howrman
join:2000-07-08
Philadelphia, PA
| Who Accessed His WAP?
I have filed suit against a person who I believe posted defamatory comments on a web site. Subpoenas to the web site and ISP confirm that the comments came from the defendant's IP address. However, the defendant asserts that an unknown person gained access to his unsecured wireless connection and posted the statements.
Any suggestions as to what documents I should obtain to refute this contention? Any way I can establish that the defendant's wireless connection was not unsecured? I've already asked for the defendant's router and WAP logs. |
|
ryanlin2002
join:2009-02-01
00000 | you are suing somebody for something that was posted on the internet? what for?
it will be hard to prove whether that person's wifi is secure or insecure. what if the logs are turned off? then you can't prove anything. |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
| reply to howrman
I've already asked for the defendant's router and WAP logs. The chances are that those logs are not available. Most routers log to a memory buffer, and delete older log records to make space for new ones. And rebooting the router typically erases all logs.
By way of example, there is nothing older than 30 minutes in my router log at present, and what it logs would not be useful in determining whether there was an outside on the network.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.7 |
|
howrman
join:2000-07-08
Philadelphia, PA
| reply to ryanlin2002
The defendant posted comments under my name in which he attributed to me statements that were critical of people with whom I do business. In other words, he wanted to make the people with whom I do business think that I had said derogatory things about them. Presumably, by doing so, he hoped to adversely affect my business.
Since the defendant and I have a history of conflicts, it's hard to believe that some random stranger just happened to come along and use the defendant's connection to post a comment using my name. Nevertheless, I was hoping to find firm proof that the defendant's wireless connection was not accessed by a third party. Can you think of anything other than the router and WAP logs that might do so? |
|
docrice
join:2008-03-31
Fremont, CA
1 edit | reply to howrman
By the time any person of authority is able to gain physical access to the access point, it's possible that the configuration / logging records you're looking for would have been tampered with (that is, the auditing trails erased).
Unless you have neighbors of this individual who has any knowledge about this network or was permitted access to it (in which case they might know about the security config of the network), then you're not going to have any evidence which may be practically admissible in court.
The only other third-party supplier of evidence is the ISP which the other user connects to, but again this assumes that they 1) were logging the traffic you want (presumably unencrypted) and 2) still doesn't prove the supposed insecure configuration of that person's AP. |
|
ryanlin2002
join:2009-02-01
00000 | reply to howrman
ah i see.
ask for the defendent's wireless security configuration to decide whether that warrants his defense.
do you have a lawyer? |
|
howrman
join:2000-07-08
Philadelphia, PA | I am a lawyer and so is the defendant! |
|
voiplover
Premium
join:2004-05-28
Portsmouth, NH | Then you should know that you should be suing for allowing the content to be posted in your name. Without the ISP and website divulging specific info on MAC addresses, you can't even prove that the IP wasn't spoofed. |
|
howrman
join:2000-07-08
Philadelphia, PA
| If you are suggesting that I sue the web site on which the defamatory comment appeared, the Communications Decency Act of 1996 prohibits that. The Act gives immunity to websites that allow third parties to post information where the website does not exercise editorial control over the content. |
|
voiplover
Premium
join:2004-05-28
Portsmouth, NH
 ·callwithus
·Axvoice
| No. I'm suggesting that you sue the same individual, but for allowing his network to be used for the posting.
Sort of like suing the owner of a vehicle that crashes into to you but the driver is unknown because they left the scene????? Unless you can prove that this person was the one that typed the posted material. FAT CHANCE. |
|
howrman
join:2000-07-08
Philadelphia, PA
| I'm not aware of any legal basis for imposing liability on the owner of an unsecured WAP for things that are posted through that connection. In fact, I'm pretty sure that the Decency Act protects them. That's why your ISP isn't responsible for things that you post using its connection.
In reality, I don't think it's going to be very hard to prove that the defendant posted the comment. Given the fact that he harbored animosity towards me, it would be one hell of a coincidence if some stranger just happened to come along at 10 p.m. on a Friday night to access his WAP on the 11th floor of an office building to post something about me. |
|
docrice
join:2008-03-31
Fremont, CA
| reply to howrman
While I'm obviously not a legal expert (or even amateur), I've seen presentations by folks who are more knowledgeable about Internet-related applications of the law and it's not very cut-and-dry most of the time since proving intent based on traditional evidence is rather difficult. Just like in digital forensics, solid evidence is always up for interpretation of credibility since the method of collection, plus how well the forensics investigator is able to defend the collection process plays a hand depending on how the defense / prosecution wants to tell the story. Simple chain of custody isn't enough, apparently from what I'm told.
