The Kozinski mess
So the wires are a twitter with the story of Chief Judge Alex Kozinski's "web site" which, from reading the stories, you'd think was filled with porn (and worse), revealing a dark soul who, some experts in legal ethics suggest, shouldn't be presiding at an obscenity trial. That, you think, is what I mean by "the Kozinski mess."
It's not. What I mean by "the Kozinski mess" is the total inability of the media -- including we, the media, bloggers -- to get the basic facts right, and keep the reality in perspective. The real story here is how easily we let such a baseless smear travel - and our need is for a better developed immunity (in the sense of immunity from a virus) from this sort of garbage.
Here are the facts as I've been able to tell: For at least a month, a disgruntled litigant, angry at Judge Kozinski (and the Ninth Circuit) has been talking to the media to try to smear Kozinski. Kozinski had sent a link to a file (unrelated to the stuff being reported about) that was stored on a file server maintained by Kozinski's son, Yale. From that link (and a mistake in how the server was configured), it was possible to determine the directory structure for the server. From that directory structure, it was possible to see likely interesting places to peer. The disgruntled sort did that, and shopped some of what he found to the news sources that are now spreading it.
Cyberspace is weird and obscure to many people. So let's translate all this a bit: Imagine the Kozinski's have a den in their house. In the den is a bunch of stuff deposited by anyone in the family -- pictures, books, videos, whatever. And imagine the den has a window, with a lock. But imagine finally the lock is badly installed, so anyone with 30 seconds of jiggling could open the window, climb into the den, and see what the judge keeps in his house. Now imagine finally some disgruntled litigant jiggers the lock, climbs into the window, and starts going through the family's stuff. He finds some stuff that he knows the local puritans won't like. He takes it, and then starts shopping it around to newspapers and the like: "Hey look," he says, "look at the sort of stuff the judge keeps in his house."
I take it anyone would agree that it would outrageous for someone to publish the stuff this disgruntled sort produced. Obviously, within limits: if there were illegal material (child porn, for example), we'd likely ignore the trespass and focus on the crime. But if it is not illegal material, we'd all, I take it, say that the outrage is the trespass, and the idea that anyone would be burdened to defend whatever someone found in one's house.
Because this is in many ways the essence of privacy. Not the right to commit a crime (though sometimes it has that effect). But the right not to have to defend yourself about stuff you keep private. If the trespasser found a Playboy on the table in the den, the proper response is not to publish an article reporting this fact, and then shift the burden to the home owner to defend the presence of the Playboy (a legal publication, harmless in the eyes of some, scandalous in the eyes of others). The proper response is to give the private party the benefit of privacy: which is, here at least, the right not to have to explain.
This analogy, I submit, fits perfectly the alleged scandal around Kozinski. His son set up a server to make it easy for friends and family to share stuff -- family pictures, documents he wanted to share, videos, etc. Nothing alleged to have been on this server violates any law. (There's some ridiculous claim about "bestiality." But the video is not bestiality. It lives today on YouTube -- a funny (to some) short of a man defecating in a field, and then being chased by a donkey. If there was malicious intent in this video, it was the donkey's. And in any case, nothing sexual is shown in that video at all.) No one can know who uploaded what, or for whom. The site was not "on the web" in the sense of a site open and inviting anyone to come in. It had a robots.txt file to indicate its contents were not to be indexed. That someone got in is testimony to the fact that security -- everywhere -- is imperfect. But this was a private file server, like a private room, hacked by a litigant with a vendetta. Decent people -- and publications -- should say shame on the person violating the privacy here, and not feed the violation by forcing a judge to defend his humor to a nosy world.
When it comes to government invasions of our privacy, we are (and rightly) a privacy obsessed people. We need to extend some of that obsession to the increasingly common violations by private people against other private people. There is nothing for Chief Judge Kozinski to defend because he has violated no law, and we live in a free society (or so he thought when he immigrated from Romania). A free society should feed the right to be left alone, including the right not to have to defend publicly private choices and taste, by learning not to feed the privacy trolls.
| Permalink | technorati
Comments (169)
I'm sorry, but there's no way that typing a URL into a web browser is analogous to jiggling a lock for 30 seconds. Do you really want to posit that sending a valid http request is legally or morally or ethically equivalent to breaking and entering?
I can't help thinking that you started with the result you wanted to get (defending Judge Kozinski) and then working backwards to come up with reasoning to justify it. But you should know better than to use an analogy that has such negative implications. At least, your analogy should be something like: Judge Kozinski inadvertently left his personal materials lying around in a public place.
David -- on what grounds is a personal HTTP server with a robots.txt file a public place?
I don't accept that this is a "public place" just because the public can easily get to it. But I'm also not arguing that someone should be treated as a trespasser because he or she wanders through a directory structure. My only point is that it was plain beyond doubt that this was not intended as a public place where anyone was invited to come and browse. Norms of privacy should therefore apply.
Point of information: Yahoo has a cached copy of the directory with an entry at least as late as:
25.minutes.to.go.wmv 28-May-2008 12:18 6.3M movie
So either Yahoo has a problem with robots.txt, or the robots.txt file was configured incorrectly.
I suspect there wasn't a relevant robots.txt file.
http://web.archive.org/web/20070629190035/http://alex.kozinski.com/robots.txt
has only:
User-agent: *
Disallow: /jurist-l/
FYI: Your posts aren't broken into paragraphs when I view your feed in Google Reader, they are just long blocks of text. It makes longer posts like this one hard to read.
Professor Lessig is absolutely and exactly right, this is an excellent post. This issue has been allowed to be framed in entirely the wrong way, and it shows no signs of stopping. Anyone just slightly paying attention is left with the impression that the Judge was hosting a pornographic "website," and articles constantly talk about this "web page." He had neither of those things, neither a "website" or a "web page." It's a shame that the LA Times ran with this story, and a shame that it has become what it has become.
