Forgot your password?
typodupeerror

Virginia High Court Wrong About IP Addresses 174

Posted by CmdrTaco
from the i-was-wrong-about-milli-vanilli dept.
Frequent Slashdot contributor Bennett Haselton writes "The Virginia Supreme Court has ruled that the state's anti-spam law, which prohibits the sending of bulk e-mail using falsified or forged headers, violates the First Amendment because it also applies to non-commercial political or religious speech. I agree that an anti-spam law should not outlaw anonymous non-commercial speech. But the decision contains statements about IP addresses, domain names, and anonymity that are rather basically wrong, and which may enable the state to win on appeal. The two basic errors are: concluding that anonymous speech on the Internet requires forged headers or other falsified information (and therefore that a ban on forged headers is an unconstitutional ban on anonymous speech), and assuming that use of forged headers actually does conceal the IP address that the message was sent from, which it does not." Click that magical little link below to read the rest of his story.

The first 20 pages of the decision, which are all about legal standing, jurisdiction, and overbreadth, made my eyes glaze over. I'm not analyzing those at all except to point out that on most of those issues, the lower court came to exactly the opposite conclusion from that of the Virginia Supreme Court, and there is no reason to think that the higher court is any more likely to be "correct" than the lower court (even granting the assumption that there is an objectively "correct" answer to these questions). Any time you feel intimidated by "experts," it's helpful to step back and ask whether the alleged experts even agree with each other.

Page 21 is where the technical stuff starts that we can tear apart directly. The decision says, in talking about the transmission of e-mail:

The IP address and domain name do not directly identify the sender, but if the IP address or domain name is acquired from a registering organization, a database search of the address or domain name can eventually lead to the contact information on file with the registration organizations. A sender's IP address or domain name which is not registered will not prevent the transmission of the e-mail; however, the identity of the sender may not be discoverable through a database search and use of registration contact information.

These are statements that are only true if you play some kind of parlor game to find a way to read them as "true," not statements that indicate the court knew what was going on. To review: IP addresses in the U.S. are generally allocated by ARIN in blocks to Internet service providers and Web hosting companies; these companies then lease the IP addresses to their customers. You can look up an IP address with ARIN to determine which ISP or hosting company has been assigned that particular block, but the ISP or hosting company generally won't tell you the identity of their customer who has leased it from them. And anybody can register a domain, but most domain registrars give you the option of registering the domain anonymously, so that only the registrar knows the owner's true identity. So the court's statement that a database search "can eventually lead" to contact information is correct only if you clarify that it "can" lead there, but it usually won't. As a finding of fact, this is 100% true, and about as useful as "Obama might win in November. Or he might not."

But it's impossible to defend what the court says next:

As shown by the record, because e-mail transmission protocol requires entry of an IP address and domain name for the sender, the only way such a speaker can publish an anonymous e-mail is to enter a false IP address or domain name. Therefore ... registered IP addresses and domain names discoverable through searchable data bases and registration documents "necessarily result[] in a surrender of [the speaker's] anonymity."

Now, there are two possible definitions of "anonymity" to consider: (1) you can be anonymous to the extent that ordinary citizens reading your content cannot determine your identity without a subpoena; or (2) you can be anonymous to the extent that even the government, armed with subpoenas and wiretaps, can never find out who you are. But under either interpretation of the word, the court's statement that "the only way such a speaker can publish an anonymous e-mail is to enter a false IP address or domain name," is wrong.

By default, almost all Internet users are already anonymous in the first sense, even without using forged headers or other tricks in their e-mails. When you send e-mail through your own Internet service provider's mail server, or when you log on to Hotmail and send messages from a Hotmail account, or when you lease a dedicated server from a Web hosting company and use it to send mails, the messages don't contain any more information about your true identity than you decide to put in them. Only the government could ordinarily discover your identity in those cases, by looking at the IP address that the message was sent from, and subpoenaing the Internet service provider or hosting company for the identity of the person using that IP address at that time.

But there are even ways to be anonymous in the second sense -- such that not even the government could identify you -- without resorting to forged e-mail headers. You can create Hotmail and Gmail accounts without giving the providers any of your true information. When you send messages through those services, they pass along the IP address that you used to connect to their Web sites, but you can obscure your IP address as well, by using an anonymizing proxy or a service like Tor.

