TorrentSpy Must Preserve Data In RAM For MPAA

Transient writes "Reaffirming a magistrate's earlier decision, a federal judge has ordered TorrentSpy to begin keeping server logs as it defends itself against an MPAA lawsuit. In her opinion, Judge Florence-Marie Cooper interpreted federal discovery rules broadly. ' Judge Cooper took issue with TorrentSpy's argument that data in RAM is not "stored." She noted RAM's function as primary storage and that the storage of data in RAM — even if not permanently archived — makes it electronically stored information governed by federal discovery rules.' Given that TorrentSpy has limited access for users in the US, the ruling may be moot. But it does set a precedent for other, similar cases. 'Under this interpretation, any data stored in RAM could be subject to a subpoena, as at a basic level it is a "medium from which information can be obtained" just like a hard drive. '"

Evidence destruction ?

[Joebert]

Does this mean that turning a computer off could be considered destruction of, or tampering with, evidence ?

Re:Evidence destruction ?

[HTH+NE1]

For data to exist in RAM, does it not also have to exist on the hard drive in some fashion also? No. Data can come from any source, not just hard drives. The data going into this text box from my keyboard exists in RAM, but does not yet exist on a hard drive. If I submit it, it arrives in that server's RAM before it even touches the server's hard drive.

White Board

[pete-classic]

Does this mean they can subpoena the contents of the white board in conference nine at 7:23 AM on June the 13, 2005?

Why can't the court grasp the transient nature of the content of RAM?

-Peter

Re:White Board

[Kelz]

But this white board erases itself when you turn off the lights.

Re:White Board

[HTH+NE1]

Does this mean they can subpoena the contents of the white board in conference nine at 7:23 AM on June the 13, 2005? More like an order that the white board be placed under constant surveillance creating a continuous, timestamped, and legible video record from now on.

Silly

[stabiesoft]

Sort of like the uncertainty principle. In order to "store" RAM to a permanent medium, RAM will change to write itself to the medium. This reminds me of when I testified and tried to explain that from a programs perspective, VM looks just like RAM, just slower. I never managed to convince the prosecutor. Clearly the legal system hasn't a clue about tech.

Need more disk space now?

[weszz]

So... you have to be able to log everything that is in ram as well now

so we need faster processors and bigger hard drives to handle the extra load.

A normal log may not be that big, but when you get to a few months full of RAM logs for a busy server... I think this precedent will get overturned when they find out just what they are asking for.

I want to to write down every single thought you have for the next 10 weeks...

What about costs?

[www.sorehands.com]

I am surprised that the costs issue was not addressed. Generally, and if I recall, that if there are costs on on electronic discovery, that cost can be shifted on to the requesting party.

For this the costs would be expensive.

There are two ways to archive this:
    1. By snapshotting the ram.
    2. By rewriting the server code.

By snapshotting the ram, it would require a program with root access to snap this and lots of data to be archive.

By rewriting the server code, it would take months to rewrite it properly and test it. Then they would to license the IP2location database to perform lookups on the IP address filter out US addresses. I suspect that this filtering would require one or two more computers to perform this.

Re:power failure

[OrangeTide]

There is little doubt in my mind that that is the case. It does not matter what you did, but if it was intentional then it is a very serious crime to deny or destroy evidence.

If you "forgot" to pay your colocation bill and they turned off your servers, that might work. You could claim you couldn't pay the bill because of all the money you are spending on lawyers. :)

Let's be clear

[71thumper]

What the judge is saying is that just because you keep a file in RAM and not on on disk, you can't claim you aren't "storing" that data.

Um, isn't this some pretty heavy spin???

[BobMcD]

From TFA:

TorrentSpy fought the MPAA's request, arguing that privacy laws in the Netherlands--where the servers are physically located--prevented it from maintaining and disclosing the logs. The site also argued that the log data wasn't available, since it existed only in RAM, and as such, was never stored.

The magistrate judge didn't buy that argument, and in her opinion reaffirming the magistrate's order, neither did Judge Florence-Marie Cooper. Judge Cooper took issue with TorrentSpy's argument that data in RAM is not "stored." She noted RAM's function as primary storage and that the storage of data in RAM--even if not permanently archived--makes it electronically stored information governed by federal discovery rules. TorrentSpy: "We could log that information, but we choose not to."

Judge: "Choose to do so from this point on."

RAM isn't exactly relevant. This isn't some kind of temporary storage situation. This is a deliberate decision on the part of the software author. Now if you want to claim rights are being trodden upon, be my guest. But claiming that all RAM is now state's evidence is a stretch.

Re:Um, isn't this some pretty heavy spin???

[NeutronCowboy]

I agree that the intent may have been to force TorrentSpy to turn on logging. However, the judgment was written in a very broad fashion - broad to the point that nowhere is it mentioned to "just turn on the damn logging". Instead, it is a ruling that states that data in RAM is governed by federal discovery rules, and as a result, needs to be preserved.

While it is unlikely that always logging ALL data in RAM will become a federal requirement, it is quite possible that this will turn into one of those things that everybody has to violate in order to function. The result of this will be that someone, somewhere will be permanently fucked by a ruling based on this. Yes, the law might be changed after this, but only after someone's life has been permanently fucked with.

Remember the high-school senior who got a blowjob from a 15 year old? He's doing time, because a law designed to catch sex offenders was badly written. The law was changed in response to his conviction, but it was too late for him. He's still in jail, the football scholarship is now out of the question, and he will have a criminal record.

