Results 1 to 10 of 10

Thread: US ruling makes server RAM a 'document'?

  1. #1
    Senior Member
    Join Date
    Oct 2001
    Location
    Texas!
    Posts
    271

    Exclamation US ruling makes server RAM a 'document'?

    US ruling makes server RAM a 'document'?


    news analysis A federal judge in Los Angeles last week ruled (PDF) that a computer server's RAM, or random-access memory, is a tangible document that can be stored and must be turned over in a lawsuit.

    If allowed to stand, the groundbreaking ruling may mean that anyone defending themselves in a civil suit could be required to turn over information in their computer's RAM hardware, which could force companies and individuals to store vast amounts of data, say technology experts. Roaming the Web anonymously was already nearly impossible. This ruling, which brings up serious privacy issues, could make it a lot harder.

    "I think that people's fears about a potential invasion of privacy are quite warranted," said Ken Withers, director of judicial education at The Sedona Conference, an independent research group. "The fear is that we're putting in the hands of private citizens and particularly well-financed corporations the same tools that heretofore were exclusively in the hands of criminal prosecutors, but without the sort of safeguards that criminal prosecutors have to meet, such as applying for search warrants."

    U.S. Magistrate Judge Jacqueline Chooljian issued the decision while presiding over a court fight between the film industry and TorrentSpy, which is accused of copyright infringement in a lawsuit filed last year by the Motion Picture Association of America. Following her decision, Chooljian ordered TorrentSpy to begin logging user information and allowed the company to mask the Internet Protocol addresses belonging to visitors of the Web site. TorrentSpy must then turn the data over to the MPAA. The judge stayed the order pending an appeal, which the company filed on Tuesday. It's not clear when the appeal will be heard.

    The question now, of course, is whether Chooljian's ruling will hold up legally or technically. From a legal standpoint, Withers said he feared the judge's decision may mean a "tremendous expansion" of the scope of discovery in civil litigation. The trend in the courts lately has been to create what Withers called "weapons of mass discovery." Discovery is the legal process by which lawyers obtain documents and other materials to help defend their case.

    He also said that the judge's order for a defendant (TorrentSpy) to create logs of user activity so they can be turned over to a plaintiff (MPAA) is unprecedented.

    "There's never been a requirement that (defendants) must create documents that they wouldn't ordinarily maintain for the purpose of satisfying some (plaintiff's) discovery requests," said Withers.

    But on the technical side, Dean McCarron, principle analyst at Mercury Research, said the judge erred by defining volatile computer memory as "electronically stored information."

    RAM is a computer's ephemeral and temporary memory that helps it access data quickly. Think of RAM as the yellow post-it notes that people keep to remind themselves of tasks. Once completed, the note is tossed out. Data in a computer's hard drive is stored permanently and is more like filing documents away in a cabinet.

    "RAM is the working storage of a computer and designed to be impermanent," McCarron said. "Potentially your RAM is being modified up to several billions of times a second. The judge's order simply reveals to me a lack of technical understanding."

    A "tap" can be installed in a server, McCarron offered. But that means keeping a running log of IP addresses and other information. A tap would also require a company to store enormous amounts of data, an expensive process, he said.

    But lawyers who represent copyright holders cheered Chooljian's decision.

    "Unfortunately for TorrentSpy, Judge Chooljian's decision may herald the end of an era," Richard Charnley, a Los Angeles-based attorney, said in a statement. "The process, if affirmed, will expose TorrentSpy's viewer-users and, in turn, will allow the MPAA to close another avenue of intellectual property abuse."

    Lauren Nguyen, an MPAA attorney, maintains that because TorrentSpy is allowed to redact IP addresses, nobody's privacy is in jeopardy. "The user privacy argument is simply a red herring," Nguyen said. She also said that the judge "broke no new ground in the case." The courts have long considered computer RAM as "electronically stored information," she said.

    To understand the significance of the decision, one must consider that many Web sites promise to keep users' information private. Some, like TorrentSpy, do this by switching off their servers' logging function, which typically records visitors' IP addresses as well as their activity on the site.

