|
|
|
||||
|
||||||
|
Online Activism Training
Online activism often entails legal risk. This training explains legal risks of online activism through a series of hypothetical scenarios rounded out with a list of tried and true online activism techniques that are unlikely to land you in court. NOTE: Comments here are for your informational purposes only. That means they do not constitute legal advice and do not create an attorney/client relationship. Consult an attorney if you are considering anything that may engender a legal risk.
If you have comments or additions for this document, please email activist@eff.org Police at Your DoorHYPOTHETICAL SCENARIO: FBI DEMANDS LOGS FROM INDY NET NEWS The Facts: You are the manager of Indy Net News (INN), a non-profit media outlet that operates a grassroots news website on a shoestring budget. INN has only one office, and it is here in San Francisco. However, INN's dedicated team of volunteer journalists are fanned out all around the world. These journalists - along with any member of the public who chooses to do so - regularly post articles, commentary, photos, and documents on the INN website on a wide range of newsworthy subjects. No editorial control is exercised by INN prior to posting on the website. The INN website is co-located at INN's ISP, Serve The People. INN's website is visited by around half a million people each day. These connections are generally made for one of three purposes: (1) visiting the website; (2) posting items on the website; and (3) performing editorial or technical functions. INN has maintained, since its inception in 1999, a strict policy of protecting the anonymity of its website visitors and those who post items on the website - with the exception, of course, of those who choose to identify themselves by their actual names. This policy is prominently posted on the website. INN maintains log files of user connections to the INN website for the previous week, after which the records are purged from its system. But no one has ever requested to see these log files - until today, that is. This afternoon (April 16), two FBI agents arrive at INN's office and specifically ask to speak to you. When you meet them at the front door, they serve you with a court order signed by a United States Magistrate Judge and dated April 16. The order reads as follows: 1. An attorney for the United States has submitted an application to the court which offers "specific and articulable facts showing that there are reasonable grounds to believe that INN has records of electronic communication that are relevant and material to an ongoing criminal investigation of acts that would constitute the crime of theft." 2. INN is an Internet publisher of information and a provider of electronic communications service under 18 U.S.C. § 2510(15). 3. INN is ordered under 18 U.S.C. § 2703(c) and (d) to produce to the FBI electronic documents consisting of "all user connection logs" for its website IP address from April 13 through 14. The order specifically requests the following information: the IP address, the time and date of the connection and disconnection; the method of connection; the data transfer volume; and the connection information for other systems to which the user connected." This past weekend (April 13 and 14, 2002), a heavily protested meeting of Exploit The Globe was held in Los Angeles, at which the captains of industry were gathered. One of the FBI agents informs you that on April 13, someone broke into an LAPD outpost and stole documents detailing the security plans for the meeting. You realize that documents matching this description were posted on the INN website on the morning of April 13. The documents had caught your attention, and you questioned whether they were fake or stolen. You also know that INN maintains log files that contain all of the information sought by the court order and that these files are located just a stone's throw from the front door of the INN office where you and the FBI agents are now standing. This already surreal situation becomes even more surreal when the agents point out to you that the court order contains a "gag order," which directs "INN and its agents and employees" not to disclose "to the user of electronic communications service, nor to any other persons, the existence of this Order, or the existence of this investigation, unless and until otherwise ordered by the Court." The order states that there appears to be "reason to believe that notification of the existence of this order will result in destruction or tampering with evidence, or will otherwise seriously jeopardize the investigation." The order also states that it will remain sealed under 18 U.S.C. § 1665 until otherwise ordered by the court. Questions: 1. The FBI agents ask you to let them enter the premises of INN and let them have the user logs now. You ask them if they have a warrant to do so, and they say no. What should you do? 2. Can you show an attorney the order that the FBI served on you without violating its "gag order" component? Do you have to make sure that INN employees, volunteers, and agents do not violate the gag order? What will happen if INN violates the gag order? Can INN move to quash the gag order? 