Thunderf00t, and Violating Email Privacy


The Freethoughtblogs network was recently informed that former Freethoughtblogs blogger thunderf00t has been forwarding private emails from the private FTB email list. He has not only been forwarding emails sent during the short time he was a blogger on this network — he used a security loophole to re-gain access to the email list shortly after he was fired from the network and blocked from the list, and has been accessing emails he never had any right to see. When this security breach was discovered and he was shut out again, he tried several times to re-access the private list. And he has already made the content of some of those emails public. (UPDATE: If you want to know exactly what thunderf00t did and how, Jason Thibeault has the technical details.)

I need to talk about this.

I don’t think it’s any great surprise to anyone that Freethoughtblogs has a private backchannel email list. Much like most companies and organizations have private email lists. In this list, bloggers in the network share links, ask for help with research, get feedback on posts we’re working on, ask for help publicizing posts we’re particularly proud of or think are particularly important, think out loud about ideas we’re wrestling with, do logistical planning, hash out differences, vent, joke around, ask for and give support during hard times, and more. The backchannel list is how we planned the April Fool’s round-robin; it’s how we brainstormed about the Secular Student Alliance fundraising blogathon; etc.

This private email list is… well, private. And every single email sent through that list has this postscript automatically appended to it:

“All emails sent to this list are confidential and private. Revealing information contained in any email sent to the list to anyone not on the list without permission of the author is strictly prohibited.”

There’s a reason these conversations are private. Among other things:

People — especially anonymous and pseudonymous bloggers — reveal private information that could jeopardize their jobs if it were made public.
People — especially anonymous and pseudonymous bloggers — reveal private information that could jeopardize their physical safety if it were made public.
People brainstorm ideas that they later decide are bad ideas, and don’t want to be held to.
People discuss private medical matters and personal family issues, which could hurt both themselves and others if they became public.
People hash out differences of opinion that they don’t want to turn into a giant public debate.
People talk about personal, emotional stuff that they don’t want to share with the entire Internet.

If you have ever said anything privately that you wouldn’t want made public — because you were thinking out loud, because you knew the people you were talking with would understand the context but the general public wouldn’t, because you were mad and said things you didn’t really mean, because you don’t want everyone on the Internet to have your home address and phone number, because some things are just private and you bloody well have the right to decide who to tell them to — then you almost certainly understand exactly how important this is, and what a terrible violation it is, and why. People need to be able to talk freely among their friends and colleagues, without parsing every word for public consumption. People need this — and they have a right to have it. That’s a no-brainer.

Now.

Every single time that thunderf00t sent an email through this private backchannel, every single time that he received an email through this private backchannel, he was agreeing to this privacy policy. Every time he sent or received one of these emails, he was signing onto this agreement:

“All emails sent to this list are confidential and private. Revealing information contained in any email sent to the list to anyone not on the list without permission of the author is strictly prohibited.”

Participation in this backchannel list is entirely voluntary. It’s not a requirement of being a blogger in the network, and in fact not all bloggers in the network participate in it. Thunderf00t could very easily have opted out of it. Every time he sent or received an email through this network, he was signing onto an agreement to keep that email private. Forwarding these emails crosses a clear line into grossly unethical behavior.

And regaining access to the private email list after being fired from the network… that races past that line at a hundred miles an hour. It’s bad enough to pass on emails you received privately and agreed to keep private. It is a thousand times worse to deliberately gain access to private emails you never had any right to see… emails that, in fact, you personally and explicitly had been refused access to.

What’s more, I think it’s worth pointing out that these actions do serious injury, and are a gross violation of trust, against everyone in the Freethoughtblogs network, and against everyone participating in the private email list. Including people who never participated in the public debate with thunderf00t, and who had nothing to do with the decision to fire him. This was is not a surgical strike. It was a firebombing. And it seems to have been done for no reason other than to pursue a personal vendetta.

This is a gross violation of basic human decency. There is no possible spin that can make it into anything else.

Comments

  1. Per Edman says

    Did any of the forwarded emails actually breach any of the reasons for the privacy policy, i.e. the sentences starting with “People”?

  2. penn says

    I haven’t heard anyone discuss legal action yet. Is that being pursued? There laws against unauthorized access. It could be a felony.

  3. jim says

    “Every single time that thunderf00t sent an email through this private backchannel, every single time that he received an email through this private backchannel, he was agreeing to this privacy policy.”

