http://news.com.com/TorrentSpy+ruling+a+weapon+of+mass+discovery/2100-1030_3-6190900.html By Greg Sandoval Staff Writer, CNET News.com June 14, 2007 news analysis - It was a pro-copyright ruling that stunned nearly everyone dealing with the issue of online piracy. In a decision reported late Friday by CNET News.com, a federal judge in Los Angeles found (PDF) [1] that a computer server's RAM, or random-access memory, is a tangible document that can be stored and must be turned over in a lawsuit. If allowed to stand, the groundbreaking ruling may mean that anyone defending themselves in a civil suit could be required to turn over information in their computer's RAM hardware, which could force companies and individuals to store vast amounts of data, say technology experts. Roaming the Web anonymously was already nearly impossible. This ruling, which brings up serious privacy issues, could make it a lot harder. "I think that people's fears about a potential invasion of privacy are quite warranted," said Ken Withers, director of judicial education at The Sedona Conference, an independent research group. "The fear is that we're putting in the hands of private citizens and particularly well-financed corporations the same tools that heretofore were exclusively in the hands of criminal prosecutors, but without the sort of safeguards that criminal prosecutors have to meet, such as applying for search warrants." U.S. Magistrate Judge Jacqueline Chooljian issued the decision while presiding over a court fight between the film industry and TorrentSpy, which is accused of copyright infringement in a lawsuit filed last year by the Motion Picture Association of America. Following her decision, Chooljian ordered TorrentSpy to begin logging user information and allowed the company to mask the Internet Protocol addresses belonging to visitors of the Web site. TorrentSpy must then turn the data over to the MPAA. The judge stayed the order pending an appeal, which the company filed on Tuesday. It's not clear when the appeal will be heard. The question now, of course, is whether Chooljian's ruling will hold up legally or technically. From a legal standpoint, Withers said he feared the judge's decision may mean a "tremendous expansion" of the scope of discovery in civil litigation. The trend in the courts lately has been to create what Withers called "weapons of mass discovery." Discovery is the legal process by which lawyers obtain documents and other materials to help defend their case. He also said that the judge's order for a defendant (TorrentSpy) to create logs of user activity so they can be turned over to a plaintiff (MPAA) is unprecedented. "There's never been a requirement that (defendants) must create documents that they wouldn't ordinarily maintain for the purpose of satisfying some (plaintiff's) discovery requests," said Withers. But on the technical side, Dean McCarron, principle analyst at Mercury Research, said the judge erred by defining volatile computer memory as "electronically stored information." RAM is a computer's ephemeral and temporary memory that helps it access data quickly. Think of RAM as the yellow post-it notes that people keep to remind themselves of tasks. Once completed, the note is tossed out. Data in a computer's hard drive is stored permanently and is more like filing documents away in a cabinet. "RAM is the working storage of a computer and designed to be impermanent," McCarron said. "Potentially your RAM is being modified up to several billions of times a second. The judge's order simply reveals to me a lack of technical understanding." A "tap" can be installed in a server, McCarron offered. But that means keeping a running log of IP addresses and other information. A tap would also require a company to store enormous amounts of data, an expensive process, he said. But lawyers who represent copyright holders cheered Chooljian's decision. "Unfortunately for TorrentSpy, Judge Chooljian's decision may herald the end of an era," Richard Charnley, a Los Angeles-based attorney, said in a statement. "The process, if affirmed, will expose TorrentSpy's viewer-users and, in turn, will allow the MPAA to close another avenue of intellectual property abuse." Lauren Nguyen, an MPAA attorney, maintains that because TorrentSpy is allowed to redact IP addresses, nobody's privacy is in jeopardy. "The user privacy argument is simply a red herring," Nguyen said. She also said that the judge "broke no new ground in the case." The courts have long considered computer RAM as "electronically stored information," she said. To understand the significance of the decision, one must consider that many Web sites promise to keep users' information private. Some, like TorrentSpy, do this by switching off their servers' logging function, which typically records visitors' IP addresses as well as their activity on the site. While protecting its users' privacy, TorrentSpy also makes it easier for those who download pirated material to work in the shadows, MPAA's attorneys argued. The MPAA has estimated that the illegal downloading of copyright movies costs the six largest U.S. studios more than $2 billion annually. To prove that TorrentSpy was making it easier to share files, the studios told Chooljian that it was necessary that they obtain records of user activity. They convinced her that the only way to do this was to obtain the data from RAM. Ultimately, pulling user information off a server's RAM might be a bigger privacy problem than it's worth, said one file sharer, who asked to remain anonymous. "To imagine my information being disseminated without my written or verbal consent is unnerving," she said. "Then again, if I'm doing something I know is illegal, can I protest?" [1] http://i.i.com.com/cnwk.1d/pdf/ne/2007/Torrentspy.pdf _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jun 14 2007 - 23:46:36 PDT