It's a damn shame that this blown up like this. I hope that it blows over quickly for Judge Kozinski.
@Aaron:
If you put your HTTP server on the internet without access controls, it's public. A robots.txt is an intent to keep out robots not people. To me it's the difference between putting a "No robots allowed" vs a "No trespassing" sign on your property.
The willful act of digging up dirt is wrong and I don't want to defend that, however it's an important lesson that a lot of people on the internet forget. If you put something on the internet, sooner or later it will be found, and the outcome may be negative. It's like living with big windows on a house on a busy street, sometimes you need to be wary of making sure the blinds are drawn.
Prof. Lessig ,
How is it you have so many more details about this than anyone else? And why is your account so different than the one here?
http://www.latimes.com/news/local/la-me-kozinski12-2008jun12,0,6220192.story
Kozinski generally refuses to hire female clerks. And the reports about the pictures at the site made them sound degrading. Would your analysis be the same if his web pix were of men in blackface eating watermelon?
Kozinski isn't accused of possessing obscenity but only pornography.
It's very telling that people have a problem with a judge who views pornography judging obscenity (because he may be biased) but then they subtly don't mention that someone who doesn't view pornography may be biased in the opposite direction. People aren't worried about bias, they're just worried that the bias match their own bias.
If Kozinski had breached obscenity laws then this might have more force but, in reality, all that has happened is that someone has undertaken a legal action in private. Some people don't like this action so they try to make it sound like there is a legal problem rather than just a moral debate.
P.S: Regarding - "... the total inability of the media -- including we, the media, bloggers -- to get the basic facts right, and keep the reality in perspective. The real story here is how easily we let such a baseless smear travel - and our need is for a better developed immunity (in the sense of immunity from a virus) from this sort of garbage."
As has been repeatedly pointed out, this is an inevitable outcome of a system where attention and marketing are much more supported than truth and thoughtfulness.
Now consider that many, many, A-listers around you have built their careers on emotional manipulation, and consider popularity-mining by a small elite to sell mass audience to advertisers as the path to riches (and promote this as "democracy").
There's a problem here :-( .
See also a column I wrote a while back on an earlier sensational case: "This was the familiar trial by media, and was no better for taking place on the web than elsewhere."
Thanks for shedding some more light on this - the Chinese whispers affect of the media always amazes me! We heard on the radio this morning, in New Zealand, about this 'judge in America found hosting a pornographic website even featuring beastiality' The radio host even went as far as saying 'you couldn't make this stuff up'.
The media whirlwind spins far and fast. People want to hear shocking, awful or just weird stories in the news. If they are fact or fiction often doesn't seem to matter to them....
If the above YouTube video is rated as bestiality, then I should be called an "astronaut"
I've been surfing the Internet for more than a decade now, and seen most (if not all) faces of it.
The only thing that still truly amazes me, is how much people can distort reality to achieve their ends...
"It's very telling that people have a problem with a judge who views pornography judging obscenity (because he may be biased) but then they subtly don't mention that someone who doesn't view pornography may be biased in the opposite direction. People aren't worried about bias, they're just worried that the bias match their own bias."
I totally agree with Adams here.
I don't see we should anybody bother with somebody's personal life, as long as they do their job right.
And yes, I believe an undisclosed directory on a web server *is* personal...
Lessig writes: The site was not "on the web" in the sense of a site open and inviting anyone to come in. It had a robots.txt file to indicate its contents were not to be indexed.
Robots.txt is a voluntary access control mechanism, but it does not prevent resources from being "on the Web" in any sense. The document describing the robots.txt standard refers specifically to web robots. Robots.txt was not intended to apply to interactive web browsers. It is roughly analogous to a sign one might find beside a residential street: "No trucks except for deliveries." The street is still a part of the road network, even if some vehicles are asked not to visit.
Another example is the form I'm typing this into. It has an accompanying CAPTCHA form to identify robotic spam submissions. Blocking these robots doesn't effectively take the submission form off the Web. If one wants to avoid public access to a Web resource, there are access control mechanisms which can do that. Passwords are one example; robots.txt is not an example.
Did you know that there is nothing in the Code of Professional Conduct in California which says that lawyers and judges cannot lie? Nowhere is that prohibited by their code of conduct. Nowhere.
It's fairly obvious who's in the tank for whom here.
"The real story here is how easily we let such a baseless smear travel ..."
The smear isn't baseless. According to pictures I saw on Patterico.com which purport to come from Mr. Kozinski's hard drive, there was one showing a child suckling a catholic priests penis.
I maintain that this is obscene, and therefore, illegal. The judge should be arrested so that we can have a trial to determine whether he broke the law.
The ONLY way that you can determine if something is obscene is to have a trial. Having your lawyer claim it's not obscene isn't enough. Judge Kozinski and his cohorts in the Judiciary have created the laws about obscenity, and they have decided that you cannot possess anything that, after the fact, a jury decides was obscene.
So, the only way we can know if Judge Kozinski possessed obscenity is to have a trial.
His objectivity is easily questioned, now. Therefore, he is not fit to judge the trial he has "paused."
These are not baseless claims. The photos are real child porn, they are disgusting and in my opinion, obscene, and we should try Mr. Kozinski using the laws he and his fellow judiciarians impose on the rest of us ... an after-the-fact determination to determine whether you broke the law based on the mere opinion of whoever is in your jury pool.
Because the LA Times story is misleading? Because other facts have been disclosed since it was published but before Professor Lessig posted? What are you suggesting?
One example (which was addressed by Prof. Lessig, actually): the LA Times story characterizes one video as, "a video of a half-dressed man cavorting with a sexually aroused farm animal." This implies the video contains bestiality. In fact, it's what Professor Lessig said: a guy in a field with his pants down attracts the unwanted attention of a donkey. It may not meet your definition of humor, but it's clearly not pornography.