    Legally speaking I do not believe this is a true statement. It is more like a statement of copyright protection . . . like what you see on sports broadcasts that say no reproduction is permitted without express written permission of the creators. If someone ignores that statement and reproduces the work they may be able to be sued for copyright infringement (suing another person in a private action for breach of copyright law), but not for breach of contract (suing someone because of breach of a mutually-agreed contract).

    It’s possible that as a prerequisite of joining the an e-mail list that a person be required to sign a nondisclosure agreement, but a notice posted at the bottom of an e-mail does not constitute a valid mutually binding contractual obligation (“he was agreeing”).

  4. unbound says

    I think jim is mostly correct. The disclaimer at the bottom of an e-mail has dubious legal bindings. If thunderf00t signed an NDA, that would be the basis of a lawsuit. The e-mail disclaimers will help in any lawsuit, but I haven’t seen any lawsuit initiated based solely on that.

    The other approach for a legal action (assuming he didn’t sign an NDA) is via the hacking that thunderf00t did (using a security loophole is still hacking if he did not have a legal right to access the system in that way). That is a serious crime in its own right.

  5. Per Edman says

    Ace of Sevens,

    Considering what that “idea” was, and the fact that he shared it only with the person endangered by that “idea”, I feel it was justified. Granted, I just started reading about this due to the rash of apparent smear pieces about a specific person. I have only started reading both sides of the story and so far it runs the risk of making my reader feed much, much thinner than this morning.

  6. says

    Did any of the forwarded emails actually breach any of the reasons for the privacy policy, i.e. the sentences starting with “People”?

    Does that matter? The mere potential for that to happen is enough for this to be a disgusting and highly immoral move on TF’s part. Nobody can say, “Oh, well, no actual harm was done, so it’s all hunky-dorey.” Because there’s always the chance that real harm was done, and nobody has realized it yet.

  7. TwoPiDeltaIJ says

    While I agree with almost everything you have said (except what jim pointed out in reply #5), I think that Thunderf00t himself made a valid argument as a defense against a part of this (which you linked to). Namely that the anonymity/pseudonymity was already broken with regards to him being in on the contact details of people. So, while it is certainly a very bad (maybe criminally stupid) thing that he has done, that part of it at least rests on whoever decided to admit him in the first place (and thus trust him with other people’s private information), at least in my opinion.

    In short, blame him for everything that is his fault, but the pseudonymity breach is not his fault.

  8. kingoftoasty says

    Whether or not TF’s actions were legally actionable isn’t really at issue here. The point Greta was trying to make was that his actions were unethical and malicious. What he did was wrong, petty, childish, and mean spirited. TF knew those emails were meant to stay private and he almost certainly knew the reasons they were intended to be private (as stated in the OP). This is the equivalent of the school bully stealing another kid’s diary and reading it over the intercom to shame and humiliate him/her.

  9. says

    @16: It’s their business, and their business alone what they say and what goes on in their private backchannel. If you can’t understand that, then FSM help you.

  10. Per Edman says

    #10, TerranRich,

    It mattered enough that those things were specifically itemized in the post above. Since the post doesn’t detail what Thunderf00t did except forwarding information (some? all?) somewhere (public? private? specific person? reason?) but then goes on to list all these very reasonable things one would like to keep private, yes it does matter to me what was actually revealed, what the big crime really was.

    And it should matter. For me it is a much more serious breach of confidence to actually leak someone’s medical records to a third party, than, for example, warning someone you sympathize with ahead of time that they are likely to become a target for a very small scale conspiracy.

    In fact, I might even consider doing something like that for someone I do NOT sympathize with.

    There is a very real difference between “real damage COULD have been done” and “real damage WAS done”.

  11. Per Edman says

    #12, TerranRich,

    > “Re #8: He is a disgusting pile of human excrement.”

    You know what, disregard what I just wrote.

  12. Wowbagger, Titillated Victorian Gentleman says

    kingoftoasty wrote:

    The point Greta was trying to make was that his actions were unethical and malicious.

    Which would guarantee condemnation from most communities – however, it’s recently become clear there is a vocal section of the atheist/skeptic community who have no interest in ethical behaviour and no problems with maliciousness; rather, they revel in it, and will be cheering Thunderf00t on, no matter how much harm his actions might cause to actual people.

  13. says

    So if I break into somebody’s house with a weapon, but do not actually harm or kill anyone, does the fact that I was holding a weapon not mean anything?

