Saturday, April 21, 2007

Judge in SONY v. Arellanes Enters New Protective Order for Hard Drive Inspection

In SONY v. Arellanes, in the Eastern District of Texas, in Sherman, Texas, the Court has granted the RIAA's motion for reconsideration and revised its October 27, 2006, order governing the hard drive inspection. However, with minor variation, the new order is simply a more detailed version of the first order.

Under the Court's March 14, 2007, order the procedure is as follows:

-RIAA can use its own imaging specialist to make the mirror image of the hard drive;
-a mutually acceptable computer forensics expert shall make 2 verified bit images, and create an MD5 or equivalent hash code;
-one mirror image will be held in escrow by the expert, one will be given to defendant's lawyer for a 'privilege review';
-defendant will provide plaintiffs with a privilege log;
-after privilege questions are resolved, the escrowed image -- with privileged files deleted -- would be turned over to RIAA lawyers; and
-information turned over to RIAA lawyers would be for lawyers' eyes only.

Under the October 27, 2006, order*, the mutually agreeable expert was to create the mirror image, and it was left to the parties to agree upon a mutually acceptable protective order.

March 14, 2007, Order Granting Reconsideration of Protective Order Motion and Revising October 27, 2006, Order*

* Document published online at Internet Law & Regulation

Commentary & discussion:



Keywords: digital copyright online download upload peer to peer p2p file sharing filesharing music movies indie label freeculture creative commons pop/rock artists riaa independent mp3 cd favorite songs


AMD FanBoi said...

with privileged files deleted -- would be turned over to RIAA lawyers

I sincerely hope that:

1) Who ever creates the privilege log of files actually knows all the different files created by some applications and how to identify all of them, including temps, automatic backups, and the like.

Whomever actually deletes the privileged files knows how to perform a secure delete that removes all traces.

In addition, any disc area not included within a current file should be wiped.

All of the above is not an easy task to perform.

raybeckerman said...

I was wondering about

who's going to do the delete

how he's going to do it

who's paying for the neutral expert

Alter_Fritz said...

me is -on top of Ray's wondering- wondering if the judge might not have the necessary understanding of the technology/the process of imaging and forensic analyzing.

This process is NOT comparable with looking in a physical filecabinet where the lawyer for defendant will have a look first for private "files", non musicdownloadinguploading related "files" or even privileged communication of his client with him.

This is not like saying folder marked x3, z5 and the old dusty one there in the lower left corner right below the tax return papers are privileged and should be put out of the cabinet before the RIAA expert -that is already known to violate the privacy of defendants by snooping around in files and areas of the disk that contain data that is not about downloaded or uploaded musicfiles or software for filesharing- gets his hands on that filecabinet to snoop around in it.

Maybe some top level guy from should explain to the judge what this -already known for that he violates the privacy of defendants and non-parties and not following best practice and training advises from the manufacturer of the software- RIAAexpert Dr. J. can see, even if those priviledged files are "deleted".

Hopefully the judge will then clarify the order in a way that will make REALLY sure that the plaintiffs will not get any information that is private, not case related or even priviledged.

AMD FanBoi said...

The reason you have to delete all the unused file space is that memory swap files are created and deleted on the fly as required. They can contain who knows what that was in memory at the time it was swapped, but they DO NOT contain complete music files, or complete files to run KaZaA, or other P2P applications. The chances that this space contains privileged information is very likely, if you've worked with any privileged information at all on your computer.

Actually, you should not be turning over any files at all that aren't direct evidence. This means that other than any MP3 files that are already on the RIAA list, and any files relating to the P2P filesharing system the Plaintiffs are accusing you of using, ABSOLUTELY NOTHING ELSE on the hard drive is the Plaintiff's business to know -- including any other applications, data, log files, installation files, or ANYTHING.

They should also have to specify any particular registry keys they require to be preserved, and justify their inclusion.

Let them prove to the judge why they should be entitled to view your Microsoft Excel installation, or WinAmp playlists, or anything else at all.

I'd start with by claiming everything that's not the MP3 files they claim you have, or the program they claim you used, is privileged and not to be revealed as it's not relevant to their case. A judge who can't agree with that needs to be replaced.

Do this properly, and their fishing expedition may come to a quick, and unproductive, halt.

And remember, if their expert says he needs all kinds of other files to verify the dates on them, that all these dates are created by the built-in computer clock, which can be set, or mis-set, to any value you wish at any time. It's values are hardly conclusive evidence for anything, in a country where a surprising number of people still have VCR's blinking 12:00.

Ryan said...

I'd start with by claiming everything that's not the MP3 files they claim you have, or the program they claim you used, is privileged and not to be revealed as it's not relevant to their case. A judge who can't agree with that needs to be replaced.
Unfortunately 'privileged' is a rather limited list of specific things. Ie conversations w/ your lawyer, with your doctor, priest etc. Things that are legally protected from anyone ever getting to see. This is of course not to say that the RIAA hasn't been er... creative with their own interpretations of the relevant definitions.

David said...

Ryan, Are you saying things that they cannot prove have any bearing on their case at all, they're still entitled to have?

Ryan said...
This comment has been removed by the author.
Ryan said...

IANAL and all that:

Relevance is a whole different thing from privilege. Non-privileged info may still personal (to the best of my understanding) but it is not protected by specific clauses in law. There is always room to argue that what someone is asking for is not relevant however even if it IS relevant it could be privileged and so they still don't get it. Example: you pouring your heart out to a therapist part of which was admitting you did X. Even if investigators were looking into X they still don't get to have that conversation. However if you had the same conversation with your best friend then they can request it (ie if it was recorded or what not, or dispose the folks). Nominally things can be 'irrelevant' as long as the request is set such that you MIGHT have something they need and the request is reasonable to see if you have it. Relevance of course being up to the Judge to decide. Then there is confidential, which means the other side can see it but can't tell anyone else about it. Which is for the private things (ie conversation with friends) that are none of the publics business but have some baring on the case.

All of this aside, the RIAA seems to go outside the bounds of all the above in both what they ask for and what they wont give over.

*note somehow I dorked up the copy paste and had my post doubled up in one post, so reposting to be more readable.

Alter_Fritz said...

"[T]he truth might be interesting but it might not be relevant." -- THE HONORABLE ROBERT M. LEVY