The story is reprehensible, and the LA Times should issue a correction. Not that it will do any good to a substantial number of people who will remember only that Judge Kozinski had pornography on "his website."
You failed to mention that one reason this story "has legs" is that the judge serves on the infamous 9th Circuit court (if a reader doesn't instantly recognize why that fact is relevant then never mind this point). Also, nice try on the donkey bit. As I remember, the actual allegation was of the presence of a video showing a woman sticking her head into a cow (from memory, I haven't checked this fact).
The technique of substituting an easily refuted straw man for the real allegation is commonly used by those who care more about defending their point of view than sticking to the truth. Have you knowingly done that here?
Prof. Lessig, your analogy about the lock & the den is laughable.
You cannot possibly employ a metaphor that implies that Kozinski had these materials "locked" way when the site was *not* password-protected.
If you read Sinai's comments to the posts at Patterico & others to your post here (Seth F.'s), it is clear that performing routine searches with generic search engines revealed the contents of the Kozinski's site. A Russian mp3-sharing site linked to the directory on Kozinski's site containing AK's mp3. It is simply & absolutely ridiculous to compare AK's site to a den in a locked house with a locked window.
At best, this situation is akin to somebody leaving their objects/porn on the sidewalk in front of their house.
See also this post: http://blog.wired.com/27bstroke6/2008/06/judges-web-site.html
"It's also come to light that included amid the sexual material posted on the judge's site more recently were MP3 files of copyrighted songs by Weird Al Yankovic, Johnny Cash and Bob Dylan.
According to the source who found the MP3 files on Judge Kozinski's site, at least one of the MP3 files was being traded through a file-sharing site that linked to Kozinski's subdomain where the song was stored, raising questions about whether the judge was in violation of copyright laws if anyone downloaded the music from his site. Three Ninth Circuit Court judges ruled last year that just making copyrighted works available may be a violation of copyright laws."
"The smear isn't baseless. According to pictures I saw on Patterico.com which purport to come from Mr. Kozinski's hard drive, there was one showing a child suckling a catholic priests penis."
Well, obviously any site that claims to have pictures from the judges hard drive has to be telling the truth. 'nuff said.
Your analogy is spot on, Lessig. Just because not everyone has the technical knowledge to protect their own domain doesn't mean that their right to privacy is voided. To me, even if he displayed the (completely legal) pictures openly (while taking proper precautions to make sure kids wouldn't access it, etc..), it wouldn't matter. These are legal documents, made by an adult, for an adult's enjoyment.
Fido, a dog, sits on edge of the public road. He's leashed to the nearby porch of his owner Alice's home.
Alice, the dog's owner, wants to communicate with her friend Bob. She'd like to do this discreetly, but doesn't want to go to much trouble. She buys a dog food bowl for Fido, fills it, and places it on the road. She tells Bob that she'll put notes under the bowl and that he should do the same. They communicate over a few months, passing notes by leaving them under the dog food bowl.
Eve, no friend of Alice's, happens to be walking down the road one day. She notices the dirt around the dog food bowl appears unusual, as if someone had reached under the bowl. Curious, she picks up the dog food bowl carefully and finds a note from Bob to Alice containing some questionable material. She takes her camera and snaps a picture of it, then carefully replaces it and goes on her way. She then contacts the local press and shows them her picture of the note, and tells them where to go see the note themselves.
--
I find that analogy closer to the mark.
Alice = Yale Kozinski
Bob = Judge Kozinski
Eve = the disgruntled litigant
the dog food bowl = the unlinked directory
the note = the questionable images
the disturbed dirt = the directory structure/misconfiguration of the server
the edge of the street in front of the house = the web server
the street = the wider internet
The edge of the street in front of one's home isn't exactly a public place, nor is it exactly a private place, just like a web server. The place under the bowl of dog food isn't exactly obvious to the public, but a careful observer will notice that someone's recently picked up the bowl by looking at the dirt. A curious observer will pick up the bowl herself, thus "hacking" the security of the bowl (nothing more than obscurity, but security nonetheless).
Thanks for the summary, Prof. Lessig.
I think there a two, more fundamental, issues we're all going to struggle with as we move our ethics online.
The first is that of positive and negative rights. The judge has a right not to be researched in those places where he feels he is private, and particularly those unrelated to his public persona. In this case, the fact that the server was readable doesn't mean he intended to share the materials; it was a misconfiguration. His right not to be interfered with would seem to outweigh the public's right to information in this case.
The second is that of "decency." A playboy on the table might seem boring to some, outrageous to others. Since the Internet broadens the community of standards to the whole world, effectively, someone's predilections are compared to those of the entire online planet. Today, we work on a consensus basis, unfortunately -- a minority of vocal objectors set the tone for the "community." Hopefully this will change as we learn to coexist.
But in this case, the two are related. The judge probably agreed that the content he had on the server was acceptable to its intended community. By extracting that information and displaying it to a wider community, the litigant changed the scope of the intended community and revised its "implied decency." The act of changing intended community by a third party does not, in my opinion, constitute an agreement by the owner of that material to do so.
And it's this "scope of outrage" we're dealing with.
You cannot possibly employ a metaphor that implies that Kozinski had these materials "locked" way when the site was *not* password-protected.
So if you accidentally leave your bedroom curtains slightly open, I have the right to stand at your window and watch you all I want. If I can see something, it must be public, right?
Excellent post, Professor Lessig.
The claim by a commenter above that Judge Kozinski has some aversion to hiring female clerks is absolutely false. He currently has two out of four female clerks, and during one term a few years back all three of his clerks were female (and if memory serves, all three went on to Supreme Court clerkships). Nor are those the only female clerks he's had over the years. Judge Kozinski clearly has (and has never hidden) a taste for offensive humor, and he doesn't care who is being offended. But the efforts in some quarters to equate a fondness for dirty jokes with "misogyny" is pernicious and baseless.