    He hacked into a private email list after he was specifically banned from it. He knew at one point that the emails were private and NOT to be shared with anyone.

    It’s still likely that somebody’s words, even taken out of context and not quoted, could still get back to somebody and do real-life harm to them. Regardless of what real harm was done, what TF did was unethical and potentially illegal.

  14. says

    In fact, I think Ed Brayton’s analogy is even better than mine:

    I really do find this outraged declaration that he does not “doc drop” to be almost laughably deluded. It’s like someone who breaks into your house because you forgot to latch a window. He comes into your house and steals your china and jewelry, then reacts in mock outrage when you suggest that he might steal your TV too. In fact, he screams “I do not steal TVs!” at the top of his lungs to the neighbors while he’s handing your other possessions out the door to someone else. And then he expects that declaration to be credible and to provide some assurance of his character.

  15. kirbywarp says

    @11:

    While I agree with almost everything you have said (except what jim pointed out in reply #5), I think that Thunderf00t himself made a valid argument as a defense against a part of this (which you linked to). Namely that the anonymity/pseudonymity was already broken with regards to him being in on the contact details of people. So, while it is certainly a very bad (maybe criminally stupid) thing that he has done, that part of it at least rests on whoever decided to admit him in the first place (and thus trust him with other people’s private information), at least in my opinion.

    Bull. Just as consent to one thing doesn’t imply consent to anything and everything afterwards, giving Thunderf00t access to the mailing list does not give him a right to do anything he wants with it. That notion was explicitly written out in the automatic footer. (And that’s just talking about the stuff he apparently released while still on the mailing list legitimately)

    The fact that other pieces of communication have been leaked before has no bearing on this either. I believe I’m safe in assuming that those pieces of communication were released only by the consent of everyone involved in them. I also believe I’m safe in assuming that no such consent or permission was given to Thunderf00t.

    Don’t even start trying to blame people for trusting Thunderf00t. He took advantage of their trust, that’s where the blame lies.

  16. TwoPiDeltaIJ says

    @25: Kirbywarp, I am not sure what you read that you think I wrote but I did not discuss anything about what he has or has not released or where or when he got it with one exception. When Thunderf00t was given access to the email list initially, he was given what is apparently sensitive information (above and beyond what is immediately available through simple search engine results). The problem in this regard is not one of content, but of access. I agree with you that anything Thunderf00t does with that privileged information is his fault, but if the problem is simply potential to cause problems because of information he was freely given (which is sort of how I understand part of Natalie Reed’s blog post, in part) then there is some fault with whoever gave access.

    So you can call ‘bull’ all you like, but you are not talking to me because I did not say any of what you responded to. I have one (well, two counting jim’s objection) problems with the litany of offenses leveled against Thunderf00t, and that is all. Is it wrong to want to only damn the man for transgressions I think are his?

  17. Elerena says

    @5 & 7: That’d be true for any emails he had while he was legitimately on the list. The things he decided to leak were from after he was removed, and then illegitimately regained access; he had no more legal right to disseminate them then someone would have to broadcast your phonecalls after putting a wiretap on your line.

  18. doubtthat says

    “What are you guys hiding in that infamous backchannel?”

    Obviously that’s where the 9-11 attacks were plotted and the blueprint for Justin Beiber’s career laid out.

  19. kirbywarp says

    @28:

    You claimed that Thunderf00t had a “valid defense” when he talked about how anonymity on the list was already broken. Here’s his own words on the matter:

    Nor do they seem to realize that their main beef that I ‘stole their personal details‘ is clearly stupid. I, and everyone else on that mailing list, would have had all of those details (whatever they actually are, I still have no idea) anyways from when they originally signed me up to the mailing list. So what exactly are these personal details they think I’ve ‘stolen’ here?

    The problem is not that Thunderf00t had access to the e-mail in the first place. That Thunderf00t knows real names and info is not the problem. The problem is that he was threatening to release that info, and that he thinks he’s entitled to that info (and to do what he wants with it) because:

    1. He was put on the mailing list.
    2. Other bloggers have revealed pieces of exchanges before.

    I’ve already addressed why 2 is false, but 1 is not something that anybody can or should be “blamed” for. The burden is squarely and solely on Thunderf00t’s shoulders for abusing everyone’s trust and threatening to release personal info.

    That is what I called “bull.”

  20. kirbywarp says

    It isn’t even just personal info either. Like the bloggers have been saying, there are conversations on those lists that could be equally harmful if released. And even if Thunderf00t swears up and down that he doesn’t dox anyone, he still feels entitled to release those conversations to people without the author’s knowledge or permission.

  21. Onamission5 says

    I wish I could say I was surprised by this information, I really do.

    At best, what TF did with the emails he obtained while a member of the listserve was extremely unethical and a gross violation of trust. Once he hacked back in, though, I am pretty sure that crossed a boundary into illegal* actions– isn’t hacking other people’s email accounts illegal in most states? If it isn’t it certainly should be. I don’t know if what he did was legally actionable. I do not think that’s the point, anyway, I think the point is that what he did could ruin people’s lives. It’s not the same thing as stealing private information and then actually blackmailing someone, but it is nearly the same thing as informing someone that you *could* blackmail them with stolen information if you wanted to. But you don’t. At least not at the moment. Otherwise, what would be the purpose of stealing private information and then bragging about having it, unless you intend to use that against them in some way?

    Shameful, shameful.

    *Caveat: I am not a lawyer, nor do I pretend to have anything more than a rudimentary understanding of any area of law enforcement.

  22. TwoPiDeltaIJ says

    @31:

    That Thunderf00t knows real names and info is not the problem.

    Tell that to Natalie Reed. This is in fact one of the problems that is being complained about (and perhaps rightly so). This is all I mean (or have meant), and I do not think you get to dismiss this as not a problem. Note that none of this has anything to do with your claims of ‘bull.’

  23. kirbywarp says

    @35:

    Did you read the rest of that paragraph?

    That Thunderf00t knows real names and info is not the problem. The problem is that he was threatening to release that info, and that he thinks he’s entitled to that info (and to do what he wants with it) …

    If it were the case that Thunderf00t weren’t making threats, and wasn’t releasing stuff from the mailing list, the fact that he was put on it in the first place wouldn’t be a problem.

    You said:

    … but if the problem is simply potential to cause problems because of information he was freely given (which is sort of how I understand part of Natalie Reed’s blog post, in part) then there is some fault with whoever gave access.

    That is not the problem. The problem is not that he had the potential to do it, everyone on the mailing list has the potential to cause problems. The issue is that he is actually releasing stuff, and threatening to release more.

    If that’s what you mean, then fine. We’re on the same page. But if you’re gonna say that Thunderf00t has any sort of valid defense to make, I’m going to call bull on that.

  24. Koren says

    I don’t hate Thunderf00t, the only videos I’ve ever fully watched of his were his childish bickering against FTB. I just found the rest of his videos boring but that is just because my preferences dont jive with what he offers. I do think he’s being an idiot, the stuff he keeps jabbering on about PZ doing are reasonable on PZs part. Of course FTB is going to be populated by Liberal Atheists, what was he expecting, an Objectivist Blog, a Republican Blog.

    He dug his own hole by continuing to care about the Progressive slant on a Progressive guys blog site.

    Heres an idea Thunderfoot, make your own damn blog network.

    (Sorry for the lack of punctuation and exclamation in this post, my keyboard seems to be broken -.-)

  25. TwoPiDeltaIJ says

    @36:

    Did you read the rest of that paragraph?

    Yes.

    The issue is that he is actually releasing stuff, and threatening to release more.

    These things were given to him, and while it might have been under an understanding that he would behave himself (which I do not think he has ever had the reputation of doing) it was not with any legally binding force*. In addition to there being no teeth to back up the fairly mild ‘barking’ of the privacy agreement, there was no technical effort to shield members (and if the list is attaching text it can certainly mask senders actual emails from at least casual observers).

    But if you’re gonna say that Thunderf00t has any sort of valid defense to make, I’m going to call bull on that.

    It is valid to say that he did not steal the contact information, he was given it. It is valid to further point out that sub-par means were taken to shield members of the list from harm. The second one is only obvious with hindsight.

    *I am not a lawyer, but this is consistent with my lay understanding and what has been said by others

  26. Shadow of the Hedgehog says

    So nothing to say then about plotting to get a guy fired for tweeting: “FTB is unreadable”?

  27. says

    @39: Thunderf00t claims that, but doesn’t support that. His evidence amounts to people advocating making a fuss about what he said because it wasn’t fair. I assume this is what resulted in PZ’s post on the topic. If there was a concerted effort to get him fired which involved some unfair tactics, CFI Canada would have been the ones taking the complaints and let them make a fuss about it if they think it appropriate.