3. You locate the log for the specific posting in which the FBI is interested. Should you ask the FBI to narrow the scope of the order to this single log? 4. Or should you go to court and file a motion to quash the order? What are your chances of getting a court to order that INN need not comply with the order? 5. The specific posting that the FBI is interested in was posted anonymously. To what extent can you protect the identities of INN's website visitors those who post items on the website anonymously and pseudonymously? 6. Is INN obligated to take steps to preserve the requested logs? (Keep in mind that INN's logs are scheduled to be destroyed automatically after one week.) What would happen if INN were to destroy the logs in an effort to prevent the FBI from obtaining the logs? 7. How does the new anti-terrorism legislation that Congress passed in October 2001, the USA PATRIOT Act, affect the analysis of this hypothetical situation? 8. What steps can INN take to prepare itself for the future? Note: This hypothetical scenario is entirely fictitious, but it is loosely inspired by a real situation. In April 2001, the FBI served an order on the Independent Media Center (IMC) demanding the production of user logs for a two-day period. A document that had allegedly been stolen from police in Canada regarding security plans for the "Summit of the Americas," which was held in Quebec and attended by President George Bush, had been posted on an IMC website. The FBI withdrew its order in May, before any court rulings were issued on this matter. The documents that were at issue in the IMC case remain posted on the IMC website: http://montreal.indymedia.org/front.php3?article_id=514 and http://montreal.indymedia.org/front.php3?article_id=515. Has passage of the USA Patriot Act changed anything about this scenario?For INN and INN's ISP: 1. No Court order at all now needed for much non-content information. USAPA sec. 210 amends Electronic Communications Privacy Act (ECPA). Expands records that can be sought without a court order to include: records of session times and durations, temporarily assigned network addresses; means and source of payments, including any credit card or bank account number. 2. Pen/Trap expanded. Very easy court order (court "must" grant upon a minimum showing by the government) to force INN and ISP to turn over routing, addressing information, thus expressly including e-mail and electronic communications. "Contents" of communications excluded, but USAPA does not define what it includes (dialing, routing, addressing, signalling information) or what it excludes (contents). Serious questions about treatment of Web "addresses" and other URLs that identify particular content. DOES NOT SUNSET. 3. If suspected terrorist involvement or detecting spies, USAPA 215: Amends 50 USC §1862 to allow application to FISA court for an order to compel the production of any business record from anyone for any investigation to protect against international terrorism or clandestine intelligence activities (but cannot investigate a US person solely for First Amendment activities). a. No showing needed that the person is the agent of a foreign power. b. Order to a court--MUST be granted if application meets requirements c. Order won't say that it is under this section d. Persons served by it are gagged 4. Roving wiretap if FISA. USAPA §206 amends 50 USC §1805. FISA court now may authorize intercepts on any phones or computers that the target may use. The foreign intelligence authorities can require anyone to help them wiretap. Previously they could only serve such orders on common carriers, landlords, or other specified persons. Now they can serve them on anyone and the Order does not have to specify the name of the person required to assist. No requirement that request for authority identify those. Roving wiretap authority raises serious Fourth Amendment problems because it relaxes the "particularity" requirements of the Warrant Clause. 5. Information sharing between domestic and foreign authorities. If FBI warrant reveals that one of the people who posted to the INN wire service is a suspected foreign agent, even if that person was not the target of the original warrant, can turn over that information to the CIA. 6. Sneak & Peek. Expanded ability to delay target notification of search warrant. 7. Nationwide search warrant service. INN and ISP must abide by a search warrant issued anywhere in the U.S. for activities alleged to be "related to terrorism." For INN's ISP: 1. First it allows ISPs to voluntarily hand over all "non-content" information to law enforcement with no need for any court order or subpoena. sec. 212.
2. Second, it expands the records that the government may seek with a simple subpoena (no court review required) to include records of session times and durations, temporarily assigned network (I.P.) addresses; means and source of payments, including credit card or bank account numbers. secs. 210, 211.
