P2P Defendant Destroys Evidence, Case Defaults

neoflexycurrent writes "A court in Texas has thrown the book at a defendant accused by the RIAA of file sharing. The court determined that she had intentionally wiped her hard drive clean, so it entered the most severe sanction possible — default judgment against her. The record companies now just have to ask the court how much they want in damages."

Re:Stupid?

[StrongGlad]

The record companies' expert witness examined her hard drive, and somehow determined that two "disk-cleaner utility programs" (as the court put it) had been used to delete data intentionally. Specifically, he noted that iMesh and BearShare were installed at one time, and were configured to use the handle, "ugotburnedby21".

The defendant's own expert witness, who also examined the hard drive, conceded that data had been deleted, but suggested that a defrag utility was to blame. The court didn't buy this explanation, however.

If you're interested, read the court's order [moxieproxy.net] (please be gentle with my server :-).

crime vs. crime vs. crime

[Denial93]

[sarcasm]Yay for justice![/sarcasm]

When in this sort of situation, it is much more desirable for your evidence to be stolen rather than destroyed. Unfortunately, to fake a burglary (or even get insurance to pay...) is a crime. I'd obviously never advise anyone to commit such a crime, mind you. It is a fact, however, that such a crime will be much, much less expensive than letting the RIAA have their way with you.

Disclaimer: IANAL.

Re:Stupid!

[mseeger]

Isn't it obvious? They couldn't find any pirated files, so she must have wiped it clean!

Just took a look into the court dcouments... Seems they found some more solid evidence. It seems to me that the defendant forgot to clean the Registry properly and they could at least prove the use of the file sharing software with the alleged user name and they could show that files were deleted on certain dates.

Regards, Martin

Re:Stupid?

[gweihir]

The record companies' expert witness examined her hard drive, and somehow determined that two "disk-cleaner utility programs" (as the court put it) had been used to delete data intentionally. Specifically, he noted that iMesh and BearShare were installed at one time, and were configured to use the handle, "ugotburnedby21".

Stupid. If there was anything left to find, or anything hat pointed to when the wiping was done, then the disk was not wiped. More likely this person only wiped specific folders. To say it again: You have to wipe the complete drive. You have to sacrifice your installation. Only then will no evidence be left and no evidence that can tell when the drive was wiped.

Of course this usually applies to protecting confidential data, such as when giving old drives to charity, selling them or discarding them without physical destruction. The "destruction of evidence" is a minor application, but illustrates well what can happen if you use sloppy security procedures.

Re:Any lawyers here?

[Trouvist]

To obtain default in a court situation means that you assert some facts to be true, and the other side has to requit the claims. In this case, the court said "you have the files on your harddrive; give them to use to prove or disprove guilt." She defaulted by destroying the proof of her innocence/guilt. She turned over tampered evidence and therefore destroyed her own credibility.

Re:This seems bogus.

[ray-auch]

Good question. What was it they said to the people who got screwed by Enron again?

They got damages from the directors, and others, (in addition to any possible jail terms). Same with WorldCom.

Most of the settlements were out of court though (eg. http://www.ucop.edu/news/archives/2002/aug27art1.h tm [ucop.edu], http://www.law.stanford.edu/publications/stanford_ lawyer/issues/71/klausner.html [stanford.edu]).

Re:wow

[duvel]

>>Given that the record companies' expert opined that the defendant had downloaded over 200 sound recordings during 2005, those requested damages will probably be substantial. Statutory damages under the Copyright Act can go as high as $150,000 per work infringed, in the most egregious cases.

>200*$150,000 = $30,000,000. Of course, this is just a maximum, but it's still scary.

The minimum penalty is 750$ per song, making for a total of 150.000$ for the 200 songs. I'd say that you don't need to calculate the maximum to become scared.

Re:Umm , I think a completely blank hard drive...

[frogstar_robot]

Exactly. Is it really that hard to find evidence that shows the date of an installation?

Probably. This is why a clean install would be the wrong thing to do. Reimaging a drive would be far more ambigous. What you would have then is a drive where most of the files are before x date. That would be suspicious but not as suspicious as running an OEM recovery CD. I can even think of a way to handle that. You need a script that backdates the clock to the image creation date, touches some appropriate files, forward dates the clock a bit then touches more files. The script will repeat the bump-date-touch-move-forward routine until it reaches the present. The script itself should be run from a CD or other media.

