Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Government Media Music The Courts News Your Rights Online

Court Sets Rules For RIAA Hard Drive Inspection 470

NewYorkCountryLawyer writes "In a Boston RIAA case, SONY BMG Music Entertainment v. Tenenbaum, the Court has issued a detailed protective order establishing strict protocols for the RIAA's requested inspection of the defendant's hard drive, in order to protect the defendant's privacy. The order (PDF) provides that the hard drive will be turned over to a computer forensics expert of the RIAA's choosing, for mirror imaging, but that only the forensics expert — and not the plaintiffs or their attorneys — will be able to examine the mirror image. The forensics expert will then issue a report which will describe (a) any music files found on the drive, (b) any file-sharing information associated with each file, and any other records of file-sharing activity, and (c) any evidence that the hard-drive has been 'wiped' or erased since the initiation of the litigation. The expert will be precluded from examining 'any non-relevant files or data, including ... emails, word-processing documents, PDF documents, spreadsheet documents, image files, video files, or stored web-pages.'"
This discussion has been archived. No new comments can be posted.

Court Sets Rules For RIAA Hard Drive Inspection

Comments Filter:
  • Question (Score:2, Interesting)

    by Anonymous Coward

    If the entire hard drive was secured with something like TrueCrypt, could you be compelled to turn over the password?

    Anyway, does stuff like this matter much anymore? I thought more and more convictions were based on ISP logs instead of hard drive searches these days...

    • Re: (Score:3, Insightful)

      I thought more and more convictions were based on ISP logs instead of hard drive searches these days...

      I'd bet the RIAA wants to be as invasive and punitive as possible. I'm suprised they haven't asked for daily body cavity searches of all defendants.

      • Re: (Score:2, Informative)

        I'm surprised nobody's shot the RIAA CEO in the head yet. Maybe RIAA deliberately avoids known-militia users. (shrug). Really this whole thing's getting out of hand. I'm going to lose years of my life fighting a court case just because I downloaded the Hot 100 from 2008? C'mon. I have hundreds of CDs on my shelves - it's not as if I (and other fans) don't support singers we like. RIAA is blowing things totally out of proportion, and it's about time people rise-up and fight back.

        http://en.wikipedia [wikipedia.org]

    • Re:Question (Score:5, Informative)

      by JoshuaZ ( 1134087 ) on Thursday May 07, 2009 @01:01PM (#27863687) Homepage
      There have been contradictory rulings about this. Many courts have ruled that at least in criminal cases people can be forced to decrypt their hard drives. See for example http://arstechnica.com/tech-policy/news/2009/03/court-self-incrimination-privilege-stops-with-passwords.ars [arstechnica.com]
      • by Weezul ( 52464 )

        Well, there are encryption schemes that provide fool proof plausible deniability, but none are implemented at the filesystem level. StegFS uses other block.

      • Re:Question (Score:5, Insightful)

        by commodore64_love ( 1445365 ) on Thursday May 07, 2009 @01:53PM (#27864571) Journal

        That's nice. "To consider the judges as the ultimate arbiters of all constitutional questions [is] a very dangerous doctrine indeed, and one which would place us under the despotism of an oligarchy. Our judges are as honest as other men and not more so. They have with others the same passions for party, for power, and the privilege of their corps. Their maxim is good justice is broad jurisdiction, and their power the more dangerous as they are in office for life and not responsible, as the other functionaries are, to the elective control. The Constitution has erected no such single tribunal, knowing that to whatever hands confided, with the corruptions of time and party, its members would become despots. It has more wisely made all the departments co-equal and co-sovereign within themselves." - Thomas Jefferson, founder of the Democratic Party

        Correct Mr. Jefferson. *I* have determined that the Constitution forbids the government(s) from forcing me to testify against myself ("nor shall be compelled in any criminal case to be a witness against himself"), so I will remain silent about my password on the ground it may or may not incriminate me. If the jackbooted police want to see what's on my drive, let them hack their way in. And if they cannot, then they must free me for lack of ability to find guilt.

      • Re: (Score:3, Interesting)

        by sjames ( 1099 )

        Dang! I KNOW that's the right password, I can't imagine why it's not working! (as the crypto software begins silently corrupting the data)

        Unless we as a society are prepared to make poor memory a crime, that's about the end of that road.

        On the biometric front, some fingerprint scanners claim to be able to detect duress. Since an unwilling person would necessarily be under duress, no court order could overcome that however compliant the defendant might be.

    • Re:Question (Score:5, Insightful)

      by vertinox ( 846076 ) on Thursday May 07, 2009 @01:04PM (#27863745)

      I thought more and more convictions were based on ISP logs instead of hard drive searches these days...