Elsewhere in their decision, the court indicated that what they really wanted to protect was the right to send anonymous bulk e-mails that were political or otherwise non-commercial. But even by that standard, it's still possible to use Hotmail and Gmail together with an anonymizing proxy (the mail services do impose limits on how many messages each account can send in a day, but if you want to send bulk mails badly enough, you can always sign up for multiple accounts). And if you only care about staying beyond the reach of U.S. subpoena power, you can always sign up for a dedicated host overseas and send the bulk mails from there.

Apart from the court's misstatement that forged headers are the only way to publish anonymously in e-mail, there is the incorrect presumption that forged headers actually do afford anonymity in either of the senses given above. The court wrote, "[T]he only way such a speaker can publish an anonymous e-mail is to enter a false IP address or domain name." But while it is possible to enter any domain you want in your return e-mail address when you send an e-mail, the court apparently didn't know what it was talking about when it referred to "entering a false IP address." You can't just "enter" any arbitrary IP address when sending an e-mail. If user@domain name.com receives an e-mail, the mail server at domain name.com has to receive the message over a connection made from some other machine, and the domain name.com mail server can always see the IP address of the machine on the other end of the connection. Normally, this machine on the other end would be the mail server of the sender's Internet service provider. Or if the sender has leased a dedicated machine at a hosting company, that dedicated machine would be the one connecting to the domain name.com mail server. Some desktop spamming programs let you turn your home computer into the sending mail server, so that it connects directly with the remote mail server to send the message. In all of these cases, the receiving mail server can see the IP address of the sending machine, so a government subpoena would usually be enough to determine the sender's identity. (I know you all know this, but I have delusions that some helpful clerk will print out this article and explain this to the judge.)

When spammers "enter" false IP addresses in sending mails, that usually means entering made-up IP addresses in headers that are sent along with the contents of the message. However, these would normally only have the effect of throwing someone off the trail who opened the message sent to user@domain name.com and was reading the headers manually. Perhaps they would see some random IP addresses scattered in the headers, would go to ARIN and look up the hosting company or ISP that those IP addresses were assigned to, and would mistakenly file a complaint with that company. But the domain name.com server can always see the true IP address that the message was received from, and for people who know how to read the headers properly, that IP address will be indicated in the headers as the address that connected to the domain name.com mail server to send the mail.

So the court's statement that "the only way such a speaker can publish an anonymous e-mail is to enter a false IP address or domain name" is doubly wrong: because it's easy to send e-mails anonymously without using forged headers, and because forged headers do not in fact provide the level of anonymity that the court said should be protected anyway. The only way to truly obscure your identity by hijacking a third-party IP address without permission, would be to hack into a third party's computer, by infecting a user's home computer with a Trojan horse for example, and using it to send mail. Presumably the court was not contemplating that such an activity should be considered legal, even as a means of sending political speech.

It would presumably be unconstitutional for an anti-spam law to prohibit anonymous political e-mails which attempted to hide the sender's identity -- that is after all what "anonymous" means! You couldn't pass a law outlawing Tor, for example. But the Virginia law doesn't apply to senders merely trying to hide their identity, it applies only to the use of computers "to falsify or forge electronic mail transmission information or other routing information in any manner in connection with the transmission of unsolicited bulk electronic mail" (emphasis added). There is a difference between obscuring one's identity (which Tor and anonymous remailers allow you to do), and actively trying to frame an existing third party by using forged headers to make the mail appear that it came from somewhere else, especially when sending bulk mail, which is likely to generate complaints whether it's commercial or not.

By contrast, the Washington anti-spam law prohibits any mail which "misrepresents or obscures" the origin of the message (emphasis added). This is broader and could be construed to include a wider range of things, such as the use of overseas IP addresses to send bulk mail on behalf of a U.S. company, or the use of anonymously registered domains to hide the sender's identity. It would probably be unconstitutional to prohibit these obscuring techniques for non-commercial anonymous e-mail, which is why the Washington law specifically applies only to commercial messages.

But here I'm getting into issues like constitutional law where different experts might disagree. The clear-cut technical fact is that, contrary to the court's ruling, forged e-mail headers do not provide true anonymity when sending mail, whereas there are other, legal, ways of sending mail that do make the sender truly anonymous.

