Forgot your password?
typodupeerror
Music Media Government The Courts News Your Rights Online

Safeguards For RIAA Hard Drive Inspection 276

Posted by kdawson
from the under-watchful-eyes dept.
NewYorkCountryLawyer writes "In SONY v. Arellanes, an RIAA case in Sherman, Texas, the Court entered a protective order (PDF) that spells out the following procedure for the RIAA's examination of the defendant's hard drive: (1) RIAA imaging specialist makes mirror image of hard drive; (2) mutually acceptable computer forensics expert makes make two verified bit images, and creates an MD5 or equivalent hash code; (3) one mirror image is held in escrow by the expert, the other given to defendant's lawyer for a 'privilege review'; (4) defendant's lawyer provides plaintiffs' lawyer with a 'privilege log' (list of privileged files); (5) after privilege questions are resolved, the escrowed image — with privileged files deleted — will be turned over to RIAA lawyers, to be held for 'lawyers' eyes only.' The order differs from the earlier order (PDF) entered in the case, in that it (a) permits the RIAA's own imaging person to make the initial mirror image and (b) spells out the details of the method for safeguarding privilege and privacy."
This discussion has been archived. No new comments can be posted.

Safeguards For RIAA Hard Drive Inspection

Comments Filter:
  • it (a) permits the RIAA's own imaging person to make the initial mirror image

    IANAL, but having RTFA, I'd say that statement's a bit misleading. It actually states that an expert agreed upon by both parties will make two copies, make an MD5 hash of the copies, then the defendant has the opportunity to justify that some files are private and nothing to do with the case, and once that's settled:

    Plaintiffs shall have access to the Escrowed Image of the hard drive, minus the files as to which privilege has been asserted

    Seems pretty reasonable to me. Wouldn't make a lot of sense if they gave them access to the drive minus these files, if they had already initially had access to the whole thing.

    • Re: (Score:3, Interesting)

      by jasen666 (88727)
      No, it said the earlier order specified that an RIAA's person was to make the image. The new order says agreed upon expert.

      And I agree, it does actually sound pretty reasonable.
      Regardless, anyone who gets a subpoena from the RIAA should be smart enough to swap out hard drives and install a new OS before the case even gets that far anyway. Assuming they have something to hide. Seems pointless really.
      • by Kjella (173770) on Sunday April 22, 2007 @12:27AM (#18829303) Homepage
        I would strongly recommend against that, if you make the tiniest of mistakes such as timestamps which lets them show that you reinstalled your OS or swapped out your disk for a fake system after being subpoenaed, you could find yourself at the wrong end of some nasty criminal charges for destruction of evidence, obstruction of justice and so on. If you think psying a few thousand dollars is bad, you should see what a felony conviction does for your life...
        • by Mistlefoot (636417) on Sunday April 22, 2007 @12:51AM (#18829483)
          Priveleged file list

          1) *.mp3
          2) *.avi
          3) *.mpg

        • Suppose one were to have a CRON entry that does touch /* -R every night at 3AM? For extra goodness, have it write out 4 random times and then the new time to prevent data recovery of original times. Running every day for a week, it'd be impossible to get the originals. It's impossible to prove anything, including when the script was added, as dates are overwritten constantly. Goodbye timestampiness!

          Or if you're real paranoid, just get a laptop body + huge HDD + wireless and bury it in your wall and store your shit on that. Just manually mount the (encrypted) remote volume and supress NFS logging and there's zero evidence that you ever had any files.

          Just remember to encrypt everything anyway. And use ext2fs to avoid a journal leaving any "suprises" behind.

          And what about disk-copy utilities that duplicate a disk, timestamps and all, except you leave out certain important things (like ~/music/) from the copy? Actually, best to have some classical or nerdcore music, lest the absence of anything prove suspicious.

          I guess what I'm saying is, there are many, many ways to foil the MAFIAA. You just have to implement them beforehand, and calmly cover every angle. Trying to do something *after* getting subpoenaed is a bad idea, because then you're hurrying. And as you say, one tiny mistake is all it takes, and people tend to make mistakes when they hurry.
          • I guess what I'm saying is, there are many, many ways to foil the MAFIAA

            Yeah, but its the lusers they go after, just like with child porn.

