-
June 15th, 2007, 11:04 PM
#1
US ruling makes server RAM a 'document'?
US ruling makes server RAM a 'document'?
news analysis A federal judge in Los Angeles last week ruled (PDF) that a computer server's RAM, or random-access memory, is a tangible document that can be stored and must be turned over in a lawsuit.
If allowed to stand, the groundbreaking ruling may mean that anyone defending themselves in a civil suit could be required to turn over information in their computer's RAM hardware, which could force companies and individuals to store vast amounts of data, say technology experts. Roaming the Web anonymously was already nearly impossible. This ruling, which brings up serious privacy issues, could make it a lot harder.
"I think that people's fears about a potential invasion of privacy are quite warranted," said Ken Withers, director of judicial education at The Sedona Conference, an independent research group. "The fear is that we're putting in the hands of private citizens and particularly well-financed corporations the same tools that heretofore were exclusively in the hands of criminal prosecutors, but without the sort of safeguards that criminal prosecutors have to meet, such as applying for search warrants."
U.S. Magistrate Judge Jacqueline Chooljian issued the decision while presiding over a court fight between the film industry and TorrentSpy, which is accused of copyright infringement in a lawsuit filed last year by the Motion Picture Association of America. Following her decision, Chooljian ordered TorrentSpy to begin logging user information and allowed the company to mask the Internet Protocol addresses belonging to visitors of the Web site. TorrentSpy must then turn the data over to the MPAA. The judge stayed the order pending an appeal, which the company filed on Tuesday. It's not clear when the appeal will be heard.
The question now, of course, is whether Chooljian's ruling will hold up legally or technically. From a legal standpoint, Withers said he feared the judge's decision may mean a "tremendous expansion" of the scope of discovery in civil litigation. The trend in the courts lately has been to create what Withers called "weapons of mass discovery." Discovery is the legal process by which lawyers obtain documents and other materials to help defend their case.
He also said that the judge's order for a defendant (TorrentSpy) to create logs of user activity so they can be turned over to a plaintiff (MPAA) is unprecedented.
"There's never been a requirement that (defendants) must create documents that they wouldn't ordinarily maintain for the purpose of satisfying some (plaintiff's) discovery requests," said Withers.
But on the technical side, Dean McCarron, principle analyst at Mercury Research, said the judge erred by defining volatile computer memory as "electronically stored information."
RAM is a computer's ephemeral and temporary memory that helps it access data quickly. Think of RAM as the yellow post-it notes that people keep to remind themselves of tasks. Once completed, the note is tossed out. Data in a computer's hard drive is stored permanently and is more like filing documents away in a cabinet.
"RAM is the working storage of a computer and designed to be impermanent," McCarron said. "Potentially your RAM is being modified up to several billions of times a second. The judge's order simply reveals to me a lack of technical understanding."
A "tap" can be installed in a server, McCarron offered. But that means keeping a running log of IP addresses and other information. A tap would also require a company to store enormous amounts of data, an expensive process, he said.
But lawyers who represent copyright holders cheered Chooljian's decision.
"Unfortunately for TorrentSpy, Judge Chooljian's decision may herald the end of an era," Richard Charnley, a Los Angeles-based attorney, said in a statement. "The process, if affirmed, will expose TorrentSpy's viewer-users and, in turn, will allow the MPAA to close another avenue of intellectual property abuse."
Lauren Nguyen, an MPAA attorney, maintains that because TorrentSpy is allowed to redact IP addresses, nobody's privacy is in jeopardy. "The user privacy argument is simply a red herring," Nguyen said. She also said that the judge "broke no new ground in the case." The courts have long considered computer RAM as "electronically stored information," she said.
To understand the significance of the decision, one must consider that many Web sites promise to keep users' information private. Some, like TorrentSpy, do this by switching off their servers' logging function, which typically records visitors' IP addresses as well as their activity on the site.
While protecting its users' privacy, TorrentSpy also makes it easier for those who download pirated material to work in the shadows, MPAA's attorneys argued. The MPAA has estimated that the illegal downloading of copyright movies costs the six largest U.S. studios more than $2 billion annually.
To prove that TorrentSpy was making it easier to share files, the studios told Chooljian that it was necessary that they obtain records of user activity. They convinced her that the only way to do this was to obtain the data from RAM.
Ultimately, pulling user information off a server's RAM might be a bigger privacy problem than it's worth, said one file sharer, who asked to remain anonymous.
"To imagine my information being disseminated without my written or verbal consent is unnerving," she said. "Then again, if I'm doing something I know is illegal, can I protest?"
*Sorry. I lost the source. I will come back and add it in.*
HahAHhaHAHhaHA!!1
-
June 16th, 2007, 12:31 AM
#2
Hi, DISLEX,
Shouldn't this be in "Technical Humour"............. or maybe your CMOS RTC battery needs changing because it isn't April Fool's Day?
The issue is very simple, as stated in this paragraph:
To understand the significance of the decision, one must consider that many Web sites promise to keep users' information private. Some, like TorrentSpy, do this by switching off their servers' logging function, which typically records visitors' IP addresses as well as their activity on the site.
Many sites keep logs of visitor activity and the like...........most ISPs for example. This has absolutely nothing to do with RAM. Hell, if RAM is an "electronic document" then so is the cache memory on your processor?
So how could this bullcrap even get presented in a court, let alone accepted?
Makes me seriously wonder if these people actually passed through any sort of educational system?
