decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books

Gear

Groklaw Gear

Click here to send an email to the editor of this weblog.


You won't find me on Facebook


Donate

Donate Paypal


No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
Whose Hands Are "Unclean"?-- SCO, IBM's 'Agents', and the CFAA- By Jon Stanley, Esq.
Friday, December 17 2004 @ 11:04 AM EST

We looked earlier at the Computer Fraud and Abuse Act from the standpoint of criminal law, and it seems to be pretty much off the table, from all I can see. But looking at the law from the civil side, the analysis is more complex. I noted several comments on the earlier article that made clear to me that a number of you don't yet understand the implications of the CFAA, so I encourage you to read this article closely.

I asked Jon Stanley, an attorney who is an expert on the CFAA, if he'd be willing to explain the statute to you, looking at the specific SCO v. IBM case as well. What, precisely, triggers a CFAA violation? Is SCO's request to throw out IBM's evidence valid, given the facts as we know them so far? Where did this law come from? Mr. Stanley's Masters Dissertation was on the United States Computer Fraud and Abuse Act and he has spoken about it at numerous panels and seminars, including the RSA Conference last year. He'll speak at their 2005 conference as well. I want to thank Mr. Stanley for taking the time to help us comprehend this statute, and I know you join me in that sentiment. He mentions two cases, EF Cultural v. Zefer and EF Cultural v. Expolorica, and here is where you can read the appeals court decision on EF Cultural v. Zefer and Explorica.

To acclimate you, you may wish to also read an article [PDF] by George L. Lenard, an attorney with the firm of Harris Dowell Fisher & Harris, who specializes in employment law and who examined the statute and case law around it, which was published in "St. Louis Lawyer" and who is editor of George's Employment Blawg. He wasn't a bit surprised to see the "unclean hands" claim, and tells me that he expects to see such claims more frequently when other wrongdoing is alleged, because exceeding authorized access is relatively easy to prove compared to more conventional claims.

Laws aren't written for no reason. Invariably they are drawn up because somebody has been doing something that is harming someone, or the lawmakers perceive it that way. "Due to extensive reliance on electronic information systems and the ever-improving speed and convenience of data copying and transmission, businesses today face a heightened danger that improper competition by former employees will be aided by electronic misappropriation of trade secrets and other confidential information," he writes.

Here are some of the benefits of the CFAA he writes about in his article, from the perspective of its normal use, protecting a company from trade secret theft by former employees, for example:

"In litigating claims against disloyal departing employees, the CFAA typically does not stand alone, but serves as an adjunct to more conventional causes of action such as breach of covenant not to compete, breach of confidentiality agreement, trade secret misappropriation, tortious interference with contract or business expectancy, and breach of fiduciary duty. It is a useful addition because it has several significant advantages over such causes of action, including:

  • "Availablity of federal jurisdiction. While other applicable claims involve state law, permitting federal jurisdiction only where diversity requirements are met, the CFAA provides a basis for federal question jurisdiction.
  • "Availablity of a variety of relief, including criminal penalties as well as injunctive relief and damages.
  • "Improved appeal to the fact finder’s sense of justice and fair play. To a judge or jury, improper conduct involving computers may appear more devious, culpable, and unjustifiable than merely going to work for a competitor, even in violation of a noncompete agreement.
  • "Avoiding the need to prove that purloined information rose to the level of a trade secret -- which can be tough, particularly with non-technical information such as customer lists, pricing information, and business strategies.
  • "Avoiding defenses such as the overbreadth or invalidity of a noncompete agreement."

If you are interested in case law on the CFAA, the article is a great resource.

However, our interest is specificallly the use by SCO of this statute to claim that IBM's has "unclean hands" for the way it obtained evidence of SCO's copyright infringement. While we don't actually know what IBM saw, what it downloaded, what password protections, if any, were in place that day, etc., the essay will help you to understand the law better, and from my reading of the law, I think everyone needs to know how the statute works. It's very, very broad.

******************************************

Whose “Hands” are “Unclean?” --
SCO, IBM’s ‘Agents’, and The Computer Fraud and Abuse Act (CFAA)
By Jon Stanley. J.D. LL.M

In its Reply Memorandum, filed Nov. 30th, 2004, SCO presents a rather simplistic section titled “IBM’s Unauthorized Access Into SCO’s Website”. In doing so, SCO, understandably, from their legal perspective, skips over the nuanced and swiftly emerging world of cyberspace jurisprudence. CFAA case law, and particularly its employment of technological language and technological concepts, is not quite so certain, fixed, or agreed upon, as SCO lawyers would have us think.

SCO seeks to have IBM’s evidence thrown out as a result of IBM’s supposed “unclean hands” in obtaining the evidence. SCO’s claim, that agents’ of IBM “improperly” obtained evidence by accessing, in an allegedly unauthorized manner, SCO’s website. This claim illuminates a little known, but vitally important, legal and public policy question. That question is the simple (but by no means easy) query: what, precisely, triggers a CFAA violation? This essay will attempt to answer that question and, in doing so, attempt to ascertain whether SCO’s request to exclude evidence is a valid one.

Initially I focus on a central dynamic in CFAA case law; identifying the contractual ‘instrument’ permitting “authorized access” as that term is defined by CFAA case law. Next I will examine the particular subsection of the CFAA that SCO cites in its Reply Memorandum. Then I will scrutinize the origins of the legal theory enunciated in CFAA cases cited by SCO.

Finally I will examine the two CFAA cases I suggest are most relevant to the dispute here. This examination will reveal that SCO’s allegations, however superficially and simplistically, presented, raise legitimate legal issues that must be addressed by the court.

I have previously argued that, based upon a series of court decisions, the end user’s default status in the digital world, for all practical purposes, is ‘unauthorized’. By that I mean that legal access to ‘cyberspace’ is more often than not governed by some contractual (implicit or explicit) prerequisite that ‘grants’ access. Breech of this contract by the end user renders his or her access unauthorized for purposes of the CFAA.

Case law examples of some of the instruments in question are as follows:

1. Internet Service Provider Terms and Service Agreement
2. Employer Computer Use Guidelines
3. Institutional (i.e. schools, hospitals, library) Computer Use Guidelines
4. Website Terms and Service Agreements
5. “Reasonable expectations” of the website owner

In light of this it is worth examining the specific subsection of the CFAA SCO, apparently, alleges that IBM’s agents violated: (a)(2)(C) which reads:

Whoever;
(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains……

(C) information from any protected computer if the conduct involved an interstate or foreign communication [can be liable for a violation of the CFAA]

Congress has, so far, refrained from defining what the word ‘obtains’ means when employed in (a)(2). However, in its Report on the 1996 amendments to the CFAA, the Senate noted that the “premise of this subsection is privacy protection”, which means, “in this context…mere observation of the data” is a violation of (a)(2). [emphasis added]

The Report went on to say that “removal” of the data, or “transcribing” the data need not be proven as an essential element of the violation. This is a unique finding because, as the Report noted, information is, essentially ‘stolen’ without “aspiration”.

Here is an example of how a violation might occur:

1. I access the internet pursuant to my Terms and Service Agreement with my ISP (that I agreed to but given that there are only 48 hours in a weekend, did not read]. This is the contractual instrument that allows my “access” to be “authorized”.

2. Then I violate this instrument’s conditions, and my access, is, at the very moment of the violation, “unauthorized”.

3. And since, given that I’m probably staring at the screen, I am therefore “obtaining”… (viewing) “information from a protected computer…”

4. In theory, we have, a violation of the CFAA.

Please don’t shoot the messenger. Yes, I think this conclusion is absurd and worrisome. And yes, it may very well mean that every time one checks the stock prices (or whatever) at one’s place of employment, and one does so in violation of one’s agreement to only access the internet for the employers’ purposes, technically one is in violation the CFAA. How did we get to this point? Glib answer? Spammers -- and lack of imagination, perhaps, on the part of the judiciary.

AOL v. LCGM, one of the cases SCO cites, is a good starting point on where this unique, and in my opinion, troublesome, theory of CFAA liability began.

LCGM, the defendant, was a purveyor of spam. AOL claimed the defendant sent out huge amounts of spam to AOL customers. AOL claimed this was a violation of AOL’s “Unsolicited Bulk E-Mail Policy”. The court found that this allegation was true. They further concluded that this finding satisfied the necessary elements for a violation of the CFAA, subsection (a)(2)(C). The court wrote that “Defendants’ actions violated AOL’s Terms of Service agreement, and as such was unauthorized” [emphasis added]

This holding was proffered absent any qualifying language addressing the issue of notice, and how it may, or may not pertain to an alleged CFAA violation, triggered by a “Terms of Service” violation.

If America Online, Inc, Plaintiff, v. LCGM, Inc, et al, Defendant heralded the beginning of the breach of contract equals “unauthorized access” theory, as defined in the CFAA, the two AOL v. National Health cases solidified it.

The judge in both those cases went to some detail demonstrating how a Terms of Service Agreement breech could equal a CFAA violation. Once again the defendant was a purveyor of spam. And once again the court held, in both cases, that the violation of AOL’s Terms and Service Agreement equaled a CFAA violation. Now we had three opinions articulating a legal theory that one astute critic called, with good reason, a: “dramatic and potentially unconstitutional expansion of criminal liability in cyberspace.”

And this leads us to the last two cases we will cover in this essay. EF Cultural v. Explorica Inc (EF ), and EF Cultural v. Zefer (Zefer) are cases that may exert the most impact on the dispute at hand. The two cases above are not cited by SCO but, I would argue, are the cases most on point given the fact pattern alleged by SCO.

It should not take much imagination to grasp that if you can have a CFAA violation by violating an ISP’s terms and services agreement you can have the same violation by violating other agreements that ostensibly grant access to networks or cyberspace. EF and Zefer confirmed this premise.

Again, it is beyond the scope of this essay to analyze in great detail, the respective cases. However, I suggest both cases are worth reading in their entirety. They will have, and have had, a significant impact in cyberspace jurisprudence.

EF and Zefer were companion cases.. A former employee (Gormely) of EF Cultural started his own rival company, Explorica. Gormely, in turn, engaged Zefer Inc. to create a scraper tool which Gormely used to search, query, and harvest data, from EF Cultural’s website. This data was intended to be used to allow Explorica to underbid EF Cultural on certain projects both sought.

EF Cultural sued, among others, Gormely, Explorica, and Zefer for, among things, “unauthorized access” to EF Cultural’s website by Gormely’s scraper. The district court granted a preliminarily injunction against Explorica on the grounds that the scraper was used in a manner that exceeded the “reasonable expectations” of EF Cultural, the website owner.

In a supplemental opinion issued by the district court on the controversy the court elaborated on further on its, heretofore, unknown test:

… by noting ‘…that copyright, contractual and technical restraints, sufficiently notified Explorica that its use of scraper would be unauthorized and thus would violate the CFAA.’ The district court first relied on EF’s use of a copyright symbol on one of the pages of its website and a link directing users with questions to contact the company, finding that ‘such a clear statement should have dispelled any notion a reasonable person my have the presumption of open access applied to information on EF’s website [emphasis added]

The 1st circuit court of appeals upheld the injunction but on much narrower grounds than the “reasonable expectations” test. The court decided not to the address the holding of the district court that use of a “warp speed device…” [the scraper] “circumvented the technical restraints” of the website. Nor, did the court express any opinion on the lower court’s holding that the copyright notice on EF’s website served as “clear notice” that any “reasonable person” regarding “open access” to the site. And so, the crucial issues implicit in the district court’s holding lingered; neither upheld nor repudiated. But they did not linger for long.

In the subsequent case it was the turn of maker of the software, defendant Zefer. Zefer, on a technicality, had been detached from EF. In Zefer the 1st circuit affirmed the preliminarily injunction of the district court on very narrow, procedural, technical grounds not relevant to this matter. Because of this finding the court did not have to address any of the vexing substantive issues -- relevant to the SCO allegations -- and raised in EF and in the district court’s injunction. However, that did not stop the Zefer court from leaping into the fray and articulating a legal position enormously critical to a citizen’s access, or lack of access, to information and navigation in the digital world.

The court was obviously uncomfortable with both the district court’s “reasonable expectations” test and the appeals court’s apparent reluctance to repudiate it in EF. The central issue, that the Zefer court wanted to address was “….whether use of the scraper” on EF’s website "exceeded authorized access." The court answer that question in the affirmative, and added, for future reference in these types of cases: “A lack of authorization could be established by an explicit statement on the website restricting access.”

So, it was with an “explicit statement” rule that the court seemed to think it had vanquished the “reasonable expectations” test. And then the court turned right around and brought much of “reasonable expectations test” right back. Because, the court acknowledged, it did agree with the district court that lack of authorization could be “implicit” as opposed to “explicit”.

