Anti-spammers are buzzing (and unhappy) over a ruling issued by a North Dakota judge today slamming David Ritz (Sierra Corporate Design, Inc., v. David Ritz).  (See here (Al Iverson), here (The Spam Diaries), and here (Spamsuite).)  Spamsuite has a link to the judge's 12 page order, which Iverson describes as "WAY wrong."  (Here's an article in the UK's Register.  The case is certainly getting some attention.)

The Underlying Case

I don't recall seeing the underlying complaint, but you can glean the gist from the court's ruling, which is reasonably well written.  Sierra Corporate Design sued David Ritz, alleging that Ritz improperly accessed certain information from Sierra's servers.  Ritz then published this information, although this isn't at the crux of Sierra's claims.  The court initially granted partial summary judgment in favor of Sierra, and now, in a 12 page order, slams Ritz and  awards Sierra approximately 2K in damages, 50K in exemplary damages, and imposes a 10K contempt sanction against Ritz.

Iverson (et al.) are up in arms because the court's order focuses on Ritz's conduct of a "zone transfer":


What to Make of This?

Many people are flagging the basic issue that the conduct Ritz engaged in is commonly engaged in by many people on a regular basis and is not itself harmful.  Hmmmm.  That argument sounds familiar.  Where have I heard that one before?  Why yes, that's the same argument many legitimate companies make when they've been sued by an anti-spammer.  But that's neither here nor there.

As far as Ritz's underlying conduct, one important thing to keep in mind is that the federal statute which is aimed at unauthorized access to computers has been interpreted in a way that very much relies on what's "expected" or "typical".  Conduct that is otherwise proper can cross the line if effected for an improper purpose.  For example, you have authorization to view ("access") a website, but if you access the website in order to extract email addresses (or use a bot) this could constitute a violation of the Computer Fraud and Abuse Act.  (See, e.g., Register.com, Inc. v Verio, Inc., 126 F Supp 2d 238, (S.D.N.Y. 2000).)  Indeed, the ND Judge alludes to this in her order (Conclusions of Law, par. 2).

But that may not have caused the judge to reach the conclusion which she reached.  Reading on in the order, the court states several times that Ritz provided "false" testimony.  (It's not often a court characterizes testimony as blatantly "false".)  According to the judge Ritz also violated the terms of an injunction.

____

I don't know whether the court's conclusion is legally sound.  Since no one's pointing to any transcripts or evidence (which I guess the court sealed) we have no way of knowing whether the conclusions are factually sound either.  But they don't seem that far out in left field.  If an appeals court agrees with the trial court that Ritz provided shifty testimony and violated an injunction I wouldn't be surprised to see the decision affirmed. 

At any rate, it's interesting to see one side in the great spam war using the exact same arguments that its opponents frequently use.  I wonder if people ever pick up on this (how they sound like their polar opposite)?