Patterico's Pontifications

6/21/2008

Edward Lazarus: I Have No Clue What the Facts Are in the Kozinski Controversy, But I’ll Write About It Anyway!

Filed under: General,Kozinski — Patterico @ 5:07 pm



Edward Lazarus botches the basic facts of the Kozinski controversy:

The basic facts of what happened do not seem to be in much dispute. The website in question was maintained by Judge Kozinski’s son. It was intended to be used for sharing materials within the family and a select few others. The files on the site contained some smutty material (how much is unclear), including some uploaded by Judge Kozinski, as well as a lot of innocuous stuff. Access to the site was password-protected, but the site’s security set-up was weak. As a result, a litigant with an axe to grind was able to circumvent the password protection and gain access to the site’s files, including the file with the off-color images.

. . . .

Surely, we cannot condemn someone, or at least not much, for failing to appreciate the “hackability” of his family’s password-protected website. The early stories about the site described it as “publicly accessible” – but it would be more accurate to say that the content was publicly accessible only to someone with the talent and gumption to circumvent the password security system.

Actually, it would be far less accurate to say that. Because Kozinski’s site was not password-protected.

I wonder where Lazarus got the idea that Cyrus Sanai had somehow “hacked” a “password-protected” site. Maybe he put too much credence in the ridiculous analogies of Larry Lessig, who affirmatively said that Sanai had “hacked” Kozinski’s site, and absurdly compared Sanai’s standard web-browsing techniques to residential burglary.

Lazarus had better issue a correction, and pronto. Sanai is no stranger to litigation, and this is a howler of an error.

P.S. Far too many people trusted Lessig for the facts on this, as if he were some sort of technology wizard. This is a guy who, in a subsequent post, said:

[W]ith this blog, if you download a file I’ve linked from the blog, you can easily figure out what directory that file is located in. But you can’t (without serious hacking) see the other files in that directory, or see the directory structure. That’s because those friends who have helped me set this up have disabled that ability.

A commenter then provided a link to a URL that clearly shows Lessig’s directory structure. (It still does.) The commenter said: “Mr. Lessig, you might want to have a talk with your friends.”

Heh.

P.S. “The files on the site contained some smutty material (how much is unclear) . . .” I have been looking at some of it today, having received the CD from Mr. Sanai, after an unfortunate postage mix-up that delayed the package several days. More later.

45 Responses to “Edward Lazarus: I Have No Clue What the Facts Are in the Kozinski Controversy, But I’ll Write About It Anyway!”

  1. “Mr. Lessig, you might want to have a talk with your friends.”

    Priceless.

    EHeavenlyGads (f29174)

  2. I have not even followed this issue as closely as the rest of you, and I caught that whopper, quickly.

    JD (191be1)

  3. I didn’t read this post, but I’ll comment anyway! I found it shallow and pedantic.

    Hey, Lazarus may be on to something here :)

    Kevin (834f0d)

  4. I’m still stuck on “Mr. Lessig, you might want to have a talk with your friends.” That really is priceless.

    DRJ (6ae0d1)

  5. Yes, this was an excellent post, Patterico. I think I am going to change the qualifications I list on my card to “California attorney, Solicitor of the Supreme Court of England and Wales, computer hacker”

    But what your readers really want to see is the CD you have now received from me. Post “bestwomandriver” and “chinesemassproduction” and let’s see how they appear to square with Mrs. Kozinski’s description of the content of the site.

    Cyrus Sanai

    Cyrus Sanai (4df861)

  6. Now remind me again, why this Lazarus (no relation, eh Andrew)is famous. Oh yes, he turned confidential communications between Supreme Court clerks and their Justices into a book; all the while trying to make some point about the illegitimacy of capitol punishment.

    narciso (d671ab)

  7. Assuming everything Lazarus says it’s true, which it is not but let’s assume it is, it is still a pretty pathetic defense: “I am a weirdo with a mean, ugly and weird sense of humor but damn you for finding that out no matter how hard I tried to hide it.”

    nk (b5fc3f)

  8. Thank you, Cyrus, for steering people to what you believe is important in these matters. Without your input nobody would be able to reach any conclusions on their own.

    daleyrocks (d9ec17)

  9. Oddly enough I was able to decide all by myself that this is a tempest in a teapot blown out of proportion by someone with an obsessive axe to grind about an extraordinarily talented judge.

    SPQR (26be8b)

  10. It is amazing that Lazarus and Lessig are burdening the internet with their vacuous pontifications when Lazarus knows nothing of the facts of the case and Lessig is unaware that his images directory is open to anyone who right clicks properties on the photographs on his home page.

    They are sterling examples of a corollary of Parkinson’s Law, the pomposity of their pronouncements is the inversely proportional to their knowledge of the relevant facts.

    Cyrus, FYI: Yahoo has about 150 sites with chinesemassproduction still including Kozinski’s stuff directory and Photobucket albums for 2 or 3 other people. It is not Chinese, but obviously Japanese AV with the few visible genitals electronically scrambled. It is an audacious, stupid, crazy Japanese AV. It is not pornographic. The MPAA would rate it PG-13.

    slp (1d7c03)

  11. Someone who doesn’t know what the facts are and writes about it anyway? He wouldn’t be related to Levi, would he?

    Steverino (b42fd7)

  12. Lazard was wrong about Kozinski’s server being “password protected,” but arguments as to whether the site was “publicly accessible” or had been “hacked,” are not, in my opinion, non-starters. Despite Judge Kozinski’s prominence, the fact remains that the humor/sexual material had been on the server for years and no flesh and blood member of the outside public had accessed it (at least none have come forward), although it was automatically archived by a Russian mp3 site and by Yahoo and Google web crawlers. With the exception of a couple item-specific links that Kozinski did make available, the stuff on that server was not intended for public distribution. So The La Times’ Glover was clearly misleading his readers when he described the humor/sexual items as simply “publicly accessible,” full stop.

    It took a litigant with a – practicing the art of understatement here – somewhat unconventional “litigation strategy” to finally find and publicly expose these items. This kind of – nuance, shall we say – is missing from Glover’s article.

    Finally I’d suggest here that the words “hacked” and “publicly accessible,” are not digital in nature (on/off, yes/no), as they might first appear. The phenomenon described by these concepts exist on a continuum. Kozinski’s server was less publicly accessible than Amazon.com, but would have been even less accessible had it been password-protected. The primary URL only revealed a message saying something like “Nothing to see here folks,” with no links. So it took some minor hacking to find stuff in the server, although the use of Google cannot be likened to brain surgery.

    Brian (cfed45)

  13. @cyrus sanai:

    my image of an english solicitor has always been a man with dignity, slightly reserved, reliably discreet and possessed of impeccable good taste. how the hell did you get in?

    assistant devil's advocate (923027)

  14. Regardless of my opinion of the Kozinski episode, it must be remembered that Lazarus is allergic to facts. See, e.g., Closed Chambers.

    Alan (0cf397)

  15. So… who has the first CD cyrus sent?

    The neighbors?

    SteveG (71dc6f)

  16. Cyrus writes,

    But what your readers really want to see is the CD you have now received from me. Post “bestwomandriver” and “chinesemassproduction” and let’s see how they appear to square with Mrs. Kozinski’s description of the content of the site.

    I had received the chinesemassproduction video some time ago from several friends and colleagues. It shows about 400 couples all in the same room. All the couples are simultaneously making love, each couple doing it the same way as as all the other couples. The couples are lined up row upon row. Interesting but NOT obscene.

    Regarding bestwomandriver, I have not seen it since the LA Times ran its story, so I don’t know if I had seen it before.

    By the way, is the CD a collection of everything on Judge Kozinski’s web site, or just a collection of a small portion of it?

    Ira (5a8831)

  17. Without having seen the video, the description of chinesemassproduction sounds like it’d be considered “art” at any state university and is probably part of the curriculum in some Erotic Art 101 class

    SteveG (71dc6f)

  18. Glover was clearly misleading his readers when he described the humor/sexual items as simply “publicly accessible,” full stop.

