TorrentSpy Must Preserve Data In RAM For MPAA

Transient writes "Reaffirming a magistrate's earlier decision, a federal judge has ordered TorrentSpy to begin keeping server logs as it defends itself against an MPAA lawsuit. In her opinion, Judge Florence-Marie Cooper interpreted federal discovery rules broadly. ' Judge Cooper took issue with TorrentSpy's argument that data in RAM is not "stored." She noted RAM's function as primary storage and that the storage of data in RAM — even if not permanently archived — makes it electronically stored information governed by federal discovery rules.' Given that TorrentSpy has limited access for users in the US, the ruling may be moot. But it does set a precedent for other, similar cases. 'Under this interpretation, any data stored in RAM could be subject to a subpoena, as at a basic level it is a "medium from which information can be obtained" just like a hard drive. '"

so hand them a stick of RAM

[jollyreaper]

"Funny, the data was in there before I pulled it out of the server."

Re:so hand them a stick of RAM

[DavidTC]

That sounds like a job for SELinux. Lock the system down so hard it doesn't allow root logins at all, and logins under the id that the servers are running under. Have all that become enabled, say, five minutes after boot, or that it starts enabled and must be disabled from the boot command line during boot.

Make sure the system responds with an error message that explains all this if you try to login as one of the protected accounts...that to login you have to reboot the server.

Re:so hand them a stick of RAM

[Technician]

Make sure the system responds with an error message that explains all this if you try to login as one of the protected accounts...that to login you have to reboot the server.

It might be easer to explain to the judge that sound is a moving pressure wave stored in air for a very short time from the time he says something to the time someone hears it. I need him to preserve the sound waves in his house from yesterday for permanent record. It may contain evidence of a copyright violation.

White Board

[pete-classic]

Does this mean they can subpoena the contents of the white board in conference nine at 7:23 AM on June the 13, 2005?

Why can't the court grasp the transient nature of the content of RAM?

-Peter

Silly

[stabiesoft]

Sort of like the uncertainty principle. In order to "store" RAM to a permanent medium, RAM will change to write itself to the medium. This reminds me of when I testified and tried to explain that from a programs perspective, VM looks just like RAM, just slower. I never managed to convince the prosecutor. Clearly the legal system hasn't a clue about tech.

Wait, what?!

If RAM can be subject to subpoenas, and it's illegal to destroy information that may later be subpoenaed, which is my understanding is true thanks to Sarbanes-Oxley, that means that all computers used by all companies must keep a permanent record of the contents of computer RAM at any given time.

I guess it's time to buy stock in storage companies. I wonder if this also applies to cache RAM? There could be an infinite loop in there somewhere...

Need more disk space now?

[weszz]

So... you have to be able to log everything that is in ram as well now

so we need faster processors and bigger hard drives to handle the extra load.

A normal log may not be that big, but when you get to a few months full of RAM logs for a busy server... I think this precedent will get overturned when they find out just what they are asking for.

I want to to write down every single thought you have for the next 10 weeks...

Re:Need more disk space now?

I want to to write down every single thought you have for the next 10 weeks... Boobies.

Re:power failure

[OrangeTide]

There is little doubt in my mind that that is the case. It does not matter what you did, but if it was intentional then it is a very serious crime to deny or destroy evidence.

If you "forgot" to pay your colocation bill and they turned off your servers, that might work. You could claim you couldn't pay the bill because of all the money you are spending on lawyers. :)

Re:Soo....

[MontyApollo]

I think the basic argument is that Torrentspy is saying they can't provide IP addresses because they don't log them, and the judge is saying if they are in RAM then discovery applies and they are required to log them since RAM is discoverable. Basically the judge is tellling them to log the IP addresses and that the argument that they are only stored in RAM is not a valid legal excuse.

Um, isn't this some pretty heavy spin???

[BobMcD]

From TFA:

TorrentSpy fought the MPAA's request, arguing that privacy laws in the Netherlands--where the servers are physically located--prevented it from maintaining and disclosing the logs. The site also argued that the log data wasn't available, since it existed only in RAM, and as such, was never stored.

