Judge Orders TorrentSpy to Turn Over RAM

virgil_disgr4ce writes "In an impressive example of the gap of understanding between legal officials and technology, U.S. Magistrate Judge Jacqueline Chooljian 'found that a computer server's RAM, or random-access memory, is a tangible document that can be stored and must be turned over in a lawsuit.' ZDNet, among others, reports on the ruling and its potential for invasion of privacy."

invasion of privacy

[St.+Arbirix]

Besides the stupidity of try to gather information from confiscated RAM, how in the world could this be a privacy concern?

Re:invasion of privacy

[advocate_one]

and that if this ruling were extended to things like SOX, a SOX-complying company would have to keep transaction logs or images of their RAM so that the state of the RAM at any point in the past could be accounted.

oh please let it be so... that would show just how ridiculous it is... the sheer amount of disk space and processor cycles required to effectively record the state of RAM for enterprise servers would bring this whole stupid ruling crashing down...

Re:invasion of privacy

[iluvcapra]

oh please let it be so... that would show just how ridiculous it is...

Wholly agree. Another implication in the article is that someone could hit you with a court order, and the moment you were served, if your machine was on, turning it off (or even killing a process or doing something that caused a pageout) could be destruction of evidence.

Blank RAM

[Esion+Modnar]

And these guys get arrested for destruction of evidence when they find that the RAM is blank. Un-freaking-believable.

Re:Blank RAM

[LordSnooty]

We're now at a stage where people should be employed by the courts system to act as educators and technical experts for any case - not advocating one side or the other of course but at least clarifying points like this for a judge. Why is this not happening.

Re:Blank RAM

[ultranova]

Aren't you glad that our inept legislators and your incompetent judges work in different jurisdictions?

Inept ? Incompetent ? You just described one of the most brilliant schemes to get around the laws proctecting ordinary citizens from arbitrary arrest I've ever heard of, and you call the people who came up with it incompetent ? Just what are your standards for competence, pray tell ?

Re:Blank RAM

[Jehosephat2k]

"or run any programs on their servers." of course, doing that would taint the evidence, the contents of the RAM running the program they are using to extract it. What a tangled web we weave when we practice to deceive.

What??

[laughingcoyote]

RAM is, by definition, temporary data storage. Very temporary. How exactly does the judge think this could be accomplished in practice? You can't exactly pop a RAM card out of a machine, bring it to court, and expect there to be anything usable or readable on it when you get there. Nor could you log more than a tiny fraction of what goes through it (and even doing that would take a great deal of storage capacity over time). Do judges just think computers are magic boxes which they can order to do whatever they may like, and that there are no limits of technical feasibility?

Judges shouldn't be allowed on these cases.

[DaveWick79]

Judges should not be allowed to preside over these cases unless they have a basic knowledge of computers. I would have to assume that the volatility of RAM was explained to the judge and if he still couldn't understand this udderly basic principle, how is he going to be competent with the remainder of the case?

Re:Judges shouldn't be allowed on these cases.

[benfinkel]

Do some googling. This Slashdot bit doesn't adequately explain it.

Torrentspy has been ordered to retain records of all of the information that is in their RAM as part of discovery. Not turn the physical RAM chips over to the court.

Re:What they want you to do is

Mod parent up. While not technically feasible to hand over RAM, this would open the door to requiring logging to track the contents of RAM. Doesn't matter if your info is not stored to disk. If it was in RAM, it is fair game to be presented as evidence.

Re:What's the problem?

[MyLongNickName]

Yeah... uh right. I am sure there is some type of theoretical possibility here, but practically no. RAM has to be constantly "refreshed" to keep the charge high enough to be read. After about ten seconds without power, I doubt any instrument would be able to read the state before power down.

Re:What's the problem?

[Red+Flayer]

I read a couple of other articles on it (google 'em, easy to find)

Replying to a post high in the comments, asking that they not only RTFA, but to Google it and read some other fucking articles?

Sure... and I want a unicorn for my birthday... I'm just as likely to get it.

That said, what you've written makes a whole lot more sense.

The question I have is, how feasible is it to log all IP addresses from the RAM and associate them with the transactions in question?

Over Simplified Headline...

[nick_davison]

It has nothing to do with handing over physical ram. It's about whether you have a piece of information in memory but deliberately fail to ever write it to a log - and whether you can be compelled to add that to your logs.

The more worrying demonstration of ignorance for me is:

"To imagine my information being disseminated without my written or verbal consent is unnerving," she said. "Then again, if I'm doing something I know is illegal, can I protest?"

If you smoke dope in your own home, can you protest if the police break in without any kind of a warrant?

If you like oral sex in any of the states that ban it, can you protest that your landlord installed a hidden video camera to catch it?

If you had depression and were hospitalized for being potentially suicidal, can you protest if the hospital gives the information to a former spouse who's trying to get child custody?

Of course you can damn well protest. Violation of your privacy is not acceptable simply because you're happening to commit a crime at the time.

It's especially not acceptable if you're not even necessarily committing a crime (seizing all server logs of all people using a torrent when only some of them are sharing copyrighted information over it). "Many people in group X are criminals, thus we're pulling all information on group X" is absolutely not acceptable. Imagine if the argument was "Many people in this housing project are involved with drugs. So we're demanding complete phone taps for everyone that lives there and we'll decide who's a criminal once we have that."

Re:Over Simplified Headline...

[Puls4r]

Excellent argument. Also, I'm curious how this would fall under the 5th amendment. I'm having trouble thinking of some type of legal analogy. The information exists, however it is not available to law enforcement in its current form. So they try to force the defendant to give it to them, thus incriminating themselves? It would seem to me that a good argument could be made that if the authorities want it, they should have to create a warrant and go get it themselves.

Re:What's the problem? Ordered Recording!

[redelm]

This is unbelieveable, especially in a Civil case. Sure, you can order the production of documents. Even expost format conversions. But I've never heard of imposing a requirement to make new documents.

The meatspace equivalent to RAM-recording is to require conversations to be taped and those tapes to be produced. Worse (more intrusive) actually, since RAM must be slowed to be recorded. RAM is as ephemeral as air.

I expect an appeal. I understand the desireability and value of the evidence, but rules are rules.

Re:You would think that???

[Hijacked+Public]

Since all we have is her decision in the case, I'd have to assume that the in court arguments made it around to the fact that TorrentSpy isn't logging connections to their server therefore the logs requested by the MPAA do not exist. The MPAA probably made the argument that the data did indeed exist (it appears the location they chose was in RAM), but it just wasn't being captured.

The order is far closer to an order to maintain logs than it is a request to pull the RAM out of the server and mail in. But being dramatic about how stupidly stupid the MPAA is and Judges and everybody but Slashdot geeks is much more fun than actually reading and understanding a court order.

What is most worrisome about the ruling, if everyone would shut up about physical RAM chips, is that a transient collection of 1s and 0s is considered a 'document'.

Thought control

[drDugan]

At every point in our technical development, the most functional machines are always compared to humans. Now, the closest machine that can emulate actions similar to our own is the mini(personal) computer and connected devices. This analogy will continue, as machines get more and more functional.

For purely technical reasons, we have a convention now that a person's thoughts are private. We have no technical way of reading a person's active thoughts or dreams trolling their memories. We have different levels of social responsibility for a person's thoughts and actions.

Aside from the technical issues of volatility, this issue is central to what information is public and what information is private. Taking a copy of a computer's RAM, which is technically possible in a running computer using, say and external hard drive, by order of a court, is a very real possibility, and one that has extremely deep implications for what information society deems as "discoverable".

I think the real issue here - the one that would be fascinating to discuss - is for senescent beings (and computers are marching that way closer and closer), is there a line that we should not cross and allow other beings (humans, computers when we agree they are sentient) to have truly private thoughts? According to the mentality of this ruling, no any information you can grab is fair game. It bodes very poorly for future generations with highly advanced MRI devices that can read thoughts.

Mandatory logging

[zerofoo]

Courts are trying force administrators of systems that do not log activities to start keeping logs.

There are many problems with this:

Technical: RAM contents are not permanently stored due to the technical nature of RAM. This judge wants to change that.....essentially storing everything that passes through RAM.

Cost: Why should the owners and operators of systems bear the cost of copyright enforcement? As a system administrator, what do I gain by spending my company's money on lots of disk and tape to keep logs for the RIAA? Why is that my responsibility?

