Court Rejects RIAA's Proposed Protective Order

NewYorkCountryLawyer writes "You may recall that a few weeks ago the Court rendered a detailed decision providing for safeguards in connection with the RIAA's proposed inspection of the defendant's hard drive in SONY BMG Music Entertainment v. Tenenbaum. The decision instructed the RIAA to submit a proposed protective order consistent with the Court's decision. The RIAA submitted a proposed protective order yesterday, which attracted some thoughtful commentary by readers of my blog, but today the Court rejected the RIAA's suggested order, explicitly rejecting many of the 'enhancements' included by the RIAA, including production of 'videos' and 'playlists' which might be found on the hard drive. Instead the Court entered an order the Court itself had drafted. The Court explained that 'the purpose of compelling inspection is to identify information reasonably calculated to provide evidence of any file-sharing of Plaintiffs' copyrighted music sound files conducted on the Defendant's computer. Once this data is identified by the computer forensic expert... any disclosure shall flow through the Defendant subject to his assertion of privilege and the Court's authority to compel production, just as disclosure would occur in any other pre-trial discovery setting... (1) As should have been clear from the Court's May 6, 2009 Order, although the Plaintiffs may select experts of their choosing, these individuals are not to be employees of the Plaintiffs or their counsel, but must be third-parties held to the strictest standards of confidentiality; (2) the inspection is limited to music sound files, metadata associated with music sound files, and information related to the file-sharing of music sound files — it shall not include music "playlists" or any other type of media file (e.g., video); (3) the Examining Expert shall be required to disclose both the methods employed to inspect the hard drive and any instruction or guidance received from the Plaintiffs.'"

Whoa!

I typed some queries for lyrics into Wolfram alpha, and now they have to fight the RIAA!!

Re:Whoa!

[HermMunster]

The plaintiff has always had the burden of proof. It must show by a preponderance of evidence. This is a solid decision and it shows the RIAA that they should have to work for their supp.

Re:Whoa!

[TinBromide]

Not precisely. Preponderance of evidence is forced upon the recieving party. I've been involved with cases where preponderance of evidence against the plaintiff got cost shifting, though most of the time its the plaintiff saying "Yeah Huh!" and the defendant replies with the ever so eloquent "Nuh Uh!".

Yes, that's how court cases go, there's a bunch of briefs, responses, and arguments that ammount to "Yeah huh!" "Nuh uh!" "But he started it!", and so on. They get more wordy than that, but that's all it boils down to.

Re:Whoa!

[Shadow+of+Eternity]

This man speaks the truth. With the exception of evidence a civil case is literally "He did X Y Z and it hurt me!" on one side and "Didn't do X, don't know anything about Y, Z's their fault" on the other side.

Or alternatively you could imagine two four year olds fighting but very well dressed.

An educated judiciary

[actionbastard]

It seems as though that the judges in these cases are becoming more educated as to the technical aspects of this case and P2P filesharing in general. This can only mean that the RIAA's tactics will be scruntized more closely by the court than ever before. This can only be a good thing for defendants in these cases. If the defense prevails, this is the start to the end of this mess for once-and-for-all. Thanks to NewYorkCountryLawyer for keeping us on top of this.

Re:An educated judiciary

[NewYorkCountryLawyer]

It seems as though that the judges in these cases are becoming more educated as to the technical aspects of this case and P2P filesharing in general. This can only mean that the RIAA's tactics will be scruntized more closely by the court than ever before. This can only be a good thing for defendants in these cases. If the defense prevails, this is the start to the end of this mess for once-and-for-all. Thanks to NewYorkCountryLawyer for keeping us on top of this.

This judge seems to be much more on top of the legal issues than she was in the early years. For 4 years she presided over uncontested cases. Then when some lawyering finally appeared for a couple of Boston University students named as "John Doe" defendants, and briefed some of the flaws in the RIAA's cases, the judge seemed to become more vigilant. It all proves the point that we have an adversarial system; the judges usually rely on zealous, competent lawyering from both sides. When one side can't afford to get good legal representation, the judge doesn't get to see the whole picture.

There have been a couple of judges who refused to rubber stamp the RIAA's chicanery --Judge Arterton in CT, Judge Brewster in CA, Judge Kelley in VA, Judge Otero in CA, and several judges in Austin TX come to mind -- but usually it doesn't work that way.