Before reimaging, it would be advisable to overwrite the drive with random number. After re-imaging and date-scripting, the install should be exercised with as many apps run and closed as possible as well and creating a deleting files to create plausible on-disk data structures.

This is why you keep a second boot drive and USEit

[plasmacutter]

Perfect way to avoid detection.

When you get your computer, get a second boot drive and mirror the installation you have.

One random day a week load this second boot drive into your computer and actually USE it for that entire day.

if you receive a subpoena, replace your normal boot drive with your semi-sanitary mirror, bury the original hard disk in a tupperware container someplace really hard to find until they inevitably dismiss your case for lack of evidence.

Re:Any lawyers here?

[voice_of_all_reason]

I think you're confusing the burden of proof (beyond a reasonable doubt vs preponderance of evidence). While the state's standard is lower in a civil case, you are most certainly innocent until they prove otherwise.

At least in theory, which this case demonstrates.

Re:Stupid!

[denebian devil]

What if she had done this before the court order though?

The court order was to sanction here *after* she destroyed the evidence. Once you are made aware that you have been sued in court (i.e. served), you *cannot* destroy evidence that is pertinent to that suit. If the other side finds out you have done this, they can file for sanctions. No court order needs to tell you that this is so, because these are the standing rules of the court (of course different from place to place depending on where you have been sued).

But IANAL ;)

Re:If you want to understand their view

[Anonymous Coward]

Why are you trying to compare art and science to child porn and treasonous documents?

You've taken two points from the GP post and placed them so out of context as to make your whole post meaningless.

Way to further the discussion.

Re:wow

[DaveV1.0]

From the constitution:

To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries;

I notice that it says nothing about earning money. It says one has an exclusive right to the discovery. One may give it away, portion it out to a few, sell it, or hoard it as one sees fit.

Also, the post I was responding to made earning money off of a copy a prerequisit to violating copyright law. It isn't.

Re:Stupid?

[joto]

yeah I've heard of some extreme cases where they were able to swap out the control board with a fresh one to get the data out (if you were hardcore and had access to a clean room you might be able to swap out the platters too)

You consider this extreme? Given todays data densities on hard-drives, even a small piece of a platter can contain lots of data usable to "the enemy". They don't need the whole disk to be put into a standard disk controller to be able to read it. All they need is time, dedication, and the right equipment.

The best way to destroy data on a hard drive is to open it up and smash the platters, if your in a hurry a bulk tape eraser or other large magnetic device is also good.

No, see above. Of course grinding the platters to powder, or melting them, or dissolve them in acid is good enough. A bulk tape erase or other large magnetic device is no good. Sorry, but you just won't find powerful enough magnets in a common household (or anywhere else, outside special laboratories).

The easiest way is to simply overwrite the data with random data many times.

As for myself I keep all my downloads on an external USB 2.0 drive, simply unplug it and poof, it's as if the data was never on the machine in the first place. Of course this is just a happy consequence of my machine, being that it's liquid-cooled two hard drives are mounted to a cooler, I needed more space so rather then ripping one of the smaller ones out I just put it in an enclosure.

So what about cache files, log files, swap space, etc? Sorry, you may feel safer, but you really aren't.

Re:wow

[ahknight]

That's almost correct. If it were not for the Fair Use clause, it would be entirely correct. This is why you can make copies for personal use, that is, such copies that are needed to protect the purchase or to utilize the copy you've been given, or to use it in a more convenient manner. Outside of that basic, implicit grant, it's a copyright violation.

Re:I don't get it...

[Ravensfire]

If you read the court order, the judge noted that the plaintiff's case was largely dependant on the evidence on that hard drive. Without that evidence, the case was significantly harder (if not impossible) to prove. The judge also held that the actions by the defendant were deliberate and that the defendant knew she had an obligation to preserve the evidence.

With all that, it's hard to see how the judge could have done anything other than what he did.

-- Ravensfire

Re:Stupid?

[dgatwood]

Nope. Guilt has no place in a civil suit. In civil suits, you are either held liable or not liable.

This article [darkness2light.org] is a good summary.

Re:What does this teach us all?

[Tim C]

Not that I am advocating such a course of action, but if someone were to do that, they'd have to be careful to maintain a believable usage pattern. If no file has been accessed or modified in months, that's going to immediately ring alarm bells (especially if they have logs from the ISP showing dates and times when the user was online).

Remember that obstruction, pervertinghte course of justice, etc are generally taken *very* seriously.

Re:wow

[Anonymous Coward]

Based on that very simplistic definition, any use of a work in digital form would then be a violation, since copying is necessary step involved in its intended use.

