legal status of inf...
 
Notifications
Clear all

legal status of info from third parties re web sites

11 Posts
6 Users
0 Likes
200 Views
(@pbeardmore)
Posts: 289
Reputable Member
Topic starter
 

What do colleagues feel about the information obtained from online sources (Nominet, Sam Spade etc), I have seen such info put straight into sec 9 statements but is this not hearsay as , just by looking it up, does not mean we can vouch for it's accuracy or speak on behalf of the data source.

 
Posted : 08/06/2009 4:18 pm
(@Anonymous)
Posts: 0
Guest
 

Sam Spade performs, among other things, a WHOIS lookup against the DNS databases that help make the Internet what it is. The info returned from those servers MUST be correct and can be presumed to be the best available evidence.

The data returned from a WHOIS lookup could essentially be thought of as "eyewitness" testimony. In the US, information gathered from automated sources or techniques is acceptable as evidence. UK laws may differ.

 
Posted : 08/06/2009 4:49 pm
(@seanmcl)
Posts: 700
Honorable Member
 

There have been a number of legal cases in the US which have taken opposing views of this, however, recent cases have been more liberal in accepting evidence derived from Internet sources.

For example, US courts have allowed information obtained from government web sites to be admitted as public records. Mapquest data has been admitted for the purposes of establishing (or rebutting) an alibi (although a PA court has disagreed). The Internet History Archive (Wayback Machine) data has been used to establish the appearance and content of a web site for a particular time in the past. Kelley's Blue Book data taken from a web page has been admitted as have various industry guides published on the web.

The general rule is that the Court is that for the data to be accepted in must be from sources not reasonable subject to dispute. In one case, a business tried to sue an employee who left for a competitor on the basis of a non-compete clause arguing that the contract specified that the non-compete clause covered "any geographic area" in which its products were sold. The lower court ruled in favor of the plaintiff on the basis that its web site say that it had a global presence with sales in North America, Asia, Europe and the Middle East.

But a higher court rejected the argument based only upon the company's web site arguing that the information was unreliable and contrary to the company's public filings.

In another case, a court remanded a ruling by a lower court which relied, in part, on information obtained from Wikipedia.

Thus, Internet information is subject to the same rules of evidentiary procedure as would be required for any evidence.

Also at issue is the reason for admission. Statements posted to Internet newsgroups have been admitted in cases related to defamation of persons and products. Statement made by professionals in the course of a professional discussion (e.g. Encase Support Portal) have been admitted for the purpose of establishing (or questioning) the expertise of a witness.

 
Posted : 08/06/2009 6:01 pm
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

As individuals working with this daily, how do you feel about its validity?

Would you challenge someone's whois or online Sam Spade report?

I would challenge it.

Unless the queried systems are in my or a trusted party's control, I would question its validity.

 
Posted : 08/06/2009 6:15 pm
(@seanmcl)
Posts: 700
Honorable Member
 

Would you challenge someone's whois or online Sam Spade report?

I'm not exactly sure what you mean. The validity of WHOIS data is not, de facto, more or less reliable than any other data which is voluntarily submitted to a collection entity. The fact that it is retrieved using WHOIS does not, by itself, call into question the data's reliabilty.

Because ARIN WHOIS information is self-updated and because it is not, independently, verified, it may be inaccurate (I just looked at my information and found that the phone numbers they had were seven years old). Thus, it would be reasonable to question whether the result of any one query is accurate if that was the sole source of the information. But the fact that it was obtained using a WHOIS query doesn't invalidate it.

 
Posted : 08/06/2009 7:38 pm
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

What I mean by "challenge" is I would question the validity.

Depending on which RAR is queried the information can be completely useless, or worse, appear valid but is wrong.

ARIN, and RIPE seem to have their stuff tolerable. APNIC is horrible. I have little experience with LACNIC or AfriNIC.

From cases where I was involved, not one APNIC WHOIS record was valid.

I don't mean like yours where the phone number was off, but the whole WHOIS record is bogus.

 
Posted : 08/06/2009 9:41 pm
(@seanmcl)
Posts: 700
Honorable Member
 

I don't mean like yours where the phone number was off, but the whole WHOIS record is bogus.

True, but this is often deliberate. I was involved in a case related to the Russian Business Network and found a number of sites where the information was bogus at the time that record was created. Most people who want to disseminate malware or host phishing sites don't want to leave their real names and addresses. GoDaddy even offers a service where you can register a site and they agree not to publish your information.

That doesn't mean that it isn't evidence and it doesn't mean that the entire WHOIS service is invalidated because someone misuses it. But I agree that if you can't verify it by some other method, it is reasonable to question the accuracy based upon a single source. As a general rule I'd want to be sure that any data obtained from an electronic source be independently verifiable, if at all possible.

 
Posted : 08/06/2009 11:12 pm
(@pbeardmore)
Posts: 289
Reputable Member
Topic starter
 

so no real concensus and no inputs from any colleagues from my side of the pond?

 
Posted : 11/06/2009 10:19 pm
(@rich2005)
Posts: 535
Honorable Member
 

Was trying to think of scenarios where it would be used (or what pieces of information exactly) and therefore how much weight i would or could put on it, with caveats etc.
(was the reason i hadn't replied either way) 😉

 
Posted : 12/06/2009 2:04 pm
(@seanmcl)
Posts: 700
Honorable Member
 

so no real concensus and no inputs from any colleagues from my side of the pond?

Again, the answer lies in the use to which the information will be put as well as your ability to verify it via some other means. You can introduce into evidence a column from a newspaper, but that doesn't mean that the information contained in the column is correct.

In the Russian Business Network case, to which I refer, the WHOIS information was used in an affidavit to illustrate that the site in question (which had since been taken down) was probably being used for nefarious purposes because the WHOIS information was completely unverifiable. The physical address didn't even exist. Further, we were able to show that a number of other sites known to be bad actors were registered using the same, invalid contact number, suggesting that they had been registered by the same group/individual.

 
Posted : 12/06/2009 5:34 pm
Page 1 / 2
Share: