Slashdot Mirror
Court Sets Rules For RIAA Hard Drive Inspection
NewYorkCountryLawyer writes "In a Boston RIAA case, SONY BMG Music Entertainment v. Tenenbaum, the Court has issued a detailed protective order establishing strict protocols for the RIAA's requested inspection of the defendant's hard drive, in order to protect the defendant's privacy. The order (PDF) provides that the hard drive will be turned over to a computer forensics expert of the RIAA's choosing, for mirror imaging, but that only the forensics expert — and not the plaintiffs or their attorneys — will be able to examine the mirror image. The forensics expert will then issue a report which will describe (a) any music files found on the drive, (b) any file-sharing information associated with each file, and any other records of file-sharing activity, and (c) any evidence that the hard-drive has been 'wiped' or erased since the initiation of the litigation. The expert will be precluded from examining 'any non-relevant files or data, including ... emails, word-processing documents, PDF documents, spreadsheet documents, image files, video files, or stored web-pages.'"
Starring Buck Naked.
If the entire hard drive was secured with something like TrueCrypt, could you be compelled to turn over the password?
Anyway, does stuff like this matter much anymore? I thought more and more convictions were based on ISP logs instead of hard drive searches these days...
This makes way too much sense.
Just because my PDFs play in winamp doesn't mean they're music files!
the encryption keys for the hard drive?
(c) any evidence that the hard-drive has been 'wiped' or erased since the initiation of the litigation.
Just curious: Let's say someone wanted to do just that - wipe or erase the hard drive since the initiation of the litigation.
Theoretically, couldn't a person just set the BIOS clock to a date and time prior to the legislation, do multiple shreds and formats on the HDD, reinstall the OS with the BIOS clock still 'in the past', and have it seem as though nothing changed since the initiation of the litigation?
It would seem to me that if the BIOS clock was set to a prior point, that everything else on the HDD would follow. The BIOS clock has no intuitive knowledge of time, it only knows what it's told.
All theoretical, of course. No one would actually do such a thing, of course...
I suppose the same could be said if the defendant got to choose. Seems like they should have to pick from a list of approved providers, as determined by the ruling judge.
The expert will be precluded from examining 'any non-relevant files or data, including ... emails, word-processing documents, PDF documents, spreadsheet documents, image files, video files, or stored web-pages
So I should be OK if I put my music collection in my CP folder?
So if I change the name from file.mp3 to file.pdf, they won't find it?
What if I attach all my mp3 files as email attachments and send them to myself and delete the originals?
From now on, all of my MP3s will be embedded into PDFs.
You never expect irony, do you?
Want to be a professional wrestler? Visit www.iyfwrestling.com
@iyfwrestling
While I admire people fighting the good fight, this is EXACTLY what makes court so dicey. If you get some judge with his head up the RIAA's ass and you are going to lose no matter how good your case is. The PROPER thing to do in a case like this is to have both parties agree on who examines the drive. One more thing, five days doesn't seem like a lot of time to examine a tech report for improprieties.
=Smidge=
Is it just my observation, or is eldavojohn an idiot?
"computer forensics expert of the RIAA's choosing"
Oh, so we're in safe hands then.
The "forensics expert of the RIAA's choosing" pretty much negates all other protections in this order. That's like telling me "You can't peak into my email" then saying "But you can have any one of your best friends peak, with no supervision."
SJW: Someone who has run out of real oppression, and has to fake it.
This makes way too much sense.
Nope. Letting the RIAA pick the "forensics expert" does absolutely nothing to ensure that a fair and impartial expert is chosen. I'd think all that would do is make it very easy for the RIAA to set up a forensics lab of their own that could potentially plant evidence on the mirror copy. Then what do you do? They could always claim that your copy, which is minus the planted evidence, was "tampered with". I see no good out of this, but if NewYorkCountyLawyer disagrees, I would welcome an opportunity to be educated out of my error here.
> (c) any evidence that the hard-drive has been 'wiped' or erased since the initiation
> of the litigation.
So as long as you wipe or erase the hard drive before litigation begins, or before you become subpoena'ed (aware of the litigation), you're protected if you destroyed any evidence of your activities?
Perhaps a VMWare or other virtual operating system is in order then. Download, burn to optical, revert the guest image.
Perhaps NewYorkCountyLawyer could confirm the viability of this method?
Something about not being forced to testify against yourself. No sense in leaving your equipment capable of testifying against yourself either.
This is like setting limits on how strip searches should be conducted, or defining what limits one should use for "aggressive" interrogation.
The best approach is not to go there in the first place.
Nearly fifty percent of all graduates come from the bottom half of the class!
Only outlaws will steal
Error: "It's been 1 hour, 3 minutes since you last successfully posted a comment"
Just because it CAN be done, doesn't mean it should!
I would guess the penalties for the destruction of evidence and the manufacturing of new evidence would land you in significantly more trouble, no?
Court orders to search hard drives aren't right - they're not even wrong.
If you get a warrant to search my house, you search my house.
No court believes that it would issue a single warrant to search part of my home, part of my business and parts of my friends' and family's homes.
But a warrant to search my hard drive is exactly that.
Restricting this search to the forensics expert of the MAFIAA's choosing but not allowing irrelevant info to pass on to them is exactly offensive and ridiculous. I'm frustrated my own following hyperbole, but I am so angry, this is the only metaphor that I can find - the beat cop gets to exercise the right to search everyplace you've been with a single warrant, but don't worry, he'll only tell the detectives about the stuff he found that's relevant.
The fucking MAFIAA's cases isn't one of governmental high crimes or misdemeanors, neither is it one involving a criminal case - it's a fucking civil case. How dare any court in the land grant such a mind-numbingly offensive violation of one's constitutional protection of privacy in a fucking civil case?
Pathological kinda promises Path + Logical - but instead, you get stuck with pathetic.
After all, it is already illegal for Best Buy employees to search my hard drives for software, music, images, porn, etc. and make copies of said information to keep them on a centralized file server in their store for all the techs to peruse at will. But wait, it happened anyways en masse, didn't it?
So this provides legal protection from authorities "stumbling across" other illegal files (child porn, warez, etc) but it does little to protect privacy beyond that (trade secrets, private/original music and/or speech recordings and the like). And I find it wonderful that the RIAA gets to select the parties that peruse said information, as opposed to a neutral third party. Smells like an arrangement that could easily be abused.
As I read various comments, people are suggesting ways to thwart the attempt of a forensics expert to determine if certain files are present on a person's drive.
Which is amusing because numerous posters make the claim that they are doing nothing wrong when they get a piece of music for nothing.
So, if they're doing nothing wrong, why all the suggestions on ways to hide what you're doing?
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Thurr and Mite! :)
What if I'm pirating music videos?
get some thermite, glue it to the top of your harddrive with a fuse connected to the cover on your PC case, if not opened properly the harddrive melts...
Politics is Treachery, Religion is Brainwashing
1. download music, movies
2a. rename all media files to doc or xls
OR
2b. zip files (possibly encrypt)
3. beat court case b/c forensics find no mp3,mp4,aac,wma,wmv,mov,avi,etc
4. profit
seriously?
I see a lot of 'The RIAA will cheat if they get to pick!' posts. But the order says a 'forensics expert' and not just any random person the RIAA picks. I would -hope- this means someone with a license that can be revoked if they are found to be corrupt. If so, it doesn't really matter who the RIAA picks because the person would soon be out of work if they didn't hold to the law.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
I see this as good news.
The best news here is that this shows that the court system and the judges understand what computers are and how they are used and are at least making an effort to deal with the case in a balanced way. Sure, computer forensic evidence has become routine in the last few years but there have still been plenty of RIAA cases where the handling of the defendant's property is remarkably cavalier.
The RIAA, despite their myriad flaws, are entitled to their day in court. If procedures are balanced and remedies are fair, then I believe that the RIAA's corporate sponsors will quickly decide that the game isn't worth the candle.
The copyright statutes and the discovery procedures are the law of the land whether we like them or not. The injustice and unfairness early in the RIAA campaign came from the lack of due process, the flimsy evidence and weak cases, and the threats of draconian penalties. It's getting better, and every positive step brings us that much closer to closing this dark era in the history of the legal system.
http://en.wikipedia.org/wiki/Bush_White_House_e-mail_controversy
why can't it work for you?
of course, wiping your disk after start of litigation opens you up to destruction of evidence
so all you have to is structure your attitude towards the courts, and the nature of how you wipe according the RNC playbook, and you can should be able to give yourself enough plausible deniability to let yourself off the hook. "whoops! how'd that happen?"
pirates should learn from the best crooks, the past administration, when it comes to the destruction of electronic evidence
or i suppose there exists some sort of double standard between the elites and the commoners in a country supposedly standing for western liberal ideals about fair play and equality? naahhhh...
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
If they're not allowed to analyze PDF or DOC files, then just store the MP3 files with a PDF or DOC extension, or conversely develop a PDF or DOC wrapper around the audio data.
The easiest thing would be to drop the files into a Word document as an embedded binary attachment.
Why not run all your P2P in a VMware image that's been encrypted with Truecrypt. This image could be placed on an external drive. When the RIAA shows up, just disconnect and bury the vmware drive.
Secondly, is it considered destruction of evidence if I run a registry cleaner, temp files cleaner (like CCleaner), use the free space wipe features of CCleaner, and defrag my drive via a scheduled task?
while prohibited from examining other files, an anonymous tip of CP is called into the police, who do their own full investigation, which is then subpoena'd by the RIAA ...
or better still, the forensics experts leave some CP behind, return the hard drive, THEN call in the tip..
His name was Robert Paulsen.
"By the way, when you copy a file across a file system, from one drive to another, it gets a new creation time, so if all the files were "created" on a single day, that was when they were migrated over."
Not on a Windows system it doesn't. The only time you get a new date on it is when you download from an external system, or you manually change the date/time stamp.
Now me? All my music files (all legal, btw) are already on a USB portable drive anyway, because it takes 15GB off the active drive I need the space on. And my wife's machine? Re-loaded with WIN XP PRO over the top of WIN XP Home about a month ago. Memory chip went bad, and garbled part of the registry - right after I got a full backup of the files.....
So, how are we going to certify Forensics experts? Obviously the Anonymous Coward above wants to be one, but certainly doesn't qualify, if he makes such a basic mistake. (And to double check, I tried it just before I posted this message. Copied a file to another dirve and it retains the 2008 creation date).
How would the forensics expert know any given MP3 he finds is illegal? Between online music stores and CD-Ripping, he could very well find 1000 MP3s, and every last one of them be legal.
your signature should totally be in the latin
"Ego sum rex Romanus et super grammaticum"
Check out my sysadmin blog!
Wouldn't that be good that people switch to some sort of encryption to store their music/pr0n/ripped stuff library???
That should fix your problem.
What if you regularly erase your free space and all the MRUs? It'd be easy to delete the evidence and wipe the recycling bin. I guess if you normally wipe, you are automatically guilty? Most things I read are about people wiping the whole drive. I use CCleaner, and use 3 passes over everything when I empty the recycling bin. My temp files are deleted every evening. I guess this would be "incriminating behavior"?
http://xkcd.com/538/
The issue is who is called in as expert. Remember, the RIAA "analysis" was considered acceptale until some capable people started to cast a critical eye over their statements..
Insert
A matching md5 check sum alone don't mean squat. It is entirely possible for two distinctly different files to have the same check sum. Just because I have files that have md5 check sums that match pirated files does not mean that my files are pirated.
Well, if the next Lovelle Mixon illegally shares MP3s, maybe we could fine him.
What about ID3 tags?
Perhaps NTFS maintains a "hidden" timestamp of the last file change activity, like Unix's ctime (which you ordinarily don't see in a directory listing unless you use a special command argument to "ls")?
Any clauses in there about how far to bend over and if/how long to hold onto one's own ankles?
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
A good & stealthy way for said forensics expert to acquire new music and other media of ill repute for his/her personal use.
Encryption, Obfuscation, hot swapping/off site storage and my favorite an all RAM drive with a power off kill switch, sorry, all the shits just GONE asshole!
I killed da wabbit -Elmer Fudd
In a civil proceeding they probably could not compel you to give up your password. That wouldn't stop the civil case however. The judge would probably rule that your failure to give up the password was equivalent to an admission of guilt and the RIAA would win by default.
> MediaSentry's president himself testified in the Canadian case, BMG v. Doe, that you would need to play the song files to know if they are infringing song files.
That's not completely true, but you'd have to have the file metadata to prove it. Unfortunately, the citations are offline, but at one point MediaSentry & MediaDefender hid some things in the file size and file hash that would allow them to recognize their own (and each other's) files without downloading them.
IIRC, it was a hash divisible by 137 and a file size divisible by some other number (which only applied to the last file in a collection, if there was more than one). They've probably changed this by now, though.
Mind you, I'm sure they weren't too eager to mention this in court. And they could always claim that it was still accurate because there could be infringing files that somehow accidentally looked like the fakes (you're dealing with a 1 in 137 chance for that hash, so it's not exactly unlikely).
But they do have SOME idea which are which. I don't put it past them to sue you over their own fakes, though. I wish the MediaDefender leaked emails were still around. If they were, I could give you a citation.
Here is the testimony of MediaSentry's president in BMG v. Doe.
Ray Beckerman +5 Insightful
I have ebooks and software on my hard drive. Making a mirror of that drive would make copies of these materials. This would violate the ebook publisher's rights and violate my EULA for most of the software. If the court orders this copy of my hard drive to be made for the benefit of the RIAA, shouldn't the RIAA have to pay the ebook publishers and software owners for these copies? Shouldn't MS sue the RIAA if there is a Windows OS being copied?
Overwrite your entire mp3 collection with the sound of somebody taking a crap. Of course each of those files should be of different length and each mp3 should be somebody else taking a crap. The end result might be madonna taking a crap, michael jackson taking a crap, etc.
In court you could then claim you collect sounds of various famous persons taking a crap in various stages of their life.
Is there a linux live cd that will boot and set up a bit torrent client that runs exclusively in a RAM disk? This way, the only time a file would be moved from ram to hard drive is when it is a complete finished product. There would never be any evidence of file sharing on the computer because all programs would be on a separate CD and all the file sharing info would be lost when the computer is shut down... This is a bit of an pain but it guarantees always having a clean hard disk...
And do you really think that the RIAA will be bound to obey court rules?
RIAA: "Your Honor, we found a resume stored as a PDF file that conclusively proves that the defendant was at the address during the time in question."
Court: "You were not supposed to be looking for anything except music files and P2P programs."
RIAA: "Sure, sure, but now that we found it we want to admit it to really screw over the defendant because our fishing expedition has paid off."
Court: "And why do you think I would ever allow that?"
RIAA: "You've already took the totally tainted evidence from our illegal investigator Media Sentry, so why are you suddenly getting all prissy about it now?"
Court: "Okay, go ahead."
This is why you should never let the RIAA image your hard drive under any circumstances. Once that horse is out you can never truly close that barn door again. Better to tell people on Craigslist to come and steal your computer than to turn it over to those RIAA bastards.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I think that was Media Defender.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
No, it was MediaSentry.
Read the deposition (pdf) if you don't believe me.
Interestingly, MediaDefender just bought MediaSentry from SafeNet.
Ray Beckerman +5 Insightful
What's a good, free cleaner for Windows to wipe all current unallocated file space - and preferably deleted files names as well? The court may have said you can't inspect any .doc files, but when you look through that unallocated space there is no longer a file type associated with it, allowing that slimy RIAA to read all the .tmp versions of your .doc, .pdf, .eml, and every other prohibited file type. Cleaning unallocated file space should be part of everyone's general housekeeping.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
The expert must check for root kits, back doors, bot nets, and other means by which somebody other than the owner could control the computer. Only amateur thieves would let evidence accumulate on their systems. The pros will use hijacked systems for their P2Ps, so that when the RIAA/MPAA track down IP addresses it leads to a patsy, not the culprit in charge of the operation.
Apparently the defendant still has the machine, and the forensics guy is supposed to check for evidence of wiping. Also, read those others in the list, he's only supposed to look at "music files."
So what exactly is this evidence of wiping? If it was my HD, there'd be none. It would be a nice, innocent looking windows install with some bs word files, and maybe pirated software. Pirated material not relevant to the case, but not looking like I've removed everything either. So basically, you can't prove what bits someone did or did not have without a panopticon.
Nice, then this is just another exercise in witch hunt asshatery with evidence quality rivaling the Inquisition. At least with a robbery you have a surveillance video, which is not exactly trivial to forge. In something like a real estate dispute, even though paper is easy to forge, you can cross check claimed documents with what's on file at a government office somewhere. This calls in people to testify who, barring some massive, convoluted, ridiculously circuitous conspiracy, have no reason to lie, and who are circumstantially independent. So that scrap of paper sitting in the county filing cabinet is still much better evidence that what some random dude who knows nix claims is on a HD, because of the different context of the situation.
But this? There's no way of reliably accounting in a court of law of what those bits were at time t, never mind what they represented. Even if you were to get 2 independent experts to rule out outright forgery, it still doesn't cover meaning of the files. You either have to have blind faith in the defendant, the plaintiff, or the Expert.
But if top40song.mp3 is found on this drive, well whatever. If not, well, they're already asking for something as impossible as evidence of having been wiped in the past. How long until a fuzzy jpeg of you and your family MUST mean that it's steganographic? People talk about how trueCrypt's hidden volumes can give you plausible deniability, as if this is better than just an obvious single level encryption. If, in that situation, they forced you to decrypt it, or else, then what makes you think that in a situation where you truly had nothing on there that they would ever be satisfied?
Expert: It's clean sir, the only music is chord.wav and such.
Plaintiff: No, these kids today are using that steno stuff, it's gotta be on there somewhere.
Replace Expert with delusional-CSI-wannabe, Plaintiff with Prosecutor, and music with kiddie porn, and it doesn't look pretty. This arms race is going to lead these types of cases into assumption-of-guilt-land.
Oh, and btw, assuming somehow you could find evidence of previous wiping, well bfd. I'm about to reinstall windows on one of my disks (games), and I'll wipe and zero it first. Wtf is that supposed to show anyway? I can see certain elements within the establishment considering all this with only one thought: Prolem-Reaction-Solution, Trusted Computing to the rescue.
Billy Brown rides on. Yolanda Green bypasses Gary White.
> You can name a file anything you want and its content based md5 will stay the same. Also, you can rename a .doc and the first 4 bits of the file will still reveal it as a jpeg. Every piece of modern
> jpeg to a
> forensics software is capable of doing the above, and most do them automatically.
It's a bit silly, but since Word docs are OLE Compound Documents, you could write a -very- simple vbScript macro what would create a Word doc with the same name, doc extension. Then the script could embed the mp3 in the doc, save and close, and delete the mp3.
It would take a while to run, but it would make the file a true Word doc and still leave the mp3 trivially recoverable.
I would expect it would have a good, if not certain chance to prevent detecting the signatures.
So the RIAA is going to copy his files to see if he copied thier files?
what, like nixon?
i don't think you have the faintest clue what "sovereign immunity" means. perhaps you saw it as a plot twist in a bad hollywood movie. try educating yourself in reality next time
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Take my situation. I do a lot of volunteer work for LGBT organizations and things like it, and hence regularly receive e-mails from people who may not want them revealed to others. Yea, e-mail is insecure and I don't keep it longer than necessary and so on... but the people that send us this stuff can often be tech illiterate, desperate and don't know where else to turn. To expect of them to be experts on information security before seeking advice is not sensible.
Now this court is essentially saying that I'm going to share a bunch of very sensitive and private info (think HIV status ) about completely innocent people because the plaintiff SUSPECTS that I MAY have done something wrong? I have this slight inkling that if they tried that over here I would have problems recalling the pass-phrase for my full drive encryption. At least I don't live in England where even THAT is illegal.
http://slashdot.org/comments.pl?sid=1221343&cid=27831925