Re:An educated judiciary

[actionbastard]

When one side can't afford to get good legal representation, the judge doesn't get to see the whole picture.
True. However, one of the primary responsibilities of any member of the bench is to see that the rights of the accused are protected, above all else. "Better to see ten guilty men go free than to see one innocent man convicted." Those that fail to do so are not upholding their responsibilities and will be either reversed on appeal, or should removed from the bench. It is entirely within the discretion of any judge to bring to the attention of the accused that they might not be properly represented and that they should seek better counsel; even if their lawyer is one appointed by the court.

Re:An educated judiciary

[QuantumG]

Ya.. except that these are civil cases and so there is no court appointed lawyers.. As for judges telling you that you've got shit representation, that would require some kind of objective measure of copyright lawyer quality and seeing as no-one understands copyright law, not even the judges, that aint gunna happen.

Re:An educated judiciary

[martin-boundary]

That would be like saying you can't assess the quality of a basketball player unless you understand exactly how he does his thing. You don't really need to understand copyright law before you can make a quality assessment.

Here's a simple suggestion if you want to compare lawyers: keep a set of win/lose statistics for all copyright cases, for each lawyer in this specialty.

Here's a simple suggestion if you want to ensure "fairness": Let both sides choose their lawyers, then have the judge flip a coin and swap the lawyers and clients pairings if the result is heads. That way, each side gets the best lawyers on average.

Re:An educated judiciary

[anagama]

To be fair, you can't judge all lawyers by a metric as simple as win/lose. Some lawyers take on cases that they are almost certainly going to lose, maybe many such cases for many years, in an attempt to change the law itself or for reasons such as fairness. Such lawyers may be quite excellent, yet have a quite pitiful win/lose ratio. For example, the civil rights movement certainly involved many worthy cases destined to lose against unjust laws. The lawyers who fought those battles weren't bad lawyers simply because they lost -- they didn't have a snowball's chance of winning. It's a rare person who'll put their heart into a fight knowing they'll be savaged in the end merely because it is the right thing to do.

Even in very well settled and not terribly controversial areas of the law, there are certain types of cases which are simply more likely to be lost. For example, criminal defense. Many excellent lawyers lose many cases in such a practice. By the same token, if a prosecutor loses many cases, you have to wonder about his/her skill.

Re:An educated judiciary

[tebee]

You know, I can't help wondering if if Judge Gertner is following NYCL's blog and taking notice of some of the more insightful comments there?

Re:An educated judiciary

[NewYorkCountryLawyer]

You know, I can't help wondering if if Judge Gertner is following NYCL's blog and taking notice of some of the more insightful comments there?

Well there are those who have said that the best thing about my blog are the comments. And I will say that the comments on the RIAA's proposed protective order were very helpful to me, and for the most part very well thought out.

Wow, the RIAA is bad at this

[TinBromide]

Any lawyer that can't come up with a production order that sticks to court ordered criteria should be sanctioned on the spot. I.E. you have a list of things that your order MUST satisfy, yet you think that there quite a bit of flex in it. Its like getting a shopping list with milk, eggs, butter, bread and coming home with cheese, quiche, marjoram (not margarine) and chips. How daft must the RIAA lawyers be to do this? In my experience as a COMPUTER FORENSICS EXPERT I have never seen attorneys flaunt a court order and attempt to come up with new criteria. I guess I'm in the wrong circuits.

Re:Wow, the RIAA is bad at this

[TinBromide]

PS, its sad that I was modded funny, but my post wasn't written to be funny. I guess that's just the state of things with the RIAA where a semi-lay person's translation of an asinine situation gets modded funny...

Re:Wow, the RIAA is bad at this

[NewYorkCountryLawyer]

Any lawyer that can't come up with a production order that sticks to court ordered criteria should be sanctioned on the spot.

I agree with you. I would come down very hard on attorneys who try to game the system as the RIAA's attorneys do, were I a judge.

Re:Wow, the RIAA is bad at this

[morgan_greywolf]

I agree with you. I would come down very hard on attorneys who try to game the system as the RIAA's attorneys do, were I a judge.

Is this your unofficial campaign announcement for federal circuit judge, Ray? I'd vote for you!

Re:Wow, the RIAA is bad at this

[Zordak]

That's cool, except there's only one vote that counts when electing a federal judge. And the evidence points to him being pretty firmly in the pocket of Big Media.

Re:Wow, the RIAA is bad at this

[rozthepimp]

Regarding your comments re the filings of RIAA lawyers, the oldest /. expression comes to mind - "You must be new here". The unbelievable filings of HRO, Dwyer & Collora, and their predecessors over the last few years leads to the conclusion that there are a lot more bottom feeder law firms out there than anyone in the practice of law would like to admit. As someone who left the law profession a few years ago, I can say now that IANAL, but the inane motions/filings on behalf of the record company plaintiffs truly stagger the imagination. As far as I can tell, the only qualification to act as a plaintiff lawyer in these cases is that the you must suck it up and write as dictated by Matt Oppemheim. So the law firm must balance their reputation and bad PR against the fees.

