichMan]

Why were there no counter requests for
1) copy of hard drives of all spammers computers
2) list of all online identities and accounts used by spammer in last year

If they make it hurt for you, hurt back.

(I have been watching the SCO case)

Re:

[surprise_audit]

IANAL, but I'd say that you run the risk of pissing off the judge unless you can come up with a reason that at least *looks* sensible, such as with this spammer. I mean, all of us know it's a stupid request, designed to waste time and try to put the accuser off, but to a non-technical judge, it could looks reasonable. Now, why would it be reasonable to demand copies of the spammers hard drive??

Re:Why no counter requests?

[tinkerghost]

Off the top of my head, so that you can identify all of the addresses/messages he has sent out .... perhaps employing that data in a class action suit against him ....... how many emails did he sent off - $500 each - class action status --- that would eat him alive.

Re:

[twoshortplanks]

The only way to know what the emails in this case actually look like and what information that they in fact contain is to view them in the computer enviorment in which they were generated or received.

From Larry G Johnson's declartion (linked from the above text.) Ergo, I'd argue that quid pro quo is perfectly fair. If they want his hard drive (where it was received) I'd argue that we should also get to see where they were generated.

Re:

[surprise_audit]

Sounds good to me. I'm in!! :)

Re:

[budgenator]

I'm sure that Larry G. would love to bill the plaintiff $300.00 an hour to do forensic analysis to the defendant's hard-drives on the 20-30 computers he probably owns.

Re:

[deadmongrel]

Good Point. Also why can't we go after the hosting services which provide hardware for spammers? Having said that I wonder how much it cost to sue the spammer? Sometimes its cheaper to hit delete.

Re:Why no counter requests?

[XSforMe]

Playing the dumb game is a slippery road, and there are certainly many ways to outdumb the dumb:

1. Get a new hardrive (extra points for a non-standarized interface).
2. Install an obscure OS (GNU-Hurd, BeOS, etc) on a non NTFS partition. Make sure to boot into text mode by default!
3. Install lynx and visit Hotmail and Yahoo.
4. Enjoy the spammers and his hollywood expert witness expresion when booting!

Alternatively, buy the following auction at ebay: http://tinyurl.com/yjhav2 [tinyurl.com] . I'm certain you'll know what to do next. =)

Re:

[Achromatic1978]

Great idea. Are you a lawyer, or do you just advise people to break the law on Slashdot?

Re:

[Achromatic1978]

Contempt of court would be if you were lucky.

I'd be thinking along the lines of 'perjury' or 'attempting to pervert the course of justice'.

Re:

[MCraigW]

1) copy of hard drives of all spammers computers

It seems to me that you should have the originals seized to prevent tampering with, or deletion of, the evidence.

Re:

[Associate]

Alternatively, he could check his mail from a good number of different machines. Then he could request clarification as to which hard drive, some of which he doesn't own, he has to clone and submit. He could also bring up things like dumb terminals, the afore mentioned knoppix live CD, terminal services, etc.

Re:

[kabocox]

Why were there no counter requests for
1) copy of hard drives of all spammers computers
2) list of all online identities and accounts used by spammer in last year

If they make it hurt for you, hurt back.

This is an excellent idea. The lawyer could easily make it class action on behave off all the residents of that state that recieved spam from the spamer and there shouldn't be much that the spammer could do about it. If the judge had half a brain, he'd smile and nod and force the spammers to turn over a copy of

Err, yeah...

[Otter]

Well, one constant in this business is that the record for Biggest Judicial Outrage in the History of the World gets broken every three weeks.

Move over, Dred Scott, and make way for Subpoenaed Hard Drive Guy!

Incidentally, perhaps given Subpoenaed Hard Drive Guy's Buddy's vast knowledge of computing, perhaps he could have put this on a web page and submitted a link?

If I where the defendant's lawyer

[cucucu]

I would ask from Yahoo Mail or Hotmail that they turn over a tape containing an image of their customer's inboxes in the datacenter.

But fortunately I am not a lawyer!

Re:

[cucucu]

Yeah, I should have read that that's what the poster thought. But I didn't completely read TF post.

Lawyers have such a love for verbosity, and we programmers are so impacient and have no time to read TFA, not TFM, not TF anything.

How old was the judge?

[b0s0z0ku]

And how technically savvy was he/she? Most judges don't have education in technical subjects, you know, so he/she might not have had a full understanding of the technology at hand. Sounds like a bad ruling by an ignorant (but not necessarily malicious per se) judge.

