TorrentSpy Must Preserve Data In RAM For MPAA

Transient writes "Reaffirming a magistrate's earlier decision, a federal judge has ordered TorrentSpy to begin keeping server logs as it defends itself against an MPAA lawsuit. In her opinion, Judge Florence-Marie Cooper interpreted federal discovery rules broadly. ' Judge Cooper took issue with TorrentSpy's argument that data in RAM is not "stored." She noted RAM's function as primary storage and that the storage of data in RAM — even if not permanently archived — makes it electronically stored information governed by federal discovery rules.' Given that TorrentSpy has limited access for users in the US, the ruling may be moot. But it does set a precedent for other, similar cases. 'Under this interpretation, any data stored in RAM could be subject to a subpoena, as at a basic level it is a "medium from which information can be obtained" just like a hard drive. '"

Re:Put down the crack pipe and pick up a book

[BJZQ8]

That's unfortunately part of the problem. I've dealt with plenty of "justice" people, from District Attorneys to Police Officers, that think they know what technology is all about. This judge is confident in her understanding of how computers work, and no justice-evading "thief" is going to outsmart HER. I'll bet the judge can't even program her VCR.

Re:Soo....

[MontyApollo]

I think the basic argument is that Torrentspy is saying they can't provide IP addresses because they don't log them, and the judge is saying if they are in RAM then discovery applies and they are required to log them since RAM is discoverable. Basically the judge is tellling them to log the IP addresses and that the argument that they are only stored in RAM is not a valid legal excuse.

Re:Evidence destruction ?

[sholden]

#include <stdio.h>
int main() {
        char buf[255];
        puts("Enter something:");
        fgets(buf, sizeof(buf), stdin);
        return strlen(buf);
}

where on the disk did the contents of buf get stored (assuming we have no virtual memory)?

Re:Evidence destruction ?

[SethJohnson]

does it not also have to exist on the hard drive in some fashion also

Nope. The ram info can be anything that's taking place during the operation of software. For instance, the x,y coordinates of your mouse pointer. In the case of the TorrentSpy server, it would be inbound http requests and their source IP addresses. The TortrentSpy admins have apparently configured their HTTP server to not log these requests to files on the hard drive. The MPAA is trying another approach for gathering this information by court order. Good luck.

Seth

It's not the DIMM's being subpoena'd

[Conspicuous Coward]

The commentary on this article is extremely misleading. The judge in this case has ruled that because Torrentspy can log the IP's of requests to the server it must do so and hand them over to the court. This is absolutely not about the judge misunderstanding the nature of RAM and ordering them to hand over a bunch of DIMM's, yes judges can be technically ignorant but the courts are not stupid either you know. The judge is saying that because this data can be stored it must be. This actual ruling is of course far, far more disturbing than any technical ignorance could be, as it requires torrentspy to effectively spy on their users on behalf of the MPAA, something which should surely be illegal in itself, nevermind mandated by a court of law.

Re:Soo....

[darkmeridian]

The judge explicitly narrowed the ruling to apply only to a party to a litigation only for the pendency of the court action. Such a ruling is akin to the obligation parties to a litigation have to maintain relevant documents -- even suspending their document retention policies, if necessary. The entire rule of preservation is motivated by fair play.

If this turns out to be expensive, TorrentSpy can make the MPAA pay for it. I'm not going to guess how probable that would be, but the option is certainly there to have the MPAA pay a few bucks for worthless IP information.

Re:Bah, move the servers offshore.

[hardburn]

According to United Nations Convention on the Law of the Sea [wikipedia.org], passed in 1982, does not allow artificial islands to become sovereign nations. Sealand may have a valid claim to sovereignty before 1982, but any new attempts at creating a new nation will have to be based on a natural land mass.

Enforcibility and Burden

[rebmemeR]

Requiring RAM info to be logged and surrendered is analogous to requiring a company to use video to record all work conversations/activities and to turn the tapes over to a litigious competitor. Recording all such conversations would place a huge operational burden on a company, and what might the competitors do with that information? Would it be a crime to have a conversation, or move a chair, if the recorder weren't turned on? The judge does not understand computer technology or the practicalities of enforcing media IP rights. Despite massive litigation by the MPAA, ultimately the judicial system had to allow VCR recording for personal use, because, among other reasons, it is unregulatable. And when a judicial system overreaches, it loses credibility in all domains.

Re:Bah, move the servers offshore.

[Teun]

A rather stupid question I would say.
You need to care for the rules of the UN as you are bound by the laws of your present nation.
As most nations, with the USofA in a leading role, have signed up to international treaties giving the United Nations it's power you are bound to follow the lead of your government.