Yes. Unless you have a fair use exemption, or implied consent to use the work by the author. Downloading from a web page is considered implied consent, since that's the point of the web.

Other uses are not allowed, fair use roulette aside.

Re:Stupid?

[kannibal_klown]

I image my harddrives twice after every initial install. Once for the OS and necessary installs (JRE, Textpad, Winzip) and once after I install my office suite and dev tools.

However, there's a flaw with your strategy. Any IT guy worth his snuff will could tell you rolled back.

"Hmm, Mr Anderson I see you installed Windows XP later year. Yet for some reason you installed a years worth of MS Updates yesterday. I also noticed that there are no other files created between last year and yesterday. Per chance, have you rolled back to an image?"

Re:Stupid!

[thparker]

So as a serious legal question out there to people who are in the know, what if the RIAA or MPAA logged my IP address last month and are in the process of subpenoing my ISP? That process can take over 6 months. Are they going to say "He erased his hard drives, so he must be guilty." They can't determine when I erased them, so are they going to claim that I destroyed evidence after I get the letter in 5 months? Can a guy really have a change of heart and do the right thing, only to get more severely punished than if he had kept up the offensive action?

OK, it's Slashdot, so obviously I'm going to answer even though IANAL. I have, however, had work product subpoenaed in cases involving my clients in the past. There is a lot of misinformation in this thread, and confusion about being served, receiving a "court order" and being subpoenaed. Service is a generic term that applies to the process of delivering court documents to a party in the action. It could be the lawsuit itself, it could be a subpoena to appear in court, or it could be something related to document production.

The key here is the subpoena or an anticipated subpoena. A subpoena for document production will specify exactly what you are being asked to provide. Once you've received the subpoena, you are clearly obligated not to destroy any of the requested documents if you have them. You haven't been subpoenaed, so you're clear in this respect. There is a grey area where you aren't permitted to destroy documents when you know there's an investigation. This was a key element in the DoJ's lawsuit against Arthur Andersen for shredding Enron documents -- that they knew that an investigation was being performed and that their responsibility to not destroy documents existed prior to their receipt of the subpoena.

(In case you don't know the whole story -- Arthur Andersen started shredding documents when informed by Enron that the SEC had initiated an investigation and stopped shredding documents the second they received a subpoena. They were convicted of obstruction charges. Those charges were overturned by the Supreme Court on the basis of improper jury instructions. The Supreme Court left open the question of when a company has a duty not to destroy documents. It is safe to say that this obligation pre-dates the issuance of a subpoena in some cases.)

There is nothing illegal about routinely shredding business documents you are no longer using. There is nothing wrong with some guy deleting files from his computer that he is no longer using. The case in this article is about someone maliciously destroying files they knew were relevent to a court proceeding with the intent of obstructing their prosecution. It's a pretty straightforward set of facts and not at all similar to what you've done.

Re:Stupid?

[fireweaver]

Have interchangeable "guilty" and "innocent" disk drives, each of which is bootable. You use your "guilty" drive to download songs and stuff, and your "innocent" drive for everything else. Convert your songs to playable CDs for convenience, and keep the "guilty" drive stowed away out of sight. Keep several other drives (which may or may not be loaded with an OS) laying around as both spares and decoys. When the RIAA comes knocking, go ahead and hand over your "innocent" drive and a couple of the spares and decoys. Problem mitigated.

Re:If you want to understand their view

[QCompson]

Dude, everyone knows the best way to win an argument in the 21st century is to drag in terrorism and child porn.

Example:

Debater A: Drilling in the Arctic Wildlife Refuge is only a temporary band-aid for America's growing energy problem. It will do nothing to stop our dependence on foreign oil.

Debater B: If you are so against drilling in the Arctic for oil, please explain why you want the terrorists to have all our extra oil money so that they can continue to murder innocent civilians. In addition, what about child porn? 5 out of every 4 Eskimo children have been sexually abused due to the thriving Alaskan child porn trade, which exists because Alaskans can't make enough money off of oil revenues. Tell me sir, why do you support terrorism and child porn?

Re:Admission of guilt, or taking the 5th?

[shark72]

On behalf of all Americans, I hereby apologize to the world for our collective utter ignorance of our own laws.

"Why isn't action protected by the 5th amendment??"

This is what the fifth amendment of our constitution states (boldface mine; as our founding fathers did not have a "B" button on their 18th century word processors):

"No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation."

Re:Stupid?