          • Re: (Score:2, Interesting)

            by Anonymous Coward
            or you can just pay for the music you listen to. Simpler isn't it.
          • well, at least on FAT type filesystems, I've found that ctime is quite difficult to fsck with. I've tried. My car stereo, when reading a usb-connected drive (and apparently every car head unit out there, I've done some research), INSISTS on ordering things by creation time. Not modification time. Not file name. Creation time. So, the only real thing you can do to change the creation time is to re-create the file. Touch no workee, sorry. Neither does rename or move. You have to actually re-create th
        • by dougmc (70836)

          you should see what a felony conviction does for your life...

          I doubt any of these would be felonies, only misdemeanors.

          Not that it couldn't get you in trouble, mind you, but it's probably not as much trouble as a felony could cause.

          I guess if you were the sort of person that expected to be sued by the RIAA for this sort of thing, you'd keep your mp3s and P2P working directory on an encrypted drive, one that looks like unused space on the drive so you can't prove there is an encrypted drive, though I doubt that would be very convincing. And in a civil case,

        • by drix (4602)
          A lot can happen in the several months between the alleged date of infringement and they day the subpoena arrives. Old hard drives crash and get tossed, spares get pulled from a box you've had sitting in your closet all those years ... and everyone here knows it's trivial to back-date the system clock in the BIOS, at which point looking to timestamps on a fresh install is pointless.
          • by vidarh (309115)
            Old hard drives crash and get tossed

            And if you toss your "crashed" hard drive once a case is underway, you can expect the judge to treat it as destruction of evidence. Treating law enforcement and the judiciary as if they're stupid is never a good legal strategy.

        • by s7uar7 (746699)
          How would they know if you swapped your disk? Just buy a cheap 40GB disk, install the OS and a couple of programs, then stick it in a cupboard 'just in case'.
          • by vidarh (309115)
            For starters, if the timestamps of all of your files (or just "the wrong files") are from after the case started. Realistically faking this is HARD. For starters, you need everything to be consistent - they will subpoena your ISP's records, so if there are no traces of you being online, it will be extremely suspicious. If you do fake traces (browser history, browser cache etc.) it needs to make sense. For instance, if they find browser cache items on your disk and the pages are new but have old timestamps..
        • Use an external USB disk for your warez then hide it when they come a knockin'.

        • by Skapare (16644) on Sunday April 22, 2007 @09:40AM (#18831321) Homepage

          A subpoena is supposed to not cause undue harm or burden. Since due process has not actually taken place (e.g. argue against it in court), the harm and burden is supposed to be limited. Preventing someone from using their computer is, IMHO, an undue harm and burden. This is the principle our laws came from (not that the laws actually implement it very well).

          In the "old days" (when such principles were established), evidence was generally written on paper. An order to preserve evidence would mean not destroying those papers. That would not have been an undue burden in most cases. Someone doing more stuff with papers is generally going to be buying more paper, or at the very least doing more writing in the remaining blank spaces of paper.

          The computer of today does not fit an analogy of paper. Perhaps the CDROM backups might. Using a computer typically does involve deleting old data and using the space for new data.

          But there is an even more extreme situation here. Microsoft Windows is so vulnerable to exploits that several things can end up destroying evidence, or exacerbating the burden. Infectious programs may cause damage or filesystem corruption. Spamware and spyware may be so pervasive that the only option is to wipe the disk and re-install the OS. It has happened to several of my friends and family (in many cases I've been the one to diagnose the problem and carry out the cure which first involved booting Linux to run "dd" to be damned sure the drive was wiped clean, before booting the Windows install disk to start all over). I actually recommend to people that they re-install Windows every 3 months if there are no visible signs of infection (or immediately if there are).

          Is it really the intent of the court to tell someone they must not clean out the infections in their computer, and must let the spamware keep popping up various ad windows, and must let their computer keep emailing spam to others on the internet? Will the court also extend that order to the ISP to prevent the user's account from being shut off due to all the spam coming through?

          Courts do need to learn a whole lot more about technology. And they sure aren't going to get it in an ex-parte hearing, especially with RIAA lawyers.

          IMHO, when a court has issued a subpoena that does cause harm and burden by preventing someone from using their computer, at least for more than a day or two, that court has overstepped its authority. Note that this is an opinion, not a description of how lawyers and judges have currently structured things (which is really wrong because of their lack of knowledge about technology). Fixing it, though, is going to be a tough issue for the future.