Parody Hypothetical Scenario See: Chilling Effects Parody FAQ You have put created a protest website pointing out that a major political party, called the Republicrats, has close ties to a major international company named Blenrod that has just gone bankrupt. You register the domain name "BlenrodownstheRepublicrats.com" and include on the website:
ANSWER INFO: Question: What is "parody"? Answer: The courts have defined the word parody in the context of an Internet site. Here's what some of the cases have to say: A "parody" is a "simple form of entertainment conveyed by juxtaposing the irreverent representation of the trademark with the idealized image created by the mark's owner." A parody must "convey two simultaneous--and contradictory--messages: that it is the original, but also that it is not the original and is instead a parody. To the extent that an alleged parody conveys only the first message, "it is...vulnerable under trademark law, since the customer will be confused." While a parody necessarily must engender some initial confusion, an effective parody will diminish the risk of consumer confusion "by conveying [only] just enough of the original design to allow the consumer to appreciate the point of parody." Question: What are the factors in evaluating a parody? The Supreme Court's four-part analysis in the Campbell v. Acuff-Rose Music case. (1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes. The Supreme Court held that the Campbell parody was protected despite the fact that it was a commercial recording. The Supreme Court confirmed that the "character" of the use does not include judicial second guessing about the tastefulness of the use: "Whether . . . parody is in good taste or bad does not and should not matter to fair use." Campbell at 582. (2) the nature of the copyrighted work; The fact that an image, like "Oh Pretty Woman" in the Campbell case, falls within the heart of copyrighted expression "is not much help in this case, or ever likely to help much in separating the fair use sheep from the infringing goats in a parody case, since parodies almost invariably copy publicly known, expressive works." Campbell at 586. (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; Parody's humor, or in any event its comment, necessarily springs from recognizable allusion to its object through distorted imitation. Its art lies in the tension between a known original and its parodic twin. When parody takes aim at a particular original work, the parody must be able to "conjure up" at least enough of that original to make the object of its critical wit recognizable. See, e.g., Elsmere Music, 623 F.2d, at 253, n. 1; Fisher v. Dees, 794 F.2d, at 438-439. Campbell at 588. Here, the parody similarly "conjures up" enough of the original to be understood as a parody. Since the text of the website does not mention Barney by name, it is the juxtaposition of the two photos that make the parodic point. (4) the effect of the use upon the potential market for or value of the copyrighted work. It seems highly unlikely that you will be able to prove even a small effect on the market for Barney products based upon this parody. But even if you could, the fact that a parody might hurt the market for the work is immaterial for purposes of fair use analysis of parodies: [W]e do not, of course, suggest that a parody may not harm the market at all, but when a lethal parody, like a scathing theater review, kills demand for the original, it does not produce a harm cognizable under the Copyright Act. Because "parody may quite legitimately aim at garroting the original, destroying it commercially as well as artistically," B. Kaplan, An Unhurried View of Copyright 69 (1967), the role of the courts is to distinguish between "[b]iting criticism [that merely] suppresses demand [and] copyright infringement[, which] usurps it." Fisher v. Dees, 794 F.2d, at 438. Campbell at 592. Question: Is Satire protected? Answer: No. You must be using the work you are making fun of. Using another copyrighted or trademarked work to make fun of someone else (i.e. using Green Eggs and Ham and a photo of Sam I Am to make fun of the Republicrats and Blenrod) is not parody and is not protected. Question: What exactly are the rights a mark owner has? Answer: Trademark rights come from actual use of the mark to label goods sold or from filing an application with the Patent and Trademark Office (PTO) that states an intention to use the mark in future commerce. These are two trademark rights: the right to use and the right to register. The person who establishes priority in a mark gains the ultimate right to use it to label or identify their goods or services. According to the Lanham Act, determining who owns a mark involves establishing who first used to identify his/her goods. The PTO determines who has the right to register the mark. Someone who registers a trademark with the intent to use it gains "constructive use" when he/she begins using it, which entitles him/her to nationwide priority in the mark. However, if two users claim ownership of the same mark (or similar marks) at the same time, and neither has registered it, a court must decide who has the right to the mark. The court can issue an injunction (a ruling that requires other people to stop using the mark) or award damages if people other than the owner use the trademark (infringement). Question: What is a "confusingly similar" mark? Answer: A mark that is confusingly similar so closely resembles a registered trademark that it is likely to confuse consumers as to the source of the product or service. Consumers could be likely to believe that the product with the confusingly similar mark is produced by the organization that holds the registered mark. Someone who holds a confusingly similar mark benefits from the good will associated with the registered mark and can lure customers to his/her product or service instead. Infringement is determined by whether a given mark is confusingly similar to a registered mark. The factors that determine infringement include:
Question: What are the limits of trademark rights? Answer: There are many limits, including: Fair Use There are two situations where the doctrine of fair use prevents infringement: The term is a way to describe another good or service, using its descriptive term and not its secondary meaning. The idea behind this fair use is that a trademark holder does not have the exclusive right to use a word that is merely descriptive, since this decreases the words available to describe. Parody Use Parodies of trademarked products have traditionally been permitted in print and other media publications. A parody must convey two simultaneous -- and contradictory -- messages: that it is the original, but also that it is not the original and is instead a parody. Non-commercial Use If no income is solicited or earned by using someone else's mark, this use is not normally infringement. Trademark rights protect consumers from purchasing inferior goods because of false labeling. If no goods or services are offered, there is no commercial use. News Reporting Even in a commercial use, you can refer to someone else's goods by their trademarked name when comparing them to other products. News reporting is also exempt. Geographic Limitations A trademark is protected only within the geographic area where the mark is used and its reputation is established. For federally registered marks, protection is nationwide. For other marks, geographical use must be considered. For example, if John Doe owns the mark Timothy's Bakery in Boston, there is no infringement if Jane Roe uses Timothy's Bakery to describe a bakery in Los Angeles. Question: What is trademark infringement? Answer: Although different courts have different tests, the central concept is confusion in the marketplace. The law protects against such confusion by ensuring that the marks on the same or similar products or services are sufficiently different. A plaintiff in a trademark infringement case generally must prove 1) she it possesses a valid mark; (2) that the defendant used the mark; 3) that the defendant's use of the mark occurred "in commerce"; 4) that the defendant used the mark "in connection with the sale, offering for sale, distribution or advertising "of goods and services; and 5) that the defendant used the mark in a manner likely to confuse consumers. Question: What is trademark dilution? Answer: A type of infringement of a famous trademark in which the defendant's use, while not causing a likelihood of confusion, tarnishes the image or blurs the distintiveness of the plaintiff's mark. For example, if someone tries to sell "KODAK" pianos, KODAK could stop the person--even if consumers were not confused--because "KODAK" is a famous mark, and its use on products other than film and film-printing accessories (or other products on which Eastman Kodak places the mark) dilutes its uniqueness. Question: What about attacks on the "wholesomeness" or image of the parodied image? The fact that plaintiff views the song as 'attacking' the wholesome image of its product bolsters defendants' arguments that this song involves a parody, therefore raising First Amendment concerns. See Dr. Seuss Enterprises, L.P., v. Penguin Books USA, Inc., 109 F.3d 1394 at 1400 (observing that parody is a form of social and literary criticism" implicating free speech interests under the First Amendment).
Mattel, Inc. v. MCA Records, Inc. 28 F. Supp. 2d 1120, 1141 (CD.Cal. 1998) (song "Barbie Girl" is a parody).
Email Hypothetical: Stop Sweatshops Campaign Against Neeke Stop Sweatshops (SS) is a nonprofit organization based in Portland Oregon. The organization's main goal is to lobby and educate consumers in the United States about poor working conditions in garment, apparel and footwear factories located in developing countries. Many of these factories produce products for the U.S. marketplace. In February 2002, SS became aware of an internal report prepared by an auditing firm for one of the leading U.S. sportswear and footwear manufacturers, Neeke. The report identified serious health and safety problems at factories in Thailand and Vietnam, including worker deaths relating to toxic vapors within a factory. The report contradicted many of the public reports made by Neeke concerning its factories and production facilities overseas. SS decided to begin an email campaign to alert the public about the allegations and the report in an effort to lobby for change. SS sent out letters and emails to its membership asking them to send emails to the Chairperson of Neeke as well as to several hundred other Neeke employees asking them to improve labor conditions overseas and to allow independent monitoring of their Southeast Asian factories. SS included the names and email addresses of Neeke employees as part of its action alert. As an alternative, persons could visit the SS website and type in an email message that would be sent automatically to several hundred Nike employees at once. At the end of automated messages was a notice stating that SS would remove any Neeke employee from the SS email distribution list if he or she contacted SS and asked to be removed. During the month of February, Neeke's servers were flooded with thousands of emails from members of the public who sent emails in response to SS's campaign. Neeke employees complained that their inboxes were flooded with emails relating to the SS campaign. Some of the email apparently contained derogatory content or allegedly threatening language. Neeke went to court and sought a preliminary injunction against SS to ban the organization and its members from sending further messages to Neeke employees. The Oregon court granted Neeke's request. Questions: What is the basis for Neeke's legal actions against SS?
What, if any, counter arguments does SS have with respect to its use of email as a tool for its educational campaign?