The magistrate judge didn't buy that argument, and in her opinion reaffirming the magistrate's order, neither did Judge Florence-Marie Cooper. Judge Cooper took issue with TorrentSpy's argument that data in RAM is not "stored." She noted RAM's function as primary storage and that the storage of data in RAM--even if not permanently archived--makes it electronically stored information governed by federal discovery rules. TorrentSpy: "We could log that information, but we choose not to."

Judge: "Choose to do so from this point on."

RAM isn't exactly relevant. This isn't some kind of temporary storage situation. This is a deliberate decision on the part of the software author. Now if you want to claim rights are being trodden upon, be my guest. But claiming that all RAM is now state's evidence is a stretch.

Re:Um, isn't this some pretty heavy spin???

[NeutronCowboy]

I agree that the intent may have been to force TorrentSpy to turn on logging. However, the judgment was written in a very broad fashion - broad to the point that nowhere is it mentioned to "just turn on the damn logging". Instead, it is a ruling that states that data in RAM is governed by federal discovery rules, and as a result, needs to be preserved.

While it is unlikely that always logging ALL data in RAM will become a federal requirement, it is quite possible that this will turn into one of those things that everybody has to violate in order to function. The result of this will be that someone, somewhere will be permanently fucked by a ruling based on this. Yes, the law might be changed after this, but only after someone's life has been permanently fucked with.

Remember the high-school senior who got a blowjob from a 15 year old? He's doing time, because a law designed to catch sex offenders was badly written. The law was changed in response to his conviction, but it was too late for him. He's still in jail, the football scholarship is now out of the question, and he will have a criminal record.

I'm paranoid because too many lawyers and politicians and people in general have abused bad laws for their own gain.

Re:Evidence destruction ?

[sholden]

#include
int main() {
        char buf[255];
        puts("Enter something:");
        fgets(buf, sizeof(buf), stdin);
        return strlen(buf);
}

where on the disk did the contents of buf get stored (assuming we have no virtual memory)?

judges are not dumb

[czmax]

Folks, From TFA, we see the following, "[Torrentspy] argued that the log data wasn't available, since it existed only in RAM, and as such, was never stored". The judge, being nobodies dummy, accurately noted that this isn't an impediment to logging that data in the future and has ordered them to do so. Funny jokes about handing over DIMMs aside this is a totally reasonable concept. How many of you all think it's actually impossible to log a number that is in RAM? Are all you /. l33t programmers incapable of writing a variable out to a file?

This isn't about RAM, folks

[Timogen]

Oh, I'm sure, many of you are going off on this whole RAM thing as if that was the point. What you are missing is that this ruling was meant not really believing that RAM is the key, but the fact of the matter that, for torrentspy transactions, they do not, for just the exact reason this lawsuit began, log connection information, even though that information does pass through the RAM of the system. They focused on RAM as it is, in this case, the only memory device that is realistically capturing any connection information. That connection information is what the prosecution wants. Ergo, this order is, for all intents and purposes, forcing torrentspy to adjust their software to capture the connection information. That's really all it is. The courts, I'm sure, are aware of the transitory nature of RAM, and, through this order, are only addressing that the memory in RAM be captured. The reason they bring this up is because torrentspy, all along, claimed they have no logs that capture connection information, so potential downtheroad supoena's of torrentspy users cannot occur, plsu an audit trail of abuses cannot be captured. This ruling basically says 'Nice try guys, but you now need to close up that loophole'. Seriously, you all go off on the nature of RAM and stupidity of non-technites, but you fail to grasp what this ruling is really about, enforced logging of details that should be captured but the fact that it isn't is 100% an attempt to cover up any illegal activity going on with their servers/services abd leaving no trail to trace. If this was read for what it really means 'Court orders torrentspy to modify software to capture all connection info', which would be more outside the realm of the court to order, it wouldn't even raise an eyebrow save for the tinfoil hat privacy types. But that is outside the mandate of the court, so they just said what they need and now it's up to Torrentspy to figure out how to do it.

