Slashdot Mirror
Safeguards For RIAA Hard Drive Inspection
NewYorkCountryLawyer writes "In SONY v. Arellanes, an RIAA case in Sherman, Texas, the Court entered a protective order (PDF) that spells out the following procedure for the RIAA's examination of the defendant's hard drive: (1) RIAA imaging specialist makes mirror image of hard drive; (2) mutually acceptable computer forensics expert makes make two verified bit images, and creates an MD5 or equivalent hash code; (3) one mirror image is held in escrow by the expert, the other given to defendant's lawyer for a 'privilege review'; (4) defendant's lawyer provides plaintiffs' lawyer with a 'privilege log' (list of privileged files); (5) after privilege questions are resolved, the escrowed image — with privileged files deleted — will be turned over to RIAA lawyers, to be held for 'lawyers' eyes only.' The order differs from the earlier order (PDF) entered in the case, in that it (a) permits the RIAA's own imaging person to make the initial mirror image and (b) spells out the details of the method for safeguarding privilege and privacy."
1. Who pays for the neutral expert?
2. Who makes the deletion of the privileged files?
3. How are the privileged files going to be deleted?
Ray Beckerman +5 Insightful
Digital forensics is a very tough issue as laws are somewhat immature and judicial precedence over what is acceptable and what isn't, isn't set yet. What is considered in plain sight on a hard drive? These questions haven't been fully answered yet and it is going to take at least one high profile case before it is done. And always remember to use a write blocker when examining somebody else's hard drive. Even booting into Windows will change the timestamps on a lot of files which might allow the theory of the evidence being planted.
Sounds like an RIAA troll to me. Yeah, like the RIAA is trying to help small business.
Ray Beckerman +5 Insightful
My vote: it's the troll. It's too stupid to do a parody of anything.
Ray Beckerman +5 Insightful
It's like reading a procedures document from the Ministry of Information Retrieval.
You just KNOW that the creepy bureaucratic gnomes who write up this stuff are going to have a hand in designing the "revised Internet" that's made the news lately.
Your computer has been used to violate article IV of the The Working Artists' Protection Act. Please unlock your front door, sit on the ground, place your hands behind your head and wait quietly. Attempts to flee, contact the press, or hire legal counsel is a violation of the P.A.T.R.I.O.T. III Act and may result in detention in an Overseas Protective Facility.
And notice that it's an off-topic troll, to boot.
Ray Beckerman +5 Insightful
Think they'd buy it?
Oops, article's at http://www.torontosun.com/News/Columnists/Bonokosk i_Mark/2007/04/20/4078973.html
In this instance, that doesn't really matter. People don't deliberately keep large piles of pointless bits or stuff with a bunch of useless bits at the end on their hard drives. It'd be blatantly obvious what is a collision-attack file and what isn't. If it's an MP3 with a large bunch of bits tagged somewhere to make the MD5 match, then it's a plant.
I'm wrong - in fact I get the feeling that it's now important that MD5 is NOT used. NIST (an authority when it comes to forensic investigations) do *not* recommend the use of MD5 checksums. The grandparent was perfectly correct. A decent summary (sorry PDF) is here
Well, this comment has been posted since 2005 on Slashdot. Exactly the same in 2 other /. news posts:
r e+owner,+my+business+faces+ruin.+CD+sales+have+dro pped+through+the+floor.+People+aren't+buying+half+ as+many+CDs+as+they+did+just+a+year+ago.%22&hl=en& client=safari&rls=en&filter=0
http://www.google.com/search?q=%22As+a+record+sto
Well, you cold have at least updated your 12 year old record store and 'last year'.
Next to you being an RIAA shill, if you DO have a store, you deserve to be out of business. Or bring some Dimmu Borgir into your 'christian' store.
Custom electronics and digital signage for your business: www.evcircuits.com
Assuming you really do have something to hide, using an encrypted volume embedded within another encrypted volume could be very useful. TrueCrypt supports nested encrypted file systems and since TrueCrypt uses no headers to demarcate its volumes, it is not possible to determine if an additional volume is embedded within a TrueCrypt volume. In effect, it provides plausible deniability of the existence of a 2nd embedded volume if you're forced by court order to decrypt the main volume. (stick some Creative Commons licensed mp3 files in the main volume though, just to throw the RIAA the middle finger a little more.)
Better yet, support non-RIAA artists at sites like Magnitune. The quality of music I've found there is proof positive that the RIAA no longer has a legitimate purpose in the music industry.
My tips for installing TrueCrypt on Fedora Core 6.
RIAA employees were discovered with a "significantly disturbing" volume of porn on their own machines. When questioned they denied that the material was sourced from hard drive mirror images..
1.A loaded S&W .357 for use on the RIAA trolls trying to gain access to my house.(Under Ky Law I may defend my personal property using deadly force if I deem it necessary)
2.A good self destruct device (easy to built and arm) for the hard drive(renders it absolutely useless to any forensic expert,since it physically destroys the platters.)
3.I use an external drive to store the MP3 and other multimedia files on.Easily hidden,(like the old Varmit XL1000 CB Linear amps of decades past)
Anyone wanting to seize my machine will pay dearly for trying.I just don't give a damn anymore since I had the nervous breakdown last year.
That way,If the RIAA does get the machine,it will turn to scrap before they can get it 2 miles away.Paranoid? Sure,but with the corruption of the courts these days,these steps are needed.
Geek Hillbilly
1. Who pays for the neutral expert? 2. Who makes the deletion of the privileged files? 3. How are the privileged files going to be deleted?
If media files are all the RIAA trolls are interested in, it would be easy enough to make a script to extract them. Standard tools like find and tar do exactly that and do it well. Fancier tools could be made to look for id tags if the RIAA is paranoid about people changing filenames. It is this list of files that should be agreed on and only that should be coppied for examination beyond the "neutral" party.
Asking for more is just abusive but that's what this is all about, isn't it? "A few dollars a song is all we ask," they tell us, "isn't everything we can take away worth more than that?" Muggers use similar logic when they brandish their weapons.
While the change from "The RIAA gets everything it wants, so shut up." in these tiny details is nice, there's a long way to go before anything like justice is served and these searches start to look reasonable or lawful. Everyone in my house has a computer or two. The burden of identifying each and every file that might be embarrassing or abused is well beyond the average user. Even if you can do that, the details of the deletion are still troubling. I'd say that the RIAA system that makes the original mirror is something that can't be trusted to begin with and all bets are off from the first step.
Unreasonable searches are disruptive and dangerous. The easiest way to see what a powerful weapon this can be is to imagine if MLK were alive today. The kinds of people who tapped his phones and told him to commit suicide would be demanding his computers. Those who want to avoid harassment must give up many modern conveniences and efficiencies. The threat of revocation make the tools useless anyway. All it takes to end up on the list is an ISP.
The only thing less reasonable than the "evidence" or motivation for these trials are the harsh penalties provided by law. Everyone of us faces the complete loss of property and livelyhoods at random, all to protect an industry from obvious technical obsolescence.
Friends don't help friends install M$ junk.
and I'm proud to have one of the most extensive Christian rock sections that I know of.
You mean that people are actually ripping and sharing Christian rock??
Thats just *sick*.
In the free world the media isn't government run; the government is media run.
In the end they should receive any MP3 files that are on their list of infringing files, and Online Media Distribution System (P2P file sharing program, for the rest of us) files for the OMDS they've claimed they've identified (e.g. KaZaA) if present, AND NOTHING MORE!
As I understand it (IANAL), you are allowed to remove personal files that have no relationship to the case at hand. The RIAA can object if you try to protect files they say have a direct bearing on their case, however, they should find it an impossible task to justify why they need to see anything other than specified MP3 and/or OMDS files. Don't give them a byte more than they're entitled to.
And most importantly of all, perhaps, wipe all the unused file space. Let them try to prove why they deserve access to areas of the hard drive not included in any files.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
One could make the case to a judge that with all the drives the RIAA has unethically examined using their wide, pervasive and invasive techniques, there is a better chance than not that they have CHILD PORN on their own computers, and that a low-level forensic examination of the RIAA's computer disks would likely reveal CHILD PORN was there even if it is now erased. My understanding is that is a federal crime no matter HOW the CHILD PORN got on the RIAA's computers or whether the CHILD PORN on the RIAA's hard disks is now erased. I firmly believe that CHILD PORN is wrong and the RIAA has no business engaging in CHILD PORN for any purpose whatsoever. Furthermore I think the slashdot user community should petition the court to appoint an appropriate forensic expert to look for the CHILD PORN on the RIAA's computers.
Well, in one case they are demanding to image and search the hard drives and all MP3 players of the son of a defendant, who lives miles away, and claims to only have a desktop system at home that he uses for his job as a legal assistant (i.e. large amount of confidential files there). They're trying to do this because, having searched his mother's harddrive and found ABSOLUTELY NO EVIDENCE of illegal activity on it, and only assumed that they were given the wrong hard drive, and are now on the hunt for the correct one that they're sure exists.
In the RIAA's twisted logic, he has either taken his desktop (not notebook/laptop computer) to his mother's house miles away to do illegal filesharing on her Internet broadband account, and then taken it home again, or REMOVED HIS HARDDRIVE and transported it over and back to infringe on record company copyrights. This theory, they feel, allows them to now search his hard drive -- or, I would expect, anyone within 4 degrees of separation from the defendant -- and all music players as they wish. While I believe this was finally ruled unreasonable and unlikely to produce admissible evidence, they now are fighting their best to avoid paying his legal bills that he entailed explaining this bit of common sense to them.
