Judge Says RIAA Can't Have Hard Drive

NewYorkCountryLawyer writes "A Texas judge has refused to allow the RIAA untrammelled access to the defendant's hard drive in SONY v. Arellanes. The court ruled that only a mutually agreeable, neutral computer forensics expert may examine the hard drive, at the RIAA's expense, and that the parties must agree on mutually acceptable provisions for confidentiality."

Precedent - Probable Cause?

[SonicSpike]

So, does this shift things back to a higher level of probable cause now? Or is that even relevant in a civil case such as this?

My suggestion...

[chill]

An open-source program along the lines of "file" that can identify file types. It can scan the drive and output and matches to music files. Those are the only files they get access to at all. No documents, pictures, movies, programs or anything else.

RIAA defence?

[whoever57]

Here is a thought:
Always buy used drives: never new.

Then, if one has to surrender a drive for discovery, point out that deleted files could have been created and deleted by the prior owner of the drive.

Only because it's costs them real money up front

[Alcimedes]

Up until now the RIAA has been living off of lawyers who are working off of retainers. Now that they'll have to shell out a grand or so to "inspect" someone's hard drive for stolen works it should get interesting. How eager will they be to charge 100 people if each one is going to run them $1,000 up front?

They don't need to use the courts...

[Anonymous Coward]

When a certain **AA which deals with movies sued me, they wanted access to my server and all of my computers. I gave in to the server bit, under supervision - I was innocent after all - but didn't let them touch my home machines (again, I am innocent and these requested searches were prior to going to court).

What they did instead was hack my HTTP daemon, FTP daemon or some Windows vunlerability on my one Windows machine (HTTP and FTP installs both admittedly being out of date), install some server scripts to download / edit / see my files, and eventually use those scripts to install a rootkit or trojan on the machine. If they hadn't done that last step, I may have never noticed. After looking at my web server's access logs, they were certainly poking around in places that they had no business being in. I mean, apart from poking around in the first place... but I don't think files with names like 'bank.txt' and the like are any of their business.

How do I know it was the **AA? The investigator they had who scp'd my entire /home and /var/log from my server under the guise of investigation had the same IP as in those access logs. I'm baffled at why he didn't even attempt to cloak it.

I don't see the RIAA stepping down with this court decision. If this guy primarily uses Windows, they can just do what was done to me. And if they don't find anything, they can surely plant it.

(posting AC becuase the lawsuit is still in the works) - captcha: sneakier

Sounds like..

[Ten24]

Who does this really side with? The RIAA or the individual? Does it not give more concrete evidence against that individual if files are found by a 3rd party? You would think any files 'found' by the RIAA would not hold up well in court. What about files that were deleted long ago, how about used HDDs that have previous owners files on them? Sounds like the RIAA would have to request files from very specific dates and times to me.

Re:RIAA defence?

[maeka]

Here is a thought:
Always buy used drives: never new.

Then, if one has to surrender a drive for discovery, point out that deleted files could have been created and deleted by the prior owner of the drive.

While that might get you off the hook in a criminal case, this is a civil case, where the burden of proof is substantially lower, I can't imagine such a defense working unless your lawyer has the jury in the palm of their hand already. I think the odds of finding the files as described by the RIAA on a computer located by IP address are slim enough that such a defense wouldn't fly even in a jury trial.

Re:They don't need to use the courts...

[artifex2004]

I hope you countersued. Sounds like they were contaminating evidence and also possibly stealing computer resources if they ran anything themselves. The last is probably a crime, not just a civil matter.

How Are The Funds Dispersed, Once Won?

[CheeseburgerBrown]

When the Empire wins the LUCRETIVE CASH SETTLEMENTS from these actions, how do they disperse them to the artists?

Do they toss the money into a general bonus slush fund meated out in infinitessimal slicettes to each artist their various members represent? Like, does Michael Jackson get 0.0001 cents for every suit settled?

Or, conversely, do they pass the money on directly to the artists whose songs are found to have been shared? In this scenario they would audit a defendant's hard-drive, find lots of Madonna songs, and then give Madonna her share of the bounty.

If so, they should be making available these backdoor sales for the purposes of inclusion in music charts. Like the Pirate Top 10.

(I know, I know -- some folk'll cry foul and claim that that sort of thing would only encourage illegal filesharing 'cause the cool kids are doing it, but those people should take their beef up with Sweden, first.)

From this point of view the lawsuits could be seen as friendly, random audits to pay for shared songs. If the artists were compensated in direct relation to illicitly shared tracks found, it becomes a kind of sale. Totally legit -- like a kind of anti-lottery.

Then the government could tax it and we could all get on with our business.

Re:Okay...

[NewYorkCountryLawyer]

1. I commend you on reading the documents. That's impressive.

2. They accused her, in boilerplate, of downloading, distributing, and/or making available for distribution.

3. In fact all they had is a screenshot indicating that somebody using that dynamic IP address had a shared files folder, which the RIAA considers 'making available for distribution' or 'distributing'.

Re:This sounds like a good precedent

[shmlco]

And no, it's not flamebait, it's the truth. Want cheap music? Buy used CDs from the local record store or half.com for pennies on the dollar, and toss the disc into a box in the garage.

It's cheap, legal, and if you get accused just bring in the box and dump it on their desk...

Re:Money can't buy love...

[TheRaven64]

I don't know about the USA, but in the UK things get interesting when one side calls an expert witness. If the BPI (the British version of the RIAA) call an expert witness who backs up their case then there is an assumption that the witness is biased, and the defendant is allowed to bring in their own expert. Ideally, both experts will agree on the evidence and it's then up to the court to interpret the evidence. If, however, the defendant doesn't bring their own expert then very little, if any, weight is given to the prosecution's expert.

linux firewall question

[jt418-93]

so i had a though. say i have a linux firewall box that sees the world, all my windows boxes are safely behind it. if they request the computer attached to the ip, would that not be my linux box, with nothing but the firewall on it?

just a question

Re:RIAA defence?

[kthejoker]

I'm sorry, but the RIAA has been found guilty of price fixing twice in civil court. A buck a song is outrageous given the low overhead of online hosting + the fact that iTunes is making large bundles of money off music produced 10, 20, 30, and even 50 years ago. To suggest somehow $1 is the appropriate value for these songs is ridiculous.

Put plainly, market forces have not been put into play in an effective manner, primarily due to ITMS' DRM restrictions and the popularity of the iPod.

Anyone with any sort of music habit - indeed, any one who is remotely interested in listening to any music at all that you can't find on the radio dial - shouldn't have to rack up $50 *a month* to buy DefectiveByDesign, limited, controlled digital files.

Frankly put, $1 for 3 minutes of pop bliss isn't worth it. I would gladly - gladly - pay 15 cents for a permanent copy of, say, Duran Duran's Girls on Film. Maybe even 25 cents. That's tops, though. Without market forces (ie basic supply and demand curves), the RIAA is simply stagnating. They're relying primary on a paradigm shift which has moved the demand curve inwards quite a bit, but structurally they're treading water, and artists are getting turned off by that in a big way.

Re:woo, guess a few judges have read the law

[Short Circuit]

I manage a student-run pc clinic [grc4.org]. Earlier this year, we had a woman call us who wanted some forensic analysis of her hard drive done. The chief of our campus police was queried, and we were told in no uncertain terms that we were not to attempt forensic work, as the moment we touched the drive, any information on it would be unusable in court.

Of course, I wanted to know more, so I found out a few things about computer forensics as it applies to hard drives. First, every single step taken with the drive has to be documented, for review and potential dispute by experts hired by whoever would want to dispute the results. Second, merely mounting the hard disk may write data to it, making it useless as evidence. And there are other issues.

If the RIAA is being allowed to present their own analysis of the hard drive in the first place, they're being held to a very high standard when it comes to documenting not only the evidence they uncover, but what tools and procedures were used, who performed them, even who was in possession of the drive before it reached the lab.

If they're providing their own forensic evidence, that evidence can be put under very close scrutiny by any lawyer with the sense (and funds) to bring in an independent expert. And if even one of the defendants has an expensive enough lawyer who pulls in an expert who finds fault with the work of the RIAA's expert, RIAA's expert's work will come under fire in all of the cases.

In short, I expect the RIAA to behave itself. They won't fudge or falsify evidence; the stakes (the outcome of virtually every one of their civil infringement cases) are too damn high.