Slashdot Mirror
Judge Orders TorrentSpy to Turn Over RAM
virgil_disgr4ce writes "In an impressive example of the gap of understanding between legal officials and technology, U.S. Magistrate Judge Jacqueline Chooljian 'found that a computer server's RAM, or random-access memory, is a tangible document that can be stored and must be turned over in a lawsuit.' ZDNet, among others, reports on the ruling and its potential for invasion of privacy."
Yeah... uh right. I am sure there is some type of theoretical possibility here, but practically no. RAM has to be constantly "refreshed" to keep the charge high enough to be read. After about ten seconds without power, I doubt any instrument would be able to read the state before power down.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
It has nothing to do with handing over physical ram. It's about whether you have a piece of information in memory but deliberately fail to ever write it to a log - and whether you can be compelled to add that to your logs.
The more worrying demonstration of ignorance for me is:
"To imagine my information being disseminated without my written or verbal consent is unnerving," she said. "Then again, if I'm doing something I know is illegal, can I protest?"
If you smoke dope in your own home, can you protest if the police break in without any kind of a warrant?
If you like oral sex in any of the states that ban it, can you protest that your landlord installed a hidden video camera to catch it?
If you had depression and were hospitalized for being potentially suicidal, can you protest if the hospital gives the information to a former spouse who's trying to get child custody?
Of course you can damn well protest. Violation of your privacy is not acceptable simply because you're happening to commit a crime at the time.
It's especially not acceptable if you're not even necessarily committing a crime (seizing all server logs of all people using a torrent when only some of them are sharing copyrighted information over it). "Many people in group X are criminals, thus we're pulling all information on group X" is absolutely not acceptable. Imagine if the argument was "Many people in this housing project are involved with drugs. So we're demanding complete phone taps for everyone that lives there and we'll decide who's a criminal once we have that."
Courts are trying force administrators of systems that do not log activities to start keeping logs.
There are many problems with this:
Technical: RAM contents are not permanently stored due to the technical nature of RAM. This judge wants to change that.....essentially storing everything that passes through RAM.
Cost: Why should the owners and operators of systems bear the cost of copyright enforcement? As a system administrator, what do I gain by spending my company's money on lots of disk and tape to keep logs for the RIAA? Why is that my responsibility?
Responsible party: If my users agree to only use my systems for legal purposes and they break that agreement, why am I required to provide anything to any third party? If they violate my TOS, I should be able to kick them off my network. The RIAA and their civil case should not involve me or my network. Their gripe is with the end user. If they need my help to pursue their case, then they don't have much of a case.
SARBOX forces companies to keep all emails and IM records as potential evidence. What's next? Recording every spoken word just in case someone needs it in court?
The burden of proof should be on the accuser - not on the accused.
-ted
Wanna bet they'll charge them with destruction of evidence if they actually comply with the order and pull the chips from the computer?
While I object to some of the conclusions that the court has drawn in this particular case, I am far more concerned with the broader implications of the paragraph starting line 20 of page 24, referring to the the US Wiretap Act (18 U.S.C. 2510-22). "First, the court concludes that this statute is not implicated because, as to electronic communications, it only prohibits interceptions during transmission (not while in electronic storage, i.e. RAM), and the disclosure of electronic communications intercepted during transmission. See Konop v. Hawaiian Airlines, Inc.302 F.3d 868, 878-879 (9th Cir. 2002). This is true even though storage is a necessary incident to transmission." This is an explicit writ authorizing anyone the legal right to record any and all information that passes through the RAM on their computer. I.E. if I own webserver X, I am within my legal right to log all information, or a portion thereof, that passes through my system, by virtue that it will reside, however briefly, in that system's RAM. This includes data for which my server is not the intended recipient, as it has still been electronically stored on my system. For example, I could record the addresses of all emails that route through my server. And since this recording is my property, my consequent sale of said information to interested third parties is completely legal. This also means that any gov't agency that so desires this information can acquire it via a straightforward civil information discovery request, bypassing the more stringent requirements to obtain a valid wiretap warrant. The implications of this ruling for the future of data protection and security are frightening. While I am confident that it will be overturned or at least limited in the future, the potential for abuse is mind-boggling (like most things governments seems to do these days).