I have to agree with David desJardins. A server that responds to valid HTTP requests from the open Internet is by definition publicly accessible. If you want to limit access to such a server, there are a multitude of tools available for that purpose. The fact that you need to enter a URL manually to access a particular resource is merely obscure, not secure (see Schneier).
This fact makes the "den window" analogy less effective. A better analogy would be the back room of a retail shop. The shop is privately owned by the shopkeeper, but the front of the shop is obviously open to the public during business hours. The shop has a back room, that is off limits to the general public, so the shopkeeper puts in a door with sign saying "Employees Only". If the sign accidentally falls off of the door, and a customer wanders into the back while looking for the restroom, are they trespassing? Probably not. If the same customer finds a Playboy magazine on the table in the employee break area, should he run to the media and exclaim that the shopkeeper is a sexist beastophile? Again, probably not.
I agree with Larry's main point that the media has blown this story way out of proportion with very few facts. But sensationalizing the actions of the instigator will only cloud the issue further.
"The smear isn't baseless. According to pictures I saw on Patterico.com which purport to come from Mr. Kozinski's hard drive, there was one showing a child suckling a catholic priests penis."
Wrong. The pictures at Patterico show
1) A halloween costume in which a doll is attached to the front of a priestly frock.
2) A stained glass window, theoretically commissioned by the church itself.
You may not find either funny, but neither depicted an actual child sucking on a catholic priest's penis. Both are a reference to the catholic scandals, but they are neither pornographic nor obscene.
(IMO, the stained glass window is absolutely hilarious.)
Slight digression on an interesting thread . . . Angie Lacross says, "Did you know that there is nothing in the Code of Professional Conduct in California which says that lawyers and judges cannot lie? Nowhere is that prohibited by their code of conduct. Nowhere."
I don't think that captures the reality. California is an unsual state in that it has dual regulation, by legislative statute and by judicial rule making. Our first rule quite sensibly says that California lawyers are bound by the legislative statute, which we call the State Bar Act (Cal. Bus. & Prof. Code sec. 6000, et seq.). Section 6068 says that as to matters they're working on, lawyers shall employ such means only as are consistent with the truth. Section 6106 forbids any act involving moral turpitude, dishonesty or corruption, whether or not committed in the course of a legal matter. In addition to those catch-all provisions in the State Bar Act, the California Rules of Professional Conduct forbid a number of specific sorts of lies (e.g., in bar admissions, when communicating with the tribunal, etc.).
Professor Lessig's analogy is just wrong and the analogy is the basis of the defense of Judge Kozinski.
The HTTP directory isn't concealed behind a door. It's not concealed behind a wall. There is no mangled lock. It's open to the Internet(airspace) we all breathe. The http directory is the equivalent of attaching everything in Kozinski's den to the back of an airplane and flying it around in the sky for all to see. You just have to look up.
If I posses a single ak47 in the trunk of my car, that is locked, and within it a locked gun case, containing said ak47, am I publicly transporting a fully automatic rifle or is it none of your fucking business?
Professor Lessig has taken a dive into an empty pool. No amount of water thrown in that pool after the jump is going to save him.
I don't wish to wade into the Kozinski story here, but I do join those who reject the analogy between an unlocked house and an unlocked web site. The Internet is a public, shared medium, and people ought to operate under that presumption at all times. There are a variety of measures available to secure web sites, control access, and the like. What is more, circumventing such security measures is already illegal.
Your account is dishonest, Mr. Lessig. If you are going to criticize someone else's judgment about what is newsworthy, you at least owe it to them to present what they think the news is because that is what they used to judge the newsworthiness of the story. By presenting only your own unique version of events as the undisputed truth, you mislead your readers.
In particular, the people who have found this newsworthy believe that Kozinki's site was originally open and searchable as a normal part of the web and that he only closed it down recently during an ethics investigation. Also, you have completely ignored the pirated MP3s being shared on the site, which Patterico and others have considered the primary news. Also, the files seem to be under Kozinski's personal directory --not just the family directory as you imply-- and Kozinski originally admitted to uploading them himself. Finally, the files show that Kozinski seems to enjoy and share pornographic (or obscene) humor which mocks Catholics, women, and other groups. This isn't just embarrassing material, but the kind of material that has gotten people which much less responsible positions fired.
You may dispute the newsworthiness of this story if you wish, but please have the integrity to explain to your readers why anyone thought it was news.
Kiaser: There's a difference between publicly accessible and a public place. The phrase "public place" has its own meaning in law. Most relevantly here, no expectation of privacy exists in a "public place." But something can be publicly accessible without being a public place; leaving the door open to one's house makes it technically publicly accessible without transforming it into a public place.
I also agree that the media has blown this out of proportion, but I note that that's what the media does, because sensationalism sells far better than normalcy.
As Chesterton wrote long ago: "It is the one great weakness of journalism as a picture of our modern existence, that it must be a picture made up entirely of exceptions. We announce on flaring posters that a man has fallen off a scaffolding. We do not announce on flaring posters that a man has not fallen off a scaffolding. Yet this latter fact is fundamentally more exciting, as indicating that that moving tower of terror and mystery, a man, is still abroad upon the earth. That the man has not fallen off a scaffolding is really more sensational; and it is also some thousand times more common. But journalism cannot reasonably be expected thus to insist upon the permanent miracles. Busy editors cannot be expected to put on their posters, “Mr. Wilkinson Still Safe,” or “Mr. Jones, of Worthing, Not Dead Yet.” They cannot announce the happiness of mankind at all. They cannot describe all the forks that are not stolen, or all the marriages that are not judiciously dissolved. Hence the complex picture they give of life is of necessity fallacious; they can only represent what is unusual. However democratic they may be, they are only concerned with the minority."