Re:Wow, the RIAA is bad at this

[belmolis]

What do you think they were up to in trying to get access to videos? I can imagine why they might want to see playlists, but videos can't possibly bear on the RIAA's case since they don't represent video owners. Are they in cahoots with the MPAA? Fishing for something embarassing ("The defendant is obviously a scumbag: we found 'Debbie Does Dallas' on her hard drive.")?

Re:Wow, the RIAA is bad at this

[NewYorkCountryLawyer]

What do you think they were up to in trying to get access to videos? I can imagine why they might want to see playlists, but videos can't possibly bear on the RIAA's case since they don't represent video owners. Are they in cahoots with the MPAA? Fishing for something embarassing ("The defendant is obviously a scumbag: we found 'Debbie Does Dallas' on her hard drive.")?

That's an easy one:

1. Fishing (maybe they can find some music videos, maybe they can find something the MPAA can use, etc.)

2. Blackmail (in a Tennessee case they got a copy of the guy's hard drive, were allowed to rummage through it, found some legal but pornographic videos, and used them to blackmail him into a settlement).

Re:Wow, the RIAA is bad at this

[Runaway1956]

"Are they in cahoots with the MPAA?"

Belmolis, there is at LEAST one blonde in your immediate family? And, you are having a blonde moment, right?

That top-secret ACTA treaty that Obama refuses to allow the public to see? Guess who DOES get to see it? http://www.boingboing.net/2009/03/14/partial-list-of-corp.html#previouspost

Basically, every inbred fool with a few million dollars worth of "Intellectual Property" is allowed input in this treaty, but the common man, and human rights activists seeing the same treaty would be bad for national security. Yes, all the inbreds are sleeping with each other.

Re:Wow, the RIAA is bad at this

[NewYorkCountryLawyer]

Your likely right with the videos, and as for play-lists, I am guessing it makes finding deleted data a lot easier if you know the track name that will be neatly in the ID tag within the start of the file. Means the person can be "done" not only for what they have on their computer, but what they had on their computer as well. I am guessing it would be a pretty big thing to someone if, questionable, content were found on their drive, and they were told that it had been found, and would be entered into public court documents, might make a person real eager to settle a case. My opinion of them just reached a whole new order of low, knowing that they have done such a thing, and of the legal system for letting that happen ;(

Barny, here's my blog post about the Tennessee case in which they purposely sought to, and did, humiliate a member of the armed services by making a public record of some off color videos he had on his computer. After they'd made the point, and made a public record of the whole thing, they thereafter moved to strike their own irrelevant disclosure. But not until everybody who knew the army sergeant in question knew his embarrassing secret.

I don't care how low your opinion of them gets, you should always make room for it to get lower.

OK, now what...

[weaponx71]

SO, someone scans the drive, maybe comes across a few music files. They log said files and each file might have meta data information. But what about file sharing data? Does the fact that I have uTorrent ensure a copyright infringement or me a distributor? Do such programs keep logs of all the files shared or distributed? And what would be in the meta data that would also label me as the above mentioned. If any music files WERE found then if you can produce the original disk great, if not then your up the creek with out a paddle I guess. I am glad to see the RIAA not get their way on this front. Letting them choose the company would have been WAY out of line and far to great a possibility of abuse. Also glad to see a court that actually seems like it knows what it is doing.

Re:OK, now what...

[TinBromide]

Digital forensics is a touchy mistress. The best they can come up with is uTorrent or other filesharing client data, i.e. you can read in the registry or configuration files where the shared folder is. If files are in the shared folder, you can say they were being shared. Some really nice (for forensics analysts) software keeps a log of when the software was started and shut down, if the creation time of a file falls within the log, you can add up the time and say that the client distributed that file for the duration that the logs said the software was active. Its up to the plaintiff to disprove that allegation, but he said she saids very rarely end up in court the way you'd think.

You can also find all the .torrent files and say that those files were downloaded, and uploaded as a side effect of how p2p software works. I think that the playlists and other info has nothing to do with the case at hand. If someone says they rip all of their CDs to their computer and has the hard copies (or receipts) to prove it, there is nothing the RIAA can do. However, if the remnants of file sharing data (share ratios, shared folders, seed status, etc) says that they ripped songs and then shared them, the plaintiffs may be in trouble.