      Which would be more logical because how else can you tell the difference between a pirated MP3 and one I downloaded from Amazon.com or ripped from a CD?

      • Re:Question (Score:4, Funny)

        by Aranykai ( 1053846 ) <`moc.liamg' `ta' `resnogls'> on Thursday May 07, 2009 @01:20PM (#27864003)

        Because its in a directory named "Miley Cyrus - Breakout [2008][CD+SkidVid_XviD+Cov]320Kbps"

        Obviously.

        • Re: (Score:3, Funny)

          by PIBM ( 588930 )

          What if you liked to keep a lot of information handy about what you've been ripping/scanning ?

        • Brilliant. This would actually be a good idea. The summary specifically says they are only allowed to look for "music", not "videos".

          Judging by the XviD section in that filename, the music is saved as a video, thus exempt from the audit!
      • by thewils ( 463314 )

        ..and not only that, wouldn't it be germane to any litigation to have to prove that you obtained a file illegally rather than you having to explain where you got it from?

        • In a civil case like this, the standard of proof is "preponderance of evidence," not "beyond a reasonable doubt" as it would be in a criminal case. That means that if the RIAA's pit bulls can make the jury believe that you probably pirated the file, they win, even if they can't prove it. Thus, if they can show that you've been doing file sharing, and that you have files on your hard drive that you could have pirated, they win unless you can show the jury that it's more likely that you obtained them legall
    • Re:Question (Score:5, Insightful)

      by earlymon ( 1116185 ) on Thursday May 07, 2009 @01:26PM (#27864103) Homepage Journal

      I thought more and more convictions were based on ISP logs instead of hard drive searches these days...

      Perhaps more and more civil cases, but not more and more convictions.

    • by Hatta ( 162192 )

      If the entire hard drive was secured with something like TrueCrypt, could you be compelled to turn over the password?

      Yes, but they can't compel you to turn over the password to a hidden partition that they can't even prove exists.

  • by stephanruby ( 542433 ) on Thursday May 07, 2009 @12:55PM (#27863529)
    This makes way too much sense.
    • You're wrong (Score:5, Insightful)

      by Zontar_Thing_From_Ve ( 949321 ) on Thursday May 07, 2009 @01:01PM (#27863681)

      This makes way too much sense.

      Nope. Letting the RIAA pick the "forensics expert" does absolutely nothing to ensure that a fair and impartial expert is chosen. I'd think all that would do is make it very easy for the RIAA to set up a forensics lab of their own that could potentially plant evidence on the mirror copy. Then what do you do? They could always claim that your copy, which is minus the planted evidence, was "tampered with". I see no good out of this, but if NewYorkCountyLawyer disagrees, I would welcome an opportunity to be educated out of my error here.

      • Re:You're wrong (Score:5, Informative)

        by AKAImBatman ( 238306 ) * <akaimbatman@gmaiBLUEl.com minus berry> on Thursday May 07, 2009 @01:08PM (#27863823) Homepage Journal

        Letting the RIAA pick the "forensics expert" does absolutely nothing to ensure that a fair and impartial expert is chose

        I don't think that's the point. The point is that a trusted expert in the industry is the only one with access to the private information. He can then represents the findings on behalf of the RIAA. The defense needs to find its own expert witness to counter any arguments made by the RIAA's expert witness.

        At least, that's my understanding of how the proceedings would work. (IANAL)

      • Re:You're wrong (Score:5, Interesting)

        by NewYorkCountryLawyer ( 912032 ) * <ray@NOsPAm.beckermanlegal.com> on Thursday May 07, 2009 @01:11PM (#27863867) Homepage Journal

        This makes way too much sense.

        Nope. Letting the RIAA pick the "forensics expert" does absolutely nothing to ensure that a fair and impartial expert is chosen. I'd think all that would do is make it very easy for the RIAA to set up a forensics lab of their own that could potentially plant evidence on the mirror copy. Then what do you do? They could always claim that your copy, which is minus the planted evidence, was "tampered with". I see no good out of this, but if NewYorkCountyLawyer disagrees, I would welcome an opportunity to be educated out of my error here.

        No, while I think the order otherwise "makes sense", I happen to agree with you 100% on your point that the RIAA should not be able to unilaterally pick the forensic examiner. I think that is a mistake on the judge's part. As I pointed out in TFA:

        Unlike the protective order [beckermanlegal.com] (pdf) in SONY BMG Music Entertainment v. Arellanes [beckermanlegal.com], this protective order permits the RIAA to unilaterally select whatever expert it chooses, rather than an independent, mutually agreeable, expert.

        I think that is unfortunate. I'm hoping the judge comes to recognize that oversight.