    While protecting its users' privacy, TorrentSpy also makes it easier for those who download pirated material to work in the shadows, MPAA's attorneys argued. The MPAA has estimated that the illegal downloading of copyright movies costs the six largest U.S. studios more than $2 billion annually.

    To prove that TorrentSpy was making it easier to share files, the studios told Chooljian that it was necessary that they obtain records of user activity. They convinced her that the only way to do this was to obtain the data from RAM.

    Ultimately, pulling user information off a server's RAM might be a bigger privacy problem than it's worth, said one file sharer, who asked to remain anonymous.

    "To imagine my information being disseminated without my written or verbal consent is unnerving," she said. "Then again, if I'm doing something I know is illegal, can I protest?"
    *Sorry. I lost the source. I will come back and add it in.*




    HahAHhaHAHhaHA!!1

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi, DISLEX,

    Shouldn't this be in "Technical Humour"............. or maybe your CMOS RTC battery needs changing because it isn't April Fool's Day?

    The issue is very simple, as stated in this paragraph:

    To understand the significance of the decision, one must consider that many Web sites promise to keep users' information private. Some, like TorrentSpy, do this by switching off their servers' logging function, which typically records visitors' IP addresses as well as their activity on the site.
    Many sites keep logs of visitor activity and the like...........most ISPs for example. This has absolutely nothing to do with RAM. Hell, if RAM is an "electronic document" then so is the cache memory on your processor?

    So how could this bullcrap even get presented in a court, let alone accepted?

    Makes me seriously wonder if these people actually passed through any sort of educational system?

  3. #3
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Is it even technically possible to capture and store all the data that
    passes through any given computer? That's going to be difficult on
    a large scale, and prohibitively expensive it seems to me. In other
    respects, his ruling regarding RAM is "old hat." RAM, and the accompanying
    swapfile, is routinely an object of computer forensics, and as such,
    submitted as legal documentation.

    Those poor idiots at the MPAA. For the life of me, I will never understand
    why they've never committed to a PR and advertising campaign addressing
    the inherent quality problems with downloads. Anyone ever played
    an MP3 on hi-fi equipment? Sounds like an old 8-track (ugh). And
    700mb AVI's hardly do justice to high-definition video equipment.

    Too bad the MPAA doesn't rep the pr0n industry. Computer pr0n would've never made it out of Pandora's Box.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi brokencrow, I certainly wouldn't let you sign any Indian treaties on my tribe's behalf!!!

    Is it even technically possible to capture and store all the data that
    passes through any given computer? That's going to be difficult on
    a large scale, and prohibitively expensive it seems to me.
    You have fallen straight into the lawyers and other fork-tongued reptiles' trap.

    Logging mechanisms already exist, and mostly ship in the box with the applications software. The real issues here are very simple:

    1. Should these organisations be legally obliged to have the logging turned on?
    2. What should they be obliged to record?
    3. How long should they hold these records for?
    4. Who should have access to them, and under what circumstances?
    5. Who should pay for it all?

    In other respects, his ruling regarding RAM is "old hat." RAM, and the accompanying swapfile, is routinely an object of computer forensics, and as such, submitted as legal documentation.
    SHE, like many others in the US legal system seem to have been watching too many episodes of CSI and NCIS.

    Dr. Peter Gutmann wrote his computer forensics paper some 10 years ago. It is based on old technology, and at best has never advanced any further than a simplistic "proof of concept" in tightly controlled laboratory conditions.

    In reality, magnetic remnance, track overlay and transistor memory retention are still in the realms of the imaginations of CSI/NCIS episode scriptwriters. They are well beyond the budgets of the MPAA/RIAA and all "normal" law enforcement agencies.

    Now, let's look at the "law"?

    1. There are no cases of any lawsuits being brought using any of this technology.............not anywhere.

    2. There are definitions of "acceptable" and "contaminated" for HDD contents in most technological countries? Otherwise your evidence is inadmissible.

    3. There are no "acceptable standards and procedures" for RAM, CPU cache, EEPROM or whatever forensic data collection.

    Basically, MR, TO, and RAM memory analysis are one time destructive processes.............. try and get your DA to go with that?

