June 12, 2008  ·  Lessig

So the wires are a twitter with the story of Chief Judge Alex Kozinski’s “web site” which, from reading the stories, you’d think was filled with porn (and worse), revealing a dark soul who, some experts in legal ethics suggest, shouldn’t be presiding at an obscenity trial. That, you think, is what I mean by “the Kozinski mess.”

It’s not. What I mean by “the Kozinski mess” is the total inability of the media — including we, the media, bloggers — to get the basic facts right, and keep the reality in perspective. The real story here is how easily we let such a baseless smear travel – and our need is for a better developed immunity (in the sense of immunity from a virus) from this sort of garbage.

Here are the facts as I’ve been able to tell: For at least a month, a disgruntled litigant, angry at Judge Kozinski (and the Ninth Circuit) has been talking to the media to try to smear Kozinski. Kozinski had sent a link to a file (unrelated to the stuff being reported about) that was stored on a file server maintained by Kozinski’s son, Yale. From that link (and a mistake in how the server was configured), it was possible to determine the directory structure for the server. From that directory structure, it was possible to see likely interesting places to peer. The disgruntled sort did that, and shopped some of what he found to the news sources that are now spreading it.

Cyberspace is weird and obscure to many people. So let’s translate all this a bit: Imagine the Kozinski’s have a den in their house. In the den is a bunch of stuff deposited by anyone in the family — pictures, books, videos, whatever. And imagine the den has a window, with a lock. But imagine finally the lock is badly installed, so anyone with 30 seconds of jiggling could open the window, climb into the den, and see what the judge keeps in his house. Now imagine finally some disgruntled litigant jiggers the lock, climbs into the window, and starts going through the family’s stuff. He finds some stuff that he knows the local puritans won’t like. He takes it, and then starts shopping it around to newspapers and the like: “Hey look,” he says, “look at the sort of stuff the judge keeps in his house.”

I take it anyone would agree that it would outrageous for someone to publish the stuff this disgruntled sort produced. Obviously, within limits: if there were illegal material (child porn, for example), we’d likely ignore the trespass and focus on the crime. But if it is not illegal material, we’d all, I take it, say that the outrage is the trespass, and the idea that anyone would be burdened to defend whatever someone found in one’s house.

Because this is in many ways the essence of privacy. Not the right to commit a crime (though sometimes it has that effect). But the right not to have to defend yourself about stuff you keep private. If the trespasser found a Playboy on the table in the den, the proper response is not to publish an article reporting this fact, and then shift the burden to the home owner to defend the presence of the Playboy (a legal publication, harmless in the eyes of some, scandalous in the eyes of others). The proper response is to give the private party the benefit of privacy: which is, here at least, the right not to have to explain.

This analogy, I submit, fits perfectly the alleged scandal around Kozinski. His son set up a server to make it easy for friends and family to share stuff — family pictures, documents he wanted to share, videos, etc. Nothing alleged to have been on this server violates any law. (There’s some ridiculous claim about “bestiality.” But the video is not bestiality. It lives today on YouTube — a funny (to some) short of a man defecating in a field, and then being chased by a donkey. If there was malicious intent in this video, it was the donkey’s. And in any case, nothing sexual is shown in that video at all.) No one can know who uploaded what, or for whom. The site was not “on the web” in the sense of a site open and inviting anyone to come in. It had a robots.txt file to indicate its contents were not to be indexed. That someone got in is testimony to the fact that security — everywhere — is imperfect. But this was a private file server, like a private room, hacked by a litigant with a vendetta. Decent people — and publications — should say shame on the person violating the privacy here, and not feed the violation by forcing a judge to defend his humor to a nosy world.

When it comes to government invasions of our privacy, we are (and rightly) a privacy obsessed people. We need to extend some of that obsession to the increasingly common violations by private people against other private people. There is nothing for Chief Judge Kozinski to defend because he has violated no law, and we live in a free society (or so he thought when he immigrated from Romania). A free society should feed the right to be left alone, including the right not to have to defend publicly private choices and taste, by learning not to feed the privacy trolls.

  • http://www.desjardins.org/david/ David desJardins

    I’m sorry, but there’s no way that typing a URL into a web browser is analogous to jiggling a lock for 30 seconds. Do you really want to posit that sending a valid http request is legally or morally or ethically equivalent to breaking and entering?

    I can’t help thinking that you started with the result you wanted to get (defending Judge Kozinski) and then working backwards to come up with reasoning to justify it. But you should know better than to use an analogy that has such negative implications. At least, your analogy should be something like: Judge Kozinski inadvertently left his personal materials lying around in a public place.

  • http://www.aaronsw.com/ Aaron Swartz

    David — on what grounds is a personal HTTP server with a robots.txt file a public place?

  • lessig

    I don’t accept that this is a “public place” just because the public can easily get to it. But I’m also not arguing that someone should be treated as a trespasser because he or she wanders through a directory structure. My only point is that it was plain beyond doubt that this was not intended as a public place where anyone was invited to come and browse. Norms of privacy should therefore apply.

  • http://sethf.com/ Seth Finkelstein

    Point of information: Yahoo has a cached copy of the directory with an entry at least as late as:

    25.minutes.to.go.wmv 28-May-2008 12:18 6.3M movie

    So either Yahoo has a problem with robots.txt, or the robots.txt file was configured incorrectly.

    I suspect there wasn’t a relevant robots.txt file.

    http://web.archive.org/web/20070629190035/http://alex.kozinski.com/robots.txt

    has only:

    User-agent: *
    Disallow: /jurist-l/

  • Anonymous

    FYI: Your posts aren’t broken into paragraphs when I view your feed in Google Reader, they are just long blocks of text. It makes longer posts like this one hard to read.

  • Jake Walker

    Professor Lessig is absolutely and exactly right, this is an excellent post. This issue has been allowed to be framed in entirely the wrong way, and it shows no signs of stopping. Anyone just slightly paying attention is left with the impression that the Judge was hosting a pornographic “website,” and articles constantly talk about this “web page.” He had neither of those things, neither a “website” or a “web page.” It’s a shame that the LA Times ran with this story, and a shame that it has become what it has become.

    It’s a damn shame that this blown up like this. I hope that it blows over quickly for Judge Kozinski.

  • Gavin

    @Aaron:
    If you put your HTTP server on the internet without access controls, it’s public. A robots.txt is an intent to keep out robots not people. To me it’s the difference between putting a “No robots allowed” vs a “No trespassing” sign on your property.

    The willful act of digging up dirt is wrong and I don’t want to defend that, however it’s an important lesson that a lot of people on the internet forget. If you put something on the internet, sooner or later it will be found, and the outcome may be negative. It’s like living with big windows on a house on a busy street, sometimes you need to be wary of making sure the blinds are drawn.

  • reader

    Prof. Lessig ,
    How is it you have so many more details about this than anyone else? And why is your account so different than the one here?
    http://www.latimes.com/news/local/la-me-kozinski12-2008jun12,0,6220192.story

  • readertoo

    Kozinski generally refuses to hire female clerks. And the reports about the pictures at the site made them sound degrading. Would your analysis be the same if his web pix were of men in blackface eating watermelon?

  • Adam

    Kozinski isn’t accused of possessing obscenity but only pornography.

    It’s very telling that people have a problem with a judge who views pornography judging obscenity (because he may be biased) but then they subtly don’t mention that someone who doesn’t view pornography may be biased in the opposite direction. People aren’t worried about bias, they’re just worried that the bias match their own bias.

    If Kozinski had breached obscenity laws then this might have more force but, in reality, all that has happened is that someone has undertaken a legal action in private. Some people don’t like this action so they try to make it sound like there is a legal problem rather than just a moral debate.

  • http://sethf.com/ Seth Finkelstein

    P.S: Regarding – “… the total inability of the media — including we, the media, bloggers — to get the basic facts right, and keep the reality in perspective. The real story here is how easily we let such a baseless smear travel – and our need is for a better developed immunity (in the sense of immunity from a virus) from this sort of garbage.”

    As has been repeatedly pointed out, this is an inevitable outcome of a system where attention and marketing are much more supported than truth and thoughtfulness.

    Now consider that many, many, A-listers around you have built their careers on emotional manipulation, and consider popularity-mining by a small elite to sell mass audience to advertisers as the path to riches (and promote this as “democracy”).

    There’s a problem here :-( .

    See also a column I wrote a while back on an earlier sensational case: “This was the familiar trial by media, and was no better for taking place on the web than elsewhere.”

  • Hermione

    Thanks for shedding some more light on this – the Chinese whispers affect of the media always amazes me! We heard on the radio this morning, in New Zealand, about this ‘judge in America found hosting a pornographic website even featuring beastiality’ The radio host even went as far as saying ‘you couldn’t make this stuff up’.

    The media whirlwind spins far and fast. People want to hear shocking, awful or just weird stories in the news. If they are fact or fiction often doesn’t seem to matter to them….

  • Constantine

    If the above YouTube video is rated as bestiality, then I should be called an “astronaut”

    I’ve been surfing the Internet for more than a decade now, and seen most (if not all) faces of it.
    The only thing that still truly amazes me, is how much people can distort reality to achieve their ends…

    “It’s very telling that people have a problem with a judge who views pornography judging obscenity (because he may be biased) but then they subtly don’t mention that someone who doesn’t view pornography may be biased in the opposite direction. People aren’t worried about bias, they’re just worried that the bias match their own bias.”

    I totally agree with Adams here.
    I don’t see we should anybody bother with somebody’s personal life, as long as they do their job right.

    And yes, I believe an undisclosed directory on a web server *is* personal…

  • James Nightshade

    Lessig writes: The site was not “on the web” in the sense of a site open and inviting anyone to come in. It had a robots.txt file to indicate its contents were not to be indexed.

    Robots.txt is a voluntary access control mechanism, but it does not prevent resources from being “on the Web” in any sense. The document describing the robots.txt standard refers specifically to web robots. Robots.txt was not intended to apply to interactive web browsers. It is roughly analogous to a sign one might find beside a residential street: “No trucks except for deliveries.” The street is still a part of the road network, even if some vehicles are asked not to visit.

    Another example is the form I’m typing this into. It has an accompanying CAPTCHA form to identify robotic spam submissions. Blocking these robots doesn’t effectively take the submission form off the Web. If one wants to avoid public access to a Web resource, there are access control mechanisms which can do that. Passwords are one example; robots.txt is not an example.

  • Angie Lacross

    Did you know that there is nothing in the Code of Professional Conduct in California which says that lawyers and judges cannot lie? Nowhere is that prohibited by their code of conduct. Nowhere.

  • justacommenter

    It’s fairly obvious who’s in the tank for whom here.

    “The real story here is how easily we let such a baseless smear travel …”

    The smear isn’t baseless. According to pictures I saw on Patterico.com which purport to come from Mr. Kozinski’s hard drive, there was one showing a child suckling a catholic priests penis.

    I maintain that this is obscene, and therefore, illegal. The judge should be arrested so that we can have a trial to determine whether he broke the law.

    The ONLY way that you can determine if something is obscene is to have a trial. Having your lawyer claim it’s not obscene isn’t enough. Judge Kozinski and his cohorts in the Judiciary have created the laws about obscenity, and they have decided that you cannot possess anything that, after the fact, a jury decides was obscene.

    So, the only way we can know if Judge Kozinski possessed obscenity is to have a trial.

    His objectivity is easily questioned, now. Therefore, he is not fit to judge the trial he has “paused.”

    These are not baseless claims. The photos are real child porn, they are disgusting and in my opinion, obscene, and we should try Mr. Kozinski using the laws he and his fellow judiciarians impose on the rest of us … an after-the-fact determination to determine whether you broke the law based on the mere opinion of whoever is in your jury pool.

  • Robert Peyton

    “Prof. Lessig ,
    How is it you have so many more details about this than anyone else? And why is your account so different than the one here?”

    Because the LA Times story is misleading? Because other facts have been disclosed since it was published but before Professor Lessig posted? What are you suggesting?

    One example (which was addressed by Prof. Lessig, actually): the LA Times story characterizes one video as, “a video of a half-dressed man cavorting with a sexually aroused farm animal.” This implies the video contains bestiality. In fact, it’s what Professor Lessig said: a guy in a field with his pants down attracts the unwanted attention of a donkey. It may not meet your definition of humor, but it’s clearly not pornography.

    The story is reprehensible, and the LA Times should issue a correction. Not that it will do any good to a substantial number of people who will remember only that Judge Kozinski had pornography on “his website.”

  • notherbob2

    You failed to mention that one reason this story “has legs” is that the judge serves on the infamous 9th Circuit court (if a reader doesn’t instantly recognize why that fact is relevant then never mind this point). Also, nice try on the donkey bit. As I remember, the actual allegation was of the presence of a video showing a woman sticking her head into a cow (from memory, I haven’t checked this fact).
    The technique of substituting an easily refuted straw man for the real allegation is commonly used by those who care more about defending their point of view than sticking to the truth. Have you knowingly done that here?

  • Reader

    Prof. Lessig, your analogy about the lock & the den is laughable.

    You cannot possibly employ a metaphor that implies that Kozinski had these materials “locked” way when the site was *not* password-protected.

    If you read Sinai’s comments to the posts at Patterico & others to your post here (Seth F.’s), it is clear that performing routine searches with generic search engines revealed the contents of the Kozinski’s site. A Russian mp3-sharing site linked to the directory on Kozinski’s site containing AK’s mp3. It is simply & absolutely ridiculous to compare AK’s site to a den in a locked house with a locked window.

    At best, this situation is akin to somebody leaving their objects/porn on the sidewalk in front of their house.

  • Reader

    See also this post: http://blog.wired.com/27bstroke6/2008/06/judges-web-site.html

    It’s also come to light that included amid the sexual material posted on the judge’s site more recently were MP3 files of copyrighted songs by Weird Al Yankovic, Johnny Cash and Bob Dylan.

    According to the source who found the MP3 files on Judge Kozinski’s site, at least one of the MP3 files was being traded through a file-sharing site that linked to Kozinski’s subdomain where the song was stored, raising questions about whether the judge was in violation of copyright laws if anyone downloaded the music from his site. Three Ninth Circuit Court judges ruled last year that just making copyrighted works available may be a violation of copyright laws.”