  • by Volante3192 ( 953645 ) on Thursday May 07, 2009 @12:55PM (#27863535)

    Just because my PDFs play in winamp doesn't mean they're music files!

    • by Rockoon ( 1252108 ) on Thursday May 07, 2009 @12:57PM (#27863589)
      rename *.mp3 *.doc
      • Re: (Score:3, Interesting)

        Good point. Will the forensic expert just look at file extensions to determine what is copyrighted material, and what is personal/private info?? If so, your trick should work.
        • by TinBromide ( 921574 ) on Thursday May 07, 2009 @01:14PM (#27863897)
          The expert can run an md5 hash list containing the signatures of all the copyrighted music that the RIAA has collected over the years and compare the results against the contents of the hard drive. You can name a file anything you want and its content based md5 will stay the same. Also, you can rename a jpeg to a .doc and the first 4 bits of the file will still reveal it as a jpeg. Every piece of modern forensics software is capable of doing the above, and most do them automatically.

          If you take an MP3 file and rename it personal.doc, it will still show up in the media bucket and be declared as an audio file in the forensic software I am professionally experienced with.
          • Re: (Score:3, Insightful)

            by TheBig1 ( 966884 )
            So flip the last bit on all your MP3s, and the hashes will all be off. Or flip a random bit in the middle, at most you will hear a bit of hiss or something at one point in the song.
            • very good, but if you can do that, why weren't you running peer guardian or sharing on private trackers? (essentially, if you're smart enough to do that, why did you let yourself get caught in the first place?)

              Besides, that's the reason the expert will also perform analysis on files identified as audio files. If you flip a bit in the header to thwart that, some forensics software will still be able to identify it as media, but your software won't be able to tell that you're feeding it a perfectly valid MP
            • by Bandman ( 86149 ) <bandman@nOsPAM.gmail.com> on Thursday May 07, 2009 @01:45PM (#27864433) Homepage

              Coming soon...WinAmp plugins to XOR your MP3 collection

          • Re: (Score:3, Insightful)

            by EvilBudMan ( 588716 )

            --You can name a file anything you want and its content based md5 will stay the same.--

            What if you were to re-sample them? People do that all the time to make sure the volume level is the same for all *.mp3's in their collection?

            I guess there is always a hex editor to remove such things if need be. Real pirates are not going to be slowed down. They are just stopping mom and pop. Why? I don't get it. It can only be about controlling not just the distribution of old Led Zeppelin files but controlling future d

  • by Anonymous Drunkard ( 691025 ) on Thursday May 07, 2009 @12:55PM (#27863549)

    (c) any evidence that the hard-drive has been 'wiped' or erased since the initiation of the litigation.

    Just curious: Let's say someone wanted to do just that - wipe or erase the hard drive since the initiation of the litigation.

    Theoretically, couldn't a person just set the BIOS clock to a date and time prior to the legislation, do multiple shreds and formats on the HDD, reinstall the OS with the BIOS clock still 'in the past', and have it seem as though nothing changed since the initiation of the litigation?

    It would seem to me that if the BIOS clock was set to a prior point, that everything else on the HDD would follow. The BIOS clock has no intuitive knowledge of time, it only knows what it's told.

    All theoretical, of course. No one would actually do such a thing, of course...

    • by t00le ( 136364 ) on Thursday May 07, 2009 @01:01PM (#27863699)

      The simplest thing to do is to have a second disk in your computer, one for bad things and the second as a legal spare. Some truck drivers keep multiple log books, so something like that would be easier.

      That way you could show use on the second boot disk. If you get sued simply remove the illegal disk and bury it somewhere, like a neighbors yard. start using your legal hdd as you would minus the piracy piece.

      • by Ucklak ( 755284 ) on Thursday May 07, 2009 @01:15PM (#27863927)

        Use a USB drive for `personal` stuff. Let them take the OS drive and mirror it to hearts content.

      • The simplest thing to do is to have a second disk in your computer, one for bad things and the second as a legal spare. Some truck drivers keep multiple log books, so something like that would be easier.

        This is what Firewire was made for ;) What drive? Just be sure to dust off the area where that drive sat.

      • Re: (Score:3, Insightful)

        by eth1 ( 94901 )

        The problem with this is that there will be lots of logs, registry bits, and other cruft on the "legal" system drive that point to the existence of the one you removed.

        Don't underestimate modern forensic software.

      • Re: (Score:3, Interesting)

        by JoeMerchant ( 803320 )

        The simplest thing to do is to have a second disk in your computer, one for bad things and the second as a legal spare. Some truck drivers keep multiple log books, so something like that would be easier.

        That way you could show use on the second boot disk. If you get sued simply remove the illegal disk and bury it somewhere, like a neighbors yard. start using your legal hdd as you would minus the piracy piece.