-b.

Re:

[Peyna]

And how [legally] savvy was [the OP]?

Rules of civil discovery are intentionally very liberal. There are many situations where pertinent information to the lawsuit that is discoverable could have been on his hard drive. Or should we just take his word that there are no copies of any of these messages on his hard drive? There are many possible circumstances where copies of the messages COULD be on his computer hard drive, and that alone should probably be enough to let the other side have a look.

Re:

[dwandy]

And how technically savvy was he/she?

Which raises the question of what the qualifications for a judge should be.
We certainly can't expect them to be absolute experts on every subject: that's why there's expert witnesses.

While (as the article said) any 12-yr old knows the request is bogus, it really just means that the judge believed the expert witness of the defense at least as much as the expert who submitted TFA, or at least sufficiently that the judge didn't want to worry that the defense would be ab

Re:

[b0s0z0ku]

Which raises the question of what the qualifications for a judge should be.

Yep. Remember that this was a *county* court judge. At least in New York State, outside of New York City and a few neighboring counties, county judges and magistrates aren't even required to be attorneys nor to have passed a test comparable to the bar exam. And they're often elected in one-candidate elections because no one really wants the job - there's not much pay nor fame in it.

-b.

Re:

[Midnight Thunder]

How can we expect an average law person to be technically savy, when your average tech guy if not usually savy about the legal system.?

If all else fails

[thejrwr]

It's Catch 22

I don't know

[initialE]

1. Maybe they are looking for evidence that you've solicited their spam. That could be on your hard drive
2. They're trying to pry a settlement out of you. People keep lots of personal stuff on their Hard drives, that's why they don't like giving copies away

Article Title makes no sense

[OverlordQ]

Ok the title of the summary says the "Spammer can't Have Accuser's Hard Drive", but the entire summary says "Well he was ordered to turn it over, and as much as the judge, witness, defendant are asshats and idiots,the ruling stands". So where the fuck does the can't come from?

Re:

[Kandenshi]

Indeed =\ My best guess is that the proposed title "Webmail Spammer Shouldn't Have Accuser's Hard Drive" was rejected as being not-at-all-interesting-and-kind-of-self-evident. Not the stuff that generates clicks.

Re:

[Erasmus]

The last date mentioned in the article was in June. Perhaps they cut off the end of the story?

Re:

[RedHat Rocky]

Note that Taco put it from "the they-should-have-said-please dept".

Editorial commentary where it doesn't belong, but hey.

Re:

[gclef]

They settled, ending the case without discovery finishing, so the judges order didn't have to be followed, since it was a moot issue.

Yes, the title's stupid.

Re:Article Title makes no sense

[gbjbaanb]

no, the title is misleading and poor journalism, plus poor editorial control (ie NO editorial control - did the editors RTFA?)

Perhaps its time to give editor points away, like mod points, to people who actually care about the quality of the stories they read and not just click 'accept' or 'reject' randomly.

Re:

[Stanistani]

Parties have reached a settlement in Joel Hodgell vs. EFinancial LLC

Maybe from the fact the case was settled?

Re:

[spyrochaete]

Maybe from the fact the case was settled?

Well, the title says "Spammer CAN'T Have Accuser's Hard Drive", but the spammer was indeed allowed access. The only reason why the spammer DIDN'T have access to the hard drive was because there was a settlement. Therefore the title remains completely inaccurate.

Re:

[Stanistani]

Certainly the article was not clear on whether the hard drive mirror was ever made, and handed over, or not. It would have been nice to know, as that WAS the headline.

$%&!#@ /. editing...

Don't be so outraged... just use your rights...

[Anonymous Coward]

If you feel entirely convinced that the "expert witness" demonstrably lied under oath, use your right to make a citizens arrest, and formally charge him with perjury. Lying under oath is a crime.

Re:

[berzerke]

Lying under oath is a crime.

Yes, but only very rarely gets prosecuted, so there is little deterrent, but lots of potential gain. Hence it happens a great deal. One thing I learned while doing law enforcement is that laws without enforcement and meaningful penalties are worthless.

Re:

[Maxo-Texas]

So is admitting under oath that you used a weapon when you are a convicted felon.

The judge, prosecution and defense didn't even blink an eye when a witness on an arson case made this statement.

Bottom line:
Now, and maybe always, the law is selectively enforced.