-
June 16th, 2007, 07:32 AM
#3
Is it even technically possible to capture and store all the data that
passes through any given computer? That's going to be difficult on
a large scale, and prohibitively expensive it seems to me. In other
respects, his ruling regarding RAM is "old hat." RAM, and the accompanying
swapfile, is routinely an object of computer forensics, and as such,
submitted as legal documentation.
Those poor idiots at the MPAA. For the life of me, I will never understand
why they've never committed to a PR and advertising campaign addressing
the inherent quality problems with downloads. Anyone ever played
an MP3 on hi-fi equipment? Sounds like an old 8-track (ugh). And
700mb AVI's hardly do justice to high-definition video equipment.
Too bad the MPAA doesn't rep the pr0n industry. Computer pr0n would've never made it out of Pandora's Box.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
June 16th, 2007, 12:39 PM
#4
Hi brokencrow, I certainly wouldn't let you sign any Indian treaties on my tribe's behalf!!!
Is it even technically possible to capture and store all the data that
passes through any given computer? That's going to be difficult on
a large scale, and prohibitively expensive it seems to me.
You have fallen straight into the lawyers and other fork-tongued reptiles' trap.
Logging mechanisms already exist, and mostly ship in the box with the applications software. The real issues here are very simple:
1. Should these organisations be legally obliged to have the logging turned on?
2. What should they be obliged to record?
3. How long should they hold these records for?
4. Who should have access to them, and under what circumstances?
5. Who should pay for it all?
In other respects, his ruling regarding RAM is "old hat." RAM, and the accompanying swapfile, is routinely an object of computer forensics, and as such, submitted as legal documentation.
SHE, like many others in the US legal system seem to have been watching too many episodes of CSI and NCIS.
Dr. Peter Gutmann wrote his computer forensics paper some 10 years ago. It is based on old technology, and at best has never advanced any further than a simplistic "proof of concept" in tightly controlled laboratory conditions.
In reality, magnetic remnance, track overlay and transistor memory retention are still in the realms of the imaginations of CSI/NCIS episode scriptwriters. They are well beyond the budgets of the MPAA/RIAA and all "normal" law enforcement agencies.
Now, let's look at the "law"?
1. There are no cases of any lawsuits being brought using any of this technology.............not anywhere.
2. There are definitions of "acceptable" and "contaminated" for HDD contents in most technological countries? Otherwise your evidence is inadmissible.
3. There are no "acceptable standards and procedures" for RAM, CPU cache, EEPROM or whatever forensic data collection.
Basically, MR, TO, and RAM memory analysis are one time destructive processes.............. try and get your DA to go with that?
I think that the MPAA/RIAA need me as a retained consultant............ Although I am $100,000 a week, I know the difference between IT and a 9mm Parabellum when it comes to costing analyses.
Get me the job and I will cut you in for the usual agent's fee
-
June 17th, 2007, 10:39 PM
#5
The idea of recording ALL data that passes through a computer is rediculous. Take this website alone. You would then have to store several different versions of every single thread, one for each time you view it. A gaming PC like mine would be a nightmare. Of course that is thinking "home PC" not "server" which will already log most of the data going through it, part of being a server.
What the RIAA and so on really seem to be missing is that most downloaded stuff would not be bought. If you took away downloads we would just live without it. The other one - the idea that people would pay for a pirate copy of a film that was recorded using a camera in the cinema, I'm willing to bet that most people would only do it once.
As for CSI - I personally love when they take a low definiton CCTV frame, zoom in on a pixel then use the magic enhancement button to resolve it into a car number plate in about 3 seconds.
If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.
-
June 18th, 2007, 06:46 PM
#6
-
June 18th, 2007, 09:57 PM
#7
I can just imagine how this is going to go :
MPAA : Hi, we're here to confiscate your RAM for analysis
Victim : OK, let me power-down my server so you can get it out
*Victim turns over RAM, and MPAA puts it into whatever device they plan on analyzing it with*
MPAA :But...but...it's all blank
Victim : Duh....
You would think by now, after all the computer forensics and such they've been through, the MPAA would realize that this was a completely boneheaded move. Just a waste of time and tax-payers money. This is the definition of frivilous.
-
June 19th, 2007, 11:56 AM
#8
yes, but then you get the genius who decides that to get round this he will pull the RAM while its on. Then you get torrentspy reversing the lawsuit and suing for lost business and replacement hardware. woohoo.
If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.
-
June 19th, 2007, 04:44 PM
#9
Aard : not to mention the cost of replacing the smoke
-
June 21st, 2007, 06:17 PM
#10
The appeal makes interesting (and lengthy!) reading: http://www.techfirm.com/serverlogappeal.pdf
I guess it's a matter of "watch this space".
Similar Threads
-
By Tiger Shark in forum The Security Tutorials Forum
Replies: 0
Last Post: October 7th, 2004, 07:18 PM
-
By Tiger Shark in forum Network Security Discussions
Replies: 11
Last Post: August 24th, 2004, 12:59 AM
-
By phishphreek in forum Other Tutorials Forum
Replies: 0
Last Post: May 25th, 2004, 04:30 AM
-
By One Who Watches in forum AntiOnline's General Chit Chat
Replies: 4
Last Post: July 20th, 2003, 11:09 AM
-
By ntsa in forum Other Tutorials Forum
Replies: 3
Last Post: October 5th, 2002, 04:48 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|