  • JPW

    “The smear isn’t baseless. According to pictures I saw on Patterico.com which purport to come from Mr. Kozinski’s hard drive, there was one showing a child suckling a catholic priests penis.”

    Well, obviously any site that claims to have pictures from the judges hard drive has to be telling the truth. ’nuff said.

    Your analogy is spot on, Lessig. Just because not everyone has the technical knowledge to protect their own domain doesn’t mean that their right to privacy is voided. To me, even if he displayed the (completely legal) pictures openly (while taking proper precautions to make sure kids wouldn’t access it, etc..), it wouldn’t matter. These are legal documents, made by an adult, for an adult’s enjoyment.

  • http://dominik.net dominik

    Fido, a dog, sits on edge of the public road. He’s leashed to the nearby porch of his owner Alice’s home.
    Alice, the dog’s owner, wants to communicate with her friend Bob. She’d like to do this discreetly, but doesn’t want to go to much trouble. She buys a dog food bowl for Fido, fills it, and places it on the road. She tells Bob that she’ll put notes under the bowl and that he should do the same. They communicate over a few months, passing notes by leaving them under the dog food bowl.

    Eve, no friend of Alice’s, happens to be walking down the road one day. She notices the dirt around the dog food bowl appears unusual, as if someone had reached under the bowl. Curious, she picks up the dog food bowl carefully and finds a note from Bob to Alice containing some questionable material. She takes her camera and snaps a picture of it, then carefully replaces it and goes on her way. She then contacts the local press and shows them her picture of the note, and tells them where to go see the note themselves.

    I find that analogy closer to the mark.

    Alice = Yale Kozinski
    Bob = Judge Kozinski
    Eve = the disgruntled litigant
    the dog food bowl = the unlinked directory
    the note = the questionable images
    the disturbed dirt = the directory structure/misconfiguration of the server
    the edge of the street in front of the house = the web server
    the street = the wider internet

    The edge of the street in front of one’s home isn’t exactly a public place, nor is it exactly a private place, just like a web server. The place under the bowl of dog food isn’t exactly obvious to the public, but a careful observer will notice that someone’s recently picked up the bowl by looking at the dirt. A curious observer will pick up the bowl herself, thus “hacking” the security of the bowl (nothing more than obscurity, but security nonetheless).

  • http://www.bitcurrent.com Alistair

    Thanks for the summary, Prof. Lessig.

    I think there a two, more fundamental, issues we’re all going to struggle with as we move our ethics online.

    The first is that of positive and negative rights. The judge has a right not to be researched in those places where he feels he is private, and particularly those unrelated to his public persona. In this case, the fact that the server was readable doesn’t mean he intended to share the materials; it was a misconfiguration. His right not to be interfered with would seem to outweigh the public’s right to information in this case.

    The second is that of “decency.” A playboy on the table might seem boring to some, outrageous to others. Since the Internet broadens the community of standards to the whole world, effectively, someone’s predilections are compared to those of the entire online planet. Today, we work on a consensus basis, unfortunately — a minority of vocal objectors set the tone for the “community.” Hopefully this will change as we learn to coexist.

    But in this case, the two are related. The judge probably agreed that the content he had on the server was acceptable to its intended community. By extracting that information and displaying it to a wider community, the litigant changed the scope of the intended community and revised its “implied decency.” The act of changing intended community by a third party does not, in my opinion, constitute an agreement by the owner of that material to do so.

    And it’s this “scope of outrage” we’re dealing with.

  • http://jimtreacher.com Jim Treacher

    You cannot possibly employ a metaphor that implies that Kozinski had these materials “locked” way when the site was *not* password-protected.

    So if you accidentally leave your bedroom curtains slightly open, I have the right to stand at your window and watch you all I want. If I can see something, it must be public, right?

  • Chris Newman

    Excellent post, Professor Lessig.

    The claim by a commenter above that Judge Kozinski has some aversion to hiring female clerks is absolutely false. He currently has two out of four female clerks, and during one term a few years back all three of his clerks were female (and if memory serves, all three went on to Supreme Court clerkships). Nor are those the only female clerks he’s had over the years. Judge Kozinski clearly has (and has never hidden) a taste for offensive humor, and he doesn’t care who is being offended. But the efforts in some quarters to equate a fondness for dirty jokes with “misogyny” is pernicious and baseless.

  • Kiaser Zohsay

    I have to agree with David desJardins. A server that responds to valid HTTP requests from the open Internet is by definition publicly accessible. If you want to limit access to such a server, there are a multitude of tools available for that purpose. The fact that you need to enter a URL manually to access a particular resource is merely obscure, not secure (see Schneier).

    This fact makes the “den window” analogy less effective. A better analogy would be the back room of a retail shop. The shop is privately owned by the shopkeeper, but the front of the shop is obviously open to the public during business hours. The shop has a back room, that is off limits to the general public, so the shopkeeper puts in a door with sign saying “Employees Only”. If the sign accidentally falls off of the door, and a customer wanders into the back while looking for the restroom, are they trespassing? Probably not. If the same customer finds a Playboy magazine on the table in the employee break area, should he run to the media and exclaim that the shopkeeper is a sexist beastophile? Again, probably not.

    I agree with Larry’s main point that the media has blown this story way out of proportion with very few facts. But sensationalizing the actions of the instigator will only cloud the issue further.

  • Luke

    “The smear isn’t baseless. According to pictures I saw on Patterico.com which purport to come from Mr. Kozinski’s hard drive, there was one showing a child suckling a catholic priests penis.”

    Wrong. The pictures at Patterico show
    1) A halloween costume in which a doll is attached to the front of a priestly frock.
    2) A stained glass window, theoretically commissioned by the church itself.
    You may not find either funny, but neither depicted an actual child sucking on a catholic priest’s penis. Both are a reference to the catholic scandals, but they are neither pornographic nor obscene.
    (IMO, the stained glass window is absolutely hilarious.)

  • Gabriel Sutherland

    Professor Lessig’s analogy is just wrong and the analogy is the basis of the defense of Judge Kozinski.

    The HTTP directory isn’t concealed behind a door. It’s not concealed behind a wall. There is no mangled lock. It’s open to the Internet(airspace) we all breathe. The http directory is the equivalent of attaching everything in Kozinski’s den to the back of an airplane and flying it around in the sky for all to see. You just have to look up.

    If I posses a single ak47 in the trunk of my car, that is locked, and within it a locked gun case, containing said ak47, am I publicly transporting a fully automatic rifle or is it none of your fucking business?

    Professor Lessig has taken a dive into an empty pool. No amount of water thrown in that pool after the jump is going to save him.

  • John Steele

    Slight digression on an interesting thread . . . Angie Lacross says, “Did you know that there is nothing in the Code of Professional Conduct in California which says that lawyers and judges cannot lie? Nowhere is that prohibited by their code of conduct. Nowhere.”

    I don’t think that captures the reality. California is an unsual state in that it has dual regulation, by legislative statute and by judicial rule making. Our first rule quite sensibly says that California lawyers are bound by the legislative statute, which we call the State Bar Act (Cal. Bus. & Prof. Code sec. 6000, et seq.). Section 6068 says that as to matters they’re working on, lawyers shall employ such means only as are consistent with the truth. Section 6106 forbids any act involving moral turpitude, dishonesty or corruption, whether or not committed in the course of a legal matter. In addition to those catch-all provisions in the State Bar Act, the California Rules of Professional Conduct forbid a number of specific sorts of lies (e.g., in bar admissions, when communicating with the tribunal, etc.).

  • mcg

    I don’t wish to wade into the Kozinski story here, but I do join those who reject the analogy between an unlocked house and an unlocked web site. The Internet is a public, shared medium, and people ought to operate under that presumption at all times. There are a variety of measures available to secure web sites, control access, and the like. What is more, circumventing such security measures is already illegal.

  • http://docrampage.blogspot.com Doc Rampage

    Your account is dishonest, Mr. Lessig. If you are going to criticize someone else’s judgment about what is newsworthy, you at least owe it to them to present what they think the news is because that is what they used to judge the newsworthiness of the story. By presenting only your own unique version of events as the undisputed truth, you mislead your readers.

    In particular, the people who have found this newsworthy believe that Kozinki’s site was originally open and searchable as a normal part of the web and that he only closed it down recently during an ethics investigation. Also, you have completely ignored the pirated MP3s being shared on the site, which Patterico and others have considered the primary news. Also, the files seem to be under Kozinski’s personal directory –not just the family directory as you imply– and Kozinski originally admitted to uploading them himself. Finally, the files show that Kozinski seems to enjoy and share pornographic (or obscene) humor which mocks Catholics, women, and other groups. This isn’t just embarrassing material, but the kind of material that has gotten people which much less responsible positions fired.

    You may dispute the newsworthiness of this story if you wish, but please have the integrity to explain to your readers why anyone thought it was news.

  • http://dominik.net dominik

    Kiaser: There’s a difference between publicly accessible and a public place. The phrase “public place” has its own meaning in law. Most relevantly here, no expectation of privacy exists in a “public place.” But something can be publicly accessible without being a public place; leaving the door open to one’s house makes it technically publicly accessible without transforming it into a public place.

    I also agree that the media has blown this out of proportion, but I note that that’s what the media does, because sensationalism sells far better than normalcy.

    As Chesterton wrote long ago: “It is the one great weakness of journalism as a picture of our modern existence, that it must be a picture made up entirely of exceptions. We announce on flaring posters that a man has fallen off a scaffolding. We do not announce on flaring posters that a man has not fallen off a scaffolding. Yet this latter fact is fundamentally more exciting, as indicating that that moving tower of terror and mystery, a man, is still abroad upon the earth. That the man has not fallen off a scaffolding is really more sensational; and it is also some thousand times more common. But journalism cannot reasonably be expected thus to insist upon the permanent miracles. Busy editors cannot be expected to put on their posters, “Mr. Wilkinson Still Safe,” or “Mr. Jones, of Worthing, Not Dead Yet.” They cannot announce the happiness of mankind at all. They cannot describe all the forks that are not stolen, or all the marriages that are not judiciously dissolved. Hence the complex picture they give of life is of necessity fallacious; they can only represent what is unusual. However democratic they may be, they are only concerned with the minority.”

  • Cory

    No. There is no valid analogy you could make that would indicate a non-password-protected file server availiable through http requests constitutes a private space in any way. As previously mentioned, robots.txt is a preventative tool against automated access, not personal access. All Judge Kozinski had to do to make it private was password the server, but he chose not to do so. His ignorance as to how the internet works is no defense – it is not the perception of privacy that matters, but rather the actuality thereof.

  • Tony Tutins

    I would analogize this to the Kozinski family’s leaving the front door open while they’re home because it was hot. Nobody would expect strangers to wander into the house uninvited, and help themselves to whatever they found there. Other commenters seem to be arguing that doors should be double bolted at all times, except when actually entering or leaving.

  • http://dominik.net dominik

    Back in 2005, several business schools denied admission to students who “hacked” into their admissions system.

    How did they “hack?” They changed the URL, taking advantage of a bug in the server’s code to see whether or not they had been admitted several weeks before they official notification date.

    See: http://blogs.law.harvard.edu/philg/2005/03/08/business-schools-redefine-hacking-to-stuff-that-a-7-year-old-could-do/

    One could make a similar argument here: The disgruntled litigant “hacked” Yale Kozinski’s web server by taking advantage of a “bug” in the configuration to access files he never should have been able to access. This “bug” is akin to Prof. Lessig’s faulty lock on the window.

    The key question as I see it is whether a web server is a “house” — a private space that is only open by invitation or whether it is something else. I’d argue it is something else, more akin to a means of publishing than to a place.

    Another illustrative situation:
    Alice moves into an apartment. She finds an unsecured wireless network and uses it, surmising that someone has provided it as a public service. Little does she know that it is only public because Bob, who set it up, lacked the technical skill to make it private. Is Alice stealing from Bob? Suppose she torrents so much that it degrades Bob’s network quality. Does that make a difference? Does Bob have a duty to secure his wireless network, or is there an expectation of privacy upon finding an unsecured wireless network? Should Alice have determined the owner of the network and asked permission before using it?

  • Bruce Rheinstein

    I’m amused by the arguments that hacking into a personal a site, which is specifically set up not be be spidered by search engines, and then publishing the contents in order to embarrass the owner, is anything other than an invasion of privacy.

  • Bruce Rheinstein

    I’m amused by the arguments that hacking into a personal site, which is specifically set up not be be spidered by search engines, and then publishing the contents in order to embarrass the owner, is anything other than an invasion of privacy.

  • mcg

    No, Tony, we are arguing that attempting to draw comparisons between a web site and someone’s house is flawed from the start. With a house you start with a presumption of privacy and private property, and the locks only serve to deter criminals. With a web site you start with a presumption of public access, and the locks serve to control access by anyone, criminals and non-criminals alike.

  • Bruce Rheinstein

    I’m amused by the arguments that hacking into a personal site, which is specifically set up not be be spidered by search engines, and then publishing the contents in order to embarrass the owner, is anything other than an invasion of privacy.

  • http://dominik.net dominik

    I’m amused by the arguments that hacking into a personal a site, which is specifically set up not be be spidered by search engines, and then publishing the contents in order to embarrass the owner, is anything other than an invasion of privacy.

    Where “hacking” involves typing in a URL. Where the contents have been already been published (albeit obscurely) via upload to a publicly-accessible directory on a web server connected to the Internet, without any obstacles to access. What privacy has been invaded?

  • mcg

    I’m glad you’re amused, Bruce. I, on the other hand, am amused be people who place such significance on the robots.txt file. For instance, from the Web Robots FAQ:

    The real answer is that /robots.txt is not intended for access control, so don’t try to use it as such. Think of it as a “No Entry” sign, not a locked door. If you have files on your web site that you don’t want unauthorized people to access, then configure your server to do authentication, and configure appropriate authorization. Basic Authentication has been around since the early days of the web (and in e.g. Apache on UNIX is trivial to configure). Modern content management systems support access controls on individual pages and collections of resources.