        Don't they sell these as NAS drives? You could even operate it underground in your neighbors' back yard and just pull the wires when feeling paranoid.

    • by vertinox ( 846076 ) on Thursday May 07, 2009 @01:02PM (#27863705)

      Theoretically, couldn't a person just set the BIOS clock to a date and time prior to the legislation, do multiple shreds and formats on the HDD, reinstall the OS with the BIOS clock still 'in the past', and have it seem as though nothing changed since the initiation of the litigation?

      You could, assuming that the computer was still in your possession which I doubt at this point.

    • by GryMor ( 88799 )

      I don't see anything stopping them from using file system information. In your file system, this sort of thing stands out like a sore thumb as recording activity inconsistent with you having actually used the drive.

    • Windows automatically updates clock settings, when it connects to a network. I suggest that you make sure when you do it, that you don't put it on the net until you have it the way you want it.

    • by Todd Knarr ( 15451 ) on Thursday May 07, 2009 @01:08PM (#27863811) Homepage

      They could, but it's easy to get tripped up. For instance, one of the default settings in Windows XP is to synchronize time to a network time server belonging to Microsoft. If you weren't careful to keep the machine isolated during the install and all patching, you'd end up with a big discrepancy in timestamps as the clock jumped forward to the correct time during the last part of the install process. It'd also show up in the timestamps on patches, they might show as having been installed before they were issued or they'd be all lumped together at the very end when they should've been installed in a steady stream starting at the claimed install date and getting progressively more recent as patches were applied automatically. It might be hard to prove exactly when the drive was wiped, but it'd be easy to show that the fingerprint of the timestamps doesn't match what it'd be if the drive was as old as it claimed to be and had aged at 1 second per second since then.

      • Re: (Score:3, Interesting)

        by earlymon ( 1116185 )

        It might be hard to prove exactly when the drive was wiped, but it'd be easy to show that the fingerprint of the timestamps doesn't match what it'd be if the drive was as old as it claimed to be and had aged at 1 second per second since then.

        emphasis mine

        Easy to show to you and me or easy to show to a jury? I'm naive enough to skip my own forensics experts at that point, take the stand with pre-arranged questions from my lawyer, and then testify as follows:

        Geez, I don't know, I'm not a forenics computer guy. I do not have clue one about the inner working of timestamps and the idea of time having a fingerprint frankly sounds like something out of Star Trek to me. I don't even know why my fate is being decided this way. Evidently, their expe

    • by joeflies ( 529536 ) on Thursday May 07, 2009 @01:08PM (#27863817)

      I would guess the penalties for the destruction of evidence and the manufacturing of new evidence would land you in significantly more trouble, no?

    • by Anonymous Coward on Thursday May 07, 2009 @01:10PM (#27863853)
      Posting anonymously because, well, you'll see.

      I have personally nailed people for trying such a thing. One guy had to pay my fees and the fees of the attorney, another I believe spent a month in jail (the destruction was just the straw that broke the camel's back). In civil matters, destroying evidence means that whatever was there was far worse and far more damaging than anything currently residing on the drive. Lawyers can get away with that because they can say whatever they like and you have no way of proving them wrong.

      As for your question, a wiped drive is fairly obvious, unless you set your bios clock 100's of times and do stuff incrementally, create a range of files with chronological creation/modification/access times, populate the event logs with a smooth span of times, and not leave any smoking guns (windows xp pro on a dell?), you're probably gonna get nailed if the forensics expert is worth his paycheck. By the way, when you copy a file across a file system, from one drive to another, it gets a new creation time, so if all the files were "created" on a single day, that was when they were migrated over.

      The forensics expert is allowed to look at file system data and registry data as long as he can justify that its to detect just the kind of scenario you've stated, and its within the domain of his orders. Hell, he theoretically can click through every picture, document, and file on the drive if he creates a new forensic case aside from the official one and doesn't tell anybody about it. (thats bad, don't do that).

      By the way, if I was ever faced with such a situation, I'd plug my hard drive is as an external, scrub the offending files, blow away the registry, destroy the file system, and take a soldering iron to the circuit board so that they have to do a clean room recovery which will result in a partial image for analysis. I'd present that drive along with a new drive, repaired and what not to the court and say my hard drive crashed and that they can have at it if they like.
      • by dgatwood ( 11270 )

        No, a soldering iron would be pretty obvious destruction of evidence. You'd have to do something more subtle like shake the drive vigorously to scar the heck out of the drive surface and shred the drive heads while randomly seeking all over the disk. If you are still in possession of the machine, of course.