  28. Rieux says

    What was previously merely ugly and (very) regrettable is now frightening. What is with this man?

  29. says

    Whether or not TF’s actions were legally actionable isn’t really at issue here.

    Or anywhere else. A civil suit would be a huge waste of money and good luck getting law enforcement involved. I’ve done over a dozen security incident responses in my career and generally law enforcement only pays attention if you’re the DoD, a bank, someone famous, a large corporation, etc. Remember how much trouble mabus had to cause in order to get anyone to do anything? And what did they do? Basically – nothing.

    I’ve mentioned this elsewhere: TF has an ego and he’s now thoroughly burned with this community. That’s a bigger kick in the pants than just about anything else. Ed/PZ/et al’s strategy in dealing with this is exactly the right one: show everyone what they’re dealing with. If he’s got any sense at all, he’ll find some new hobby, like knitting.

  30. antialiasis says

    @39: I don’t see any plotting to get anyone fired in the messages Thunderf00t posted on his blog, which one would assume would be chosen as the most incriminating ones. The “minor public deal” being discussed is Zinnia Jones’s blog post venting about the idea of having the whole blog network she belongs to dismissed as a single entity by someone who has probably never read half of the bloggers on it – “blog post” not being a euphemism for “phone calls to CFI Canada calling for him to be fired” unless Thunderf00t is privy to some very peculiar and confusing secret language used on the internal Freethought Blogs mailing list.

  31. Still me says

    @31

    “The problem is not that Thunderf00t had access to the e-mail in the first place. That Thunderf00t knows real names and info is not the problem. The problem is that he was threatening to release that info”

    He’s threatening to release personal information?

    I thought he was bragging about not doing that, as in #24, “I don’t steal TVs.” Basically, releasing the contents of the messages with the identifying information erased.

  32. Azkyroth, Former Growing Toaster Oven says

    Did any of the forwarded emails actually breach any of the reasons for the privacy policy, i.e. the sentences starting with “People”?

    Does it matter?

  33. Azkyroth, Former Growing Toaster Oven says

    “The problem is not that Thunderf00t had access to the e-mail in the first place. That Thunderf00t knows real names and info is not the problem. The problem is that he was threatening to release that info”

    He’s threatening to release personal information?

    There’s an equivocation here. He has released private personal communications to third parties and is threatening to release them publicly. He claims this okay because the information he is threatening to release does not necessarily include real-life names and addresses.

  34. Azkyroth, Former Growing Toaster Oven says

    Jim, Marcus, all the other apologists:

    If it’s true that what Thunderfoot did is not illegal, then this reflects a gross, gaping hole in our legal system that our descendents should still be embarrassed by a thousand years from now.

    Now that you’ve smirkingly pointed it out, what are you doing to FIX it?

  35. jim says

    @48 I made a specific statement about the law, and an informative one at that, correcting misinformation about the law stated in the OP. I took no side at all.

    So I’m an “apologist”, and “smirking”?

    Honestly, that feeds exactly into the narrative Thunderfoot is pushing: that the bloggers and commenters here are just on a witch hunt and don’t care about logic, skepticism or accuracy.

    If it’s inaccurate information about the law, it’s inaccurate information about the law. Own it, correct it, and move on. The OP being wrong about the law doesn’t change the ethical or moral arguments being presented.

  36. A. Thibeault says

    @48: I don’t think it can really be called a “gaping hole in our legal system” to tell someone “Oh, by the way, this large group of people are trying to get you fired over an innocuous tweet.”

    Seriously? I mean, I thought the free-thinker’s movement was supposed to be inclusive of other free thinkers. So some guy out there doesn’t like some of the stuff posted here. Who gives a flying fuck?

    Then, when the group here is rightfully called out for trying to ruin a man’s career because he disagrees with you or doesn’t like your writing style, it’s a “gross violation of basic human decency?!”

    Here I thought we had enough to worry about without starting on the infighting.

    Okay, sure, Thunderf00t snitched. Do you really think the best way to respond is with a temper tantrum?

    Greta Christina, I thought you were above this. You’re amazingly intelligent and have written many an interesting article/talk. Why are you so willing to jump onto this overreaction bandwagon?