Remember, the RIAA may be saying that downloading is illegal, but they're prosecuting based on unauthorized distribution laws (uploading).

Re:OK, now what...

[sumdumass]

Remember, the RIAA may be saying that downloading is illegal, but they're prosecuting based on unauthorized distribution laws (uploading).

There is nothing in the copyright laws to date making downloading illegal. It all pertains to unauthorized copying and distribution outside of fair use (fair dealings in other countries).

This is something that has extremely irritated me about the **ia's for a long time. Now when you download something, you might be causing something to be copied but technically speaking, it's the distributor's system making the copy on demand.

Re:OK, now what...

[NewYorkCountryLawyer]

When you load it into RAM, you have made a copy for purposes of copyright law.

That is simply not true. See, e.g. the Cartoon Networks which held that copies in RAM and buffered for 1.2 seconds were not in RAM for a long enough period to be considered "copies" under the Copyright Act. I personally think that copies which exist only in RAM should not be considered copies at all, but we would need the Supreme Court to reach that question to know for sure.

Re:OK, now what...

[happyslayer]

Here, here. As someone else who works with digital forensics, I agree--it's a "touchy mistress" that has been abused all to hell in the RIAA cases. As a casual observer to the whole *IAA thing, it looks as if they were pushing sloppy, shoddy work on the court as an airtight case...and it's catching up with them.

Since the standard practices of digital forensics are fairly common, accepted, and (to techies) obvious, you would think that they would take the time to do the job right, push through those cases that cemented their reputation as solid litigators; their reputations would have preceded them, and they could have had a few big-time early successes to browbeat future defendants.

Instead, my horseback opinion is that they decided to go for quantity over quality. Judges and defendants rolled over under a wave of "techie-stuff", because it sounded good. But Media Sentry (or whatever they are calling themselves now, or whomever the RIAA is using), kept getting caught doing short-cut work, and the plaintiffs kept running with it (probably knowing it was crap.

Now, everyone is getting comfortable with terms like "forensic copying," "hashes", "ip addresses", and "p2p software." And those previous cases are looking weaker and weaker.

Sorry for the rant; as someone who works in the evidence field (and takes pride in doing it right--not fast or biased), I applaud NewYorkCountryLawyer's work on this, and I'm glad a lot of bad courtroom maneuvering is getting exposed.

Re:OK, now what...

[ScrewMaster]

I personally think that copies which exist only in RAM should not be considered copies at all

And that's the truth. I mean, if you want to carry this to the point of logical absurdity (something the RIAA does on a regular basis) the wires leading from a phonograph's cartridge through the amplifier to the speakers are transiently storing a portion of the copyrighted signal.

Re:OK, now what...

[vux984]

When you load it into RAM, you have made a copy for purposes of copyright law. When you write it to disk, you have made another copy.

Check section 117 of the copyright act. It explicitly sanctions copies made to and from memory etc that are created 'as an essential step in the utilization'. So no, if you buy a copy of a program, you are sanctioned BY LAW to install it to the hard drive and run it in ram without needing express license from the rights holder. And its not a case of 'fair use' either, its a provision enshrined in the copyright act.

That said, section 117 specifically applies to 'computer programs'. But honestly 'computer program' is a pretty blurry target. After all, suppose I argue that an MP3 isn't a computer program because it must be 'played back' by another piece of software. But then, that is true of a python script or a .net application too.

And conversely the internal structure of an mp3 file is a series of mp3 headers and data blocks, this is analogous to a series of commands and the data they are to be acted on... which is pretty much what a computer program is.

The fact that we typically view pdfs and mp3s as data vs programs is really, at the technical level, pretty arbitrary. Its not hard to imagine that we could build a machine that ran either as "programs".

And I suspect that even without the "mp3s are programs too" argument, that MOST (not all, but most) people including legislators, judges, and juries, would all agree that the spirit of section 117 should apply to all digital media, not just 'computer programs' (whatever exactly that might be limited to).

After all, a modern CPU should be expected to make copies of the media in Level1, 2, 3 cache, and main memory, as well as some of it maybe ending up in swap, or on the disc during sleep/hibernate, or possibly DMA transferring it to buffers on the audio chipset to... and it does all this copying even if you play the song back directly from the CD. (And this series of copies might well occur if you play the disc on your bluray player or car audio deck instead of your PC too.)

