« Policy Update | Main | A Few Quick Thoughts on Fair Game »

Noteworthy [Ir]relevance [See Updates]

Just when I was beginning to worry about the relevance of my note topic, something much like it hits the news. [Please see the UPDATES below: it appears that Kos got some of his story wrong.]

According to various links from Kos, there's a potential scandal brewing over the outing of Alan Keyes daughter through her blog. I can't confirm a bit of this, but it seems that a young lady who may or may not be Maya Keyes kept a 'diary-style' site on Xanga, where she posted some rather personal stories which indicate she is a lesbian. According to Kos:

The evidence comes from Maya's very public blog (first discovered by Modern Vertebrate). Xanga apparently allows parts of the site to be "protected" from those not on a special list, but Xanga has poor technology, as some of that protected content can be easily found. For example, here's the post where she hides parts of her site.

(links removed) Now, please note again that I can't confirm any of this. Indeed, it does appear that sites like chillinois are linking to some of these entries by exploiting a very strange security flaw. (The August 21st entry appears on the link but not the main blog.) But at this time of night, I couldn't tell you one way or the other, or how they're doing it. (Yes, it appears to be passing a userid in the URL, but certainly Xanga's security ain't that bad, is it?) Whatever the case, I feel sorry for the blog owner, whoever she is: she's about to get a lot more attention than she bargained for.

But that's an aside: I'm not that interested in 'outing' anyone, and I'd not even mention this if it hadn't been on Kos. (The guy's huge. If he's 'broken' the story, it's out. My silence would have no effect.) I'm interested in the technological question.

You see, I'm looking into the relationship between 'unauthorized access' (as ther term and terms like it are used in the Computer Fraud and Abuse Act) and its courtroom interpretation. I first grew interested after studying the case of Manuel Miranda and the Senate 'hacking' scandal, but wondered if another topical case would ever arrive. To me, this might be such a case (although Xanga might not be covered by the CFAA).

Assume that what Kos says is true: that the security was 'broken.' The question would become how it was broken. It could be by traditional 'hacking': a user figures out how to outsmart Xanga's security. Or it could be by finding a valid user ID and logon, say stealing one from the young lady's friends. Or one might make a Xanga account, email the young lady kindly, and ask her to become part of her 'friends' list. All of these would fall outside my legal problem.

But suppose that the user who first came across this did so knowing that these were supposed to be protected (there's an entry to that respect), but it just so happened that his account was given access it shouldn't have by Xanga's servers. He downloads the information, publishes it on his blog, and scandal ensues. Has he 'hacked' anything, or rather exceeded his 'authorized access?' Or is the operator of the server the one that should be civilly or criminally responsible?

Anyway, I'll have to watch this story, to see how the technical details pan out. Should be interesting.

Update: In case this ever gets back to the young lady in question--unlikely, but stranger things have happened--shoot me an email and I'll be happy to look into making the blog more secure. As I said, I hate that this kind of thing happens.

Update II: Taking a look at it in the cold light of day, it doesn't look like the entries were protected at all, at least from this side. So whilst it might be an interesting hypothetical situation, it's probably irrelevant to my research.

Update III: I spent a few minutes IMing the young lady whose ID is on the blog, and confirmed that there are some protected entries, and Xanga's protection seems to be working. It appears that what chillinois quoted is indeed set to 'public.' Please note that I did not ask for confirmation as to who the person on the other end of the AIM was: first of all, it's not the element in which I'm interested, and secondly, it wouldn't really go any length to determining if this is a hoax.

Update IV: For what it's worth, I just contacted the author of the blog in question and asked her permission to leave this post up. Which makes me feel a bit better about the whole thing, though not much. Most of her site is now being reset to "private." As this looks less and less like a hoax, the young lady has my sympathy: this is probably more attention than she bargained for.


TrackBack URL for this entry:


Having just read this myself and followed a few links I believe that The posts were public She made them private She subsequently made them public again And that's about it. Reading the posts she seems to be pretty much out. Still, I'm not sure that's important in the least. To address your legal wonderings... "But suppose that the user who first came across this did so knowing that these were supposed to be protected (there's an entry to that respect), but it just so happened that his account was given access it shouldn't have by Xanga's servers. He downloads the information, publishes it on his blog, and scandal ensues. Has he 'hacked' anything, or rather exceeded his 'authorized access?' Or is the operator of the server the one that should be civilly or criminally responsible?" How does this tie in to your earlier cause celebre, that of the open files on the ethics committee, or whatever it was?
Roughly speaking, it's the same situation: someone publishes information to which the author might feel a reasonable expectation of privacy. The question would be whether liability--if any--falls upon the publisher (in this case, chillinois) or the server operator (Xanga). Assuming statutes like the CFAA applied, those who wished to apply the rule against Miranda would have to also apply it to chillinois. (Or the original publisher, anyway.) Whereas a weakness of my preferred rule might be that Xanga's not the person society wishes to constrain here. I still have to give the hypothetical a bit of thought, though. As mentioned above, the facts have 'changed' slightly from what Kos stated.
Also worth noting that if the posts linked to were ever private--which I can't confirm, but at present doubt--they're being made private again.