What is frustrating about the court's misstatements about IP addresses, domain names, and anonymity, is that the judge is obviously intelligent and could have understood the concepts if they had been explained correctly to him. I held some misconceptions for a long time myself about domain names and IP addresses, because the first explanations I read were incomplete or wrong, or I didn't understand them. But the mistakes in the ruling would have been caught if the judge had just showed a draft to an Internet guru and said, "Hey, can you check if there's anything wrong here?" I know, I know, that's "just not done" (and there are probably formal rules in most states against showing a draft of a ruling to a third party before publishing it, even if the third party reviewer is sworn to secrecy, as they should be). But there's nothing stopping the judge from asking a technical expert during the trial, "It seems to me that the only way to publish anonymously on the Internet would be to use forged headers in e-mail. Can you tell me if that's right before I go too far down that line of reasoning?"

I've appeared before judges in Small Claims court who did ask questions about any part of the technical issues that they wanted to understand, and were even willing to revise some prior misconceptions. But all of them, even the open-minded ones, proceed by gathering information during the trial, and then in the conclusion, spell out their argument and their ruling (during which time you're not allowed to interrupt), which is then set in stone unless you appeal. I've never seen a judge say, "Here's the line of reasoning in my head right now, and my tentative conclusion. Is there anything in that chain of reasoning that you want to dispute, before I make it final? I am not promising to change my mind just because you disagree with something. But I will take it into account." This is essentially what scientists do when they submit their papers for peer review before publishing them, to minimize the chance of making an error. Judges could do the same thing -- if not formally, because they're not allowed to show opinions to third parties, then at least informally, by running their ideas past the experts assembled in their courtroom -- to reduce the chance of making a mistake. But have you ever heard of a judge doing that?

The Virginia judges probably did about as well as one could be expected to do, having learned all these technical terms only recently, and then withdrawing to their chambers to form an argument without any feedback from any technical experts. So, given the technical howlers that ended up in the ruling, the moral is that forming an argument in isolation from experts is probably not the right way to go about it.

This discussion has been archived. No new comments can be posted.

Virginia High Court Wrong About IP Addresses

Comments Filter:
  • by ZERO1ZERO (948669) on Wednesday October 01, 2008 @12:05PM (#25220093)
    Man, I was gonna read it, but I clicked and then by the time I scrolled down a bit, and a bit, I was too tired and/or bored to continue.
    • by rob1980 (941751) on Wednesday October 01, 2008 @12:07PM (#25220135)
      Most /. articles that start with Frequent Slashdot contributor Bennett Haselton writes... end up that way. You can always choose not to read them.
      • by garett_spencley (193892) on Wednesday October 01, 2008 @12:10PM (#25220203) Journal

        "You can always choose not to read them."

        Damn. I wish someone had told me that 20 minutes ago :(

      • by electrictroy (912290) on Wednesday October 01, 2008 @12:30PM (#25220571)

        >>>But the decision contains statements about IP addresses, domain names, and anonymity that are rather basically wrong, and which may enable the state to win on appeal.

        So who would the State of Virginia appeal to? (just curious)

        • by morgan_greywolf (835522) on Wednesday October 01, 2008 @01:02PM (#25221061) Homepage Journal

          SCOTUS [wikipedia.org], especially in a case like this where their are likely federal issues, since it involves a lil' ol' network [wikipedia.org] that spans the entire globe:

          Federal courts may only overrule a state court when there is a federal question, which is to say, a specific issue (such as consistency with the Federal Constitution) that gives rise to federal jurisdiction. Rulings of state supreme courts on such matters may be appealed directly to the Supreme Court of the United States.

      • by nine-times (778537) <nine.times@gmail.com> on Wednesday October 01, 2008 @12:36PM (#25220685) Homepage

        You don't have to tell us. Nobody here reads the articles or the summaries. Hell, we barely read the comments they're responding to.

        • by Atzanteol (99067) on Wednesday October 01, 2008 @01:06PM (#25221127) Homepage
          You're right. Most of us don't even finish reading the posts we're replying to either.
          • Me too. I get really annoyed wehn people seem to respond half-assed to my comments, and then it doesn't make sense because it doesn't even seem like they're responding to my post or even that they read my post and it doesn't make a lot of sense either. It's I'm all liek, didn't you even read my post? Did you even read your own post?

