If You're Typosquatting Domain Names To Get Misaddressed Emails, Maybe Don't Target A 'Brand Protection' Law Firm
from the just-saying dept
Via Slashdot, we learn of a lawsuit filed by a "brand protection and anti-counterfeiting" law firm, Gioconda Law Group, against Arthur Wesley Kenzie -- a guy who apparently has been registering typo versions of company domain names (typosquatting) and then receiving the emails received at those domains -- possibly using them to pitch his own "security" help to the companies. He did this to Lockheed Martin, who chose to just get the domain transferred to them via the UDRP process, but Gioconda is suing for "trademark infringement and unlawful interception of a law firm's private electronic communications." The trademark claims may make sense -- since you could argue that there's a likelihood of confusion. And, clearly, what this guy was doing was sleazy. But is it really "unlawful interception of a law firm's private" emails? That's where it seems much trickier. After all, he didn't actually "intercept" anything. They were sent to him. The "problem" is that the senders chose the wrong address.Gioconda seems to be claiming that because the emails didn't bounce, he was guilty of setting up special email boxes to intercept the law firm's emails:
"We discovered the cybersquatting and sent several test e-mail messages... to see if they were delivered to the misspelled e-mail addresses, and indeed, they were received by active mailboxes."But, uh, plenty of domains are set up to allow any email to be received by an active (usually admin or default) account. So the fact that the emails went to a live account, rather than a bounced account doesn't automatically indicate "unlawful interception." That said, it does seem like what the guy did was pretty questionable, but it just seems dangerous to set a precedent that having someone send an email to the wrong address is somehow an illegal "interception."
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: arthur wesley kenzie, typosuatting, udrp
Companies: gioconda law group, lockheed martin
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
This isn't my fault or my problem. Nor is it my obligation to lift a finger to do anything about it. We all make typos: sometimes they transform a working address into an invalid one and we find out about it. Other times they transform it into a different working address, and we don't. That's how it's been since forever, and suing someone over it just indicates an amazingly low clue level combined with a vicious streak of entitlement.
[ link to this | view in chronology ]
Re:
Instead of warning your neighbor that his car is leaking gasoline, you place a canister under the leak and collect the gas and use it yourself. It's not your fault that the gas was leaking, but you were unethical in using the situation to your advantage. Whether that's actionable is up the judge though.
[ link to this | view in chronology ]
Re: Re:
If you screw it up deal with the consequences of your own damn mistakes whatever they may be, just because they could be serious is not others fault, you made the mistakes and others can and will exploit those and you should suffer all the consequences of not being able to deal with them in a reasonable matter, this is not a case where somebody took active steps to harm you, to infiltrate your home or business or to extricate information, this was a passive action that resulted in collection of data, important or not by the failure of individuals or institutions to fallow proper procedure and protocols to safeguard themselves.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Typesquating may not be ok, but it is not a criminal matter either or should never be.
Once down that road liability applies to everything, not just the bad the good to, can you imagine being prosecuted and punished for the mistakes of others?
The law is not some surgical instrument, it is a carpet bomb, it will hit anything indiscriminately and the good and bad in every situation will be destroyed by it, so make it sure the bad is most of the cases and justify the pain it will cause to the good things.
And for the love of God(the spaghetti monster God) I can't see why anybody would want to make receiving by mistake data criminal or punishable, I can see where it could go wrong, where it could be used for censorship, where it could be used to trap innocent people and that all because of some jackass that is being an ass using a minor exploit of the system to get ahead and could be prosecuted by other means, if he goes further and do something truly illegal.
[ link to this | view in chronology ]
Re: Re: Re: Re:
There are too many domains used by legitimate entities that are typos of other legitimate entities. Take CBS Systems International (CSB.com) for example. How many e-mails do you think CSB.com receives on a daily basis that are intended for CBS.com? Should CSB be forced to hand over their domain?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Nobody and I mean nobody should be found guilty of intercepting anything because senders are at fault.
[ link to this | view in chronology ]
Re: Re: Re:
This wouldn't be punishing somebody else for your own mistakes though. This is the typosquatter, who by definition registers his domain for the express purpose of benefiting from the anticipatable typos that some people will make when typing email addresses, setting himself up to benefit from mistakes of third parties and the first party, the intended recipient, suing because the typosquatter has acted unethically.
"this is not a case where somebody took active steps to harm you"
No, but that doesn't make it right. This is a person who sticks his hand out to catch the money falling out of someone else's pocket, who accepts and keeps it while knowing that he was not its intended recipient.
Once again, if you never took an ethics class, just because you can do something doesn't mean you should do something.
[ link to this | view in chronology ]
Re: Re: Re: Re:
You may not like it, it may cause you some headaches, it may embarrass you but it should not be a criminal matter ever.
Can you see people playing football on those terms?
Would you make it illegal to exploit others flaws to make the game more "ethical"?
These is not something that exploits direct flaw, beyond your control to extract information from anybody, this is not somebody taking its time to study code and find a whole in it so it can gain access to your computers and take information from those these is somebody doing a questionable thing, maybe unethical, that have potential to cause some degree of harm for which he could be held responsible depending on the actions he takes further, like if he gets his hands on bank account info and withdraw money from those then he should be prosecuted, then real malicious intent was proven without a doubt, then the legal system should be used.
The legal system is a goddamn hammer if you want to use it to try and make the world ethical it will fail and you will create a police state with it trying to enforce your form of ethics upon everybody, leave the legal system to things that really, really need it and where the harm it can do is worth the pain it will bring to everyone, because it will not work 100% of the time and it will put innocents at risk so it better be a very good reason to make it so.
But not for this where the obvious solution is to protect emails with encryption where only the people intended to see it can decrypt that crap.
This may be grounds to keep an eye on the dude sure, to initiate legal proceeding you must be kidding, unethical or otherwise I don't see why anybody should go to jail or prosecute or punished in any way for receiving data sent to them in error ever.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Are you prosecuted for putting up a washing business near a dirty job?
Are you unethical for finding money on the streets and giving it back?
You can be punished for what you did after with that money of bag, not for finding it, or standing where you know it will fall.
Suppose you know there is a place where trucks always let something fall, are you unethical to go there and exploit that to take pictures and show the world that the transport company is profiting unduly from it?
In this case the guy may be exploiting some minor thing for his own benefit at the expense of others but even so that should not be enough to make him guilty of anything, it also criminalizes a whole set of other scenarios where the exploitation of errors is desirable, ethical and moral.
What did he do with that data?
The collection of it is not criminal and should not be, what he did with that data and what data he gained though is another matter.
Did he use the data to gain access to something and took it?
That is criminal, that you can prosecute.
Did he made you look like a fool?
That is not criminal, that you is your problem.
[ link to this | view in chronology ]
Re: Re: Re: Re:
"Kenzie was also previously found guilty of cybersquatting when he purchased confusingly similar domain names in another case. In that case, which was to fish information about Lockheed Martin, Kenzie had claimed that he was performing “research” about Lockheed’s email vulnerabilities without its permission. However, in May, the panel that handles domain name disputes found that Kenzie’s attempts were motivated by bad faith to extort money and not done in good faith. In the Lockheed case, the panel found that Kenzie himself had created the vulnerabilities that he was researching and that “his purpose was to offer services to the Complainant, looking for a financial gain.”"
[ link to this | view in chronology ]
Re: Re:
Under your thought process it'd now become illegal for you to have mail in your mailbox that doesn't have your name on it, regardless of if you have even opened the mail yet or not, or even returned home from work.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
You should go complain to the people who a) deliver the mail or b) send it to the wrong address.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
You'd be prosecuted for theft by receiving if you didn't say anything when UPS dropped off a package at your house instead of your neighbor who was the intended recipient, especially if it could be proved that you moved there expressly to receive such packages. This isn't a passive action.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Because if receiving mail in error is ground for prosecution ad punishment you have created liability, and thus if you cannot find a way to secure and people keep sending it to the wrong place you should be liable for that because you are now threatening others by inaction.
Once you go down that road it turns south very quickly.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
"Kenzie was also previously found guilty of cybersquatting when he purchased confusingly similar domain names in another case. In that case, which was to fish information about Lockheed Martin, Kenzie had claimed that he was performing “research” about Lockheed’s email vulnerabilities without its permission. However, in May, the panel that handles domain name disputes found that Kenzie’s attempts were motivated by bad faith to extort money and not done in good faith. In the Lockheed case, the panel found that Kenzie himself had created the vulnerabilities that he was researching and that “his purpose was to offer services to the Complainant, looking for a financial gain.”"
[ link to this | view in chronology ]
the arguments of lawyers and engineers
Hmm... I think I just answered my own question.
[ link to this | view in chronology ]
We cant have our cake and eat it either
It is clear that Wesley Kenzie is useless piece of shit. Lets let Slashdot, Streisand, what have you sort it out and move along.
Nigel
[ link to this | view in chronology ]
They may have a point
I don't think it's about the sender, or that it's intended to be. It's about the receiver intentionally and willfully setting up a system to take advantage of honest mistakes by the sender in order to read someone else's mail.