Responsible party: If my users agree to only use my systems for legal purposes and they break that agreement, why am I required to provide anything to any third party? If they violate my TOS, I should be able to kick them off my network. The RIAA and their civil case should not involve me or my network. Their gripe is with the end user. If they need my help to pursue their case, then they don't have much of a case.

SARBOX forces companies to keep all emails and IM records as potential evidence. What's next? Recording every spoken word just in case someone needs it in court?

The burden of proof should be on the accuser - not on the accused.

-ted

Re:Mandatory logging

[RancidPickle]

Well said. Perhaps it's time to invest in Seagate and Western Digital.

If they want the RAM dump, one could just dump the binary to a 50,000-page Word document with 6-point font and hand that in. Not overly useful, but does fit with the draconian requirement to create documents of all RAM states.

And you thought Windows was slow now... just wait until you have to dump every RAM state every 64ms.

Re:HD

[voice_of_all_reason]

Are you crazy? You can't play "oh, I meant" games here. He is Serious Judge and this are Serious Court.

What if he said "Oh, he's not guilty, but I really meant 5 years in prison."

Re:What's the problem?

[despe666]

Wanna bet they'll charge them with destruction of evidence if they actually comply with the order and pull the chips from the computer?

Re:What's the problem?

[emurphy42]

You were apparently right about the link getting slashdotted. Nevertheless, while the theory (bit flips have a side effect on the physical material that can be detected with sufficient effort) is at least plausible, I don't think it leads to anything resembling a practical solution:

1. As previously noted, you'd have to wade through a huge hex dump
2. And you'd only get the data that was most recently in RAM; digging deeper, if possible at all (I know it is for hard drives), would be even more expensive
3. And why would the **AA spend all this money, when they can (as I believe they have) just have the court order TorrentSpy to log the relevant info to disk? The government digs deep into a hard drive when it has to, e.g. they reasonably expect to find useful info re a planned terrorist attack

Read the judgement

[cyberianpan]

since RAM must be slowed to be recorded On page 3 it says

4) Defendants have failed to demonstrate that the preservation & production of such data is unduly burdensome, or that the other reasons they articulate justify the ongoing failure to preserve and produce such data

They failed to make that case & I doubt they could.

Whilst ephemeral, data is being captured in RAM - to maintain a session of course they've to identify the IP. It isn't really all that hard to write that data to disk. Ok the logfiles would be a few GB a day - from technical viewpoint the judge's request is reasonable.

Re:What's the problem? Ordered Recording!

[Col.+Blackwolf]

While I object to some of the conclusions that the court has drawn in this particular case, I am far more concerned with the broader implications of the paragraph starting line 20 of page 24, referring to the the US Wiretap Act (18 U.S.C. 2510-22). "First, the court concludes that this statute is not implicated because, as to electronic communications, it only prohibits interceptions during transmission (not while in electronic storage, i.e. RAM), and the disclosure of electronic communications intercepted during transmission. See Konop v. Hawaiian Airlines, Inc.302 F.3d 868, 878-879 (9th Cir. 2002). This is true even though storage is a necessary incident to transmission." This is an explicit writ authorizing anyone the legal right to record any and all information that passes through the RAM on their computer. I.E. if I own webserver X, I am within my legal right to log all information, or a portion thereof, that passes through my system, by virtue that it will reside, however briefly, in that system's RAM. This includes data for which my server is not the intended recipient, as it has still been electronically stored on my system. For example, I could record the addresses of all emails that route through my server. And since this recording is my property, my consequent sale of said information to interested third parties is completely legal. This also means that any gov't agency that so desires this information can acquire it via a straightforward civil information discovery request, bypassing the more stringent requirements to obtain a valid wiretap warrant. The implications of this ruling for the future of data protection and security are frightening. While I am confident that it will be overturned or at least limited in the future, the potential for abuse is mind-boggling (like most things governments seems to do these days).

Re:What's the problem?

[cyphercell]

Can't read your link, but I'm assuming your talking about NVRAM, or NAND flash RAM and this stuff is hardly common-place.

Re:What's the problem?