I'm paranoid because too many lawyers and politicians and people in general have abused bad laws for their own gain.

judges are not dumb

[czmax]

Folks, From TFA, we see the following, "[Torrentspy] argued that the log data wasn't available, since it existed only in RAM, and as such, was never stored". The judge, being nobodies dummy, accurately noted that this isn't an impediment to logging that data in the future and has ordered them to do so. Funny jokes about handing over DIMMs aside this is a totally reasonable concept. How many of you all think it's actually impossible to log a number that is in RAM? Are all you /. l33t programmers incapable of writing a variable out to a file?

This isn't about RAM, folks

[Timogen]

Oh, I'm sure, many of you are going off on this whole RAM thing as if that was the point. What you are missing is that this ruling was meant not really believing that RAM is the key, but the fact of the matter that, for torrentspy transactions, they do not, for just the exact reason this lawsuit began, log connection information, even though that information does pass through the RAM of the system. They focused on RAM as it is, in this case, the only memory device that is realistically capturing any connection information. That connection information is what the prosecution wants. Ergo, this order is, for all intents and purposes, forcing torrentspy to adjust their software to capture the connection information. That's really all it is. The courts, I'm sure, are aware of the transitory nature of RAM, and, through this order, are only addressing that the memory in RAM be captured. The reason they bring this up is because torrentspy, all along, claimed they have no logs that capture connection information, so potential downtheroad supoena's of torrentspy users cannot occur, plsu an audit trail of abuses cannot be captured. This ruling basically says 'Nice try guys, but you now need to close up that loophole'. Seriously, you all go off on the nature of RAM and stupidity of non-technites, but you fail to grasp what this ruling is really about, enforced logging of details that should be captured but the fact that it isn't is 100% an attempt to cover up any illegal activity going on with their servers/services abd leaving no trail to trace. If this was read for what it really means 'Court orders torrentspy to modify software to capture all connection info', which would be more outside the realm of the court to order, it wouldn't even raise an eyebrow save for the tinfoil hat privacy types. But that is outside the mandate of the court, so they just said what they need and now it's up to Torrentspy to figure out how to do it.

I can see a different problem.

[janrinok]

The ruling is that TorrentSpy must, in future, maintain records of IP information. How is that meant to help prove or disprove the case that the MPAA are trying to prosecute, which must, by definition, have already occurred? This is not discovery - but an imposition on the way the software is to be re-written. Or can the MPAA say that they think that TorrentSpy will commit an offence sometime in the future and they now want to have the means to prove it?

Summary sucks

[WPIDalamar]

The summary of this article sucks, most of the comments here are nothing more than ravings based on a bad summary.

The judge wants them to start logging IP addresses. But a judge can't just order anyone to do anything they feel like, there has to be some precedent or law saying they can. This judge said in legal terms, stuff in RAM is stored data. Then he applied rules based on law that covers stored data.

It's like if a company has a policy to burn documents every night, but the judge orders them not to burn documents until the end of the case. There's no expectation that burnt documents can magically be unburnt.

You CAN Preserve a White Board

[Steve+Hamlin]

Does this mean they can subpoena the contents of the white board in conference nine at 7:23 AM on June the 13, 2005?

YES, if the court gives you notice that you must preserve everything that is written on the whiteboards in all conference rooms, then they will expect you to have it preserved, and produce it when ordered.

Take a picture, log the contents, don't erase it - whatever you need to do to preserve the information. Saying "But I erased it!" isn't going to fly when you are subject to a prior order to NOT erase it.

Why can't the court grasp the transient nature of the content of RAM?

It sounds like the company was saying "But I really don't have it, it's just in RAM". That doesn't mean you don't have the information.

Note that this is a prospective discovery order - YOU WILL HAVE THE INFORMATION IN YOUR POSSESION, I REALIZE IT'S TRANSITORY AND YOU NORMALLY DON"T PRESERVE IT, BUT YOU CAN PRESERVE IT, AND I'M ORDERING YOU TO PRESERVE IT.

What's so hard about that?

Re:Bah, move the servers offshore.

[Original+Replica]

The real definition of sovereignty could very well be "has the ability to successfully defend from outside powers". Superman would be a sovereign individual, not bound to the laws of any country, because no country could enforce those laws upon him. Darfur is not sovereign because they cannot secure the land they claim as there own. So yes you are quite right that the world is divided into two groups, the sovereign countries and the countries who do as they are told. In that light, how could you blame Iran for wanting to have nukes?

Mod parent up

[dlanod]

All jokes about RAM aside, this is the root of what's being said here - the addresses are in RAM, therefore it can be logged (and should be under the directions of the court in this case). They aren't telling them to record all data in RAM all the name, nor are they telling them RAM is a persistent medium.

Re:so hand them a stick of RAM

[Technician]

Make sure the system responds with an error message that explains all this if you try to login as one of the protected accounts...that to login you have to reboot the server.

It might be easer to explain to the judge that sound is a moving pressure wave stored in air for a very short time from the time he says something to the time someone hears it. I need him to preserve the sound waves in his house from yesterday for permanent record. It may contain evidence of a copyright violation.

Re:so hand them a stick of RAM

[delinear]

That's assuming that the MPAA care about sifting that data - it's equally likely they just want to make the process of collecting the data so prohibitivley expensive that TorrentSpy can't continue, or to spread fear in their users that the noose is tightening. If they can achieve either of those aims they won't even need to use the data.