Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safeguards For RIAA Hard Drive Inspection

Posted by kdawson on from the under-watchful-eyes dept.

NewYorkCountryLawyer writes "In SONY v. Arellanes, an RIAA case in Sherman, Texas, the Court entered a protective order (PDF) that spells out the following procedure for the RIAA's examination of the defendant's hard drive: (1) RIAA imaging specialist makes mirror image of hard drive; (2) mutually acceptable computer forensics expert makes make two verified bit images, and creates an MD5 or equivalent hash code; (3) one mirror image is held in escrow by the expert, the other given to defendant's lawyer for a 'privilege review'; (4) defendant's lawyer provides plaintiffs' lawyer with a 'privilege log' (list of privileged files); (5) after privilege questions are resolved, the escrowed image — with privileged files deleted — will be turned over to RIAA lawyers, to be held for 'lawyers' eyes only.' The order differs from the earlier order (PDF) entered in the case, in that it (a) permits the RIAA's own imaging person to make the initial mirror image and (b) spells out the details of the method for safeguarding privilege and privacy."

2 of 276 comments (clear)

  1. oops wrong Re:Why a broken hash? by daveb · · Score: 5, Informative
    After babbling mindlessly I thought I'd do a quick check.

    I'm wrong - in fact I get the feeling that it's now important that MD5 is NOT used. NIST (an authority when it comes to forensic investigations) do *not* recommend the use of MD5 checksums. The grandparent was perfectly correct. A decent summary (sorry PDF) is here

  2. Use TrueCrypt! by mwilliamson · · Score: 5, Informative

    Assuming you really do have something to hide, using an encrypted volume embedded within another encrypted volume could be very useful. TrueCrypt supports nested encrypted file systems and since TrueCrypt uses no headers to demarcate its volumes, it is not possible to determine if an additional volume is embedded within a TrueCrypt volume. In effect, it provides plausible deniability of the existence of a 2nd embedded volume if you're forced by court order to decrypt the main volume. (stick some Creative Commons licensed mp3 files in the main volume though, just to throw the RIAA the middle finger a little more.)

    Better yet, support non-RIAA artists at sites like Magnitune. The quality of music I've found there is proof positive that the RIAA no longer has a legitimate purpose in the music industry.

    My tips for installing TrueCrypt on Fedora Core 6.