And worse, in the process it transforms it from MP3 to WAV, and then applies some algorithm to turn the stereo into 6 channels for your 5.1 speaker setup... in other words it creates an unlicensed derivative work too... oh the horror. :)

In any case, I think we don't have to worry overly much about this.

Re:OK, now what...

[NewYorkCountryLawyer]

Here, here. As someone else who works with digital forensics, I agree--it's a "touchy mistress" that has been abused all to hell in the RIAA cases. As a casual observer to the whole *IAA thing, it looks as if they were pushing sloppy, shoddy work on the court as an airtight case...and it's catching up with them. Since the standard practices of digital forensics are fairly common, accepted, and (to techies) obvious, you would think that they would take the time to do the job right, push through those cases that cemented their reputation as solid litigators; their reputations would have preceded them, and they could have had a few big-time early successes to browbeat future defendants. Instead, my horseback opinion is that they decided to go for quantity over quality. Judges and defendants rolled over under a wave of "techie-stuff", because it sounded good. But Media Sentry (or whatever they are calling themselves now, or whomever the RIAA is using), kept getting caught doing short-cut work, and the plaintiffs kept running with it (probably knowing it was crap. Now, everyone is getting comfortable with terms like "forensic copying," "hashes", "ip addresses", and "p2p software." And those previous cases are looking weaker and weaker. Sorry for the rant; as someone who works in the evidence field (and takes pride in doing it right--not fast or biased), I applaud NewYorkCountryLawyer's work on this, and I'm glad a lot of bad courtroom maneuvering is getting exposed.

Thing is, the RIAA's "junk science" never gets challenged. Here are the statistics for ~40,000 cases:

1. Number of times the RIAA's "investigator" and sole witness has been deposed: 0

2. Number of times the RIAA's expert witness has been deposed: 1.

Re:OK, now what...

[Zordak]

I'm well aware of section 117. It was a direct response to the holding that a copy in RAM is a copy of the program. But I disagree that it applies to an MP3 file. The canons of statutory construction would require you to give the term "program" its ordinary meaning in most cases. So if you're in court arguing the "spirit of the law" (or in other words, begging the court to exercise its equitable powers), you've pretty much already lost the case. And the law is full of "fuzzy lines" where we are required to (and do) classify things. I think MP3s fall firmly on the "data" side of the line, even if it's sometimes fuzzy. And finally, even if you somehow manage to convince a judge that section 117 applies to an MP3, it expressly only applies to the "owner of a copy." If you downloaded an MP3 illegally (which is what the GP was talking about), you are not the owner of that copy. So section 117 does not apply to you.

Re:OK, now what...

[QuantumG]

Yeah, there's earlier precedent that "copying into RAM" isn't making a copy for copyright purposes.. the DMCA even tries to make it explicit by saying that copies made in the normal running of a program are not copying for copyright purposes.. but this doesn't stop every fucking lawyer from trying to pull this shit every time they want to stop people from running programs in ways their client doesn't like. The recent abomination of Blizzard vs Glider is a prime example. The amble precedent and the explicit codification in law of "intermediate copies" being innocuous didn't stop the judge in that case ruling in favor of Blizzard. Watching copyright court cases and watching Texas Hold'em Poker is a similar experience, both a boring as hell until the end and all the commentators are no better than random guessers..

Re:OK, now what...

[RWarrior(fobw)]

> > When you load it into RAM, you have made a copy for purposes of copyright law.
> That is simply not true. See, e.g. the Cartoon Networks which held that copies in RAM
> and buffered for 1.2 seconds were not in RAM for a long enough period to be considered
> "copies" under the Copyright Act.

There is now a circuit split on the issue. See M.A.I. Systems Corp. v Peak Electronics, 991 F.2d 511 (9th Cir. 1993), where the appeals court held that a copy of software loaded into RAM does qualify as a copy under copyright law. While not related to music specifically, a good researcher might turn this case up and make your life miserable. The changes to the Copyright Act that overturned this decision provided an exemption for repair shops, but did not invalidate this interpretation of "copy."

As a side note, Peak Electronics was unable to appeal this to the Supreme Court because they ran out of money. I was on the staff at an electronics servicer's trade association at the time.

Re:OK, now what...

[RobertM1968]

1. Number of times the RIAA's "investigator" and sole witness has been deposed: 0

2. Number of times the RIAA's expert witness has been deposed: 1.

The day the RIAA and their minions burn in hell: priceless

Re:OK, now what...

[PeterBrett]

The fact that we typically view pdfs and mp3s as data vs programs is really, at the technical level, pretty arbitrary. Its not hard to imagine that we could build a machine that ran either as "programs".