    A file that anyone with an internet connection can freely access is kind of the defintion of publicly accessible.

    Finally I’d suggest here that the words “hacked” and “publicly accessible,” are not digital in nature (on/off, yes/no), as they might first appear.

    The word you’re looking for there is binary, not digital.

    So it took some minor hacking to find stuff in the server, although the use of Google cannot be likened to brain surgery.

    When will this idiocy die?

    Hacking involves circumventing security measures, Kozinski has no security measures in place, ergo there was no need to hack anything. By this defintion I’ve hacked thousands of computers by daring to type /dir at a command prompt.

    Taltos (4dc0e8)

  19. A file that anyone with an internet connection can freely access is kind of the defintion of publicly accessible.

    Bingo.

    Hacking involves circumventing security measures, Kozinski has no security measures in place, ergo there was no need to hack anything. By this defintion I’ve hacked thousands of computers by daring to type /dir at a command prompt.

    How dare you! 😉

    h2u (4a7c7f)

  20. “By this defintion I’ve hacked thousands of computers by daring to type /dir at a command prompt.”

    Taltos – Do the people who owned the computers you hacked know you did this or give you permission first? Did you splash the contents of their directories all across the web or to the media?

    daleyrocks (d9ec17)

  21. Geez Taltos, most websites I visit don’t use command prompts as navigation tools. The fact that that’s what it took to uncover the files might in fact confirm that they were intended to remain private.

    daleyrocks (d9ec17)

  22. Geez Taltos, most websites I visit don’t use command prompts as navigation tools. The fact that that’s what it took to uncover the files might in fact confirm that they were intended to remain private.

    Every single time you load a wepage you’re doing the exact same thing, it’s just hidden from you by the interface and done over a remote connection.

    Do you suppose the computer knows to get you that page by magic? In this case Sanai’s computer sent a directory command to Kozinski’s computer which then checked to see if Sanai had permissions to access that directory (he did) and then checked to see if it was allowed to display a directory listsing (it was) and hence it sent him a directory listing.

    Kozinski’s intent is irrelevant to the question of whether or not the files were publicly available, if he intended them to be private he did a really bad job of setting up his webspace.

    Taltos (4dc0e8)

  23. Taltos – At my last employer I hired Big Four accounting firms to conduct attack and penetration studies of many of our major subsidiaries. Does the fact that some of them got penetrated make them public?

    daleyrocks (d9ec17)

  24. If they were hosting files in a completely unsecured open directory, then yes those files were public.

    Taltos (4dc0e8)

  25. “Every single time you load a wepage you’re doing the exact same thing, it’s just hidden from you by the interface and done over a remote connection.

    Do you suppose the computer knows to get you that page by magic?”

    Taltos – You are obviously missing the point. Most people surfing the web do not do it in Dos. When confronted with something not set up to navigate through like a website, do you assume it is public or private?

    daleyrocks (d9ec17)

  26. Most people surfing the web do not do it in Dos.

    Nope, it’s generally linux, but close enough.

    I think you’re the one missing my point, if a system is set up so that anyone can access it, it’s a public system. Period. There is nothing cryptic or technical about browsing up into directories, millions of people do it every day. Hell most webservers even have a little link on the directory page to move up in the hierarchy.

    I don’t know any of the principals in this mess from a hole in the wall so I’m about as unbiased as you’ll get, but this attempt to try and turn a basic computer technique into some sort of nefarious hacking is ridiculous. The guy literally put his cursor in the address bar, pressed backspace a handful of times and hit enter. That’s it.

    Taltos (4dc0e8)

  27. Comment by daleyrocks — 6/22/2008 @ 12:46 pm

    Comment by daleyrocks — 6/22/2008 @ 12:53 pm

    Comment by daleyrocks — 6/22/2008 @ 1:57 pm

    You do not seem to get the point.

    If files are in a completely unsecured open directory, then those files are publicly accessible. The directory is open to the world for anyone to peruse.

