In March 2002, while working in the Savvis Abuse Department, Terranson involved himself in a open relay abuse complaint by Av8 Internet to another customer of Savvis Communications. In the complaint, AV8 had some difficulty contacting the other Savvis customer (Orange County Online) that was abusing Av8 Internet services. Terranson did not assist, but instead made assertions about open relay services that were proven false to the satisfaction of Savvis' own attorney. Av8 Internet (Anderson) won the dispute without litigation. This is a strong demonstration that the open relay arguments made by radical zealots cannot withstand logical analysis and honest scrutiny in a civil forum. Later, Terranson began making false claims about Av8 Internet, apparently in revenge for being proved wrong.
In 2004, Terranson is fired from Savvis, and extorted the disconnection of 146 CAN-SPAM-compliant bulk emailers, by revealing confidential customer information to radical blacklists. By definition, compliance with CAN-SPAM means that email is not unsolicited, and that anyone who doesn't want the email can get off the list.
Terranson is a frequent Nanog poster. Nanog is ostensibly an educational organization for Network Operators, however a number of its participants are involved in questionable, extremist, and radical activities.
The incidents with Terranson illustrate that ISP and telecommunications companies need to be very careful about who they hire. Known radicals must be identified before employment. Employers should be on the lookout for employees who are associated with known radicals, moving them out of sensitive positions and out of the company.
March 2002 Terranson wants C/Net reporter Declan McCullagh booted over spam
joke:
A censorhappy syadmin,
a clueless spammer, and a "no joke" rule
April, 2004 Terranson was fired from Savvis, and was involved in leaking internal Savvis memos. Terranson published the memos on www.savvis.info, which Terranson set up. The www.savvis.info site has since been taken down. No one really knows how Terranson obtained the memos. The memos were ostensibly sent to Terranson through an anonymous remailer (We didn't know there were any still running--this claim seems a bit dubious on its face). However, we note that Terranson, as a Savvis email administrator with "superuser" access, may have been able to leak the memos to himself by accessing the executives' stored email on the email server. Or other similarly inclined system administrators may have sent the memos to Terranson. If either were the case, then it would probably be a violation of the Electronic Communications Privacy Act (ECPA), since Terranson wasn't a party and didn't have authorization to access the executives' email. Terranson (and others on Nanog) assert that the ECPA doesn't apply to ISPs.
When Savvis attorneys objected to the violation of the NDA that Terranson agreed to as terms of employment, Terranson said he "intends to honor the NDA, and that the NDA does not apply to illegal activity:
Fortunately, the NDA cannot cover anything which is illegal - an NDA is designed to conceal trade secrets, not illegal behavior. No document, data, or any other thing covered by a valid and binding NDA will appear on this site.
Its true that an NDA does not prevent one from reporting a crime. Enron, Worldcom, etc could not assert NDA agreements against accountants who revealed criminal activities in court. However, this isn't what Terranson does. Terranson isn't a "whistle-blower" in any sense of the word. Terranson neglects to identify any "illegal activity" by Savvis. In fact, it seems that all the "spammers" identified by Terranson were in compliance with the CAN-SPAM Act. [Terranson seems to think that CAN-SPAM compliant activity is still somehow illegal, and this is the subject of a current defamation suit against Terranson and Poortinga (see below). This defamation suit is unrelated to Savvis, except by the common condition of false, unsubstantiated assertions "illegal activity" by Terranson.]
Hmm: The NDA says:
Seems like Terranson revealed customer lists and customer database information. Nowhere is any illegal activity demonstrated, or even specifically asserted beyond the two words "illegal activity".1. The Employee agrees that unless previously approved in writing by an authorized officer of the Employer, during his or her employment by the Employer and for a period of five (5) years thereafter, he or she will not use for the benefit of himself or for others, or disclose to any person, partnership, company, coporation or other business entity, any SAVVIS specific information, specialized knowledge, trade secrets, confidential information, object or source codes, research and development concepts, new business or product ideas and concepts, customer lists, customer database information,...
Press coverage of the leaked memos:
Leaked
memos link spammers to ISP Savvis
The press coverage gives particular attention to the mention of "subversive business practices" in a Memo written by Kris Kistler, whom Terranson describes glowingly as the only honest employee. Kistler writes about Terranson:
I see more and more serious business concerns rapidly coming to the forefront. While these RBL sites are not pleasant, they are very much a reality that we have to deal with. This reality becomes even more time critical now that we have ex-employees and others actively trying to pursue every avenue to destroy Savvis reputation.
Then the "subversive" part:
This is pretty incredulous. Savvis cannot possibly change the company names of its customers, any more than say, GM can change the title to my car. Only the business can change their names. Savvis would have no authorization with the various states' departments of corporations to make such changes. Savvis could not possibly act on behalf of any other company to change its name. Switching IP addresses to combat abusive blacklists is a common practice of many ISPs. Many blacklists (SPEWS is particularly bad about this) intentionally try to interfere with non-spam customers by blocking 256 addresses (/24) when only one IP has sent spam. Switching IP addresses is an artifact of abusive blacklists, not a "subversive business practice". It seems more likely that Kistler is also a radical, of the same nature as Terranson.We should put the burden of changing company names, switching IP's, and using other subversive business methods back on the spammers themselves instead of acting on their behalf.
So let's see if we've got this straight:
In the memos Terranson released, Savvis says it will lose from $250,000 per month to $2 million per month. Doing the math on 2 and 3 year contracts, Savvis has been extorted out of between $3.75 million and $30 million in revenue. And of course, the legitimate, CAN-SPAM compliant businesses are also subject to extortion, ala Exactis V. MAPS. SPEWS and MAPS employees go to "work" for spammers doing "list-washing". And of course, if the companies refuse...
Rich Kulawiec admires Terranson
Terranson is being sued for defamation
Terranson and Poortinga are being sued for making false claims about CAN-SPAM
compliance.
http://www.zoominfo.com/directory/Terranson_Alif_-50061.htm
http://www.einvestigator.com/pi_directory/missouri.htm
Terranson seems to be working for UnitedForensics.com
March 22, 2002 18:09 EST A complaint was made to Orange County Online(OCO).
March 22, 2002 18:13 EST
OCO CTO Eric Monroe responds
Monroe suggests a block of their user.
March 22, 2002 18:20 EST Av8 puts in a block
So far, a fairly typical fast response to abuse complaints
March 22, 2002 20:33 EST JA Terranson of Savvis decides
to get involved
Terranson asserts that AV8 Open Relays are "root cause".
March 23, 2002 09:08 EST
AV8 (Anderson) responds to Terranson's claims
Anderson defends Open Relays, explains business purposes, notes ECPA violation
to block communications without permission.
March 25, 2002 11:33 EST Terranson responds
Threaten's to block Av8 internet. Says that ECPA doesn't apply, and will block
open relays "either way".
March 25, 2002 11:39 EST Av8 refuses to stop open relay, queries intentions
March 25, 2002 13:26 EST Av8 Responds in detail to threatening message from Terranson
March 25, 2002 13:59 EST Sales Rep questions Terranson
March 25, 2002 17:13 EST Anderson provides background information on Open Relays
March 25, 2002 18:03 EST
Sales Rep responds to Anderson
This includes a response from Terranson on Open Relays. It mirrors the arguments
raised during the subsequent legal conferences.
March 25, 2002, AV8 contacts its attorney.
March 26, 2002 13:22 EST Lane Blumenfeld, Acting General Counsel & Vice President responds, and indicates that Savvis legal is looking into the issues.
Attorney Choi is a Savvis staff attorney assigned to handle the case representing Savvis. Attorney McHale is an attorney with a reputable law firm in Boston hired to represent Av8 Internet. After a series of faxes, several conference calls are arranged to establish the facts of the dispute. [Anderson reports that these conference calls were extremely gratifying, because, unlike debates on email lists, the losers can't fall back on name-calling, and then refusing further participation in civil argument. One can never really win an email debate, because no matter how wrong people are shown or proven to be, they never admit fault. But these conference calls were conducted by the lawyers, who required their clients to answer questions honestly, and did not permit them to refuse questions.]
After some preliminaries are out of the way, Anderson outlines the business purposes of Open Relays and techniques used to detect and prevent abuse. Terranson makes a series of claims about Open Relays. Terranson claims that Open Relays permit anonymous spam, and describes Open Relays as enabling untraceable email, and makes other claims typical of anti-open-relay zealots. Anderson refutes these claims, and Terranson has to admit that his description had no relevance to AV8 Open Relay operations and that Open Relays offer no benefits or "donations" to spammers, and that authorized use by AV8 customers is not abuse, etc. Unable to evade the civil questions, Terranson is forced to acknowledge these facts.The flaws in the his assertions are exposed; Terranson is proved wrong and, essentially, has to admit it. Next on the agenda is the ECPA violation. This is a very short discussion as there is no dispute. Unlike Terranson, Attorney Choi does not assert that Savvis is not subject to the ECPA. AV8 asserts that Savvis has no permission to block non-spam communications. Attorney Choi then made an assurance that Savvis would not violate the ECPA and that it would not block Av8 Internet's Open Relays, and asked Av8 Internet to remain a customer of Savvis. Savvis subsequently paid Av8 Internet's legal expenses.
However AV8 Internet, exercising its rights under a threat of breach of contract, canceled the contract. This was possible because of the threat made by Terranson on March 25 to breach the contract and block AV8 Internet. Even though Savvis' lawyers were involved quickly, it was already too late for Savvis to save the contract. AV8 had a T3 through Savvis. Savvis had to pay AV8's legal expenses, and then take the loss of a T3 customer. The lesson here for telecommunications managers is that a rogue system administrator can do a great deal of damage in a very short time with unlawful threats based only on over-zealous, radical views.
April 8, 2002 Gerda Julien Major Account Manager contacts
AV8
Julien wants to repair the business relationship..
November 18, 2003 Terranson misrepresents this incident on SPAM-L.
February 10, 2004
Terranson defames Av8 Internet
Terranson accuses Av8 Internet of having hijacked IP Address space (see SORBS)
http://www.merit.edu/mail.archives/nanog/2003-03/msg00229.html
Terranson talks about "authoritative bodies"