  37. says

    Jim, what are your legal qualifications? I’m not saying that in a snotty way, and I’m not alleging that your comment is without merit. I have seen claims that lawyers have been consulted informally and that they suggested this alleged incident would be actionable.
    If you have legal expertise it might be good to include that information.

    I have none, and so what I say regarding legalities has only the weight that my non-expertise gives it, but for what it;s worth…

    I HAVE heard from lawyers that if you are the recipient of an unsolicited email and that email claims you can’t divulge the contents that that claim is invalid because you could not possibly have given your assent.

    This situation is NOT a case of a person receiving unsolicited emails. This is a case of a person allegedly deliberately accessing private emails that he knew he was not permitted access to.

    I don’t know if there was a “you agree to these terms” checkbox upon signing up for the list, but I would think (as a layperson) that if so that would be enough rather than a signed non-disclosure form (and that’s if simply having accessed emails that you already knew you were supposed to be barred from receiving isn’t enough on its own.)

    If a signed non-disclosure form were what was legally required then most sites like Amazon and Facebook and Gmail would have no protection.

  38. says

    Azykroth:
    Marcus, all the other apologists:

    Fuck you. I am not an apologist. As I said, I think he got his ass kicked and deserved it. Speaking from my experience regarding getting the law involved in cybercrime is not making apologies for TF’s stupidity.

  39. says

    Okay, sure, Thunderf00t snitched. Do you really think the best way to respond is with a temper tantrum?

    Stop deliberately misrepresenting things.
    The allegation is NOT that “Thunderfoot snitched.”

    The allegation is that Thunderfoot deliberately and successfully accessed a private mailserv that he knew he was barred from, and when barred again, repeatedly tried to regain unauthorized access. Also allegations that he divulged some information that he accessed without authorization, and suggestions that if he were to release the information that he allegedly deliberately took without authorization, that people could be harmed by it, perhaps severely in some cases.

    I can’t state that these allegations are true, but they are allegations of making a deliberate security breach and then repeatedly trying to again, that could result in release of damaging personal information.

    That is NOT the definition of snitching where I come from.

    You may want to revise your comment.

  40. James says

    It’s great to see how the fucking shit-roaches scurry when the light comes on.

    Sunshine is the best disinfectant after all.

  41. says

    If it’s true that what Thunderfoot did is not illegal, then this reflects a gross, gaping hole in our legal system that our descendents should still be embarrassed by a thousand years from now.

    The gap is not the definition of what is or isn’t legal; the problem is getting a DA to try to prosecute a technically complicated case where there’s nobody famous, no big money, no “national security” flag waving. What TF did was probably illegal, definitely wrong, and absolutely stupid. It’s not trivial and I’m not trying to trivialize it by any means.

    What am I doing about it? Well, I happen to think that getting the mechanism of law involved in more than it can deal with doesn’t serve justice either. I don’t want a DOJ so huge that there are DAs sitting around waiting to prosecute every internet infraction, that’d be a lot of DAs.

    In my work with computer security I have, dozens of times, had to lay out for people the likelihood that they will get effective representation from a DA, the FBI, or the USS – how ad why and why not. Is it right? It’s the way it is, unless you want the already-too-big FBI to get a whole lot bigger. :/ What’s more broken is that a civil suit is also improbably expensive. The last suit I was involved in burned $15,000 in a week; justice is indeed for the wealthy. What am I doing about it? I’m uselessly complaining about it on a blog, just like you.

  42. says

    (With respect to computer crime, when your access to a system is revoked – as happened to TF – then you’re breaking into it if you use a stolen credential or otherwise access the system. That’s pretty straightforward. But good luck getting anyone from law enforcement to do anything about it unless you’re Scarlett Johnansen or Citibank)

  43. Stacy says

    @A. Thibeault #50:

    “Oh, by the way, this large group of people are trying to get you fired over an innocuous tweet.”

    Um, that didn’t happen.

    But apparently Tf’s weaselly attempt to manipulate his softer-minded fans into thinking that’s what happened, was successful.

  44. says

    This is a crime – WHICH crime(s) is what they are discussing – not *if* it is a crime.

    Yeah, wonder if there are any lawyers who are FtB fans – oh yeah, I’m thinking there are.

    There is a reason that in some jobs, the moment you are terminated you lose access. Heck, at some places you get an escort out the door.

  45. James says

    @Melby.

    I am a 2nd year law student and I can unequivocally tell you that no crime has been committed whatsoever.
    Only if T-foot actually did release personal identifying information would you MAYBE have grounds for an invasion of privacy tort-and then only IF that leaked information caused some actual concrete harm.