  • mcg

    Even that analogy isn’t perfect, because it fails to take into account that 1) the Web is a public medium to begin with, and 2) the robots.txt file is in no way designed to be read by or respected by human web surfers.

    So a slightly better analogy might be to think of a robots.txt file as a “No Entry” sign posted in an otherwise public place, written in a language that you can’t understand.

  • Charles Hinkle

    You have been talking about two rather innocuous and definitely not obscene photos that were available trhgouth Judge Kozinski’s web page. There was a lot of other stuff there, too — at least according to the links that appeared yesterday in Howard Bashman’s How Appealing website. One was a photo of a young man fellating himself, and Judge Kosinski was quoted on NPR last night (June 12) as saying that he found that photo to be “amusing” There was also a slide show of several very attractive androgynous persons, and the viewer was invited to guess whether they were male or female — and then the answers were given, with the most graphic photos.

    I have no objection if Judge Kozinski wants to amuse himself by looking at such photos, but if this had been a liberal judge appointed by President Carter or Clinton, imagine the furor that would have emerged! Fox “News” would have been running with it, non-stop. The right wing blogs and all the other guardians of public morality would have had a field day.

  • http://lumma.org/microwave Carl Lumma

    Let’s try that again (admin: please delete previous post).

    >Your analogy is spot on, Lessig. Just because not everyone has the technical knowledge
    > to protect their own domain doesn’t mean that their right to privacy is voided

    If I don’t have the skill to file my tax return correctly, I get fined. If I don’t have have the skill to keep from getting into an accident with my car, I won’t be allowed to drive. If I don’t know that leaving contraband in “plain sight” of a cop looking in my window gives him probable cause to search my house, I still go to jail. So why is it any different with some ignorant old bastard and his website?

    I don’t know what was on the website; Lessig says merely that it was nothing illegal. Nor does he tell us what the defendant who went to the media was being tried for — maybe also nothing illegal. Remember these are the same people who want to go through your hard drive at the border. They should at least be held to the same horseshit standards they impose on everyone else. But I agree: it’d be best just drop the whole thing.

    -Carl

  • Greg Beck

    Do we know for sure that the YouTube video is the “half dressed man cavorting with a sexually aroused farm animal?” If so, I think the reporter’s description is beyond misleading.

    I have a hard time describing what that man was doing as “cavorting.” The choice of that particular word, and the description of the man as “half naked” and the donkey as a “farm animal” seem almost deliberately chosen to falsely suggest bestiality. Most people (including me) seem to have read it that way. I assumed the reporter was using vague language to avoid writing something not appropriate for the newspaper. But the reporter could just as easily have written “man being chased by a sexually aroused donkey.”

    I feel like I was lied to.

  • http://lumma.org/microwave Carl Lumma

    Let’s try that again (admin: please delete previous post).

    >Your analogy is spot on, Lessig. Just because not everyone has the technical knowledge
    > to protect their own domain doesn’t mean that their right to privacy is voided

    If I don’t have the skill to file my tax return correctly, I get fined. If I don’t have have the skill to keep from getting into an accident with my car, I won’t be allowed to drive. If I don’t know that leaving contraband in “plain sight” of a cop looking in my window gives him probable cause to search my house, I still go to jail. So why is it any different with some ignorant old bastard and his website?

    I don’t know what was on the website; Lessig says merely that it was nothing illegal. Nor does he tell us what the defendant who went to the media was being tried for — maybe also nothing illegal. Remember these are the same people who want to go through your hard drive at the border. They should at least be held to the same horseshit standards they impose on everyone else. But I agree: it’d be best just drop the whole thing.

    -Carl

  • http://jimtreacher.com Jim Treacher

    Where “hacking” involves typing in a URL. Where the contents have been already been published (albeit obscurely) via upload to a publicly-accessible directory on a web server connected to the Internet, without any obstacles to access. What privacy has been invaded?

    So if I know the address to your home because it’s in the phone book, and you didn’t properly install the lock on your front door, your home is not a private place.

  • Charles Hinkle

    You have been talking about two rather innocuous and definitely not obscene photos that were available trhgouth Judge Kozinski’s web page. There was a lot of other stuff there, too — at least according to the links that appeared yesterday in Howard Bashman’s How Appealing website. One was a photo of a young man fellating himself, and Judge Kosinski was quoted on NPR last night (June 12) as saying that he found that photo to be “amusing” There was also a slide show of several very attractive androgynous persons, and the viewer was invited to guess whether they were male or female — and then the answers were given, with the most graphic photos.

    I have no objection if Judge Kozinski wants to amuse himself by looking at such photos, but if this had been a liberal judge appointed by President Carter or Clinton, imagine the furor that would have emerged! Fox “News” would have been running with it, non-stop. The right wing blogs and all the other guardians of public morality would have had a field day.

  • http://dominik.net dominik

    Rereading everything I think I understand Prof. Lessig’s point better.

    “Decent people — and publications — should say shame on the person violating the privacy here . . . We need to extend some of that obsession to the increasingly common violations by private people against other private people.”

    Violating the privacy doesn’t mean violating the law, but instead violating social convention, so called norms of privacy.

    Prof. Lessig argues, I believe, that poking around on someone’s web server ought to be viewed upon distastefully, as distastefully as poking around in someone’s house is viewed today. He is not saying that a web server is a house, but rather he is saying that just as we frown upon poking around in someone’s house, so too we ought to frown upon poking around in someone’s web server. Security, or lack thereof, is not the question. The mere fact that the directory was obscured ought to indicate, to decent people, that we shouldn’t peek inside of it.

  • mcg

    No, because unlike the Web, your home is private property.

  • mcg

    Oops, sorry, my last comment was directed at Jim Treacher. Posts are coming in fast here!

  • http://www.desjardins.org/david/ David desJardins

    Lessig writes: it was plain beyond doubt that this was not intended as a public place where anyone was invited to come and browse.

    That is not at all clear to me. Many of the facts alleged in Lessig’s original posting appear not even to be true. Other relevant facts are not yet known to anyone. If there is an investigation, that will help to determine how the site was intended and how it was used. For example, examining the server logs will reveal a lot about who was using the site, what other sites linked to the site, and so on.

    This is what seems likely to me (and it differs quite a bit from what Lessig asserts): It seems likely to me that Judge Kozinski was aware that anyone who typed the URL http://alex.kozinski.com/stuff into their web browser would have access to all of these files. It also seems likely to me that Kozinski shared this information with other people on whom he placed no duty of secrecy. Taking those facts together, I would conclude that he had no reasonable expectation of privacy, that he knew that random people could well gain access to his site and (at least) took no steps to prevent that.

    It’s possible this is not true. For example, it’s possible that he really thought the files were only accessible from the one computer they were stored on, and not to the public at large via the WWW. So I have an open mind to what the investigation might find. But the facts, at the moment, don’t seem to be pointing that way.

    The Wall Street Journal story Judge Requests Investigation of His Conduct says it well: Legal-ethics professors said the main concerns should be whether the judge took sufficient steps to make sure the material wasn’t accessible, and whether and to what extent it was disseminated. These are reasonable questions, to which we don’t have all of the answers. Lessig’s assertions of a particular answer to these questions (especially when the facts supporting his conclusions don’t even seem to be true) make him seem more of an advocate for Kozinski than an impartial commentator.

  • http://dominik.net dominik

    No, because unlike the Web, your home is private property.
    Prof. Lessig wrote: “My only point is that it was plain beyond doubt that this was not intended as a public place where anyone was invited to come and browse. Norms of privacy should therefore apply.”

    I see that as saying that even though Web isn’t private property, a Web site is not a public place (in the legal sense), and as not a public place, there _is_ an expectation privacy — therefore social normals of privacy should apply. And these social norms _should_ frown upon poking around in obscured directories.

    Unfortunately for Judge Kozinski, not everyone shares Prof. Lessig’s conceptions of the social norms of privacy surrounding web sites.

    For a better illustration of social norms see http://www.huffingtonpost.com/david-weinberger/facebooks-privacy-defaul_b_72687.html — in particular:
    “Why? Because privacy is not just about information. It’s all about the defaults.

    If a couple is walking down the street, engaged in deep and quiet conversation, it certainly would violate their privacy to focus listening devices on them, record their conversation, and post it on the Internet. The couple wold feel violated not only because their “information” — their conversation — was published but because they had the expectation that even though their sound waves were physically available to anyone walking on the street who cared to listen, norms prevent us from doing so. These norms are social defaults, and they are carefully calibrated to our social circumstances: The default for sidewalks is that you are not allowed to intercede in private conversations except in special circumstances. The default for showing up at a wedding party is that they can ask whether you’re with the bride or groom’s party, but they can’t ask you to show a drivers license. The default at some schools is that your grades will be posted on a public bulletin board and at others that they will not. When we violate these norms, various forms of social opprobrium ensue. We even have special words for different types of violations: eavesdropping, being nosy, being a blabbermouth, etc. “

  • http://jimtreacher.com Jim Treacher

    No, because unlike the Web, your home is private property.

    But it’s on a public street.

  • Tony Tutins

    at least one of the MP3 files was being traded through a file-sharing site that linked to Kozinski’s subdomain where the song was stored

    So the Kozinskis who are not savvy enough to password protect their file directories, are yet savvy enough to make all 14 of their MP3 files available for sharing, to fill the pent-up demand for Mickey Katz singing 16 Tons, and Tom Lehrer’s celebration of Hanukah in Santa Monica? My question is did they need to do this themselves, or could it be done by a website visitor, perhaps carrying a grudge against the judge?

  • mcg

    dominik, your restatement helps me understand his point better (assuming you’ve restated it accurately). And I think it’s something I could work with but I think it’s incomplete, and naively so.

    The flip side of the coin here is that there are countless stories of people who place undue expectations of privacy on content that they publish out in the open on the Web. Judge Kozinski’s case may indeed be one of those where we ought to have more sympathy to the “victim”, but how often do we hear about people posting racy pictures or inappropriate content on their MySpace or Facebook sites, only to be shocked (shocked!) when their employer finds it and considers it bad for business?

    As my comments here indicate, I believe that attitudes about the Web must start from a presumption of public access. At this point, I don’t have much sympathy for naivete on this issue. If you are the least bit worried that something might be viewed by people other than those you want, do not put it on the web without true authentication measures in place. Period! If you don’t try to lock it down, it ain’t locked down. And a robots.txt file doesn’t do it.

    Perhaps there are some developments that can be made to make authentication and security more accessible to the average user. Perhaps web site builders could be configured by default with a restrictive robots.txt file, no directory access, etc. etc. so that people have to learn to unlock things to provide more access to people.

    But once that attitude is in place, then frankly I think stories like these pretty much go away. And when a similar compromise does happen, then we’ll find it far easier to sympathize with the victim and against the hacker, because after all, reasonable security measures had been taken.

  • mcg

    But it’s on a public street.

    Uhh, yeah. So what? That’s supposed to make your house/web site analogy valid… how?

  • Moniker

    Lessig you’re still doing what you complain about at the start of the post.

    There was no hacking. Who ever set up the server left the directly publicly accessible. That’s a fact. If they didn’t want the public to look at the stuff directory they should not have made it _publicly_ accessible_. Web servers ship with security. If you don’t want strangers looking at your stuff then use the security features provided.

    Robots.txt is meaningless. Who cares if it had said file. I don’t have to obey it. It’s there so stuff wouldn’t be indexed by crawlers and it appears it wasn’t.

  • http://jimtreacher.com Jim Treacher

    Uhh, yeah. So what? That’s supposed to make your house/web site analogy valid… how?

    Uhh, because anyone can get to it anytime they want. And if they’re obviously not invited, apparently it doesn’t matter because they can still get in. It’s not as solid as the argument that “My home is private because it’s private,” admittedly.

  • Light.Trash

    “young child wearing only a diaper, forced to dance a sexually suggestive cha cha”….

    …this is evidently how the LA Times would describe the digitally rendered dancing baby that was widely seen in the late 90′s.

    I would have a lot more respect for this “righteous” outrage if everyone didn’t recognize the majority of these pictures from the description. Didn’t everyone get the “halloween costume” forward with the Catholic priest outfit and the cow-painted woman? Or the one with the hilarious tatoos?

    Maybe your “righteous” outrage is really more related to your loneliness because no one ever sends you any of these chain emails. Get out. Meet people. Form a support group for people with hypocritical outrage syndrome.

  • mcg

    Jim: through both law and tradition everyone who goes to your house via a public street knows that they cannot enter your house without your permission. Heck, if you tell them to, they have to get off of your driveway, too. Not so with the web; on the contrary, it is by design and by default a public forum. If you want to carve out a private area, there are a variety of means by which you can do so; but it is not private by default. Indeed I would argue that the explosive growth of the web has depended upon the presumption of public accessibility. Imagine having to read the terms of service of every web site you ever happen upon, whether it is through a deep link or a search engine result or a link your friend emails to you, to make sure that you have permission to access the site. (For that matter, a presumption of privacy would effectively put an end to deep linking.)

  • rosignol

    My question is did they need to do this themselves, or could it be done by a website visitor, perhaps carrying a grudge against the judge?

    That’s unlikely, it is far more probable that it really was a configuration screwup. It’s very easy to accidentally leave a directory on a server unsecured, I’ve done it myself. And I’ve been a professional computer geek for about a decade.

    The commenters above pointing out that robots.txt is irrelevant to humans are correct, that file is specifically intended to tell search engines to stay out of specific areas, not people. And some search engines do not obey robots.txt.

    As far as the content is concerned, it may be shocking to some, but I daresay it’s offensiveness is being greatly exaggerated, possibly by someone with an axe to grind. Patterico has some of the images, and most of it is stuff that was being passed around as joke email attachments in the late 90s. The picture of the guy fellating himself is very solidly in that genre- the presentation spoofs the old MasterCard ‘Priceless’ ads, with the punchline “Your brothers revenge on you for years of torment, by posting a “private moment” picture of you on the internet. PRICELESS!!” The rest of the impact of the image is based on the common belief that it is an impossible act.

    The women-in-bodypaint pictures are apparently from a European edition of Playboy, and the Donkey video is something that was run on one of those ‘funny animal’ tv shows- it is not explicit.