No. There is no valid analogy you could make that would indicate a non-password-protected file server availiable through http requests constitutes a private space in any way. As previously mentioned, robots.txt is a preventative tool against automated access, not personal access. All Judge Kozinski had to do to make it private was password the server, but he chose not to do so. His ignorance as to how the internet works is no defense - it is not the perception of privacy that matters, but rather the actuality thereof.
I would analogize this to the Kozinski family's leaving the front door open while they're home because it was hot. Nobody would expect strangers to wander into the house uninvited, and help themselves to whatever they found there. Other commenters seem to be arguing that doors should be double bolted at all times, except when actually entering or leaving.
Back in 2005, several business schools denied admission to students who "hacked" into their admissions system.
How did they "hack?" They changed the URL, taking advantage of a bug in the server's code to see whether or not they had been admitted several weeks before they official notification date.
See: http://blogs.law.harvard.edu/philg/2005/03/08/business-schools-redefine-hacking-to-stuff-that-a-7-year-old-could-do/
One could make a similar argument here: The disgruntled litigant "hacked" Yale Kozinski's web server by taking advantage of a "bug" in the configuration to access files he never should have been able to access. This "bug" is akin to Prof. Lessig's faulty lock on the window.
The key question as I see it is whether a web server is a "house" -- a private space that is only open by invitation or whether it is something else. I'd argue it is something else, more akin to a means of publishing than to a place.
Another illustrative situation:
Alice moves into an apartment. She finds an unsecured wireless network and uses it, surmising that someone has provided it as a public service. Little does she know that it is only public because Bob, who set it up, lacked the technical skill to make it private. Is Alice stealing from Bob? Suppose she torrents so much that it degrades Bob's network quality. Does that make a difference? Does Bob have a duty to secure his wireless network, or is there an expectation of privacy upon finding an unsecured wireless network? Should Alice have determined the owner of the network and asked permission before using it?
I'm amused by the arguments that hacking into a personal a site, which is specifically set up not be be spidered by search engines, and then publishing the contents in order to embarrass the owner, is anything other than an invasion of privacy.
I'm amused by the arguments that hacking into a personal site, which is specifically set up not be be spidered by search engines, and then publishing the contents in order to embarrass the owner, is anything other than an invasion of privacy.
No, Tony, we are arguing that attempting to draw comparisons between a web site and someone's house is flawed from the start. With a house you start with a presumption of privacy and private property, and the locks only serve to deter criminals. With a web site you start with a presumption of public access, and the locks serve to control access by anyone, criminals and non-criminals alike.
I'm amused by the arguments that hacking into a personal site, which is specifically set up not be be spidered by search engines, and then publishing the contents in order to embarrass the owner, is anything other than an invasion of privacy.
I'm amused by the arguments that hacking into a personal a site, which is specifically set up not be be spidered by search engines, and then publishing the contents in order to embarrass the owner, is anything other than an invasion of privacy.
Where "hacking" involves typing in a URL. Where the contents have been already been published (albeit obscurely) via upload to a publicly-accessible directory on a web server connected to the Internet, without any obstacles to access. What privacy has been invaded?
I'm glad you're amused, Bruce. I, on the other hand, am amused be people who place such significance on the robots.txt file. For instance, from the Web Robots FAQ:
Even that analogy isn't perfect, because it fails to take into account that 1) the Web is a public medium to begin with, and 2) the robots.txt file is in no way designed to be read by or respected by human web surfers.
So a slightly better analogy might be to think of a robots.txt file as a "No Entry" sign posted in an otherwise public place, written in a language that you can't understand.
You have been talking about two rather innocuous and definitely not obscene photos that were available trhgouth Judge Kozinski's web page. There was a lot of other stuff there, too -- at least according to the links that appeared yesterday in Howard Bashman's How Appealing website. One was a photo of a young man fellating himself, and Judge Kosinski was quoted on NPR last night (June 12) as saying that he found that photo to be "amusing" There was also a slide show of several very attractive androgynous persons, and the viewer was invited to guess whether they were male or female -- and then the answers were given, with the most graphic photos.
I have no objection if Judge Kozinski wants to amuse himself by looking at such photos, but if this had been a liberal judge appointed by President Carter or Clinton, imagine the furor that would have emerged! Fox "News" would have been running with it, non-stop. The right wing blogs and all the other guardians of public morality would have had a field day.
Let's try that again (admin: please delete previous post).
>Your analogy is spot on, Lessig. Just because not everyone has the technical knowledge
> to protect their own domain doesn't mean that their right to privacy is voided
If I don't have the skill to file my tax return correctly, I get fined. If I don't have have the skill to keep from getting into an accident with my car, I won't be allowed to drive. If I don't know that leaving contraband in "plain sight" of a cop looking in my window gives him probable cause to search my house, I still go to jail. So why is it any different with some ignorant old bastard and his website?
I don't know what was on the website; Lessig says merely that it was nothing illegal. Nor does he tell us what the defendant who went to the media was being tried for -- maybe also nothing illegal. Remember these are the same people who want to go through your hard drive at the border. They should at least be held to the same horseshit standards they impose on everyone else. But I agree: it'd be best just drop the whole thing.
-Carl
Do we know for sure that the YouTube video is the "half dressed man cavorting with a sexually aroused farm animal?" If so, I think the reporter's description is beyond misleading.
I have a hard time describing what that man was doing as "cavorting." The choice of that particular word, and the description of the man as "half naked" and the donkey as a "farm animal" seem almost deliberately chosen to falsely suggest bestiality. Most people (including me) seem to have read it that way. I assumed the reporter was using vague language to avoid writing something not appropriate for the newspaper. But the reporter could just as easily have written "man being chased by a sexually aroused donkey."
I feel like I was lied to.
Let's try that again (admin: please delete previous post).
>Your analogy is spot on, Lessig. Just because not everyone has the technical knowledge
> to protect their own domain doesn't mean that their right to privacy is voided
If I don't have the skill to file my tax return correctly, I get fined. If I don't have have the skill to keep from getting into an accident with my car, I won't be allowed to drive. If I don't know that leaving contraband in "plain sight" of a cop looking in my window gives him probable cause to search my house, I still go to jail. So why is it any different with some ignorant old bastard and his website?