        Or you could just do a security erase of the offending files, ending by renaming them to a long string of garbage characters followed by renaming it to something short and innocuous (but the sort of thi

      • s for your question, a wiped drive is fairly obvious, unless you set your bios clock 100's of times and do stuff incrementally, create a range of files with chronological creation/modification/access times, populate the event logs with a smooth span of times, and not leave any smoking guns

        What about a disk image? Like if I had access to a second computer with no offending files, and I imaged the contents of that drive over? Is that detectable?

        Just curious.

      • "By the way, when you copy a file across a file system, from one drive to another, it gets a new creation time, so if all the files were "created" on a single day, that was when they were migrated over."

        Not on a Windows system it doesn't. The only time you get a new date on it is when you download from an external system, or you manually change the date/time stamp.

        Now me? All my music files (all legal, btw) are already on a USB portable drive anyway, because it takes 15GB off the active drive I need the s

      • by Hatta ( 162192 )

        By the way, when you copy a file across a file system, from one drive to another, it gets a new creation time, so if all the files were "created" on a single day, that was when they were migrated over.

        There is no creation time on ext3. GNU tar will preserve atime, ctime(inode Change, not creation time), and mtime with the appropriate flags.

    • Re: (Score:3, Interesting)

      by vux984 ( 928602 )

      Theoretically, couldn't a person just set the BIOS clock to a date and time prior to the legislation, do multiple shreds and formats on the HDD, reinstall the OS with the BIOS clock still 'in the past', and have it seem as though nothing changed since the initiation of the litigation?

      Yes, theoretically it can be done.

      So, right out of the gate, there would be evidence that the drive had been formated and shredded just prior to the litigation. That's not 'criminal', but its suspicious enough to maybe look int

      • So we should all keep a machine around for Y2010 testing that we constantly move the clock around, creating and deleting files in the past and future?
    • I don't know what the protocol is for civil litigation, so I do not know whether some officer would seize your equipment at the time of service of litigation, as happens in criminal matters.

      But assuming that you are able to retain control of your machines and autonomy in their use for some time after being served, then it would actually be quite difficult to securely wipe them and reinstall them without leaving behind some evidence that could be discovered by a forensics expert. Other posts in this thread

    • Re: (Score:3, Interesting)

      Unless you had a long, long time to plan such a move in advance it is extremely unlikely that you can do this well enough to beat a forensic investigator.

      You have two basic paths open to you: Either a surgical strike against the incriminating files or emulating a normal usage history sans music from scratch. You can't just wipe and reinstall because it's an obviously unnatural usage pattern.

      Unless you're paranoid like me, you're probably not using ext2fs; Those spiffy new journaling filesystems also m
  • From now on, all of my MP3s will be embedded into PDFs.
    • by GryMor ( 88799 )

      Just because they are embedded in PDFs doesn't make them stop being music files, neither does it magically turn them into PDFs.

  • by Smidge207 ( 1278042 ) on Thursday May 07, 2009 @12:59PM (#27863631) Journal

    While I admire people fighting the good fight, this is EXACTLY what makes court so dicey. If you get some judge with his head up the RIAA's ass and you are going to lose no matter how good your case is. The PROPER thing to do in a case like this is to have both parties agree on who examines the drive. One more thing, five days doesn't seem like a lot of time to examine a tech report for improprieties.

    =Smidge=

    • by evanbd ( 210358 ) on Thursday May 07, 2009 @01:06PM (#27863791)

      I was of the impression that it was fairly common to let the party doing the discovery select their own expert examiner. If the defense believe the examiner is for some reason inappropriate, for example overly biased or unqualified, they can object -- but requiring the two parties to a lawsuit to agree on *anything* is doomed to failure.

      This actually seems quite sane to me.

      (IANAL, of course.)

      • by Golddess ( 1361003 ) on Thursday May 07, 2009 @01:36PM (#27864277)

        requiring the two parties to a lawsuit to agree on *anything* is doomed to failure.

        In a trial by jury, both sides must accept a juror in order for them to be on the jury.

        (cue jokes about jury failure or something)

        • Re: (Score:3, Insightful)

          by evanbd ( 210358 )

          requiring the two parties to a lawsuit to agree on *anything* is doomed to failure.

          In a trial by jury, both sides must accept a juror in order for them to be on the jury. (cue jokes about jury failure or something)

          First, jurors are quite explicitly not the same as expert witnesses in law. And second, there are very well-defined limits imposed -- it's not as simple as they both have to agree. Usually, either side can reject a juror if there is some cause for the rejection that they can get the other side or the judge to agree to, and each side has a very limited number of peremptory challenges that do not require a cause.