            I don't think people even read their own posts.

            • by spazdor (902907)

              Exactly. I'm in the same boat, and it pisses me off SO MUCH when people misunderstand the source of the sub-prime lending crisis. I couldn't agree more.

          • Re: (Score:3, Insightful)

            by Ihmhi (1206036)

            Some of us don't even finish writing the

        • by mcgrew (92797) *
          I'm sorry, I wasn't paying attention. What?
        • > You don't have to tell us. Nobody here reads the articles or
          > the summaries. Hell, we barely read the comments they're responding to.

          I couldn't agree more. The fact that Barrack Obama thinks he can win the election without being underhanded tells me he doesn't have the stones to be a world leader.

        • Re: (Score:2, Funny)

          by Narlaquin (1353067)

          You don't have to tell us. Nobody here reads the articles or the summaries. Hell, we barely read the comments they're responding to.

          It looks like you didn't even read the comment that you were writing.

      • by Obfuscant (592200) on Wednesday October 01, 2008 @12:48PM (#25220847)
        He lost me when he said he thought that non-commercial anonymous spam should be legal.
    • Man, I was gonna read it, but I clicked and then by the time I scrolled down a bit, and a bit, I was too tired and/or bored to continue.

      There are prescription medications to help with that.

    • Re: (Score:3, Insightful)

      by elrous0 (869638) *
      Perhaps some contributors misunderstand the concept of a "summary." I've seen more than a few who could definitely use a primer on the effectiveness of "brevity" as well.
      • by value_added (719364) on Wednesday October 01, 2008 @02:45PM (#25222701)

        Perhaps some contributors misunderstand the concept of a "summary." I've seen more than a few who could definitely use a primer on the effectiveness of "brevity" as well.

        Fair enough, but I honestly think that in this case, the overlong and verbose summary is a refreshing change. What generally and typically passes as a "story" is most often a few scant one-line paragraphs that summarises, or worse, describes and editorialises, a real event or an issue.

        It's not unlike what we routinely get from an organisation like CNN, where "news" is offered up in the form of sound bites, provocative graphics, and an absurdly dramatic soundtrack. If it wasn't for the pseudo passionate mumblings and fixed but empty stares of Anderson Cooper, or the rumbling drone from Wolf Blitzer, we could step back and recognise that what's presented is mostly devoid of content.

        If you think that's an exaggerated comparison, try reading future Slashot stories with lynx (or just dump it to less, like I do). By the time you find the actual content, you realise there's not enough there to even bother with. In Slashdot's case, it's a truism that what's of most value is found in the contributions of its readers. It's similarly the case that most of us wait for or anticipate a reader offering up the real meat of the story, or some unique insight into it. We don't read the articles just because we're lazy. We don't read them because what's found on the pages of Slashdot is simply better.

        Think of it this way -- this may be the one time where we should be modding the summary instead of the posts!

    • by Karganeth (1017580) on Wednesday October 01, 2008 @12:34PM (#25220657)
      Try using spreeder. It increases the speed you can read at by a lot. http://www.spreeder.com/ [spreeder.com]
      • by thrillseeker (518224) on Wednesday October 01, 2008 @12:59PM (#25221013)
        if by "increase the speed you can read", you mean "move eyes across words rapidly without increasing comprehension", then yeah, maybe ...
        • Re: (Score:3, Funny)

          by PPH (736903)

          Won't help me a bit. Unless it increases the rate at which I can move my lips.

      • Re: (Score:3, Interesting)

        Huh? Interesting, but it seems to actually slow me down... I think it would for most people unless you're in the habit of reading only one word at a time. But I think for most people it's customary to pick up several words at a time while reading fast.

      • Try using spreeder. It increases the speed you can read at by a lot.

        You must be joking but...
        I think this is valid only if your reading speed is very slow to begin with. People who have normal reading abilities will take in several words at a time. Your eyes are not really that sharp but your brain will help you fill in the rest, or something like that. Seeing only one word at a time seem damn inefficient to me.

        The best way to learn to read faster is by reading a lot. I do, and I can easily read 800 wpm f

    • by Sloppy (14984) on Wednesday October 01, 2008 @12:53PM (#25220913) Homepage Journal
      I think his best and most-core argument is right here:

      There is a difference between obscuring one's identity (which Tor and anonymous remailers allow you to do), and actively trying to frame an existing third party by using forged headers to make the mail appear that it came from somewhere else

      and I really wish someone had put that sentence right in the court's face.