Usually so it can be cost effective and catch as many bad guys as possible.

But you cross the wrong people, and it is going to selectively enforced against you to punish you.

We are all breaking various laws constantly every day. (You think not? You ne

Addresses on that harddrive

[Jotii]

I wonder how many new email addresses that the spammers can extract from that harddrive. They're probably hoping for Joel to forget about all the stored passwords, too.

Re:

[kalirion]

Enough to cover their settlement fee?

Spam to feed retirement?

[Salvance]

And all this time I've been deleting spam I could have been using it to fund my retirement! Not sure what the wife will think when she logs into our joint e-mail account and finds a folder called "Special evidence" filled with Viagra and Penile enlargement ads though.

Hello, hello, look what we've found!

[Channard]

'It's kiddy porn! Your honour, the plaintiff is clearly a kiddy-fiddler of Gary-Glitteresque proportions. The fact the material was only found on the hard drive after we got our hands on it is purely co-incidence.'

I'm only half kidding with this.. it wouldn't surprise me if they were looking for anything to slander the plaintiff with, or to at least muddy the waters of the case. Illegally downloaded music, etc..

Re:

[Silver Sloth]

This is the natural outcome of a confrontational legal system. Lawyers are proud of getting verdicts that are contrary to the truth, but in their clients best interests. This makes going to court an extremely unpleasant experience for us mere mortals who have not sold our souls to Satan

You are wrong.

[hoggoth]

Nice long tirade you have there. The only problem is you are wrong.
There is a fairly good chance that at least some of the web pages viewing those webmails are recoverable in swap space, file slack space, and unallocated space.

Re:

[JMZero]

Yes, they probably would be able to find some spam chunks there. But what exactly would that prove?

And if they found nothing, what would that prove?

Re:You are wrong.

[Brian See]

There is a fairly good chance that at least some of the web pages viewing those webmails are recoverable in swap space, file slack space, and unallocated space.

Those of us who have dealt with swap space, slack space and unallocated space understand what MAY be found there. I think there is certainly a way for a lawyer to say, "Judge, we have some screencaps / printouts of emails and there's some question as to whether or not they're genuine. We want more evidence to test their authenticity and to re-create how they looked." Alternately, they might want to search for evidence in the browser cache or evidence that they're forgeries.

But does that mean that the "only way to reliably know" what they looked like is to do the forensic analysis? Or that it is "necessary" to do this "[i]n order to determine authenticity and source"? All of this evidence might have been planted by the CIA or by some hacker in Kazakhstan. Good luck trying to explain that to a judge not interested in technical details.

What a lot of tech folks (and lawyers) lose sight of is that there's a cost-benefit analysis to all of these decisions. Might there be some fragment of data that's relevant, that would tend to prove or disprove authenticity? Of course. But does whatever the other side stands to gain from this discovery justify the cost and burden that will be incurred?

IAAL and I do this stuff for a living.

Out of the woodwork, friends!

[kthejoker]

From the top:

probably [judges] don't want a few victories to bring everybody out of the woodwork clutching a copy of their most recently received porn spam.

To which I can only say - let's come on out anyway! That's the point of these statutes - if everybody clogged the judicial system as much as spammers clogged our inbox, someone might do something just to get us off their backs.

And after all, filing lawsuits is a legal right - sending spam is illegal. So we have the upper hand in both regards.

Ex police officers.

[Anonymous Coward]

I also said publicly at the time that the real outrage was that their "expert witness" could make this statement when there was no chance he believed it.

I work in computer forensics, have submitted affidavits to court and appeared as a witness to be cross examined on my findings. It actually would not surprise me that a computer forensics expert witness might not actually know what he's talking about. Almost every computer forensics person I know who work on the biggest cases, are actually ex-police detecti

Re:Ex police officers.

[Brian See]

It actually would not surprise me that a computer forensics expert witness might not actually know what he's talking about. Almost every computer forensics person I know who work on the biggest cases, are actually ex-police detectives with some computer training. They have a habit of strictly adhering to "best practices" in their computer forensics investigations, because that is really all they know.

IAAL and my practice is 99% electronic discovery consulting.

Part of the theme that I saw (and was disturbed about) in the original affidavit was the suggestion that the "only" way to prove authenticity was to conduct a forensic examination. I've seen some vendors that are so used to conducting these types of examinations (and indeed have a financial incentive to do as many as possible) that they fall into this trap pretty easily.