I can see a different problem.

[janrinok]

The ruling is that TorrentSpy must, in future, maintain records of IP information. How is that meant to help prove or disprove the case that the MPAA are trying to prosecute, which must, by definition, have already occurred? This is not discovery - but an imposition on the way the software is to be re-written. Or can the MPAA say that they think that TorrentSpy will commit an offence sometime in the future and they now want to have the means to prove it?

Re:Soo....

[MMC+Monster]

How about if they have the contents of ram printed to paper every time the ram is refreshed.

The cost of paper may build up to something considerable after the first couple seconds...

Re:Bah, move the servers offshore.

[hardburn]

According to United Nations Convention on the Law of the Sea, passed in 1982, does not allow artificial islands to become sovereign nations. Sealand may have a valid claim to sovereignty before 1982, but any new attempts at creating a new nation will have to be based on a natural land mass.

RAM log

[noidentity]

Your honor, a tiny portion RAM log of the time in question

2007.08.28 15:40 set bit 1243434
2007.08.28 15:40 set bit 1243435
2007.08.28 15:40 cleared bit 1243436
2007.08.28 15:40 set bit 1243437 ...

Obviously guilty!

You CAN Preserve a White Board

[Steve+Hamlin]

Does this mean they can subpoena the contents of the white board in conference nine at 7:23 AM on June the 13, 2005?

YES, if the court gives you notice that you must preserve everything that is written on the whiteboards in all conference rooms, then they will expect you to have it preserved, and produce it when ordered.

Take a picture, log the contents, don't erase it - whatever you need to do to preserve the information. Saying "But I erased it!" isn't going to fly when you are subject to a prior order to NOT erase it.

Why can't the court grasp the transient nature of the content of RAM?

It sounds like the company was saying "But I really don't have it, it's just in RAM". That doesn't mean you don't have the information.

Note that this is a prospective discovery order - YOU WILL HAVE THE INFORMATION IN YOUR POSSESION, I REALIZE IT'S TRANSITORY AND YOU NORMALLY DON"T PRESERVE IT, BUT YOU CAN PRESERVE IT, AND I'M ORDERING YOU TO PRESERVE IT.

What's so hard about that?

Re:Evidence destruction ?

where on the disk did the contents of buf get stored (assuming we have no virtual memory)?

It's impossible to say because your seven line program contains at least one bug. (I'm assuming that the presented program is C and not some imaginary language).

Firstly, although you've correctly specified that main() should return an "int" you are actually returning a value of "size_t" which may or may not be defined as "int", depending on the platform. Secondly, you haven't checked the return value of fgets(). On error, fgets() returns NULL. This isn't necessarily the same as the nul character so depending on the platform, strlen() may fail (possibly even catastrophically on certain machines, such as the DeathStation 5000).

You've used the strlen() function without including its proper header.

Lastly, although this isn't really an error but it does demonstrate your inexperience, you have enclosed "buf" in parenthesis in the sizeof expression. Remember, sizeof is an operator not a function. The only reason you would ever use parenthesis in conjunction with sizeof is if you were asking for the size of a datatype. For example "sizeof(int)" or "sizeof(*char)". Using parenthesis any other time would be equivalent to expressing a simple sum as "(1) + (2) == (3)". Not incorrect, but pointless.

A more correct program might be...

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
 
int main(void)
{
        char buf[255];
        int n
 
        n = puts("Enter something:");
        if ( EOF == n )
          exit(10);
 
        n = fgets(buf, sizeof buf, stdin);
        if ( NULL == n )
          exit(20);
 
        return (int) strlen(buf);
}

Remember, C isn't for amateurs. That's why high-level languages were invented. To demonstrate how difficult it is to effectively program in C, I've deliberately left a bug in of my own as well as a potentially confusing design issue. See if you can find them.

Re:Bah, move the servers offshore.

[mcpkaaos]

You would drown. That's why so many of us live on land.