  • by elrous0 ( 869638 ) * on Thursday May 07, 2009 @01:00PM (#27863671)
    The "forensics expert of the RIAA's choosing" pretty much negates all other protections in this order. That's like telling me "You can't peak into my email" then saying "But you can have any one of your best friends peak, with no supervision."
    • Re: (Score:3, Insightful)

      by TubeSteak ( 669689 )

      The "forensics expert of the RIAA's choosing" pretty much negates all other protections in this order.

      The expert can secretly (an in contempt of court) tell the RIAA whatever it wants, but if the RIAA tries to use anything outside the scope of the report, the both of them will be in a boatload of trouble with the Judge.

      Beyond the contempt of court and violations of professional ethics, there's undoubtedly at least one federal or state privacy law that would be violated.

    • Especially considering RIAA's involvement with a shady MediaSentry, I wouldn't trust the RIAA to pick a good expert.

  • by AgTiger ( 458268 ) on Thursday May 07, 2009 @01:01PM (#27863683) Homepage

    > (c) any evidence that the hard-drive has been 'wiped' or erased since the initiation
    > of the litigation.

    So as long as you wipe or erase the hard drive before litigation begins, or before you become subpoena'ed (aware of the litigation), you're protected if you destroyed any evidence of your activities?

    Perhaps a VMWare or other virtual operating system is in order then. Download, burn to optical, revert the guest image.

    Perhaps NewYorkCountyLawyer could confirm the viability of this method?

    Something about not being forced to testify against yourself. No sense in leaving your equipment capable of testifying against yourself either.

  • This is like setting limits on how strip searches should be conducted, or defining what limits one should use for "aggressive" interrogation.

    The best approach is not to go there in the first place.

  • by earlymon ( 1116185 ) on Thursday May 07, 2009 @01:09PM (#27863827) Homepage Journal

    Court orders to search hard drives aren't right - they're not even wrong.

    If you get a warrant to search my house, you search my house.

    No court believes that it would issue a single warrant to search part of my home, part of my business and parts of my friends' and family's homes.

    But a warrant to search my hard drive is exactly that.

    Restricting this search to the forensics expert of the MAFIAA's choosing but not allowing irrelevant info to pass on to them is exactly offensive and ridiculous. I'm frustrated my own following hyperbole, but I am so angry, this is the only metaphor that I can find - the beat cop gets to exercise the right to search everyplace you've been with a single warrant, but don't worry, he'll only tell the detectives about the stuff he found that's relevant.

    The fucking MAFIAA's cases isn't one of governmental high crimes or misdemeanors, neither is it one involving a criminal case - it's a fucking civil case. How dare any court in the land grant such a mind-numbingly offensive violation of one's constitutional protection of privacy in a fucking civil case?

    • by earlymon ( 1116185 ) on Thursday May 07, 2009 @01:22PM (#27864033) Homepage Journal

      Fuck me, I'm not done. Even Judge Judy knows better than this.

      Plantiff: "You honor, she stole my CDs when she moved out. A friend saw her carrying out boxes plus who else would have done it?"
      Judge Judy: "Ms. X, did you take his CDs?"
      Defendant: "No, judge. I did not."
      Judge Judy: "I'm sorry, Mr. Z, but you have no proof. Under the law, there's nothing that I can do."
      Plaintiff: "Your honor, please - how about a warrant to search her home, business and all of her friends' and family's home - then I'll have proof."
      Judge Judy looks at Bert, narrows her eyes, admonishes the idiot to get a life because he's clueless and the law doesn't exist for him to conduct witch hunts and we fade to commercial.

      Tell me how my point isn't any simpler than that. How in the fuck did we come to this as a people? Why in the fuck are any of us laying down for this?

      My anger may be getting the better of me, but maybe that anger helps fuel my weak brain. How did we condone Gitmo? How did we let the Patriot Act and Warrantless Wiretapping go on?

      How does the fucking camel get into the tent? He sticks his nose in first. Civil warrants to search hard drives have existed for more years than I can recall. That could very well be the camel's fucking nose.

      Now - how in fuck do we fix this?

  • After all, it is already illegal for Best Buy employees to search my hard drives for software, music, images, porn, etc. and make copies of said information to keep them on a centralized file server in their store for all the techs to peruse at will. But wait, it happened anyways en masse, didn't it?

    So this provides legal protection from authorities "stumbling across" other illegal files (child porn, warez, etc) but it does little to protect privacy beyond that (trade secrets, private/original music and/or

  • It's funny... (Score:5, Insightful)

    by smooth wombat ( 796938 ) on Thursday May 07, 2009 @01:11PM (#27863863) Journal

    As I read various comments, people are suggesting ways to thwart the attempt of a forensics expert to determine if certain files are present on a person's drive.

    Which is amusing because numerous posters make the claim that they are doing nothing wrong when they get a piece of music for nothing.

    So, if they're doing nothing wrong, why all the suggestions on ways to hide what you're doing?