So in answer to your question: Yes!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
... a virtual OS install for all your 'illicit' downloads.
i.e. - VMWare, where the installation is hosted within a single file. For tin foil hat level security you may choose to keep the file on an removable device. The first hint that the RIAA is persuing you, you disconnect/erase the device/file.
Ooops, the cat's out of the bag now !
Files RIAA is interested in :
1) kazaa.log
2) spyware.log
3) $sys$sonyrootkit.log
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
ln -s /usr/share/goatse.jpg $HOME/stuff_I_got_from_limewire.mp3 /usr/share/goatse.jpg $HOME/movie2007.avi /usr/share/goatse.jpg $HOME/awesome_concert.mpg
/usr/share/goatse -type f`; do
ln -s
ln -s
or maybe for more fun..
for file in `find
ln -s "$file" $HOME/$RANDOM.mp3
ln -s "$file" $HOME/$RANDOM.mpg
ln -s "$file" $HOME/$RANDOM.avi
done
boycott slashdot February 10th - 17th check out: altSlashdot.org
I doubt that the amount of damage caused by such an incident would cause much damage.
First, there is a much lower chance of corrupted data when the drive heads are parked, as they would be as you hand the bare drive to someone.
Second, it would take several heard crashes to cause data loss, as there would have to be significant damage to the platters.
Third, professional date recovery companies can recover much of data from non-working drive, up until the point where a large majority of the physical platters are destroyed.
Hard drives are resilient units... my experience:
1. Running notebook dropped 1.5m onto concrete. Result = no data loss
2. 80gb SATA drive carried for two weeks in an external pocket of a messenger bag. Result = MD5 hash same as previous hash
3. Hard drive recovered from structure fire. Result = successful professional data recovery.
4. Running notebook with remote ignition trigger for Thermite. Result = 2204 degreeC fire, platters physically destroyed, no data recovered. (See it at The Broken
If anyone wants to look up that case it's UMG v. Lindor.
Ray Beckerman +5 Insightful
As a record store owner who has failed to diversify or pay attention to industry trends , my business faces ruin. CD sales have dropped through the floor just like the previous obsolete formats before them . People aren't buying half as many CDs as they did just a year ago. Revenue is down and costs are up. My store has survived for years, but I now face the prospect of bankruptcy. Every day I ask myself why this is happening when I should be researching current trends and alternatives to restructure my business instead of wallowing in misery .
I bought the store about 12 years ago. It was one of those boutique record stores that sell obscure, independent releases that no-one listens to, not even the people that buy them. I decided that to grow the business I'd need to aim for a different demographic, the family market. My store specialized in family music - stuff that the whole family could listen to. I don't sell sick stuff like Marilyn Manson or cop-killer rap, and I'm proud to have one of the most extensive Christian rock sections that I know of.
The business strategy worked. Buying an existing profitable store and changing nothing was simpler then I ever imagined. People flocked to my store, knowing that they (and their children) could safely purchase records without profanity or violent lyrics. Over the years I expanded the business and took on more clean-cut and friendly employees. It took hard work and long hours but I had achieved my dream - owning a profitable business that I had built with my own hands, from the ground up. But now, this dream is turning into a nightmare.
Every day, fewer and fewer customers enter my store to buy fewer and fewer CDs. Why is no one buying CDs? Why is no one buying cassette tapes, 33s or singles on 45s? My wax cylinders are literally covered in dust! Are people not interested in music? Do people prefer to watch TV, see films, read books? I don't know. But there is one, inescapable truth - Internet piracy is mostly to blame. The statistics speak for themselves - one in three discs world wide is a pirate. On The Internet, you can find and download hundreds of dollars worth of music in just minutes. Millions of people are finding and downloading any music item they want. It's so easy some people are downloading stuff they never would have listened to before just to check it out. It has the potential to destroy the music industry, from artists, to record companies to stores like my own. Before you point to the supposed "economic downturn", I'll note that the book store just across from my store is doing great business. Unlike CDs, it's harder to copy books over The Internet. Except for audio books. And it's really just as easy to copy the books - it's just a little harder to encode them and not as convenient to read them using a computer right now.
Pirates are the worst. They are not as easy to identify as you would think. They almost never wear those little triangle hats. A week ago, an unpleasant experience with pirates gave me an idea. In my store, I overheard a teenage patron talking to his friend.
"Dude, I'm going to put this CD on the Internet right away."
"Yeah, dude, that's really lete [sic], you'll get lots of respect."
"I just hope it will work in my CD player. I haven't bought a CD since the last two wouldn't work in my CD player and this guy refused to give me a refund for the defective discs."
I was fuming. So they were out to destroy the record industry from right under my nose? F