Post a comment

NOTICE TO SPAMMERS, COMMENT ROBOTS, TRACKBACK SPAMMERS AND OTHER NON-HUMAN VISITORS: No comment or trackback left via a robot is ever welcome at Three Years of Hell. Your interference imposes significant costs upon me and my legitimate users. The owner, user or affiliate who advertises using non-human visitors and leaves a comment or trackback on this site therefore agrees to the following: (a) they will pay fifty cents (US$0.50) to Anthony Rickey (hereinafter, the "Host") for every spam trackback or comment processed through any blogs hosted on threeyearsofhell.com, morgrave.com or housevirgo.com, irrespective of whether that comment or trackback is actually posted on the publicly-accessible site, such fees to cover Host's costs of hosting and bandwidth, time in tending to your comment or trackback and costs of enforcement; (b) if such comment or trackback is published on the publicly-accessible site, an additional fee of one dollar (US$1.00) per day per URL included in the comment or trackback for every day the comment or trackback remains publicly available, such fee to represent the value of publicity and search-engine placement advantages.

Giving The Devil His Due

Choose Stylesheet

What I'm Reading

D.C. Noir

My city. But darker.
A Clockwork Orange

About time I read this...


Projects I've Been Involved With

A Round-the-World Travel Blog: Devil May Care (A new round-the-world travel blog, co-written with my wife)
Parents for Inclusive Education (From my Clinic)

Syndicated from other sites

The Columbia Continuum
Other Blogs by CLS students

De Novo
Theory and Practice
Liberal Federalism?
Good News, No Foolin'

Nancy Pelosi covers her head and visits the head of John the Baptist.
Vlogging in from Austin.
Omikase/"American Idol"

Jeremy Blachman's Weblog: 2007
Happy Passover
Looking for Advice re: LA
Google Books

Stay of Execution
What I've Learned From This Blog, or My Yellow Underpants
The End
Mid Thirties

Legal Theory Blog
Program Announcement: Summer Programs on the Constitution at George Washington
Book Announement: Political Foundations of Judicial Supremacy by Whittington
Entry Level Hiring Report

The Volokh Conspiracy
Making the Daily Show:
Civil unions pass New Hampshire House:
Profile of Yale Law Dean Harold Koh:

Crescat Sententia
Hillary II
Politics and Principal/Agents

Law Dork
Election Approaches
Following Lewis
New Jersey High Court: 'Same Rights and Benefits'

Surveying the revival
Birds of paradise

Half the Sins of Mankind
Cheney Has Spoken Religious conservatives who may ...
Does Ahmadinejad Know Christianity Better Than MSN...
Borders as Genocide In discussions of climate chan...

For lovers of garden gnomes...and any China-freaks out there
We Interrupt Your Regularly Scheduled Programming

Does SOX explain the flight from NY?
More Litvak on SOX effect on cross-listed firms
What did the market learn from internal controls reporting?

The Yin Blog
Iowa City = Riyadh
Jeffrey Rosen's "The Supreme Court"
Geek alert -- who would win between Battlestar Galactica and the U.S.S. Enterprise?

Letters of Marque
And there we are

Signing Off

Dark Bilious Vapors
Jim (The Waco Kid): Where you headed, cowboy?
Bart: Nowhere special.
Jim: Nowhere special. I always wanted to go there.
Bart: Come on.
--"Blazing Saddles"

Technical Difficulties... please stand by....
The Onion should have gotten a patent first....

Legal Ethics Forum
Interesting new Expert DQ case
Decency, Due Care, and The Yoo-Delahunty Memorandum
Thinking About the Fired U.S. Attorneys

Ex Post
Student Symposium- Chicago!
More Hmong - Now at Law School
Good Samaritan Laws: Good For America?

Appellate Law & Practice
Those turned over documents
CA1: courts can’t help people acquitted of crimes purge the taint of acquitted conduct
CA1: restrictions on chain liquor stores in Rhode Island are STILL okay

the imbroglio
High schoolers turn in plagiarism screeners for copyright infringement
Paris to offer 20,600 bikes at 1,450 stations to rent by the end of the year

The Republic of T.
The Secret of the Snack Attack
links for 2007-04-04
Where You Link is What You Get

Distractions for stressed law students

The Other Side: Twisted AnimationsSomething Positive, a truly good webcomic

Syndicate This Site



Stop Spam Harvesters, Join Project Honey Pot