Don't forget that some files almost always considered as data -- PostScript files -- literally are programs. They cannot be viewed or printed without being executed.

There are, of course, many other examples.

Re:OK, now what...

[L4t3r4lu5]

If you were to take the fraction of a second of audio "stored" in the wire between the stylus and the amp, and the amp to the speakers only, would it be recognisable as a portion of the copyrighted work?

Would the 1.2s of audio stored in RAM be recognisable?

This question also would cause issues for any company which used anti-skip technology in a portable CD player (play from cache), up to 10 seconds of audio in a lot of cases. That would be MORE than recognisable.

Re:OK, now what...

[dkf]

I personally think that copies which exist only in RAM should not be considered copies at all, but we would need the Supreme Court to reach that question to know for sure.

I'd hate to want to argue that since it is possible to construct a device which would hold persistent (at least on the scale of weeks) copies of media files purely in RAM, perhaps by mounting a ramdisk and preventing that memory from being paged out to disk. To me, it is the purpose of the copying that is important; if it is just a normal technical part of the process of playing that media file (assuming that the originating copy of the file has been legally acquired) then it is a clearly fair use, whereas putting it up on a website (however implemented) is a clearly unfair use (again, with some basic assumptions).

Thoughts....

[cbiltcliffe]

If they're only allowed to examine music files, then what if:

You came up with your own file extension (eg. .ffm - file for music) and renamed all your mp3's to .ffm.

Then, configure Windows to open .ffm files with WMP, Mediamonkey, or whatever.

A forensics expert isn't going to have the option of booting the Windows install on the HD, and since .ffm isn't a standard music file, and they can only examine music files, you've just completely hidden all your music from investigation.

Not secure, by any means, but I can't see how they'd get any evidence without breaking the court order.
And then, you can prove they broke the court order, because everything they claim was an mp3 file was examined thinking it wasn't an mp3 file.

Interesting, no?

Re:Thoughts....

[TinBromide]

Oldest trick in the book. Change .jpg files to .doc or .xyz and the FBI won't think to look for your CP in those extensions? Not exactly. Modern forensics software looks at the first 4 bytes of a file and can tell you what kind of file a piece of data declares itself as. If you change one or all of those bytes but some forensic software can do a data-carving and pull out multi-media data from a hard drive, revealing all of your miley cyrus mp3s.

Re:Thoughts....

[CountOfJesusChristo]

I just tried this on Ubuntu, and the file was still recognized (mime-type definitions include more than file extensions in Linux, such as file headers, etc). So if they're booting into a Linux live session, this would presumably fail as an evasive technique.

Re:Thoughts....

[Darkness404]

Not really. I can take the same CD and have an infinite amount of MD5 hashes due to the file format (for example a 96KBS MP3 will be different than a 256Kbs MP3, a 96KBS OGG will be different too, etc). But as another poster said, most forensics software looks at the header and can quickly determine the file.

Re:Thoughts....

[fuzzyfuzzyfungus]

Your general point, that a variety of techniques that would qualify as obfuscation or even steganography, could be used to evade this search is perfectly valid.

However, I don't think that "they can only examine music files" means what your post suggests. A file is just a collection of bits. To know what it is, or what it isn't, you have to examine at least part of it, there is no alternative. You can look at the file suffix, you can look at the magic numbers, you can look for distinctive attributes of a given file format, you can draw other inferences(Hmm, I see a "Black Sabbath" directory, with a "Paranoid" directory inside it and, inside that, 8 ".doc" files that have well formed ID3v2 tags... What a coincidence...).

Any file that doesn't appear to be music related would be inadmissible as evidence, and the forensics guy would be, arguably, guilty of misconduct if he poked any further than necessary to determine that a file isn't music; but it wouldn't stop him from checking each one. I'd be analogous to a court order to look for ransom notes you had written: Letters to your grandmother would be out of bounds; but that wouldn't mean that you could make anything inadmissible just by writing her address on the envelope.

Re:Thoughts....

[T+Murphy]

renamed all your mp3's to .ffm

They violated the court order, your Honor- there is no way they could have known C:\music\Beatles\Sgt._Peppers_Lonely_Hearts_Club_Band\Lucy_in_the_Sky_With_Diamonds.ffm was a music file!

Re:Thoughts....

[cbiltcliffe]

But in this case, the forensics expert isn't allowed to look at anything but music files.

So looking at this four byte header for every file on the computer is obviously looking at more than music files.

This isn't the FBI we're talking about. Sure, if they're looking for terrists, they'll look at everything on your drive, and damn whatever the court says.