    This is raunchy humor of a sort pretty much anyone who’s been online for more than a year or two will have encountered- not something to brag about, but not something worth breaking out pitchforks over, either.

  • mcg

    Actually, rosignol, according to Lessig’s own post here the web site was set up for the purpose of sharing these files. This is speculation on my part, but I’m thinking that the offending files were placed in a directory and links to them were sent via email to friends, posted on blogs, etc. It’s good etiquette, certainly, not to clog up someone’s inbox with 5MB attachments. And I’ve hosted “orphan” files like these on a web site so that I could embed images into postings on Web bulletin boards.

    If my speculation is right then they probably had no intention of preventing public access to the files—assuming you knew what the URLs were. If they’d emailed those URLs to friends, they would have no way of knowing to whom those friends would forward them. If they had embedded those images or videos in blogs, again, they’d have little control over who saw and downloaded them.

    They may not have been aware that someone could browse the directory itself (which as you know is something that can be disabled). But if I’m right then it really can’t be argued that these files were intended to be completely private, either.

  • http://threewisemen.blogspot.com Xanthippas

    Well, obviously any site that claims to have pictures from the judges hard drive has to be telling the truth. ’nuff said.

    Also, “suckling” is a really funny word to use to describe that act, and the humor of it (unintentional I assume) sort of undermines the faux outrage and demands for a trial.

  • http://threewisemen.blogspot.com Xanthippas

    Also, count me as old-fashioned, but I’m not one of these people who believes that the extent of our privacy depends on how validly we secure our belongings (online or otherwise) against outside intrusion. The Supreme Court is of the opinion that, in leaving you trash on the curb, you have lost most of your right to privacy in the contents of that trash. They arrive at that conclusion thanks to the necessity of following the logic of prior privacy precedent, but you and I know that’s plainly ridiculous. I’m sure an informal (or formal) survey would reveal that most people don’t think that others ought to be able to rummage around in their trash just because they can’t leave it in their backyard for the trash men to pick up or burn it in a pit. Similarly, if you have a collection of documents online that are not necessarily available to the public, are not even put there to be discovered by the public, then it doesn’t matter to me whether they are actually accessible or not. A person should expect to have a reasonable right to privacy that they don’t intend to make public, and we generally ought to be ashamed of ourselves if we think merely the ability to get to it justifies invading that privacy right.

  • ic

    When Gingrich’s cell phone was tapped into by a Democrat, the outcry was against Gingrich’s “outrageous” campaign strategy. When a Republican operative found dirt snooping a Dem’s website, the Republican lost his job. Tapping into other’s phone was illegal, surfing a website was not.

    If the chief judge is a liberal, then the light will be on the hacker.

  • mcg

    Suppose I set up a card table in my front yard, right on the edge of my property, along the public thoroughfare. I place a copies of a document on the table. There’s no sign saying “take one”, but to the casual observer it’s clear the documents are all identical copies—and they look interesting. Is it shameful to take a copy as you walk along?

  • Tony Tutins

    It’s very easy to accidentally leave a directory on a server unsecured

    According to the source who found the MP3 files on Judge Kozinski’s site, at least one of the MP3 files was being traded through a file-sharing site that linked to Kozinski’s subdomain where the song was stored, raising questions about whether the judge was in violation of copyright laws if anyone downloaded the music from his site.

    Then, if I understand correctly, leaving the subdirectory unsecured was sufficient for the file-sharing site to discover the MP3 files, index them, and make them available for downloading. The file-sharing site was just a search engine specializing in music files. So I don’t see how simply forgetting to secure his subdirectory could make Judge Kozinski a copyright law violator. The files on the server may have been illegally copied of course, or meet some fair use exception even if so.

  • David Nieporent

    No, Tony, we are arguing that attempting to draw comparisons between a web site and someone’s house is flawed from the start. With a house you start with a presumption of privacy and private property, and the locks only serve to deter criminals. With a web site you start with a presumption of public access, and the locks serve to control access by anyone, criminals and non-criminals alike.

    Discussion of “presumptions” are misplaced here. There’s no dispute, as far as I can tell, that the Kozinskis intended the site to be private. If they screwed up, as they apparently did, that doesn’t change their intention. Now, if you stumble upon something that was intended to be private because of that presumption, then you’re innocent of trespassing. But it’s not the initial stumbling upon that’s at issue here; it’s the dissemination of that information.

  • Joe Bingham

    http://lessig.org/blog/2008/06/the_kozinski_mess.html#comment-25333

    Please delete that comment (3:13) asap; it’s anonymous, false and slanderous, and misleading to people who might be here and not know any better.

  • http://www.desjardins.org/david/ David desJardins

    There’s no dispute, as far as I can tell, that the Kozinskis intended the site to be private.

    I certainly dispute that. While all the facts are not yet in, the evidence suggests that Judge Kozinski knew that the site was fully accessible to the public.

  • http://jimtreacher.com Jim Treacher

    Jim: through both law and tradition everyone who goes to your house via a public street knows that they cannot enter your house without your permission. Heck, if you tell them to, they have to get off of your driveway, too. Not so with the web; on the contrary, it is by design and by default a public forum.

    That’s the whole point. The only reason I can’t just walk into your house anytime I want is because of law and tradition. The whole concept of privacy only exists because enough people agree it exists. The question is, how do we decide whether this material was private? Assuming of course that Kozinski intended it to be, and if whoever dug it up knew it was intended to be. I say it’s private because there was the virtual equivalent of a velvet rope across it. You say it’s not private because you can jump right over the rope. Which fiction is correct?

  • mcg

    There’s no dispute, as far as I can tell, that the Kozinskis intended the site to be private.

    As do I. As Lessig stated, the purpose of the web site was to share files with people. I offered some speculation above as to what that might look like, but I could be wrong.

    Even so, I don’t think intention is enough. I continue to maintain that a person’s private residence and the Web are different in this regard. You must take active steps to lock down your private content on the Web.

  • Albatross

    I haven’t seen any indication so far indicating any way of proving the site owners were responsible for storing that information on their site, or were aware the information was there. If a disgruntled litigant is determined enough to dig this information up, they could conceivably be disgruntled enough to hack the server and plant the information. Even without such measures, some unauthorized person (a young relative, a guest visiting the home, etc) could have stored the questionable files, or the files could have been inadvertently or mistakenly downloaded as part of other legitimate activities.

    How about you? Do YOU know that you don’t have a file on your computer that someone else might find objectionable?

  • mcg

    The whole concept of privacy only exists because enough people agree it exists.

    Agreed. But I would argue (and began to, in that post) that the very construction of the web is founded in an assumption of free accessibility.

    The question is, how do we decide whether this material was private?

    If they protected it with a reasonable authentication mechanism, or placed it behind a firewall, then it might reasonably considered private. And existing laws handle cases where people bypass those mechanisms to get access to material they weren’t intended to have.

    Assuming of course that Kozinski intended it to be, and if whoever dug it up knew it was intended to be.

    Not an entirely safe assumption, given that the purpose of the web site was for sharing.

    I say it’s private because there was the virtual equivalent of a velvet rope across it. You say it’s not private because you can jump right over the rope. Which fiction is correct?

    I say that my fiction is effectively the one in overwhelming practice today. I say my fiction is the one that anyone serious about Internet security assumes is operative. I say that my fiction is fundamental to the explosive growth of the Internet. I say that had yours been in play from the beginning, the Internet would not exist as it is today. I say that your view of the Internet, if implemented today, would have serious consequences for search engines, deep linking, friendly link sharing, and so forth that we all take for granted.

  • QrazyQat

    Suppose I set up a card table in my front yard, right on the edge of my property, along the public thoroughfare. I place a copies of a document on the table. There’s no sign saying “take one”, but to the casual observer it’s clear the documents are all identical copies—and they look interesting. Is it shameful to take a copy as you walk along?

    Now imagine you’ve put these documents in your unlocked garage, and people have to open the door to get to them. This is more like the online situtation than your table on the lawn scenario. Is it shameful to walk up to someone’s garage, open the door, and take a look at what you have and report it to the world?

  • mcg

    Even without such measures, some unauthorized person (a young relative, a guest visiting the home, etc) could have stored the questionable files, or the files could have been inadvertently or mistakenly downloaded as part of other legitimate activities. How about you? Do YOU know that you don’t have a file on your computer that someone else might find objectionable?

    You’re conflating the use of a computer in the home with a web site where files must explicitly be uploaded. We’re not talking about files downloaded to a computer, we are talking about files uploaded to a web server. The latter doesn’t happen by accident. I think we can safely assume that the files that were there were placed there by a party friendly to Judge Kozinski.

    The files I have on my computer are private: the computer is inside my home; it sits behind a firewall; it does not host a web server broadcasting to the Internet. I do, however, have a web site, and if you knew what it was you’d be more than welcome to use any means necessary to see all of the files it contains, because I’m not naive enough to put something there that I wouldn’t want a stranger to see.

  • mcg

    Now imagine you’ve put these documents in your unlocked garage, and people have to open the door to get to them. This is more like the online situtation than your table on the lawn scenario. Is it shameful to walk up to someone’s garage, open the door, and take a look at what you have and report it to the world?

    Yes, if the table is in the garage that makes all the difference. But while I think you would like that to be the closer analogy, I simply don’t agree that it is. Certainly, my analogy is far more practical at this stage. Maybe if enough people agreed with Lessig and Treacher and yourself and influenced society to act this way, and maybe even passed a law or two reflective of that philosophy, things would be different. But that’s just not the way it is today.

    It’s kind of like defensive driving. You can complain all you want about how other people drive, but it would be dangerous to adopt a driving strategy that assumes everyone is going to drive they way you expect them to.

  • http://jimtreacher.com Jim Treacher

    I say that my fiction is effectively the one in overwhelming practice today. I say my fiction is the one that anyone serious about Internet security assumes is operative. I say that my fiction is fundamental to the explosive growth of the Internet. I say that had yours been in play from the beginning, the Internet would not exist as it is today. I say that your view of the Internet, if implemented today, would have serious consequences for search engines, deep linking, friendly link sharing, and so forth that we all take for granted. I say that your view of the Internet, if implemented today, would have serious consequences for search engines, deep linking, friendly link sharing, and so forth that we all take for granted.

    None of which has anything to do with whether this stuff should be considered private or not. The overwhelming practice of honoring privacy has been around longer than the Internet.

  • http://www.highprogrammer.com/alan/ Alan De Smet

    For anyone still unclear on robots.txt, here’s a simple summary: have you ever done a search using Google? Google’s robots.txt is pretty unambiguous: “Disallow: /search”. It means what it sounds like. But it’s cool. You’re not a web robot, you’re a human being, so it doesn’t apply to you.

  • http://www.foggybottomline.com R. Stanton Scott

    By mcg’s logic, every computer that has an internet connection is part of “the Web.” I would argue that I have not put anything on the web just because I stored it on a computer that is connected to the internet. I also would say that simply giving someone else the codes needed to read the files on my computer implies that I should adopt an expectation that this makes them fair game to random visitors.

    Does anyone know whether the server on which these files were stored belonged to someone in the Kozinski family? If so, mcg is wrong and it is just as much private property as their house, whether or not others knew the location of the items inside it. I have not “put files on the Web” simply by hooking my computer to the Internet–and then given others the file path to access them–any more than I make my house publilc by connecting my driveway to a public street and giving a friend a key. The internet, after all, does not consist of the aggregate of files on computers accessible through networks. The internet is the pathways between computers. It matters whether the owners of the computers connected therewith intend for them to be accessible.

    That said, the public street does give people access to my house, whether or not I want it to. So if I don’t want others to look inside, I should draw the blinds and lock the door. And make sure my buddy doesn’t give away copies of the keys.

  • mcg

    None of which has anything to do with whether this stuff should be considered private or not. The overwhelming practice of honoring privacy has been around longer than the Internet.

    Of course it has everything to do with it. If I want to communicate my social security number to my employer, I don’t take out a full-page ad in the paper, I send it in a private communication. Now, if I was being really weird, I suppose I could encrypt it somehow, and put the encrypted text in the newspaper, and give my employer the decryption key, then I’d be safe. But that would also be weird.

    What I mean to say by way of that horrible analogy is that the Internet is not a privacy-preserving medium in and of itself. From its original foundation its purpose was to share information with whoever else was on it. Furthermore, many of the practices that make the Internet great depend on an assumption that anything that is accessible is freely so. People need to understand this and heed this when they make the conscious decision to put stuff on the Internet. If they assume otherwise they do so at their peril. You might wish it were different, but that’s all it would be, a wish.

    And yet, unlike my horrible analogy, there are actually some reasonably effective and simple ways to create a private “space” on the Internet: encryption, authentication, firewalling, VPNs, etc. If you are determined to make something private, whilst sharing it with a select group of people, you can. But it requires a deliberate act to do so—because again, that’s not the default function of the Web.

  • http://www.foggybottomline.com R. Stanton Scott

    Oops…I mean “I also would say that simply giving someone else the codes needed to read the files on my computer does not implythat I should adopt an expectation that this makes them fair game to random visitors.”

  • http://jimtreacher.com Jim Treacher

    What I mean to say by way of that horrible analogy is that the Internet is not a privacy-preserving medium in and of itself. From its original foundation its purpose was to share information with whoever else was on it.

    So the act of sharing information with someone else renders that information public? I’m not sure the U.S. Postal Service would agree.

  • mcg

    By mcg’s logic, every computer that has an internet connection is part of “the Web.”

    No. Every computer that has a direct connection to the Internet and has a Web server running is part of the Web. As far as I know, firing up a web server is a deliberate act on every computer and every operating system that a consumer can buy. Furthermore, many computer sit behind WiFi access points and other firewalls so that even if you did fire up a web server on your computer, it would not be visible from the Internet.

    The bottom line is that if you want something on the Web, you have to deliberately put it there. Your computer does not become “part of the Web” simply by turning it on and firing up WiFi.

    Now, having said that, there are genuine security concerns that everyone needs to be aware of when they are surfing the net. It is possible in many cases for a hacker to gain unauthorized access to your computer and your files by exploiting bugs in your computer’s security system. But that access is already illegal.

    The files you have on your personal computer, and that you are not explicitly choosing to share over a web server (or that you have not explicitly uploaded to another web server), are private.

  • mcg

    So the act of sharing information with someone else renders that information public? I’m not sure the U.S. Postal Service would agree.

    No, I’m saying that putting on the Internet—more specifically, the Web—without encryption or authentication, makes it public. What the USPS says is irrelevant; they don’t run the Internet.

  • http://2ndExposure.blogspot.com Steve Rosenbach

    Aside from the legal arguments and dog-disk metaphores (I liked that one, btw) there is what Prof. Lessig said within the first few sentences of this article: “the total inability of the media … to get the basic facts right…”

    This is a real pathology in our culture today.

    Take any one of dozens of narratives created or maintained by the media in the last few years:

    “Bush lied, people died” – not really, Dems and Repubs, Congress and the White House all had the same facts.

    “White House outed covert CIA agent” – no, it was Richard Armitage and if she commuted to HQ every day on a public street, she wasn’t covert.

    etc. etc.

    The military has a philosphy, “the first report is always wrong.”

    What an improvement if “journalists” today followed that principle.

  • http://jimtreacher.com Jim Treacher

    No, I’m saying that putting on the Internet—more specifically, the Web—without encryption or authentication, makes it public. What the USPS says is irrelevant; they don’t run the Internet.

    No kidding. The point is that just because you share information with someone else, and an uninvited party decides to snoop, that doesn’t mean it’s public. I like dominik’s example of the couple walking down the street having a conversation. They’re in a public place, and they’re certainly not encrypting their conversation. Does that mean the whole world is invited? If they happen to say something that someone else decides to use against them, shouldn’t their privacy be taken into account?

  • Rich E

    You’re right up to a point. Generally as the late Didcott J said in Case v Minister of Safety and Security
    “what erotic material I may choose to keep within the privacy of my home, and only for my personal use there, is nobody’s business but mine.” (CCT20/95); 1996 (3) SA 617, at para 91)

    But I can’t agree that Kozinski had a reasonable expectation to privacy in this context. First, a web server is intended to put files into the public domain. That is its purpose. And presumably the server was set up to share files and to make them accessible, albeit by word of mouth rather than search engine. Second, the case for privacy rests on the fig leaf that is the robots file. You argue that because there was a robots file on the server he must have intended it to be private. With respect that is a non sequitur. The presence of the file simply means that they didn’t want the contents spidered by search engines. Most web masters use such files to control spiders, and not to regulate access to directories. However, its common knowledge that such files are the source of useful info for hackers. Spidering the server with Burp or similar would have quickly revealed the structure of the directories and files including such files. Burp by default looks for such files. And because there was no proper access control traversing the directory structure would have struck gold.

    If there had been proper authentication on the directory concerned then I would have agreed with your argument. But there wasn’t. The security wasn’t ‘imperfect’ rather it was non-existent. Oops.

  • mcg

    I am enjoying this debate (as if you couldn’t tell) but I just checked the front page of nytimes.com, and it took some wind out of my sails. R.I.P, Tim Russert.

  • Brian Macker

    According to pictures I saw on Patterico.com which purport to come from Mr. Kozinski’s hard drive, there was one showing a child suckling a catholic priests penis.

    Actually it was three people in halloween costumes. One of the with a stuffed child attached to the groin area. I don’t see any actual child, any sucking, or any penis. Some people have more active imaginations I guess, or perhaps are basing their interpretations on real world events. Actually the costume is quite funny given the actions of quite a few Catholic priests and the church’s response to their crimes.

  • http://dominik.net dominik

    @R. Stanton Scott:
    Does anyone know whether the server on which these files were stored belonged to someone in the Kozinski family?

    From what I understand, Yale Kozinski owned the web server that hosted the files.

    If so, mcg is wrong and it is just as much private property as their house, whether or not others knew the location of the items inside it.

    Not exactly. If I’m understanding correctly, these files existed on a web server. While the web server itself is undoubtedly private property, the web server hosted these files. As any web server, once it received a request for a file in a public directory, it served up that file to the visitor.

    I have not “put files on the Web” simply by hooking my computer to the Internet–and then given others the file path to access them

    I’m not sure what you mean here by “hooking my computer to the Internet.” If you mean accessing the Internet from your computer without running any server daemons, then the second half of your sentence doesn’t make sense, because you could give other people all the file paths in the world you wanted, but they wouldn’t be able to access them on your computer if your computer wasn’t running a server of some sort. If, instead, you mean “hooking my computer to the Internet” as installing a server of some sort (e.g. Apache), then the second half of your sentence also doesn’t make sense to me because in that case giving others the http path to access the files _would_ put files on the Web, contradicting your initial statement.

    In this case, the litigants apparently found the files through a process akin to this. Perhaps one of the Kozinski s had e-mailed them or someone they knew this:
    http://kozinski.org/hidden/funnypicture.jpg

    The litigants then took this and typed in this address instead:
    http://kozinski.org/hidden/

    Since the web server had the option to create index pages enabled, it proceeded to generate an index page, listing all files in that directory, including files of questionable taste. The litigants then jumped on this.

    –any more than I make my house publilc by connecting my driveway to a public street and giving a friend a key.

    I’d say the proper analogy is holding a garage sale at your house. Putting up a sign that says “GARAGE SALE” is akin to putting up a web server, and you can hardly complain when — after having made your garage public — someone finds something you didn’t want found in the garage you’ve made public. You also can’t fault them for taking a picture of whatever it was they found, since by hosting a garage sale you’ve invited them onto your property. They haven’t done anything beyond that which you authorized them to do, namely wander around your garage.

    It matters whether the owners of the computers connected therewith intend for them to be accessible.
    Certainly. Owners demonstrate this intent by running servers and configuring them to establish some sort of permissions or access rights. Running Apache, for example, one can configure straightforward security with just a few lines.

    The question here is akin to a visitor at your garage sale looking in a dusty, forgotten corner and finding something you forgot was in the garage entirely, and that a reasonable person would conclude was not meant to be part of the garage sale. The visitor saw the dust and cobwebs in that corner of the garage; did he or she violate your privacy by probing further?

    Some people feel that sort of poking around violates a norm of privacy. Others don’t. As with all social norms, opinions and actions vary. Here the Kozinskis apparently assumed folks wouldn’t go poking around. Folks did. People took offense and raised an uproar. I’d argue that those poking around didn’t do anything criminal and that the Kozinskis brought it upon themselves. Others would argue that those poking around violating the Kozinskis’ expectation of privacy that the materials on their web server would remain unprobed.

  • mcg

    No kidding. The point is that just because you share information with someone else, and an uninvited party decides to snoop, that doesn’t mean it’s public.

    That’s correct! But if you shared that information with that person by walking into Grand Central Station and shouting it into a megaphone, you can’t claim it’s private, either.

    If you intend to share private information with someone else, the Web is not the tool you use. If you intend to control access to your information, the public, unencrypted, unauthenticated Web is not the tool you use. The Web is a public forum. Try a private Web site with authentication and encryption. Try encrypted email. Hell, try unencrypted email. But don’t put it on a bare web site.

  • http://jimtreacher.com Jim Treacher

    But if you shared that information with that person by walking into Grand Central Station and shouting it into a megaphone, you can’t claim it’s private, either.

    He wasn’t shouting anything. It’s more like a directional mic was pointed at him.

  • http://dominik.net dominik

    @R. Stanton Scott:
    Does anyone know whether the server on which these files were stored belonged to someone in the Kozinski family?

    From what I understand, Yale Kozinski owned the web server that hosted the files.

    If so, mcg is wrong and it is just as much private property as their house, whether or not others knew the location of the items inside it.

    Not exactly. If I’m understanding correctly, these files existed on a web server. While the web server itself is undoubtedly private property, the web server hosted these files. As any web server, once it received a request for a file in a public directory, it served up that file to the visitor.

    I have not “put files on the Web” simply by hooking my computer to the Internet–and then given others the file path to access them

    I’m not sure what you mean here by “hooking my computer to the Internet.” If you mean accessing the Internet from your computer without running any server daemons, then the second half of your sentence doesn’t make sense, because you could give other people all the file paths in the world you wanted, but they wouldn’t be able to access them on your computer if your computer wasn’t running a server of some sort. If, instead, you mean “hooking my computer to the Internet” as installing a server of some sort (e.g. Apache), then the second half of your sentence also doesn’t make sense to me because in that case giving others the http path to access the files _would_ put files on the Web, contradicting your initial statement.

    In this case, the litigants apparently found the files through a process akin to this. Perhaps one of the Kozinski s had e-mailed them or someone they knew this:
    (somesortofdomain)/hidden/funnypicture.jpg

    The litigants then took this and typed in this address instead:
    (somesortofdomain)/hidden/

    Since the web server had the option to create index pages enabled, it proceeded to generate an index page, listing all files in that directory, including files of questionable taste. The litigants then jumped on this.

    –any more than I make my house publilc by connecting my driveway to a public street and giving a friend a key.

    I’d say the proper analogy is holding a garage sale at your house. Putting up a sign that says “GARAGE SALE” is akin to putting up a web server, and you can hardly complain when — after having made your garage public — someone finds something you didn’t want found in the garage you’ve made public. You also can’t fault them for taking a picture of whatever it was they found, since by hosting a garage sale you’ve invited them onto your property. They haven’t done anything beyond that which you authorized them to do, namely wander around your garage.

    It matters whether the owners of the computers connected therewith intend for them to be accessible.
    Certainly. Owners demonstrate this intent by running servers and configuring them to establish some sort of permissions or access rights. Running Apache, for example, one can configure straightforward security with just a few lines.

    The question here is akin to a visitor at your garage sale looking in a dusty, forgotten corner and finding something you forgot was in the garage entirely, and that a reasonable person would conclude was not meant to be part of the garage sale. The visitor saw the dust and cobwebs in that corner of the garage; did he or she violate your privacy by probing further?

    Some people feel that sort of poking around violates a norm of privacy. Others don’t. As with all social norms, opinions and actions vary. Here the Kozinskis apparently assumed folks wouldn’t go poking around. Folks did. People took offense and raised an uproar. I’d argue that those poking around didn’t do anything criminal and that the Kozinskis brought it upon themselves. Others would argue that those poking around violating the Kozinskis’ expectation of privacy that the materials on their web server would remain unprobed.

  • http://lumma.org/microwave Carl Lumma

    OK, I take it all back. Kozinski is kinda cool, the images found were hardly even pornographic. The defendant is on trial for something just as stupid, but he wasn’t the person who leaked the files to the press. That person is a lawyer, for the prosecution I assume (but am unable to immediately confirm). But Lessig’s remarks about the problem being a violation of the judge’s privacy are still extremely lame.

    -Carl

  • mi

    readertoo: said “Kozinski generally refuses to hire female clerks.”

    The poster is mistaken. I have personally met female Kozinski clerks (I clerked for another judge). Lots of people don’t apply toKozinski; he’s a weird dude who works his clerks to the bone, but he’s also an excellent judge. He’s also quite conservative judicially. It wouldn’t surprise me if fewer top women applicants apply to him, they may be less inclined to tolerate/look for that experience. I didn’t apply to him, and I’m thankful I chose not to.

    I have seen some of the videos/photos described. They are bawdy and weird, but it’s quite a stretch to derive accusations of sexism or whatever from them. One video involves a man being chased by a donkey. Is that demeaning to men and donkeys? And if they guy hates men, women, (male) donkeys, and (female) Holstein dairy cows, it’s all a wash, right? (Though a petitioner-snake may have a leg up, seeing as how Kozinski has had pet snakes. Mice-litigants are screwed.)

  • mcg

    Jim, going back and forth from the general concept to the specific case of Kozinski is difficult. The point I was trying to make in my last post was a general one: that the Web in its default configuration is a public forum. It is not the proper venue for sharing information you intend to keep private. There are variety of much better tools for doing so.

    But if we’re back on Kozinski, the analogy still breaks down. I reject the analogy of a directional mic. This web site was constructed for the express purpose of sharing files. He was broadcasting its existence in a variety of ways, whether it was the use of an eponymous web site, some of which was web searchable; by deep linking to it in emails or other web posts. Who knows how often and in what ways he broadcast links to individual files within that directory. And again, the web site was not configured to keep the directory contents private in the technical sense.

    Even if the directory itself was never broadcast, that doesn’t mean he had a reasonable expectation that its exact contents would be private, if he ever sent a link to something inside that directory. There are entirely legitimate reasons to use the “URL truncation hack” that can sometimes reveal the contents of a directory. For instance, sometimes I’ll see an image embedded in an email address or some other forum, and I will want to know what the surrounding context is. Often the URL for that context will be the name of the directory the image is in. Or as an academic, I’ll be pointed to a particular paper on the Web, contained in a subdirectory called “papers/”; if I’m interested in reading more of that person’s papers, that’s the sensible URL to try. Heck, maybe Kozinski labeled that directory “cool_stuff/” or something like that. So even in leisure surfing, a little URL truncation is useful.

    What happens with URL truncation is one of three things:
    — If the directory has an index.html file, that will be displayed for the user. So the contents of the directory are safe from prying eyes regardless, unless one happens to know the *exact* file names in that directory.
    — If the web server is configured to allow directory browsing, then a simple list of files will be displayed in the web browser. It sounds like that is what happened here.
    — If the web server is not configured to allow directory browsing, then the web browser will say so, and no contents of the directory will be revealed.

    So if you don’t want the contents of a directory to be revealed publicly, there are 2 different ways to accomplish that. It’s not hard to do; indeed, I’m kind of surprised it wasn’t on by default. Maybe neither he nor his son cared either way, not knowing its contents would be misused in this manner.

  • http://jimtreacher.com Jim Treacher

    I reject the analogy of a directional mic.

    Feel free. Thank you for reiterating your argument that something’s not private because somebody else can access it.

  • mcg

    And thank you for reiterating your oversimplification of my argument.

  • http://jimtreacher.com Jim Treacher

    Just because it’s less than 500 words doesn’t mean it’s oversimplified.