I don't know what was on the website; Lessig says merely that it was nothing illegal. Nor does he tell us what the defendant who went to the media was being tried for -- maybe also nothing illegal. Remember these are the same people who want to go through your hard drive at the border. They should at least be held to the same horseshit standards they impose on everyone else. But I agree: it'd be best just drop the whole thing.
-Carl
Where "hacking" involves typing in a URL. Where the contents have been already been published (albeit obscurely) via upload to a publicly-accessible directory on a web server connected to the Internet, without any obstacles to access. What privacy has been invaded?
So if I know the address to your home because it's in the phone book, and you didn't properly install the lock on your front door, your home is not a private place.
You have been talking about two rather innocuous and definitely not obscene photos that were available trhgouth Judge Kozinski's web page. There was a lot of other stuff there, too -- at least according to the links that appeared yesterday in Howard Bashman's How Appealing website. One was a photo of a young man fellating himself, and Judge Kosinski was quoted on NPR last night (June 12) as saying that he found that photo to be "amusing" There was also a slide show of several very attractive androgynous persons, and the viewer was invited to guess whether they were male or female -- and then the answers were given, with the most graphic photos.
I have no objection if Judge Kozinski wants to amuse himself by looking at such photos, but if this had been a liberal judge appointed by President Carter or Clinton, imagine the furor that would have emerged! Fox "News" would have been running with it, non-stop. The right wing blogs and all the other guardians of public morality would have had a field day.
Rereading everything I think I understand Prof. Lessig's point better.
"Decent people -- and publications -- should say shame on the person violating the privacy here . . . We need to extend some of that obsession to the increasingly common violations by private people against other private people."
Violating the privacy doesn't mean violating the law, but instead violating social convention, so called norms of privacy.
Prof. Lessig argues, I believe, that poking around on someone's web server ought to be viewed upon distastefully, as distastefully as poking around in someone's house is viewed today. He is not saying that a web server is a house, but rather he is saying that just as we frown upon poking around in someone's house, so too we ought to frown upon poking around in someone's web server. Security, or lack thereof, is not the question. The mere fact that the directory was obscured ought to indicate, to decent people, that we shouldn't peek inside of it.
No, because unlike the Web, your home is private property.
Oops, sorry, my last comment was directed at Jim Treacher. Posts are coming in fast here!
Lessig writes: it was plain beyond doubt that this was not intended as a public place where anyone was invited to come and browse.
That is not at all clear to me. Many of the facts alleged in Lessig's original posting appear not even to be true. Other relevant facts are not yet known to anyone. If there is an investigation, that will help to determine how the site was intended and how it was used. For example, examining the server logs will reveal a lot about who was using the site, what other sites linked to the site, and so on.
This is what seems likely to me (and it differs quite a bit from what Lessig asserts): It seems likely to me that Judge Kozinski was aware that anyone who typed the URL http://alex.kozinski.com/stuff into their web browser would have access to all of these files. It also seems likely to me that Kozinski shared this information with other people on whom he placed no duty of secrecy. Taking those facts together, I would conclude that he had no reasonable expectation of privacy, that he knew that random people could well gain access to his site and (at least) took no steps to prevent that.
It's possible this is not true. For example, it's possible that he really thought the files were only accessible from the one computer they were stored on, and not to the public at large via the WWW. So I have an open mind to what the investigation might find. But the facts, at the moment, don't seem to be pointing that way.
The Wall Street Journal story Judge Requests Investigation of His Conduct says it well: Legal-ethics professors said the main concerns should be whether the judge took sufficient steps to make sure the material wasn't accessible, and whether and to what extent it was disseminated. These are reasonable questions, to which we don't have all of the answers. Lessig's assertions of a particular answer to these questions (especially when the facts supporting his conclusions don't even seem to be true) make him seem more of an advocate for Kozinski than an impartial commentator.
No, because unlike the Web, your home is private property.
Prof. Lessig wrote: "My only point is that it was plain beyond doubt that this was not intended as a public place where anyone was invited to come and browse. Norms of privacy should therefore apply."
I see that as saying that even though Web isn't private property, a Web site is not a public place (in the legal sense), and as not a public place, there _is_ an expectation privacy -- therefore social normals of privacy should apply. And these social norms _should_ frown upon poking around in obscured directories.
Unfortunately for Judge Kozinski, not everyone shares Prof. Lessig's conceptions of the social norms of privacy surrounding web sites.
For a better illustration of social norms see http://www.huffingtonpost.com/david-weinberger/facebooks-privacy-defaul_b_72687.html -- in particular:
"Why? Because privacy is not just about information. It's all about the defaults.
If a couple is walking down the street, engaged in deep and quiet conversation, it certainly would violate their privacy to focus listening devices on them, record their conversation, and post it on the Internet. The couple wold feel violated not only because their "information" — their conversation — was published but because they had the expectation that even though their sound waves were physically available to anyone walking on the street who cared to listen, norms prevent us from doing so. These norms are social defaults, and they are carefully calibrated to our social circumstances: The default for sidewalks is that you are not allowed to intercede in private conversations except in special circumstances. The default for showing up at a wedding party is that they can ask whether you're with the bride or groom's party, but they can't ask you to show a drivers license. The default at some schools is that your grades will be posted on a public bulletin board and at others that they will not. When we violate these norms, various forms of social opprobrium ensue. We even have special words for different types of violations: eavesdropping, being nosy, being a blabbermouth, etc. "
No, because unlike the Web, your home is private property.