But this is the RIAA's chosen forensic expert, who's been given strict orders to not look at anything other than music files.

If they can't tell if it's a music file without examining the file, then they're screwed.

Re:Thoughts....

[actionbastard]

Simply changing the ID3 info for the file will change the hash.

Re:Thoughts....

[__aasqbs9791]

Would it really? I mean, even a simple search for *.mp3 would technically look at every single file, it just responds with the ones that have that extension. So greping through the first 4 bytes over every file isn't really that different. Yes, you have to open the file, rather than just looking at the inode (or equivalent) but I doubt a judge would see it differently if an "expert" said this was the only way (though I suppose the defendant's expert witness could argue differently. I doubt the judge would really understand the difference as most people haven't the foggest as to what the diff is.

Re:Thoughts....

[Repton]

So, you're going to give your music files obfuscated names and locations? You'd better not import them into WMP or iTunes or any other media player with a database, otherwise the investigators will just look there to find out where the files are. Better clear your "recently played" lists from your media player, too, and take any shortcuts off your desktop.

...I mean, WTF? How much value do you put on your time and frustration? Just buy the bloody stuff already!

Re:Thoughts....

[sumdumass]

Not really. The forensic expert wouldn't technically be looking at anything the software doesn't pin as a music file.

The software can anonymously (can't think of the word I want but this is close enough) scan through each file and only log or flag the ones labeled as music then after a more thorough check, report only what is music files as to what the case is about. The forensic expert will by the very nature of the game need to look at files other then what is ordered in order to make his report. What he can't do is list any files not in the order nor disclose any information about them.

Imagine if I told you to pick me out of a crowd. You would have to look at other people to find me. Not even if you used facial recognition software, you would still have to look at other people to find me. It's the same in the forensic world, however, you wouldn't be allowed to identify or report the identity of anyone else in the crowd if the judge made a similar order to your searching just for me. The order won't defeat the technical aspects of the search, just limit the disclosure and discovery of anything not outlined in the order.

Re:Thoughts....

[Zordak]

It's not the forensic expert looking at the files. It's an automated tool. Carried to its extreme, the same logic would say the tool can't look at the filename. The tool has to look at all the files. The person only gets to look at the ones that are music files.

Re:Thoughts....

[eosp]

echo > ~/this-is-an-illegal-music-file.mp3

Their program scans for anything with an mp3 extension. It finds this. Hey look, it's not music. Look how that would turn out.

Re:Thoughts....

[sumdumass]

If he can't read it then he can't read it. Of course he might report the procedure incomplete because of file encryption and the judge might look at it with skepticism.

However, I have seen several replies about obfuscating the files in some way and your suggesting encryption. The problem is that having the files in the computer in and of itself isn't against the law or against what the lawsuit is about. what is at question is whether or not the files were being offered to anyone else and whether or not anyone else got them (distribution and copying outside of fair use). Your not really going to be able to share files that are encrypted unless you decrypt them or the partition they are on first. No one looking for Britney Spears latest hits will be looking for .doc or .ffm or .whatever files, they will be looking for a known file type by extention so they can use it.

Now here is where the problem with these overly complex schemes come up. If your using true crypt to hide a sharing folder/partition, there will be markers in the file sharing software pointing to the directory and flags will be raised when everything is encrypted and the forensics software can't access it. If you download to a specific folder and then move it to another or change the file extension, there is/could be a good chance that a deleted file will remain in either meta data on the file system or it's actual content would remain as the file is rewritten from memory. I would hope that people know by now that a deleted file isn't actually deleted and secure erasing becomes more difficult with large drives and Logical Block addressing where the firmware on the drive controller interprets the file positions and acts as a middleman to the operating system (some of which has been addressed with native 48bit addressing in the IDE controllers). Most modern multiuser file system will also load a file into memory from the dive and instead of appending the existing information,>/a> it actually rewrite the file to another location and mark the old file as deleted.

But to make obfuscating the files more complex, when you down load something to your encrypted location, the file doesn't directly go there. it goes to a temporary location to be reassembled first then copied over to the correct location. This could leave remnants of the files on the disk directly and/or possibly in the swap file that could be seen later with the correct tools. There for a while, people were able to pull credit card information entered into web browsers for online shopping from swap files on computers even after a couple of reboots. Also, the code for the true crypt could be stored in the swap file too and with the right tools, access and used to decode your super secrete partitions.