          But do keep in mind that lost evidence can be very easily the result not of the user, but of things beyond the user's control, at least if they keep using their computer. Tell me what you would think if a subpoena ordered you to shut your computer off, and not run it or use it at all, for 30 days, until they can get a bit image of the drive made (whether you did anything suspect or not)?

        • "My hard drive thingey crashed and I had the computer store fix it. They said something about spyware or robots or something, your honor."
      • by Bob9113 (14996) on Sunday April 22, 2007 @12:36AM (#18829379) Homepage
        No, it said the earlier order specified that an RIAA's person was to make the image. The new order says agreed upon expert.

        Verbatim, from the new court order:
        1. Kimberly Arellanes ("Defendant") shall make her computer hard drive available for imaging by Plaintiffs on or before March 21, 2007 [emphasis mine]

        Clearly the court order says that Sony gets to do the initial imaging.

        Step 2 is, "an expert in computer forensics selected by the parties shall make two (2) verified bit-images". That's the second set of images. The initial image is done by Sony.
        • Re: (Score:3, Informative)

          by Bob9113 (14996)
          Correction - I'm wrong. Parts 1 and 2 of the document are actually contradictory. Part 1 alone makes it sound like Sony makes an image. Part 2 alone makes it sound like the expert makes two images. Reading both parts together makes it sound like the document is flawed.
          • by jakosc (649857) * on Sunday April 22, 2007 @12:50AM (#18829479) Homepage
            I think 1 and 2 are consistent, it's just the numbering in the document isn't the order of events.

            How I read it, it's basically:

            1) Plaintiff, don't worry, you'll get access to the drive by March 21
            2-3) Defendent, don't worry, here's how we'll do it---first, you get to delete your private files

            IANAL, but that's how I read it. The summary's a bit confusing, and seems to suggest that #1 in the document has to occur before #2, which really doesn't make sense, as the GP points out.
      • Re: (Score:3, Interesting)

        by daeg (828071)
        Simple solution is to simply use something like TrueCrypt. Don't let applications save logs or recent file histories and use portable apps on USB thumb drives where applicable (even TrueCrypt can run in this mode).

        Besides being more private, it's also damned cool and lets you bring your programs, files, and everything with you no matter what computer you're on.
        • Simple solution is to simply use something like TrueCrypt.

          TrueCrypt is pretty neat, but that brings up a question. If you encrypt your entire hard drive, what happens when your computer is taken as evidence? Can you be required to divulge the decryption key? IANAL, but I assume that you can be held in contempt of court (or something) by refusing to offer it up, leading to criminal charges, fines, and/or jail time. In any case, I doubt you can just give the RIAA the bird and say "Nah nah, can't touch this" because your stuff is encrypted.

          Does anyone know the details about this? I doubt encryption helps you when it comes to legal matters, unless maybe you can plead the Fifth. After all, by giving up the decryption key you may be incriminating yourself :)

          Anyone know?
          • Re: (Score:3, Informative)

            IANAL and this is not legal advice, merely a recount of a story

            A friend of mine got pulled in by the big guns out here in Australia a little while ago. It was kept very quiet (for which he was grateful) because they stormed into his house to find him sitting at his table drinking a coffee, all his PC's turned off. His TrueCrypted hardisks were useless as he "forgot" the complex key in all the excitement of having his door kicked in by a task force. Probably not legal but can they prove it?

            Of course pleadi
            • Re: (Score:3, Funny)

              by mikiN (75494)
              Pleading the Fifth:

              Judge: "How do you plead?"
              Defendant: "Ta-da-da-daaaaaa, ta-da-da-daaaaaa..."

              (sorry, couldn't resist...)
            • Not to mention that pleading the Fifth in Australia makes you look as stupid as hell.

              I do know someone who tried this. The judge adjourned the hearing immediately and refused to continue until she got a lawyer.
          • Re: (Score:3, Informative)

            by Wavicle (181176)
            Can you be required to divulge the decryption key? IANAL, but I assume that you can be held in contempt of court (or something) by refusing to offer it up, leading to criminal charges, fines, and/or jail time. In any case, I doubt you can just give the RIAA the bird and say "Nah nah, can't touch this" because your stuff is encrypted.

            IANAL either (so take this with a grain of appropriately sized salt)...

