Feeds

Websites could be required to retain visitor info

Even if it would break their privacy policies

Secure remote control for conventional and virtual desktops

There has long been an adage in the law that essentially states that "if it exists, it is discoverable". Now, as a result of a lawsuit involving TorrentSpy, the United States District Court for the Central District of California has essentially extended this logic to state that, "if it doesn't exist, we will require that it be created and stored so that it can become discoverable".

The case, Columbia Pictures v. Bunnell (pdf) arose when the movie studios wanted to find out the identity of people using TorrentSpy to download copyrighted works – personal information about TorrentSpy's users. TorrentSpy promised its users that it wouldn't collect such information, and had no legal obligation to do so. As the court noted:

In general, when a user clicks on a link to a page or a file on a website, the website's web server program receives from the user a request for the page or the file. The request includes the IP address of the user's computer, and the name of the requested page or file, among other things. Such information is copied into and stored in RAM.).

RAM is a form of temporary storage that every computer uses to process data. Every user request for a page or file is stored by the web server program in RAM in this fashion. The web server interprets and processes that data, while it is stored in RAM, in order to respond to user requests.

The web server then satisfies the request by sending the requested file to the user. If the website's logging function is enabled, the web server copies the request into a log file, as well as the fact that the requested file was delivered. If the logging function is not enabled, the request is not retained.

In keeping with its stated contractual privacy policy, TorrentSpy did not enable the logging function, did not capture the information in RAM (or more accurately did not store it) and therefore alleged that it could not produce it in litigation.

After TorrentSpy was sued, the question arose about whether or not the information NOT regularly collected by TorrentSpy – the information in RAM – constituted Electronically Stored Information subject to both discovery and what is called a litigation hold. Under a litigation hold, once you become aware that information you may posess is relevant to ongoing or threatened litigation, you must suspend your document destruction policy and stop deleting that relevant information.

Electronically Stored Information is defined under the Federal Rules of Civil Procedure as "information that is fixed in a tangible form and to information that is stored in a medium from which it can be retrieved and examined".

The court rejected TorrentSpy's claims that the information in RAM was never "stored" since logging was never enabled, and that requiring TorrentSpy to enable logging amounted to requiring it to "create"; records that didn' exist. Certainly, the information in RAM was – for a brief time – stored at least transitorily, just as streaming media (like a VOIP call, or videoconference) is stored on your computer for the brief interval it is being displayed.

Thus, the information is (1) electronic; (2) stored; and (3) relevant. The consequence of this is that not only is the information subject to discovery under the TorrentSpy precedent, but the entity must then suspend its document deletion policy, which in the case of TorrentSpy was to delete information in RAM that it never stored.

The potential consequences of this ruling (which is currently on appeal) are frightening. Whenever a company or other entity learns that information that it doesn't collect (or more accurately collects but doesn't store more than briefly) might be relevant to some litigation, it has to undertake affirmative efforts to start collecting and storing this information, in violation of its express privacy policy (creating potential FTC or privacy commission liability) for no purpose other than to create liability.

Thus, when you learn of the possibility of litigation, you may have to START storing streaming media, contents of VOIP calls, contents of videoconferences, webinars, chats, instant messages, logs, scans, or other electronic records that you never stored before.

The court also noted that companies "cannot insulate themselves from complying with their legal obligations to preserve and produce relevant information within their possession, custody or control and responsive to proper discovery requests, by reliance on a privacy policy -- the terms of which are entirely within [their] control". Thus, even if you SAY that the information wont be collected (stored) and you have no reason to collect (store) it, a court could mandate that you do so at your own expense.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Britain's housing crisis: What are we going to do about it?
Rent control: Better than bombs at destroying housing
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
Oz biz regulator discovers shared servers in EPIC FACEPALM
'Not aware' that one IP can hold more than one Website
Apple tried to get a ban on Galaxy, judge said: NO, NO, NO
Judge Koh refuses Samsung ban for the third time
Pedals and wheel in that Google robo-car or it's off the road – Cali DMV
And insists on $5 million insurance per motor against accidents
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?