Here is a brief article describing some of the places you should look to cover your ass with if your that concerned. Keep in mind that many applications keep their own cache which can expose information on it's own outside of the ones mentioned. Most P2P software will have a cache of torrents being served, it may also keep a history of them that can come back to bite you. Normally people won't have the means to be this thorough but the judge required a forensic examination buy the experts of the RIAA's choice which pretty much assures you that they will go that far considering the other lengths they have went to.

Re:At what point....

[krlynch]

It's covered as a "derivative work", transcoding is clearly a derivative in this sense, and you would be screwed :-)

17 U.S.C. Â 106) provides:

        Subject to sections 107 through 122, the owner of copyright under this title has the exclusive rights to do and to authorize any of the following: (1) to reproduce the copyrighted work in copies...; (2) to prepare derivative works based upon the copyrighted work; (3) to distribute copies...of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending....

It is hard to see how transcoding or quality degradation would satisfy any of the "transformation" or "fair use" exceptions.

Re:That sounds reasonable...

[Tanktalus]

Just out of curiosity,Ray, if one were so inclined, how could an individual (or group) file an amicus brief with a court? Is there a boilerplate example to reference?

IANAL, but it goes something like this: first, you hire a lawyer...

Re:That sounds reasonable...

[NewYorkCountryLawyer]

Just out of curiosity,Ray, if one were so inclined, how could an individual (or group) file an amicus brief with a court? Is there a boilerplate example to reference?

There's no such thing as boilerplate, the way I look at it. Legal documents have consequences, and need to be drafted with reference to the situation at hand. I have actually submitted an amicus brief, and a revised amicus brief, in this very case, on the subject of the due process evaluation of the RIAA's statutory damages theory. Here and here.

Wow! "Metadata"!

[Bob9113]

A judge used the term "metadata" correctly. That is a good technical concept to grasp. We geeks and our friends like NYCL (who may also be a geek - not trying to exclude) have been bandying it about for years, but to 99% of the population it is a pretty foreign term.

Each example like this implies that the judicial is growing more familiar with technical concepts. That makes me happy. :)

When the court and plaintiff clash...

[erroneus]

It never bodes well. I remember when Microsoft was giving the EU court hell behaving as if it were a US court where they can appeal everything ad infinitum and eventually end up with whatever they want AND an official apology to boot.

But here it's the plaintiff and the court butting heads. I'm not a lawyer... definitely not. But I have got to say, that when you give the people who are making a decision either for or against you a difficult time, it can't be terribly wise... it just can't be. Even the lay-people know the courts systems aren't completely fair. What manner of arrogant do you have to be to behave in this way?

Re:When the court and plaintiff clash...

[gordguide]

" ... Even the lay-people know the courts systems aren't completely fair. What manner of arrogant do you have to be to behave in this way? ..."

Why, that would be "RIAArogant.

Re:That sounds reasonable...

[Jah-Wren+Ryel]

There's no such thing as boilerplate, the way I look at it. Legal documents have consequences, and need to be drafted with reference to the situation at hand. I have actually submitted an amicus brief, and a revised amicus brief, in this very case,

Great! We can we can just cut-n-paste yours and fill it in with our own points.

Re:That sounds reasonable...

[NewYorkCountryLawyer]

There's no such thing as boilerplate, the way I look at it. Legal documents have consequences, and need to be drafted with reference to the situation at hand. I have actually submitted an amicus brief, and a revised amicus brief, in this very case,

Great! We can we can just cut-n-paste yours and fill it in with our own points.

Thanks for bringing a smile to my weary face. You deserved your "Funny" mod.

Re:That sounds reasonable...

[RobertM1968]

Ray, something else to add to your arsenal (I mentioned here elsewhere). The existence of a "shared" directory does not mean anything was or could be shared with various BitTorrent clients. Various I have used require a shared directory set, but then allow a user to either (a) not actively share it (it exists, it can be shared later, but it isnt currently being shared), or (b) set the upload rate to zero while still "sharing" it (ie: aint gonna do a thing at 0bps even though it is "shared").

Methinks in many cases, the **AA should thus not be able to rely on the existence of a shared folder (and/or it's contents) as any sort of indication of sharing. And of course, as you have probably already thought of, even if shared, it gives no indication that the files in question were in such a folder when it was being actively shared.

I'd think the most the RIAA could prove from a shared folder is that the folder exists, it has certain content in it and... hmmm... well, that's it without actual proof that the torrent client actually shared anything.

Playlists aren't music

Someone plugs in their iPod to your system, you play their music off it, the iPod goes away with the music still on.

No copyright infringement.

Entry in a playlist.