OK, Maybe You Can Be Anonymous And Your Scream Can Be Heard In Cyberspace.

Posted on November 29, 2011 by Paul Stanfield

Hard on the heels of the Doe v. SEC case discussed in the immediately preceding post, another case where anonymity is sought comes through the Northern District of California.  In Art of Living Foundation v. Does 1 - 10, the plaintiff seeks the identity of one of the defendants in an action for copyright infringement, among other things.

The plaintiff is an international foundation that teaches the philosophy of Ravi Shankar, the spiritual leader, not to be confused with famed sitarist, Beatles confidant and Norah Jones' father of the same name.

One of the defendants goes by the online pseudonym of Skywalker and has been critical of the teachings of the Art of Living Foundation.  In addition, Skywalker put one of the manuals used by the Foundation online.  The Foundation sued Skywalker and others for defamation, copyright infringement, trade libel and misappropriation of trade secrets.  The Foundation moved for a subpoena to Skywalker's blog host seeking Skywalker's identity.  Skywalker, anonymously, through an attorney, moved to quash.  The magistrate allowed the subpoena and Skywalker brings this appeal.

The magistrate applied the standard of Sony Music Entertainment Inc. v. Does 1 - 40, 326 F. Supp. 2d 556 (S.D.N.Y., 2004) and found that Plaintiff had alleged a prima facie case of copyright infringement due to the online publishing of the manual, the subpoenas were targeted to obtain information to identify the defendant, Plaintiff had no other means to identify Skywalker, without such identity, it would be prohibitively expensive to conduct discovery and even if Skywalker had engaged in protected speech, he had no expectation of privacy because "the First Amendment does not shield copyright infringement".

On appeal, Skywalker alleged that because his speech concerned a matter of public interest, the Court should apply the more rigorous standard used by Highfields Capital Management L.P. v. Doe, 385 F. Supp. 2d 969, 975-76 (N.D. Cal. 2005).

The Court of Appeals stated that the more rigorous standard in the Highfields case required (in addition to the factors considered by the magistrate) that the court balance "the magnitude of the harms that would be caused to the competing interests" by their ruling.  The Court held that because of the nature of Skywalker's speech (i.e. more political, religious or literary rather than commercial), the Highfields approach balances the parties' interests better than the Sony approach.  The Court also found that evidence of copyright infringement does not automatically remove the speech at issue from the scope of the First Amendment.

The Court found that, to the extent that Skywalker's anonymity facilitates free speech, the mere disclosure of his identity is itself an irreparable harm and that the plaintiff can continue its case, in view of the fact that Skywalker has been participating in the case through his attorney.  The Court quashed the subpoena.

It is possible that the Court would have reached a different result if Skywalker had not removed the manual from his blog because of a DMCA take down notice or if Skywalker had not been actively involved in the lawsuit.  In any event, Skywalker remains anonymous for a while.

Tags: , , , , , , , , , , , ,

In Cyberspace, No One Can Hear You Scream, But They Can Get Your Identity.

Posted on November 21, 2011 by Paul Stanfield

The Securities and Exchange Commission thought that a particular individual was engaged in a
"pump and dump" scheme, which is where bloggers, commentators, anonymous "experts" or others tout a small cap stock on line in forums, chat rooms, etc. and often with false or deceptive material and then when the price gets a bump as a result, the persons doing the touting sell the stock for a profit.

The SEC wanted the identity of the person behind jeffreyhooke@gmail.com and subpoenaed Google to get the information.  Google notified the person and the person (using the clever pseudonym "John Doe") moved to quash the subpoena.  The lower court denied the motion to quash and Mr. Doe appealed. 

The Court found that Mr. Doe had made a prima facie showing that his First Amendment right of free speech was implicated and therefore, the burden shifts to the government to show: (i) the information sought was rationally related to a compelling governmental interest and (ii) the disclosure requirements are the least restrictive means of obtaining the desired information.  The Court found that the government's interest in disclosure (being ancillary to a fraud investigation) trumped Mr. Doe's private interest in anonymity and that the information requested was the least restrictive means available.

Mr. Doe argued that the standard in Anonymous Online Speakers should be applied here instead of the Brock standard.  The Court held that in Anonymous Online Speakers, there was no government interest at issue (i.e. it was between private parties) as there was in Brock and therefore the Brock standard should be applied, i.e. the government did not have to present evidence sufficient to overcome a summary judgment.

The Court overruled the motion to quash and John Doe is anonymous no more.

 

Tags: , , , , , , , , , ,

Move Over Stuxnet, Here Comes DuQu - Son of Stuxnet, Stuxnet 2.0 or Demon Spawn?

Posted on November 4, 2011 by Paul Stanfield

The latest addition to the family of badass malware is DuQu.  DuQu was born sometime in the near recent past but only became obvious to the world on September 1, 2011 when the Laboratory of Cryptography and System Security (CrySyS) notified the world of its birth. 

If the proud parents were to issue a birth announcement it would read something like:

"The Stuxnet family is proud to announce its latest variant, DuQu, named after its propensity to create files with DQ as a prefix.  Born: Sometime lately.  Weight: Heavy.  Breadth: Remains to be seen.  The bouncing baby malware shares a good portion of its mother's (Stuxnet) source code.  Its father is undetermined but likely is a good looking roving nation state with sabotage or corporate espionage on its mind, like Mossad or the CIA, who are also related to Stuxnet, so birth anomalies are possible.  DuQu shares its likely father's fondness for stealth and trickery."

Most experts like Symantec would agree with the announcement's statement on DuQu's lineage but Dell's SecureWorks doesn't necessarily buy it.

Stuxnet has been used to infect the Iranian nuclear program by causing the centrifuges used to purify uranium to exceed their design for spinning speed and destroy themselves.  DuQu seems to extract information and send it to an unknown site.  Although not proven, this blog along with others have surmised that the sophistication of Stuxnet, the targets and the amount of programming resources required point to the involvement of a group of people more technically advanced and well funded than the average virus creator.  We also chronicled Stuxnet's move from being merely menacing to becoming a military weapon.

Anti virus groups are moving to address the issues, Microsoft says it will address the zero day defect that DuQu exploits when it gets around to it but proposes an emergency fix and the "whitelisting" folks like CoreTrace say that they've been ahead of this all along.

As this new arrival grows and spreads, the real purpose and the damage it may do can be assessed but if malware continues to be more sophisticated than some of the applications we regularly use, problems will abound.

Tags: , , , , , , , , ,