  • dvan

    Despite the nature of some of the posts, I assume that we have a good number of lawyers involved in this discussion. Given that, I’m surprised that no one has mentioned 18 USCS § 2701, Unlawful access to stored communications, which provides, in part:

    a) Offense. Except as provided in subsection (c) of this section whoever–
    (1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or
    (2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided in subsection (b) of this section.

    I find the definitions for 2701 in:

    18 USCS § 2501(15) “electronic communication service” means any service which provides to users thereof the ability to send or receive wire or electronic communications;

    18 USCS § 2501(12) “electronic communication” means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce, but does not include—
    (A) any wire or oral communication;
    (B) any communication made through a tone-only paging device;
    (C) any communication from a tracking device (as defined in section 3117 of this title); or
    (D) electronic funds transfer information stored by a financial institution in a communications system used for the electronic storage and transfer of funds;

    I am exceptionally unfamiliar with the cases under this statute, but from a textual reading only, it appears that whoever dug into Judge Kozinski’s web server violated this federal law. I haven’t checked California law to see if there is any potential violation there.

  • mcg

    Jim: Touche’, my last post was too long. But yours wais an oversimplification nonetheless. You know very well that I have never claimed that something ceases to be private just because someone else has access to it. But if it makes you feel good to ignore the additional aspects of my argument, so be it.

  • mcg

    dvan, thanks for posting that. It is a specific example of the laws I have spoken about before that already provide a framework with which we can separate private and public portions of the Web. The question in Kozinski’s case of course is whether or not the access to his web server is “unauthorized” for the purposes of that statute. I don’t believe it is, because by the Kozinski’s own admission there were no controls in place to determine authorization, and the Web is by default a public forum. Looking at cases I can find with Google, this law seems to be applied in more classic cases of hacking—say, a disgruntled employee breaking into his former employer’s email server. But IANAL, and if you find cases that demonstrate otherwise, I hope you’ll post them.

  • ogmb

    dvan, authorization to access the files was given, even if accidentally. If you remove the file name from the URL and see the list of files in that directory, the directory settings are set to public access. The internet cannot operate under the assumption that everything is private unless otherwise stated. If you want to keep something private, don’t put your files in a web-accessible directory or take the necessary precautions to restrict access to authorized users. A robot.txt is certainly insufficient.

  • ogmb

    So if we follow the proposed reasoning, we have to conclude that Julian Snachez acted improperly when he compared the IP addresses of John Lott and his supposed disciple, Mary Rosh, to find out they’re identical? Certainly Lott did not want it to be known that the missives were sent from the same computer and only transmitted the IP addresses “accidentally” in his emails.

  • dvan

    I did some quick and dirty research and found Snow v. DirecTV, Inc., 450 F.3d 1314, 1320-1321 (11th Cir. Fla. 2006):

    The SCA was included as Title II of the Electronic Communications Privacy Act of 1986 (“ECPA”), Pub. L. No. 99-508, 100 Stat. 1848 (codified as amended in scattered sections of 18 U.S.C.). The ECPA was enacted to update the then existing federal wiretapping law to protect the privacy of the growing number of electronic communications. See 132 Cong. Rec. H4039 (1986 ) (statement of Rep. Kastenmeier). Since its inception, the ECPA provided “several clear exceptions to the bar on interception so as to leave unaffected electronic communication made through an electronic communication system designed so that such communication is readily available to the public .” 131 Cong. Rec. S11790-03 (1985 ) (statement of Sen. Leahy on a bill that was the precursor to the [**16] ECPA); see also 131 Cong. Rec. E4128 (1985 ) (statement of Rep. Kastenmeier on the same bill).

    Indeed, the ECPA explicitly reads, “It shall not be unlawful under this chapter or chapter 121 of this title for any person-(i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public .” 18 U.S.C. § 2511(2)(g) (emphasis added). Chapter 121 refers to the SCA. ECPA § 201. The legislative history and the statutory structure clearly show that Congress did not intend to criminalize or create civil liability for acts of individuals who “intercept” or “access” communications [*1321] that are otherwise readily accessible by the general public.

    Through the World Wide Web, individuals can easily and readily access websites hosted throughout the world. Given the Web’s ubiquitous and public nature, it becomes increasingly important in cases concerning electronic communications available through the Web for a plaintiff to demonstrate that those communications are not readily accessible. If by simply clicking a hypertext link, after ignoring [**17] an express warning, on an otherwise publicly accessible webpage, one is liable under the SCA, then the floodgates of litigation would open and the merely curious would be prosecuted. We find no intent by Congress to so permit. Thus, the requirement that the electronic communication not be readily accessible by the general public is material and essential to recovery under the SCA. Cf. Aware Woman Ctr., 253 F.3d at 683-84 (treating the motive requirement of the Freedom of Access to Clinic Entrances Act (“FACE”) as an essential element of a FACE claim because the motive requirement filters out conduct that Congress believes is not covered by FACE).

    Snow v. DirecTV, Inc., 450 F.3d 1314, 1320-1321 (11th Cir. Fla. 2006)

    It appears that this court doesn’t want a “flood of litigation” where the “merely curious” access a website and requires that an aggrieved party show “that the electronic communication not be readily accessible by the general public” if he/she is to be protected by the SCA.

  • Cyrus Sanai

    I’m the “disgruntled litigant” mentioned in this post. I’m trying, in the course of interviews, to give a true picture of what happened. I’m going to provide a discussion from a once-hostile blogger who, after looking at the evidence, changed his mind.

    From: http://patterico.com/2008/06/13/kozinski-asks-for-investigation-of-himself

    Kozinski Asks for Investigation of Himself
    Filed under: General — Patterico @ 11:11 am

    Judge Kozinski has called for an investigation of himself:

    The chief judge of the federal appeals court in San Francisco, whose pornography-laden Web site hit the headlines while he was presiding over an obscenity trial in Los Angeles, invited an investigation Thursday by a judicial disciplinary agency.

    Judge Alex Kozinski said in a statement that he has asked the Ninth U.S. Circuit Court of Appeals’ Judicial Council to begin proceedings to determine whether he engaged in misconduct. The council has the power to censure a judge, temporarily halt case assignments, or take the first steps that could lead to congressional impeachment and removal from office.

    “I will cooperate fully in any investigation,” Kozinski said.

    I think the investigation should address the extent to which Kozinski thought the site was private:

    He said he had believed it was a private site that others could see only with his permission, until he learned otherwise this week from the newspaper and his son.

    Most people reading that would probably assume that Kozinski believed that a member of the public would have to log in, likely presenting a password, in order to view anything stored on his site. But clearly Kozinski knew that members of the public could view material stored on his web site without a password or login. After all, he wrote an article about Cyrus Sanai that, in the 13th paragraph, hyperlinked a document stored on his web site:

    Nor would the reader — unless he happened to enter Mr. Sanai’s name in the Westlaw CTA9-ALL database — realize that, as part of the same imbroglio, he and certain members of his family have hounded a state trial judge off their case (read the PDF); been held in contempt and sanctioned under 28 U.S.C. §1927 and had their ninth sortie to our court in the same case designated as “frivolous” and “an improper dilatory tactic” by the district court. A detached observer, Mr. Sanai is not.

    The “read the PDF” hyperlink is to this link: http://alex.kozinski.com/judge.thibodeau.pdf. Unless Kozinski took specific steps to unlock permission for the viewing of that one document — an action which would, presumably, have familiarized him with the permissions applicable to his site — he knew the public could view documents on his site.

    My guess is that Kozinski assumed members of the public could view these materials only if they had the correct address for the material in question — but that they couldn’t view it if they didn’t know the specific address. But that’s just a guess. I am trying to obtain contact information for Kozinski so I can ask him more directly.

    I don’t ask this question in the spirit of attacking Judge Kozinski. Before this controversy, I had long admired him as a smart, iconoclastic judge with a clear and entertaining writing style. I don’t have any pre-existing hostility to the man. I’m just interested in the facts.

    I’ll remind people that the material I posted is not all of the material on Kozinski’s website, by a longshot. It is merely a selection of material I received from Cyrus Sanai by e-mail. Mr. Sanai — who cheerfully admitted to me that he went after Judge Kozinski to bring publicity to his parents’ case and what he perceived to be the Ninth Circuit’s inconsistency on a an area of law related to that case — agreed to mail me a CD of the entire contents he downloaded from Judge Kozinski’s site. I will be contacting him again to follow up on that. In the meantime, you can get an idea of what was in Kozinski’s “stuff” subdirectory from the file list in this comment, which lists file names found in a search engine cache.

  • http://jimtreacher.com Jim Treacher

    You know very well that I have never claimed that something ceases to be private just because someone else has access to it.

    I don’t know any such thing, but I’m willing to accept that you think you’ve been more clear.

  • mcg

    Sigh. Whatever. Maybe dominik’s post above does a better job of getting my point across.

  • Cyrus Sanai

    Here is the article from the ABA Journal which addresses the public access question, and quotes Prof. Lessig

    http://www.abajournal.com/news/risque_images_music_tied_to_9th_circuit_chiefs_site_raises_ethics_questions/

  • mcg

    This post lists a bunch of the files and directories that were (from a technical perspective) publicly accessible on Judge K’s web site.

    Amazingly, the construction of this list did not require visiting the web site at all. This was compiled simply by entering a command into a search engine. Assuming it was a reputable search engine, it means that the search engine was not waved away from the web site by a robots.txt file. Now that’s not necessarily a safe assumption: standard Google searches don’t index videos, so Googling “site:alex.kozinski.com” will get you a bunch of his articles (and others he hosted), but not the movies. So maybe it was a special search engine for video content, and who knows if it respected the robots.txt file or not.

    Regardless, judging by the post times, it took the commenter about 10 minutes to obtain the list. It wouldn’t take a random hacker to find those files; just a casual web surfer looking for classic Burger King commercials or videos of women whose pants are too tight. For a determined snooper it would be like shooting fish in a barrel.

    Whoever put this web site together was either horribly inept, naive, or both. I don’t know what to believe about Judge K. He seems to be blaming his son.

  • http://www.socialsecuritybullshit.com Steve Baba

    Wow 110 plus comments and a few from the disgusted litigant himself. (Assuming we can trust anyone’s self identity online)

    Many of the comments confirms my original impressing that Lessig so overstated his claim with a bad analogy and denying everything 100% that Lessig actually helped the disgusted litigant.

    To use one of Lessig’s favorite words, it’s “ridiculous” (I liked the word when I was a kid) to compare a legal act to breaking and entering. The disgusted litigant’s acts maybe be as tasteless as the Judge’s viewing, but not illegal. It’s also ridiculous to 100% deny it’s pornography. Many people might not consider it porn, just as most people don’t consider topless beach pictures porn, but it’s not a clear-cut case except to an overzealous lawyer arguing his case that only a fool would consider it porn.

    And one is sort of ignoring the obvious that if it’s definity not porn, sue the LA Times and that bar journal.

    I haven’t really thought about it and I am not a lawyer, but in the usual conflict of interest problem, one avoids people who HATE your material, not people who watch tamer versions. Unless the “disgusted litigant” plans to settle, I can’t imagine him doing any better with a judge who never watches any porn? And judges are not supposed to hold grudges, but I can’t imagine any judge looking favorably on such games.

    And from a constitutional lawyer, what about a solution that does not limit the press, freedom of speech, if possible.

  • http://www.socialsecuritybullshit.com Steve Baba

    Correcting/Clarifying my above comments. I think Lessig denied it was bestiality instead of porn. Sorry for the error. I still hate this CAPTCHA

    “There’s some ridiculous claim about “bestiality.” But the video is not bestiality”

  • http://sethf.com/ Seth Finkelstein

    Breaking news!

    Folks still reading (if there are any …) should take a look at my blog post:

    How “alex.kozinski.com” worked

    I’ve found an old HTML document from Kozinski, posted on a popular law blog, where the links indicate he knew people could retrieve files from his site, even from the “/stuff” directory. I speculate that he thought they needed specific filenames.

  • Cyrus Sanai

    Seth Finkelstein’s discovery is very important, and I kick myself for not thinking to look into Judge Kozinski’s self-nomination as “Judicial Hottie of the Year”. To be honest at the time I found that whole episode more painfully embarrassing for the judiciary than anything on Judge Kozinski’s site, so I avoided looking at it when I was seeking to figure out what Judge Kozinski did with that site that made concealment from

    The reaility is that Judge Kozinksii, by his file sharing and distribution of that link, knowingly invited the public into that directory.

    Cyrus Sanai

  • http://www.arkansawyer.com/wordpress John A Arkansawyer

    It’s not illegal, but that doesn’t mean it isn’t an invasion of privacy and it doesn’t mean doing it doesn’t make you a dick.

  • mcg

    Geez, this isn’t even close anymore. He’s put more than enough public links to files in that directory out there. And Google, frankly, thrives on external links like the several found in the Judicial Hottie of the Year article. Whether he understood it or not, that directory was public, and he made it so through his deliberate actions.

  • Sean B

    I realize there is debate about just how widespread various URLs to this server are, and how easily-guessed the directories from them are.

    Even so, I think a lot of people have an extremely oversimplistic view of the implicit privacy and secrecy of URLs that need guessing. For example, one commenter wrote:

    A server that responds to valid HTTP requests from the open Internet is by definition publicly accessible. If you want to limit access to such a server, there are a multitude of tools available for that purpose.

    Many servers accept basic http password authentication. People generally seem to accept that guessing account names and passwords (or even just passwords, given an account name) is attempting to bypass legitimate security. (E.g. is, I assume, illegal.)

    The standard URL format allows embedding the username and password into the URL itself. (I believe the http specification actually prohibits use of this form, but it actually generally works in practice–I’m not sure if it’s the browser or the server, and the difference might matter in one sense, but I’m mainly using this as an analogy.)

    This means that if there’s a private content directory at http://example.com/private, with the username “lessig” and the password “corruption”, then I can access the directory with the URL ‘http://lessig:corruption@example.com/private’, without seeing any further security. And it means if someone gives me the URL ‘http://lessig@example.com/private’, then I still need to guess the password, but I can do that by embedding various passwords in the URL itself.

    The slogan that obscurity is security is false, or at least taken out of contexts. Passwords, the #1 method of security, are based on obscurity: the obscurity of the password itself, which is just a string of text.

    And, here’s the interesting part, there is really no “mathematical” difference, no technical difference from the standpoint of security, if I instead create an “unprotected” directory on my server named “private/lessig/corruption”, as long as I make sure that, if you should get the URL “http://example.com/private/lessig”, you don’t get a listing of the directory (and, ideally, that you get no listing from “http://example.com/private”, either). It is literally equally secure whether you’re gussing “http://example.com/private/lessig/SOMEPASSWORD” or “http://lessig:SOMEPASSWORD@example.com/private”. The space within the URL you have to explore and the amount of feedback you get are identical; they’re just slightly different syntaces. Yes, the server implements them differently, but both of them rely on the people with knowledge of the “password” corruption keeping that password secret. Should either URL ever leak out, the security of the site will be compromised.

    My point of this is not that the webserver in question offered that level of “security”. It’s that you can’t simply discount “guessing URLs” as being “public activity” and sweep aside all possibility of it being privacy-invading. Clearly it’s false that guessing URLs is never privacy-invading, a priori, because of passwords-in-urls. I think the correspondence to “embedded filename secrets” is high, and it’s perfectly reasonable for me to have an expectation of privacy if I create a file on my server named “http://example.com/somesecretfile_3DOX3PQ91NCFGQZX0.mp3″ and don’t publish that URL, but merely give the URL to my friends and tell them to treat it similarly to how they would a password. What extra security would putting a “real” password on that have? Anyone who would have shared the URL with other people could now just share the URL and the password (or even embed the password in the URL and just share the new URL).

    (At least, I think this is reasonable because I do this all the time, although I usually put “do_not_share_this_url” in the filename as well.)

    But if you allow that possibility as privacy-invading, and then you find the server is mis-configured and allows listing the files, obviously the security is compromised: but is the expectation of privacy? Do people really a-priori have the right to certain kinds of URL guessing, like stripping off parts of the path? Why? Because “everyone does it”? (Everyone trespasses.) Because “it’s obvious”? (An obvious password isn’t no password protection, it’s a bad password.)

    I’m not saying the line absolutely must get drawn on lessig’s side of this, but I’m saying you can’t just discount it out of hand.

  • JTR

    It is indeed an overstatement to consider a file located on a specific domain as a part of a website, if there are no links from the website leading to the file. Simply saving photographs, video, and audio on the same domain as your website does not make those files a part of the website. But just because the files in question weren’t a part of the Judge’s website, doesn’t mean that they’re necessarily private. The judge’s lack of sophistication in not realizing that the files were publicly accessible is understandable, but his lack of understanding doesn’t mean that anyone accessing these files is invading the judge’s privacy. If I inadvertently drop a photograph from my wallet on to the street, however unintentional this drop may have been, simply picking up and viewing this photograph would not constitute an invasion of my privacy.

    On the issue of trespassing; If anyone can enter in a file’s URL and then access the file, then I consider the file to be “public.” The argument that this is trespassing, to visit a readily accessible URL and access the file located at this URL, is perplexing to me. Do I need explicit permission from Yahoo before I view ‘http://www.yahoo.com’? The central purpose of the World Wide Web is to communicate; any file on the World Wide Web that doesn’t have explicit deterrents, such as password protection or disclaimer, can and should be assumed to be public. Hopefully Professor Lessig doesn’t consider my viewing of his site trespassing; That’d suck, I enjoy this site way too much.

  • efgoldman

    While all you lawyers were analogizing this thing to death (is analogy 101 a required class in law school?) only a couple of commenters mentioned what’s really wrong with this story from the start: the LA Times, once a great newspaper, apparently wants to turn into FoxNews and over-report, sensationalize, avoid fact checking or just plain lie to make a story more compelling than it is or ought to be. I know no-one at Fox has any shame, but you’d think some editor at the Times would retain editorial skepticism and common sense.

  • http://www.uslaw.om/law_blogs USLaw.com

    As far as whether the “controversial” images on the Kozinski website bear any relevance to his ability to preside over the USA vs. Ira Isaacs indecency trial, it is interesting to compare them to images from the videos the Bush Justice Department’s indictment asserts are criminally indecent. Sample images have been posted so you can judge for yourself:

    USA vs. Ira Isaacs images

    We agree with Eugene Volokh that they are not remotely in the same league.

  • shoutingfireinemptytheater

    A less than one-act play for efgoldman:

    Indeed the LATimes has been reduced to burning furniture in the wood stove to heat the building. But this transcript of a recent conversation between a reporter and editor indicates they’re still aspiring to quality journalism.

    Reporter: Hey, chief, I’ve got a major story, with tons of irony. The federal appeals judge sitting on the bench in the obsenity trial of the guy who puts pee and poops in with sex in a movie and calls it art, well the judge has a web site with lots of weird porn, including a photo of a guy giving himself a blowjob, though he’s not peeing — and the judge calls it humor.

    Editor: Excuse me. We are in the phosphorescent afterglow of decay from our years as a great paper. So we still have some discretion. We won’t run crap like that.

    Reporter: So, tell me so I can understand and improve, what have you got better than that to put on the top of Page One for Sunday?

    Editor: I just finished the hed. Check it out:
    ALL FLIGHTS LAND SAFELY AT LAX: Local FAA Head Says Miracle Continues for 10th Straight Year

  • john

    Lessig doesn’t mention the MP3 files that were found on Kozinski’s site,.The site contained copyrighted music mp3 files that until recently could possibly be downloaded by others and I think a another web site had one song linked so others could download the song. Why did Lessig leave this out of his article?

    May be because “Kozinski wrote the dissenting opinion in a copyright case last year in which he sided with the copyright holder in saying that credit card companies that process payment for material that violates copyright should be liable for facilitating illegal sales of copyrighted material. This would imply that if it turns out that Kozinski’s site was making MP3 files available for download, he would consider himself liable for facilitating the illegal trade of copyrighted material.”

  • Tony Tutins

    This would imply that if it turns out that Kozinski’s site was making MP3 files available for download, he would consider himself liable for facilitating the illegal trade of copyrighted material.”

    If storage of a few humorous MP3 files on a family web server constitutes making them available for download, then a woman who puts freshly baked cupcakes on a windowsill to cool should consider herself liable for facilitating theft.

  • Bertha Butte

    Perhaps if you add to a previous analogy:

    I have advertised a yard sale. You are in my yard with my permission. You enter my closed garage and look around, take pictures, and disseminate them. I did not have my garage open, though it was unlocked. I did not have signs pointing to my garage. I had a garage sale last year, and if you search through the archives of the local paper, you can find a classified advertisement to that effect. I posit that you have violated my rightfull expectation of privacy regarding my garage, regardless of how easy it would have been to securely lock it up. I don’t know if this would also constitute trespass?
    My previous admission of the general public to my garage should not be construed as permanent access, and I cannot control the archiving of my old advertisement.
    Those of you who claim that all servers connected to the Web and running Web server software are “Public” are misguided, at best. There are many, many servers that are limited to authorized remote access by a small group of users. The assumption that a lack of proper security = public server, or that all servers are public is incorrect…..

  • Matt Andronica

    The posts here make one thing abundantly clear – a large number of people have uttely no understanding of the web and how it works. An individual who accesses a publicly available web directory via browser by doing nothing more than typing in a url has not “hacked” into anything. A publicly available directory is not a private room. A robots.txt file is not a security measure for preventing human browsing.

    The good judge was sloppy with his personal files. He has no one to blame but himself.

  • http://www.uslaw.com/law_blogs USLaw.com

    While many of the analogies proffered in this post and it’s comments seem compelling (open den window, finding wallet on the street, cupcakes on a window sill, etc.), they all belie how the internet– and the http and ftp protocol in particular– actually works.

    When a web browser is directed to particular URL, it’s client computer makes a REQUEST of the host for transmission of a file. The host (or web server) must then of it’s own free will choose if and how to respond to the request. It often chooses to, as Kozsinki’s computer did, transmit the requested file.

    Given this is the mechanism of http requests, directing a web browsers (or similar software) to a particular URL– whether it be a widely disclosed URL or not– can NOT be a trespass of any kind. It is far more akin to knocking on someone’s door than reaching a hand through a window.

    One makes an active choice to install web server software on their computer, configure it to be addressed by IP address or domain name, and connect it to a dedicated internet connection. These active choices constitute an invitation to have your servers, directories, and files pinged by others. Any one who is invited to knock on a door can not be blamed if that door is opened and someone hands them a cup cake, wallet, or stash of private papers.

    (Picking the lock on the door, as would be the case if one were to hack a password, is a different matter. The files in this matte were not password protected, encrypted, or otherwise secured. The door was knocked on, voluntarily opened, and voluntarily used to pass files.)

  • Caree Annette Harper

    A brilliant judge’s reputation is being tarnished as we type! I’m angry that no matter how much good someone does, we are still in a world that seems to overshadow their good works with scandal! The Judge is a MAN with his own sense of humor-so what! He didn’t say or do anything sexist, or biased in open court. I tried a 1983 case in front of Judge Kozinski a couple of years ago and marvelled at his wit, thoughtfulness and brilliance. I am a Democratic Black female civil rights attorney, so I would NOT take time to defend a conservative Reagan appointee if I did not feel truly compelled to do so. Let’s take steps to stop this ethics investigation (if we can). Because we all know that we have ALL sinned and fallen short… And I don’t care who you are-if anyone looks closely enough at you, Cyrus Sanai or I, there are skeletons in ALL OF OUR CLOSETS! Leave this Judge alone. He is a fair and brilliant man. Who cares if the server was password protected or not. The last time I checked the Penal Code or the rules on judicial conduct, not having a password protected server was not a violation. What he is really “guilty” of is not lieing to the LA Times reporter, right?? Because we want our judges and politicians, and Presidents to lie to us right? To make us feel better…something like “no I’ve never seen that joke or video on the family server before” or “that Bush joke was offensive and unfunny.” Instead, he was honest. God forbid a judge have a sense of humor and be honest. So the judge has a life, and like a lot of guys he shares jokes with friends and family essentially in PRIVATE. (I take issue with “readertoo”s comments above: sex jokes are NOT like racial jokes because everyone has sex organs, but racial jokes are stereotypes not applicable to every ethnic group) The Judge did/does NOT have any offensive materials in his chambers or in his courtroom, nor does he allow anyone to be demeaned in his courtroom (unlike some federal judges-male and female alike) Quite to the contrary, I witnessed the judge call a male attorney on the carpet for the demeaning tone in which he used with his female co-counsel. I say stop this witch hunt, and ethics investigation. WOULD ANYONE OF US WANT BIG BROTHER PEERING INTO OUR COMPUTERS?!

  • http://supremacy.claus.blogspot.com S

    From this point, every lawyer has a duty to demand discovery of every judge’s computer and all electronic activity in e-discovery. From a rent deposit dispute in small claims to a certed Supreme Court appellate case, the lawyer must demand all electronic activity of the judge on all government and on all personal computers, and on all public computers used by the judge.

  • adam brower

    you say:

    “Imagine the Kozinski’s have a den in their house.”

    right away, your analogy, and the argument based on it, founders. i would say, rather:

    “Imagine the Kozinski’s put a cardboard box on the public sidewalk.” i would then compare mr sanai not to a burglar who jiggled locks, but to a pedestrian who walked by and opened the box.

    if hizzoner’s intent was to preserve the presumption of privacy, there is no rational explanation for his placing the materials on a server connected to the web. there are so many trivial methods of restricting access to content to a specified audience (.htaccess comes to mind immediately) that i must assume he either had no expectation of privacy or was ignorant of these trivial methods. more judicial foolishness, more embarrassing cluelessness. a whole generation of jurists are going to have to retire before jurisprudence “gets it.” until then, we can expect more such (e.g., it’s illegal to axfr from the dakotas.)

    what sanai did in publicizing the materials was, in my opinion, morally unsupportable, but that is a matter between mr sanai and his god or gods, not for litigation.

  • fromthetop

    One of the images that Judge Kozinski viewed and saved to the hard drive of his computer depicts a very young man engaging in oral sex with himself.

    It appears to me that the young man is clearly under the age of 18 and may be as young as 13 or 14.

    A depiction of an minor engaging in masturbation is child pornography according to various statutes and the mere possession of child pornography is a felony.

    It doesn’t matter whether one store child pornography in a locked desk drawer in one’s den or out on one’s front lawn. The crime is the possession of it.

    Judge Kozinski has invited an investigation of himself by the 9th CIrcuit, but isn’t an inquiry into possible possession of child pornography something that is properly handled by a district attorney or a United States Attorney?

  • Caree

    From the top, you base your statement on what evidence? Oh that’s right, we live in a world in which speculation and exaggeration have legs.

  • adam brower

    fromthetop,

    the image to which you refer (i’m nearly certain, although i haven’t visited the uri’s in question) is a famous and venerable one, in circulation for decades. it depicts an extremely slender and hairless young fellow, but it has long been documented that the person in the photo was in his late twenties at the time of the (if i may so call it) exposure. the name of the person is even attached to some copies of the thing, which circulated among all the binaries groups on usenet for years. so you will be disappointed: you’ll have to find something else to wave your arms about. i mean, kozinski MUST have done something foul, since you detest his politics, hrmm? maybe he mistreats little bunnies!

    i don’t know who is more contemptible: sanai, for his frothing finger-pointing and violation of kozinski’s intended privacy or you, for attempting to tar kozinski with the child exploitation brush. (note: i said INTENDED privacy, and sanai’s trespass was, in my view, a moral one and not actionable. i still think prof. lessig has this wrong.)

  • http://www.kkrasnowwaterman.com K. Krasnow Waterman

    On the question of facts…

    If Judge Kozinski was really the author of this letter then how can it be said he didn’t know the public had access to the website? The letter was posted on the web and contains multiple links to the Kozinski website without access instructions or password, including one (the link for bungee jumping) to the /stuff subdirectory that contained all the materials that have become the subject of debate. While it’s true that the specific pictures that are the subject of discussion aren’t included in the letter, it’s equally true that those of us who know how to navigate the web might be curious about such a famous Judge’s website and look to see what else is posted there.