    I think that the MPAA/RIAA need me as a retained consultant............ Although I am $100,000 a week, I know the difference between IT and a 9mm Parabellum when it comes to costing analyses.

    Get me the job and I will cut you in for the usual agent's fee

  5. #5
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    The idea of recording ALL data that passes through a computer is rediculous. Take this website alone. You would then have to store several different versions of every single thread, one for each time you view it. A gaming PC like mine would be a nightmare. Of course that is thinking "home PC" not "server" which will already log most of the data going through it, part of being a server.

    What the RIAA and so on really seem to be missing is that most downloaded stuff would not be bought. If you took away downloads we would just live without it. The other one - the idea that people would pay for a pirate copy of a film that was recorded using a camera in the cinema, I'm willing to bet that most people would only do it once.

    As for CSI - I personally love when they take a low definiton CCTV frame, zoom in on a pixel then use the magic enhancement button to resolve it into a car number plate in about 3 seconds.
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmm,

    I had a chance to talk to someone today who is a lawyer turned politician (a British MP)............... yes, I know, some people have reached rock bottom and started to dig

    He had some interesting ideas along these lines:

    1. TorrentSpy don't normally keep logs so this information is not "normally" available.
    2. The RAM does contain information, albeit briefly, so to get the courts to accept it as "electronically stored documentation" would mean that it would be classed as "normally stored information".
    3. All the MPAA had to do was find a judge either stupid or corrupt enough to go along with this reasoning.

    He commented that he did not believe that the argument would even be aired in a British court; but on presentation of a subpoena a simple memory dump at that point in time would suffice as compliance. Obviously, this information would be totally useless to the MPAA.

    The insidious bit is that the MPAA through their US judicial poodle are trying to force another private organisation to work for them at that organisation's expense.

    I can only hope that the same will happen to the MPAA as happened to that "financial genius" Nelson Bunker Hunt, when he tried to corner the World silver market..................sleeping giants were awoken................


  7. #7
    Senior Member
    Join Date
    Dec 2001
    Posts
    319
    I can just imagine how this is going to go :

    MPAA : Hi, we're here to confiscate your RAM for analysis
    Victim : OK, let me power-down my server so you can get it out

    *Victim turns over RAM, and MPAA puts it into whatever device they plan on analyzing it with*
    MPAA :But...but...it's all blank
    Victim : Duh....


    You would think by now, after all the computer forensics and such they've been through, the MPAA would realize that this was a completely boneheaded move. Just a waste of time and tax-payers money. This is the definition of frivilous.

  8. #8
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    yes, but then you get the genius who decides that to get round this he will pull the RAM while its on. Then you get torrentspy reversing the lawsuit and suing for lost business and replacement hardware. woohoo.
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

  9. #9
    Senior Member
    Join Date
    Dec 2001
    Posts
    319
    Aard : not to mention the cost of replacing the smoke

  10. #10
    Senior Member
    Join Date
    Oct 2004
    Posts
    183
    The appeal makes interesting (and lengthy!) reading: http://www.techfirm.com/serverlogappeal.pdf

    I guess it's a matter of "watch this space".

Similar Threads

  1. Using IPSec to Secure Computers and Network Traffic.
    By Tiger Shark in forum The Security Tutorials Forum
    Replies: 0
    Last Post: October 7th, 2004, 07:18 PM
  2. A Learning Experience.......
    By Tiger Shark in forum Network Security Discussions
    Replies: 11
    Last Post: August 24th, 2004, 12:59 AM
  3. Update Cisco CRWS via TFTP
    By phishphreek in forum Other Tutorials Forum
    Replies: 0
    Last Post: May 25th, 2004, 04:30 AM
  4. I caught a Virus! ......Can I play with it?
    By One Who Watches in forum AntiOnline's General Chit Chat
    Replies: 4
    Last Post: July 20th, 2003, 11:09 AM
  5. Writing your own web server.
    By ntsa in forum Other Tutorials Forum
    Replies: 3
    Last Post: October 5th, 2002, 04:48 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •