IN DISTRICT COURT, COUNTY OF CASS, STATE OF NORTH DAKOTA.

Sierra Corporate Design, Inc.,

Plaintiff,
                                 File No. 09-05-C-01660
vs.

David Ritz and Ed Falk,

Defendant.



                        TRANSCRIPT

			    OF

                        PROCEEDING




                          Taken At
                  Cass County Courthouse
                   Fargo, North Dakota
                        May 9, 2006




             BEFORE THE HONORABLE JOHN C. IRBY
                - - - DISTRICT JUDGE - - -




                  APPEARANCES


Christopher J. Harristhal     FOR THE PLAINTIFF
Attorney at Law
1500 Wells Fargo Plaza
7900 Xerxes Avenue South
Minneapolis, MN 55431-1194



Timothy O'Keeffe
Attorney at Law
P.O. Box 2105
Fargo, ND 58107-2105

Terri R. Hanley
Attorney at Law
220 Montgomery Street
Suite 1920
San Francisco, CA 94104


Michelle Donarski   FOR THE DEFENDANTS
Attorney at Law
PO Box 10247
Fargo ND   58106-0247

Kelly O. Wallace
Attorney at Law
1175 Peachtree Street NE
100 Colony Square, Suite 300
Atlanta, GA 30361

Michael D. Huitink
Attorney at Law
780 North Water Street
Suite 1500
Milwaukee, WI 53202




                           INDEX



                      WITNESSES


BRAD ALLISON


     Cross Examination by Mr. Wallace   10
     Redirect Examination by Mr. Harristhal   52




                       EXHIBITS


EXHIBIT NO.  DESCRIPTION                    MRK'D OFR'D   REC'D
Def's Exh. 1   Usegroup Internet posting      36     37     38
               Re: Saturn rearview mirror

Def's Exh. 2   Internet posting Re:           36     --     --
               Recycling of actors

Def's Exh. 3   Internet posting Re: network   36     40     40
               Location cannot be reached




1                           PROCEEDINGS

2                (The following proceedings were had, commencing at

3    1:30 p.m., on May 9, 2006, as follows:)

4                THE COURT: Court is now in session for the East

5    Central Judicial District in and for Cass County.  We're going

6    back on the record in the matter of Sierra Corporate Design,

7    Inc. versus David Ritz and Ed Falk, file 09-05-C-01660.  This

8    is the time and place that has been set for a number of things,

9    in particular, the continued hearing on the Motion to Dismiss

10   for Lack of Jurisdiction, we have a Summary Judgment Motion, I

11   think a Motion in Limine, and what else do we have, Ms.

12   Donarski?

13               MS. DONARSKI: Two Motions in Limine, Your Honor.  And

14   there is also the Motion to Vacate Default Judgment if you

15   decide there is jurisdiction.

16               THE COURT: All right.  Very well.  We have,

17   representing the Plaintiff, Mr. Harristhal, and is it Ms.

18   Hartley?

19               MR. HARRISTHAL: Hanley, Your Honor.

20               THE COURT: Hanley, okay.  Mr. O'Keeffe is also here,

21   Mr. Wallace, Ms. Donarski, and joining us, Mr. Huitink.

22               MR. HUITINK: Yes, and my client, Mr. Ritz is with me

23   too as well, Judge.

24               THE COURT: All right, very well.  Well, we left off

25   with Mr. Allison on the stand.

                                                                            Page 4





1                MR. HARRISTHAL: Your Honor, I have a preliminary

2    matter that I need to bring to the Court's attention.

3                THE COURT: Okay.  Can you sit down so we can keep you

4    in the camera range?

5                MR. HARRISTHAL: I didn't want Mr. Huitink to be able

6    to see me.  Your Honor, after the new hearing date was

7    proposed, I sent Ms. Donarski an e-mail confirming that I would

8    need both Mr. Falk and Mr. Levine available for this date,

9    which she had selected for the hearing.  I received no kind of

10   response suggesting that they would not be available or not be

11   produced.  I then re-sent the same e-mail to her on May 3, and

12   again received no response of any kind suggesting that they

13   would not be available or not be produced.

14               Now I am told that Mr. Levine is not going to be

15   produced, that he will not appear for testimony today, even

16   though I had given her notice that we needed to examine him.

17   By virtue of the subjects that were gone into on Mr. Allison's

18   cross examination, which clearly went far beyond Mr. Allison's

19   Affidavit, there are areas that we need to examine Mr. Levine

20   about now that we had not seen a need to discuss with him

21   previously.  And I need him back to testify.  And as I

22   understand it, he is not going to be available today.

23               On that basis, we are going to ask that all of his

24   testimony be disregarded by the Court, including his Affidavit.

25               THE COURT: Ms. Donarski?

                                                                 Page 5





1              MS. DONARSKI: Thank you, Your Honor.  When we had the

2    hearing the last time, page 110 of the hearing transcript, Your

3    Honor, Mr. Harristhal's starting at line 10, the Court asks,

4    "Anything else?  All right. Mr. Levine we have no further

5    questions for you. Anyone object to the witness being excused?

6    Mr. Harristhal: No, Sir, I don't.  Ms. Donarski: No.  The

7    Court: All right, thank you, Sir, you are excused."

8              After that, Mr. Harristhal then did the Motion that

9    he presented to you, and it was regarding taking the deposition

10   and providing additional rebuttal testimony.  And on April 21

11   you denied that Motion.  And so, there is really no need for

12   Mr. Levine to be here.  You have decided the issue.  Mr. Levine

13   was excused last time, Your Honor.  So our position is we did

14   not need to make him available today.

15             MR. HARRISTHAL: Your Honor, that is simply not the

16   case.  Your Order never even touches on the issue of calling

17   witnesses who had already been put into evidence in the case.

18   Your Order concerned only additional witnesses, that's the

19   verbatim language in your Order.  It did not discuss at any

20   time whether witnesses could re-take the stand who had

21   testified previously.  And I'm going to need Mr. Falk back on

22   the stand as well, because of the increased scope of this

23   hearing beyond what we had started out with.  And Your Honor, I

24   asked Ms. Donarski to have him available.

25             Now, this is pure gamesmanship.  If they were going

                                                                 Page 6





1     to take the position that they did not have to produce him

2    because of what had occurred at the hearing, I should have been

3    told that so we could have brought that to your attention.  My

4    the Motion did not ask to call Mr. Levine back to the stand, my

5    Motion asked to call additional witnesses.  And that was all

6    that you ruled upon.  Now to have this surprise thrown at us,

7    when we are here for the hearing, is absolutely unheard of.  We

8    have the right to examine every witness that they put onto the

9    stand.

10             They put testimony in through Mr. Allison that went

11   far beyond the scope of his Affidavit.  I have the right to go

12   back into any witness that they have used in this case then, or

13   that witness should be entirely excluded.

14             THE COURT: All right.  We're here trying to establish

15   whether or not there is jurisdiction for Mr. Falk and quite

16   frankly, you gave a rather lengthy cross examination of Mr.

17   Falk that took us, probably into the evening hours there.  And

18   we would have gone longer, but somebody had a plane to catch.

19   I don't think we need to delve back into Mr. Levine on this

20   matter.  We excused him, we're going to move on.  We just have

21   to get this thing completed.  It has got to end sometime.

22             MR. HARRISTHAL: Your Honor, I understand that.  And I

23   appreciate your concerns with expediency.  But this is a highly

24   unique jurisdictional issue.  I mean, they have called an

25   expert witness for a jurisdictional hearing.  And we're trying

                                                                Page 7





1     to do this via interactive television, all kinds of rules have

2    been bent for them, Your Honor.  I simply need an opportunity

3    to ask this man some follow-up questions going into the very

4    issues that were raised when they started cross-examining Mr.

5    Allison.  It's unfair to close us off from that evidence when

6    they are essentially trying to bring a sub-motion on summary

7    judgment within the framework of a motion on jurisdiction.

8               THE COURT: Well, sometimes its part and parcel of the

9    same thing.  I am not going to delve any deeper into what Mr.

10   Levine had to say on this.  We had our crack at him, and we are

11   going to move on.  I propose we put Mr. Allison back on the

12   stand and finish up with his cross examination and any redirect

13   that there might be.

14              MS. DONARSKI: Thank you, Your Honor.

15              MR. HARRISTHAL: So, does that mean that Mr. Falk is

16   excused at this point, too?

17              THE COURT: How much more do you have with Mr. Falk?

18              MR. HARRISTHAL: Like -- well, I shouldn't say that.

19   Until I've seen what they are going to do with Mr. Allison, I

20   can't tell you.  I didn't think I had any questions for any of

21   them until Mr. Allison went beyond the scope of his Affidavit.

22   At this point I would anticipate four or five questions.

23              THE COURT: And he is not available, is that correct?

24              MS. DONARSKI: Mr. Falk is available.  He is appearing

25   by interactive television, Your Honor.  So he is on there.  Ed,

                                                                Page 8





1     can you put the camera on you?  The difficult part, Your

2    Honor, is there are no surprises here, Your Honor.  We have all

3    done the direct testimony, and we have done the cross.  And

4    actually, we haven't been given the opportunity yet to do the

5    cross yet of Mr. Allison.  But there have not been any

6    surprises here.

7              THE COURT: Well, I'll think about, depending on how

8    we go about finishing up with Mr. Allison, about whether or not

9    I will allow further cross examination of Mr. Falk.  Mr.

10   Levine, though, we don't have him here.  He is not available.

11   We've had our shot at him, and I'll deny any motion to have a

12   further expansion of this hearing on that.  So with that, is

13   Mr. Allison available?

14             MR. HARRISTHAL: He is, Your Honor.

15             THE COURT: Good afternoon, Mr. Allison.

16             MR. ALLISON: Good afternoon, Your Honor.

17             THE COURT: And Mr. Wallace, you may continue with

18   your cross examination.

19             MR. WALLACE: And Your Honor, I'm just going to

20   briefly go over a few things with Mr. Allison that he testified

21   to before so that we pick up at the same point that we left

22   off.  Just very briefly.

23             THE COURT: Very well.

24                               BRAD ALLISON

25             HAVING BEEN FIRST DULY SWORN TO TELL THE TRUTH, THE

                                                                 Page 9





1               WHOLE TRUTH, AND NOTHING BUT THE TRUTH, RELATIVE TO

2               SAID CAUSE, TESTIFIED AS FOLLOWS:

3                              CROSS EXAMINATION

4    BY MR. WALLACE:

5         Q      Mr. Allison, you previously testified that you have

6    reviewed the hard drive of David Ritz, the image of the hard

7    drive that had been taken in this case?

8         A      Yes I have.

9         Q      And you have also previously testified that you did

10   not find any communications between Mr. Falk and Mr. Ritz prior

11   to February 27, 2005 discussing performing DNS lookups on

12   Sierra's DNS server?

13              MR. HARRISTHAL: Objection, misstates his testimony.

14        Q      I'll rephrase the question.  You don't recall seeing

15   any communications between Mr. Ritz and Mr. Falk prior to

16   February 27, 2005?

17        A      I do not recall.

18        Q      And is it correct, you also previously testified

19   that you did not see any communications from Ed Falk requesting

20   any current information about Sierra Corporate Design prior to

21   February 27, 2005?

22        A      That's correct.

23        Q      You also testified that you are one of the people

24   responsible for security of Sierra Corporate Design's computer

25   network?

                                                              Page 10





1         A      Correct.

2         Q      And you've testified that you are familiar with the

3    zone transfer command or request that is made to DNS servers?

4         A      Correct.

5         Q      And you're familiar with how it operates?

6         A      Yes I am.

7         Q      And you also testified that you are aware that it is

8    a standard command that DNS servers recognize, specifically

9    that Sierra's DNS servers recognize?

10        A      I do have a little bit of a problem with the word

11   standard, but --

12        Q      What is your problem with the word standard?

13        A      Standard is subjective.  Who's standard are we

14   talking about.

15        Q      What is the name of the DNS server software that

16   Sierra's DNS servers operate on?

17        A      It was part of Windows 2000.

18        Q      Windows 2000.  And does the Windows 2000 DNS server

19   software recognize a command that is, in function, a zone

20   transfer?

21        A      It does.

22        Q      So that is built into the server software that

23   Sierra Corporate Design operates?

24        A      Yes it was.

25        Q      And are you familiar with other types of DNS server

                                                                Page 11





1     software?

2         A       No.

3         Q       You also testified that Sierra's DNS server was

4    configured to allow zone transfers when it should not have been

5    configured to allow zone transfers?

6         A       It was set to accept them by default, and we were

7    not aware that it was configured that way.

8         Q       And when you say, we were not aware, you're the

9    network administrator at Sierra?

10        A       Yes, but at that time we had another security person

11   there as well.

12        Q       And who was that person?

13        A       His name was Jim Rohder.

14        Q       And you were not aware that Sierra's DNS server was

15   configured to accept zone transfer requests?

16        A       I was not.

17        Q       And do you know if, what's this other person's name?

18        A       Jim Rohder.  He is no longer employed by us.

19        Q       Do you know if he was aware of whether Sierra's DNS

20   server would accept zone transfer requests?

21        A       I am confident that he was not aware.

22        Q       And whose responsibility was it for configuring

23   Sierra's DNS server?

24        A       Either mine or his.

25        Q       Was there ever any policy about who was responsible

                                                                  Page 12





1     for that aspect of configuring the DNS server?

2         A        It would ultimately have been my responsibility.

3         Q        How many different DNS servers has Sierra operated

4    simultaneously while you've been with the company?

5         A        I don't recall it ever being more than two.

6         Q        And what type of hardware are they operating on?

7         A        Are we talking about the time the incursions

8    occurred?

9         Q        Yes.

10        A        I believe they were Dell servers.  I don't recall

11   specifically.

12        Q        And you said they were running Windows 2000?

13        A        Yes.

14        Q        As an operating system.  Had you performed zone

15   transfers between the two Sierra servers prior to February 27,

16   2005?

17        A        Yes I had.

18        Q        And I believe you testified to this before, but it's

19   correct that a zone transfer is a request from one computer to

20   a DNS server that requests a complete copy of the DNS server's

21   lookup table?

22        A        That's correct.

23        Q        That's a correct definition of what a zone transfer

24   request is?

25        A        Yes.

                                                                  Page 13





1         Q     Okay.  And a zone transfer is something DNS servers

2    need to do often as part of their functionality?

3         A     In my experience, the only time I've had to run zone

4    transfers is when I'm putting a new domain name server on-line.

5         Q     When you put a new domain name server on-line.  You

6    don't ever do a zone transfer to synchronize, if you have

7    multiple DNS servers to synchronize?  The lookup table on one

8    server with the lookup table on the second server?

9         A     No.  There is a different provision for that.

10        Q     And what provision is that?

11        A     I'm not familiar with what it is called, but it will

12   update periodically, any new records or additions on a

13   scheduled basis, without doing a complete copy.

14        Q     Could a zone transfer be used to do that sort of

15   synchronization?

16        A     It could, I suppose.

17        Q     Because it would copy the complete lookup table from

18   the computer receiving the request to the computer making the

19   request?

20        A     It could, yes.

21        Q     And when a zone transfer request is made, the

22   computer making the request, there is no requirement that that

23   computer, or the user using it, log in to the DNS server

24   receiving the request, is there?

25        A     There are some settings that you can restrict -- by

                                                                Page 14





1     default, the answer to that was no, there was no authorization

2    required.  But, there is a setting where you can restrict it by

3    IP address.

4         Q        And you previously testified to that, that it's

5    possible to configure a DNS server to only accept zone transfer

6    requests from a specific IP address?

7         A        Yes.

8         Q        Would it be possible to do the converse, so that it

9    specifically rejected zone transfer requests from a specific IP

10   address?

11               MR. HARRISTHAL: Objection, foundation.

12               THE COURT: Overruled.

13        A        I'm not certain.  It's possible, but I don't know

14   for sure.

15        Q        Prior to February 27, 2005, did Sierra log DNS

16   lookup requests sent to its DNS servers?

17        A        Not to my knowledge.

18        Q        And I believe I asked you before, but I'll ask you

19   again for the record.  How many DNS lookup requests, on

20   February 27, 2005 or thereabouts, how many DNS lookup requests

21   did each of Sierra's servers receive each day?

22        A        It was probably in the thousands.

23        Q        And on or about February 27, 2005, did Sierra log

24   zone transfer requests sent to its DNS servers?

25        A        We did not log them at all.

                                                                 Page 15





1         Q        And on average, how many zone transfer requests do

2    you think that your servers would receive each day?  On or

3    about February 27, 2005?

4         A        Zero.

5         Q        But you don't have any record of whether you

6    received any or not?

7         A        No.  But if anyone ran a zone transfer, it would

8    have been myself, so --

9         Q        Now, in this case, you have alleged Mr. Ritz

10   performed a zone transfer from a computer, the geeks.org

11   computer, located out on the Internet somewhere?

12        A        That's right.

13        Q        And there is no log of zone transfer requests kept

14   by Sierra?

15        A        Not on the DNS server, no.

16        Q        Is there any log of zone transfer requests that were

17   being kept in February of 2005?

18        A        Not zone transfers specifically.  The firewall kept

19   some sort of logs as far as what ports were being accessed and

20   from where.

21        Q        But you could not tell from that log if zone

22   transfer requests were being made?

23        A        No.

24        Q        So, Sierra could have received a hundred zone

25   transfer requests in February of 2005?

                                                                  Page 16





1         A     It's possible.  I think an expert could look at the

2    logs and see the difference between a zone transfer and

3    standard DNS lookups based on the number.

4         Q     But have you looked at those logs?

5         A     I have.

6         Q     You have?

7         A     I have looked at the logs.

8         Q     Can you recognize zone transfers occurring in

9    February of 2005?

10        A     No.

11        Q     So you couldn't recognize Mr. Ritz's zone transfer

12   in February 2005?

13        A     Not specifically, no, although I could see

14   connections on port 53.  Then from IPs, we know that Mr. Ritz

15   was using many of them.

16        Q     And when you say port 53, what is significant about

17   port 53?

18        A     That is the port used by the DNS servers.

19        Q     And how many connections to port 53 occurred in

20   February of 2005?

21        A     I don't know a specific number, but many.

22        Q     Many.  Tens of thousands?

23        A     That would be possible.

24        Q     And you've already testified that there was no

25   restriction on who could perform a zone transfer?

                                                               Page 17





1         A       Apparently not.

2         Q       So someone, anywhere in the United States, connected

3    to the Internet, capable of sending the command to port 53 on

4    Sierra's DNS server could have requested and received a zone

5    transfer?

6         A       Apparently.

7         Q       And that's true for anybody connected to the

8    Internet, anywhere in the world?

9         A       Given that there were no restrictions, probably so.

10        Q       On May 17, 2005 you stated "because the security on

11   our DNS server was incorrectly configured was the reason that

12   David Ritz was able to perform a zone transfer."     So what you

13   meant by that was that you, or another Sierra Corporate Design

14   employee, had incorrectly configured the DNS server to respond

15   to zone transfer requests made from anywhere on the Internet?

16        A       Incorrect might not have been the best word, but it

17   was left at default, where we would have possibly been more

18   secure if we had changed it from default.

19        Q       But the obligation to change it from default to

20   something more secure than default, was Sierra Corporate

21   Design's obligation, and specifically your obligation?

22        A       Yes.

23        Q       So you negligently configured Sierra's server to

24   accept zone transfer requests from anywhere in the world?

25               MR. HARRISTHAL: Objection.  Calling for a legal

                                                                 Page 18





  1      conclusion to the extent he is asking him about negligence in

  2     this sort of a matter.

  3          Q     I would ask him in the ordinary meaning of the word.

  4     We have no counterclaim.

  5               THE COURT: Sustained.

  6          Q     You misconfigured Sierra's DNS server to accept zone

  7     transfer requests from anywhere on the Internet?

  8          A     I think a misconfiguration would be an opinion.  I

  9     was not aware anything was being done incorrectly.

  10         Q     Have you changed Sierra's DNS server to not accept

  11    zone transfers from anywhere else on the Internet?

  12         A     We've changed our entire DNS structure.

  13              THE COURT: Excuse me.  You changed your what?

  14         A     Our entire DNS structure since this occurred.

  15         Q     Do you recall meeting with Officer Daniel Hansen of

  16    the Fargo Police Department on April 12, 2005?

  17         A     Yes.

  18         Q     And who else met with Officer Hansen?

  19         A     I believe Lesa, my boss, was present.  I don't

  20    recall specifically who was there.

  21         Q     Was Jerry Reynolds present?

  22         A     He may have been, I don't recall.

  23         Q     How about Miroslov Stoichev?

  24         A     Possibly.

  25         Q     Did you explain to Officer Hansen that David Ritz

                                                                   Page 19





1     had "exploited a vulnerability in Sierra Corporate Design's

2    security system on one of their servers"?

3         A        That sounds correct, yes.

4         Q        Which security system are you referring to, or were

5    you referring to, when you made that statement to Officer

6    Hansen?

7         A        It would be the ability to do zone transfers on the

8    DNS server.

9         Q        So, you weren't referring to a security system?  You

10   were referring to the configurations that you set, or failed to

11   set, on Sierra's DNS server?

12        A        The configurations on the DNS server, yes.

13        Q        But that's not a separate security system?

14        A        Not as such, no.

15        Q        That's just whether or not the server accepts

16   requests from the Internet at large, or from specific IP

17   addresses?

18        A        Yes.

19        Q        And did you refer to this vulnerability as "a hole"

20   in Sierra's security?

21        A        I may have.  I don't recall.

22        Q        Again, when you're referring to a security system or

23   this hole, you're referring to this configuration on the DNS

24   server that allowed anyone in the world to make a zone transfer

25   request and receive a copy of the lookup table?

                                                                Page 20





1         A        I was referring to the DNS' ability to run zone

2    transfers, yes.

3         Q        So, which one is it?  Which one of your statements

4    is correct?  Was it that the DNS server, on February 27, 2005,

5    was improperly configured?  Or that David Ritz somehow

6    circumvented a security system on the DNS server?

7         A        He exploited our -- the fact that we had the DNS

8    server configured to allow zone transfers.  He exploited that

9    to obtain the information that he did.

10        Q        If you leave your shades up at home, and someone

11   looks in and see you, are they a peeping Tom?

12        A        I wouldn't welcome it.

13        Q        Okay.  But if you leave the shades up --

14        A        If I leave my car window down and somebody steals my

15   wallet out of my car, I don't welcome that either.

16        Q        Well, we'll get to that.  A zone transfer, though,

17   it's not a secret command?  It's not some sort of back door,

18   hidden, flaw in a DNS server's system software, is it?

19        A        No, but it is intended for the system's own

20   administrators to use.

21        Q        You've previously testified that the default setting

22   doesn't require a password, is that correct?

23        A        That's correct.

24        Q        Does it require that you make the request from a

25   specific IP address?

                                                                  Page 21





1         A     Our server was not configured to require that.

2         Q     Your servers don't log the IP address of the people

3    making the request, however tens or hundreds or thousands of

4    them there are?

5         A     It was not configured to, no.

6         Q     Does a zone transfer change any of the information

7    on the DNS server?

8         A     No, I don't think so.

9         Q     Does it delete anything off of the DNS server?

10        A     No.

11        Q     Does it alter anything on the DNS server?

12        A     No.

13        Q     Does it, in any way, interfere with Sierra Corporate

14   Design's ability to use its DNS server?

15        A     No.

16        Q     Okay.  And as the network administrator for Sierra,

17   it's part of your job to know what a zone transfer request is?

18        A     Yes.

19        Q     So, when you stated on May 17, 2005 that David Ritz

20   accessed our company DNS server software without authorization,

21   what you meant is that he made DNS lookup requests and zone

22   transfer requests from a remote computer, that your DNS server

23   answered as a routine matter of course?

24             MR. HARRISTHAL: Objection, multiple.

25             THE COURT: Mr. Wallace, let's break that up a little

                                                              Page 22





1     bit.  If not for the witness' benefit, for mine.

2         Q       On May 17, when you stated that David Ritz accessed

3    our company DNS server software without authorization, what you

4    meant was, that he made a DNS lookup requests that your server

5    answered as a routine matter of course?

6         A       The server answered them, yes.  But I would say he

7    was not authorized.

8         Q       But he did not log into your server to make those

9    requests?

10        A       There was no log in required.

11        Q       There was no log in required.  And for a DNS lookup

12   or a zone transfer, from a remote computer to a DNS server, is

13   there ever a log in required?

14        A       Not to my knowledge, but not in my experience.

15        Q       So, when you do DNS zone transfers between Sierra's

16   own two DNS servers, you don't log in to the server that you're

17   sending the request to?

18        A       No.

19        Q       So, on May 17, when you stated that David Ritz took

20   possession of and retained private company network information

21   he obtained from our DNS servers, what you meant was that, he

22   sent a zone transfer request and received the response that

23   your server was configured to respond with?

24        A       He received information that was well in excess of

25   what anyone would normally achieve or receive that would be

                                                                 Page 23





1     doing a standard type of DNS lookup.

2         Q     But he received the same information that anyone who

3    sent a zone transfer request to Sierra's DNS server on that day

4    would have received?

5         A     Probably so.  But I don't know why anyone would have

6    wanted to do a zone transfer.  I can't think of any legitimate

7    reason whatsoever.

8         Q     And that information that he received, that's

9    information that you previously testified you and other people

10   that work in network administration at Sierra Corporate Design,

11   you put on that DNS server?

12        A     Yes.

13        Q     You populated the lookup table?

14        A     Yes.

15        Q     And was any part of that lookup table restricted in

16   any way, in any formal way, to the public?

17        A     Unfortunately, no.

18        Q     You also stated, on May 17, that Sierra has suffered

19   damages due to Mr. Ritz's obtaining this information.  What

20   damages has Sierra suffered as a result of Mr. Ritz's zone

21   transfer request, which your server accepted and responded

22   normally to?

23             MR. HARRISTHAL: Objection, relevance, Your Honor.  I

24   can construct a theory of why it is relevant to the case as a

25   whole, certainly.  And I guess I don't mind some discussion of

                                                               Page 24





1     this topic, but I hope we're not going to have to put on our

2    entire damages case, here.

3                THE COURT: Well, I hope not as well.  But isn't one

4    of the issues on this cyber-trespassing and those cases that

5    are evolving out of that, as to whether or not damage had

6    occurred?  There was some inquiry into that?

7                MR. HARRISTHAL: Actually, no.  All we have to show is

8    that they were interfered with.  But as long as we're not going

9    to have to go into this with a great deal of depth, I don't

10   really object.  I just don't want the witness to open the door

11   to us having to now put in all of our evidence of damages.

12               THE COURT: All right.  Really brief then, Mr.

13   Wallace.

14               MR. WALLACE: And Your Honor, I'm not asking Mr.

15   Allison to testify to the exact scope of the damages.  The

16   category of damages or the general type of damages that they

17   have suffered as a result of this would be a sufficient answer

18   for me.

19                         CONTINUED CROSS EXAMINATION

20   BY MR. WALLACE:

21        Q       So, how has Sierra been harmed by Mr. Ritz's

22   obtaining this response that your server was configured to

23   provide?

24        A       The information that Mr. Ritz obtained was

25   confidential and private.  And once somebody from the outside

                                                                  Page 25





1     had that information and published it, we no longer felt safe

2    using that same information any longer.  So we had to take

3    steps to re-secure our network so that information was no

4    longer valid.

5         Q      And how did you learn that Mr. Ritz had received

6    this information?

7         A      I believe somebody found it on his website.

8         Q      So you found out about Mr. Ritz's zone transfer

9    command, because somebody found his website.  But you have no

10   idea how many other zone transfers had taken place on Sierra's

11   servers?

12        A      I don't have any evidence that there were any, but

13   once again, I have no reason to believe that anyone else would

14   have done a zone transfer.  I certainly never would.

15        Q      But you stated that you have no reason to believe

16   that Mr. Ritz had a reason to do a zone transfer?

17        A      I don't know any legitimate reason why he did it to

18   this day.

19        Q      You have also previously testified you are not

20   familiar with what port 25 on your e-mail server is used for?

21   And when I say your e-mail server, I'm referring to the server

22   named mail.jam.net.  Is that correct?  You testified that

23   you're not familiar with what port 25 is used for?

24        A      I don't know specifically, no.

25        Q      And you have not learned since the last hearing what

                                                               Page 26





1     port 25 is used for?

2         A      I have a suspicion, but I don't know specifically.

3         Q      Prior to February 27, 2005, did mail.jam.net require

4    any log in ID or password for connecting to port 25?

5         A      It would certainly require a password to get any

6    sort of information.  You would have to log in to do standard

7    mail commands.

8         Q      Do mail servers that use port 25 log in to Sierra's,

9    do they require a log in ID or a password in order to access

10   port 25?

11        A      I don't know.

12        Q      You've reviewed the information on Mr. Ritz's

13   website, on the basis for the criminal complaint, is that

14   correct?

15        A      Yes.

16        Q      And would you agree that, it appears to be, a log of

17   his activities during one session, including his telnet to

18   port 25 of your mail server?

19        A      That's correct.  That's what it appeared to be.

20        Q      And it included the automatic connection information

21   that the server provided?  May I approach him and hand him --

22              THE COURT: Yes, you may.

23        Q      This was Exhibit #2 to Ms. Donarski's rebuttal

24   Affidavit for this hearing, or the previous half of this

25   hearing.  And I'd like you to go to what is Bates stamped as

                                                               Page 27





1     page 49.

2                MR. HARRISTHAL:   What page?

3         Q       49.

4         A       Is the stamp on the bottom?  The bottom right?

5         Q       The bottom right corner should be 000049.  And let

6    me ask you if you recognize this document, generally?

7         A       Yes, I believe I have seen it.

8         Q       And this appears to be a printout from a web browser

9    of Mr. Ritz's website?

10        A       It does.

11        Q       Is this a printout of his website that you provided

12   to the Fargo Police Department?

13        A       I believe so.

14        Q       I'm looking at the bottom of the page, there is a

15   block of five lines at the bottom, that starts with Jacobs and

16   the pound sign.  And then telnet mail.jam.net 25; date.  And do

17   you recognize what that line is?

18        A       Yes I do.

19        Q       And what is that?

20        A       It looks like he was telnetting into our mail

21   server on port 25.

22        Q       And below that, the line that starts with trying,

23   and then connected, and then escape character, and then 220, so

24   all the remaining lines on that page.  Are those all responses

25   from the mail server?

                                                                 Page 28





1          A    Yes, it appears so.

2          Q    Actually, let me correct that.  Trying is probably

3    Mr. Ritz's computer saying that it is trying to do the command

4    he just issued.  Connected is a confirmation that a connection

5    was established.

6              MR. HARRISTHAL: Objection, foundation.

7              THE COURT: He is asking him if he knows.  Overruled.

8    Can you answer the question?

9          A    Yes.  I see the commands Mr. Ritz sent and then the

10   responses from our server.

11             MR. HARRISTHAL: Your Honor, he is testifying that he

12   is reading the page.  He isn't testifying that he agrees with

13   the actual question.  There is no foundation laid that this

14   witness knows what those commands meant as Mr. Ritz was issuing

15   them through a telnet session.

16             THE COURT: He, I believe, has already testified that

17   he recognizes these as the papers that -- the information was

18   taken from Mr. Ritz's computer, and he has already looked at

19   it.

20             MR. HARRISTHAL: He did, Your Honor.  However, he has

21   not testified that he knows what these commands do.  That he is

22   now being questioned about.  He is simply being asked, this

23   command was issued, and he got this response.  And if we're

24   just talking about what is written on the page, you can read

25   that as well as I can, and we don't have any testimony that

                                                               Page 29





1     this witness knows what it means in terms of what was actually

2    divulged in response to those commands.

3              THE COURT: I understand.  Do you know that these

4    mean?

5         A     I am not a mail server administrator, so I'd be

6    speculating.

7              THE COURT: Okay.  Objection sustained.

8                        CONTINUED CROSS EXAMINATION

9    BY MR. WALLACE:

10        Q     Does your mail server run Eudora Internet Mail

11   Server version 3.2.1?

12        A     It did at the time.

13        Q     Are you familiar with the commands that can be

14   issued to a mail server running that particular version of mail

15   server software?

16        A     The only thing I know how to do is administer it

17   from the graphical interface, and access it using a standard

18   mail client.

19        Q     Does Sierra log connections to its mail server?  To

20   this mail server?

21        A     I don't know.  I don't administer the mail servers.

22        Q     Do you have any idea how many connections a day this

23   mail server was receiving on February 27, 2005?

24        A     No, I don't.

25        Q     Are you familiar at all with the hello command for

                                                              Page 30





1     mail servers?

2         A     No.

3         Q     Now, you just testified you're not a mail server

4    administrator, you're not familiar with any of these commands,

5    and you're not familiar with the, what I'm characterizing as

6    the automatic responses from the mail server responding to

7    these commands, is that correct?

8         A     That's right.

9         Q     But you were confident enough to provide a written

10   statement to the Fargo Police Department explaining in detail

11   what Mr. Ritz did with Sierra's mail server, is that correct?

12        A     Yes.

13        Q     So you did know when you made the statement to the

14   police, but you don't know now?

15        A     I had other people at my company that were helping

16   me to explain it, I imagine.

17        Q     And was it Lesa Kraft?

18        A     It may have been.  I don't recall.

19        Q     Okay.  Because I only see two names on this

20   statement you sent to the Police Department.  Yourself and Lesa

21   Kraft.

22        A     That may have been who was present at the time

23   questioning was done, but there would have been preparation.

24        Q     Your Honor, I'm looking at, it's Bates number nine

25   in the same exhibit.  It actually begins at Bates number eight,

                                                               Page 31





1     which is the fax cover sheet to Jim Shaw from Brad Allison,

2    where he lists the 12 things they believe Mr. Ritz did in

3    violation of North Dakota's computer fraud statute.  Including

4    nine, ten and eleven, which are specific allegations that Mr.

5    Ritz did things on the mail server that were actionable.  But

6    conveniently, he doesn't know anything about mail servers

7    today.

8                MR. HARRISTHAL: Well, objection, Your Honor. This is

9    harassing the witness, and it's something that is absolutely

10   unnecessary in the proceeding.  First of all, the letter is

11   signed by more than one person, which indicates that Mr.

12   Allison was undoubtedly the repository of some of the

13   information, but it could very well have come from others.

14               Additionally, there would be nothing inappropriate

15   about Mr. Allison providing information that he secured from

16   other persons within Sierra for purposes of making a criminal

17   complaint.  You don't have to have every witness in a case

18   swear out the complaint to attest to the illegal activities of

19   Mr. Ritz.  There would be nothing in appropriate about one or

20   two persons from the company making those representations.

21               And finally, just because Mr. Allison was able to

22   identify the fact that Mr. Ritz engaged in these telnet

23   sessions, again, does not mean that he knows what every command

24   means.  He knows that Mr. Ritz was not authorized to do these

25   things.  He can also testify that he has never seen anybody try

                                                               Page 32





1     to use a telnet session to do these things, because they are

2    so bizarre and unusual, which is why they didn't have the

3    security in place.

4              MR. WALLACE: Objection --

5              THE COURT: Hang on, Mr. Wallace.

6              MR. HARRISTHAL: Instead, he is being cross examined

7    on what each command means.  And he hasn't held himself out as

8    being familiar with those particular terms.  There is nothing

9    in appropriate, there is nothing convenient about it, it is

10   simply the witness's level of understanding in this particular

11   niche regarding mail servers.

12             MR. WALLACE: Your Honor, at the same time that Mr.

13   Allison is saying that he doesn't know or understand what is

14   happening in the telnet session, opposing counsel is

15   testifying, on behalf of Mr. Allison apparently, that Mr.

16   Allison can testify that what Mr. Ritz did is totally

17   unauthorized and out of the ordinary and strange.

18             Well, if he doesn't know what is being done, I don't

19   see how he can testify whether it is ordinary, strange, legal,

20   illegal or not.  I mean, I think that -- and I think that the

21   point of my asking him these questions is to show that he

22   doesn't know, and he's not competent to testify as to some of

23   these facts, that he has previously made some fairly certain

24   and damning statements about.

25             THE COURT: Well, as Mr. Harristhal said, making those

                                                              Page 33





1     complaints to the police doesn't mean that he has to have the

2    exact knowledge of all of that, or that he could have

3    summarized information that he got from someone else.  I

4    understand why you are asking these questions.  I would ask a

5    little less editorializing here on the witness.  You're kind of

6    going far afield with some of this stuff, so if you said you

7    had some narrow questions, let's keep it narrow.

8                MR. WALLACE: Your Honor, one last thing.  And that is

9    that, Mr. Allison is the witness that the Plaintiff has

10   provided.  And he is the witness they have provided to testify

11   about the things in his Affidavit.  They have also had an

12   opportunity to see the Affidavits, the direct testimony that we

13   submitted prior to the original hearing, and he is still the

14   only witness that they have chosen to send up to us.

15               So, there are allegations in the Complaint that I

16   believe are relevant.  There are statements that he has made

17   that I think he has contradicted himself on, which I believe

18   should go some ways to impeaching his credibility to testifying

19   on behalf of Sierra.  So, I just want to have that on the

20   record.  That Mr. Allison is all we have from the Plaintiff to

21   work with at this point, in this hearing.

22               THE COURT: Okay.  Let's keep it narrow.

23                         CONTINUED CROSS EXAMINATION

24   BY MR. WALLACE:

25        Q        Mr. Allison, you told Officer Hansen when he came to

                                                                Page 34





1     Sierra Corporate Design and met with you, you also told him in

2    your May 17 letter, that the e-mail addresses that Mr. Ritz

3    looked at when he connected to the mail server were private and

4    confidential e-mail addresses.  Is that correct?

5         A     Yes.

6         Q     Do you agree with that characterization that they

7    are private and confidential e-mail addresses?

8         A     Sure.  Some of them certainly are.

9         Q     Which ones of them are private and confidential?

10        A     These are jam.net addresses we're talking about?

11        Q     These are those addresses on page 50 of that

12   Exhibit.

13        A     Well --

14        Q     Well, first, let me ask you.  Are the addresses

15   listed on page 50, at the top, are those the addresses that you

16   have told the Fargo Police, and that the complaint identifies,

17   as private and confidential e-mail addresses,

18   postmaster@jam.net, jerry@jam.net and brad@jam.net?

19        A     It may well be.  I don't recall exactly what I said

20   on the complaint right now.  But those, I can tell you that I

21   consider my address brad@jam.net to be private.  I don't use it

22   publicly, I use it for private e-mail only.

23        Q     You use it for private e-mail only?

24        A     Um-hmm.

25        Q     Do you own a Saturn SL-1?  Or have you ever owned a

                                                                 Page 35





1     Saturn SL-1?

2         A        Yes I do.

3         Q        And you've never used that address publicly, in any

4    sort of way, in connection with your ownership of that

5    automobile?

6         A        Not that I recall.

7         Q        Are you a fan of the television show Dark Shadows?

8         A        No.

9         Q        Do you use the Usenet newsgroup?

10   Microsoft.public.win2000.active_directory?

11        A        I believe I have used that one.

12        Q        Have you ever posted to those Usenet newsgroups with

13   your brad@jam.net e-mail address?

14        A        Not intentionally.

15        Q        Not intentionally?

16        A        No.  I wouldn't want to get spam to it.

17        Q        Your Honor, I would like to introduce some rebuttal

18   exhibits at this point.

19             THE COURT: You mean impeachment?

20        Q        Yes, impeachment exhibits.

21             THE COURT: You can impeach him.  Do you want to mark

22   those?

23        Q        Yes.

24             THE CLERK: Defendant's Exhibits #1 through #3 are

25   marked.

                                                                  Page 36





1         Q        And is Exhibit #1 there a post that you made about a

2    rearview mirror on your car not staying in place, or responding

3    to somebody's query about a rearview mirror not staying in

4    place?

5         A        It appears to be, yes.

6         Q        Do you recall making that post to Usegroup?

7         A        Yeah, I guess I do have a vague memory of it now.

8         Q        Okay.  And we've heard all about newsgroups in this

9    hearing, in this case.  So, newsgroups go out, all over the

10   world, publicly accessible bulletin boards, read by tens,

11   hundreds of thousands, millions of people, perhaps?

12        A        Yes.

13        Q        Okay.  So you posted that post?

14        A        Apparently, yes.

15        Q        Publicly?

16        A        Yes.

17        Q        And let's look at #2.

18             THE COURT: Were you going to offer that Exhibit?

19        Q        Yes, I'm sorry.  I'll offer that Exhibit.

20             MR. HARRISTHAL: Which one is it?

21        Q        The Saturn mirror won't stay in position.

22             THE COURT: What number is it that you've marked?

23        Q        Exhibit #1.

24             THE COURT: All right.  You're offering Defense

25   Exhibit #1.  Any objection?

                                                                  Page 37





1                MR. HARRISTHAL: Well, Your Honor, as long as it's

2    understood that they are using rebuttal exhibits, we don't have

3    any objection.

4                THE COURT: Okay, this is used solely for impeachment

5    purposes.  To that extent, the Court will receive it.  And

6    then, just to kill the suspense here for me, is that the idea

7    that he used that address?

8         Q       It is redacted by Google in the actual printout,

9    Your Honor, but it was returned in a search for that e-mail

10   address.  And there are additional indicia that it was posted

11   by Mr. Allison, including the fact that it was posted through

12   newsfeeds.com, his employer.

13               MR. HARRISTHAL: Well, Your Honor, then I object that

14   this is not in for the purpose of impeachment.  If he posted it

15   to Google and Google redacts the information, then he wasn't

16   publishing the information.  Google hides it when he posts it,

17   so how does this suggest that he treated it or regarded it as

18   anything other than a private e-mail address?

19               MR. WALLACE: That's not correct, Your Honor.

20               THE COURT: Well, you can ask him that question, all

21   right?

22                        CONTINUED CROSS EXAMINATION

23   BY MR. WALLACE:

24        Q       I'll ask him the question.  When you posted that

25   post on the Saturn, mirror won't stay positioned post, you

                                                                Page 38





1     didn't post that to Google's news server, did you?

2          A     Based on the posting footer, it appears that I

3    posted it through Newsfeeds.

4          Q     And Newsfeeds is owned by Sierra Corporate Designs,

5    is that correct?

6          A     Yes it is.

7          Q     And does Newsfeeds redact the e-mail address of

8    people posting to newsgroups?

9          A     I don't understand that word.

10         Q     Does it obscure or hide the e-mail address of people

11   posting to newsgroups?

12         A     No.  Not if they choose to put it in there.

13         Q     All right.  Well, I'll turn you to Plaintiff's [sic]

14   Exhibit #2, recycling of actors.  And do you recognize that

15   newsgroup post?

16         A     I recognize it, but I honestly don't remember

17   posting this.  It appears that I posted it, but it's news to

18   me.

19         Q     Is it representative of something you would have

20   posted?

21         A     No, I don't think so.

22         Q     Okay, well, then I'll disregard it.  And we'll go to

23   #3 then.  I will not offer #2.  This one is entitled, the

24   network location cannot be reached.  And did you make these

25   posts?

                                                                 Page 39





1         A       This one I do recognize and I believe I did post

2    this, yes.

3         Q       Well, I will offer that one as well, Your Honor.

4              MR. HARRISTHAL: No objection.

5              THE COURT: All right.  With the same limitation,

6    Exhibit #3 is received.

7         Q       All right.  You testified previously that you were

8    one of the persons responsible for registering domain names for

9    Sierra Corporate Design?

10        A       Yes I am.

11        Q       But you could not recall specifically for individual

12   domains, whether you registered them or not?

13        A       That's right.

14        Q       And is jerry@jam.net another one of those e-mail

15   addresses that you have stated was private and confidential?

16        A       Yes.

17        Q       And had you used the e-mail address jerry@jam.net as

18   a contact address for registering domain names?

19        A       No, not that I recall.

20        Q       Has Sierra Corporate Design used the e-mail address

21   jerry@jam.net to register?

22        A       Not to my knowledge, no.

23        Q       I would like you to look again at the first Exhibit

24   I handed you today, the police report.

25        A       Okay.

                                                               Page 40





1         Q     And look at page number, Bates stamp 55.  And I'm

2    looking at, there is a line, a little under halfway down,

3    glimmer# j whois.usenetportal.com.

4         A     Okay.

5         Q     And below that, and continuing onto the next page,

6    does that appear to the be the whois record for the domain

7    usenetportal.com?

8              MR. HARRISTHAL: Objection, foundation and

9    speculation.

10             THE COURT: Well, backup and lay some foundation.

11        Q     You previously testified that you are familiar with

12   whois records maintained by domain name registrars?

13        A     Yes I am.

14        Q     And whois records are the contact information for

15   various parties that have some ownership or control rights with

16   an Internet domain name, is that correct?

17        A     Yes.

18        Q     And when a new domain name is registered, or it is

19   re-registered, the registrant, the person making the

20   registration, specifies the contact information for those

21   fields in the whois record, is that correct?

22        A     I believe that is correct.

23        Q     And you previously testified that you have

24   registered domain names on behalf of Sierra Corporate Design

25   with Network Solutions of Virginia?

                                                               Page 41





1         A       Yes I have.

2         Q       And as part of that, you have filled out their form

3    to specify various contact information for the domain names

4    that you've registered?

5         A       Yes.

6         Q       And for some of those domains, you've had them

7    registered anonymously?

8         A       Yes.

9         Q       And for some of them you have had them registered

10   non-anonymously?

11        A       Correct.

12        Q       And you've previously testified that Sierra

13   Corporate Design owns the domain Usenetportal.com?

14        A       Yes it does.

15        Q       But you don't recall if you registered it or not?

16        A       Not specifically.

17        Q       And you've seen whois records before?

18        A       Yes I have.

19        Q       Does this appear to be a whois record?

20             MR. HARRISTHAL: Objection, relevance.  Whether it

21   appears to be isn't the issue.  If it is, that would mean

22   something.  So it would be fair to ask the question if this is

23   the whois record, but there is no indication that this witness

24   had anything to do with creating that record.  And whether he

25   thinks it looks like one or not, is irrelevant.

                                                                Page 42





1               THE COURT: Overruled.  You can answer.

2         A       The question was, does it appear to be a whois

3    record?

4         Q       Does it appear to be a whois record?

5         A       Yes it does.

6         Q       And this printout from Mr. Ritz's website, this was

7    provided to the Fargo Police to support your claims that he

8    committed the crimes of computer fraud in North Dakota,

9    correct?

10        A       Yes it is.

11        Q       So, if the information in here wasn't accurate, if

12   it didn't accurately reflect Sierra Corporate Design's computer

13   network, if Mr. Ritz's website was concocted, there wouldn't be

14   any injury to Sierra Corporate Design, would there?

15              MR. HARRISTHAL: Objection, over broad.  There is,

16   like, 50 pages in there.  Some of the information may be

17   accurate, and some of it not.

18              THE COURT: Sustained on that basis.

19        Q       But you did testify that this does appear to be the

20   whois record for Usenetportal.com?

21              MR. HARRISTHAL: Objection.  That mischaracterizes his

22   testimony.

23              THE COURT: All right.  We'll sustain that.

24        Q       In this portion of the document that you submitted

25   to the Fargo Police Department, is the e-mail address

                                                               Page 43





1     jerry@jam.net associated with what appears to be the

2    administrative contact information for the Usenetportal.com

3    domain?

4         A       Based on this printout, it appears that it is.

5         Q       And do you know if you have ever registered a domain

6    where you specified jerry@jam.net as an e-mail contact point

7    for any domain?

8         A       I don't recall ever doing that.

9         Q       Do you know if any other Sierra Corporate Design

10   employee had ever used that e-mail address as a contact e-mail

11   for a domain registration?

12        A       No I don't.

13        Q       Would it be unusual for a Sierra Corporate Design

14   employee to have specified that e-mail address as a contact e-

15   ail address?

16        A       Unusual.  I would not have done that, I can tell you

17   that much.  I don't know if other people would consider it

18   unusual, but I would not have.

19        Q       Is it possible that somebody could have done it?

20        A       Sure.  You can put any address you want in there.

21        Q       Is the e-mail address, postmaster@jam.net, another

22   one of the confidential or private e-mail addresses that Mr.

23   Ritz discovered and revealed?

24        A       Yes, it appears so.

25        Q       You've previously testified that you're not a mail

                                                               Page 44





1     server administrator.  Isn't postmaster a standard e-mail for

2    all mail servers?

3         A      On our server it was there.  I don't know about

4    other mail servers.

5         Q      So you know it was there.  Do you know what it was

6    used for?

7         A      Not specifically, no.

8         Q      Sierra has alleged in the complaint that anyone

9    seeking to send unsolicited commercial e-mail could use those

10   e-mail addresses published by Ritz for that purpose, is that

11   correct?

12        A      Yes.

13        Q      And do you know if either of those addresses has

14   received any spam e-mail?

15        A      I know mine has.

16        Q      And do you know -- had you received it prior to

17   February 27, 2005?

18        A      Certainly, I'm sure.  I get spam every day.

19        Q      So your e-mail address was known to people sending

20   spam prior to February 27, 2005?

21        A      Apparently so.

22        Q      In the First Amended Complaint, Sierra alleges that

23   Ed Falk assisted in the publication of Sierra's private

24   computer system information.  Do you agree with that statement?

25        A      He assisted in publishing it?  Yes.  I believe so.

                                                                 Page 45





1         Q       And the First Amended Complaint, at paragraph 39 is

2    where I'm looking, Your Honor.  The allegation is based on Mr.

3    Falk's posting on Usenet, referring to another post on Usenet,

4    referring to Mr. Ritz's website.  Is that correct?

5         A       In the context of him assisting, publishing it, Mr.

6    Falk linked to Mr. Ritz's webpage, thus making it more

7    available.

8         Q       You're testifying that Mr. Falk posted a link

9    directly to Mr. Ritz's website?

10        A       I believe that's correct.

11        Q       I understand from your previous testimony that you

12   did not assist in the preparation of the Complaint.  The

13   Complaint does state that Falk posted a link to Ritz's

14   announcement on Usenet where the domain information was

15   published by Ritz.  So, do you have any evidence that Mr. Falk

16   made a post specifically linking to Mr. Ritz's website?

17        A       So, you're asking me if I've seen a post from Mr.

18   Falk -- I'm sorry.  Can you re-ask the question?

19        Q       Have you seen anything from Mr. Falk linking, any

20   post by Mr. Falk on Usenet, linking directly to Mr. Ritz's

21   website?

22        A       Not that I recall right now, no.

23        Q       Because the Complaint states -- do you agree with

24   this statement?  Mr. Falk posted a link to Ritz's announcement

25   on Usenet where Sierra's private domain information was

                                                               Page 46





  1        published by Ritz.

  2            A      That I believe is correct.

  3            Q      Okay.  So, has Mr. Falk ever put this information up

  4       on his website?

  5            A      He had some information on there, whois records and

  6       so forth, I believe.

  7            Q      But we're not here about whois records.  We're here

  8       about what you claim Mr. Ritz got on February 27, 2005 when he

  9       issued these commands, or these requests, and you -- this

  10      document you provided to the Fargo Police Department.

  11           A      I seem to recall that he had put a link to Mr.

  12      Ritz's website on his own website, with this information.

  13           Q      So he referred to Mr. Ritz's website?

  14           A      I believe so.

  15           Q      Do you agree with the statement from the Complaint

  16      that Falk copied data from Sierra's computers and computer

  17      system?  That's paragraph 40 of the Complaint.

  18           A      That Falk copied data.  I believe it was Ritz that

  19      did the copying of the data personally.

  20           Q      Paragraph 41, Sierra has alleged that Falk took

  21      possession of data from Sierra's computers and computer system.

  22      Do you agree with that statement?

  23           A      I believe he saw the information, and that's when he

  24      posted the link to his website, I believe.

  25           Q      So you believe he saw it.  Do you believe he took

                                                                    Page 47





1     it?

2           A   If he looked at it on his web browser, it's cashed

3    in his computer.

4           Q   Okay.  So anything you look at on your web browser,

5    you've taken.

6           A   Yeah, until you clear your cash.  I believe so.

7           Q   Well, once you clear your cash, you've still taken

8    it, haven't you?

9           A   Yeah.

10          Q   Under that reasoning?

11          A   Yep, it's just not there anymore.

12          Q   And you are a network administrator, you're familiar

13   with the cash on a web browser and how it operates?

14          A   To some extent.

15          Q   Is there any intent by a person viewing a website to

16   necessarily save anything, or take anything from a website?

17          A   It behaves pretty much the same way regardless of

18   what website you visit.  It doesn't have preferential cashing

19   over one site versus another.

20          Q   It's an automatic function of the browser?

21          A   Yes.

22          Q   The user doesn't tell the browser specifically to

23   cash what I'm looking at right now?

24          A   I don't believe so, no.

25          Q   In paragraph 42, Sierra alleges that Falk disclosed

                                                              Page 48





1     data from Sierra's computers and computer systems.  Do you

2    agree with that statement?

3         A     Yes.

4         Q     And is your basis for that statement that Falk

5    posted a reference to Mr. Ritz's website?

6         A     Yes.

7         Q     So, what your claim is, Mr. Ritz disclosed the data,

8    and Mr. Falk --

9         A     Aided in disclosing it.

10        Q     -- disclosed that Mr. Ritz had disclosed the data?

11        A     He made the data more -- putting a link is as good

12   as posting it.  You just have to make one click and you're

13   there.

14        Q     Have you ever told anybody that's not a Sierra

15   Corporate Design employee that David Ritz has posted this

16   information on the Internet?

17             MR. HARRISTHAL: Objection to the extent it calls for

18   attorney/client privilege.  I assume that is not the intention.

19        Q     Have you told anybody other than your attorney that

20   Mr. Ritz posted this information on a website?

21        A     Probably the police in the report.

22        Q     You didn't tell a family member or friend, or

23   anything like that?

24        A     Not that I recall, no.

25        Q     Has any Sierra Corporate Design employee told anyone

                                                              Page 49





  1     else, outside of Sierra Corporate Design and their counsel,

  2    that Mr. Ritz published this information on a website?

  3            A    Not to my knowledge.

  4            Q    But if they had, they would have published it as

  5    well, because they had referred to Mr. Ritz's website?

  6                MR. HARRISTHAL: Objection, speculation and form.

  7                THE COURT: Overruled.  Can you answer that?

  8            A    Can you ask the question again?

  9            Q    If anyone had told someone else about, if any Sierra

  10   Corporate Design employee had told anyone other than their

  11   attorney, about Mr. Ritz's publication on the website, that

  12   would be publication of the information?

  13               MR. HARRISTHAL: Objection, Your Honor.  He is

  14   mischaracterizing his testimony.  The witness testified that a

  15   link being put up and a click being the additional publication.

  16   Now we're talking about something entirely different with word

  17   of mouth, giving a narrative that somebody named Ritz published

  18   something somewhere.  It has nothing to do with the same topic,

  19   and he is mischaracterizing his testimony.

  20               THE COURT: Well, I have to agree as far as the

  21   terminology you are using, as far as having told or

  22   disseminated that information somehow.  And also, I don't

  23   believe this witness is necessarily, we haven't put any

  24   foundation that he is qualified to tell what a publication is.

  25   He has told us about linking and clicking and whatever, but as

                                                                    Page 50





1     far as publication and the legal terms, I don't think he has

2    demonstrated he is qualified to tell us what that is.

3         Q        I'll move on, Your Honor.  Has Mr. Falk ever

4    published a website, or sent an e-mail, that contained the

5    information in the Exhibit, that you provided to the Fargo

6    Police Department?

7         A        He linked to the information Mr. Ritz had on his

8    website.

9         Q        Can you direct the witness to answer the question?

10              MR. HARRISTHAL: Well, I think the Court can do that.

11        Q        I'm going to request that the witness answer the

12   question, Your Honor.

13              THE COURT: All right.  Specifically, Mr. Wallace, why

14   don't you ask that question again, and going back to the other

15   objection as to form on there, it was a little hard to

16   understand.

17        Q        Okay.  Has Mr. Falk ever, do you have any evidence

18   that Mr. Falk ever communicated the information that you

19   submitted to the Fargo Police Department, obtained from Mr.

20   Ritz's website, that Mr. Falk has communicated that information

21   to any other person?

22        A        The only, I mean, he put it on his website.

23   Hundreds of thousands of people could have seen it.  I don't

24   have direct evidence that anybody did.

25        Q        Who put it on his website?

                                                                    Page 51





1           A        Falk must have put it there, I would imagine.

2           Q        Falk put --

3           A        The link.

4           Q        Okay.  Falk put a link on his website, or Falk put

5    the information on his website?

6           A        He put the link to the information.

7           Q        He put a link.  He did not put the information?

8           A        Correct.

9                  MR. WALLACE:    Thank you.  I'm done with my cross

10   examination, Your Honor.

11                 THE COURT: All right.  We need to take a break right

12   now.  Let's take about a 15 minute break here, and we'll

13   continue then with some more direct examination.  We're in

14   recess for 15 minutes.

15                 MS. DONARSKI: Thank you.

16                 (Recess)

17                 THE COURT:    09-05-C-01660, Mr. Harristhal, you may

18   ask some redirect.

19                 MR. HARRISTHAL:    Thank you, Your Honor.

20                               REDIRECT EXAMINATION

21   BY MR. HARRISTHAL:

22          Q        Generally speaking, Mr. Allison, what is a DNS

23   server?

24          A        It's a server that translates between friendly --

25   human friendly computer host names and their associated IP

                                                                    Page 52





1     addresses.

2         Q        Do you agree with the proposition that Mr. Levine

3    wrote in his book Internet Secrets, that first of all, DNS is

4    almost never used by users directly, it is instead used in an

5    indirect manner through applications?

6                MR. WALLACE:    Objection, Your Honor.  Form of the

7    question.  He's having his own witness and Mr. Harristhal is

8    providing a leading question.

9                THE COURT:   Overruled.

10        A        I would agree with that.  It's usually not done by

11   direct access.

12        Q        Do you also agree with Mr. Levine's statement, Page

13   83 of Internet Secrets, "That unless there is some form of

14   security restriction to prevent this transfer, and of course,

15   there can be, the remote name server hands over the zone

16   information from its name space" when doing zone transfers?

17        A        Yes, that's right.

18        Q        And if I understood what you said earlier, you

19   didn't have that kind of a security restriction to prevent the

20   transfer on Sierra's server; is that right?

21        A        We did not.  No.

22        Q        Was that intentional?

23        A        No.

24        Q        Did you fix it when you found out about this

25   opportunity that Mr. Ritz exploited?

                                                                  Page 53





1         A       Yes, we did.

2         Q       Had you had a chance to read Mr. Levine's book or

3    had you read Mr. Levine's book about that subject of zone

4    transfers before Mr. Ritz broke in -- before Mr. Ritz

5    transferred the data?

6         A       No.

7         Q       What is the best way to keep your local server safe

8    from unwanted Internet intruders?

9         A       Probably keep it separated somehow from the public

10   Internet.

11        Q       Do you know whether any witnesses in this case agree

12   with that proposition?

13        A       I believe it was stated in Mr. Levine's book.

14        Q       And do you maintain separate servers?

15               MR. WALLACE:    Objection, Your Honor, the witness is

16   providing hearsay testimony.  What Mr. Levine's book -- Mr.

17   Levine's book is not in the record and Mr. Allison is

18   testifying to what is said in this book is -- number one, it's

19   hearsay, number two, it's irrelevant.

20               THE COURT:   Well, I suppose we could use the learned-

21   reatise exception and go through the steps if we wanted to, but

22   let's just make it a little bit shorter here.  Overruled.

23        Q       Would you also agree with Mr. Levine, Page 744,

24   that, "It is not uncommon for your webmaster to make an

25   unintentional mistake, which could contribute to security

                                                                Page 54





1     problems on your server?"

2         A        I would definitely agree to that.

3         Q        And again, do those mistakes mean that you did not

4    want the information kept confidential?

5         A        Not at all.

6         Q        And then would you agree with Mr. Levine, the first

7    page of Chapter 34, "just as you wouldn't want a client

8    searching through your file cabinet, you wouldn't want visitors

9    to your website to view confidential information that is stored

10   on your local system?"

11        A        That's right.

12        Q        You were asked some questions earlier about the harm

13   to Sierra from what Mr. Ritz did and what Mr. Falk did.  Why do

14   you care about a compromise in DNS security?

15        A        Because it's generally accepted that if you've got

16    -- the DNS information is the first step in -- it's basically

17   like having a map of your network, so it's, you know, it's the

18   initial -- it's the initial thing a hacker might try to get to

19   take other steps to hack your network.  It's the first piece to

20   the puzzle.

21        Q        And what is your understanding as to whether DNS

22   professionals view zone transfers as security risks?

23        A        I've read that it is now -- I've now read that it's

24   considered to be a security risk.

25        Q        And what is your understanding as to the reason why

                                                                Page 55





  1        it is a security risk?

  2            A      Because, like I said, you can -- if a zone transfer

  3       successfully accomplished, it could give a potential hacker a

  4       map of the network virtually.  All of its house names, all of

  5       its IP addresses.

  6            Q      Mr. Levine's affidavit is already submitted to the

  7       Court.  Paragraph 45 reads, "DNS servers can be private servers

  8       that function only for an isolated network of computers and

  9       provides services for names and addresses that are unique

  10      solely for that network.  However, many DNS servers are public.

  11      DNS servers that are connected directly to the Internet."     Did

  12      Sierra maintain private information on its server?

  13           A      Yes.

  14           Q      And a zone transfer, again, just to break it down, a

  15      zone transfer did what?  What is a zone transfer?

  16           A      It's where you request or a DNS server, usually,

  17      requests a copy of an entire zone from another DNS server,

  18      meaning all of its host names and IP addresses.

  19           Q      Why do you use them?  Why is the server set up to

  20      allow that to happen?  What is its purpose?

  21           A      If I'm going to say, put a second DNS server on

  22      line, then I want to fill the same function as the first one

  23      for load balancing or redundancy, I would want the second one

  24      to have a complete copy of what the first one has so that I can

  25      do the same job.

                                                                     Page 56





  1         Q     What do you mean redundancy?

  2         A     Meaning if the first server went off line, we would

  3    be able to use the second server in its place.

  4         Q     How many times have you done a zone transfer in your

  5     - what? - ten years with Sierra as the administrator?

  6         A     Maybe five to ten.

  7         Q     During that time, how many times have you run a zone

  8    transfer on anybody's server other than your own?

  9         A     Never.

  10        Q     And other than what Mr. Ritz did, how often have you

  11   heard of anybody running a zone transfer on Sierra's servers

  12   other than someone affiliated with Sierra?

  13        A     I'm not aware of anyone else ever doing it besides

  14   Ritz.

  15        Q     I'm going to go to Exhibit 2 that was attached to

  16   Ms. Donarski's affidavit.  I'm going to turn starting with

  17   Bates Page 16, and I -- there are dozens of pages thereafter

  18   that contain names and numbers; is that a fair statement?

  19        A     Yes.

  20        Q     What do you call these names and numbers?  For

  21   example, on Page 16 on the bottom half.  What do you call those

  22   names and numbers?

  23        A     The first part before the dot is the computer host

  24   name and the second part is the domain name it's on.

  25        Q     And what about the numbers?

                                                                Page 57





1         A      The number is its IP address.  Physical address on

2    the Internet.

3         Q      Now break that up for a moment or step back for just

4    a moment.  With regard to a domain name, now these are -- are

5    these all domain names or are these something else?

6         A      These are complete host names -- yeah, these are

7    complete computer host names.

8         Q      So it's more than a domain name, correct?

9         A      Yes.

10        Q      Now -- okay, I don't want you to look at the

11   document for a moment.  I just want you to look at me.

12        A      Okay.

13        Q      Is there a way, if you have the domain name, is

14   there a way to get the IP address?

15        A      The IP address of a specific host?

16        Q      Of that domain.  If you have the domain name, is

17   there a way to get the IP address?

18        A      If all you have is the domain name?

19        Q      Yes.

20        A      I think if you did a lookup on that you'd get the

21   start of authority record, but that's not -- I'm not certain.

22        Q      Well, let's suppose that you have the IP address.

23   If you have the IP address, can you get from that the domain

24   name?

25        A      If reversed DNS is enabled for that IP address, you

                                                                Page 58





1     could.

2         Q       Well, then let's suppose that you were going to run

3    an IP lookup or a DNS lookup or a reverse lookup, what are

4    those?

5         A       A reverse lookup is where you have an IP address and

6    you do what's called an NS lookup command to say what host name

7    is associated with this IP address.

8         Q       Now do you know of -- withdrawn.  And if you know

9    either the domain name or the IP address with those lookups or

10   reverse lookups, can you at least sometimes get the other one?

11        A       Yes.

12        Q       What if you don't know either one; do you know a way

13   to get them both?

14        A       No.

15        Q       Now when Ritz -- Mr. Ritz did his zone transfer, did

16   he get both?

17        A       Yes, he did.

18        Q       Now I'm not going to ask you about domain names

19   right now.  Now I'm going to go back to the exhibit, okay?  And

20   I'm going to ask you about host names.  We have host names in

21   there and numbers, correct?

22        A       Yes.

23        Q       Tell me what is the host name -- what is a host

24   name?

25        A       It's a friendly computer name that refers to a

                                                               Page 59





1     specific machine on your network.

2         Q       Is it registered anywhere?

3         A       No.

4         Q       How about its address.  Is its address registered

5    anywhere?

6         A       No.

7         Q       Did Sierra publish its host names anywhere?

8         A       No.

9         Q       Did Sierra publish the addresses of the host names?

10        A       No.  Are you referring -- I better clarify there.

11   Are you referring to -- which domain are you referring to when

12   you ask that question?

13        Q       Actually, I was asking you about host names.

14        A       Okay.

15        Q       Generally speaking, are the host names that appear

16   in there published by Sierra anywhere?

17        A       The majority of them are not.  A small percentage

18   are used publicly by our customers.

19        Q       Now you were asked some questions -- you were also

20   asked some questions about Sierra's complaint -- amended

21   complaint.

22               MR. HARRISTHAL:    Which, Your Honor, appears in Tab 21

23   of our supplemental exhibits, but as a matter of procedure, it

24   is apart of this case already.

25        Q       I'm going to turn you to Paragraph 14 of the

                                                                 Page 60





1     complaint.  Well, I can just read it to you.  Paragraph 14 of

2    the Amended Complaint reads, "Without authorization, Ritz

3    intentionally took possession of, copied and then published

4    private domain name/IP address/company information,

5    specifically publishing "sql-midcoast.sierracorporatedesign.com

6    has address 10.1.202.3."      Now the first part of that sql-

7    midcoast-sierracorporatedesign.com, what is that?

8         A        That's a computer host name of one of the servers on

9    our network.

10        Q        Is it published anywhere by Sierra?

11        A        No.

12        Q        Is it registered anywhere by Sierra?

13        A        No.

14        Q        What is it?  What is that host name for?

15        A        That is our main sequel database server containing

16   our customer's information?

17        Q        It is now?

18        A        It was then, yes.

19        Q        Why isn't it now?

20        A        We changed the computer's name after the incursion.

21        Q        How about that address that appears on there,

22   10.1.202.3, was that published by Sierra anywhere?

23        A        No.

24        Q        And is it currently used with that host name?

25        A        No.

                                                                  Page 61





1         Q     Why?

2         A     Because we -- after the incursion, we renamed and

3    renumbered our entire network.

4         Q     And was this address sql-

5    idcoast.sierracorporatedesign.com available on those materials

6    attached to Ms. Donarski's affidavit?

7         A     Yes, it was.

8         Q     On the bottom of that -- on most of those pages, it

9    indicates the address of where that address was found, correct?

10        A     Yes, it does.

11             MR. HARRISTHAL:   Your Honor, just for ease of

12   reference, I'm going to refer to that as the zilla queries file

13   because those words appear in the address at the bottom.

14        Q     Does the zilla queries file contain the

15   sql.midcoast.sierracorporatedesign.com host name?

16        A     Yes, it does.

17        Q     So Mr. Ritz revealed it on his materials that he

18   published; is that correct?

19        A     Yes.

20        Q     And this is what Mr. Falk linked to was that same

21   information, correct?

22        A     Yes.

23        Q     These addresses that appear on the zilla queries

24   file in the segment that I've been focusing you on, are those

25   addresses routable?

                                                                Page 62





1         A        The majority of them are not.  Although some are.

2         Q        What does that mean, routable versus not routable?

3         A        A nonroutable address would only function within the

4    network -- the local network in which it was designed to

5    function.  It can't go out to the -- it can't go beyond your

6    local network, so if you are outside the network and you were

7    to try to go to one of those nonroutable IP addresses, it would

8    not work.

9         Q        So what legitimate reason is there for someone

10   outside the network to have it?

11        A        None.

12        Q        And if you put all those nonroutable addresses,

13   along with the routable addresses, in one location, what would

14   you call that?

15        A        It's like a network map or a DNS table.

16               THE COURT:     What was that again, please?

17        A        A network map or a DNS table.

18        Q        And why does Sierra care -- well, does Sierra --

19   withdrawn.  Does Sierra care about having that network map made

20   public?

21        A        Certainly.

22        Q        Why?

23        A        Because it's valuable information to a potential

24   hacker.  If somebody were to make it in pass our firewall, for

25   example, some of these names are descriptive as to what's on

                                                                 Page 63





1     those machines.  It's like giving you a list of targets.  And

2    you have all the IP addresses.  It's definitely a security

3    risk.  You could run scripts or denial service attacks.

4         Q       If you were going to compare it by way of analogy to

5    something outside of the technology framework, can you do that?

6         A       If I was going to break into a bank -- a bank's

7    vault, and there's all sorts of, you know, safety deposit

8    boxes, for example, I would rather know which safety deposit

9    boxes have the majority of valuables and which ones are -- I

10   should skip.  Where as this, it's kind of like that because,

11   you know, I could look at it, if I were a hacker, and say oh,

12   here's the sequel server.  Let's go for that.  That sounds like

13   it's got some interesting data in there.

14        Q       And is there any legit -- well, if someone does not

15   hack in, can someone even use it from outside?

16        A       No.  Not a nonroutable address.

17        Q       Have you ever seen anybody publish their nonroutable

18   addresses?

19        A       No.

20        Q       What is a UDP usenet death penalty?

21        A       It's where a group of anti-spammers would contact

22   several different ISPs or several different usenet providers to

23   get them to De-Peer you or to cut you off of usenet.

24        Q       Does the information in Ms. Donarski's affidavit

25   exhibit in any way facilitate a UDP?

                                                                 Page 64





1         A     Assuming a hacker were to get in, we definitely have

2    valuable information about our peers on our network that could

3    be useful on a UDP.

4         Q     Could it have any impact on the network structure if

5    a hacker got in with that information?

6         A     On the network structure?  It would definitely have

7     -- it would have an impact in that, you know, the hacker could

8    use that information to run attacks.

9         Q     What does that mean, "to run attacks?"

10        A     Basically, they could run -- knowing all of the

11   addresses that they would know from the zone file, they could

12   run a script, which would run say a road program on all of

13   those machines, thus --

14        Q     What would that cause -- what would that do to your

15   server?

16        A     It could -- it would potentially bring many servers

17   down or cause them to malfunction or --

18             MR. WALLACE:    Objection, Your Honor, witness is

19   speculating.

20             THE COURT:   Overruled.

21        Q     What did Sierra use as its domain names for the

22   active directories for Sierra's internal networks prior to Mr.

23   Ritz's incursions?

24        A     We used sierracorporatedesign.com and newsfeeds.com.

25        Q     Are they still used?

                                                               Page 65





1          A    Not for active directory, no.

2          Q    Could somebody have typed in -- withdrawn.  Are

3    computers on those networks assigned specific names under the

4    domains?

5          A    Yes.

6          Q    If someone types in a specific computer name with

7    those domains on their web browser, will they go to that

8    server?

9          A    If it was a nonroutable address, no.  And even if it

10   was not -- even if it was a routable address, there would have

11   to be a web server running on that host to pull up anything.

12         Q    There was also some testimony about Telnet and I

13   believe it's in the record that Mr. Ritz conducted a Telnet

14   session with your servers.  Is that accurate as you understand

15   it?

16         A    Yes.

17         Q    Do email servers use Telnet connections to

18   communicate with each other to your knowledge?

19         A    No.

20         Q    And Mr. Ritz's deposition indicates that he used the

21   verify command when he was communicating with Sierra's email

22   that is MX server.  Have you ever used a verify command against

23   an email server?

24         A    No, I don't even know what it is.

25         Q    Before this lawsuit was started, did you know Mr.

                                                              Page 66





1     Ritz or Mr. Falk?

2         A        I had certainly heard of both of them and I've been

3    contacted by Mr. Ritz in the past.

4         Q        Had Sierra been contacted by Mr. Falk?

5         A        I'm -- I can't recall any specific examples, but I

6    believe so.

7         Q        In what fashion?

8         A        Probably an abuse type capacity.

9         Q        What does that mean?

10        A        He would have probably contacted us regarding spam

11   issues or some sort of abuse issues involving our service.

12        Q        And what was your contact with Mr. Ritz?

13        A        He had called me one time regarding an abuse issue,

14   that I recall.

15        Q        Do you see Mr. Falk and Mr. Ritz -- withdrawn.  Are

16   you familiar with any groups that they belong to?

17        A        Yes, I've heard of a few of them.

18        Q        What?

19        A        SPUTUM, some organization and then -- I can't think

20   of the other name right now.  SPUTUM is the one that's coming

21   to mind.

22        Q        What do you understand the objectives of the

23   organization to be?

24        A        They claim to be antispam vigilantes that try to

25   bring down known spamming organizations, organizations known to

                                                                  Page 67





1     proliferate spam on the Internet.

2         Q      And Mr. Ritz has testified that in his view, Sierra

3    is such an organization.  So keeping in mind that SPUTUM's

4    goal is to bring -- keeping in mind SPUTUM's goal and keeping

5    in mind Ritz's view of Sierra, tell me what, if any, concern

6    you have with this information that we've been talking about

7    being in the hands of Mr. Ritz, Mr. Falk and SPUTUM and the

8    Cabal and the Inner Circle.

9               MR. WALLACE:    Objection, Your Honor.  That's like

10   five questions and it's building on -- adding in the Cabal and

11   the Inner Circle and all these other groups or whatever you

12   want to call them that Mr. Harristhal has not been asking the

13   witness that.

14              THE COURT:   Overruled.

15        A      I'm sorry, could you re-ask the question?

16        Q      What concerns do you have with this information

17   being in the possession of Mr. Ritz and those groups?

18        A      Well, I would -- I don't trust them as far as having

19   confidential network information.  I believe that they would

20   probably use it in any way they could to do harm to our

21   company.

22        Q      Have you looked at Sierra's firewall logs with

23   regard to Mr. Ritz's incursions?

24        A      Yes, I have.

25        Q      Did you have any observations about how diligent he

                                                                Page 68





1     was with trying to get through?

2           A        I recall seeing -- knowing the IP addresses he was

3    using from his deposition, many, many, many attempts, pages of

4    attempts, trying different things on different ports.

5    Particularly targeting Port 53 I remember noticing, which I

6    can't believe we're in the context of any sort of legitimate

7    lookups like a customer would do.

8           Q        You know, you brought up an interesting point.  You

9    said you saw his IP address at his deposition, and my colleague

10   had asked you a question earlier about whether it was possible

11   to set a server to decline, I believe it was, a zone transfer

12   request from a particular IP address.  Before this lawsuit

13   started, did you -- before reading it in his deposition, or at

14   least before you knew of the incursions by Mr. Ritz, did you

15   know his IP address?

16          A        No.

17                 MR. HARRISTHAL:   Thank you, Your Honor.

18                 THE COURT:   Alright, thank you, Mr. Allison.  We've

19   had direct, cross, and redirect, that's going to be enough for

20   now.  You may step down, sir.

21                 MR. HARRISTHAL:   Is the witness excused, Your Honor?

22                 THE COURT:   He's not under subpoena and we're not

23   going to allow anymore cross on him.  He can go as far as I'm

24   concerned.  So, Mr. Allison, you can be excused.

25                 MR. ALLISON:   Thank you.

                                                                   Page 69





  1                THE COURT:   Alright, who's next?

  2                MR. WALLACE:    I believe that's all we have.

  3                THE COURT:   And Mr. Harristhal, you wanted to ask Mr.

  4    Falk a few more questions?

  5                MR. HARRISTHAL:    If I may have a moment, Your Honor,

  6    I may just skip it.  Thank you, Your Honor, that's all.

  7                THE COURT:   Alright.  Thank you.  Alright, I think

  8    that about concludes all the testimony that we're going to be

  9    receiving on this.  I would like you to sum this up to me in

  10   letter form simultaneously.  Would it be possible in two weeks

  11   to be able to --

  12               MR. HARRISTHAL:    I would -- that's plenty of time,

  13   Your Honor.

  14               MS. DONARKSI:     Less time would work, Your Honor.

  15               THE COURT:   Alright.  How about if a week from today

  16   you each drop your response into the mail.  Would that work?

  17   That would be the 16th.  Okay, that clears that one up.  Now on

  18   to the summary judgment issues.  Alright, we'll move onto the

  19   summary judgment issues then.  Mr. Harristhal and the Plaintiff

  20   have brought a motion for summary judgment against Defendant

  21   Mr. Ritz.  Mr. Ritz has requested -- well, go ahead -- Mr.

  22   Huitink, why don't you go ahead and tell me what you're asking

  23   for under 56(f).

  24               MR. HUITINK:    Sure, Your Honor.  As you know, this

  25   case has been fairly uniquely postured for a couple of reasons.

                                                                      Page 70





1     The first has been Mr. Ritz's health condition.  And the

2    second has been since I would say early November, the presence

3    or question about the presence of Mr. Falk in this dispute.  I

4    would note for the record that an ex parte motion was filed --

5    signed by the Court the first week of June of last year and as

6    part of that proceeding, the Plaintiff has been requesting a

7    deposition of Mr. Ritz.

8              Due to his health condition, that deposition wasn't

9    completed.  It was begun in November of `05 and completed in

10   January of this year.  What I'm asking for is this, this case

11   is not even proceeded beyond the point where we've decided one

12   of the named Defendants will remain a party of the litigation.

13   That Defendant, Mr. Falk, has a right to participate in

14   discovery.  That discovery has not occurred for that reason,

15   and secondly, due to Mr. Ritz's health condition.  What we're

16   asking for in this case and what's required for us to ask under

17   North Dakota law is one, to identify what discovery we need;

18   two, tell you why it's relevant; and three, tell you why it

19   hasn't been taken.

20             The discovery we need, and frankly, some of it has

21   occurred on the evidentiary record in this hearing, is the

22   security precautions or lack thereof of Sierra Corporate Design

23   and relating to these allegations in this lawsuit.

24   Specifically, as you've heard, it's Mr. Ritz's contention that

25   not only was authorization to do what he did not necessary, no

                                                                Page 71





  1       one on earth would have expected it to be necessary.  And I'll

  2      note as a sidebar that's consistent with what we've heard in

  3      part of Mr. Allison's testimony on cross examination.

  4                 Mr. Ritz needs the opportunity to one, depose

  5      Sierra's principles on that, and number two, to give you expert

  6      testimony to demonstrate to you exactly why no one would have

  7      expected an authorization to be necessary here.  That's

  8      relevant, Your Honor, because the lynch pin of the Plaintiff's

  9      case on both claims, computer crimes and trespass to chattels

  10     is their allege lack of authorization for Mr. Ritz to run the

  11     DNS queries that are at issue here.  I don't think that's in

  12     dispute.  And that goes directly to the second point.

  13                Number three, I think it's kind of silly under the

  14     facts and circumstances of this case to conclude that this

  15     discovery should have occurred or been completed by this point.

  16     If you simply look at the filing date of the case versus what

  17     the date of the motion hearing is today, you are ignoring

  18     what's actually occurred in this case.  And frankly, the

  19     Plaintiff having asked for Mr. Ritz's deposition, imaged his

  20     hard drive three times and not concluded it until January, it

  21     would have been frankly unfair for us to charge in and conduct

  22     substantial discovery before the Plaintiff got through the

  23     discovery it first requested.

  24                Secondly, it is unfair to Mr. Falk at this point for

  25     us to have engaged in substantial discovery without his

                                                                    Page 72





1     presence in the lawsuit.  And unfair to us to have to come

2    back and redo it if Mr. Falk decides there's discovery unique

3    to him.  Those are the three points I wanted to raise, Your

4    Honor, that are raised in our brief with regard to the Rule

5    56(f) motion we filed for continuance.  I note that we haven't

6    even had a Rule 16 Conference, things such as witness

7    disclosures, deadlines for amending pleadings and on and on.

8    More to the merits of the Plaintiff's motion, if I can go

9    there, --

10               THE COURT:   Let's not --

11               MR. HUITINK:   -- I would note to the Court that a

12   large portion of this --

13               THE COURT: -- let's not go there.  Let's not go there

14   just yet.  We'll allow Mr. Harristhal an opportunity to address

15   your 56(f) issues.

16               MR. HARRISTHAL:    Thank you, Your Honor.  Mr. Huitink

17   does not represent Mr. Falk.  Mr. Falk has not objected to the

18   motion.  He has not filed a response to the motion.  He has not

19   objected to the lack of discovery opportunity in the case.  Mr.

20   Huitink lacks standing.  Mr. Ritz lacks standing to object on

21   behalf of Mr. Falk as to any discovery that Mr. Falk has the

22   right to participate in.

23               Secondly, Mr. Falk has participated in discovery.  He

24   was deposed in this case, although briefly and it was really

25   primarily oriented to his computer.  His computer was also

                                                                  Page 73





1     imaged and it now resides in the possession of his attorney.

2    He has had the opportunity to do these things and this is

3    someone, Your Honor, who is, as you know, from the affidavits

4     -- excuse me, the emails that you've seen from him, he dodged

5    service.  And he's done everything he could to drag his feet

6    and avoid the expeditious progression of this case.  He did

7    what he could to force up our costs by dodging service and

8    boasted about it on the Internet.  And now he's asking -- well,

9    that's why he isn't asking, Mr. Huitink is asking, that you

10   slow the process up when he's done everything he could to keep

11   the case from starting in the first place.

12              And as to Mr. Ritz's health condition, Your Honor,

13   while that appears to be a factor early, he has participated in

14   the case, he has been deposed on a couple of days for quite a

15   number of hours, he answered interrogatories, he answered

16   document requests, he's answered admission requests.  And

17   discovery is a mutual process, Your Honor.  There was nothing

18   that foreclosed him.  No reason he couldn't conduct discovery

19   of the Plaintiff while he was responding to the Plaintiff's

20   discovery.  These cases go forward all the time.  All civil

21   litigation goes forward all the time.  And indeed there is a

22   rule that prohibits one from using the other parties' position

23   on discovery responses as an excuse not to answer, he had every

24   opportunity to proceed, but instead, he, at least as to part of

25   this time, has totally ignored it.

                                                              Page 74





1                And let's not forget what he was doing before the

2    case got moving, Your Honor.  Even while he was still in the

3    hospital, he was doing these incursions into Sierra's servers.

4    This is not a disputed fact.  He testified to it in his

5    deposition that in July he was coming in and copying the data

6    from my client.  And now he wants you to believe that he wasn't

7    sufficiently healthy to take part in discovery, even though he

8    could be deposed and answer interrogatories and document

9    requests.  That's absurd.  Of course he could have done it.

10   What he's trying to do is to have you decide this case is some

11   sort of a backdoor summary judgment fashion in Mr. Falk's

12   motions on jurisdiction by going to the heart of the case

13   there.

14               With regard to a Rule 16 Conference, Your Honor, it's

15   my understanding that Rule 16 Conferences are not at all

16   typical in civil litigation in this jurisdiction and if they

17   are going to happen, it's only if one of the parties requests

18   it.  Nobody requested one, so of course there hasn't been a

19   Rule 16 hearing or conference.

20               So, Your Honor, we ask that you proceed with the

21   summary judgment -- the partial summary judgment motion at this

22   point.  They can conduct further discovery later on.  So can

23   Mr. Falk.  This case will not be over, but we will have

24   established liability as to Mr. Ritz.  Thank you.

25               THE COURT:   Alright.  In looking at the progress that

                                                                     Page 75





1     this case has made and in considering the 56(f) motion, I'm

2    going to deny that.  We're going to proceed today with the

3    summary judgment hearing on this.  I have the briefs of the

4    parties.  Responses and replies to that.  Mr. Harristhal, if

5    you wish to make any oral argument at this time.

6               MR. HARRISTHAL:    Very briefly, Your Honor.

7               MR. HUITINK:   Your Honor, it's Mr. Huitink.  I'm

8    sorry, we just        lost audio.  I can't hear a word anyone is

9    saying.

10              THE COURT: Alright.  Can -- are we back on line with

11   you?

12              MR. HUITINK:   I can hear you now.

13              THE COURT: Alright, Mr. Harristhal is going to make

14   his brief oral argument on this.

15              MR. HARRISTHAL:    Your Honor, there aren't any

16   disputed issues of fact in the case.  We've had --

17              THE COURT:    Mr. Huitink, are you on top of the

18   microphone or whatever with your papers?  Is that --

19              MR. HUITINK:   No, Judge.  It's free and clear and I

20   can hear you just fine.  I can't hear Mr. Harristhal.

21              MR. HARRISTHAL:    Can you hear me now, Mike?

22              MR. HUITINK:   I can now.

23              MR. HARRISTHAL:    Let me just pull the microphone

24   closer.

25              MR. HUITINK:   That would be helpful.  Thank you.

                                                                  Page 76





1               MR. HARRISTHAL:   Your Honor, the essence of a summary

2    judgment motion is that there be no disputed issues of fact in

3    order for you to grant it.  There aren't any.  It is undisputed

4    that Mr. Ritz made these multiple incursions.  It is undisputed

5    that he was informed by virtue of being served with a summons

6    and complaint that it wasn't authorized.  He boasted on the

7    Internet that it was without permission.  Semantic differences

8    aside, it is a distinction without a difference to say, I

9    lacked permission, but I had authorization.  This is a legal

10   issue,   Your Honor.  And he was notified by virtue of this

11   lawsuit that what he was doing was trespass and was

12   unauthorized and yet he continued to do it.  The facts couldn't

13   be much clearer.

14              The initial access is a longer question, which we've

15   briefed thoroughly, and so I won't bother to trouble the Court

16   with all of those facts, Your Honor, but there cannot possibly

17   be any question but that as to the later incursions after the

18   case was commenced at the end of May in 2005, were clearly

19   unauthorized.  Mr. Ritz knew that he wasn't suppose to be going

20   in there, he bragged to his buddies in SPUTUM and the Cabal

21   and the Inner Circle about what he had done and then had no

22   remorse for it.  It was unauthorized, it was without permission

23   and summary judgment should be granted in that regard.  Thank

24   you.

25              THE COURT:   Alright.  Thank you.  Mr. Huitink.

                                                                 Page 77





1              MR. HUITINK:   Thank you, Your Honor.  Well, first of

2    all, I want to start with this.  It's funny that we're even

3    discussing what happened in July because it doesn't exist in

4    this case.  Nowhere in the complaint is anything alleged as to

5    what happened in July.  And if the Plaintiff wants to talk

6    about timing and diligence, there's been no amendment made to

7    that complaint to include that.  So not only can't you grant

8    summary judgment on it right now, Judge, whatever Mr. Ritz did

9    in July, whatever they want to put in front of you, ought to be

10   pled before it's considered.  You can't even consider it.

11   Plaintiff, if so chooses, can file a motion to amend the

12   complaint and we'll respond accordingly.  More to the heart of

13   the issue, the permission versus authorization is not just a

14   distinction without a difference, a linguistic play, if you

15   will as Mr. Harristhal states.  Indeed, it's Mr. Harristhal

16   making the linguistic play.

17             When he asked Mr. Ritz his position, which whether

18   Mr. Ritz, as you've read, obtained permission before he ran the

19   queries and the answer was no, which notably missing from that

20   analysis is whether or not Mr. Ritz needed permission before he

21   ran these queries, and there has been evidence in the affidavit

22   of Mr. Ritz and the testimony in this case, the answer is no.

23   At best, Your Honor, at best, what we have is a difference of

24   an inference to be drawn.  Would somebody in Mr. Ritz's

25   position expect that permission was needed to run the queries

                                                                Page 78





1     that were run in February of 2005, or as we believe the

2    evidence will show at trial and as Mr. Ritz has testified,

3    there was no reason to believe that permission was necessary.

4    That standard under the statute, the standard for

5    unauthorization, if you will, is just that, not authorized.

6    It's not seeking permission.  If I can draw an analogy here for

7    just a moment, the analogy is this, Judge, how many times have

8    you, I, anybody else in the courtroom visited a website on the

9    Internet, and if somebody would ask you the last time you

10   looked up an ABCnews.com whether or not you sought and obtained

11   permission, the answer would inevitably be no.  And then the

12   deposition testimony you gave on that would look substantially

13   identical to what Mr. Ritz testified to in the deposition.

14              If you go to the next step and you say, why didn't

15   you seek permission?  Did you think it was necessary?  The

16   answer is obviously not.  It's a website.  It's there for

17   viewing.  That's exactly what Mr. Ritz is telling you in his

18   affidavit.  That's exactly what he's testified to.  These

19   things were out there being run as you've heard today in

20   testimony, without need for authorization, this information

21   exists.  It's open to everybody.  These types of queries are

22   run all the time.  We believe ultimately on those facts we are

23   going to prevail on trial and this is a sham piece of

24   litigation.  However, sticking to the summary judgment

25   standards at issue, I think it's important to remind the Court

                                                                Page 79





1     that not only must the Court assume all facts in Mr. Ritz's

2    favor, it must assume all inferences from facts in Mr. Ritz's

3    favor.

4              With that, Your Honor, I would pause it to you that

5    it is patently unjust, unfair and simply wrong to grant

6    Sierra's motion for partial summary judgment as this

7    authorization issue is either one, right resolution in Mr.

8    Ritz's favor, or two, more likely the hotly disputed act that

9    will go on and will be contested until we at least have the

10   opportunity to conduct a little more discovery in the case.

11   But on the record before you, there is no basis for this Court

12   to conclude, drawing all facts in Mr. Ritz's favor, drawing all

13   inferences in Mr. Ritz's favor, that there was an unauthorized

14   access that would trigger the Plaintiff's complaint.

15             THE COURT:   Alright.  Thank you.  Mr. Harristhal,

16   anything else?

17             MR. HARRISTHAL:   Very briefly, Your Honor.  Our

18   complaint is not limited to time, Your Honor, if you just start

19   looking, for example, at Paragraph 21 through 53, they don't

20   limit themselves as to time.  It simply alleges that Mr. Ritz

21   copied, published, etcetera, the information.  The fact that he

22   continued to do these things doesn't restrict us from including

23   those later acts as part of this suit.  It's entirely

24   appropriate to do that.

25             Your Honor, the argument that this was open to

                                                                  Page 80





1     everybody, number one, is inaccurate.  Number two, is

2    immaterial.  First as to its accuracy, we've had testimony

3    establishing in an unrelated motion, so I'm not sure that it's

4    even proper to consider it, but that Mr. Ritz spent tons of

5    time trying to make this happen.  This wasn't some accidental

6    or inopportune egress.  He was doing it over and over and over

7    again until he found a way in.  That's what hacking is, Your

8    Honor.  It's finding a vulnerability in the system and

9    exploiting it.  And once you've found that vulnerability, sure,

10   everybody in the public could do it until you close it up.

11   That is what hacking is.  That's what Mr. Ritz is.  That's what

12   Mr. Falk is.  They're hackers.  They found ways to get in after

13   putting in a lot of time to figure out how to get there and

14   then they exploited it.  It doesn't make it authorized.  It

15   doesn't make it legal.

16              Which is the next real question, which is whether it

17   matters whether anybody else could have done it and it doesn't,

18   Your Honor.  This is not a trade secret misappropriation case.

19   We are not required to show that we undertook efforts

20   reasonable under the circumstances or adequate measures to

21   protect the information like one has to in a trade secrets

22   case.  If you look at the caselaw that's been cited, and there

23   has not been any caselaw to the contrary cited before you, Your

24   Honor, that is not required.

25              When he was served with his complaint, he was on

                                                                  Page 81





1     notice.  He knew that he wasn't suppose to go in there, and he

2    did it anyway.  If you look at the registrar versus Vario case,

3    if you look at the CompuServe case, these people -- these

4    companies had servers.  They were sending webcrawlers to them,

5    etcetera, things that other people were able to do.  That

6    individual was informed not to do what that individual was

7    doing by virtue of a demand letter or a lawsuit or something

8    like that, and they did it anyway.  He knew he wasn't suppose

9    to do it, Your Honor, and he did it.

10               If you want to look at the trespass analogy, Your

11   Honor, I can have my property, my private property, which Mr.

12   Ritz concedes our servers were, Sierra's private property, I

13   can foreclose one person from coming in.  I can say, you can't

14   come in even though I let everybody else in.  That's the law of

15   trespass.  Sierra, in effect, did the same thing.  It informed

16   Mr. Ritz that he couldn't come into its server anymore and run

17   those zone transfers and copy the domain information, etcetera;

18   he did it anyway.  Under the law of trespass, that was

19   unauthorized.  And by analogy, that same rule should apply with

20   a statutory claim, Your Honor.  He knew it was a computer crime

21   law violation, we had put him on notice, he didn't care and he

22   did it anyway.  Thank you.

23               THE COURT:   Alright, thank you.  I think some of this

24   -- well, the scintilla of evidence argument here that's raised

25   in all summary judgment motions I'll take that into

                                                                  Page 82





1     consideration, but I still want to go back and review a few of

2    the things I have here, so I'm going to take this one under

3    advisement and I'll issue a written opinion on your motion.  Is

4    there anything else then today that we --

5              MR. HARRISTHAL:    Yes, Your Honor, actually there is.

6    Ms. Donarski's affidavit has been put into the record and it

7    contains these zilla queries filed materials, which frankly

8    we've been reluctant to put in.  It is true that Sierra has

9    remapped its network structure, however, by reviewing that

10   information on the zilla queries file, one can draw certain

11   facts from it such as employee names and other information that

12   can be useful in hacking a number of servers, for example.  We

13   would ask that the zilla queries file, which is attached to Ms.

14   Donarski's affidavit be marked confidential pursuant to your

15   protective order in the case.  This is, after all, the same

16   information which in the TRO you ordered be taken down off the

17   Internet and to be consistent with that, it is very important

18   that the information not be used by anyone for purposes

19   unrelated to this litigation.  So we ask that it be designated

20   confidential.

21             THE COURT:   Okay.  Ms. Donarski, do you have a

22   problem with that?

23             MS. DONARSKI:     Well, Your Honor, it's a record from

24   the State's Attorney's Office.  I mean, I -- you know, I have

25   no intent of proceeding with it, but I already got it through

                                                               Page 83





  1        an entity that -- I don't know how public it already is, Your

  2    Honor.  They provided it -- Plaintiff provided it to Cass

  3    County or at least to the police department who in turn

  4    provided it to Cass County State's Attorney's Office.  So I'm

  5    not going to agree to anything in that regard because it's

  6    outside of my control, Your Honor.

  7                THE COURT:   Okay.  Well, it's not outside of my

  8    control, at least on this particular file, so why don't we do

  9    this, if you can specifically identify those pages for me, put

  10   it to me in a letter of some form and I'll direct the clerk to

  11   identify that affidavit and -- or those portions of it and

  12   either redact that information out of there or seal it.  We'll

  13   seal it up, I guess, is what we'll do.  So you can do that.  At

  14   least for this file, I can do that.

  15               MR. HARRISTHAL:     Thank you, Your Honor.

  16               THE COURT:   Alright.  Anything else?

  17               MR. HUITINK:   Your Honor, I do have one more request.

  18               THE COURT:   Yes.

  19               MR. HUITINK:   We did have a fairly lengthy

  20   evidentiary hearing that began and then ended with this summary

  21   judgment motion in between.  I would like to file just a short

  22   supplement to our response to summary judgment based on the

  23   testimony I heard today, if that's possible.  I believe you

  24   need to resolve a summary judgment motion on all evidence in

  25   front of you and we now have additional evidence taken

                                                                   Page 84





  1       specifically the testimony of Mr. Allison.  I'd like just a

  2      very short opportunity to show you how that testimony in and of

  3      itself defeats this motion.  Something we didn't have before

  4      today.

  5                 THE COURT:   Mr. Harristhal.

  6                 MR. HARRISTHAL:    Yes, Your Honor, we object.  They

  7      elected not to conduct the discovery.  It wasn't made part of

  8      this hearing.  It has not been incorporated.  It was not done

  9      for that purpose.  You applied the rules of submission very

  10     strictly against the Plaintiff in what evidence you were

  11     allowing in, and now at this point to allow in additional

  12     factual submissions that I haven't had an opportunity to brief.

  13     They had the chance to do discovery.  They had the chance to

  14     file their briefs.  Now they're trying to put in more after the

  15     record is closed; it would certainly be outside the spirit of

  16     your rulings in the other motions.

  17                MR. HUITINK:   Well, frankly, Your Honor, had Mr.

  18     Harristhal finished this hearing and not went on and on and on

  19     for hours last time, I would have had this testimony to begin

  20     with.  You know, this hearing goes and it gets continued to May

  21     9 and all of a sudden this summary judgment motion pops up

  22     while we're sitting back and waiting for the conclusion of the

  23     jurisdictional hearing.  Allowing us to use the evidence that

  24     could have been brought out, you know, over a month ago on this

  25     is not unfair to anyone.  And if Mr. Harristhal wants his own

                                                                     Page 85





1     opportunity to supplement with what's been stated, I don't

2    have an objection to that at all.

3              THE COURT:   Alright.  I'm going to deem the summary

4    judgment motion as submitted as it stands and call it a day at

5    that.  I think we have enough here.  So, anything else?

6              MR. HARRISTHAL:   No, Your Honor.

7              THE COURT:   Okay.  Alright, with that then we are

8    adjourned.

9              (Whereupon, the above proceedings were

10   adjourned.)

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

                                                                 Page 86



                    CERTIFICATE



State of North Dakota   )

                        ) ss.

County of Cass          )

     I, Vicky Matthys, do hereby certify that the foregoing

proceedings were mechanically recorded and a record made

thereof at the time and place indicated.

     I do hereby further certify that the foregoing and

attached 86 typewritten pages contain an accurate copy of the

transcription of said mechanical recording then and there

taken.

     Dated at Fargo, North Dakota, this 14th day of May, 2006.



                                Vicky Matthys
                                Electronic Court Recorder
                                East Central Judicial District