    You guys are frankly just really butthurt at being exposed for your petty cliqueshness.

  46. A. Thibeault says

    @51 (Ace of Sevens): Well, from Thunderf00t’s blog, I got this:

    Indeed it turned out that merely hours after this tweet, CFI Canada had been contacted with calls for his dismissal. Yes his real life job was being threatened because of one tweet about FTBs!

    Then, not to mention the fact that Ed Brayton has called for an ousting of Thunderf00t because of this whole issue.

    It may be that getting fired over a tweet won’t necessarily destroy one’s career, but it would certainly be a setback. When my brother lost his job at the hospital because they downsized the surgery department, it didn’t absolutely destroy his future, but for the next year he had to rely on me and my paycheck to live (and I was happy to support him, but the depression it drove him into is something I never want to wish on anyone).

    I mean, I don’t know either of these guys. If they really don’t deserve to be in the free-thinker’s movement, they’ll make amazing fools of themselves and we will just ignore them until they realize they’re unimportant. Taking the fight to them validates their opinion, and lends credence to the idea that the free thinker movement has become clicky. I don’t think we’re clicky, but secret mailservs and a coordinated attack against two people that violated the hive-mind is making me question that idea.

    @54: Thunderf00t told someone that they were being talked about on the FTB mailserv. How he got the information certainly is a big issue, yes, but it’s not the one that everyone seems upset over. They’re upset that he has information, divulged some information, and could have divulged other information that put others at risk. Even though Thunderf00t never has and has no incentive to DOX anyone.

    So, the issue that we all seem upset over is “Thunderf00t told what was going on in a private mailserv to which he had been barred.” I’d call that snitching.

    As an aside: I really like your piano work (Emily is my favorite). You are amazingly talented, and I can only hope to have such an ear for music.

  47. A. Thibeault says

    @58 (Stacy): Alright, then what did happen? Greta Christina only writes that Thunderf00t posted something from their private mailserv. What would that something be?

    Also, I’m not a “fan” of Thunderf00t. I liked his “Why people laugh at creationists” videos, but that’s the strongest connection I had with him. I only found his blog today, because I wanted to know what he did to piss off FTBs.

    In fact, I’m subscribed to Greta’s blog. I respect her, and think her an intelligent and well-spoken individual. This blog post, today, is the first time I’ve waded into this issue (against my better judgement, but I’d had a few beers with dinner). Indeed, I’m beginning to regret even weighing in.

    In the end, I don’t think what Thunderf00t says he did was wrong. You can decide for yourself, though, if what he says he did is worth castigation, or if he’s telling the truth on his blog. All I did was read Greta’s post, read Thunderf00t’s post, and conclude that telling someone what’s being said about them isn’t a punishable offence (though gaining access to a mailserv one has been removed from would be). That’s it. I read each person’s account of the event, and came to a conclusion. You’re free to do the same, just I won’t insult the consistency of your mind or your intelligence if your conclusion is different from mine.

  48. says

    @61: Read that quote again. He never claims the calls came from FTB. He just mentions them close together to imply that. Notice that he provides lots of e-mail quotes, but not abotu gettign Payton fired and ignores questions on his blog abotu whether anyone at FTB tried to get Payton fired.

  49. A. Thibeault says

    @63: I concede that the calls may not have been instigated by FTB, and calls for his dismissal could have just been offended twitter users. It just looks a little… fishy that someone on the FTB mailserv was talking about “getting involved” and making a deal out of this, while his employer is receiving messages calling for his dismissal.

    You’re right that it’s not enough to conclusively say “FTB is guilty of this.”

    I probably should have read more into that part before posting. :/

  50. says

    @64, except that, according to Thunderf00t, the calls were within a few hours of the post goign up and the listserv talk was a couple days later. Zinnia has now outed herself as the one he was quoting and we know what she did about it. She wrote a blog post, which is all the e-mails indicate that she’s going to do.

  51. jim says

    @52

    Jim, what are your legal qualifications? I’m not saying that in a snotty way, and I’m not alleging that your comment is without merit. I have seen claims that lawyers have been consulted informally and that they suggested this alleged incident would be actionable.
    If you have legal expertise it might be good to include that information.

