Information Security News
mailing list archives
Law Firms Not Liable in Alleged Web Hacking Case
From: InfoSec News <isn () c4i org>
Date: Fri, 9 Dec 2005 00:37:50 -0600 (CST)
Pamela A. MacLean
The National Law Journal
Two law firms that allegedly surreptitiously accessed the
password-protected Web site of an expert witness in order to show a
judge that the witness violated a gag order cannot be held liable
under the Digital Millennium Copyright Act.
A District of Columbia federal judge has dismissed the suit by Boston
occupational illness expert Dr. David Egilman, who accused the law
firms Jones Day and Keller & Heckman of Washington, and Keller
attorney Douglas Behr, of misappropriating his protected work.
Egilman accused the Keller firm and Behr of hacking into his Web site
by acquiring a password and sharing it with Jones Day lawyers in the
midst of a 2001 landmark Colorado state toxics trial. Egilman had
testified on behalf of the first four of 50 workers at Rocky Flats
nuclear weapons plant who unsuccessfully claimed that the federal
government colluded with the world's largest beryllium maker, Brush
Wellman Inc., to hide the health dangers of the metallic element.
Despite a broad gag order by a Colorado state court judge, Frank
Plaut, in Ballinger v. Brush Wellman Inc., No. 96-CV-2532, Egilman had
posted critical material about Jones Day and Brush Wellman on his
password-protected Web site in what Plaut ruled was a violation of the
Plaut ordered jurors to disregard Egilman's testimony as a sanction
after learning from Jones Day that the posting included accusations of
potential illegal conduct by Jones Day, and allegations that a Brush
Wellman medical doctor was educated in Nazi Germany, according to
press accounts at the time.
Plaut called the information "scurrilous and inflammatory" at the
Egilman, who has testified in dozens of toxics trials and was the
expert in the recent Texas Vioxx trial that resulted in a $253 million
verdict, limited Web site access to his staff and his Brown University
students. He posted uncensored information on occupational illness and
related litigation, including previously confidential corporate
internal documents related to many toxic torts.
Jurors ultimately sided with Brush Wellman and, without Egilman's
testimony, rejected the workers' claims that lung damage from exposure
to radioactive beryllium could have been avoided.
But Egilman pursued his fight against the law firms. Egilman sued
Jones Day and Keller & Heckman, first in Texas and later in the
District of Columbia, saying that his reputation was besmirched and
his effectiveness compromised.
He argued that the law firms and Behr circumvented measures installed
to deny access to his copyright-protected work on the Web site, in
violation of the 1978 Digital Millennium Copyright Act.
U.S. District Judge Henry Kennedy Jr. in D.C. ruled that obtaining a
username and password from a third party that has authorized access
does not violate the DMCA. Kennedy cited the only other court to rule
on improper use of a legitimate password, holding that gaining access
to a third party's legitimate password is not the same as hacking.
"It is irrelevant who provided the username/password combination to
the defendant, or, given that the combination itself was legitimate,
how it was obtained," Kennedy wrote in Egilman v. Keller & Heckman,
No. 04-876HHK. Use of a legitimate password does not "circumvent" a
technology used to control access, Kennedy concluded.
"This is not really about the DMCA," Egilman said. "It is about how
the legal system is designed to benefit people in power. That is why
courts said it was legal for blacks to be slaves or ruled it legal to
deny women the vote," he said.
Accessing his computer "was illegal conduct. It was breaking and
entering. It is simple theft," he said.
As for Egilman's alternate claim that unauthorized use of the password
violated the Computer Fraud and Abuse Act, the court found that he had
filed that claim too late. Egilman said he is not sure whether he will
appeal. "I spent $150,000 of my money doing this case. At some point I
can't afford to represent the interests of regular people against
criminal law firms," he said.
Behr said only, "I don't want to talk about it," when asked about the
case. Attorneys for Jones Day and Keller & Heckman declined to
Copyright 2005 ALM Properties, Inc. All rights reserved.
Earn your Master's degree in Information Security ONLINE
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.
- Law Firms Not Liable in Alleged Web Hacking Case InfoSec News (Dec 09)