So let's say that I'm in a routine contract dispute where the conduct in question happened three years ago, and I have a screenshot of an email message. And the original email message was deleted from the server and the laptop three years ago. How many forensic experts would suggest that we MUST take a full disk image to "prove" authenticity? Is there a 1% chance that a fragment of that original message might exist in the unallocated space? A 10% chance?

The problem is that to make a decision about HOW you go about "proving" authenticity and using the information at trial, you need to educate both the lawyers involved AND the judge invovled regarding what these technical terms really mean -- and what the associated costs and likelihood of finding something useful really is.

the computer-literate 12-year is wrong

[xoyoyo]

I'm all in favour of making spamming unprofitable: it's the only way we're going to get the scum out of business. However it helps if you are right in both legal and technical respects before getting involved.

The OP is wildly - and legally dangerously wrong - in both his post and in the Declaration he provides. Other people in this discussion have provided ample evidence that yes, your mails are stored on your hard-drive, not deliberately (as in a POP3 client way) but through caching mechanisms. Even if th

Don't settle, use the Cache Luke.

[passionplay]

Well, IMHO, IANAL, but I would have done the following:

Go into Internet Explorer. Go to tools|internet options|Termporary Internet Files|Settings.
Set the "Amount of disk space to use" to a 10G or so.
Go and open every spam email.
Clone the hard drive.
Send it to the judge.
Voila.

You could have defeated any intent to have the case dismissed by the "expert witness" by doing something very simple.

"Let the Cache flow through you"

Use a Public PC?

[dbretton]

Why not simply go to your local library and access it through a PC there? Or, for that matter, access the files from a PC located in the courtroom building (if one is available)?

Use a library

[ghostlibrary]

Hmm... if suing a spammer, I'd recommend reading their emails via a browser from a computer at a library. Sure, maybe you read them elsewhere, but for the purposes of your complaint, go to the library and read them there, and mention that as your complaint. "I received spam, when I was checking my email as I often do via the PC at the library."

Then, if they need 'the hard drive', it's up to the ALA to fight it, and that's a fight no judge wants to start.

Re:

[hxnwix]

As the plaintiff has only provided screenshots of webmail sites displaying the spams in question, and as the judge feels that these are insufficient and that further discovery by the defendant is warranted, attempts by the plaintiff to stand behind the ALA would likely result in the dismissal of his case.

Judge round-filing case?

[Nefarious Wheel]

Is this just a situation where a judge is s*canning a case because he (a) knows that Yahoo or Gmail addresses are the equivalent of a blind P.O.Box address for a business, (b) knows the complaintant can just set up another email account when the first one's filters are clogged, or (c) has way too large a backlog of silly cases that are getting in the way of his reading Groklaw?

Vigilantism

[Suzumushi]

The best justice, is vigilante justice. Now everyone get busy!

Judicial oversight

[keraneuology]

Yet another shining example of why there needs to be a lot more oversight of the judiciary in this country. And why doesn't anybody ever file a complaint with the nice overlords of the bar? If a lawyer knowingly lies under oath go after his license.

Re:

[element-o.p.]

When you read webmail, the emails that you read are in fact stored on your hard drive, in your web browsers cache, at least temporarily.

Not necessarily. First, you can set the cache size to 0, which as far as I can tell prevents Mozilla/Firefox from writing to the cache. Second, on a *nix box at least, you can tell Mozilla only (there doesn't seem to be a way to do this in Firefox AFAIK) to write the cache to /dev/null. I did both, until I started using Firefox; now I just use a cache size of 0. Howev

Re:

[OdinOdin_]

Not with IE (or other HTTP 1.1 compliant browser), when the "Cache-Control: no-store" option is used! Or any other more restrictive Cache-Control option.

Even so, it is likely in the many months it takes to get in court that the PC cache will still have the fragments on the HDD, due to LRU. And what if you use a HTTP proxy and have IE configured for no local cache.

Even more unlikely is to find anything in SWAP space after a few days or normal usage, let alone many months to get to court.

I say the best situ

Re:

[GuyverDH]

How do forensics help if/when the cache used was RAM Disk - which is recreated each boot?

LiveCDs mentioned many times before are great for browsing with no trails left behind.

VMWare Player, using a snapshot that's reset each boot is also a cool way to browse.

BTW - Read my other post in here - where it shows that Yahoo, Hotmail and GMail can all be configured to be retrieved/stored in the users local mail using outlook express.