So the trick is to first become a national of a country that does not recognise the powers of the UN and then start your own Offshore Platform nation.

Re:White Board

[Tim C]

It's great, except that the court just ordered them to make a copy of (or otherwise accurately preserve) that whiteboard.

They are not saying "produce the contents of the RAM from such-and-such a date", they're saying "this would have been evidence that could have been subpoenaed had it been preserved, so in future you will preserve it so that we can subpoena it if necessary".

Re:SSL Keys

[TubeSteak]

What is worrying me is this: I visit some website at a HTTPS url or I login somewhere using ssh. Later the cops say "give us the SSL keys for that exchange"... But because I ought to know that the SSL keys might be of interest - I should have kept them

No.

There is no obligation for you to store/save/retain anything until after the police or a lawyer tells you that it is of interest.

This is one of the reason why businesses setup data retention policies such that after X days, [information] is shredded or wiped. That way, when they get sued or investigated, they can honestly say "we don't have it and we aren't obstructing justice because our policy is to scrap [information] after X days."

Just because you could save [information], but never have, doesn't mean you are somehow liable for not doing so.

Hippie FUD

[Anonymous Coward]

Newsflash 2008, the Amazon is being deforested to keep up with the sudden increase in demand for paper.

Actually, no. Not at all. We get almost all of our paper from "tree farms" in the Pacific North West: Washington, Oregon, etc. The rest comes from Canada. As our need for paper increases, tree farmers plant more trees. Simple economics. There are more trees on the planet now than in the 1800s. Logging in the Amazon is very strictly controlled and licensed to have minimal impact on the environment. Of the ~100,000 sq km of forest lost between 2000 and 2005, only 3% was was from logging, more than half of which was illegal, and most of that 3%'s worth of lumber stayed in the country (so that's only ~1100 sq mi, ~600 sq mi of which was illegal, and most of it all stayed in the country).

The other 97% of deforestation is due to the locals and the Brazilian government. ~60% cattle ranches, ~30-33% agriculture (~30% subsistence, ~1-3% commercial), and ~3% urbanization. (I found a pretty good link here, which has a nice pie graph, which is where I'm pulling these numbers since I'm not at my home computer with all my bookmarks: http://www.mongabay.com/brazil.html [mongabay.com])

So anyway, stop blindly believing hippie FUD from the the 60s and do a few minutes' worth of research on Google. Shit, I just looked at the wikipedia article and even they have a pretty good section on Amazon deforestation. So yeah, go ahead and use all the paper you want, it's actually GOOD for the environment and has been for the better part of a century. (Oh, and totally unrelated, but if you're still believing the hippie FUD about nuclear power, you'll want to do research on that too. :p)

Re:Um, isn't this some pretty heavy spin???

[Anonymous Coward]

However, the judgment was written in a very broad fashion - broad to the point that nowhere is it mentioned to "just turn on the damn logging". Instead, it is a ruling that states that data in RAM is governed by federal discovery rules, and as a result, needs to be preserved.

The reason is that the judge cannot legally compel someone to generate a new document (such as a summary report or a log file) that they are not already producing. So instead, he has issued the order in a way that is arguably legal but technically impossible unless the defendant waives those rights (in fact it is technically impossible EVEN if the defendant waives those rights but the MPAA has graciously conceded to looking the other way for now...).

I'm really interested to see what this does to SarbOx or any future litigation. Even if it has no impact whatsoever on SarbOx, imagine the effect on any company of being ordered not to destroy any records during the course of a proceeding. Aside from Microsoft cases going a lot faster, even the smallest oil spill could cripple an oil company indefinitely ("...and the contents of the A registers of the pressure controllers for pumping station XXX, effective immediately").

Re:so hand them a stick of RAM

[Technician]

strangely, the way I see the law, the judge is right on this. just because it is volatile, does not mean it is any less incriminating.

The way I see it is it is entirely impractical. Take for example the Judge's Cell Phone or Fax Machine. Both buffer and convert digital to analog and analog to digital. Care to impliment a way to permanantly capture and record all data transversing the RAM in these devices. Capturing the transient data in a server memory is equaly burdensome and useless.

If you want tetrabytes of useless data, capture all the data in just my video card memory while I play a round of Unreal. Re-constituting that data into anything useful is an exersise in futility. Same applies to random data in a server's RAM. Sifting incriminating evidence from a stream of server RAM without the CPU pointers for all the reads, writes, terminal, NIC, DMA, interrupts, and predictive branching makes a useless heap of data to sift. What data belongs to what user?, process? port? Add in some virtual environments, SSL, and more and the data heap gets big fast. What app points to what string? Who owns what app, process, or data? Good luck.