HYPOTHETICAL SCENARIO: THE "WANTED LIST" WEBSITE The Facts: On January 2, 2002, two doctors were shot to death as they were leaving the abortion clinic in Chicago where both had worked for nearly three decades. The next morning, Joe Rage, a long-time anti-abortion activist, turned himself in to the authorities, proclaiming that he had killed the doctors in accordance with the higher authority of his religion - which considered the doctors to be genocidal mass murderers. Abortion Is Genocide is an anti-abortion organization in San Francisco that was formed on February 1, 2002. On that day, it launched a "Wanted List" website which displayed the names, work and home addresses and phone numbers, and photographs of 10 doctors described as "cold-blooded murderers who have been guilty of the crime of genocide for aborting the lives of countless unborn babies." The Wanted List webpage offered a $10,000 reward for "information leading to the end of the practice of medicine by any doctor on this list through the revocation of his or her medical license, or through his or her abandonment of the practice of medicine." The Wanted List started with the names of the two doctors who had been shot to death outside the Chicago abortion clinic on January 2 - but a red line was struck through these names. Appearing in small print at the bottom of the webpage was the following statement: "Abortion Is Genocide does not advocate or support the use of violence." Keep Abortion Free is a long-standing organization that protects the right to abortion. Its members include, or have included, all of the doctors on the Wanted List. These doctors have been extremely fearful for their safety since the Wanted List was posted, and many have resorted to wearing bullet proof vests whenever they leave their offices and homes. A number of doctors have received death threats by phone and mail, as have members of their families. On February 2, Keep Abortion Free wrote a letter to both Abortion Is Genocide and its server, Serve The People, demanding that the Wanted List be removed from the Internet immediately. Abortion Is Genocide has not, to date, responded to the demand. However, on February 28, Serve The People agreed to terminate its service to Abortion Is Genocide. The Terms of Service Agreement between Abortion Is Genocide and Serve The People provided that "the parties agree that Serve The People may terminate service to Abortion is Genocide at any time, for any reason not prohibited by law." To date, Abortion Is Genocide has not been able to find another server that will allow it to post the Wanted List. On March 1, 2002, Keep Abortion Free and the eight doctors on the Wanted List who are still alive filed suit in federal court in San Francisco against both Abortion Is Genocide and Serve The People. The suit seeks: (1) An injunction (court order) barring Abortion Is Genocide from posting the Wanted List on any website or from disseminating the Wanted List any through other means; and (2) Money damages in the amount of one hundred million dollars against Abortion Is Genocide and Serve The People for: (a) Injuring the reputation of the doctors as the result of false and libelous statements made about them on the Wanted List website; and (2) Emotional distress suffered by the doctors as the result of being threatened with death and of being fearful of attack as the result of having their identities revealed on the Wanted List website. Questions: 1. Is Abortion Is Genocide's posting of the Wanted List protected by the First Amendment? Does the posting constitute a threat? Does the posting constitute incitement? 2. Can Abortion Is Genocide be held responsible for the emotional distress suffered by the doctors on the Wanted List based on a claim of libel? 3. If a doctor on the Wanted List were to be physically attacked or killed by someone who is not under the control or direction of Abortion Is Genocide but learned about the doctor's activities and tracked the doctor down through the information posted on the Wanted List, could Abortion Is Genocide be held liable for these injuries in part or in whole? 4. Can Abortion Is Genocide's ISP, Serve The People, be held responsible for any of the injuries suffered by the doctors on the Wanted List for having posted the Wanted List, and for having continued to post it for nearly four weeks after Keep Abortion Free asked that it be removed? 5. Does Abortion Is Genocide have grounds for suing Serve The People for terminating its internet service on February 28? Could Abortion Is Genocide get a court order forcing Serve the People to restore service? Note:
This hypothetical scenario is entirely fictitious. It is, however, loosely inspired by a real lawsuit that, while it presents materially different facts, presents a related set of legal issues. Argument in the case, Planned Parenthood of Columbia Willamette, Inc., v. American Coalition of Life Activists, 244 F. 3d 1007 (9th Cir. 2001), was heard by an en banc panel of the Ninth Circuit in December 2001. A decision is expected.
