Jun 15, 2007
Earlier this week, Torrentspy, one of the largest BitTorrent tracker search engines on the Net made a startling announcement: They were ordered by the district court of California to start logging access information from users to make it easier to hunt them down. The judge presiding over the case, however, decided to grant the people who run Torrentspy some time before enforcing this order to give them an opportunity to file an appeal, which had to be in by 12 June 2007. As it turns out, they're being sued by the MPAA because they're making it easier for people to download pirated movies on the Net, even though they don't actually make the movies available, they just tell you which trackers have them available and display some information about the health of the torrent (the location of the tracker, number of seeders, et cetera). Ira Rothken, the attorney representing the maintainers of Torrentspy, went on record as saying that they would sooner cut off all access to the search engine from IP addresses within US nets then take their site down.
This court order would set an uncomfortable precendent, in that most any website on the Net could be compelled to keep detailed and accurate logs of each and every thing accessed by anyone on the Net as part of the discovery process. This amounts to helping law enforcement gather information sufficient to determine if there is probable cause, rather than as a result of there actually being probable cause.
On top of all of this, the court ruled that the RAM of a running server is a document that must be turned over as evidence, so if a machine is seized everything active in silicon at that time (as well as the swap space) must be properly preserved and archived for later forensic analysis. Now, this has been SOP for forensics for years because sometimes intruders don't leave anything laying around on disk that can be recovered, but this is part of the discovery process, by which the court determines if any crimes have actually been committed.