            You can refuse to give out your key, but since this is a civil proceeding, the 5th amendment does not appl
          • Re: (Score:2, Interesting)

            by nospam007 (722110)
            TrueCrypt is pretty neat, but that brings up a question. If you encrypt your entire hard drive, what happens when your computer is taken as evidence? Can you be required to divulge the decryption key?
            ----
            from the trucrypt website:

            Plausible Deniability

            In case an adversary forces you to reveal your password, TrueCrypt provides and supports two kinds of plausible deniability:

            1. Hidden volumes (for more information, see the section Hidden Volume).

            2. It is impossible
      • Re: (Score:3, Funny)

        by statusbar (314703)
        So if I had music that I wrote and copyrighted on my own computer hard disk, they then are allowed to copy my music during this process without paying me compensation?

        --jeffk++
      • The new order says agreed upon expert [makes the copy] and I agree, it does actually sound pretty reasonable.

        What's reasonable about being threatened with the loss everything and your reputation at random? All to protect some big rich music publishers. Bin Laden is loving it.

        Even if you can defend the witch hunt, this detail is still abusive. They are only interested in specific files and should be able to make a tool that extracts them transparently. Just imagine making a list of all the files that

  • 1. Who pays for the neutral expert?

    2. Who makes the deletion of the privileged files?

    3. How are the privileged files going to be deleted?

    • I know lots of people who could take an image of a disk and come up with an MD5, but I can maybe think of one person who i know that is sufficiently recognized that he could be considered a computer forensics export.

      I'm sure if I suggest someone as a neutral expert, the RIAA will discredit them and likely leave one of their guys as the only choice.

      There may well be a market here though. I'm available for a small fee and largely neutral :)
    • by zappepcs (820751) on Sunday April 22, 2007 @12:40AM (#18829407) Journal
      I have a similar question, possibly related. I have no less than 12 systems at home. On the very remote chance that I should even be accused by the RIAA, how would they know what system to look at, or which drive (I have quite a few) to look at for evidence. Who pays for that? Do they come in and simply confiscate everything? I might have hacked the DVR and moved my music there. I might be an upgrade junky and have upgraded every system that I own on a regular basis, including wiping the drives clean of any previous data. How do they figure they can tell the difference between my habits and someone trying to hide data?

      Are my computing habits putting me at risk if they should ask about my online activities? Should I be afraid? Should I be hiding stuff now?

      I don't download music or movies, but how do I prove that without having to go through such huge measures as going to court? The existence of MP3 files on my hard drive does not mean I've been downloading. If I buy a used system that has music files on it, am I guilty?

      My belief is that they don't have a right to look at it at all without hard evidence that I've been downloading illegally. The police are the only ones given the ability to search with probable cause only. Discovery for court purposes is one thing, do they search each defendant's home top to bottom to find any hidden hard drives? Do they 'interview' neighbors and friends to see if there is a missing hard drive they are just 'holding'?

      To me, this whole hard drive evidence thing is illegal in itself. What if a virus infected my machine as was being used to pass illegally downloaded files? What happens if the defendant's lawyer declares all data on the disk to be private, other than the OS files?

      • by cdrudge (68377)

        My belief is that they don't have a right to look at it at all without hard evidence that I've been downloading illegally. The police are the only ones given the ability to search with probable cause only. Discovery for court purposes is one thing, do they search each defendant's home top to bottom to find any hidden hard drives? Do they 'interview' neighbors and friends to see if there is a missing hard drive they are just 'holding'?

        Remember that if you are involved in a case directly with the RIAA, you ar


        • One could make the case to a judge that with all the drives the RIAA has unethically examined using their wide, pervasive and invasive techniques, there is a better chance than not that they have CHILD PORN on their own computers, and that a low-level forensic examination of the RIAA's computer disks would likely reveal CHILD PORN was there even if it is now erased. My understanding is that is a federal crime no matter HOW the CHILD PORN got on the RIAA's computers or whether the CHILD PORN on the RIAA's ha
          • by cdrudge (68377)
            There is a difference between your example and the one in the story though. In your example, it's not copyright infringement (usually civil matter), but rather child pornography (criminal matter). If you owned the copyright for the movie ChildPorn.avi and had evidence that the RIAA's IP address downloaded it, then you could go after them. However you probably would be in more trouble then they would.

            Besides, the RIAA themselves likely never have actual possession of the media. Their attorneys or "forens
      • by trewornan (608722) on Sunday April 22, 2007 @02:47AM (#18830045)

        do they search each defendant's home top to bottom to find any hidden hard drives?