For example, the court noted:

" . . .password protection itself normally limits authorization by implication (and technology), even without express terms. But we think that in general a reasonable expectations test is not the proper gloss on subsection (a)(4) and we reject it. However useful a reasonable expectations test might be in other contexts where there may be a common understanding underpinning the notion, cf. Terry v. Ohio, 392 U.S. 1, 9, 20 L. Ed. 2d 889, 88 S. Ct. 1868 (1968) (Fourth Amendment), its use in this context is neither [**11] prescribed by the statute nor prudentially sound." [emphasis added]

The court felt the need to further explain its rationale. It wanted to be clear that the basis for the rejection of “reasonable expectations” test is not “as some have urged, that there is a "presumption" of open access to Internet information”. There is not. (Some might call that astounding and disturbing news.)

Indeed, the court goes on to note: “The CFAA, after all, is primarily a statute imposing limits on access and enhancing control by information providers”. And the “website provider can easily spell out explicitly what is forbidden” [emphasis added]. A statement, one might add, that conveys great faith in the drafters of website terms and service agreements.

It is this alleged violation of an “explicit statement”, or “implicit”, as the case may be, that SCO is presenting as a “hack” into a website.

It will be crucial for the court hearing SCO’s claim to ascertain what, if any, terms and conditions governed access to SCO’s site on the day, and time, in question. And depending on what those terms were, SCO’s claims of the “hack”, however farcical in an actual sense, may have more than a grain of validity if the Zefer reasoning stands the test of time.

This observer thinks that Zefer, to the extent it is a precedent, should be overturned. A breach of a contract based access provision should never be the basis for a CFAA violation. It should be the basis for a contract breach. Rather, the basis for CFAA violation should be intentional circumvention of specific, delineated, code based restrictions.

Kathleen Bennett’s Declaration makes no mention of how she accessed the SCO files in question other than to declare she downloaded them from specific SCO sites. However, I have been told by people familiar with Groklaw and familiar with the specific issue in question here that it may have been possible to access at least some of the relevant files by using anonymous as your user id and your email address as your password.

This, so I am told, is a common practice by companies that wish to make their applications, websites, and information available to the public. Further, without having first-hand knowledge of the facts, I have seen posted comments on Groklaw that indicate the relevant files were placed in “public directory”.

If this information and assumption is correct, SCO’s claim that Kathleen Bennett exploited a "bug" and “hacked” into SCO’s computers is specious and should be repudiated by the court on the grounds that what Kathleen Bennett did was exactly what SCO intended an end user to be able to do and what is a common and normal practice in the digital world. It should not been seen as a CFAA violation or as something “improper”.


Jon Stanley is a graduate of University of Maine Law School. He is also a graduate of the University of Strathclyde Law School, UK, where he was granted a Masters of Law in Information Technology and Telecommunications Law. His Masters Dissertation was on the United States Computer Fraud and Abuse Act and is presently being edited and updated for publication. He practices law in Maine, focusing on information security, as well as privacy, cybercrime, cyberspace insurance, and intellectual property issues. Mr. Stanley represented the state of Maine in the Attorney General’s Case against the tobacco industry. Mr. Stanley recently completed a project for the Japanese Government examining the potential liability issues raised by downstream viruses, and information security system breakdowns. He has spoken about the Computer Fraud and Abuse Act at numerous panels and seminars including the RSA Conference 2003, RSA 2004, RSA 2005 (scheduled), Computer Security Institute Conference 2004 and the Maine State Bar Association 2002.

© Copyright 2004 Jon Stanley


  


Whose Hands Are "Unclean"?-- SCO, IBM's 'Agents', and the CFAA- By Jon Stanley, Esq. | 353 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Whose Hands Are "Unclean"?-- SCO, IBM's 'Agents', and the CFFA - By Jon Stanley, Esq.
Authored by: blacklight on Friday, December 17 2004 @ 11:12 AM EST
"" . . .password protection itself normally limits authorization by
implication (and technology), even without express terms. But we think that in
general a reasonable expectations test is not the proper gloss on subsection
(a)(4) and we reject it. However useful a reasonable expectations test might be
in other contexts where there may be a common understanding underpinning the
notion, cf. Terry v. Ohio, 392 U.S. 1, 9, 20 L. Ed. 2d 889, 88 S. Ct. 1868
(1968)"

I guess this pretty much takes out any notion that anonymous ftp access is
hacking.

[ Reply to This | # ]

Whose Hands Are "Unclean"?-- SCO, IBM's 'Agents', and the CFFA - By Jon Stanley, Esq.
Authored by: Anonymous on Friday, December 17 2004 @ 11:19 AM EST
PJ,
Is CFFA (whatever that is) a mispelling of CFAA?

Bob

[ Reply to This | # ]

Correction
Authored by: Ted Powell on Friday, December 17 2004 @ 11:20 AM EST
"A breech of a contract based access provision should never be the basis
for a CFAA violation. It should be the basis for a contract breech."

I think he probably meant "breach".

---
The cost of a Windows-to-Linux conversion is irrelevant over the longer term,
because you only have to do it once.

[ Reply to This | # ]

Whose Hands Are "Unclean"?-- SCO, IBM's 'Agents', and the CFFA - By Jon Stanley, Esq.
Authored by: Anonymous on Friday, December 17 2004 @ 11:37 AM EST
I believe that the title on the home page should refer to CFAA and NOT to CFFA.
The body of the text provided by the Distinguished Attorney certainly uses that
abbreviation.

I suspect it was another long night for PJ...

[ Reply to This | # ]

Corrections Here, please
Authored by: AllParadox on Friday, December 17 2004 @ 11:41 AM EST


---
All is paradox: I no longer practice law, so this is just another layman's
opinion. For a Real Legal Opinion, buy one from a licensed Attorney

[ Reply to This | # ]

Official "The SCO Group" Positions - Sixty-three days without an official post
Authored by: AllParadox on Friday, December 17 2004 @ 11:48 AM EST
Main posts in this thread may only be made by senior managers or attorneys for
"The SCO Group". Main posts must use the name and position of the
poster at "The SCO Group". Main posters must post in their official
capacity at "The SCO Group".

Sub-posts will also be allowed from non-"The SCO Group" employees or
attorneys. Sub-posts from persons not connected with "The SCO Group"
must be very polite, address other posters and the main poster with the
honorific "Mr." or "Mrs." or "Ms.", as
appropriate, use correct surnames, not call names or suggest or imply unethical
or illegal conduct by "The SCO Group" or its employees or attorneys.