    If the directory owner wants to limit access, it is up to owner to put security measures in place.

    slp (1d7c03)

  28. If files are in a completely unsecured open directory, then those files are publicly accessible. The directory is open to the world for anyone to peruse.

    Exactly. It’s as simple as this.

    h2u (4a7c7f)

  29. Taltos, no we got your point. Its simply an intentional strawman. The setup of the system reveals nothing of the intent of the server owner. You’ve conflated the two.

    SPQR (26be8b)

  30. I think there is a fundamental disconnect between the geek speakers and english speakers on the issues in this matter. The geek speakers feel the simple ability to do something, access a site, makes the site public. The example I tried to give, paying outside experts to hack into company computer systems, through firewalls and passwords, through phones systems, e-mail, whatever way they could, by this logic, means that my company sites were public, because somebody could do it. I don’t buy into this argument for a second.

    daleyrocks (d9ec17)

  31. Here’s taltos, apparently thinking that he’s engaging in argument:

    Finally I’d suggest here that the words “hacked” and “publicly accessible,” are not digital in nature (on/off, yes/no), as they might first appear.

    The word you’re looking for there is binary, not digital.”

    Notice that taltos got my meaning, but he couldn’t a resist a worthless snot-nosed comment (actually, both words are adequate.) Whatever that approach is, it’s not touched by intelligence.

    The rest of taltos’ comments are equally revelatory of a cerebrally challenged personality.

    A file that anyone with an internet connection can freely access is kind of the definition of publicly accessible.

    No, that’s called assuming the conclusion, otherwise known as the logical fallacy of begging the question.

    The point I was making is that “freely access” can be ambiguous, because we’re actually talking about a continuum. “Anyone” didn’t access the files. A quite motivated vexatious litigant – apparently with considerable time on his hands – was able to get to the files. But the apparent fact that he was the 1st human being to access these items on the server of a prominent public figure is evidence that the files were not very accessible.

    Hacking involves circumventing security measures, Kozinski has no security measures in place, ergo there was no need to hack anything.

    Hacking involves seeking access to files you know the website or server owner doesn’t want you to have, which definition puts Sanai squarely within the category (which is not, alone, a civil or criminal offense.) It may involve – typically does involve – circumventing security measures, and here there was at least at least one such primitive measure, which was Kozinski’s “nothing to see here, folks” message.

    One last point, before I move on to more edifying endeavors. The concepts we’re dealing with, such as privacy, hacking, publicly accessible, refer ultimately to human beings are human motivations on a macro level. While technical matters are relevant, techno-geeks cannot preempt rational analysis of these matters with some pat definition dealing with directories or whatever. I think that was what Lawrence Lessig was trying to say, even if he got some other things wrong, incurring the wrath of the aforementioned geeks.

    Brian (cfed45)

  32. Try this one:

    You have a building, just like other people around the block or neighborhood or city or county or State or nation or globe. It is your choice whether to leave the front door open or locked. You can choose a strong door or a weak door and various levels of physical security to keep people out if you don’t want them wandering through your building, fiddling with stuff.

    There are people who are authorized – those with keys, passwords, security badges, etc. Their presence is no crime, since they have been given permission to access certain areas. Even that would be limited to those areas that are publicly available or behind locked doors to which that authorized person has a key or passcode.

    There are people who have paid for access into some buildings with risque reputations, doing Jahweh only knows what behind those closed and guarded doors.

    Just because someone can pick the lock and sneak in in the middle of the night does not make the building public access, and anyone caught inside without authorization deserves the full weight of the punishment meted by a deservedly angry owner and public.

    There are locations that allow the general public in at any hour, yet still limits them to certain areas while restricting others. (Such as a 24-hour pharmacy.)

    However, there are people who leave their front doors not only unlocked and ajar, but removed from its hinges and chopped into kindling.

    Entering such a building can in no way be considered “Breaking and Entering” because there was no attempt to keep anyone out.