        I'd been thinking about this and had more or less decided it would be a good idea to by a wireless hard dive (like this: http://www.whatlaptop.co.uk/YRtBdcdoWel2Yg.html [whatlaptop.co.uk]). I might even really go wild and rip some of the plasterboard off a partition wall and wire it straight in to a ring main. Replace the plasterboard and repaint and you'd virtually have to pull the building apart to find it (unless you used RF direction finding) - and that's if you knew it was there. I can't imagine your average cop/lawyer realising.

        But would it be a fire hazard?

        • by zappepcs (820751)
          Just thinking about what you said, I'm going to keep dozens of hard drives in a box, and *IF* the **aa should ever wonder about what I've been doing, I'm going to hand them boxes of hard drives. None of them with anything useful on them. That is beautiful. Make it very expensive for them to even look and see what is available to look at. Fsck, I've got old full height 4GB SCSI drives for them to fumble with ... :) I bet I've got some old 300MB drives to deal with too.
      • by Nom du Keyboard (633989) on Sunday April 22, 2007 @03:59AM (#18830329)
        Do they 'interview' neighbors and friends to see if there is a missing hard drive they are just 'holding'?

        Well, in one case they are demanding to image and search the hard drives and all MP3 players of the son of a defendant, who lives miles away, and claims to only have a desktop system at home that he uses for his job as a legal assistant (i.e. large amount of confidential files there). They're trying to do this because, having searched his mother's harddrive and found ABSOLUTELY NO EVIDENCE of illegal activity on it, and only assumed that they were given the wrong hard drive, and are now on the hunt for the correct one that they're sure exists.

        In the RIAA's twisted logic, he has either taken his desktop (not notebook/laptop computer) to his mother's house miles away to do illegal filesharing on her Internet broadband account, and then taken it home again, or REMOVED HIS HARDDRIVE and transported it over and back to infringe on record company copyrights. This theory, they feel, allows them to now search his hard drive -- or, I would expect, anyone within 4 degrees of separation from the defendant -- and all music players as they wish. While I believe this was finally ruled unreasonable and unlikely to produce admissible evidence, they now are fighting their best to avoid paying his legal bills that he entailed explaining this bit of common sense to them.

        So in answer to your question: Yes!

    • by neoform (551705)
      Why not just save yourself the trouble?

      http://www.truecrypt.com/ [truecrypt.com]
    • I was wondering that too - what is proper technical procedure for removing files from an image? Is it enough to simply zero out the bits allocated for that file? What if it's cached or backed up somewhere else on the drive?

      From the hypothetical point of view of a technologically knowledgeable guilty party, I would look for some way to store the copyrighted files steganographically in something that can reasonably be considered private, and request that it be deleted from the image. Then again, if I'm using
    • 1. Who pays for the neutral expert? 2. Who makes the deletion of the privileged files? 3. How are the privileged files going to be deleted?

      If media files are all the RIAA trolls are interested in, it would be easy enough to make a script to extract them. Standard tools like find and tar do exactly that and do it well. Fancier tools could be made to look for id tags if the RIAA is paranoid about people changing filenames. It is this list of files that should be agreed on and only that should be coppie

    • 1. They better both pay equal amounts, or the neutrality is somewhat in question. The court should get to appoint an expert from a list of candidates submitted by both parties, to make it a little more impartial.

      2. With MD5 hashes of everything and a redundant, untouched copy of the disk, it shouldn't matter to the plaintiffs who deletes the files. Hopefully, the respondent can get another computer expert to help out with their lawyer present and go through a list of files, including caches and swap files
  • by mulhollandj (807571) on Sunday April 22, 2007 @12:05AM (#18829145)
    Digital forensics is a very tough issue as laws are somewhat immature and judicial precedence over what is acceptable and what isn't, isn't set yet. What is considered in plain sight on a hard drive? These questions haven't been fully answered yet and it is going to take at least one high profile case before it is done. And always remember to use a write blocker when examining somebody else's hard drive. Even booting into Windows will change the timestamps on a lot of files which might allow the theory of the evidence being planted.
  • by StefanJ (88986) on Sunday April 22, 2007 @12:23AM (#18829271) Homepage Journal
    It's like reading a procedures document from the Ministry of Information Retrieval.

    You just KNOW that the creepy bureaucratic gnomes who write up this stuff are going to have a hand in designing the "revised Internet" that's made the news lately.

    Your computer has been used to violate article IV of the The Working Artists' Protection Act. Please unlock your front door, sit on the ground, place your hands behind your head and wait quietly. Attempts to flee, contact the press, or hire legal counsel is a violation of the P.A.T.R.I.O.T. III Act and may result in detention in an Overseas Protective Facility.
  • by ZombieRoboNinja (905329) on Sunday April 22, 2007 @12:31AM (#18829331)
    Think they'd buy it?
    • Well, if it were me, I'd just rename that file to something appropriate for financial records before letting them get their filthy little paws on it.
    • by houghi (78078)
      Reminds me that I must record my slamming with a metal stick on a metal plate. I will record 2. I will only put the first one online, because I like it more. One I call A, the other B. As I also have wood (a and b) I will call it metallicA.mp3

      The next part is to wayt for the RIAA to sue me and then counter-sue the hell out of them.
  • Use TrueCrypt! (Score:5, Informative)

    by mwilliamson (672411) on Sunday April 22, 2007 @01:06AM (#18829581) Homepage Journal

    Assuming you really do have something to hide, using an encrypted volume embedded within another encrypted volume could be very useful. TrueCrypt [truecrypt.org] supports nested encrypted file systems and since TrueCrypt uses no headers to demarcate its volumes, it is not possible to determine if an additional volume is embedded within a TrueCrypt volume. In effect, it provides plausible deniability of the existence of a 2nd embedded volume if you're forced by court order to decrypt the main volume. (stick some Creative Commons licensed mp3 files in the main volume though, just to throw the RIAA the middle finger a little more.)

    Better yet, support non-RIAA artists at sites like Magnitune [magnitune.com]. The quality of music I've found there is proof positive that the RIAA no longer has a legitimate purpose in the music industry.

    My tips for installing TrueCrypt [aggiegeeks.com] on Fedora Core 6.

    • by Grym (725290) *

      Yeah that 16GB Truecrypt volume with only 5 MBs of word documents in it don't look the slightest bit suspicious.

      -Grym

      • by Tumbleweed (3706) *
        Yeah that 16GB Truecrypt volume with only 5 MBs of word documents in it don't look the slightest bit suspicious.

        Hey, encryption uses a lot of overhead. :)
      • by ColaMan (37550)
        It doesn't look *that* suspicious. It just looks like you haven't filled it yet. To maintain plausibility, the outer truecrypt layer will happily hose the hidden volume without warning if you fill the outer layer up.

        You can just say, "yeah, I had a play around with TrueCrypt when I was feeling a little paranoid one day, but I never really use it."
  • RIAA employees were discovered with a "significantly disturbing" volume of porn on their own machines. When questioned they denied that the material was sourced from hard drive mirror images..
  • Safeguards I use (Score:5, Interesting)

    by hardburlyboogerman (161244) <kwsmith41747@windstream.net> on Sunday April 22, 2007 @01:25AM (#18829693) Homepage Journal
    1.A loaded S&W .357 for use on the RIAA trolls trying to gain access to my house.(Under Ky Law I may defend my personal property using deadly force if I deem it necessary)
    2.A good self destruct device (easy to built and arm) for the hard drive(renders it absolutely useless to any forensic expert,since it physically destroys the platters.)
    3.I use an external drive to store the MP3 and other multimedia files on.Easily hidden,(like the old Varmit XL1000 CB Linear amps of decades past)
    Anyone wanting to seize my machine will pay dearly for trying.I just don't give a damn anymore since I had the nervous breakdown last year.
    That way,If the RIAA does get the machine,it will turn to scrap before they can get it 2 miles away.Paranoid? Sure,but with the corruption of the courts these days,these steps are needed.
    • Re: (Score:3, Insightful)

      1.A loaded S&W .357 for use on the RIAA trolls trying to gain access to my house.(Under Ky Law I may defend my personal property using deadly force if I deem it necessary)

      KY state law doesn't allow you to shoot a deputy sheriff for serving a search warrant. And that's what this would be.

      2.A good self destruct device (easy to built and arm) for the hard drive(renders it absolutely useless to any forensic expert,since it physically destroys the platters.)

      of course, now you've tampered with evidence (the small sound of an explosion may give it away), which is an actual crime as opposed to the copyright infringement which is not.

  • Sure, here's my hard drive (trips over chair leg)...

    WHAP! (Noise made as hard drive is dropped and violently falls onto floor)

    Of course you would want to make your OWN image of the drive beforehand, and store it somewhere safe, like a safety deposit box at your bank or somewhere....

