Comments: Michael Geist : "Face To Face With The Great Firewall Of China"

You can get around the Great Firewall of China if you can get in touch with someone outside China with a broadband connection. They can go to http://www.peacefire.org/ and download and install our "Circumventor" software onto their computer, which turns their computer into a mini-Anonymizer with a form where you can type in the URL you want to view. Then they give that URL to their friend in China and they'll be able to access whatever they want.

Posted by Bennett Haselton at May 4, 2005 01:49 PM

And again:

"Now that's fascinating. I never know how to go about testing these things, in a political sense. Just as a statement of fact, Harvard people can go fooling around with random proxies for investigations, but marginalized activists have to worry more."

Seth, can you post about ANYTHING without turning it into a tirade against the conspiracy against you, the "marginalized activist" who was given an EFF Pioneer Award?

If you don't trust my opinion, why don't you find someone whose opinion you absolutely do trust, and who is reasonably informed about such things, and ask them, "Do you think that I would be exposing myself to legal risk if I found an open HTTP proxy in China and used it to test which sites the Chinese government was blocking?"

Posted by Bennett Haselton at May 4, 2005 01:58 PM

What "conspiracy"? That Harvard people have more privilege should be a mundane statement of fact. That's not against me - but it is a recognization of their advantage, and that matters in practice. This is a small example of what I mean by your tendency to convert unfavorable situations affecting other people, into lectures about their supposed character flaws.

Bennett, please read up on the legal background before pontificating. The question isn't where I can get good advice. Rather, it's what would convince you that the advice I've gotten is good.

Posted by Seth Finkelstein at May 4, 2005 05:58 PM

I would like to hear from any person other than yourself who will state for the record that they think *you*, a past EFF Pioneer Award winner, would be facing a legal or public relations disaster if they used an open proxy in China to test which sites China is blocking.

I'm not saying such a person might not exist, but at least if they will come forward and say they actually believe that, I can ask them why they think so. (If I ask you I'm sure I'll get stuck in a cycle of non sequiturs alternating with statements like "Bennett, this is an example of how you really naive you are", etc.)

Posted by Bennett Haselton at May 4, 2005 07:13 PM

I try, out of mutual respect (actually, more like mutually-assured-destruction), to keep my replies to you at less than maximum firepower.

But ... YES, you are really naive. For many reasons, some of which I understand are not obvious to you, but nonetheless, affect *me*.

As I understand it, you haven't read through court decisions on these topics, you haven't participated in any high-level discussions, you haven't done any sort of study from which to create a well-informed opinion. All you do is have an idea in your head from your (lack of) experience, and that's the definition of "naive".

For the record, I suspect you'll dismiss any opinions I get, as either biased in favor of agreeing with me, or wrong because they disagree with you.

Posted by Seth Finkelstein at May 4, 2005 07:27 PM

Fine. Like I just said:

I would like to hear from any person other than yourself who will state for the record that they think *you*, a past EFF Pioneer Award winner, would be facing a legal or public relations disaster if they used an open proxy in China to test which sites China is blocking.

[I should add, assuming you don't shove the URLs through the proxy fast enough to qualify as a denial of service attack.]

Like I also just said, I'm not saying such a person doesn't exist, but I would rather have this debate with them than with you.

Posted by Bennett Haselton at May 4, 2005 08:16 PM

Let the (denial) games begin!

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=692881

[The paper is about Wi-Fi, but the sections discussing surfing through open connections are on-point]

A. The Computer Fraud and Abuse Act

"The Computer Fraud and Abuse Act ("CFAA") makes punishable whoever "intentionally accesses a computer without authorization or exceeds authorized access and thereby obtains -- . . . information from any protected computer if the conduct involves interstate or foreign communication." Another section of the CFAA makes punishable whoever "intentionally accesses a protected computer without authorization, and, as a result of such conduct, recklessly causes damage." ... In each case, the statute defines "protected computer" broadly to cover essentially any computer connected to the Internet."

The CFAA does not define "without authorization" or what it means to exceed authorization. Under CFAA case law, establishing unauthorized access or lack of authorization has involved reference to the means of access or its purpose. Courts have also found unauthorized access through a "Terms of Service" violation, even where the defendant did not receive notice of the terms. In America Online v. LCGM, involving defendant's mass spamming of AOL customers, the court wrote that "Defendants' actions violated AOL's Terms of Service [agreement], and as such was unauthorized." At least one other court has held that a plaintiff can establish a lack of authorization through the use of an "explicit statement on the website restricting access." In EF Cultural Travel v. Zefer, involving a defendant who used a scraper tool to extract data from a competitor's website in order to underbid projects, the court also recognized that a lack of authorization could exist implicitly, rather than explicitly in the form of a statement. ...

Posted by Seth Finkelstein at May 4, 2005 09:20 PM

For the third time:

***
I would like to hear from any person other than yourself who will state for the record that they think *you*, a past EFF Pioneer Award winner, would be facing a legal or public relations disaster if they used an open proxy in China to test which sites China is blocking.
***

Not a statement from someone else that you think *implies* they would agree with you here (which is a bit of a stretch -- under your interpretation of that law, it would apply just as much to accessing a Web site in China, as it would to accessing a proxy server in China).

Posted by Bennett Haselton at May 5, 2005 02:28 AM

I had hoped you would regard an immediate reference to a legal paper with extensive discussion of a key statute, as a good-faith production of relevant evidence. As worthy of consideration and thought, even if you would not go so far as to deem it dispositive.

The issue with finding a person will be not the law, but getting a lawyer who is willing to argue with you. I will attempt this (note the first people I ask will probably be friends, well-known to you - for the simple reason that these are people who I can ask to argue with you!).

As a small example:

"Under your interpretation of that law, it would apply just as much to accessing a Web site in China, as it would to accessing a proxy server in China".

This is discussed extensively, for example (my emphasis):

"With regard to finding unauthorized access through a "Terms of Service" violation, the AOL cases cited above provide precedent for enforcing such terms on third parties with no privity of contract and no notice of the terms. Internet Service Provider ("ISP") "Terms of Service" typically prohibit many different types of activities, including Internet access by those outside the subscriber's household or business. Although the term applies directly to the customer paying for the service, and not a third-party end user (or "Wi-Fi interloper"), under the rationale of the AOL case cited above, violation of such terms by non-members can amount to unauthorized access for the purposes of the CFAA. In Register.com v. Verio, Inc., which, under the CFAA, enjoined defendant from accessing noncopyrightable information on plaintiff's website, the court established unauthorized access through Verio's violation of Register.com's terms of use. The court found that, although Verio did not actually read and accept the terms of use, it manifested assent to such terms when it submitted a request to the website for information. The line of reasoning in Zefer further supports this view to the extent that the end user remains "unauthorized" by default, absent some explicit or implicit agreement. Section 1030(a)(2) raises the issue of whether the unauthorized access involves obtaining information. Although Congress intended the CFAA to apply to theft-related acts, some courts have interpreted information obtained as "the showing of some additional end--to which the unauthorized access is a means."

But, am I correct, you will not grant this even the smallest status as evidence, because it is not a lawyer personally arguing with you? (do you see why it may be sincerely difficult to find such a person?!)

Posted by Seth Finkelstein at May 5, 2005 03:37 AM