[AK+Marc]

It is illegal to demand a document be created. The judge declared that the IP logs did exist at some time, even if only in RAM, so they must be produced. Not capturing the contents of RAM before it changes is destruction of documents. The only way around this would be a literal interpretation of the details, such as producing the contents of all RAM, without context. Just the strings of 1s and 0s, as that is how the "document" is stored in RAM. The implication is that the raw contents of RAM will not be produced, but instead the data that they are seeking will be distilled from the RAM and formed into a standard file. Such additional work is not necessary and it is illegal for the judge to demand. It is akin to the judge ordering you to present your address book because it contains the number of your bookie and holding you in contempt because in addition to the "b"s (where everyone lists Bookie under "b"), you included the As, Cs, Ds, etc. You *may* do the additional work, but there is never a legal requirement. If they don't like it, they can sift through the data themselves. If they didn't want the contents of the RAM, they shouldn't have subpoenaed it.

Re:What's the problem?

Correct, but the wanted information is the one off the RAM itself.

To prove that TorrentSpy was making it easier to share files, the studios told Chooljian that it was necessary that they obtain records of user activity. They convinced her that the only way to do this was to obtain the data from RAM.

It also shows that the judge doesn't understand technology and blindly follows the lead of MPAA which suggested getting the data off the RAM. It's the case of the blind following another blind.

I suggest TorrentSpy create a memory dump off the RAM and give the printout to the judge. Since the data keeps changing, they can also ask the judge when they need to do another memory dump.

God I hope they use NAT

actually if they do, do the router caches count as RAM?

Re:is the ruling about physical RAM at all?

[Brian+Gordon]

The excuse that RAM is volatile is hardly lame, it's just the way computers are built and no amount of judicial yammering will change it.

Re:What's the problem?

[complete+loony]

Worse, this sets a very bad precedent. Imagine this ruling being applied to a router at your ISP. All traffic that passes through a router will at some point hit a memory register, even if it is only within a network card. Thus the ISP has a document they could produce in discovery so long as they stop destroying it and record it somewhere permanently. Allowing any kind of wiretapping in a civil case.

Re:is the ruling about physical RAM at all?

[Hal_Porter]

Well, they could write them to disk then couldn't they? There's a world of difference between "we never had that data" and "we did have it we don't store it on disk. It sits in RAM for a while and then we delete it". The ruling means that deciding not to store it on disk is close to destroying evidence, which is very illegal.

Which, despite the spin and your personal feeling about torrents is not unreasonable. Let's suppose I gathered information about murders in Ram and make a conscious decision to delete it rather than storing it on disk. Should that be legal? Or should the judge have the power to force me to write the log to disk in future if someone tries to subpoena it?

Re:What's the problem?

[GreyPoopon]

you could simply explain to the judge that the wizards who live in the magic machine box have cast a very powerful spell that makes it extremely difficult to get the RAM out.

As funny as this is, the problem is that most judges have a sense of humor that is directly proportional to their understanding of the subject matter. In other words, if the judge is confused, he's not likely to find anything funny about it (even if the rest of us do).

Re:is the ruling about physical RAM at all?

[glesga_kiss]

No, I don't think so. But once someone subpoenas the information you have to go back to TRACE.

From a performance standpoint, that is insane. You won't be able to serve as many users if you are doing that level of logging, it's a lot of I/O traffic. Especially if it's a single log file for all client-handling threads; you are adding an artificial thread-synchronized block of code to every action. Ouch!

You could have a policy to shred day to day stuff (i.e. you're in ERROR mode).

The problem is that the judges paper analogy doesn't hold; you aren't shredding because you never had the info in the first place. Should we be logging all HTTP headers for example? The referal ID might be useful in a criminal case.

Another analogy might be my daily activies. Say I was asked by the authorities what bus I caught to town six months ago. Was it the 08:30 or the 8:45 one? I had the information at the time, but never logged it as it has no reasonable use at a later date.

Stupid headline

[Handlarn]

This is the most stupid headline I've seen on Slashdot for as long as I've been here. The summary isn't doing much to clear things up either.

People, read the damn article! But I guess an easy chance to get your post moderated Funny is too hard to give up a lot of you. Too bad there is basically only one joke in this entire thread and it's been told about 200 times now.

Seriously to whoever posted this submit better summaries!