    • Re: (Score:2, Insightful)

      by Myji Humoz ( 1535565 )

      So, if they're doing nothing wrong, why all the suggestions on ways to hide what you're doing?

      Moral != legal
      Immoral != illegal
      Hiding possibly illegal activities != Hiding possibly immoral activties
      Hint: People of both the innocent and guilty variety dislike going to jail.

    • Re:It's funny... (Score:5, Insightful)

      by earlymon ( 1116185 ) on Thursday May 07, 2009 @02:59PM (#27865723) Homepage Journal

      So, if they're doing nothing wrong, why all the suggestions on ways to hide what you're doing?

      Because the law has not caught up with electronic media?

      It's 1950. You have a copyright-infringement claim, claiming that I made an illegal copy of a portrait. You may have the right to have me bring in my artwork under a court order (I do not know, IANAL, and I'm still trying to understand the discovery process).

      You do NOT have the right to have me also bring in just about everything else I possess in my house.

      It's 2009. You have a copyright-infringement claim, claiming that I made an illegal copy of some music using computer media. Evidently, you now have the right to have me bring in, under court order, all of my computer media - music, video, software, email exchanges and confidential business documents. In fact, today it's supposed to be evidently a victory to have someone go through all of that personal stuff to just get to the music files. Gee, I don't know, but in 1950, I don't think anyone was allowed to enter and rifle your home as part of the discovery process to ensure that all artwork was brought in.

      Life, liberty and the pursuit of happiness - perhaps you've heard these words.

      My liberty is seriously curtailed whenever my privacy is invaded. I am not a constitutional scholar, and so I don't know, but I suspect that just maybe the constitutional rights protecting privacy itself - while giving the state due process to violate that privacy under certain specific and limited conditions and circumstances - is a class of rights derived from the unalienable right to liberty, with all protections thereto.

      So, your argument - that if you're doing nothing wrong, then why are you hiding? - whether in a civil or criminal context - is quite frankly disgusting.

      As I write this, some mods have found your post to be either funny or interesting. I find your thinking to be neither. The idea that only the guilty want to hide things is dangerous and contrary to everything our country was founded on. And I repeat, disgusting.

      Personally, I never want to hide anything or prevent anyone from seeing anything of mine - until someone wants to see, for any reason - and then I very much want to hide and not disclose; and that is just out of general principle. I was brought up free.

    • Re:It's funny... (Score:4, Insightful)

      by firewrought ( 36952 ) on Thursday May 07, 2009 @03:30PM (#27866389)

      If they're doing nothing wrong, why all the suggestions on ways to hide what you're doing?

      Because this is a technical site and the means by which computer forensics can be carried out or thwarted is of intrinsic technical interest?

  • Two Words. (Score:3, Funny)

    by DarthVain ( 724186 ) on Thursday May 07, 2009 @01:12PM (#27863879)

    Thurr and Mite! :)

  • simple solution (Score:4, Interesting)

    by FudRucker ( 866063 ) on Thursday May 07, 2009 @01:13PM (#27863891)
    get some thermite, glue it to the top of your harddrive with a fuse connected to the cover on your PC case, if not opened properly the harddrive melts...
    • by mikael ( 484 )

      Some "high security" hard drives would have a thermal oxidiser as a layer between the glass platters and the magnetic media. If a plug on the front of the hard drive was removed, oxygen would enter the enclosure, cause the oxidiser to react, heat up and disintegrate the binding of the magnetic particles. Complete and guaranteed permanent wipe.

    • by Anonymous Coward on Thursday May 07, 2009 @01:47PM (#27864463)

      This still leaves you with the situation of having live thermite on a hair trigger sitting a few (inches? feet?) away from your knees.

  • I see a lot of 'The RIAA will cheat if they get to pick!' posts. But the order says a 'forensics expert' and not just any random person the RIAA picks. I would -hope- this means someone with a license that can be revoked if they are found to be corrupt. If so, it doesn't really matter who the RIAA picks because the person would soon be out of work if they didn't hold to the law.

  • by bzzfzz ( 1542813 ) on Thursday May 07, 2009 @01:21PM (#27864005)

    I see this as good news.

    The best news here is that this shows that the court system and the judges understand what computers are and how they are used and are at least making an effort to deal with the case in a balanced way. Sure, computer forensic evidence has become routine in the last few years but there have still been plenty of RIAA cases where the handling of the defendant's property is remarkably cavalier.

    The RIAA, despite their myriad flaws, are entitled to their day in court. If procedures are balanced and remedies are fair, then I believe that the RIAA's corporate sponsors will quickly decide that the game isn't worth the candle.