This thread requires an extremely high standard of conduct and even slightly
marginal posts will be deleted.

PJ says you must be on your very best behavior.

If you want to comment on this thread, please post under "OT"


---
All is paradox: I no longer practice law, so this is just another layman's
opinion. For a Real Legal Opinion, buy one from a licensed Attorney

[ Reply to This | # ]

O/T, Off Topic, here, please
Authored by: AllParadox on Friday, December 17 2004 @ 11:50 AM EST


---
All is paradox: I no longer practice law, so this is just another layman's
opinion. For a Real Legal Opinion, buy one from a licensed Attorney

[ Reply to This | # ]

Oregon vs. Schwartz
Authored by: swmcd on Friday, December 17 2004 @ 11:56 AM EST
There was a case in Oregon about 10 years ago having to do with
"unauthorized" access to a computer. See

http://www.lightlink.com/spacenka/fors/

Some commentary on the Oregon Computer Crime law:

http://world.std.com/~swmcd/steven/rants/merlyn.html

[ Reply to This | # ]

What court decided Zefer?
Authored by: Anonymous on Friday, December 17 2004 @ 12:03 PM EST
How widely applicable is this precedent?

MSS

[ Reply to This | # ]

This sounds similar to trespassing
Authored by: Anonymous on Friday, December 17 2004 @ 12:40 PM EST
Suppose that I there is a well trod path across my property. There is a faded
fifty year old sign warning that trespassers will be shot but every day hordes
of students use the path as a shortcut to school. A drunken hobo sees this
happen a couple of times and observes that I seem not to object to this
trespass. He steps onto the path and I shoot and wound him.

I think I will have trouble getting a trespass charge to stick and I think the
hobo has a strong case against me.

(Yes I realize that in most, but not all, of the civilized world, you go to jail
for shooting trespassers.)

In the present case, if someone is aware that people are downloading content
that they don't want downloaded, and they take no action to stop it, then it
seems that they should not be able to selectively prosecute 'trespassers.'

[ Reply to This | # ]

Would a developer license negate the CFAA claim?
Authored by: AMc on Friday, December 17 2004 @ 12:42 PM EST
IBM was a licensed 'partner' developer for OpenServer, UnixWare, and United
Linux at least until early 2003. They developed and supported drivers for SCOG
products that were sold preinstalled on several server lines manufactured by
IBM. Could this:

a) Negate the CFAA claim by basis of IBM having license and need to download
updates from SCOG?

b) Effect the CFAA claim by process of already having the code in house due to
the dev license?

Also interesting that the CFAA precedents as they exist now would place adware
companies in violation of the act.

[ Reply to This | # ]

Web site access
Authored by: Anonymous on Friday, December 17 2004 @ 12:45 PM EST
If access to a web site is UNauthorized by default, how is one supposed to
access anything on the site to gain permission? Servers (http, and FTP) were all
assumed to be public access well before this stupid law was created. And yes, I
do mean stupid - as in: Whoever crafted it does not have a clue and should not
be making laws. Allowing "anonymous" ftp access means you're open to
the public - this has always been the standard interpretation. Any law that
attempts to make this not so may just as well dictate that we all call the sky
green from now on until the public comes to realize they've been mistaken about
the names of colors all along.

[ Reply to This | # ]

Hold on a minute! What about the Constitution?
Authored by: webster on Friday, December 17 2004 @ 12:50 PM EST
This CFFA law establishes a crime or a criminal "violation." It then
adds a civil provision to remedy such violations. Here it is:

***
(g) Any person who suffers damage or loss by reason of a
violation of this section may maintain a civil action against the
violator to obtain compensatory damages and injunctive relief or
other equitable relief. A civil action for a violation of this
section may be brought only if the conduct involves 1 of the
factors set forth in clause (i), (ii), (iii), (iv), or (v) of
subsection (a)(5)(B). Damages for a violation involving only
conduct described in subsection (a)(5)(B)(i) are limited to
economic damages. No action may be brought under this subsection
unless such action is begun within 2 years of the date of the act
complained of or the date of the discovery of the damage. No
action may be brought under this subsection for the negligent
design or manufacture of computer hardware, computer software, or
firmware.
*****

All crimes in the United States are prosecuted under a standard articulated in
all jury instructions as "beyond a reasonable doubt."

One can not invoke a criminal violation or a crime under this statute until such
allegation has been proven to a jury of one's peers who decide unanimously by
the standard of "beyond a reasonable doubt" that someone is guilty.
The civil remedy for this crime would then proceed in court by the traditional
civil standards variously described as by "clear and convincing
evidence" or by "a preponderance of the evidence."

So it is a mystery to me how SCO can allege this crime and invoke the civil
remedy until a crime has been proven by the criminal standard. It appears to be
a way to invoke a crime with an insufficient standard of proof. Used like this
one must question its constitutionality.

You shouldn't be able to make this allegation in a civil suit until it has been
proven in a criminal court.



***Sidenote rave: This law may be another example of political pandering and
campaign fund influence. Politicians like to be perceived as working and
responding to societal needs. Many crminal laws are passed that are total
window dressing and meaningless. Laws on hate crimes, school zones, chronic
offender, etc. almost always unreasonably duplicate or specify laws that are
already on the books. They rarely have any influence other than allowing
political candidates to claim them. Does an unused law punishing a criminal
with 5 lifetimes when one is plenty always lead to a superficial yet effectual
politacal appeal?

---
webster

[ Reply to This | # ]

Whose Hands Are "Unclean"?-- SCO, IBM's 'Agents', and the CFFA - By Jon Stanley, Esq.
Authored by: Anonymous on Friday, December 17 2004 @ 12:57 PM EST
If sco released the code under the GPL doesn't making this
charge amount to a violation of the GPL? I.E. how can
they make this charge against code placed in the GPL since
the license states they can't place restrictions on the
distribution?

[ Reply to This | # ]

I'm still betting
Authored by: rsteinmetz70112 on Friday, December 17 2004 @ 12:58 PM EST
IBM was authorized to access the site, even under SCOG's version of reality, by
virtue of having a valid SCO Linux copy and was probably following instructions
printed in SCO Linux documentation.

Remember SCOG changed the rules, after they decided that IBM stole their stuff.

There are more than a few details missing of what actually transpired.

As usual SCOG made an assertion without providing any evidence that IBM or their
employee who actually accessed the site was unauthorized.