[spamchang]

Given that the plaintiffs had an alleged date of the 'crime,' you'd have to use a hard drive purchased before the date that you were served the summons, evidence request, or such. Furthermore, I presume the hard drive doctors working for the RIAA would be smart enough to look at the timestamp of the software install, etc etc. It'd be really fishy to see "old" files installed the day after you receive the request for evidence. Also, fudging your BIOS clock doesn't work either if you reformat and reinstall, with every file bearing the exact same time/date of creation and a 2-3 year gap between the installation's last accessed date and the current date.

I guess these file deleting utility programs aren't worth their weight in gym socks if the plaintiff experts could dredge up the presence of recently-deleted filesharing programs AND the username associated with their use. Might have been leftover registry entries or unique DLL files...

My guess is that your best solution is to change your username to something very, very common: anonymous. (Something like that.) And then you can just burn your mp3s to CD, flash drive, ANOTHER HARD DRIVE (and don't forget to delete the originals--the deleted data will get written over eventually, and you might be ok). Don't dl directly to the other hard drive unless you can get rid of the programs as well--I'm sure the registry entry that tells the P2P program will clue drive doctors in to asking for the other drive if you don't delete it. But they'll never know if you've burned CDs or copied to other drives AFAIK.

Re:Stupid?

[Anonymous Coward]

The Court Order indicates that they didn't have to prove when the data was destroyed because the Defendant admitted that the deletions ("wiping") took place between certain dates. Instead of arguing about when it happened, the Defendant got too cute, blaming the deletions on a defrag utility, and claiming that the deletions were not intentional. The Court didn't buy it.

you bought a knife...

[Simonetta]

By the same twisted logic, the RIAA could say that since you bought a knife six months ago, then you are responsible for every stabbing in the city for the past six months. Real, serious legal systems have long Latin names and judicial processes for this type of questionable legal behavior. The USA is in the process of going from a judicial system based on 'due process' to one based on financial resources. Trial by money with the more money that you have to 'contribute' to the legal process - how many lawyers and legal services that you can buy - then the more likely you are to have any legal situation decided in your favor.

    Although everyone agrees that this is an undesirable situation, no one seems to be able to halt the process.

    I suspect that people will hire mafia-type organizations to deal with the RIAA. Someone gets a shakedown notice from the RIAA, and they pay $500 to an anti-RIAA mafia group instead of paying thousands to the RIAA. Then this mafia group threatens to use violence against the individual lawyers of the RIAA unless the shakedown case is dropped for the individual who hired the anti-RIAA mafia group. Since the RIAA is simply selecting people at random for extortion anyway, then they will just choose someone else from the phonebook. In this situation, what usually happens is that the mafia group will simply start killing the RIAA lawyers themselves and take over the extortion of the public directly, therefore getting money from both sides of the deal.
File sharing will continue as it always has.

Re:Destroying a hard drive

[WhiteDragon]

In Cryptonomicon, the server was nuked by hackers across the street in a van, with a big EMP cannon. However, as others have pointed out (and was complained about by the owner of the computer in the story), an EMP will fry the electronics without deleting the data. In the story, after the computer was fried by EMP, magnetic loops in the door of the building wiped the drives as the computer was being removed. In reality, no external magnetic or electric field will really affect the data on the platters much, because it takes something like a magnet strong enough to twist the hard drive case before the bits will all be erased. Remember, magnetic fields decrease with the cube of distance, and read/write heads are *very* close to the platter. I think it takes about 12-15 Tesla (an EXTREMELEY powerful electromagnet) to wipe a drive at a distance.

Re:wow

[ScrewMaster]

And the penalty isn't for how many MP3s you may have downloaded to your drive, it is for how many times they might have been downloaded from you..

No it's not. Copyright law precedes the Internet by a couple of hundred years, and those dollar amounts were intended as a deterrent against criminal mass-production and resale of copyrighted works. That's understandable (if ineffective) and fair-use was supposed to prevent individuals from being persecuted by copyright owners. The fact such insane numbers are being applied to individuals is abusive beyond belief. Copyright law is simply not with the times when it comes to modern telecommunications, it just isn't. That judge is full of it ... frankly, I'd like to see his bank account records for the past few months. At what point does Congress wake up and realize that their negligence (if not outright malfeasance: see Hatch, Orrin) is causing a lot of people a world of hurt? Of course, that applies to pretty much everything those pricks do, so I'm not holding my breath.

Did we forget about this?

[LifeNLiberty]

Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.