X

Police blotter: Antispam activist fights lawsuit

In this week's installment, the Osirusoft list defends suit brought by a firm claiming it was erroneously included.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
See full bio
Declan McCullagh
4 min read
"Police blotter" is a weekly News.com report on the intersection of technology and the law.

What: Antispam activist was sued after he flagged a private investigation firm as a potential source of junk e-mail.

When: California Court of Appeal, Fourth District, ruled on January 11.

Outcome: Antispammer won after the trial court decision was upheld.

What happened, according to court documents:
Stephen J. Jared, who runs a business called Osirusoft Research and Engineering, developed a filter to block junk e-mail from flooding his servers and network. It was a list of open relays, which spammers can use as a kind of jumping-off point to evade detection and bypass types of antispam software.

Jared made this list of open relays available online at no cost, and it quickly became a popular way for system administrators to stem the flow of junk e-mail. At one point, as much as 12 percent to 20 percent of all Internet e-mail was filtered based on the Osirusoft list of open relays. (It's now, however, defunct.)

At one point, Osirusoft was the victim of a distributed denial-of-service attack, which overwhelmed Jared's servers and rendered them inaccessible. Around the same time, Steve Rombom of a private investigation firm called Pallorium claimed his Web site was listed on Relays.osirusoft.com in error.

Rombom sued. As an aside, because this is Police Blotter, we should note that Rombom uses the alias "Steve Rambam" and was arrested by the FBI in June 2006 on charges of witness tampering. The charges were subsequently dropped, according to the Washington Post.

Jared's defense was a bit muddled at first because he hired a lawyer midstream. But he eventually invoked Section 230 of the 1996 Communications Decency Act in his defense.

Section 230 says that no Web site operator can be held legally liable for "any action taken to enable or make available to information content providers or others the technical means to restrict access to material" that the operator considers to be "objectionable." (Spam would seem to qualify.)

The trial judge permitted Jared to rely on Section 230, and ruled that he be let off the hook. On January 11, the California Court of Appeal, Fourth District agreed.

Excerpts from the California Court of Appeal's opinion:
Pallorium claims Jared is not immune from liability pursuant to section 230(c)(2)(B) because he did not block e-mail based on their content, but instead based on the configuration of e-mail servers as open relays. We find no merit in this contention.

Section 230(c)(2)(B) immunizes providers or users of an "interactive computer service" who enable or make available to information content providers or others the technical means to restrict access to "obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not (the) material is constitutionally protected(.)"

Here, Jared testified he received spam concerning "(p)enis enlargement(s), Viagra, Web hosting" and "pornography." Jared created his filter to prevent this harassing and objectionable spam from reaching his servers. Although Jared's filter might have been over-inclusive because it blocked "legitimate" e-mail, section 230 is concerned only with material the provider or user considers harassing or objectionable.

Section 230 imposes a subjective element into the determination whether a provider or user is immune from liability. Indeed, one of section 230's goals is "to encourage the development of technologies which maximize user control over what information is received by individuals, families and schools who use the Internet and other interactive computer services." (? 230(b)(3).) Therefore, whether Jared's filter was over-inclusive is irrelevant so long as he deemed the material to be "obscene, lewd, lascivious, filthy, excessively violent, harassing or otherwise objectionable."

Pallorium contends Jared is not immune pursuant to section 230(c)(2)(B) because he did not provide the "technical means to restrict access" to the specified material. Again, we disagree...

Contrary to Pallorium's assertion, Jared did more than make a list of open relay servers available to the general public. Jared created a dynamic IP space list based on the open relay data he obtained and maintained it as he received updated information. He also wrote software called "RB Check" that allowed him and third parties to test for open relay servers. The software allowed third parties to send Jared e-mails with IP addresses the third party wanted tested. His system would automatically attempt to relay an e-mail message through the server, which would indicate whether the server was an open relay. We conclude Jared made available the "technical means to restrict access" to the specified material. Therefore, the trial court properly found Jared immune from liability pursuant to section 230(c)(2)(B).