Client Side Denial of Service The e-boy collective The eboy collective is an international group of male artists and activists who are united to create art to promote world peace. In 1999, the eboy collective registered for the domain name eboy.com. The collective is headquartered in Amsterdam. E-boys.com, is a large clothing chain based in New York that sells clothing to male teenagers over the Internet. The eboy collective is several years older than E-boys.com, which was incorporated in 2001. In November 2001, E-boys attempted to buy the domain eboy.com from the collective for $700,000. eboy turned down the offer. On November 29, 2001, E-boys.com obtained a court injunction preventing eboy from operating a website at www.eboy.com, which had been registered before E-boys even existed. To obtain the injunction, E-boys told the judge that eboy.com was confusing to its customers and that the site contained lewd and pornographic images. The judge ordered the collective to close down their website or face paying $10,000 per day in damages. The eboy collective went into exile at an undisclosed numeric address. Many organizations saw E-boy's actions as a threat to independent publishers and small businesses on the Internet. In an effort to mobilize support for the eboy collective, another activist group, the Internet Beatniks, decides to stage a virtual protest against E-boys.com. They send out emails to members and supporters asking them to participate in a virtual sit in against E-boys. I-Beatniks, which is in no way associated with eboy, aims to publicize the widespread corporate abuse of democratic institution. To this end it solicits and distributes funding for "sabotage projects." The "sit-in" consisted of asking visitors to the I-Beatnik site to program their web browsers to repeatedly go to the E-boys site, potentially slowing its functions during the busy holiday shopping season. Visitors had to visit the I-Beatniks website and download automated software. After download, the software was designed to access the target site ever few seconds and to send an email message to E-boys.com. The announcement on the I-Beatniks website read: Blockade the E-boys.com website The virtual sit-in began on December 15, 2001. The "sit-in" had little effect on the first day, but massively overloaded E-boys's server on December 16 by filling its customer database with emails and unnecessary customer requests. Observers in both the US and Europe were unable to reach E-boys.com at times, and online ordering was slowed down or blocked. It is estimated that more than 50,000 people participated in the virtual sit in. E-boys stock has plummeted over 50% since Nov 29, the day that the company was granted a court injunction. Before that day, E-boys stock had been rising. Having lost a day's worth of orders, during the holiday season, E-boys found itself with extra inventory on hand and had to extend its deadline for Christmas delivery until Saturday, the second slowest day on the web. In January, E-boys announced to the press that it was "moving away" from its lawsuit against eboy in response to the public outcry. E-boys dropped its case against eboy "without prejudice". E-boys has also formally agreed to pay eboy's court costs and other expenses incurred as a result of the lawsuit. What, if any, legal consequences do the I-Beatniks actions have? Can they be prosecuted for their actions?
Might they also be sued?
HYPOTHETICAL SCENARIO: WEBSITE-DEFACING MINOR CHARGED WITH FEDERAL FELONIES Basics You are the parent of Jamie Butterfly Smith, a 17 year-old high school student residing here in San Francisco. Jamie has been involved with the Redwood Liberation Front (RLF), a "nonviolent direct action environmentalist group" focusing on preserving the environment and integrity of Northern California federal lands. Her involvement for the past several years initially stemmed from your periodic participation, but she has taken a leading role in the organization. Jamie's participation with RLF has included in-school educating activities, letter-writing, fundraising, and extensive online communications, organizing and web development work. Jamie, although an organizer, has never participated in on-site "Tree Sit-ins," a staple part of RLF's activism, because she was a minor. RLF policy encourages only RLF members of legal age to participate in direct actions that may face arrest. It seems, though, that Jamie has found an alternative way of facing arrest for her civil disobedience. 10 minutes ago, you received a call at your work from an FBI agent explaining that your daughter was voluntarily in FBI custody at your house. The agent indicates that Jamie is facing federal charges for an act she has voluntarily admitted to and described as "ethical disobedience in the tradition of Thoreau, Rosa Parks and Edward Abbey" - the defacement of Washington-based lumber company WillamaHouser Pacific's corporate website. After rushing home to your daughter, and leaving a voicemail with a local criminal defense attorney who periodically provides pro bono representation for RLF members, you discover the whole story, and that WillamaHouser Pacific has served you with notice that it has initiated suit against you for Jamie's actions. Your husband, who arrived home before you, is supervising several FBI agents carrying out the family computer. He shows you the search warrant they served him. It appears that your daughter Jamie gained access to the