If it were physical mail, that would be a federal felony, possibly more than one. Why shouldn't it be for email?
[ link to this | view in chronology ]
Re: They may have a point
Kinda like when the DMCA is used to remove speech that's critical about someone.
[ link to this | view in chronology ]
What if that second 'business' was SOLELY in the business of READING AND PROFITIONG FROM the letters that people mistakenly dropped in the wrong mail slot after hours in the expectation that their private legal business was and would remain confidential?
You may have no issue with someone 'NOT intercepting private communications' based on the excuse that it was someone else's mistake, not theirs, but I'd put the asshole prison, not just sue him.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
hmmm
I wouldn't say he "intercepted" the email, but using any of information within the email could fall against rules.
Kind of like when I get my neighbor's mail by accident. Just because it got sent to me, doesn't mean I am allowed to rummage through his belonging and glean any info I find valuable.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
The problem with trying to punish the bad actors in this case is that eventually somebody without bad intentions will get caught in that net too, far more innocent people are going to be liable and punished by something that shouldn't be criminal, if you make mistakes is not the other parties fault, if you are playing football you can't really claim the other side is being dishonest for exploint your own damn faults. take some responsability for your actions for crying out loud.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Have you not paid attention to how law enforcement works?
[ link to this | view in chronology ]
In web hosting, that's highly frowned upon now and should never be used. Anyone using it is in fact, high suspicious and most likely a scammer/spammer. If he was hosted by me, he's have been investigated as soon as we saw he was doing that... but I guess not all web hosts are good net citizens.
[ link to this | view in chronology ]
Re:
I've never once heard about it being "frowned upon". In fact, many or most email hosts have it as a default.
It's incredibly useful for everybody, not just scammers. I certainly would not consider doing it any other way, and if I got wind that I was "investigated" over such an innocuous practice, I would change services.
[ link to this | view in chronology ]
Loser
[ link to this | view in chronology ]
Now, I'm not sure how popular use of these types of blacklists are now, but a few years ago it was quite the pain for us...
These days, it's my belief that a well behaved email server should not bounce "unknown recipient" messages back to external sources.
[ link to this | view in chronology ]
Re:
Would that count? The original E-Mail was "intended" for another person (real or not, the TO: wasn't me) and ended up in my in box.
[ link to this | view in chronology ]
Kenzie
[ link to this | view in chronology ]
Kenzie
[ link to this | view in chronology ]
Kenzie
Kenzie deliberately set up a domain name to mimic GiocondaLaw.com, and then collected the misspelled emails. He also hid his identity by using domainsbyproxy, and redirected the misspelled domain name to the legit site. That is just f-d up behavior. It's clearly tm infringement and cybersquatting, as I see it
[ link to this | view in chronology ]
Re: Kenzie
Would you sue a lemon stand for putting it up in the middle of a traffic jam in a hot day?
He did get the emails others sent him in "error", he should not be liable for it, if sending something in error creates liability, what happens if somebody sends you the plans for a crime and when you call the police and find out that you are the criminal for unlawful interception of private communication, rendering the whole evidence unacceptable would that be ok?
How are judges going to justify that it is illegal to receive information by accident in this case but not in others?
Now did he do anything else with the data? that might be unlawful?
If not let him go, he is a prick, probably a weasel too, but he did nothing criminal or that would justify expanding, changing or setting precedents here.
Because this precedent could come back to haunt others.
Receiving in error correspondence from others because those others are the party that made the mistake is not a crime and it should never be a crime, unlawful use of that correspondence could be a crime though.
He did not intercept anything, he set his place of business and waited, the dumb came pouring in, it may be unethical, shameful, weasel but should never be a crime, nor there should be liability since he was not the one that caused the problem he is exploiting a failure on the part of people, and error that can be corrected, and failure that can be addressed by other means, but somehow you people think that it is ok to use the law, set precedents and think that nothing bad can come out of it because you believe ethics have anything to do with law.
[ link to this | view in chronology ]
Kenzie
If someone deliberately registers a domain name that is confusingly similar to a trademarked name without a good reason, that's called cybersquatting. Period.
To say a tm owner must register every variant of misspelled domain may be very good advice, but it still doesn't justify the other parties' cybersquatting.
[ link to this | view in chronology ]
Re: Kenzie
The law is suppose to deal with real crime, real serious things and be the last resort because it is so powerful instead we have a generation of idiots that keep asking justice for everything without thinking about the consequences of such acts and then they complain that the system is broken.
Well surprise you people helped break it.
[ link to this | view in chronology ]
Kenzie
[ link to this | view in chronology ]
Kenzie
[ link to this | view in chronology ]
[ link to this | view in chronology ]