[ISN] TorrentSpy ruling a 'weapon of mass discovery'

From: InfoSec News (alerts@private)
Date: Thu Jun 14 2007 - 23:26:09 PDT


http://news.com.com/TorrentSpy+ruling+a+weapon+of+mass+discovery/2100-1030_3-6190900.html

By Greg Sandoval
Staff Writer, CNET News.com
June 14, 2007

news analysis - It was a pro-copyright ruling that stunned nearly everyone
dealing with the issue of online piracy.

In a decision reported late Friday by CNET News.com, a federal judge in Los
Angeles found (PDF) [1] that a computer server's RAM, or random-access memory,
is a tangible document that can be stored and must be turned over in a lawsuit.

If allowed to stand, the groundbreaking ruling may mean that anyone defending
themselves in a civil suit could be required to turn over information in their
computer's RAM hardware, which could force companies and individuals to store
vast amounts of data, say technology experts. Roaming the Web anonymously was
already nearly impossible. This ruling, which brings up serious privacy issues,
could make it a lot harder.

"I think that people's fears about a potential invasion of privacy are quite
warranted," said Ken Withers, director of judicial education at The Sedona
Conference, an independent research group. "The fear is that we're putting in
the hands of private citizens and particularly well-financed corporations the
same tools that heretofore were exclusively in the hands of criminal
prosecutors, but without the sort of safeguards that criminal prosecutors have
to meet, such as applying for search warrants."

U.S. Magistrate Judge Jacqueline Chooljian issued the decision while presiding
over a court fight between the film industry and TorrentSpy, which is accused of
copyright infringement in a lawsuit filed last year by the Motion Picture
Association of America. Following her decision, Chooljian ordered TorrentSpy to
begin logging user information and allowed the company to mask the Internet
Protocol addresses belonging to visitors of the Web site. TorrentSpy must then
turn the data over to the MPAA. The judge stayed the order pending an appeal,
which the company filed on Tuesday. It's not clear when the appeal will be
heard.

The question now, of course, is whether Chooljian's ruling will hold up legally
or technically. From a legal standpoint, Withers said he feared the judge's
decision may mean a "tremendous expansion" of the scope of discovery in civil
litigation. The trend in the courts lately has been to create what Withers
called "weapons of mass discovery." Discovery is the legal process by which
lawyers obtain documents and other materials to help defend their case.

He also said that the judge's order for a defendant (TorrentSpy) to create logs
of user activity so they can be turned over to a plaintiff (MPAA) is
unprecedented.

"There's never been a requirement that (defendants) must create documents that
they wouldn't ordinarily maintain for the purpose of satisfying some
(plaintiff's) discovery requests," said Withers.

But on the technical side, Dean McCarron, principle analyst at Mercury Research,
said the judge erred by defining volatile computer memory as "electronically
stored information."

RAM is a computer's ephemeral and temporary memory that helps it access data
quickly. Think of RAM as the yellow post-it notes that people keep to remind
themselves of tasks. Once completed, the note is tossed out. Data in a
computer's hard drive is stored permanently and is more like filing documents
away in a cabinet.

"RAM is the working storage of a computer and designed to be impermanent,"
McCarron said. "Potentially your RAM is being modified up to several billions of
times a second. The judge's order simply reveals to me a lack of technical
understanding."

A "tap" can be installed in a server, McCarron offered. But that means keeping a
running log of IP addresses and other information. A tap would also require a
company to store enormous amounts of data, an expensive process, he said.

But lawyers who represent copyright holders cheered Chooljian's decision.

"Unfortunately for TorrentSpy, Judge Chooljian's decision may herald the end of
an era," Richard Charnley, a Los Angeles-based attorney, said in a statement.
"The process, if affirmed, will expose TorrentSpy's viewer-users and, in turn,
will allow the MPAA to close another avenue of intellectual property abuse."

Lauren Nguyen, an MPAA attorney, maintains that because TorrentSpy is allowed to
redact IP addresses, nobody's privacy is in jeopardy. "The user privacy argument
is simply a red herring," Nguyen said. She also said that the judge "broke no
new ground in the case." The courts have long considered computer RAM as
"electronically stored information," she said.

To understand the significance of the decision, one must consider that many Web
sites promise to keep users' information private. Some, like TorrentSpy, do this
by switching off their servers' logging function, which typically records
visitors' IP addresses as well as their activity on the site.

While protecting its users' privacy, TorrentSpy also makes it easier for those
who download pirated material to work in the shadows, MPAA's attorneys argued.
The MPAA has estimated that the illegal downloading of copyright movies costs
the six largest U.S. studios more than $2 billion annually.

To prove that TorrentSpy was making it easier to share files, the studios told
Chooljian that it was necessary that they obtain records of user activity. They
convinced her that the only way to do this was to obtain the data from RAM.

Ultimately, pulling user information off a server's RAM might be a bigger
privacy problem than it's worth, said one file sharer, who asked to remain
anonymous.

"To imagine my information being disseminated without my written or verbal
consent is unnerving," she said. "Then again, if I'm doing something I know is
illegal, can I protest?"

[1] http://i.i.com.com/cnwk.1d/pdf/ne/2007/Torrentspy.pdf


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Thu Jun 14 2007 - 23:46:36 PDT