  • inkblurt

    One point I don’t see being made (possibly because I didn’t read every comment) is that there’s now a difference between “public” and “published.”

    It used to be that anything extremely public — that is, able to be seen by more than just a handful of people — could only be there if it was published that way on purpose. It was impossible for more than just the people in physical proximity to hear you, see you or look at your stuff unless you put a lot of time and money into making it that way: publishing a book, setting up a radio or TV station and broadcasting, or (on the low end) using something like a CB radio to purposely send out a public signal (and even then, laws limited the power and reach of such a device).

    But the Internet has obliterated that assumption. Now, we can do all kinds of things that are intended for a private context that unwittingly end up more public than we intended. By now almost everyone online has sent an email to more people than they meant to, or accidentally sent a private note to everyone on Twitter. Or perhaps you’ve published a blog article that you only thought a few regular readers would see, but find out that others have read it who were offended because they didn’t get the context?

    We need to distinguish between “public” and “published.” We may even need to distinguish between various shades of “published” — the same way we legally distinguish between shades of personal injury — by determining intent.

  • http://www.outsidethebeltway.com Steve Verdon

    I reject David’s claim of “easy acces therefore not private” claim. It is simply stupid. My front yard is easily accessible to the public, it is still my property and I can still demand others not to trespass. If David left his car unlocked then had something stolen, he’d still prosecute the thief if said thief was caught. David, don’t be a moron.

  • Yale Harvard

    You said: “I don’t accept that this is a ‘public place’ just because the public can easily get to it. … My only point is that it was plain beyond doubt that this was not intended as a public place where anyone was invited to come and browse.”

    If you leave a picture on your driveway of degrading pictures of woman and sexual cavorting with engorged donkeys chasing men, don’t act surprised when you neighbors laugh at you for sitting in judgment of them. Sure it is on private property, but legally visible to the public. It is plain beyond doubt that he knew the images were being shared, his robot.txt file is proof of that.

  • http://tinyurl.com/6mptr7 Kozisayso

    Regarding the child porn issue, check out http://tinyurl.com/6mptr7

  • ogmb

    [Steve Verdon] I reject David’s claim of “easy acces therefore not private” claim. It is simply stupid. My front yard is easily accessible to the public, it is still my property and I can still demand others not to trespass.

    Your front yard is a private space, with exceptions. The www is a public space, with exceptions (see dvan’s post above). This does not mean you cannot create private spaces in the www, but the intent to create them is insufficient. You also have to communicate your intent, e.g. by encryption or a password. In this case every communication of intent points toward public access: no password, no encryption, no protective index.htm file, no restricted permissions, robots.txt set to allow websearch, posting of http links on public websites, etc. Hence if the judge intended to keep the files private, he not only failed to communicate this intent but in fact communicated the opposite, see USLaw.com’s discussion.

  • Andrew

    Professor Lessig’s post suffers from the same fundamtental problem the LA Times article suffers from: there is zero evidence presented for what appear to be highly biased claims.

    Instead of describing what the LA Times thinks (obscenity, bestiality, etc) or what Professor Lessig thinks (not bestiality, harmless jokes, etc) why don’t they marshall evidence to support their claims? To be honest, I don’t really care what the LA Times or Professor Lessig “think” about this issue — I care what they can convincingly support.

    Specifically: what’s the content at issue? What is/was the content and web address of this robots.txt?

    The absence of supporting evidence suggests that the LA Times and Lessig would not benefit from its inclusion.

  • ogmb

    Instead of describing what the LA Times thinks (obscenity, bestiality, etc)

    I have not seen any claim that the LA Times made debunked here. Note that they did not speak of bestiality or obscenity in conjunction with Kozinski’s web directory (even though they didn’t do much to keep the reader from getting that impression, they certainly would have called a picture showing bestiality “bestiality” and not “cavorting with an aroused animal”). Lessig’s technical and legal claims on the other hand have been debunked here many times by many posters. If someone starts out a post with “What I mean by “the Kozinski mess” is the total inability of the media — including we, the media, bloggers — to get the basic facts right, and keep the reality in perspective” and then continues to do exactly the same thing — distort the evidence to further a partisan agenda — he’s just damaging his own reputation.

  • http://studio413.blogspot.com Lloyd Shugart

    Is that issue the change in morality of society? When Thomas Jefferson penned the constitution, his belief was that most were moral, and the laws should address the same.

    To be shunned by the members of your society was at that time. a punishment that most respected. There was a need for law & punishment(public flogging in the square stockade) to effectively deal with those who lacked morals, and respect of others properties.

    In this day and age of Freeriding, society loses.

    First I am not deluded in belief that morals equals manners or the vise versa. Nor do I believe that ones own morals should be the rule of others. My family http://studio413.blogspot.com were staunch abolitionist at the dawn of this great country. They had different ideas about many issues confronting society then, yet they only sought to empress their ideas around freedoms due all of man, certainly not implicating that all should live as they did, in all ways.

    That being said , I believe as they did. Yet as Mr. Jefferson recognized you can’t legislate your own morals, and that morals are not in fact just ones own, but are those that the benefit the greater society.

    But I feel that there is a growing disrespect for people and their properties, and the idealism that if you don’t (opt-out of public domain) lock it away, that society at large is welcome to take as they please.

    I believe in the Public Domain, and in fair use….I don’t believe in stretching those in ways that congress never intended, in either direction.

    For those whom advocate a free everything on the net…this may just be the issue that brings Judicial Notice, to why it’s wrong for society.

    I am just sorry that the Honorable Judge Kozinski, especially his wife, and family have to become victims, of something so patently wrong with society. Hope that one day you never find yourself in front of the Public, having to attend to such.

    Morals http://williampatry.blogspot.com/2008/06/gender-and-copyright.html

  • Deep Throat

    There is a MUCH BIGGER story here people are failing to acknowledge — the status of the computer security of this Nation’s Federal Courts post-the Kozinski disabling breach of the Federal Courts’ WebSENSE filter — do we really want to discover in hindsight some hacker managed to hack into the FISC National Security records, for example?

    With at least one example of a Federal Judge (notwithstanding he is one everyone likes), botching up the security on his own personal server, God knows what sensitive information might be at risk in our Federal Courts system. Share a few P2P files with a law clerk, and woopsie … the entire contents of the FISC Chief Judge’s hard drive might end up …

    WHO KNOWS WHERE !!!

    Didn’t the People’s Republic of China just get caught hacking into some Congressional computers a couple weeks ago?

    WHY AREN’T WE TALKING ABOUT FORMER AOC DIRECTOR MECHAM’S LETTER WARNING US ABOUT THE LACK OF ADEQUATE COMPUTER SECURITY FIREWALLS IN OUR FEDERAL COURTS ALLOWING HACKERS ACCESS TO HACK INTO ANY FEDERAL COURT RECORD IN THE UNITED STATES WITH OPPORTUNITY TO OBSTRUCT PENDING CASES?

    There is at least one case involving an 11th Circuit Court of Appeal law clerk, “AnnTM,” who admitted in blog posts that she used the Federal Court computers while working for her employer Federal Circuit Judge, to share files with numerous other outsiders, lawyers in several states, and receive extrinsic ex parte information not in the case record via e-mails and a blog open to the public via googlebot about an Americans With Disabilities Act plaintiff with autism — even admitted to obtaining confidential information about this autistic ADA litigant from the NINTH CIRCUIT COURT OF APPEALS to use as extrinsic evidence in the case in the 11th Circuit. The Sixth Circuit was also involved according to the blog postings. Thus, there is at least one instance of a multiple-Circuit issue involving breach of the Federal Courts Computer Security System that by the blog postings ADMIT to obstructing an ADA civil rights case.

    AFTER a dismissal of the appeal by three 11th Circuit Judges w/o disqualifying the ten (10) Circuit Judges whose impartiality was compromised by the law clerk through shared panel deliberations on several appeals, by the improper extrinsic ex parte information gathered by the law clerk ALA exploiting the apparent Kozinski WebSENSE breach, the 11th Circuit suddenly felt the need to sua sponte vacate and reenter the dismissal — to change ONLY the names of the Judges signing the dismissal Order to the three remaining Circuit Judges who did not share panel deliberations with the Judge employing the law clerk.

    Clearly, however, if any ONE of the Circuit Judges was required to disqualify due to lack of Federal Court computer security that allowed an 11th Circuit law clerk to run amok gathering through P2P file sharing and the sorts of Internet usage WebSENSE would have prevented the law clerk from gathering outside of the Court record (by exploting the Kozinski-Federal Courts Computer System Firewall breach to funnel extrinsic ex parte information into a case), given that ALL Circuit Judges in the Court of Appeals use the same flawed insecure computer system, ALL would have been inescapably placed into the appearance of impropriety obligation to disqualify. This case about the MUCH BIGGER story of the CONSEQUENCES of the Kozinski disablment breach of the WebSENSE Federal Courts computer security installed by former AOC director Mecham, has not yet sought potential Supreme Court review.

    The REAL question is HOW MANY CASES HAVE BEEN COMPROMISED by the Kozinski Federal Courts’ WebSENSE security breach? The integrity of the Nation’s entire Federal Judiciary hangs in the balance.

    Again, we all know Judge Kozinski did not have the computer knowhow to breach an entire Nation’s Federal Judiciary Court System’s computer firewall; such could only have been done by a highly sophisticated computer programmer extraordinaire motivated by a financial interest in opening up the Federal Courts Systems’ computers to lucrative outside security risks.

    This is bigger than Watergate …

    this entire Federal Courts Computer System security break-in is flushed out.

  • http://studio413.blogspot.com Lloyd Shugart

    Is the issue the change in morality of society? When Thomas Jefferson penned the constitution, his belief was that most were moral, and the laws should address the same.

    To be shunned by the members of your society was at that time, a punishment that most respected. There was a need for law & punishment(public flogging in the square stockade) to effectively deal with those who lacked morals, and respect of others properties.

    In this day and age of Freeriding, society loses.

    First I am not deluded in belief that morals equals manners or the vise versa. Nor do I believe that ones own morals should be the rule of others. My family http://studio413.blogspot.com were staunch abolitionist at the dawn of this great country. They had different ideas about many issues confronting society then, yet they only sought to empress their ideas around freedoms due all of man, certainly not implicating that all should live as they did, in all ways.

    That being said , I believe as they did. Yet as Mr. Jefferson recognized you can’t legislate your own morals, and that morals are not in fact just ones own, but are those that the benefit the greater society.

    But I feel that there is a growing disrespect for people and their properties, and the idealism that if you don’t (opt-out of public domain) lock it away, that society at large is welcome to take as they please.

    I believe in the Public Domain, and in fair use….I don’t believe in stretching those in ways that congress never intended, in either direction.

    For those whom advocate a free everything on the net…this may just be the issue that brings Judicial Notice, to why it’s wrong for society.

    I am just sorry that the Honorable Judge Kozinski, especially his wife, and family have to become victims, of something so patently wrong with society. Hope that one day you never find yourself in front of the Public, having to attend to such.

    Morals http://williampatry.blogspot.com/2008/06/gender-and-copyright.html

  • Lamar

    Deaar Professor L, and commentors:

    An issue has come up on whether the material linked to Judge Koz was public or private.
    Could the material have been drawn up via a googles search ?
    Was it obtained via any hacking methods–that the average I-net surfing could not employ… ?
    I read the above by Prof L, and he went into some arcane things about robot files, etc
    I don’t believe that cleared up the question. Maybe in arcane cyber nerd world it did, but to the broader world it is unclear.
    Much of the WWW origional materail on Judge Koz is not now avaiable via web sites, yet post BLOW UP on the NET, there are not secondary WWW sites, where the web sponsor invites people to post views, and many were via a googles search as a portal process.
    I would appeciate if any could discuss the issue on access some more, i respectfully submit it is unclear, still.
    Ms(wife) of judge Koz essentially alleges that lawyer Sanai broke into the Koz Famly personal computer.
    Some find that allegation absurd, Others raise issues on.
    So, I could comment on how others have chacterized the Koz Site, but i don’t have access to comment on the donkey chashing some guy to fornicate him…. is that something symbolic about some plaintiff who appeared before the 9th Circuit ? judge tanuting people who appear before 9th Circuit…? Seems like nobody has reposted the full Koz site.
    No, I am not asking that, ( access to the origional KOZ site) i am seeking to understand some dynamics of WWW world…
    Surely, the 3rd Circuit is most anxious to thorougly review the full Koz site(ALL FILES in vivid COLOR), on the links/ interface between WWW/ Cyber world and the Chambers of an Appeal Court.( questions on)
    Thank you in advance if any respond to the questions I rasied.
    Someone posted that Koz had on his site; a child engaging in oral sex acts on someone who appeared to be a Priest–one he(OTHERS) branded as a Catholic Priest. So, how does what was on a SITe relate to questions on the judical temperament of judge Koz.. —the whole picture.. ?
    Has Professor L looked at the site examined every file…in DETAIL ?
    Or ,does he just brush all aside ; as it is personal, any who comment are voy-ERS who committed a crime breaking into material that was a window into the HOUSE OF KOZ.
    Oh, now is that the shoe on the other foot—- the criminals are any who question UCLA grad judges, Standford Professors, breaking and entry…
    I got to this site via Google, and I have not seen one file on the Koz site, and I am not a criminal, or have I ever been a member of the Stanford Club, etc . I am in no position to judge Judge Koz, i do not have the facts (underscore all the facts) to do so, but my questions relate to the dynamcis of the internet, people, professionals, etc. I do not believe Professor L has all the facts—-he is not a Judge who has access to a process to obtain all the facts, etc.

  • http://xrumervps.ca soyptosuppoft

    Wanted to Show you this guys, I’m new here but if you have tried all the other VPS providers out there only to be upset at the speed of the desktops,
    than I most definately suggest you try the following link on this post. Been there for sometime now and have over 12 sites ranked number one.
    The tools all work the uptime is great and best of all the support answers :)
    Yes the support actually answers you in a good time. WOW.

    have a good day! And hope to meet more people here!

    best SEnuke Xcr VPS