You might want to check out some Black Hat sessions by Jennifer Granick (I think she works for the Electronic Frontier Foundation now) and she gets right into it. |
|
no_one
@QWEST.NET
| reply to howrman
said by howrman  :I'm not aware of any legal basis for imposing liability on the owner of an unsecured WAP for things that are posted through that connection. In fact, I'm pretty sure that the Decency Act protects them. That's why your ISP isn't responsible for things that you post using its connection. In reality, I don't think it's going to be very hard to prove that the defendant posted the comment. Given the fact that he harbored animosity towards me, it would be one hell of a coincidence if some stranger just happened to come along at 10 p.m. on a Friday night to access his WAP on the 11th floor of an office building to post something about me. I would say something. Then again you now have a track record of sueing.
If it is just a personal comment right or wrong who cares? Get over it grow some thicker skin. If someone say dumps all your private client files on the web that is different. |
|
howrman
join:2000-07-08
Philadelphia, PA
| Sorry if I wasn't clear before as to the nature of the conduct that gave rise to the suit. The defendant posted a comment under my name that was critical of judges before whom I practice. Thus, he wanted those judges to believe that I was publically expressing unprofessional comments about them.
If it was merely a matter of a person expressing opinions about me, I couldn't and wouldn't sue. Opinions are protected free speech. As such, they are not actionable. The problem here is that the defendant fraudulently represented that he was me and he falsely attributed damaging statements to me.
What would you do under these circumstances to seek redress? |
|
docrice
join:2008-03-31
Fremont, CA | I personally wouldn't know where to start since I'm legally ignorant about how to go about such things. I'd check with the EFF though as they might have a much better idea what to do. |
|
PeteC2
Got Mouse?
Premium,MVM
join:2002-01-20
Bristol, CT
clubs:
·AT&T Yahoo
| I do not believe that you will be able to definitively prove the author of the offending emails either way, as not only is proving that his machine was not "hi-jacked", difficult, you further could not prove that someone else simply may have typed that from that site...
However, as there is a proven history of conflict here, and it is known that at the very least, the fraudulent emails originated from his ISP address, I would rather suspect that it is more incumbent on the defendant to prove that they did not originate from him, yes?
After all, this is a civil suit, not a criminal trial.
--
Deeds, not words |
|
lmacmil
join:2001-01-26
South Bend, IN
| reply to howrman
said by howrman :What would you do under these circumstances to seek redress? A couple of busted kneecaps?  |
|
mmainprize
join:2001-12-06
Houghton Lake, MI
| reply to howrman
You follow the trail. If you have found a IP and that point to him as you say, then you should be able to get more proof from his PC. You just need to get the court order to have the Cops or FBI take his PC's and look for the proof. If he did post that info on that web site then the logs on his PC's for web surfing will show that he did go there to that site and on what date. Those log do last for months unlike the personal router logs.
If his router is open than you could hire a hacker to find that info before you go to the courts. But then you will be doing the same things he has done, in a round about way. |
|
stinger
join:2001-03-22
Florissant, MO
clubs:
| The computer's hard drive will have evidence of every activity unless...
1. The hard drive has been low-level formatted or fully formatted using secure data wiping.
OR
2. The owner is as paranoid as I am and has installed electro-magnetic loops around every doorway that can be activated at the flip of a switch, thus destroying any drive or magnetic media that passes through them.
Sorry, must go...the black helicopters are back! |
|
no_one
@maricopa.edu
| reply to howrman
said by howrman :Sorry if I wasn't clear before as to the nature of the conduct that gave rise to the suit. The defendant posted a comment under my name that was critical of judges before whom I practice. Thus, he wanted those judges to believe that I was publically expressing unprofessional comments about them. If it was merely a matter of a person expressing opinions about me, I couldn't and wouldn't sue. Opinions are protected free speech. As such, they are not actionable. The problem here is that the defendant fraudulently represented that he was me and he falsely attributed damaging statements to me. What would you do under these circumstances to seek redress? If the judges know you and the other person then you should be fine. If a judge cannot tell you are telling the truth that you did not post it well something is wrong.
Basically saying if you have strong character and such the judges will ignore the posted garbage.
I mean clients and others are not always happy people with outcomes so rude comments or other type of comments are probably not uncommon. |
|
