Prominent law professors coming to the defense of Judge Kozinski are comparing Cyrus Sanai to a computer hacker, or even a criminal. These analogies, however well-intentioned, badly miss the mark. Sanai did what you and I do every day: he accessed a public web site through a Google search.
Whatever you think of Sanai, he ought not be branded as a criminal for that.
[UPDATE: Please make sure to read the UPDATE at the end of the post for the contrary perspective from someone close to Kozinski.]
In a post linked by Instapundit, Prof. Lawrence Lessig compares Sanai to a home burglar who “jiggers the lock, climbs into the window, and starts going through the family’s stuff” in a den in the Kozinski family home.
That analogy bears no resemblance to the actual facts. It would be an appropriate analogy if Sanai had hacked Kozinski’s private computer. But that’s not what happened. Sanai used a standard search engine to access materials uploaded to a public web site.
That’s not hacking, and it’s nothing like burglary.
I have already explained how Sanai says he found Kozinski’s “stuff” subdirectory: he ran a Google search.
Sanai concluded that Kozinski had been trying to hide something from the Judicial Council by taking down the site [during the pendency of a misconduct complaint against him], and decided he wanted to find out what that was. When Sanai ran a Google search plugging the name of Kozinski’s site into the search engine, hits came back to .mp3 sharing sites, saying that songs like Monty Python’s “Lumberjack” song could be downloaded at URLs located in a subdirectory of Kozinski’s site: http://alex.kozinski.com/stuff. This is the subdirectory that had the porn.
Sanai says he typed “http://alex.kozinski.com/stuff” into his address bar, and the contents of that subdirectory were all listed, with hyperlinks. He clicked on them and downloaded them.
Sanai was not a hacker, diving into private files in someone’s private computer, as the professors’ analogies suggest. He simply accessed a public site through a Google search, typing standard “http://” commands, and clicking on hyperlinks.
Prof. Lessig does not explain that Sanai accessed Kozinski’s site through standard Web surfing and use of search engines. Instead, Lessig makes Sanai’s actions sound mysterious and akin to computer hacking. According to Lessig, Sanai “determine[d] the directory structure for the server” and used that to find “likely interesting places to peer.” Lessig then says: “Cyberspace is weird and obscure to many people” and then explains Sanai’s “weird and obscure” actions by drawing an analogy to home burglary.
For Lessig to compare Sanai to a home burglar is terribly inappropriate. Sanai simply used the Internet to access a public Web site, just as you and I do every day.
You don’t have to like Cyrus Sanai to be fair to him. Sanai is a serial litigant who had a personal grudge against Judge Kozinski. He has obviously gone to great lengths to exact revenge. Many people find his behavior with respect to Judge Kozinski to be unsettling, creepy, or worse. They believe, based on published reports, that he has abused the courts with his numerous actions in state and federal court. Criticize him, if you like, for being obsessive and driven by vengeance.
But don’t compare him to a criminal, for accessing a public web site.
Former Kozinski clerk Eugene Volokh also sees an egregious invasion of privacy here, comparing this to “your parking your car on the street, locking it, but forgetting to close a back window” whereupon “someone who has a grudge against you comes by and starts using the open window to rummage around in the stuff.”
To support this argument, Volokh says: “The controversial files on that server aren’t linked to from the Web, and aren’t indexed on search engines. They are generally meant only for family members and a few other people who get specific pointers to them.”
I’m sure Volokh didn’t know this when he wrote his post, but the controversial files most certainly were indexed on search engines. You can see a long list of the files in Kozinski’s subdirectory, pulled off a Yahoo cache, here. There is an even more complete listing of files from Yahoo here.
What’s more, Google also has links to Kozinski’s .mp3 files. An ABA Journal article focusing on Kozinski’s possession of .mp3 files says:
The ABA Journal searched in Google for “alex.kozinski.com” and “mp3” several weeks ago and found file-sharing websites with links to music on Kozinski’s website.
You can still find such links. Here is a screenshot of one:
A screenshot of the link in question shows that a user reported the link worked in December 2007. On June 14, 2008 (that’s today), another user reported that the link was no longer working.
My point is that Kozinski’s site, and his “stuff” subdirectory in particular, were most definitely on Google. People were accessing his site through searches of search engines.
One more point: Seth Finkelstein has shown that Kozinski knew that any member of the public could access his site — including his “stuff” subdirectory — as long as they knew the URL. In 2004, Kozinski nominated himself as part of a “Judicial Hottie Contest” on the Internet, and included a file of himself bungee jumping at http://alex.kozinski.com/stuff/jump.avi. Note that the file is located in the “stuff” subdirectory — the same one with the porn — and Kozinski knew that he was inviting members of the general public to view that file.
So what? Finkelstein explains the significance of this: “Judge Kozinski knew the general public could retrieve specific material from that directory, and in at least one case, invited the public to do so.” Finkelstein goes on to observe: “I speculate that he did not know that his server was configured with a feature which lists all files in that directory when the directory name was given. That is, he may have thought that the only way to know what files were there, was if one was given filenames.”
I have sent an e-mail to Judge Kozinski to ask him whether this is true, as both Finkelstein and I speculate. I’ll let you know if I get a response.
Since the law professors are using analogies, I’ll use one of my own.
Let’s say police want to look for child pornography.
Can they legally jigger the lock on your house, go in through an open window, and start going through your family’s stuff? (That’s Lessig’s analogy.) Can they use the open window of your car to start rummaging around through the stuff in your back seat? (That’s Volokh’s analogy.)
Not without a warrant or a valid exception to the warrant requirement. Because you have a reasonable expectation of privacy in the contents of your house and your car.
Can police legally direct their browser to your public web site, accessed through a search engine?
You bet they can. The reason is simple: you have no reasonable expectation of privacy in items that you have chosen to upload to the Internet, on a web site that you know can be accessed by the public.
I think the law professors could easily see that — if it had been Joe Blow who did the uploading, rather than Judge Alex Kozinski.
UPDATE: I have received an e-mail from someone close to Kozinski who strongly disputes the characterization of the site as a “public web site.” I believe the e-mail was sent for publication, but I am in the process of confirming that. When I do, I’ll let you know.