computer running the WillamaHouser Pacific webserver early yesterday morning via a server exploit, and modified the contents and links of the external web homepage. Specifically, Jamie utilized the family computer and its cable Internet connection to establish a secure "virtual private network" (VPN) to the RLF webserver and applications database computer, a computer at a fellow RLF member's house that Jamie had access to. Through the VPN to the RLF box, and using a shell account on the RLF machine, Jamie established a routine http connection to WillamaHouser Pacific's webserver, and took advantage of an un-patched web server vulnerability to gain administrator access to the WillamaHouser Pacific box. Once Jamie had aministrator-level access to the WillamaHouser Pacific box, she created a temporary directory, proceeded to make an archive copy of the WillamaHouser Pacific external website directories in that directory, and then downloaded the compressed archive to the home computer. After this archiving and copying, she renamed the "index.html" file in the base directory of the WillamaHouser Pacific webserver "oldindex.html," and copied in a new "index.html" that she had earlier created. To cover her tracks, Jamie then deleted the http connection log in the WillamaHouser Pacific webserver, and deleted her temporary directory. 11 minutes after she had connected, Jamie closed the http connection to the WillamaHouser Pacific webserver, and was done. The new WillamaHouser Pacific website that greeted visitors later that morning was arguably more informative that the previous, somewhat corporate drone-ish, website. While still clearly retaining much of the layout, graphics and categories the old site had, the information was now much more geared towards the irreversible environmental impact of systemic logging. While the link to the 2001 annual report was gone, there were now links to EPA.gov, a list of WillamaHouser Pacific employees who had previously been US Forest Service employees in a supervisory role, a table comparing their corporate and government salaries, and a nice table correlating dates of Forest Service logging approvals by those government employees and their subsequent start dates at WillamaHouser Pacific. The WillamaHouser Pacific slogan "Forest Products Help the World" had been replaced with "Intact Forests Help the World." It seems that Jamie was less than perfect in covering up her defacement, though. The freeware FTP client, WhoopsFTP, she used to retrieve the archived WillamaHouser Pacific site to the home computer, and that uploaded the modified homepage, left a text file titled "whoops_FTP.log" in the base directory of the WillamaHouser Pacific webserver. The file was relatively small, but it contained "Jamie Butterfly Smith" as the name of the person who registered the version of the WhoopsFTP program, and contained a record, complete with IP addresses, of the transfer of the two files. Unfortunately, the WillamaHouser Pacific FTP server that Jamie used as a FTP server also logged a connection from the RLF computer at the same time. Further, the system log for the WillamaHouser Pacific computer recorded the time the webserver logged a buffer overflow, and the time the http connection log was deleted. These times all matched up. The FBI officers let you know that they have received word that the newly-appointed US Attorney has indicated that your daughter will be prosecuted for multiple violations of the Computer Fraud and Abuse Act. Additionally, the office has not yet decided, but is considering charging her with interstate transportation of stolen goods, a wiretapping violation and identity theft as well. The US attorney is apparently quite concerned about "domestic environmental terrorism" and the "encrypted communications" your daughter used to commit the defacement. After a few deep breaths, you take a phone call from the lawyer you called earlier, who tells you WillamaHouser Pacific's suit against you is asking for $115,000, $5,000 for the cost of the website your daughter "stole," and $110,000 for the cost of "patching the server damage, lost goodwill, lost profits, security analysis, forensic determination of damage, security consulting, employee redirection costs, and hardware replacement." OK, what do you do next? HYPOTHETICAL SCENARIO: UTILITIES WHISTLEBLOWER NOW A HACKER CHARGED WITH FEDERAL FELONIES Basics You are Linea Roja, the director of a non-profit poverty relief advocacy group called Citizens against Red-lining. (CAR) You are facing a considerable legal snafu. A recent breakthrough in your efforts to force the local telephone monopoly Kvetch Communications to upgrade to enhanced emergency 911 service in all San Francisco neighborhoods, non-discriminatorily, has turned into a nightmare. A junior member of the CAR staff, Martin L. Kaiser, (MLK) had been spearheading investigations into allegations that Kvetch was dragging it's feet, more than a year behind in upgrading 911 call identification service to certain poor neighborhoods, but completely compliant in wealthier areas of itS service area. A major breakthrough had occurred when Martin acquired the "e-911 Deployment Master Plan," a comprehensive, confidential, and rather incriminating electronic document from Kvetch. The document immediately went up on the CAR website, along with a carefully researched mapping of the economic distribution of the various San Francisco neighborhoods, and a creative use