---
Rsteinmetz

"I could be wrong now, but I don't think so."
Randy Newman - The Title Theme from Monk

[ Reply to This | # ]

HTTP NOT FTP
Authored by: whoever57 on Friday, December 17 2004 @ 01:07 PM EST
I believe SCO's claim may refer to the time that donwloads could be accessed
only via an HTTP site. The site caused a password request, but accepted a blank
password.

Perhaps SCO did this as a deliberate trap? It seemed to make no sense at the
time.

[ Reply to This | # ]

  • Bookmarks? - Authored by: Weeble on Friday, December 17 2004 @ 01:52 PM EST
    • Bookmarks? - Authored by: Anonymous on Friday, December 17 2004 @ 03:58 PM EST
IBM raiding the cookie jar?
Authored by: Anonymous on Friday, December 17 2004 @ 01:13 PM EST
Kathleen Bennett’s Declaration makes no mention of how she accessed the SCO files in question other than to declare she downloaded them from specific SCO sites. However, I have been told by people familiar with Groklaw and familiar with the specific issue in question here that it may have been possible to access at least some of the relevant files by using anonymous as your user id and your email address as your password.

This, so I am told, is a common practice by companies that wish to make their applications, websites, and information available to the public. Further, without having first-hand knowledge of the facts, I have seen posted comments on Groklaw that indicate the relevant files were placed in “public directory”.

If this information and assumption is correct, SCO’s claim that Kathleen Bennett exploited a "bug" and “hacked” into SCO’s computers is specious and should be repudiated by the court on the grounds that what Kathleen Bennett did was exactly what SCO intended an end user to be able to do and what is a common and normal practice in the digital world. It should not been seen as a CFAA violation or as something “improper”.

We need to clarify that one site was accessed through anonymous ftp, and another site was accessed by clicking OK on an http authentication dialog that had no security behind it. SCO was less than clear in their accusation, but it is apparent that the "bug" that IBM "exploited" refers to the unsecured http site. There's no way that IBM can be faulted for using anonymous ftp, and SCO knows that very well.

There is one key question here: What could IBM reasonably construe from the fact that SCO's http authentication had no security behind it?

As an internet user, I would construe that SCO was intending, or at least allowing, public access. The biggest contributing factor in this impression is the following fact: SCO had no reason to restrict access to its Linux files other than to conserve bandwidth. It's reasonable to assume that SCO didn't have any bandwidth problems, and therefore didn't care that their site was openly accessible.

IBM was not raiding the cookie jar. They were simply making reasonable assumptions.

[ Reply to This | # ]

Whose Hands Are "Unclean"?-- SCO, IBM's 'Agents', and the CFFA - By Jon Stanley, Esq.
Authored by: mrpeach on Friday, December 17 2004 @ 01:19 PM EST
What I don't understand about the referenced AOL case is, how was the spammer
bound to the AOL Terms Of Service? Was there a contractual relationship between
them? Was one implied by the simple act of access?

---
"The very powerful and the very stupid have one thing in common. Instead of
altering their views to fit the facts, they alter the facts to fit their
views... wh

[ Reply to This | # ]

CFAA exploit?
Authored by: mikebmw on Friday, December 17 2004 @ 01:21 PM EST
Question:
What's to stop people distributing others copyrighted material from their web
site being able to hide behind the CFAA. For example, one creates a website
distributing music files with copyrights owned by the RIAA. On that web site
post an authorized access statement "claming the RIAA, agents of, etc., are
unauthorized to access this web site ...."

Under the CFAA any evidence collected could be thrown out due to unclean hands,
and the RIAA could possibly be prosicuted for attempting to protect their
copyrights. Would the RIAA have to get law enforcement to get a warrent to
inspect to site? It seems a sticky mess if you ask me.
-mikebmw

[ Reply to This | # ]

If the premise is privacy ...
Authored by: rao on Friday, December 17 2004 @ 01:30 PM EST

If the premise of the relevant section of the CFAA is privacy protection, as the article says, it's a little hard to understand how downloading GPL'd code could be a violation. What privacy claims can SCOX make on GPL'd code?

[ Reply to This | # ]

This has major ramifications for search engines
Authored by: Anonymous on Friday, December 17 2004 @ 01:33 PM EST
If all I have to do is put a term on my website, what is to keep me from going
after google for caching it?

I understand the argument of robots.txt, but this seems like a very grey area.
It seems like congress needs to define "reasonable protection".

[ Reply to This | # ]

A Cookie or Something?
Authored by: Simon G Best on Friday, December 17 2004 @ 01:53 PM EST

This is just another speculation, but it occurred to me that maybe IBM was already one of the authorised, registered users (as others have suggested), and had previously entered their login details, with the browser storing the relevant stuff as browsers sometimes do. If so, I can imagine that Kathleen Bennett may not have witnessed the authentication steps, as they could have been performed on a previous occasion, and were subsequently performed automatically by the browser, including on the occasion(s) that Kathleen Bennett witnessed. It could give the impression to such a witness that no authentication was required, even if it was, and was being given by the browser on the user's behalf.

Just a thought :-)

---
Open Source - open and honest? Not while the political denial continues.

[ Reply to This | # ]

What does it have anything to do with anything?
Authored by: Anonymous on Friday, December 17 2004 @ 02:06 PM EST

Either: 1. SCO is (still, even) making the sources available to their customers to whom they distributed binaries, in which case, they can only do it by fully complying with the GPL, or 2. They stopped making sources available to their customers to whom they distributed binaries, in which case, they violate the GPL, and their distributions were unlicensed or in violation of a license they agreed to.

It matters not at all whether SCO password protects it. As long as they distribute it to any customer, they could only be doing it under the rights of the GPL, and then only if they continue to make the sources available upon request (to those to whom the original distribution did not contain source), but they can only do this if they comply with GPL and do not restrict further use.

By ever distributing in a medium that does not always include source, they are bound to continue distributing source upon request for a significant amount of time or they are in violation, but they can only continue to distribute by continuing to accept the same license they originally accepted.

[ Reply to This | # ]

Whose Hands Are "Unclean"?-- SCO, IBM's 'Agents', and the CFAA- By Jon Stanley, Esq.
Authored by: Anonymous on Friday, December 17 2004 @ 02:43 PM EST
So, if you put up a main page that said "Access to this site is permitted
under the condition that you not disclose any of the site's contents or nature
of those contents to anyone for any reason. Click [OK] to continue", you
could then distribute illegal MP3s, pirated software, etc. and the files
downloaded as evidence could be thrown out as they were obtained with
"unclean hands"? That would seem to protect and encourage illegal
behavior. That's an unbelievably stupid law. What am I missing?

