Dispatches from the Creation Wars

Fafarman’s Latest Lunacy

Man, this guy just gets loonier and loonier. Check out this post on his blog where he says I’m breaking the law in the UK:

I have already discussed many of the evils of attempts to ban commenters by means of IP address blocking. I have now discovered that blog service Scienceblogs’ leakage of IP address information to blogger Ed Brayton (Dispatches from the Culture Wars) is a criminal offense in the UK and possibly elsewhere in Europe…

Larry, you muddleheaded moron, ScienceBlogs doesn’t “leak” your IP address to me, it’s logged every single time you leave a comment. I have complete control over the content of my blog, including content left by commenters. And this may come as a shock to you, since while we both inhabit the US you seem to live in fantasy land, but this isn’t the UK.

But Larry isn’t done. He actually thinks this has something to do with the 4th amendment:

Leaking IP addresses is also contrary to Amendment IV of the Bill of Rights:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Jesus Christ, Larry, how freaking stupid can you possibly be? The 4th amendment is a limitation on what the government can do. You post on my blog, I get your IP address. You don’t like it, don’t post on a blog. Of course, you don’t get to post here anyway, not that you’ve ever figured that out.


  1. #1 Raging Bee
    March 30, 2007

    He’s quoting the 4th Amendment in relation to your actions on your own blog? There’s no use arguing with someone that obsessive or unhinged.

    If he’s going to create his own bubble-verse, can’t he at least create one that’s halfway pleasant to hide in? I made myself a better pretend-world in grade-school.

    I see a new TV show: “Queer Eye for the Straight Bubble-Verse.” The Queer Eye crew redecorate some poor sod’s alternate reality, and viewers can place bets on whether the sod admits their existence.

    Of course, the sods in question would probably be so unpleasant as to make such a show unwatchable. But then again, Jerry Springer did okay, and they still haven’t cancelled “Bridezillas”…

  2. #2 Raging Bee
    March 30, 2007

    Posible Queer Eye moment: “‘Lee’s Lieutenants’ in three volumes is certainly impressive on any bookshelf, but when you see it next to ‘The Protocols of the Elders of Zion’ and the collected works of Jeffrey Archer, it loses a lot of its effect…”

  3. #3 mark
    March 30, 2007

    You mean if I write you a letter, you’re allowed to read the return address? There oughta be a law!

  4. #4 mah9
    March 30, 2007

    I’m pretty sure that even in the UK whoever runs/owns a website is allowed to record certain data on people who visit it. The problem only comes in with what is done with the data after that. And as I’m pretty sure you’re not selling this info on to spammers etc, and not using it for any other nefarious purposes (unless Fafarman actually believes that you are cyber-stalking him), you should not have anything to worry about.

  5. #5 Paul Schofield
    March 30, 2007

    Unless he is trying to twist the Data Protection Act, I don’t have a clue what he is going on about.

    The DPA mostly deals with customer information for businesses that store data electronically, and which has been built on older laws about the paper storage of confidential material. We had to do a lot of work about it in my old ICT classes. It is the reason (for UK companies anyway) for the long disclaimers you have to check or uncheck when a company wants the right to spam you. And it has little to nothing to do with IP addresses.

    This guy obviously hasn’t been on forums much before, or else he would have seen stuff like this quite a lot. The idea that someone can access a site without revealing at least a deliberately altered IP address is nonsense, and the protection of that data is non-existant.

  6. #6 Matt Penfold
    March 30, 2007


    You are mistaken on a point of UK law. It does NOT matter where you or your blog server are located.

    UK computer misuse law applies if an entity (either an individual or organisation) are effected. Of course the person’s complaint is idiotic but do not assume becuase you do not reside in the UK, or Europe for that matter since the law on computer misuse is similar in most EU countries, that you do not have to comply with the law when dealing with a resident of the UK or Europe.

    A number of US based companies have fallen foul of this as Europe has tighter controls over the use of personal information held by third parties. Storing personal information on a EU national in the US is a criminal offence in the EU unless explicit consent has been given and the organistion holding the data has undertaken to abide by the principles of EU law regarding data protection.

    The European Court has recently ruled that the US Goverment has broken EU law by requiring airlines submit personal information on passengers travelling to the US.

    That all said the person complaining is talking bollocks. IP addresses do not constitute personal information unless accomponied by other information, and in anycase posting a comment on a blog would constitute agreement to the data being held.

  7. #7 Kate
    March 30, 2007

    matt, I think you missed the part where Ed clarifies that both he and Larry are residents of the USA. I believe that moots the UK law entirely as the webservice is not affecting a UK resident at all.

  8. #8 Matt Penfold
    March 30, 2007


    I missed the part about where Larry lives, thank you for pointing that out.

    However my main point, that Ed, or anyone else in the US, is not free from complying with EU data protection law where they hold data on EU nationals still stands. It is a point that too many in the US do not grasped. Now in the case of bloggers like Ed the point is somewhat moot, the law is intended to catch companies and organisations, not individuals. However were a blogger to start selling email addresses and the like then the law would apply

  9. #9 Reed A. Cartwright
    March 30, 2007

    Matt, I looked up the law in question and it only applies if the “controller” (e.g. Ed) has a presence in the EU or EU overseas territory and is doing activities there and/or the server is located in the EU.

  10. #10 Matt Penfold
    March 30, 2007


    Sorry you are incorrect. The law applies regardless. Data may only be held inside the EU if the data protection laws are complied with. Outside the EU the law requires that either similar laws are in place where the data is being held or the organisation holding the data must agree to abide by the the principles of the EU law.

  11. #11 Matt Penfold
    March 30, 2007


    The part of the data protection law you need to look at are the rules on data tranfer. Essentially data held on an individual in the EU cannot be transferred outside the EU unless the country has laws similar to the EU in place. In most cases the EU has detirmined that other countries data protection laws are ok, and so there is no problem tranferring data (provided that the other requirements of the law are met). However in the case of the US the EU does not consider the data protection laws adaquete so US organisations must sign an undertaking to abide by the principles of EU law. The EU and US are negotiating over a treatly that will remove the need for this. Progess has been slow however.

  12. #12 doctorgoo
    March 30, 2007

    This guy is so crazy! Almost every time he has posted here recently as “Anonymous”, he denies that he’s Larry and expresses surprise that his posts keep getting deleted.

    But then he goes to his own blog and starts complaining about being banned… and thus basically admitting that he is Larry.

    He can’t even keep his lies straight. What a moron!

  13. #13 Reed A. Cartwright
    March 30, 2007

    Matt, in the example you cite, the law still does not apply to US “companies”, but rather EU “companies” wishing to do business with US “companies”.

  14. #14 Dr X
    March 30, 2007

    He reminds me of lunkheads I’ve heard complaining that the banning of certain comments or commenters in blog forums represents a violation of 1st ammendment rights.

  15. #15 Raging Bee
    March 30, 2007

    Dr. X: It would be a miracle if Larry ever sounded even as credible as that.

  16. #16 Matt Penfold
    March 30, 2007


    The law does indeed apply to EU companies, but it also applies to US entities.

    PayPal fell foul of these regulations and as a result was forced to setup an European arm with an HQ within the EU. Had it not done so it would have been unable to receive payments from within the EU. I should point out that the Paypal decision was also infleunced by the fact it was not collecting VAT when applicable. Failing to comply with either law would have rendered PayPal liable to large fines.

  17. #17 Ruth
    March 30, 2007

    Matt Penfold

    The UK Data Protection Act does extend protection outside the UK. However it does this by making it illegal for a UK entity to transfer data to any entity which does not comply with restrictions as tight as, or tighter than, those of the UK. The recipient of any such illegally transfered data would not be committing a crime, however. That would be like making it a crime to buy stolen goods, even if you had no way of knowing that they were stolen. The criminal is the person SELLING the stolen goods in the first place.

    Since the ‘information’ in question was never, at any point, held by a UK entity, the UK DPA doesn’t apply at all.

    Ruth – employee of a UK Data Processing company

  18. #18 Beren
    March 30, 2007


    It’s impossible for any upload or download to occur on the Internet without an exchange of IP addresses. Granted: ScienceBlogs could attempt to hide the IP from its members, and there are various ways to change the IP address you appear to originate from (like using a proxy server), but still… in general, using a web site means you are broadcasting your IP address, unencrypted, over publicly monitored communication channels. Anybody who likes can use a packet sniffer to discover it, and any web site author can easily access it.

    His behavior is like going to a party, attacking the other guests, and then becoming upset when you find that the host is distributing your name and description to his friends with a warning not to invite you to the next party. In my personal opinion, if this is against the law in the UK then that law is wrong.

  19. #19 Matt Penfold
    March 30, 2007


    Thanks for proving my point. IT IS an offense to buy stolen goods, and you cannot rely on claiming “I did not know they were stolen” as a defence.

    And as for the information not being held by UK entity, you are wrong. If the person providing data is in the UK, they ARE that entity. If they are not in the UK, or EU since the law is essentially the same, then point is moot as no EU would apply. In otherwords any party collecting data from an EU entity is required to abide by EU law. Recent ruling from the European Court have confirmed this.

    I found it quite amazing how people have such problem with laws that are actually quite simple.

  20. #20 Matt Penfold
    March 30, 2007


    I would also point out, since you think it matters, that I am a database administator and also one of the named individuals responsible for ensuring compliance with data protection laws. I have also had considerable dealing with the Information Commisioner when investigating how to comply with the law.

    I have also drawn up data protection polcies. Indeed once such policy is used by a law firm as model of how draft one.

    None of this is relavent except you seem to think it important we know you work for a data processing firm.

  21. #21 Mikado
    March 30, 2007

    Well, if Larry insists that you not use his IP address, then that means your server will not be able to send packets back to him (since his IP address is used to route the packets from your server back to his browser). By all means then — when you get a packet from him, you should instantly dump it on the floor. That will prevent you from accidentally using his IP address for any objectionable purpose. (It will also mean that your server will never respond to his browser, but that’s a small price to pay.) I suggest filtering him at the firewall.

  22. #22 Reed A. Cartwright
    March 30, 2007

    Matt, Paypal ran afoul of the law because it wanted to do business in the EU. Paypal did not run afoul because of what it did with respect to its US customers.

    My point is that the EU cannot make a US transaction illegal nor have they.

  23. #23 Raging Bee
    March 30, 2007

    I notice Larry’s latest post is titled “Big new hole in evolution theory?” and the substance of the post is…a comic strip. And the comic strip disproves evolution by…are y’all ready for this?…mocking scientists for chagning their theories in response to new information. Because if it responds to reality, it can’t possibly be Truth.

    There’s really no need to argue about the law here — none of it applies in his bubble-verse.

  24. #24 ma
    March 30, 2007


    “Matt, Paypal ran afoul of the law because it wanted to do business in the EU”.

    Exactly my point. At no stage have I said that the EU can make a US transcation illegal. My point has been that when one party is in the EU it is an EU transaction.

    It is also a US one for that matter, and there in does lie a problem. The requirements of the law in the US and the EU are not the same, and many organisations are at risk of falling foul of that. As indeed did Paypal.

  25. #25 Ben Ackerman
    March 30, 2007

    This is a pointless argument. An IP address is hardly personal information. This is the equivalent of trying to get out of a speeding ticket because the police officer didn’t have the right to write down a license plate number. It’s stupid.

  26. #26 Raging Bee
    March 30, 2007

    This is the equivalent of trying to get out of a speeding ticket because the police officer didn’t have the right to write down a license plate number.

    Don’t put it past Larry to say exactly that, if he ever gets a ticket.

  27. #27 Peggy
    March 30, 2007

    Larry should take the time to read a site’s privacy policy before commenting, if he is so concerned about people seeing his IP address.

  28. #28 kehrsam
    March 30, 2007

    IT IS an offense to buy stolen goods, and you cannot rely on claiming “I did not know they were stolen” as a defence.

    Matt: While there are a few Strict Liability crimes, receiving stolen property is not one of them. All Common Law crimes such as RSP require that to be guilty there exist proper mens rea, in this case “such person knowing or having reasonable grounds to believe the same to have been feloniously stolen or taken’ etc. NCGS § 14‑71, but the definition is the same anywhere.

  29. #29 Leni
    March 30, 2007

    Raging Bee wrote:

    Don’t put it past Larry to say exactly that, if he ever gets a ticket.

    Well, at least his weird constitutional arguments would be directed at a government agency. That’d be an improvement, sort of.

  30. #30 Alex Whiteside
    March 30, 2007

    Unless I’m greatly mistaken, an IP address isn’t considered a bit of special, private, protected information by common law or statute in England or Scotland (while we share statutes, don’t fool yourself that there’s such a thing as “UK law”), or for that matter the EU as a whole. It’s like your phone number or a return to sender address on a parcel – as long as someone’s not posting it up on the internet and instructing people to letter bomb you, or performing DoS attacks with it, no offense is being commited. No more than someone setting up a call block against your phone number.

  31. #31 Julie Stahlhut
    March 30, 2007

    Isn’t this the guy who mused in a PT post that an “IP address scrambler” would be a good idea?

  32. #32 John B
    March 31, 2007

    This is probably part of the much larger problem of the growing number of people who use the internet regularly and have no idea how it works, and more importantly, how little privacy you have in your use of it.

    There should probably be introductory courses included somewhere in the process of getting online for the first time that let you know what is really going on when you visit a web site, watch a streaming video, etc…

    For this guy to think Ed violated his privacy, he must think the internet is on his computer, or something…

  33. #33 Alan Kellogg
    March 31, 2007

    I had a commentor once with a similar malfunction. He had a few comments rejected as spam, so he accused me of banning him. Turns out his comments were rejected because he used false email addresses. Considering his reading comprehension and cognitive abilities, I doubt me greatly he ever understood why he wasn’t getting through. Ed, you’re not alone.

  34. #34 Loren Collins
    March 31, 2007

    If y’all haven’t seen it yet, Larry has a new post on his site responding to your comments above. My favorite two lines of his:

    “[Ed] will delete my comments on his blog whether I post under my real name or whether I post under a false name and the comment looks like it came from me.”

    Neither here, nor later in his post, does he ever deny being ‘Anonymous.’ He doesn’t express any concern over Anonymous getting deleted. He even admits “I post under a false name.”

    “Well, thank you for that piece of information. So if I were an EU — or at least a UK — national, then Ed and Scienceblogs would be breaking the law.”

    And if Larry lived in Austria or France or Germany or any of several other EU countries, he would be breaking the law with his Holocaust denial. That doesn’t seem to dissuade him.

    But apparently, Ed should feel obligated to follow a foreign country’s law because…um, because it happens to be the law somewhere else in the world. I wonder which countries’ free speech laws Larry thinks we should submit ourselves to?

  35. #35 Jon Rowe
    April 1, 2007

    I have a hard time taking LF seriously. When I read his posts I hear Tony Delogue’s voice in my head. See if you notice the resemblance.


New comments have been disabled.