Should RIAA Investigators Have To Disclose Evidence?

NewYorkCountryLawyer writes "A technology battle is raging in UMG v. Lindor, a court case in Brooklyn. The issue at hand is whether the RIAA's investigator SafeNet (the company that acquired MediaSentry) now needs to disclose its digital files, validation methodology, testing procedures, failure rates, software manuals, protocols, packet logs, source code, and other materials, so that the validity of its methods can be evaluated by the defense. SafeNet and the RIAA say no, claiming that the information is 'proprietary and confidential'. Ms. Lindor says yes, if you're going to testify in federal court the other side has a right to test your evidence. A list of what is being sought (pdf) is available online. MediaSentry has produced 'none of the above'. 'Put up or shut up' says one commentator to SafeNet."

Disclose Evidence?

Maybe they are as they generally have no evidence anyway...

Disclose to defence at least

While they certainly don't want to disclose anything, they will probably be forced to disclose it to defense, so claims can be validated and/or rebutted properly. Otherwise it's the same claim as SCO -- "I have tons of evidence you did very bad thing, but I won't show it to anyone, not even a judge"

Extortion

Without disclosing the hows, it would be extortion- otherwise I could sue you for taking my content and say, well my proprietary ways say you did, so pay up!

'proprietary and confidential'

Yeah I saw him kill her and recorded it on my camera, but im selling the footage so its...
Well I'm innocent and i have a video to show it but its...
I cant disclose what guns i had in my possession at the time of the murder as my guns are...

Theres no way something is too 'proprietary and confidential' to show a court of law!

No, they shouldn't

But neither does the judge/jury have to consider the RIAA's claims that they have evidence but won't show it.

Similar to Drunk Driving defense...

I remember a similar argument being used a while back by people convicted of drunk driving. They argued that their defense required access to the technical information about the breath-a-lizer, including the source and testing documentation.

If I remember right the judge in the case (Florida AFAIK) ruled in favor of the defendent. If the Breath-a-lizer company didn't turn over the requested documents, the defendent was off the hook. Don't know if the case has been overturned though.

Re:Similar to Drunk Driving defense...

I'm not sure it's the same case, but in the one I read about, the company that produced the unit was required to turn over the source code for independent verification and analysis. Apparently, it was a joke ... with comments like "this section is just for testing and shouldn't be shipped", with some major design flaws as well. It didn't even do a proper baseline measurement, and it's results could have been off by something like +/- 50 percent or something like that. I should go Google that case and see what eventually happened with it.

In any event, proprietary software shouldn't be when people's lives are on the line. That includes losing judgments on the order of a quarter million dollars (as happened in a recent RIAA case.)

Re:Similar to Drunk Driving defense...

Breathalyzer source code in criminal trials has come up on /. [slashdot.org] a few [slashdot.org] times. If you ask me, this sets a precedent that the "propriety technology" excuse can't be used to limit a defendant's right to examine all evidence against him/her. However, those were criminal cases, perhaps civil law doesn't follow the same legal precedents?

Of course, how else can the evid. be valid?

How can evidence be considered valid if the source of how it is obtained is not disclosed?
If this was anything except technology, the judge would laugh them out of the court.

Policeman: "He was going 11MPH above the speed limit."
Judge: "How were you able to do that?"
Policeman: "Sorry, but that's proprietary information. If leaked, it would damage our ability to catch speeders.

This has been tested on a slightly different case. Florida police can't use breathalyzers without providing the source [news.com]. Unless you can show that there is no trickery in your technology, it shouldn't be held admissible in a court of law.

Re:Of course, how else can the evid. be valid?

These legal claims by the RIAA just blow my mind. I'm in the physics community, and I'm just trying to picture how these type of statements would play out in my arena.

Me: ...and as a result, we have discovered [blank].
Physicist in audience: Sorry, can you explain your methods?
Me: No
[5 seconds of silence]
Entire conference hall bursts into laughter

What do you think?

This motion may well come up for a conference or oral argument, or further briefing, so it would be interesting to see what you folks think about why these kinds of items are (or are not) necessary to test the validity of MediaSentry's methods and procedures.

Re:What do you think?