    Not intending to post verifiable details here as to my qualifications (I think these episodes have provided ample evidence as to the risks of doing so), I would just have to ask either that you take my word that I am qualified to comment, research the issue yourself, or just ignore my comment. I am actually quite qualified to have made the comment I did. If someone thinks I am making a mis-statement with respect to contract law I am open to that discussion.

    So, with that in mind, I will only add that the specifics of legal action will vary tremendously based on jurisdiction and that I was making a very limited legal point. I did not say, for example, that there was no actionable conduct in this circumstance. I was not addressing potential “hacking” actions, and was speaking generally to US contract and copyright law. I did not address the potential circumstance of TFoot perhaps separately having signed a confidentiality agreement at some other time related to the list. There are other possibilities even after that. Nor did I make any statement with regard to the ethics or morality of TFoot’s actions.

    My only general point is that adding a notice at the end of a post does not ordinarily create “agreement” between two parties that would create a private, contract-based legal claim in the way that the OP stated (“Every time he sent or received one of these emails, he was signing onto this agreement:”). In other words, as far as I can tell what was said was not an accurate statement of law.

    Hopefully this is a useful clarification.

    On a related point, I also consider the exchange between myself an Azkyroth an example of how easy it is to get labelled and how those labels immediately start to color the overall interaction. These issues create such strong responses I hope people will be thoughtful in their reading and response.

  52. jim says

    I would just have to ask either that you take my word that I am qualified to comment, research the issue yourself, or just ignore my comment.

    That came across more dismissively than I intended. What I was trying to drive at is that without providing sufficient information that can be verified, you’re better off trying to validate the accuracy of the information itself since you wouldn’t have any basis to know whether I was telling the truth or not about my credentials.

  53. William says

    “If you have ever said anything privately that you wouldn’t want made public..”

    Then don’t post it to the Internet! Jeesh.

  54. Sassafras says

    “Using an email listserv” is “posting it to the Internet” in the same way that “using a telephone for conference calls” is “making a radio broadcast.”

  55. says

    There is a very real difference between “real damage COULD have been done” and “real damage WAS done”.

    How about damage CAN be done? Thunderf00t presumably still has copies of those mails, along with a lot of personal information.

    If I had exploited a security breach in the phone lines to record your personal conversations and had then revealed some of what you had said to a third party, would you really be very comforted by the thought that I hadn’t revealed anything really private yet?

  56. alecrezz says

    Yep. Thunderf00t is a detestable, underhanded cad for “hacking” into an email server he didn’t have permission to access, but PZ is a hero for “hacking” into a phone conference with a code he didn’t have permission to use. Makes perfect sense.

  57. Bernard Bumner says

    Yep. Thunderf00t is a detestable, underhanded cad for “hacking” into an email server he didn’t have permission to access, but PZ is a hero for “hacking” into a phone conference with a code he didn’t have permission to use. Makes perfect sense.

    The mental gymnastics you need to perform in order to equivocate between those two situations is stunning:

    1) Thunderf00t accesses a mail server he knew to be private and was booted from and then shares messages with third parties who never had access.

    2) PZ unmutes himself during a conference call he was invited to participate in about a film in which he featured.

  58. Johnny's Cochrane says

    In regards to 18 USC 2701, I’m not sure an email list qualifies as “a facility through which an electronic communication service is provided.” The emails were sent directly to him, regardless of how he got himself on the list; he didn’t really access the facility where the messages were stored (gmail or whatever, nor anyone’s inbox or email storage).

    And without a doubt, that statute wasn’t written for this type of scenario; which is relevant, although not dispositive.

    See this Justice Department memo on 2701:
    http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm01061.htm

    Without otherwise making a judgement, I don’t think a criminal case is likely to stand up. And any civil case requires damages that a court can remedy with money or possibly an injunction, neither of which is likely since it doesn’t look like any money was lost and injunctions require a heavy-burden.

Trackbacks

  1. […] In case you hadn’t heard: The Freethoughtblogs network was recently informed that former Freethoughtblogs blogger thunderf00t has been forwarding private emails from the private FTB email list. He has not only been forwarding emails sent during the short time he was a blogger on this network — he used a security loophole to re-gain access to the email list shortly after he was fired from the network and blocked from the list, and has been accessing emails he never had any right to see. When this security breach was discovered and he was shut out again, he tried several times to re-access the private list. And he has already made the content of some of those emails public. (UPDATE: If you want to know exactly what thunderf00t did and how, Jason Thibeault has the technical details.) […]

Leave a Reply