    Same on the Intertubes. There are websites with various levels of membership and security, etc. Bypassing that level of security is known as “hacking”, and such is a violation of the intent of the owner of the website, no matter how common the materials found inside.

    There are also sites that don’t have any security whatsoever, and are open to the public, with the overwhelming number of sites (billions, last I heard) being the only sop to any kind of anonymity or security (in that an obscure website is much less likely to have strangers wandering at random than a popular site). However, actually wandering through such a site can in no way be considered “hacking” since no security existed to be bypassed.

    The judge’s site is one of these last. He has no security, and we cannot question what he might have been thinking when it came to security, only what he did. (Or, to be more precise, what he didn’t do.) He had no security, so no bypassing of security. Therefore, no B&E/hacking.

    See?

    Drumwaster (8ad883)

  33. The geek speakers feel the simple ability to do something, access a site, makes the site public

    daleyrocks, it’s just that part of how this crazy world wide web thing works is an assumption that anything connected to it is essentially public. The disconnect you speak of is simply certain folks not understanding the underlying premise of the internet.

    There are two simple facts here that cannot be overlooked:

    1) This was not simply an IP address accessed by Cyrus. It was a domain name, which means someone went out of their way to affiliate an IP address with the DNS system. DNS, at its heart, is the protocol computers user to render themselves publicly known and identifiable.

    2) There was no password required. This is the most relevant piece of information of all. If you don’t explicitly restrict access to your computer, you have no expectation of privacy.

    These two points are all you need to know. Cyrus wasn’t hacking. Cyrus didn’t do anything illegal. Cyrus simply used the internet in the exact manner it was designed for.

    Any disagreement from this point forward is just silly.

    h2u (4a7c7f)

  34. No, h2u, it is not silly just because you want it to be. You’ve oversimplified the issue.

    While the server in question was not adequately secured, Cyrus went looking for items that – while not secured – were not intended for the public in general to find. He then misrepresented the character of those items.

    While not illegal, these are malicious actions.

    SPQR (26be8b)

  35. The bottom line is that the files I downloaded could be located directly from either Google or Yahoo, the latter of which had complete indexes of those directories which Judge Kozinski shared with the public.

    I got them through the links put up by Russian file-sharing sites. However, even I did not know how to truncate to a directory, I would still have been able to access the same contents through the search engines.

    The whole privacy issue is a canard that Judge Kozinski has to create because whatever the legality of the material, making it publicly available was a violation of judicial ethics.

    It also distracts from the mp3 sharing problem, and the issue Judge Kozinski, from his decision to employ criminal defense counsel, appears to really fear: Ralph Mecham’s accusation that Kozinski committed a felony by disabling the Ninth Circuit, Tenth Circuit and Eighth Circuit’s firewall box in San Francisco.

    It is this last contention that could get Judge Kozinski booted from the bench. It is an accusation that was made last year by Mr. Mecham, with no involvement from me; indeed I did not even know about it until the beginning of this year. However, I will ensure that it is put before the Third Circuit investigating committee.

    Cyrus Sanai

    Cyrus Sanai (4df861)

  36. Also, I was not looking for this stuff. I mean, who one earth would suspect Judge Kozinski would put porn, dirty jokes and illegal mp3s on his website?

    My intention was to rebut Judge Schroeder’s finding, in the first misconduct complaint order, that there was no evidence of the existence of a website maintained by Judge Kozinski containing materials relating to MY CASE BEFORE THE NINTH CIRCUIT. My intention was to advance my claims of improper interference in my litigation; I found impropriety of a different sort, that is forcing an investigation that will cover all of the misconduct of Judge Kozinski and certain other judges.

    Cyrus Sanai

    Cyrus Sanai (4df861)

  37. One question is what is on the CD?

    The CD contains almost everything I downloaded on or about December 24, 2008 from the /stuff/ directory, plus copies of that directories and some subdirectories.

    Some of the files are .exe files which I cannot operate on my computer, as I am a Mac user and have not wanted to expose Wintel computers to which I have access to malware.

    I did not get everything, and after I caused Kozinski’s ISP to shut the site down for excess bandwidth consumption, he took some of the biggest files off that directory, but later added on new stuff it appears.

    Comparing what I have to the directory contents on Yahoo search, it is clear that Kozinski moved stuff in and out of the directory, which is hardly surprising. He put stuff up for distribution to friends or file sharing, then took it down to be replaced with other items. Exactly what you would suspect would be done with a web site that was using the directory for distribution.

    Obviously, this directory contains the material Kozinski was happy to widely share. We know from Marcy Tiffany’s letter that other directories were on that server, and obviously there were truly private items on the hard disk.

    One interesting question is whether any non-public Ninth Circuit material was in a directory or on that disk. If so, Judge Kozinski will have committed another violation of judicial ethics (not that Ed Lazarus would mind, since betraying the Supreme Court’s confidentiality rules was his claim to fame).

    Cyrus Sanai

    Cyrus Sanai

    Cyrus Sanai (4df861)

  38. the internet jury is filing back into the courtroom with its verdict on whether cyrus sanai is a craven, vengeful buttsniffer, and, uh-oh, the jury is frowning.

    assistant devil's advocate (313dcd)

  39. The geek speakers feel the simple ability to do something, access a site, makes the site public

    daleyrocks, it’s just that part of how this crazy world wide web thing works is an assumption that anything connected to it is essentially public. The disconnect you speak of is simply certain folks not understanding the underlying premise of the internet.

    h2u – I don’t see any disagreement between our statements. Reality is where there should be a disconnect in my mind.

    daleyrocks (d9ec17)

  40. I can leave the keys in the ignition of my car and the door unlocked and you still would be guilty of car theft if you took it.
    If i left my briefcase on the seat of the same unlocked car would it be ok for someone to take out my tax returns and copy them… even if they put them back?
    Lets say that a home is secured by robots…. a robot is stationed at every door and window and that robot needs a special handshake to open a door. So I rent a robot from Google that can go shake all the hands of all the robots guarding the windows and doors on your house looking for one that is defective or unprogrammed… and then when my robot finds a door it can open, my robot is able to go in and can send me a picture of everything it finds. Am I entitled to everything my robot finds?

    SteveG (71dc6f)

  41. Comment by SteveG — 6/22/2008 @ 10:59 pm

    The proper example is that you took a photograph, blew it up to billboard size, and put the billboard on the front lawn of your house.

    The photograph is open to the world for anyone to peruse.

    slp (1d7c03)

  42. No, the proper example is if you went around with your fly open. Sooner or later somebody is bound to notice.

    The problem with the stuff Kozinski has on his computer is that it’s nasty. Not pornographic. Nasty. Weird, ugly and mean.

    Hell, I’d be the first to cut the man slack if he liked things that teased the creative instict. What’s more important than that, anyway?

    But I don’t want somebody who thinks the stuff we have seen so far is funny anywhere near me.

    To borrow from another recent story, we have an X-ray into a dark soul.

    nk (a9ace6)

  43. *procreative instinct*

    nk (a9ace6)

  44. I think that these are funny:

    Monkey Joke

    Scottish DUI test

    slp (ccc096)

  45. While not illegal, these are malicious actions.

    SPQR, I’m not defending Cyrus’ characterization of the content. I think that he’s off his rocker to be making such a big deal of nude women painted up as cows or the sexist/racist photoshop jobs. But he did not do anything wrong by viewing or downloading the contents of a publicly-accessible server on the internet.

    And that’s the bottom line: this. server. was. public.

    Please, by all means, accuse Cyrus of slandering AK through the mischaracterization of the content in question. But don’t accuse him of hacking. That actually does real hackers a disservice. They actually have to, y’know, work at gaining access to secure files.

    I think Cyrus does have a point on one aspect of this silly story. Kozinski should not have been putting copyrighted music on this server and doing so leaves him open to be pursued by the RIAA.

    h2u (4a7c7f)


Powered by WordPress.

Page loaded in: 0.2993 secs.