But it's on a public street.
at least one of the MP3 files was being traded through a file-sharing site that linked to Kozinski's subdomain where the song was stored
So the Kozinskis who are not savvy enough to password protect their file directories, are yet savvy enough to make all 14 of their MP3 files available for sharing, to fill the pent-up demand for Mickey Katz singing 16 Tons, and Tom Lehrer's celebration of Hanukah in Santa Monica? My question is did they need to do this themselves, or could it be done by a website visitor, perhaps carrying a grudge against the judge?
dominik, your restatement helps me understand his point better (assuming you've restated it accurately). And I think it's something I could work with but I think it's incomplete, and naively so.
The flip side of the coin here is that there are countless stories of people who place undue expectations of privacy on content that they publish out in the open on the Web. Judge Kozinski's case may indeed be one of those where we ought to have more sympathy to the "victim", but how often do we hear about people posting racy pictures or inappropriate content on their MySpace or Facebook sites, only to be shocked (shocked!) when their employer finds it and considers it bad for business?
As my comments here indicate, I believe that attitudes about the Web must start from a presumption of public access. At this point, I don't have much sympathy for naivete on this issue. If you are the least bit worried that something might be viewed by people other than those you want, do not put it on the web without true authentication measures in place. Period! If you don't try to lock it down, it ain't locked down. And a robots.txt file doesn't do it.
Perhaps there are some developments that can be made to make authentication and security more accessible to the average user. Perhaps web site builders could be configured by default with a restrictive robots.txt file, no directory access, etc. etc. so that people have to learn to unlock things to provide more access to people.
But once that attitude is in place, then frankly I think stories like these pretty much go away. And when a similar compromise does happen, then we'll find it far easier to sympathize with the victim and against the hacker, because after all, reasonable security measures had been taken.
But it's on a public street.
Uhh, yeah. So what? That's supposed to make your house/web site analogy valid... how?
Lessig you're still doing what you complain about at the start of the post.
There was no hacking. Who ever set up the server left the directly publicly accessible. That's a fact. If they didn't want the public to look at the stuff directory they should not have made it _publicly_ accessible_. Web servers ship with security. If you don't want strangers looking at your stuff then use the security features provided.
Robots.txt is meaningless. Who cares if it had said file. I don't have to obey it. It's there so stuff wouldn't be indexed by crawlers and it appears it wasn't.
Uhh, yeah. So what? That's supposed to make your house/web site analogy valid... how?
Uhh, because anyone can get to it anytime they want. And if they're obviously not invited, apparently it doesn't matter because they can still get in. It's not as solid as the argument that "My home is private because it's private," admittedly.
"young child wearing only a diaper, forced to dance a sexually suggestive cha cha"....
...this is evidently how the LA Times would describe the digitally rendered dancing baby that was widely seen in the late 90's.
I would have a lot more respect for this "righteous" outrage if everyone didn't recognize the majority of these pictures from the description. Didn't everyone get the "halloween costume" forward with the Catholic priest outfit and the cow-painted woman? Or the one with the hilarious tatoos?
Maybe your "righteous" outrage is really more related to your loneliness because no one ever sends you any of these chain emails. Get out. Meet people. Form a support group for people with hypocritical outrage syndrome.
Jim: through both law and tradition everyone who goes to your house via a public street knows that they cannot enter your house without your permission. Heck, if you tell them to, they have to get off of your driveway, too. Not so with the web; on the contrary, it is by design and by default a public forum. If you want to carve out a private area, there are a variety of means by which you can do so; but it is not private by default. Indeed I would argue that the explosive growth of the web has depended upon the presumption of public accessibility. Imagine having to read the terms of service of every web site you ever happen upon, whether it is through a deep link or a search engine result or a link your friend emails to you, to make sure that you have permission to access the site. (For that matter, a presumption of privacy would effectively put an end to deep linking.)
My question is did they need to do this themselves, or could it be done by a website visitor, perhaps carrying a grudge against the judge?
That's unlikely, it is far more probable that it really was a configuration screwup. It's very easy to accidentally leave a directory on a server unsecured, I've done it myself. And I've been a professional computer geek for about a decade.
The commenters above pointing out that robots.txt is irrelevant to humans are correct, that file is specifically intended to tell search engines to stay out of specific areas, not people. And some search engines do not obey robots.txt.
As far as the content is concerned, it may be shocking to some, but I daresay it's offensiveness is being greatly exaggerated, possibly by someone with an axe to grind. Patterico has some of the images, and most of it is stuff that was being passed around as joke email attachments in the late 90s. The picture of the guy fellating himself is very solidly in that genre- the presentation spoofs the old MasterCard 'Priceless' ads, with the punchline "Your brothers revenge on you for years of torment, by posting a "private moment" picture of you on the internet. PRICELESS!!" The rest of the impact of the image is based on the common belief that it is an impossible act.
The women-in-bodypaint pictures are apparently from a European edition of Playboy, and the Donkey video is something that was run on one of those 'funny animal' tv shows- it is not explicit.
This is raunchy humor of a sort pretty much anyone who's been online for more than a year or two will have encountered- not something to brag about, but not something worth breaking out pitchforks over, either.
Actually, rosignol, according to Lessig's own post here the web site was set up for the purpose of sharing these files. This is speculation on my part, but I'm thinking that the offending files were placed in a directory and links to them were sent via email to friends, posted on blogs, etc. It's good etiquette, certainly, not to clog up someone's inbox with 5MB attachments. And I've hosted "orphan" files like these on a web site so that I could embed images into postings on Web bulletin boards.
If my speculation is right then they probably had no intention of preventing public access to the files---assuming you knew what the URLs were. If they'd emailed those URLs to friends, they would have no way of knowing to whom those friends would forward them. If they had embedded those images or videos in blogs, again, they'd have little control over who saw and downloaded them.
They may not have been aware that someone could browse the directory itself (which as you know is something that can be disabled). But if I'm right then it really can't be argued that these files were intended to be completely private, either.