I'm not a lawyer, and I barely understand my legal rights to facing my accuser in this digital world, but I do know this:

We don't have any prior examples of this specific niche technology at work. There's no baseline of acceptable "industry standard" out there - every bit of information about these products is held so closely to the chest of these businesses that we just do not know where the hell this data comes from and, more specifically, we don't know how this data is corroborated with ISPs to find these people who are supposedly committing the infringements. Plus, we have no idea of what the failure rate of this entire process has been. On top of all of that, there is no independent analysis of this method.

If the RIAA litigation team was an inventor, this whole ordeal would be nothing short of them running around screaming about how they've invented perpetual motion, and then not letting anyone independently verify that the machine works.

Re:What do you think?

Whatever technologies that companies are using to look for people are incredibly sketchy. I have received 6 threatening letters from the MPAA. Four of them were legitimate (overbugeted hollywood crap anyway), but two of them were completely bogus. When I got my second completely bogus threat, I attempted to track this company down.

It turns out that between the time when the alleged sharing occured, and when I got the letter, the company had changed names 3 times (or there were a large number of dummy companies that had contracted eachother out or something, it is really hard to tell the difference in these situations). When I finally tracked down a phone number for the building that these guys were supposedly working in, I called it. A machine picked up (customized with the name of the company and everything), but no one was in and the voicemailboxes on every extension were full.

Just take a look at the Media Defender leaks. These companies are often engaged in illegal activity, from fraud to extortion. They are not an industry that you want to trust to give you accurate information. These people have nothing to gain by making their scanners have more accurate results, they just want to see more results, so of course you should be able to assess their techniques (especially their source code) to make sure everything is in order.

Just like the Breathalyzer cases

Remember when it started getting around that people were beating DUI charges by requesting the source code of the machine? If that was reasonable, this is a slam-dunk. The basic right to confront your accuser is one of the most important of the rights we have. If the defendant doesn't have the right to attack the evidence presented against him, he is effectively denied due process.

It's your case, RIAA. Put up or shut up.

Discovery of this type happens all the time

This is not new terrain. The evidence can be examined under restrictions so the "proprietary and confidential" information doesn't make its way out of the confines of the case. Frankly, this is just standard legal maneuvering for a case like this. The test is whether the discovery methods will be considered germaine to the validity of the RIAA's case. If so, the court will likely allow discovery of these techniques.

This is standard civil procedure

Folks,

IANAL, but I have been an expert witness in many legal proceedings in Federal courts. As a part of discovery, you *have* to give the other side your raw data and details of your methodology. Otherwise, the judge is almost certain to throw out your testimony, as the other side has no way of discovering the weak spots in your case. I was involved with one case where the judge sanctioned one of the opposing experts and it took us three tries to get a decent set of data and models out of them. This had a very negative effect on the credibility of the other side's expert, which pretty well torpedoed their case. (They won as a matter of law, but damages were negligible.) Mind you, the data and models are generally covered by a protective order to maintain confidentiality, but it's so common that the wording is almost boilerplate. SafeNet and the RIAA don't have a leg to stand on here, and I can't imagine why they're bothering to oppose this unless they're pulling an SCO -- in which case, the judge should slap them down HARD.

--Paul

Re:This is standard civil procedure

IANAL, but I have been an expert witness in many legal proceedings in Federal courts. As a part of discovery, you *have* to give the other side your raw data and details of your methodology. Otherwise, the judge is almost certain to throw out your testimony, as the other side has no way of discovering the weak spots in your case. I was involved with one case where the judge sanctioned one of the opposing experts and it took us three tries to get a decent set of data and models out of them. This had a very negative effect on the credibility of the other side's expert, which pretty well torpedoed their case. (They won as a matter of law, but damages were negligible.) Mind you, the data and models are generally covered by a protective order to maintain confidentiality, but it's so common that the wording is almost boilerplate. SafeNet and the RIAA don't have a leg to stand on here, and I can't imagine why they're bothering to oppose this unless they're pulling an SCO -- in which case, the judge should slap them down HARD.

You're 100% correct, Paul. Now let's see what the judges in this case do. They have previously allowed the RIAA's "expert" to testify as an expert [blogspot.com] even though he admittedly satisfied NONE of the Daubert reliability standards, and even though he admitted that all of the materials upon which he was relying -- the printouts MediaSentry would like us to accept as gospel -- likewise failed to satisfy ANY of the Daubert reliability standards.