    The copyright statutes and the discovery procedures are the law of the land whether we like them or not. The injustice and unfairness early in the RIAA campaign came from the lack of due process, the flimsy evidence and weak cases, and the threats of draconian penalties. It's getting better, and every positive step brings us that much closer to closing this dark era in the history of the legal system.

    • by russotto ( 537200 ) on Thursday May 07, 2009 @01:36PM (#27864287) Journal

      The RIAA, despite their myriad flaws, are entitled to their day in court. If procedures are balanced and remedies are fair, then I believe that the RIAA's corporate sponsors will quickly decide that the game isn't worth the candle.

      When it's Juggernaut (RIAA) vs. Pipsqueak (average Joe), nothing is EVER balanced or fair, except in the Fox News sense. It can't be.

      1) Juggernaut's expenses to run its offense are insignificant compared to its size. Pipsqueak's legal costs are significant, perhaps even crushing, to him.
      2) Juggernaut has nothing at risk. Pipsqueak is at the risk of bankruptcy if he loses.
      3) Juggernaut has played this game before and knows all the moves. It's probably Pipsqueak's first experience with the system
      4) This is Juggernaut's job. Pipsqueak is forced to divert time and effort from his life and work to deal with it.

      And that's before any cheating by Juggernaut.

      • by bzzfzz ( 1542813 ) on Thursday May 07, 2009 @01:50PM (#27864523)

        Welcome to the courts. It's the same way with a DUI prosecution or an eviction proceeding or Walmart throwing the book at some store clerk for theft by conversion of a 99-cent tube of Chap Stick. In the RIAA cases as in every other there are ample opportunities for the defendant to do and say stupid things that create trouble for them later. That's why people need attorneys. Yes, it's expensive. Tough. And so it has always been, read through Moll Flanders (public domain edition available for free at Project Gutenberg) to get the idea.

        With the RIAA cases, the other side of the coin is that, as long as the cases are handled fairly, they are too expensive for the plaintiffs to pursue. Last time I checked, the pockets of the corporate sponsors behind the RIAA not exactly of limitless depth. Absent the ability to bully people into $5000 out-of-court settlements with an hours' work by a nickel-ante paralegal and a penny-ante "investigator," a fair case with the court costs and attorney's fees will far exceed any civil penalties that the RIAA is likely, on the average, to collect. And absent the threat of an unwinnable case with six-figure damages, the PR battle moves from Pyrrhic to simply pointless.

        • With the RIAA cases, the other side of the coin is that, as long as the cases are handled fairly, they are too expensive for the plaintiffs to pursue. Last time I checked, the pockets of the corporate sponsors behind the RIAA not exactly of limitless depth. Absent the ability to bully people into $5000 out-of-court settlements with an hours' work by a nickel-ante paralegal and a penny-ante "investigator," a fair case with the court costs and attorney's fees will far exceed any civil penalties that the RIAA is likely, on the average, to collect. And absent the threat of an unwinnable case with six-figure damages, the PR battle moves from Pyrrhic to simply pointless.

          Excellent post, bzzfzz. Wish I could write like that. I hope you get modded to "+5".

          You are exactly right; if proper safeguards had been put in place, and were the Courts vigilant to ensure that the letter of the law was followed by the RIAA lawyers, these cases would have stopped 6 years ago.

  • http://en.wikipedia.org/wiki/Bush_White_House_e-mail_controversy [wikipedia.org]

    why can't it work for you?

    of course, wiping your disk after start of litigation opens you up to destruction of evidence

    so all you have to is structure your attitude towards the courts, and the nature of how you wipe according the RNC playbook, and you can should be able to give yourself enough plausible deniability to let yourself off the hook. "whoops! how'd that happen?"

    pirates should learn from the best crooks, the past administration, when it comes to the destruction of electronic evidence

    or i suppose there exists some sort of double standard between the elites and the commoners in a country supposedly standing for western liberal ideals about fair play and equality? naahhhh...

  • Illegal MP3s (Score:2, Interesting)

    by Nekomusume ( 956306 )

    How would the forensics expert know any given MP3 he finds is illegal? Between online music stores and CD-Ripping, he could very well find 1000 MP3s, and every last one of them be legal.

  • by Nom du Keyboard ( 633989 ) on Thursday May 07, 2009 @06:02PM (#27869205)
    What's a good, free cleaner for Windows to wipe all current unallocated file space - and preferably deleted files names as well? The court may have said you can't inspect any .doc files, but when you look through that unallocated space there is no longer a file type associated with it, allowing that slimy RIAA to read all the .tmp versions of your .doc, .pdf, .eml, and every other prohibited file type. Cleaning unallocated file space should be part of everyone's general housekeeping.

You know you've landed gear-up when it takes full power to taxi.

Working...