Slightly OT: Got a weird one regarding EMail logs and ISPs.

Lisa Kachold lisakachold at obnosis.com
Tue Jun 23 08:09:24 MST 2009 

I took a man (who worked for a famous local porn provider - ISP) to
court for stalking me via XSS tunnel --> sent in links that included
nude photo email after courting from a dating board.  He initiated the
court process by getting a "restraining order" when I told him to stay
away or I would get his work involved (where he had hosted the XSS
exploit I was directed to click on [that immediately showed the
classic XSS behavior "not found" then went on to the site] and added
"functions").  I presented email and logs and a great deal of "proof"
however the domestic civil court was not technically saavy, and could
not see the "proof".  The man in question did not agree to sending me
anything however, the court firmly believed he sent the "arty" nude
email (he had lied to say we were "friends" only - because he was a
great deal younger), but since the court could not understand XSS
tunnel exploits or much beyond that, the whole court process that is
geared to protect against stalking failed.

He took a transcript into court he created of my statements made
during my defensive call "requesting he stop" and I agreed that I said
the things (as any ethical human being would - however I would have
won if I simply lied in court, since in domestic interaction cases,
voice stress "truth" analysis (which is employed in criminal courts,
believe me) fails because everyone is already emotionally stressed).
Since my statements included getting his work involved (who would be
liable - since he was launching his hacks from their equipment), the
court decreed that constituted harrassment from me, since they
strongly designate personal and work as separate, and don't understand
email or computer security.

In the end both parties were "restrained" and his work was notified.

(You all use NoScript when reading email or following links from
strange geek men you meet on dating boards, you hear?)

Again, as already stated, the email in question, as submitted in a
small claim court, is going to be treated as hearsay unless you agree
to having created it.   If the man, under oath, denies having written
or knowledge of an email, it is not going to be considered by the
judge.  The same might be true for everything that is not notarized.

People are afraid of seeing a written statement, and honest people
will state what has been agreed to when it's presented.

They are going to have a fairly hard time proving the email since:

1) Providers don't keep logs as was already said.

While Akamai caches a good deal of "important" data for the feds,
email outside of general watchwords from people not under Level 1-5
interest, is not going to be available.

2) Email can be spoofed.

# sendmail -f georgebush at whitehouse.gov

Or install a version of groupmail (you can configure the header in
lots of ways).

Don't be tricked into reactive responses over a lie.  Ignore the
email, and go on with your presentation of evidence.

And as was already stated, be sure that you ALWAYS get a good front
end contract in place (signed by witnesses or notarized) with a
process greater than "yea, get an email" or "call and I will agree"
for everything that includes any expenditure.  Some companies require
two signatures or a buyin process with a specification sheet
converting expenditures to capital assets or operating expenses, that
is signed by a third.

In the end the way you communicate and conduct yourself, and the truth
that _is_ presented, will deem what the judge responds to more than
what is really fair or right.  Remember there is always deceit and
judges are trained to observe such things better than we are.

Good Luck!  And be sure that you don't chase this error just to be
right.  You are already wrong my friend, give up and go on, but learn
from this!

On 6/22/09, JD Austin <jd at twingeckos.com> wrote:
>  I'm assuming this is small claims court and it's already past mediation.
> I was on the other side of such a law suit - I was suing someone for work
> performed that they didn't pay that they authorized.
>
> I showed up in court with 300+ pages of emails, invoices, etc and he showed
> up with about 10 pages of documentation.  I laid it all out chronologically,
> tabbed it so it was easy to follow and presented one to the judge, the
> defendant, and had one myself (the look on the defendant's face was
> priceless).  It clearly documented what we agreed to, what was paid and on
> what basis, and every other detail required to prove without a doubt that my
> version was the truth.  Each side got to question the other in front of the
> judge and I did a pretty good job of talking the defendant into a corner
> using facts he did not dispute.  It helped that I managed to get the
> defendant angry without getting angry myself. In the end it came down to the
> defendant admitting that he'd received and paid previous invoices and that
> he received and didn't pay the one in dispute.   I won and got paid.
>
> Since then I've had a contract to spell out what was agreed upon and
> screened my clients and who I work with much better.
> Your friend needs to spend a considerable amount of time collecting the
> documents to prove his side of the truth.  Specifically anything that states
> what they actually agreed to.  It might be worth it to split the difference
> considering how much time it takes to prepare.
>
> JD
> --
> JD Austin
> Twin Geckos Technology Services LLC
> jd at twingeckos.com
> 480.288.8195x201
> http://www.twingeckos.com
>
>
> P. J. O'Rourke<http://www.brainyquote.com/quotes/authors/p/p_j_orourke.html>
> - "If government were a product, selling it would be illegal."
>
> On Mon, Jun 22, 2009 at 10:32 PM, Jim March <1.jim.march at gmail.com> wrote:
>
>> Not exactly Linux but then not exactly "not" either.
>>
>> Got a friend who got involved in a business deal that went south, now
>> he's suing.  The guy he's suing sounds like a real winner and is
>> claiming there's a couple grand worth of expenses my friend never
>> agreed to.  Except the guy we'll call "the bad guy" for now has what
>> he claims is an EMail in which my friend authorized the expenses in
>> question.
>>
>> The bad guy has produced this EMail for a court.  It doesn't include
>> header data - just the timestamp received at COX (late Jan. 2009),
>> to/from info (allegedly from my friend's MSN.COM account to their
>> COX.NET account), subject line and text.
>>
>> He says the EMail in question is fake, he never sent it.
>>
>> They could have easily faked it any number of ways, but the header
>> data would of course be much harder to fake, and these guys ain't all
>> that smart.  Right now he's telling the court it's a fake EMail (under
>> oath on his part, sworn declaration) and he's doing a request for
>> document production for the header data.
>>
>> Now assuming he's telling me the truth and he never sent that, I would
>> assume the other side will claim they purged their electronic copy so
>> they have no header data, if they're at all smart.
>>
>> Can he ask his paid ISP (msn bleah on a dial-up account paid to them
>> gag) to show that they have no log for his outgoing mail of that
>> subject line at that time, and that there would be one if the message
>> is fake?  I would guess that as an MSN customer he doesn't need a
>> court order to track data he allegedly sent?  OR if MSN doesn't keep
>> such logs, is it possible COX does and he gets a court order for their
>> logs, would COX keep that kind of thing?
>>
>> Any other thoughts on cracking this?
>>
>> I'm BCCing the friend...
>>
>> Jim
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>


-- 
(503)754-4452
http://en.wikipedia.org/wiki/User:LisaKachold
http://tinyurl.com/44zfgx  http://www.obnosis.com/motivation/

More information about the PLUG-discuss mailing list