of some transparent images that showed how almost exactly correlative the proposed Kvetch plans were with neighborhood poverty. Along with phone calls from local and national press, and congratulations, a visit by the FBI and a notice of civil suit from Kvetch came the very next day. No legal novice, you had consulted with a law student friend before posting the Kvetch document on the web. MLK had told you he had gotten the file from a "secret source" inside Kvetch. You had been worried about trade secret law, but the law student also told you about possible wiretapping and computer trespass concerns. After some talk, the law student had also told you about a recent Supreme Court case called Bartnicki, where a radio station had been absolved of liability for playing an illegally wiretapped call, because someone else, a "secret source," had been the one who wiretapped illegally. You and the law student both agreed that you were glad that you were not MLK's "secret source," and that, especially because of Bartnicki, it was probably OK to post the document. After all, you were non-profit, and this validated a good year's worth of your suspicions and research. Earlier that day, right before the FBI and the letter came, but after most of the congratulatory calls, was when the nightmare started. At an all-staff meeting, MLK revealed he himself was the "secret source." He had broken into Kvetch's internal network and retrieved the document. MLK was also the tech. guy for CAR, and you knew how good he was with computers, and how well equipped the CAR computer systems were for the shoestring budget you had, so this did not seem entirely unbelievable. MLK, using several accounts he had on various non-profit and public-use service providers, had been probing and entering the Kvetch internal network for about 2 weeks prior to his discovery. He had initially gained access to the Kvetch senior management's document server using an account he had with EasyspeakNet, a Seattle-based ISP that provided MLK with a shell account, and access to the ISP's in- & out-bound modem pools. MLK had dialed into Kvetch on his EasySpeakNet account and a Seattle modem, via an unsecured Kvetch dial-up modem he had discovered that was likely for traveling executives. After looking around most of the server, and encountering no actual access restrictions, he discovered the password-protected directory entitled "enhanced911_confidential" When he attempted to access the directory, he was presented with a password prompt requesting a username and password. Knowing that Kvetch's CEO was Jack Johnson, MLK decided to give it a try. On his first try, with the ID "jjohnson" and the password "password", MLK accessed the directory, where he found the document and 5 prior versions. MLK quickly copied the document to his EasySpeakNet account, and emailed a copy to his CAR account from his EasySpeakNet account, just to be sure. He also cc'd the system administrator at EasySpeakNet, his personal friend Lenny. It was from Lenny that MLK had initially learned that Kvetch had unsecured dial-in modems, and MLK wanted to share the document with Lenny as a means of thanks, and to let him know he'd succeeded in his plan. The FBI visit later that afternoon isn't entirely unexpected, but it is short. MLK agrees to go with the FBI agents for questioning, and you arrange for a lawyer to be present at the FBI office. The FBI also indicates that other agents will be there soon with a search warrant. But the process server beats them. Kvetch is suing CAR for theft of trade secrets and civil violations of the Computer Fraud and Abuse Act. While still waiting for the FBI search warrant, MLK's lawyer calls from the FBI office, and tells you the crimes MLK faces. Acronyms like ECPA, CFAA and ITSP fly around as she explains the charges. Her good news is that no one else at Car is apparently under investigation. Her bad news is that MLK's Seattle friend Lenny is apparently being charged with conspiracy. Her subsequent email lists out the charges in detail (not that it helps much.) It reads like a laundry list:
OK, faced with a civil suit, and MLK facing criminal charges, what do you do next?
HYPOTHETICAL SCENARIO: TOOLS TO FREE THE WEB Concerned about the censorship and other human rights violations of those who live in countries that require all Internet traffic to be filtered through government-controlled servers or some other sort of firewall, a group of programmers called the Group of the Live Pig (GLP) have created a computer program called "Lookatitall." Lookatitiall allows those living in such countries to fool the firewall into thinking that they are looking at one website when they are actually looking at another. The software is released into under an open source or free software license. The country of Myanistan requires that all ISPs be licensed by the government and that all Internet activity by its citizens be filtered through a government server/firewall system to scan for "terrorist, destablizing, unpatriotic, pornographic or blasphemous material, or material that violates the intellectual property rights of others pursuant to treaty obligations."
What's Legal to DoHere are a variety of online activism techniques that are legal in most circumstances barring activities such as defamation, slander, credible threats of imminent harm, and copyright violations:
|
|
|
|
||
|
|
||||||
|
|
Please send any questions or comments to webmaster@eff.org. |
|||||