1. When Ceglia first filed his claims, I called it a "lawsuit full of holes [that was] built up by sensationalist reporting into a supposed major threat to Facebook and to Mr. Zuckerberg" and concluded that, "in the courts, this thing is going nowhere." (http://news.ycombinator.com/item?id=1537158) My sense of this had nothing to do with any fraudulent tampering with evidence as alleged now in the criminal prosecution but instead with the whole smell of the thing: a flaky 2-page contract with basically incoherent terms used as a basis for a lawsuit brought by a backwater lawyer who drafted a complaint that would have been an embarrassment to a first-year law student. It looked like a joke on the face of it, notwithstanding that a small-town judge had initially entered a TRO based on the filing.
2. Then, in April, 2011, this case looked like it had taken a major turn: Ceglia had dumped his original lawyer and retained the prestigious firm of DLA Piper; he also produced a mountain of emails "documenting" that he and Mr. Zuckerberg had, in effect, entered into a legal partnership giving him a major ownership piece in the FB venture; he also (via the lawyers) put together a compelling story in his complaint making it appear that FB and Mr. Zuckerberg were in deep legal trouble concerning his claims. (Here is my comment at the time: http://news.ycombinator.com/item?id=2438063) Once again, there was a sensationalist wave of reporting across the web rejoicing about how Mark Zuckerberg was about to get his comeuppance.
3. Since that time, through the work of very able lawyers for Facebook, the Ceglia case has been progressively torn to shreds in the federal court to which it had been removed and, as the case has disintegrated, it has drawn progressively less interest (the DLA firm withdrew at the first sign of serious trouble). Indeed, without the dramatic turn of a federal criminal indictment, I doubt that it would done more than draw a few yawns as it eventually headed to the judicial graveyard where most flaky cases ultimately find their rest.
4. The lesson here is how prejudice and crowd-think can dramatically affect and distort perceptions. When someone takes on the role of villain (as Mr. Zuckerberg has in some circles), there are those who so desperately want to see him torn down that they will suspend their better judgment just to see it happen, whether he was right or wrong in what he had done. This is not to excuse him in things he may have done wrong in other contexts, but he had done nothing wrong here and it is just amazing to me how many people were willing to take it as a given that he had even with little or no evidence to back it up.
5. The other (major) lesson here is that there are serious limits to playing fast and loose with the courts. It is true that there is much abusive litigation but there is obviously a line that cannot be crossed without inviting horrific consequences. It doesn't happen often enough that abusive litigants get what they deserve but, when it does occasionally happen, it is very nice to see. At least it sets an outer bound on what people can do to abuse one another in the courts.
There is an often-hidden virtue to the methodical, deliberative nature of a real court system that's easy to miss until you see how humans can behave in its absence.
What are your thoughts on the pox on DLA Piper's house as a result of taking him on as a client? Doesn't it speak to their naiveté after reviewing the materials he was able to present? Or?
Still, it is bad judgment, as I see it, to take on a high-profile representation of a guy with one conviction already under his belt on what would seem to be a very opportunistic claim ("Yeah, I know innocent investors put in millions, and the company is now worth billions, but I am a ghost from six years’ past who can pull out a piece of paper saying I own more than half of it because of my $1,000 investment.") If you are going to step into this pile of whatever as a law firm, you had better do some strong due diligence to make sure it holds together. I suspect that wasn't done here, much to the firm's ultimate regret.
That said, DLA has a great reputation and the bad effects of this will prove ephemeral, especially since it high-tailed it out of there once forensics showed it had been caught with its pants down. Highly embarrassing, but nothing more.
Why was Zuckerberg going to Craigslist looking for work? Why did Zuckerberg want to do work for "known criminals"? The project Ceglia was trying to set up was an image database. Much like Facebook. I think if Paul Ceglia had a cleaner past and better judgment, he'd be collecting his (unearned?) share from Facebook in the same way that others, Winklevoss, etc., have collected.
The reason is the trail that Zuckerberg left behind him, screwing people over one after another, betraying their trust. The only person who could keep the damage under control is Zuckerberg. As others have said, other internet billionaires don't seem to have as many "forgotten co-founders" showing up for their "cut". The problem is particularly acute with Facebook. That's no coincidence.
The lesson here is you reap what you sow. Both Ceglia and Zuckerberg.
In the case of Facebook, a multi-billion dollar company, it seems amazing that someone can come out of the woodwork and with a little effort in document tampering cause such a hullabaloo. It seems like too important of an issue to be inpart determined by "spacing, columns, and margins of page one of the Alleged Contract."
Of course, I don't know of a better system, just that the current system seems archaic. (You probably couldn't create a centralized "contract bureau" in the federal government, because many contracts are private, until someone sues.)
Of course you can! Only submit a short cryptographic hash (summary), instead of the plaintext. Along with the digital public-key signatures of the signing parties.
You could even privatize it. There was at least one startup/concept like this on HN, but I forgot where.
(edit): Here's one discussion:
In addition to privacy, paper is durable. Being physical, it's possible to safe guard the chain of custody. Paper is also largely tamper evident.
I'm still weirded out by digital signatures, both the crypto and fax kind. How are they challenged, verified, revoked? Electronic mediated transactions make sense when systems are double entry (credits and debits) so that each party has their own audit trail. But they seem rather virtual to me for things like transfer of ownership and voting.
Learning about the legalities of digital signatures is on my to do list.
Of course you can get a notary to stamp a document or file it with the county clerk in your jurisdiction. But what about taking an MD5 of a PDF and printing it in the newspaper? Would that work?
You have to worry about people breaking things. Raw MD5 is considered useless today, since there are tools that make two documents with the same MD5.
This would not necessarily invalidate all prior MD5s; if you published like that 10 years before people starting breaking MD5, that would be pretty good evidence you really did do it, unless your idea is so amazingly valuable that it was more worthwhile to try to forge documents instead of publicizing your research.
Using a few different HMACs in parallel would probably give you good proof.
You still need a way to prove that the other side really signed the document you hold, and willingly. Notaries work.
But this system is not forced - so it protects the side holding a real contract form the other side denying they signed, but does not protect you from a fraud turning up with a contract that you didn't really sign and claiming that you did, you just didn't bother to go to a notary with him.
If there were a way to publicly claim "from now on, only contracts signed by my private key count as really signed by me... But it's not easy to implement such a measure. Every one you sign contracts with needs a really easy way to check if you declared this in the past, otherwise you can fraud them by signing a contract only with a pen. And they need to be aware of this new law.
Only problem with demanding this is that you /want/ people to be able to sell their car without access to a computer. That, and authentication.
I do understand that people are using these as a mental shorthand for "A one-way cryptographic hash", but when your instinctive exemplar of a digest algorithm is in the "not-recommended" category, it worries me that, in a context that matters (code or spec), you might accidentally type MD5 when you meant to type SHA3 or SHA-256
Or are there some more sophisticated methods?
E.g. How about in any binary content - embedded fonts, images etc.
My big concern is that in this scenario an attacker may have years to create an attack. One small part of designing a security protocol is understanding timeliness constraints.
Collision attacks are mitigated by careful examination coupled with a forbidding of extraneous data and a skepticism about possibly extraneous data - but I am not comfortable assuming they are defeated by it.
In order for it to help, a company or individual would need a way to say, "only contracts held in escrow are valid from the period from x to y" and have it hold up in court.
This case shouldn't be given a free pass just because the party intended to be deceived is the judicial system rather than the mail recipient.
Remember that when mail fraud came into existence as a discrete crime the mail was the primary means of communication for essentially everyone and everything. Tampering with it went beyond deceiving any one person or group of people.
In today’s press release, USPIS Inspector-in-Charge Randall C. Till added: “When Mr. Ceglia allegedly decided to take advantage of Mark Zuckerberg and Facebook, he underestimated the resolve of the Postal Inspection Service to bring him to justice for illegal use of the U.S. Mail.”
Ceglia is probably in the wrong and unethical. But the self-righteousness and pompadour of the USPS? Really?
The statutes that make mail fraud a federal crime do indeed play up the sanctity of the US Postal Service, which is an idea that comes from the 1800's (when the US Postal Service played a far more important role in our society than it does today). But if the US Postal Service has gotten less important, the mail fraud statutes haven't. In the same manner that tax fraud makes criminal enterprises more difficult to scale and sustain (by making it much more difficult to handle the funds those enterprises generate), the mail fraud statutes make it harder to scale organized criminal efforts across state lines, by making the abuse of the communication services our society provides a crime in and of itself.
Ceglia faked a contract, faked several emails, wasted $100,000's of Facebooks money, wasted $100,000's of the courts time, experts were testifying as to the thickness of the paper and the age of the ink and the staple hole locations... all with the goal of getting a $20 Billion payday. A huge attempted fraud by any standards.
Good for the USPS for stopping one more fraud. They probably do this all the time for all sorts of frauds, and they don't get the credit they deserve.
The famous mob boss Al Capone was only ever convicted of tax evasion and served 11 years in Alcatraz for that.
Hair styling is everything when exuding self-righteousness. Choosing the Reagan model is as good a style as anything.
Ceglia has had a couple of lawyers (Argentieri and Boland) who have been filing discovery motions, and really aggressively going after Facebook and Zuckerberg. If you read only a couple of their filings, it seems really personal for them. They are absolutely offended at Facebook's lawyers behavior, really aggressive in the wording of their filings, and going so far as to call out FB lawyers by name and complain about them.
And now it turns out the US Govt found the real contract from email archives and it doesn't match at all.
I'd like to see the lawyers punished somehow (reprimanded) for pushing this obvious fraud through the court system so hard and for so long.
And if I were the judge, wasting 2 years of his life on a sham case like this, I'd be furious. They were still submitting filings even as of yesterday!
People fixate on the maximum sentences when they should focus instead on the minimums (here, 10 months). Just by nature of what "mail fraud" investigations represent, you're bound to get wild swings from case to case.
To threaten defendants, they also stack each single charge one on top of each other to make 5 cases look like a maximum of 125 years too.
Not that more oughtn't be done.
As for bringing down the economy, if you're going to arrest everybody that participated, you'd need a lot more jails. You'd have to arrest all that took and signed liar's loans, all that took interest-only 40 year loans with no income source to speak of, all that used their HELOCs as ATMs and took luxurious vacations on borrowed cash, all that saw their house double in value in 3 years and decided they are real estate moguls now, etc. etc. Bankers are a fashionable target, but they were not alone in this.
Take it from a non developer scumbag thief "wannatrepenur" to not have the God damn decency to read up on how email works before trying a stunt like this.