Re: Hunting for Mr Badmouth (definately O.T. but short)

[Meidinger Chris <chris.meidinger () badenit de>]

Charley, thanks for the good response. 

There have been too many hot-headed responses to various things here lately.
I have been particularly disappointed to see newcomers ridiculed for asking
newcomer questions in a newcomer way. If someone comes and posts to a list
saying 'i have no idea what i am talking about' then do not chastise him,
educate that person. I have spoken in private email to several people asking
them to educate rather than ostracize, and it has worked.

Specifically relating to this post, Rockit you should not expect that the
original poster will justify why he is asking by providing a full
discription of the security incident to which he is responding. You are
imposing upon him the exact chains and limitations that you are rallying
against. Freedom of speech grants him the equal right to ask how to find
someone that that person may or may not have had to make statements that may
or may not be libelous. Freedom is a two way street.

I agree with both of you that the internet is changing - very rapidly - into
something much different than what we all imagine the internet to be. We
will, however, have to accept those changes and roll with those punches as
they come. One change is accountability. Increasingly, we will have to
account for our actions even in a virtual world - as long as its influence
in the real world remains strong. There is nothing inherently wrong with
asking how to find the originator of posts on a newsgroup. 

But, constructively, i hope that any further posters on the topic be so kind
as to explain to the original poster how to balance matters legally, rather
than tearing into him for asking a question that you didn't enjoy hearing
asked. 

Let's leave the aggressive tone of voice out of this list, and behave like
the professionals we are.

With friendly Greetings,

Chris Meidinger


-----Ursprüngliche Nachricht-----
Von: Charley Hamilton [mailto:chamilto () uci edu] 
Gesendet: Donnerstag, 28. August 2003 23:22
An: security-basics () securityfocus com
Betreff: Re: Fwd: Re: Hunting for Mr Badmouth (mostly O.T. and long)


Rockit,

Short comment:  There is inadequate evidence presented in the OP for anyone
to make a moral judgement about the OP and his reasons for trying to "track"
the individual in question.  The OP asked a technical question, and if you
feel morally offended by the question, ignore it.

That said:

Rockit wrote:

>  "short of a court order" ? Can't prove libel ? (and yes, the burden of
proof  >  would be upon you...so I am assuming that this person is actually
telling 
the > truth about the "company") Sounds like a vendetta to me ! (after
reviewing  > your email header, it's a personal address, not a company one,
which doesn't  > help your case any !)

I would argue that one reason for using a personal email over a company one,
assuming your review of the headers is correct, is to keep this from
becoming
a public issue until after it has been addressed privately.   Possibly, the 
company does not permit posting to mailing lists from comany accounts. How
do you know why the email account used is personal, if, in fact, it is?

You have assumed the person (Mr. Badmouth) is telling the truth, when in
fact 
you have no supporting evidence for the case.  Does this tendency to
assumption 
on the part of the uninvolved public (e.g. you, Rockit) in itself not argue
that the company in question should be able to pursue (at least) bilateral 
communication with the poster?  How can such communication be established 
without response from the alleged defamer?  Are we not entitled to defend 
ourselves against our accusers?  I recall something about that appearing in
US case law, as well.

Anonymity should not be a mask behind which one can hide when making untrue 
statements about any entity, corporate or otherwise.  If it's true, present
your evidence and permit the entity to rebut.  Otherwise, state the fact
that you don't like the entity and leave it at that.  False assertions are 
inappropraite.  Period.

>  There are way too many companies and individuals trying to manipulate
the  > justice system when it comes to the internet, especially in the civil
courts,  > because the laws don't support imagined criminal wrongs. So, I
have one  > question for you....ever hear of the first amendment and freedom
of  > speech ???

I agree that there is currently a race to over-regulate the internet in ways
which are largely inappropriate and under-informed on the part of the
government, as well as abuses and misuses on the part of many major
corporations and industrial associations.  I do not agree that this is a
pertinent issue, here.  Libel is libel, whether in print or electronic
media.  If it is actually libel, this is not an imagined wrong.

Although I do not generally agree with Engels on matters, I believe his
assertion, "Your freedom ends where the freedom of others begins, and only
there.", is pertinent to this discussion.  A person's freedom to make a
statement, printed or otherwise, should not enable the person to make
defamatory comments about another entity (human or otherwise). This would
infringe on the entity's right to pursue happiness. I seem to recall that
appearing in U.S. founding doctrine, as well.

I don't generally like MS software, but to assert that my first amendment
rights permit me to call all MS software "intentionally and unrecoverably
flawed" is IMO simply overreaching the scope of the law.  Granted, IANAL, so
there is a strong possibility that I'm wrong.  However, given that
defamation, libel, and slander laws exist, I am pretty sure there is *some*
legal limit to free expression, and there certainly is a logical limit (see
Engels' assertion above).  If I started to call you a dirty SOB and refused
to give proof you were both unwashed *and* a canine, you would have grounds
for suit.  Period.

>  I can only hope that no one in this list will help your vigilantism  >
styled tactics of violating someone's civil liberties !

Vigilantism?  The OP's questions seemed to aim at tracking someone who had
allegedly defamed a company with which I assume the OP is affiliated, based
on the OP.  It says nothing about what the plan is for what to do *after*
the person is identified and contacted.  Perhaps there is a plan to serve
the person with a legal summons.  If there is no evidence presented by the
alleged defamer to support the position, and the alleged defamer is not
identified, how is the company in question to determine whether or not the
charge is true and present adequate evidence to a judge to obtain such a
court order?  Of course, obtaining an order might be easier than I think,
but I doubt it.

Just my $0.02.

Charley





---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------