    • Re: (Score:3, Insightful)

      by omeomi (675045)
      I got about a quarter of the way down, and realized it wasn't worth continuing...

      but the ISP or hosting company generally won't tell you the identity of their customer who has leased it from them...So the court's statement that a database search "can eventually lead" to contact information is correct only if you clarify that it "can" lead there, but it usually won't.

      Unless, of course, you have a subpoena, in which case the ISP or hosting company will most certainly tell you. And they will likely do
  • by oneiros27 (46144) on Wednesday October 01, 2008 @12:06PM (#25220105) Homepage

    As much of the issue in this case seemed to involve forged headers, have any of the companies whose domain names were used in a forgery ever tried suing under slander laws?

    • Re: (Score:3, Interesting)

      by gnick (1211984)

      There may be a few willing to try, but I'm sure they're a minority. I just logged in to my 'spam' box to check the domains being used. The vast majority seem to be legitimately registered domains selling 'R0lex R3plicas' or 'V1agra'. A small subset are from 'bankofamerica.com', 'wachovia.com', or 'easternbank.com' presumably from people who feel sufficiently isolated from a US lawsuit. The rest are from gmail or yahoo accounts or domains that I assume don't even exist. I'd be surprised if there were en

      • Re: (Score:3, Interesting)

        by Anonymous Coward

        In recent months, a client of mine has been joe jobbed so heavily that they've been unable to work due to backscatter. Not only is their business name being used in connection with spam promoting online gambling sites but being self employed and relying on email for their work it's costing them money.

        You hit the real problem though...

        presumably from people who feel sufficiently isolated from a US lawsuit.

        If ever there were a class of criminal deserving of rendition protocols and gitmo style internment...

    • by swingerman (29475)

      Actually, there would be no cause of action for slander on these facts -- identity theft, maybe, but not slander. Other requirements aside, slander requires an oral statement, and an email is a "written" statement not an oral one. The correct tort, if it applied, would be libel. However, the other requirements for libel would most likely not be met. The more appropriate tort would be invasion of privacy, either appropriation or maybe even false light, though those may be a stretch.

  • by Anonymous Coward

    There was no such decision by the Supreme Court! I staged a man in the middle attack and FOOLED you with my forged headers!

  • > ...which may enable the state to win on appeal.

    This is the Virginia state supreme court ruling against Virginia state law. Just who do you think they are going to appeal to?

    • by KiahZero (610862)

      The state can appeal to the USSC, since it's a state court applying federal law (the Constitution).

      Whether or not the USSC will actually grant certiorari (hear the case) is another matter entirely.

      • by idiotnot (302133)

        Yes, and the court wrote that SCOTUS is more likely to be on their side; the federal courts would prefer that state courts not interpret federal constitutional issues narrowly.

        What will happen is that the General Assembly will revise the law, limiting it to commercial e-mail. Unfortunately, the way Virginia law works, spammers again have free reign until 1 July.

  • This is the same court system that required a server's RAM to be held as evidence, since it was a data-storage device.

    Someone will challenge this, and the State will lose. That's the way the system works.

  • by timmarhy (659436) on Wednesday October 01, 2008 @12:24PM (#25220491)
    spam != anonymous mail or free speech. for a start it's not anonymous by it's very nature - they WANT you to contact them and know who they are. it's also not free speech, because free speech means i'm free not to listen or help you in anyway. spam intrudes on my inbox.
    • by Mitreya (579078)
      or a start it's not anonymous by it's very nature - they WANT you to contact them and know who they are.

      You would think so... many of them advertise as referrers (have the damn referrer ID in the link), so they don't want you to contact them, just to click and pass their mostly anonymous referrer ID to the seller.
      And then there's the stock pump and dump schemes that don't want you to contact them.

  • So they think IP addresses are like ID cards and nobody can spoof them... shows the sorry state of affairs and why we get so much spam and nobody is accountable for it and why they can't catch the spammers.

  • Virginia needs to consider the economic benefits of spam [today.com].