[ Reply to This | # ]

Ok fine
Authored by: Anonymous on Friday, December 17 2004 @ 02:50 PM EST
Can't IBM just say ok if that was not proper how about hand
over the source code that was or still is on that server?

[ Reply to This | # ]

  • Ok fine - Authored by: Anonymous on Friday, December 17 2004 @ 03:43 PM EST
    • Ok fine - Authored by: Darkside on Saturday, December 18 2004 @ 06:56 AM EST
Contracts for accessing data
Authored by: Anonymous on Friday, December 17 2004 @ 02:53 PM EST
Wouldn't this law apply the other way around? If I am providing information to
a website in agreement with the TOS or privacy policy, and the company then
ignores their obligations under the contract can I use this law against them?
The spyware companies were recently found to not be in violation of their
privacy agreements becuase they are non-binding (crazy). But this isn't a claim
for breach of contract so I'm not sure that matters.

[ Reply to This | # ]

Whose Hands Are "Unclean"?-- SCO, IBM's 'Agents', and the CFAA- By Jon Stanley, Esq.
Authored by: Anonymous on Friday, December 17 2004 @ 03:06 PM EST

The entire basis of this law comes down to the word "protected".
Anonymous ftp by definition "unprotects" the system, or sets up an
unprotected area in an otherwise protected system. I also think the word
"password" is confusing everyone. Many anonymous FTP's require a
password, many don't. But that doesn't mean the system is protected, it is still
public and unprotected.

I am not an attorney, but I am a computer security expert, and for SCO to claim
that there was a bug or that the computer was indeed protected is just simply
lying to the court.

[ Reply to This | # ]

OT: Schwartz interview?
Authored by: Anonymous on Friday, December 17 2004 @ 03:16 PM EST
Whatever happened with that Schwartz interview you asked us to provide questions for? link

Or did it happen and I missed it?

[ Reply to This | # ]

Questions
Authored by: Anonymous on Friday, December 17 2004 @ 03:24 PM EST
Can anyone provide definitive answers to the following:

- Did SCO Linux shrinkwrap boxes include a username and password?

- If so, was it the same username and password for all customers?

- Did the customer have to agree not to share the username and password with
others?

- Did the SCO website contain any text indicating that the site was for
customers only?

Inquiring minds want to know.

[ Reply to This | # ]

Hypothetical: ISP TOS Violation
Authored by: Lazlo Nibble on Friday, December 17 2004 @ 03:27 PM EST
I access the internet pursuant to my Terms and Service Agreement with my ISP (that I agreed to but given that there are only 48 hours in a weekend, did not read]. This is the contractual instrument that allows my “access” to be “authorized”.

It's clear to me that an ISP has a right to control access to their own systems and resources, and that if an individual violates an ISP's TOS in a way that terminates that individual's contractual agreement with the service provider, there's an argument to be made that the customer's further use of that ISP's systems and resources is a CFAA violation. But under what legal theory would an ISP be empowered to "authorize" (or un-"authorize") an individual's "access" to materials not under the ISP's physical or contractual control (e.g., the contents of an arbitrary web or ftp site on the open Internet)? Surely the issue is not the downloaded content itself, but the fact that the individual downloaded that content using resources they no longer had permission to use?

This would be like charging someone with credit card fraud for placing a phone order using their own valid credit card, because they made the call from a house they'd broken into.

[ Reply to This | # ]

Relevance?
Authored by: minkwe on Friday, December 17 2004 @ 03:44 PM EST
SCO claims that they "only" knowingly distributed IBM's copyrighted
works to their customers.

Is it relevant if IBM hacked into their website or not? They have admitted in
their defence that they did distribute it. They are not denying that. So this
"hacking" accusation does not (I think) have relevance with respect to
IBM's PSJ.

---
"Corporate views on IP law might be described as similar to a 2-year-old's
concept of who gets to play with all the toys regardless of who brought them" --
PJ

[ Reply to This | # ]

  • Two year old? - Authored by: Anonymous on Friday, December 17 2004 @ 03:57 PM EST
  • Relevance? - Authored by: Christian on Friday, December 17 2004 @ 04:34 PM EST
Website authorisation & google & GPL authorised it
Authored by: Anonymous on Friday, December 17 2004 @ 04:16 PM EST
By my reading of the complaint it appears that SCO is contending that the
website as a whole was protected via an 'authorised customer' login.

Now lets us extrapolate that a little and go for this concept. We authorise the
website as a whole to google so that our customers, and potential customers, can
google to the authorised pages. As part of this google picks up a link to a ftp
site that is not publicly available on any public link. I go into google, find
the FTP site directly. Did I breach the authorisation that SCO put in place?
Did google breach authorisation by publishing that link, I bet no because it was
authorised to provide search facilities.

This goes further to the centre of the problem. If website owner puts a
diclaimer on the first page (the contract) that this website may not be
processed electronically without authorisation (google is OK) and I never get
there. Am I bound by that contract?

This is an interesting legal question. For example the horse breading pages had
the ability to query a single horse to find pedigree. The company sold the
database as a whole. SOmeone came in and slowly scraped all the pedigrees off
the website one by one building a pedigree database, directly from them.
Morally I would call this wrong but if we do not have a clear cut rule then this
may constitute fair use.

I for one support the idea that this whole concept should be carefully
considered.

Finally the GPL is the ultimate authorisation. Your right to the source code
from the distributor. Since SCO has not repudiated the GPL I can guarantee that
IBM has a SCO server or caldera license somewhere in the organisation and is
therefore authorised to obtain that software.

[ Reply to This | # ]

Whose Hands Are "Unclean"?-- SCO, IBM's 'Agents', and the CFAA- By Jon Stanley, Esq.
Authored by: jim Reiter on Friday, December 17 2004 @ 04:17 PM EST
Something I would need to know is "had IBM previously
requested this information in discovery?"

The fine point being that if IBM obtained the information
it was already entitled to, it would be hard to have it
excluded. My impression is that TSG has not been
forthcoming in furnishing information on what is in their
code.

[ Reply to This | # ]

IBM may have breached site agreement
Authored by: Anonymous on Friday, December 17 2004 @ 04:18 PM EST
I ftp'd into SCO's FTP server, and read the legal notice they have, SCO only
allows linux downloads by existing customers (according to the Legal Notice).

Did this condition of downloading exist at the date of IBM's access/download to
SCO'd linux? And if so, was IBM an SCO customer at the time?

[ Reply to This | # ]

Eventual Outcome
Authored by: Anonymous on Friday, December 17 2004 @ 04:19 PM EST
It seems to me that there is little doubt that this issue will eventually be
decided in IBM's favor. The question in my mind is how long, if at all, it can
further delay the proceedings? If the judge will have to address this issue in
order to preclude an appeal, it seems that that he will need more evidence to do
so. Will the judge have to get more evidence, and if so, how is this likely to
be done, and in what time frame?

Thanks to PJ and everyone else here. I love this site.

Mark

[ Reply to This | # ]

YADQ (Yet Another Dumb Question)
Authored by: Anonymous on Friday, December 17 2004 @ 04:47 PM EST
OK, so it seems to me like the issue here is whether or not this evidence (the
SCO linux code that included IBM's copyrighted material) is allowed or
not....and nothing else.

What would stop IBM from posting a note to this Groklaw (or anywhere else for
that matter) that said "We are looking for someone who has purchased SCO
United Linux [or whatever] and would allow us to view the source code? You do
not have to worry about violating license terms because Linux is open source and
sharing the source code is NOT a violation of the GPL. Thank you and good
day."

[ Reply to This | # ]

Whose Hands Are "Unclean"?-- SCO, IBM's 'Agents', and the CFAA- By Jon Stanley, Esq.
Authored by: jim Reiter on Friday, December 17 2004 @ 05:08 PM EST
When TSG learned that The GPL would put "their" code under
the GPL license, they claimed they stopped distributing
it.

TSG had the option of recalling the product. This is not
what TSG did. TSG kept the money and continued to support
the software. In effect, TSG continued to operate under
the GPL.

[ Reply to This | # ]

Whose Hands Are "Unclean"?-- SCO, IBM's 'Agents', and the CFAA- By Jon Stanley, Esq.
Authored by: kberrien on Friday, December 17 2004 @ 05:21 PM EST
>by virtue of having a valid SCO Linux copy and was probably
>following instructions printed in SCO Linux documentation.

In true IBM fashion, I would expect during oral arguments IBM will provide
instructions, from SCO in published form instructing users/owners where, and how
(even if anonymous ftp/wb) to get updates off their website. I would also
expect there to be a reciept for the purchased SCO software.

Given IBM's performance of crossing the i's, and dotting the T's, I assume they
have already thought of this SCO trick.

[ Reply to This | # ]

Recursive Terms of Service
Authored by: Anonymous on Friday, December 17 2004 @ 06:30 PM EST
This is meant more to illustrate broadness than just me being pedantic.

If I put Terms of Use on my website that read "You are not authorized to
read this document," is anyone who reads the Terms of Use or uses the site
potentially in violation of the CFAA?

It seems that the lack of any damages in the civil statute invites silly
interpretations like this.

[ Reply to This | # ]

Delay and confuse
Authored by: Gothic`Knight on Friday, December 17 2004 @ 06:43 PM EST
Tho nothing is ever certain when courts and the law is involved it appears to me
that this is yet another SCOX delay tactic. It really shows the near desperation
level that they are getting to and is now at the stage having no facts or law to
pound it is time to pound the table.

When all others around you are losing their head; duck!

[ Reply to This | # ]

Common sense laws?
Authored by: Anonymous on Friday, December 17 2004 @ 06:50 PM EST
IANAL but shouldnt there be some room in the legal system for common sense? eg.
It was open to the public so it was authorized anyway?
What happens when a nonsensical law is enacted? Do the courts just follow it
anyway?

[ Reply to This | # ]

Whose Hands Are "Unclean"?-- SCO, IBM's 'Agents', and the CFAA- By Jon Stanley, Esq.
Authored by: seantellis on Friday, December 17 2004 @ 06:51 PM EST

I just did a very quick test over at ftp.sco.com.

Anonymous access was granted with no password requested.

All of the Linux download directories contain only a text file called "Legal Notice", file date 27/10/03 (although I doubt this date is legally binding), which directs the user to re-register for access to an alternative site.

However, in folder ftp://ftp.sco.com/pub/opensource/ (note the "pub" - traditionally the publicly accessible folder on ftp servers), we find a couple of subdirectories and a readme which states, in part:

README - This file
nkfs/ - nkfs source code released under GPL
aim-suite7/ - GPL Version of the AIM Multi user Benchmark Suite VII
aim-suite9/ - This is the GPL version of the AIM Independent Resource
Benchmark--Suite IX

So it would appear that, as of 17 December 2004, SCO is still offering GPL'd software for download via anonymous FTP, with no password restrictions, in the conventional space used for public access.

This is clearly contrary to its previous position on the GPL, and may be an explicit GPL violation depending on the position taken by the AIM suite developers.

---
Sean Ellis (sellis@geo-removethis-cities.com)

[ Reply to This | # ]

Color me stupid, but ....
Authored by: Anonymous on Friday, December 17 2004 @ 09:31 PM EST
Ok, suppose it is true that IBM's access of SCO's site violates the CFAA. Then
it would appear that it is legal for a company, any company, to create a
publically accessible web site and then claim, after the fact, that anyone they
did not like who accessed the site had committed a criminal act. This would be
so because they would not "authorize" those they did not like to
access the site's information.

So, it now appears clear that SCO may demand criminal prosecution of PJ, and
probably 2/3 of the Groklaw community, for "unauthorized access" to
their web site, in contravention of the CFAA.

Did I get that right?


[ Reply to This | # ]

I am apparently wrong about the 'unclean hands' defense
Authored by: marbux on Friday, December 17 2004 @ 10:13 PM EST
In an earlier post, I suggested that the doctrine of unclean hands may not provide a viable legal theory for SCO because I thought it only applied to conduct underlying the claims for relief, and could not arise from conduct after litigation commenced. I was apparently wrong.

Checking SCO's citations on that issue was infeasible during the time I had available because only one, a Supreme Court decision, is available online without access to a commercial legal database. That decision did not stand for the proposition SCO was espousing.

However, since then I have found another case online that does support SCO's theory. In Aptix Corp. v. Quickturn Design, (broken HTML alert), the Federal Circuit found that a pattern of repeatedly producing fraudulent evidence in response to discovery requests, plus a later refusal to testify about the circumstances based on the right against self-incrimination, was sufficient to apply the doctrine of unclean hands to bar proceeding with a patent infringement claim. The decision cites several supporting authorities on that point.

