Judge Orders TorrentSpy to Turn Over RAM

virgil_disgr4ce writes "In an impressive example of the gap of understanding between legal officials and technology, U.S. Magistrate Judge Jacqueline Chooljian 'found that a computer server's RAM, or random-access memory, is a tangible document that can be stored and must be turned over in a lawsuit.' ZDNet, among others, reports on the ruling and its potential for invasion of privacy."

What's the problem?

[jonbryce]

Take the chips out of the machine and send them to the other side.

Re:What's the problem?

[benfinkel]

I read a couple of other articles on it (google 'em, easy to find) and basically the Judge understands more than this Slashdot abstract says.

Torrentspy was contending that they had no record of user's IP addresses, since they don't do any IP logging. The Judge has ordered that since, even though there is no logging, the IPs are available in the RAM for a period of time, that constitutes a recording and they were ordered to capture that information from the RAM in a more permanent spot.

This is new because it's the first time that volatile RAM has even been considered as evidence in that manner.

Re:What's the problem?

Maybe a few minutes later. Not hours or days. The decay is total by then, and there isn't even theoretical equipment that could distinguish its state from noise.

Re:What's the problem?

[MyLongNickName]

Yeah... uh right. I am sure there is some type of theoretical possibility here, but practically no. RAM has to be constantly "refreshed" to keep the charge high enough to be read. After about ten seconds without power, I doubt any instrument would be able to read the state before power down.

Re:What's the problem?

[sammy+baby]

That oughtta work. I do that recreationally anyway.

Re:What's the problem?

[despe666]

Wanna bet they'll charge them with destruction of evidence if they actually comply with the order and pull the chips from the computer?

Re:What's the problem?

[flitty]

I hereby order you to bring in your computer monitor, to see if we can recall any images that appeared in it, and get IP addresses that way!

Re:What's the problem?

[robbiethefett]

you could simply explain to the judge that the wizards who live in the magic machine box have cast a very powerful spell that makes it extremely difficult to get the RAM out. i mean, it's pretty apparent that this judge would take that as a reasonable explanation.

Re:What's the problem?

[canajin56]

There are established rules that say that a defendant cannot be compelled to create new documents for the plaintiff, even if the new document would just be a compilation and/or summary of other documents. TorrentSpy maintains that they do not currently log IP addresses, and therefore an order to begin logging IP addresses and turn over their logs would be illegal. The judge has ruled that RAM is legally a document, and therefore they DO in fact have such documents in their possession, if for a very short period of time. As such, he has stated that a requirement to enable logging does not constitute creating a new document, and is simply transcribing a document from one format to another, which they CAN be required to do. And that's why he referenced the RAM, because without acknowledging that this data is contained in the RAM "document" at one point, they cannot be legally compelled to enable logging.

Re:What's the problem?

[Mr2cents]

if you put "cat /dev/mem | uuencode | mail judge@court.gov" in a cronjob and let it run every minute, I'm sure he will be more than pleased.

What's next?

[raeb]

"Please sir, hand over your motherdisk."

Re:What's next?

[Opportunist]

I insist that you hand over your ISDN drive. And your SCSI modem.

HD

[gregoryb]

Maybe she meant 'hard drive'? The majority of the people I supported while working IT during college used the terms RAM and hard drive interchangeably.

-gb

Re:invasion of privacy

[laughing+rabbit]

Damn! I knew we should have stopped referring to 'pages' of memory.

Over Simplified Headline...

[nick_davison]

It has nothing to do with handing over physical ram. It's about whether you have a piece of information in memory but deliberately fail to ever write it to a log - and whether you can be compelled to add that to your logs.

The more worrying demonstration of ignorance for me is:

"To imagine my information being disseminated without my written or verbal consent is unnerving," she said. "Then again, if I'm doing something I know is illegal, can I protest?"

If you smoke dope in your own home, can you protest if the police break in without any kind of a warrant?

If you like oral sex in any of the states that ban it, can you protest that your landlord installed a hidden video camera to catch it?

If you had depression and were hospitalized for being potentially suicidal, can you protest if the hospital gives the information to a former spouse who's trying to get child custody?

Of course you can damn well protest. Violation of your privacy is not acceptable simply because you're happening to commit a crime at the time.

It's especially not acceptable if you're not even necessarily committing a crime (seizing all server logs of all people using a torrent when only some of them are sharing copyrighted information over it). "Many people in group X are criminals, thus we're pulling all information on group X" is absolutely not acceptable. Imagine if the argument was "Many people in this housing project are involved with drugs. So we're demanding complete phone taps for everyone that lives there and we'll decide who's a criminal once we have that."

Re:Judges shouldn't be allowed on these cases.

[mypalmike]

he still couldn't understand this udderly basic principle

Moo.

Re:Blank RAM

[bcattwoo]

And these guys get arrested for destruction of evidence when they find that the RAM is blank. Un-freaking-believable. No, because the article summary misrepresents the actual ruling. TorrentSpy claims that it can't turn over certain data because it was never logged. The judge ruled that since the data in question was in the RAM, TorrentSpy was in possession of said data and must preserve it for discovery, i.e. start logging it. The judge in no way ruled that they must physically turn over the RAM chips.

I see this as net positive.

[JRHelgeson]

While industry experts lamented the judges decision in this case, this newest revelation, that computer RAM should be turned over as part of discovery, proves that she has no concept of the issues she is addressing in her court. This provides fertile grounds for appeals as she is obviously dealing with issues she cannot even comprehend.

The fact that she has ordered the defendant to CREATE evidence (log files), in order to turn it over to the plaintiff as part of their discovery request is absurd.

Re:hmm..

[Coraon]

Depends, is there cute girl ram around?

Re:Oh my. I think you are a fellow old-timer.

[trolltalk.com]

When I was a kid, RAM was made of flip-flops and I had to go to school with three feet of snow, and it was uphill both ways. Oh boy.

You were lucky - you had a supply of cheap beach sandals! We had to make our bits out of acorns. Our computers would crash every fall when the squirrels would bury all our RAM.

Mandatory logging

[zerofoo]

Courts are trying force administrators of systems that do not log activities to start keeping logs.

There are many problems with this:

Technical: RAM contents are not permanently stored due to the technical nature of RAM. This judge wants to change that.....essentially storing everything that passes through RAM.

Cost: Why should the owners and operators of systems bear the cost of copyright enforcement? As a system administrator, what do I gain by spending my company's money on lots of disk and tape to keep logs for the RIAA? Why is that my responsibility?

Responsible party: If my users agree to only use my systems for legal purposes and they break that agreement, why am I required to provide anything to any third party? If they violate my TOS, I should be able to kick them off my network. The RIAA and their civil case should not involve me or my network. Their gripe is with the end user. If they need my help to pursue their case, then they don't have much of a case.

SARBOX forces companies to keep all emails and IM records as potential evidence. What's next? Recording every spoken word just in case someone needs it in court?

The burden of proof should be on the accuser - not on the accused.

-ted

Re:What's the problem? Ordered Recording!

[arborlaw]

Agreed. We've been here before.....

The SonicBlue / ReplayTV case in 2002 involved an order by the court to ReplayTV to create the technology to record information about subscribers for purposes of determining how much usage was violating the TOS and the law.

From the defendant's brief in that case, which makes it quite clear that the information does not exist and would involve an affirmative duty to surveil:

Federal Rule 34 Neither Requires Nor Authorizes An Order To Create Records That Do Not Exist.

Not surprisingly, Plaintiffs cite no authority for such an order. It is well settled that a party is not required to create, either in paper or electronic form, data that does not currently exist within its possession. Steil v. Humana Kansas City, Inc., 197 F.R.D. 445, 448 (D. Kan. 2000) (party "cannot be compelled to produce documents which do not exist" ). Rule 34 "only requires a party to produce documents that are already in existence." Alexander v. Federal Bureau of Investigation, 194 F.R.D. 305, 310 (D.D.C. 2000) (emphasis added). "A party is not required 'to prepare, or cause to be prepared,' new documents solely for their production." Id. Plaintiffs misunderstand Rule 34 and the law relating to the discovery of data compilations. It is true that Defendants may be required to produce both hard copy documents, and electronic data, that are stored in Defendants' own files and computers. But, with the sole exception of the limited my.ReplayTV.com information discussed below, the information sought by Plaintiffs is not "electronically stored" on Defendants' computers. It does not exist anywhere yet. It does not even exist on individual consumers' PVR hard drives, much less on Defendants' computers. And if the information is created, and a program written to log it in the future, it would exist on a consumer's personal property, not on ReplayTV's computers.

Rather, Plaintiffs are asking the Court to order Defendants first to write a program to implant in a consumer's ReplayTV unit in order to create and store the data, and then to write software to collect the data from consumers (without further notice to them) and disclose it to Plaintiffs. Neither Rule 34 nor case law obliges Defendants to take these extraordinary steps.

--originally provided by Mike Godwin in SonicBlue discussion, Cyberia-L

RTFD

You have been misinformed if you take the slashdot summary at face value.

And you have been misinformed if you RTFA.

The judge's decisions responds to most of the comments posted here, and the lawyers comments naively repeated by the author of the article.

Instead, read the decision (RTFD) that the article links to.

Although she mistakenly says websites have RAM, she definitely knows what RAM is, if you read her analysis about why the RAM should be turned over. She doesn't want the chip, she wants the ip address that temporarily pass through the website server's RAM.

Based on existing case law from other copyright cases, whatever passes through a computer's RAM is a tangible copy, if only a temporarily one. According to the rules of discovery, the defendant must produce this copy because it is within their control. It is within their control due to the fact their provider uses the a web server (Microsoft's), and this server has the capability of logging ip address that temporarily pass through the computers RAM.

So "turning over the RAM" actually means "hand over the documents that are temporarily stored in the RAM by simply turning on the logging function of the webserver." The judge is simply following existing case law and discovery procedures.

Re:What's the problem? Ordered Recording!

[Col.+Blackwolf]

While I object to some of the conclusions that the court has drawn in this particular case, I am far more concerned with the broader implications of the paragraph starting line 20 of page 24, referring to the the US Wiretap Act (18 U.S.C. 2510-22). "First, the court concludes that this statute is not implicated because, as to electronic communications, it only prohibits interceptions during transmission (not while in electronic storage, i.e. RAM), and the disclosure of electronic communications intercepted during transmission. See Konop v. Hawaiian Airlines, Inc.302 F.3d 868, 878-879 (9th Cir. 2002). This is true even though storage is a necessary incident to transmission." This is an explicit writ authorizing anyone the legal right to record any and all information that passes through the RAM on their computer. I.E. if I own webserver X, I am within my legal right to log all information, or a portion thereof, that passes through my system, by virtue that it will reside, however briefly, in that system's RAM. This includes data for which my server is not the intended recipient, as it has still been electronically stored on my system. For example, I could record the addresses of all emails that route through my server. And since this recording is my property, my consequent sale of said information to interested third parties is completely legal. This also means that any gov't agency that so desires this information can acquire it via a straightforward civil information discovery request, bypassing the more stringent requirements to obtain a valid wiretap warrant. The implications of this ruling for the future of data protection and security are frightening. While I am confident that it will be overturned or at least limited in the future, the potential for abuse is mind-boggling (like most things governments seems to do these days).

Err....no.

[DeadCatX2]

Not in modern DRAM. Modern DRAM is basically [sic] a capacitor.

Sure, forgetting about the whole row and column stuff, and the sense amps...

However, due to the natural resistance of silicon there is always some leakage current leaving the capacitors.

Incorrect. Capacitors lose charge because dielectrics are not perfect insulators, and thus some current actually leaks through from one plate to the other.

This means that RAM left alone for more than a few tenths of a milisecond will lose enough voltage to drop to a logical 0

Disturbingly wrong. Most manufacturers specify that a row of DRAM must be refreshed at least every 64 milliseconds. In fact, Wikipedia cites a pdf saying that some information can be retained for up to minutes in a cell of DRAM - though you will get some bit errors.

TO prevent this, RAM is constantly refreshed- the ram chip will spend spare cycles writing its own value to itself.

Actually, the memory controller will issue a refresh command to the DRAM chip. This is probably what you were thinking about before...a row refresh must happen every 7.8 microseconds or so (depending on the RAM chip). But, that's because the refresh operation only refreshes a single row. The DRAM chip usually has an internal address counter, so you just say "refresh the next row" and the DRAM chip already knows what the "next row" is, and afterwards it increments it so the next time you issue the refresh command, it refreshes the next row. If you execute these refresh operations every 7.8 microseconds, then in 64 milliseconds you will refresh every row of memory on the DRAM chip.

Oh, and by the way, reading from any cell of DRAM will refresh the entire row that cell is on, because reading from DRAM is a destructive operation. Therefore, there's actually a row of latches at the bottom of the columns, and the values from those latches are placed back into the capacitors while the bit of interest is being shuffled out onto memory bus.

Writing to a cell also requires reading the entire row, which means that writing also refreshes that row.