    • yes, so that the bank/saftey-deposit box holder can be subpoenaed for the drive image...
      • Um, that is moronic. How can the RIAA search your bank safety deposit box? Can they? That is scary.

        How much does a hard drive cost? How much does an RIAA lawsuit cost? It's easy to buy a $100 drive and make a copy on your own.

        Make 10 copies. Put the hard drive in an ammo case and bury it in the woods. Give a copy to a friend. Copy it to a laptop hard drive and carry it in your pocket. Burn it onto DVDs and hang them on your Christmas tree. It's just data, zeroes and ones. Anyone who uses a compu
        • by vidarh (309115)
          If they have subpoena for the contents of your hard drive and you destroy the drive or try to hide the data from them, you are committing a crime. It's that simple. If they find out and go to a judge with it, you'll be in far more trouble than if you just hand over the drive.
  • Copyright infringement would be the distributing of a work that you aren't authorised to distribute.
    Having the data on your harddrive doesn't prove that you were distributing it.

    The only way to prove that your were distributing it would be to catch you while you are distributing it.
  • by Nom du Keyboard (633989) on Sunday April 22, 2007 @03:49AM (#18830287)
    I would have them remove ABSOLUTELY EVERYTHING that can be proven not to relate to the RIAA's case before the RIAA can get their hands on it. Every e-mail, every history file, every log file, your installation of Microsoft Office, Media Player playlists, any other installed program that they're not looking for. Anything that's your business that it's on your hard drive, and not their business, should be gone gone gone! Even the operating system you use and its activation keys are none of their business in this case, since they're not suing you for having Microsoft Windows on your hard drive. And don't forget anything that indicates just how you connect to the Internet.

    In the end they should receive any MP3 files that are on their list of infringing files, and Online Media Distribution System (P2P file sharing program, for the rest of us) files for the OMDS they've claimed they've identified (e.g. KaZaA) if present, AND NOTHING MORE!

    As I understand it (IANAL), you are allowed to remove personal files that have no relationship to the case at hand. The RIAA can object if you try to protect files they say have a direct bearing on their case, however, they should find it an impossible task to justify why they need to see anything other than specified MP3 and/or OMDS files. Don't give them a byte more than they're entitled to.

    And most importantly of all, perhaps, wipe all the unused file space. Let them try to prove why they deserve access to areas of the hard drive not included in any files.

  • ... a virtual OS install for all your 'illicit' downloads.

    i.e. - VMWare, where the installation is hosted within a single file. For tin foil hat level security you may choose to keep the file on an removable device. The first hint that the RIAA is persuing you, you disconnect/erase the device/file.

    Ooops, the cat's out of the bag now !
  • If I dragged someone into court, saying they sent me poison pen emails, would I be allowed access to their computer to search for evidence? Isn't that lunacy? So how come a trade group gets that privilege?
    • ...would I be allowed access to their computer to search for evidence?...
      The short answer is yes, its called the discovery phase of the trial. See for example, Wikipedia discussion. [wikipedia.org] Granted the cost of doing all the forensic analysis comes out of your pocket.
      • by rikkus-x (526844)
        It seems a bit crazy to me. Planting evidence in the form of files on a hard drive is, firstly, easy and, secondly, very difficult (if not impossible) to detect.
  • If I get a letter from the RIAA, my hard drive goes into the furnace. Fuck 'em all and smile, baby. Scorch the Earth. Attica! Attica!
  • Its too bad that the day i got the complaint i was so flustered on getting accused of somehing i didnt do, i accidentally blew up my harddrive, and it had to be completely reloaded..
  • by bl8n8r (649187) on Sunday April 22, 2007 @09:13AM (#18831179)
    ln -s /usr/share/goatse.jpg $HOME/stuff_I_got_from_limewire.mp3
    ln -s /usr/share/goatse.jpg $HOME/movie2007.avi
    ln -s /usr/share/goatse.jpg $HOME/awesome_concert.mpg

    or maybe for more fun..

    for file in `find /usr/share/goatse -type f`; do
        ln -s "$file" $HOME/$RANDOM.mp3
        ln -s "$file" $HOME/$RANDOM.mpg
        ln -s "$file" $HOME/$RANDOM.avi
    done

It's time to boot, do your boot ROMs know where your disk controllers are?

Working...