  • by KiahZero (610862) on Wednesday October 01, 2008 @12:30PM (#25220583)

    IANALY, because I have another 1.5 semesters and a bar exam to go. However, I still know a lot more about the law than you, which is why I know things like this was a VA Supreme Court case, not a trial.

    Appeals don't work like your small claims cases (thank the gods). You have written briefs from the parties and any interested amici curiae, which is where your technical experts come in. The "trial" is oral arguments before the justices (not "judges") of the VASC, where the two parties have fifteen minutes to emphasize certain parts of their cases while the justices interrupt with questions as the mood strikes them. Typically, this is where the justices ask for further explanations of the arguments in the brief, generally about things that seem not to make sense or could use further clarification. Sometimes, justices will ask questions that draw better arguments out of a party, so as to convince other justices around to their way of thinking.

    A justice would never ask, "Well, I'm going to rule this way; what do you think," because that's not the appropriate language for the Court; you're confusing a peer-to-peer relationship with one that is decidedly not. The attorneys for the parties aren't peers of the justices, and the amici aren't peers of the justices. Your role as party or amici is to provide the justice with the information the justice wants in order to come to a conclusion. However, justices will ask questions to get at facts they need, and a skilled lawyer will be able to figure out where a justice is headed from a question, and explain why that reasoning is good or bad.

    It's all well and good to have a layman's critique of the system, but it would help if the layman wasn't basing his opinions on completely irrelevant experiences and actually knew something about the system he was critiquing. Hell, even a quick Wikipedia search would have prevented basic misunderstandings about the nature of the court: http://en.wikipedia.org/wiki/Supreme_Court_of_Virginia [wikipedia.org]

    • That is an interesting point and while there is apparently a shortage of law geeks here on Slashdot (I do happen to know someone with both a law degree and a PhD of CS, but that is probably fairly rare) we IT and developer geeks do provide, collectively via the comment and moderation system here on Slashdot, good technical commentary and fact checking which might be useful to your justices as part of an amici curiae brief in order to more fully inform them of the technical background and basis for arguments
  • IP and MAC address can be spoofed, so that the ISP will not know the true address and location of the originating client endpoint. Also if WiFi is used, then it becomes easier to hide the true endpoint from the ISP and mail server.
    • by RAMMS+EIN (578166)

      Actually, _can_ IP addresses be spoofed for the purpose of sending email? AFAIK, you need to be able to receive and interpret responses from the server to be able to send email. Can you do that with a spoofed IP address?

  • What Courts Know (Score:5, Interesting)

    by ari_j (90255) on Wednesday October 01, 2008 @12:32PM (#25220633)

    A court is generally not supposed to know anything that's not brought to its attention in the case, other than legal issues which the court is supposed to know all about. If a court issues an opinion in which it is wrong about how e-mail and IP addresses work, that is simply because one of the following things went wrong:

    • The court took judicial notice of something that is at odds with reality (this would be extremely rare, as what courts can take judicial notice of is very limited in scope; also, one of the attorneys would normally have had to ask the court to take such judicial notice, although it could do so sua sponte)
    • One of the lawyers argued the issue and got it wrong, and the other lawyer(s) failed to point out the error
    • Evidence supporting the wrong finding was presented by an incompetent expert witness
    • The finder of fact at trial (jury or judge, depending on the specific case) interpreted the evidence wrong
    • The appellate court decided that the finder of fact at trial interpreted the evidence so horrendously wrong as to justify overturning the factual decision and coming up with the wrong answer in the process

    On technical matters, when a court gets it wrong it is usually not the court's fault.

    • by plsuh (129598)
      On technical matters, when a court gets it wrong it is usually not the court's fault

      As someone who has submitted testimony as a paid expert witness in court cases, I can tell you that often it IS the court's fault. The education of some of the members of the judiciary on technical matters (and not just computer technical matters) is abysmal. There was a judge who ruled that interest on the damages that our client owed should be handled by just doubling the damages. This was completely unfair to our client s

      • Judges aren't usually supposed to ask the parties questions. They're supposed to decide issues of law and if a question needs to be asked, the lawyers are supposed to be smart enough to ask it. A jury is supposed to decide the facts, but whether it's a jury or a judge who decides the facts it is the job of the lawyers to ensure that evidence is presented to educate the fact-finder sufficiently to make the correct decision. I really don't want to live in a world where judges have to have technical experti
  • by Arrogant-Bastard (141720) on Wednesday October 01, 2008 @12:37PM (#25220697)
    "Spam and other forms of abuse are not speech, just as a brick with an attached note thrown through a window is not publication." If that's correct, then the 1st Amend. doesn't apply and the whole argument can be tossed.
  • by John Hasler (414242) on Wednesday October 01, 2008 @12:37PM (#25220701) Homepage

    > The first 20 pages of the decision, which are all about legal standing, jurisdiction,
    > and overbreadth, made my eyes glaze over.