Re:Discovery rules in Civil vs. Criminal cases?

I was under the impression that discovery rules only pertained to criminal cases, not civil cases?

Surely the well documented RIAA deceit in relation to evidence in other cases should be enough to compel the Judge to grant this request, regardless of whether disclosure is mandatory?

How far does judicial credulousness stretch these days?

Re:Discovery rules in Civil vs. Criminal cases?

If you're looking for prior examples, try the current U.S. Administration.

"We have the smoking gun on Iraq, but we can't show you until after we go to war."

"We have the evidence to prove these guys are terrorists but we can't show it to you. disregard the canadian."

"We aren't doing anything wrong. Pay no attention to the man behind the curtain."

Re:Discovery rules in Civil vs. Criminal cases?

IANAL, so obviously don't take my word as legal advice, but I was under the impression that discovery rules only pertained to criminal cases, not civil cases? Any lawyerly types care to chime in on this, maybe shed a bit of light on the subject?

Nope, the amount of discovery in civil cases often dwarfs that of even the largest, most complex criminal cases, and the rules are similar. You can refuse to produce documents on certain bases, including that it involves proprietary information or business secrets, but you have to convince the judge of this, which can be tough. A lot of times the parties will enter into confidentiality agreements, where only the lawyers (and possibly expert witnesses) will gain access to the produced information, not the clients. I think it would be tough to convince the judge that a confidentiality agreement wouldn't protect them.

Re:Discovery rules in Civil vs. Criminal cases?

Yup - at work we have lots of systems that are subject to various government regulations, and which contain data that could become evidence in a lawsuit.

We take all kinds of care to document everything about these systems and their reliability, and we have retention schedules for everything and we follow them. While in a court case we might attempt to limit the scope of discovery we ultimately would be prepared to defend our data. Otherwise a computer log isn't evidence any more than a piece of paper typed up on a typewriter 10 minutes before the trial.

Looking at the laundry list, I saw one or two items that might have been a little broad, but most of this stuff is directly limited to the scope of the issues at hand and the reliability of the evidence. If there were 25 precedents that this particular software was bulletproof the plaintiffs might get the scope of discovery narrowed down a little further (maybe just to demonstrate that the software is the software that is considered reliable), but as things currently stand I'd be surprised if the judge didn't order the plaintiff to produce the supporting evidence or have their documentation ruled inadmissible (which would pretty-much gut their case).

IANAL though...

Re:Discovery rules in Civil vs. Criminal cases?

And didn't DMCA suddenly make a criminal offence out of something that should have been a civil court matter. The stick has two ends. Criminalising something while bringing the perspective of jail, penalties, etc also brings a different standard of proof in most legal systems.

Re:Discovery rules in Civil vs. Criminal cases?

I was under the impression that a judge in civil cases has a lot of discretion. There is plenty of discovery orders in civil cases. While the judge may not agree to say "Let the other side see...", he may say "Show me, I want to see ...". In any case, some discovery can be filed as sealed documents. That would seem to apply here.

The judge can't keep anything like that to himself, he would have to allow access to the defendant's lawyers and expert witnesses (but not to the defendant and the public). Lawyers and expert witnesses would obviously be in big trouble if anything leaked out.

On the other hand, there is now precedent that you can't hide behind "proprietary methods"; I think there was the case of a manufacturer of breathalyzer equipment that ran into this problem. Of course they can refuse to open up their "proprietary methods", but then any evidence based on these proprietary methods would be invalid. In case of the breathalyzer equipment, nobody could actually force them to open up their code, but in practice every case based on their equipment would have been dropped, and the police would never again have bought their equipment.

Re:Great!

Works in Guantanamo!

Re:New Era of digital proof

If video footage of a crime in-the-act is caught, should it reasonably be expected that all of the above information about the digital camcorder be provided to validate the evidence? The storage media also? .. and the computer used to view and process?

No, but they'd reasonably ask to see the actual footage... not the result of a face recognition system and a copy of the suspect's driver's license. And if photography were only a decade or three old, and had been known to photograph the wrong person?

I suspect that the demands are probably more than they need, and I suspect they don't expect to get all they're asking for, but I don't think it's unreasonable to demand more details than you would of a videotape.