Also, "suckling" is a really funny word to use to describe that act, and the humor of it (unintentional I assume) sort of undermines the faux outrage and demands for a trial.
Also, count me as old-fashioned, but I'm not one of these people who believes that the extent of our privacy depends on how validly we secure our belongings (online or otherwise) against outside intrusion. The Supreme Court is of the opinion that, in leaving you trash on the curb, you have lost most of your right to privacy in the contents of that trash. They arrive at that conclusion thanks to the necessity of following the logic of prior privacy precedent, but you and I know that's plainly ridiculous. I'm sure an informal (or formal) survey would reveal that most people don't think that others ought to be able to rummage around in their trash just because they can't leave it in their backyard for the trash men to pick up or burn it in a pit. Similarly, if you have a collection of documents online that are not necessarily available to the public, are not even put there to be discovered by the public, then it doesn't matter to me whether they are actually accessible or not. A person should expect to have a reasonable right to privacy that they don't intend to make public, and we generally ought to be ashamed of ourselves if we think merely the ability to get to it justifies invading that privacy right.
When Gingrich's cell phone was tapped into by a Democrat, the outcry was against Gingrich's "outrageous" campaign strategy. When a Republican operative found dirt snooping a Dem's website, the Republican lost his job. Tapping into other's phone was illegal, surfing a website was not.
If the chief judge is a liberal, then the light will be on the hacker.
Suppose I set up a card table in my front yard, right on the edge of my property, along the public thoroughfare. I place a copies of a document on the table. There's no sign saying "take one", but to the casual observer it's clear the documents are all identical copies---and they look interesting. Is it shameful to take a copy as you walk along?
It's very easy to accidentally leave a directory on a server unsecured
According to the source who found the MP3 files on Judge Kozinski's site, at least one of the MP3 files was being traded through a file-sharing site that linked to Kozinski's subdomain where the song was stored, raising questions about whether the judge was in violation of copyright laws if anyone downloaded the music from his site.
Then, if I understand correctly, leaving the subdirectory unsecured was sufficient for the file-sharing site to discover the MP3 files, index them, and make them available for downloading. The file-sharing site was just a search engine specializing in music files. So I don't see how simply forgetting to secure his subdirectory could make Judge Kozinski a copyright law violator. The files on the server may have been illegally copied of course, or meet some fair use exception even if so.
No, Tony, we are arguing that attempting to draw comparisons between a web site and someone's house is flawed from the start. With a house you start with a presumption of privacy and private property, and the locks only serve to deter criminals. With a web site you start with a presumption of public access, and the locks serve to control access by anyone, criminals and non-criminals alike.
Discussion of "presumptions" are misplaced here. There's no dispute, as far as I can tell, that the Kozinskis intended the site to be private. If they screwed up, as they apparently did, that doesn't change their intention. Now, if you stumble upon something that was intended to be private because of that presumption, then you're innocent of trespassing. But it's not the initial stumbling upon that's at issue here; it's the dissemination of that information.
http://lessig.org/blog/2008/06/the_kozinski_mess.html#comment-25333
Please delete that comment (3:13) asap; it's anonymous, false and slanderous, and misleading to people who might be here and not know any better.
There's no dispute, as far as I can tell, that the Kozinskis intended the site to be private.
I certainly dispute that. While all the facts are not yet in, the evidence suggests that Judge Kozinski knew that the site was fully accessible to the public.
Jim: through both law and tradition everyone who goes to your house via a public street knows that they cannot enter your house without your permission. Heck, if you tell them to, they have to get off of your driveway, too. Not so with the web; on the contrary, it is by design and by default a public forum.
That's the whole point. The only reason I can't just walk into your house anytime I want is because of law and tradition. The whole concept of privacy only exists because enough people agree it exists. The question is, how do we decide whether this material was private? Assuming of course that Kozinski intended it to be, and if whoever dug it up knew it was intended to be. I say it's private because there was the virtual equivalent of a velvet rope across it. You say it's not private because you can jump right over the rope. Which fiction is correct?
There's no dispute, as far as I can tell, that the Kozinskis intended the site to be private.
As do I. As Lessig stated, the purpose of the web site was to share files with people. I offered some speculation above as to what that might look like, but I could be wrong.
Even so, I don't think intention is enough. I continue to maintain that a person's private residence and the Web are different in this regard. You must take active steps to lock down your private content on the Web.
I haven't seen any indication so far indicating any way of proving the site owners were responsible for storing that information on their site, or were aware the information was there. If a disgruntled litigant is determined enough to dig this information up, they could conceivably be disgruntled enough to hack the server and plant the information. Even without such measures, some unauthorized person (a young relative, a guest visiting the home, etc) could have stored the questionable files, or the files could have been inadvertently or mistakenly downloaded as part of other legitimate activities.
How about you? Do YOU know that you don't have a file on your computer that someone else might find objectionable?
The whole concept of privacy only exists because enough people agree it exists.
Agreed. But I would argue (and began to, in that post) that the very construction of the web is founded in an assumption of free accessibility.
The question is, how do we decide whether this material was private?
If they protected it with a reasonable authentication mechanism, or placed it behind a firewall, then it might reasonably considered private. And existing laws handle cases where people bypass those mechanisms to get access to material they weren't intended to have.
Assuming of course that Kozinski intended it to be, and if whoever dug it up knew it was intended to be.
Not an entirely safe assumption, given that the purpose of the web site was for sharing.
I say it's private because there was the virtual equivalent of a velvet rope across it. You say it's not private because you can jump right over the rope. Which fiction is correct?
I say that my fiction is effectively the one in overwhelming practice today. I say my fiction is the one that anyone serious about Internet security assumes is operative. I say that my fiction is fundamental to the explosive growth of the Internet. I say that had yours been in play from the beginning, the Internet would not exist as it is today. I say that your view of the Internet, if implemented today, would have serious consequences for search engines, deep linking, friendly link sharing, and so forth that we all take for granted.