Wednesday, May 20, 2009

Judge orders RIAA to disclose "methods employed" by expert & "instruction or guidance" given by lawyers


One of the key elements in yesterday's protective order in SONY BMG Music Entertainment v. Tenenbaum, was Judge Gertner's direction that

the Examining Expert shall be required to disclose both the methods employed to inspect the hard drive and any instruction or guidance received from the Plaintiffs.
To date, in the hundreds of consolidated RIAA cases assigned to her, Judge Gertner has rendered thousands of rulings based upon so-called evidence procured by MediaSentry, without ever asking for that same type of disclosure.

In fact, the RIAA and MediaSentry have steadfastly maintained that their methods are secret and "proprietary". While they are permitted to have whatever "proprietary" "secrets" they want, it is contrary to Federal law to maintain a federal litigation based upon such material.

Although it is routine in federal litigation to mandate such disclosure for any scientific or computer-based evidence, it is novel in RIAA litigation, since the courts have generally bent the rules for the RIAA, in view of the weak or nonexistent legal representation of defendants.

Let us hope that that era is coming to an end, and that the RIAA will have to prove its cases just like any other plaintiff in a federal litigation has to prove its case.

And let us hope that Judge Gertner will apply the same standards to the "evidence" submitted to her from MediaSentry, Doug Jacobson, and any other RIAA "expert".


Commentary & discussion:

Keywords: lawyer digital copyright law online internet law legal download upload peer to peer p2p file sharing filesharing music movies indie independent label freeculture creative commons pop/rock artists riaa independent mp3 cd favorite songs intellectual property portable music player


Albert said...

There has been quite a discussion over on Slashdot about what that order means in practical terms in regard to a search.

If I were the expert engaged, and I read the order, it seems to be quite clear to me. It says I may NOT look in any file that is not a music file, filesharing software or contains metadata. The Judge has also made it quite clear that Video files are Specifically a NO-NO, even though they also contain an audio track.

Thus, it would appear to me that under NO circumstances may I (or any of my automated tools) inspect any portion of any file on the machine, unless I KNOW in advance that file is one of the types I am permitted to inspect. Thus, I am limited to directory only searches of current files with names known to be audio. or filesharing software or known metadata files. It would also appear to exclude any searches for deleted files, as the filenames of these files are not known, and the order would prohibit me from looking in them if I do not KNOW they are a type I am permitted to view.

It also would appear to prohibit me looking at User.dat and System.dat, the windows registry because I would not know in advance the registry contains any metadata I am allowed to look at.

Thus, I do not see how the instructions from the plaintiffs could be much more then a list of files such as "*.mp3, *.wav, kazaa.exe", etc. I am glad though they have to state it up front.

In my opinion, examining the files with a window with a preview, looking at the magic number of files, and any other such operation that would open and inspect the contents of all files in a directory would be a NO-NO.

Also, even when files are found, there will be NO proof that these were the files shared and observed by MS, as my understanding the computer being examined is NOT the machine that was in use on the date MS did its thing....

Thus, I wonder what do they expect to prove with ANY file on a computer that is admitted NOT to be the computer in use on the date in question. In fact, my understanding is this computer had not even been BUILT on the date in question.

In any case, Im glad the Judge tied their hands. No more porn blackmail or "I found this Resume" bits. They are clearly limited in what they can search.

If I were the Judge, I doubt I would have granted the exam, since it is admitted this is NOT the computer in use on the date in question.

What does everyone else think? Im I reading the order correctly?


Anonymous said...

I do not envy the forensics specialist that takes this case, because they will have their methods and findings scrutinized by the entire Internet.

raybeckerman said...

Dear Anonymous

An honest witness has nothing to fear from all the scrutiny in the world.

The RIAA's prototypical "experts" would have much to fear.

Alter_Fritz said...

Well Albert, the problem I see is that the Judge, while in the best interest of justice acting has the problem, that she is not an expert in computer forensics and she does allegedly have no idea how such a forensic examination is typicly performed.

But this is not her fault so I think we should not blame her for that her order is a bit in conflict how a forensic examination is done.

It might be helpful for her when either some Police forensic guy she trusts as amicus or even a sales representative from guidancesoftware could show her what the software does with which those HDD examinations are done.
the expert (if they choose this time a REAL one and not this joke jacobson that does not even create any reports what so ever!) will likely use Encase(*) or some similar product.
If Judge Gertner could some 1hour crash course explaining her the possibilities of these tools, she can be even more specific in other case she has in this big "related cases" docket.



Anonymous said...

The problem is that typically, when someone does a forensic examination of a drive, they have full and unequivocal permission to do so. Either the HDD is company property and they have a contract with the company or they're dealing with a user for whom the potential loss of their data is more of a problem than the expert seeing their data or they're working for the police and investigating criminal activity.

AFAIK there is little to no work of this type done, because the only place you'd get a crazy order like this is within the context of a civil law case.

I do find it *very* disturbing that the judge is prepared to accept an IT expert selected by one party. I wonder would it be similarly acceptable were it financial details that needed analysed by an auditor looking for whatever anomalies.

IMHO you have to trust your IT forensics/security guy as much as, if not more than, your accountant. The IT guy gets more access to your data, and if he's dishonest can get you into a similar amount of trouble.

If the drives were to be mirrored by the expert and the mirrors archived, I would be trying to insist that the mirrors were encrypted, and the only copy of the encryption keys should be held in trust by the court. That would mean pressing a civil case based on a corrupt expert would be a criminal violation of the DMCA for circumventing an encryption algorithm.

Anonymous said...

Last Anonymous:

Judges already have a lot of power to punish people who muck about improperly in their cases. But for this to happen, the judge needs to understand the issue (here, tech) and the defendant needs a decent lawyer. Often, one or both of these doesn't obtain.


Albert said...

After thinking about it for a bit, I am beginning to think the Order is quite good.

By allowing the Plaintiff to select the expert, they cannot come back later and complain about who was selected. If the Court were to appoint an expert, the Plaintiff might try to come back later and claim the reason nothing was found was the Court appointed a lousy expert. By allowing them to make the selection, they cannot complain about the expert, or his/her qualifications.

However, by stating the expert cannot be an employee of the Plaintiff or Council, it allows the Court to distance the expert from direct access by those people. It also places the actions of the expert under the control of the Court, and allows the Judge to direct the expert much in the same way as if the Court had appointed him/her.

My understanding is the Plaintiff has to give the expert a written instruction list of what they wish to search for. This also would allow the Defense to cry foul if they try to demand access to something improper, and to screen the results for privlege before the expert is allowed to turn over the results to the Plaintiffs.

Thus, the more I think of it, the more it sounds like a good appeal proof order.