    So legal stuff makes your eyes glaze over and yet you are going to give us your legal opinion. Right.

    > I'm not analyzing those at all except to point out that on most of those issues, the
    > lower court came to exactly the opposite conclusion from that of the Virginia Supreme
    > Court, and there is no reason to think that the higher court is any more likely to be
    > "The first 20 pages of the decision, which are all about legal standing, jurisdiction, and overbreadth, made my eyes glaze over. I'm not analyzing those at all except to point out that on most of those issues, the lower court came to exactly the opposite conclusion from that of the Virginia Supreme Court, and there is no reason to think that the higher court is any more likely to be "correct" than the lower court (even granting the assumption that there is an objectively "correct" answer to these questions). correct" than the lower court (even granting the assumption that there is an
    > objectively "correct" answer to these questions).

    The Virginia Supreme Court is the ultimate authority on matters of Virginia state law. Where Virginia state law is concerned what the Virginia Supreme Court says is "objectively correct".

    If the court had upheld the conviction then the defendant could appeal to Federal court on the grounds that the law violates the First Amendment. However, since the court overturned the conviction the state has no grounds for an appeal to Federal court because there is no Federal question.

    I agree that there may be flaws in the court's reasoning, but the nearest thing to an appeal is for the state to ask the Virginia Supreme Court to re-hear the case.

    • by KiahZero (610862)

      VA could also appeal to the USSC, since the decision was based on an interpretation of the First Amendment.

  • did anyone else wake up to 26,300 or so emails from false IP addresses in Stafford County, VA?
  • by PMuse (320639)

    . . . which may enable the state to win on appeal.

    What appeal? Think the US Supreme Court is going to take this case? Possible, but unlikely.

  • by Schraegstrichpunkt (931443) on Wednesday October 01, 2008 @12:56PM (#25220987) Homepage

    But it's impossible to defend what the court says next:

    As shown by the record, because e-mail transmission protocol requires entry of an IP address and domain name for the sender, the only way such a speaker can publish an anonymous e-mail is to enter a false IP address or domain name. Therefore... registered IP addresses and domain names discoverable through searchable data bases and registration documents "necessarily result[] in a surrender of [the speaker's] anonymity."

    Impossible to defend? Just watch me.

    You're overlooking a perfectly reasonable generalization that the judge is making. The IPv4 packet headers and the email headers, to the judge, are one and the same: Both can be used (indirectly) to identify the sender of the email, and both need to be "forged" in order to send anonymous email.

    Keep in mind that tunnelling your packets through a proxy effectively "forges" the IPv4 source address, since the communication is actually originating at your computer, but on the receiving end, it shows up as being from the proxy, even though the communication actually originated elsewhere.

    The judge was right to point out that you can't communicate on the Internet without including some kind of "sender address", and this address needs to be forged in order to use the Internet to communicate anonymously. As far as his argument is concerned, it doesn't matter whether the headers you're forging are specified in RFC 791 or in RFC 822.

  • The first 20 pages of the decision, which are all about legal standing, jurisdiction, and overbreadth, made my eyes glaze over. I'm not analyzing those at all except to point out that on most of those issues, the lower court came to exactly the opposite conclusion from that of the Virginia Supreme Court, and there is no reason to think that the higher court is any more likely to be "correct" than the lower court (even granting the assumption that there is an objectively "correct" answer to these questions). Any time you feel intimidated by "experts", it's helpful to step back and ask whether the alleged experts even agree with each other.

    Well this quote really gets the article started off with a bang. First of all, the expertise of a trial court and a state supreme court should not be presumed to be equal. A trial court judge could be as fresh as the day is young, but a supreme court justice there has to be elected by the legislature and has to go through a vetting process that favors experience.

    This sort of "all experts are equal" attitude confuses issues like global warming, where there are clearly people more knowledgeable about a subj

    • by 0111 1110 (518466)

      Courts generally will not favor solutions that revolve around you fraudulently entering into an agreement with email service providers who require you to provide accurate information when signing up and agreeing to their service contracts.

      But of course they have no problem with you sending out millions of emails with inaccurate fraudulent information asserting that you are someone who you are not. In fact it is far worse because it is quite likely that the forged headers do in fact represent the identity of some innocent party, whereas supplying "Fred Flintstone at 1010 Bedrock Place" for an identity to the email provider doesn't involve an actual 3rd party in the transaction. In addition email providers can require verification for signup i

  • The two basic errors are: concluding that anonymous speech on the Internet requires forged headers or other falsified information (and therefore that a ban on forged headers is an unconstitutional ban on anonymous speech)

    Cool, so does that mean fake ID is constitutionally protected so that I can preserve my anonymity when doing things in public?

    Sometimes (well, quite often actually) judges rule on technology issues without really having nearly enough understanding of the underlying issues and what it means.

  • The submitter complains about factual issues, but appellate courts do not determine factual issues. Trial courts do. Before the case reached the VA Supreme Court (an appellate court), the trial court already made its findings of fact. The appellate court can only address the factual conclusions of the lower court if the lower court made a clear error in its analysis of the factual evidence presented. As the VA Supreme Court makes clear, it is analyising what is "shown by the record," not making its own

  • This has actually been discussed on Groklaw to the end.

    The situation is actually quite simple: The good lawmakers of Virginia passed a law that prevents _anybody_ from using forged headers etc. etc. , including good folks who need anonymity for good reasons protected by the US constitution. Therefore, the law as it stands is illegal. Now a judge _can_ decide that a law is unconstitutional and therefore cannot be used in any court case; a judge can _not_ decide how to fix this law. Therefore it _must_ go bac

    • The good lawmakers of Virginia passed a law that prevents _anybody_ from using forged headers etc. etc. , including good folks who need anonymity for good reasons protected by the US constitution. Therefore, the law as it stands is illegal.

      Exactly how is a content neutral law going to run afoul of the 1st amendment? It's illegal for someone to post bills on my house, regardless of whether they're good people or not.

  • That law is in fact prohibiting speech. Even if it were rewritten to be more narrowly focused on spammers, it would still be the wrong approach.

    The problem with spam is not a speech issue. It is a property issue.

    The protection of free speech in the US Constitution does not grant speakers the right to steal property rights. You cannot steal my paper, ink, and printing press and justify the theft as enabling your freedom of speech.

    Remember ... free as in free speech, not as in free beer.

    Email costs more to

    • by cdrguru (88047)

      The basic problem with the idea that it is wrong to send something to someone that does not want it is that it turns the idea of an open communication medium on its ear. It is fine that with Yahoo Messenger you cannot send anything to someone until they accept you as a contact. Email was not intended to work that way.

      Trying to introduce this sort of permission into email means that it can no longer be used to communicate with people prior to establishing a relationship. Should a law get passed that says

      • by Skapare (16644)

        The basic problem with the idea that it is wrong to send something to someone that does not want it is that it turns the idea of an open communication medium on its ear. It is fine that with Yahoo Messenger you cannot send anything to someone until they accept you as a contact. Email was not intended to work that way.

        Email was intended for civil participants that would not use it to steal from others. Of course that was naive about the real world, and naive about the protocols being used for real world communications. But if you want to speak of intentions, that was the intent.

        Trying to introduce this sort of permission into email means that it can no longer be used to communicate with people prior to establishing a relationship. Should a law get passed that says it is wrong to send things to people they do not want essentially enforces this. You now have the situation where I cannot send you a receipt for your purchase because I have no idea if you want it or not. And as a commercial entity, I cannot take the chance that you don't want it without explicit permission.

        Prior communications, transactions, or business relations would imply the intent to communicate within reason about it. The law probably needs to include a clause that says this to be clear about it. This is why a similar clause exists to perm

  • It's Virginia, for godsake! They only took "Family Reunion" off the official, Virginia Is For Lovers, list of "Best Places To Meet Hot Babes" last week.

"For the man who has everything... Penicillin." -- F. Borquin

Working...