Why SCO's lawyers relied on old case decisions and did not cite the 2001 Aptix case is not apparent.

So it appears that the court may have to reach the issues posed by the Computer Fraud & Absue Act and SCO's supporting evidence in order to determine whether SCO's unclean hands argument raises a genuine dispute over a material fact.

I apologize for suggesting that the doctrine of unclean hands was inapplicable.

---
Retired lawyer

[ Reply to This | # ]

Whose Hands Are "Unclean"?-- SCO, IBM's 'Agents', and the CFAA- By Jon Stanley, Esq.
Authored by: Anonymous on Saturday, December 18 2004 @ 02:54 AM EST
I have a serious problem with the claim, made in this article, that access is by default unauthorized. I have a problem on several levels.

First, it takes an act of the poster to make information publicly available, whether or not it is publicly advertized. If you put up a web site and then claim that certain people are not allowed to see the information, but that others are, without telling everyone about these policies explicitly, and in an interruptive manner, you can't claim that the content was in any way limited.

This is like publishing a newspaper and stating in the fine print on page 3, that blondes (or some other arbitrary group) can't see the info.

Second, do we expect the publisher to do anything at all to maintain their security? Seriously! If you want to limit distribution, do so. Don't just expect that people will do what you want. This is like blaming a coffee maker for making coffee that is hot and burns you.

Third. SCO is required to disclose the code they are distributing to pretty much all comers. This is GPL. By virtue of the original license agreement, IBM can have a copy of whatever SCO is distributing, so the very idea that ther are unclean hands is laughable.

-----Didn't Login
lofdev

[ Reply to This | # ]

But, what about when IBM washed their hands, first?
Authored by: Ian Al on Saturday, December 18 2004 @ 07:59 AM EST
If IBM used anonymous ftp to obtain evidence with clean hands, is this
inadmissible if the same evidence was also obtained with unclean hands by a
different method? That would mean that all the evidence obtained in discovery
was inadmissible if just one other piece of evidence was obtained with unclean
hands. I would expect the court to dismiss this theory as 'silly' (see PJs
previous article on unclean hands).

So, even if SCOG prevail with respect to the http sites, they would be caught by
the evidence obtained via ftp.

Considering the evidence obtained via http sites, it appears from the IBM
deposition that the original files were viewed via an unprotected site. It also
seems that when IBM rechecked (in August?) that the URLs they went to
(bookmarked?) were, again, unprotected. Looking at the detail of the accusation,
IBM are claimed to have,

(2) intentionally accessed a computer without authorization or exceeds
authorized access, and thereby obtains??

(C) information from any protected computer if the conduct involved an
interstate or foreign communication [can be liable for a violation of the CFAA]

The current password protection displays the following in the Login screen,

Server linuxupdate.sco.com

Message SCOUpdate Service for valid SCO users only

Even that does not make it clear who is a non-valid SCO user and that non-valid
users are prohibited from accessing the material. Is it an unreasonable
expectation that it is OK to download the files and install Linux under the GPL
and thus become a valid SCO user? So, was the site protected and was IBM
unauthorised or exceeding their authorisation?

When IBM accessed the http sites, were there any clear warnings that they were
exceeding authorised access by viewing the materials? If not, SCO had no
reasonable expectation that anyone would not access the materials.

Also, as was mentioned in the previous thread, both as licencees of Unix
products and partners in Open Linux, IBM may have authorisation, ids and
passwords that make access authorised.

I assume that SCOG are trying to demonstrate a fact over which controversy
exists and that might stand a chance in front of a jury (See, I have been
listening!). However, they have provided no evidence of the facts they claim.
They don't show that the sites were protected when IBM accessed them, nor that
there were stated authorities required for access, nor that IBM were
unauthorised, nor that any sort of 'hacking' was necessary to get to the
information. Neither did they provide expert evidence that the accesses actually
took place and that they were unauthorised. Personal information gained by
reading the court documents does not count (told you I was listening). Remember
the case of the lawyer giving 'phone' records in evidence? Giving the reason for
the site and indicating who was authorised to access it in the response to a PSJ
does not put IBM in the wrong.

In general, although the experts tell me that this could be serious, on
reflection it is not going to spoil my Christmas.





---
Regards
Ian Al

[ Reply to This | # ]

SCO responsibility and accountability
Authored by: StLawrence on Saturday, December 18 2004 @ 03:49 PM EST
According to SCO's current website, here are the names of the individuals responsible for the management and direction of
The SCO Group:

Darl C. McBride, President & CEO, Director
Chris Sontag, Senior VP & GM of SCOsource Division
Bert Young, CFO
Ryan E. Tibbetts, General Counsel
Jeff Hunsaker, Senior VP & GM of UNIX Division
Reg Broughton, Senior VP
Alan Raymond, VP
Ralph J. Yarro III, Chairman of the Board
Edward E. Iacobucci, Director
Darcy Mott, Director
Thomas P. Raimondi, Jr., Director
R. Duff Thompson, Director
K. Fred Skousen, Director
Daniel W. Campbell, Director

Inquisitive Googlers are referred to http://www.groklaw.net for complete information on the results of the management of TSCOG by these individuals.

The Internet has a long memory.

[ Reply to This | # ]

IBM should check their library (If they haven't already)
Authored by: johnwren on Saturday, December 18 2004 @ 10:04 PM EST
In 1998 I purchased "Hands-On Linux" by Mark G. Sobell, published by
Addison Wesley, ISBN 0-201-32569-1. The book has a Caldera imprint on the front
cover design, and contained a CD which features Caldera Openlinux Lite. In the
supplementary license at the back (which makes a very clear statement about the
GPL "Nearly all of the compentns that make up the OpenLinux Lite product
are distributed under the terms of the GNU General Public License..." but
covers some additional products included by Visix, Caldera and Vital; is found
the following invitation:

NOTICE: OpenLinux Lite is provided without technical support of any kind, though
we invite you to browse the technical resources at our Web site:
http://www.caldera.com".

I'm a language teacher, not a lawyer, but this sounds to me like an implict
invitation to download updates off their site, given that the licese also says
elsewhere that the GPL "permits free and unrestricted redistibution."
I would be willing to bet IBM can find a copy of this book in their library.
(I have been reading Groklaw for more than a year, but this is the first time I
thought I might have something to contriubute.)

[ Reply to This | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )