Legal woes mount for TorrentSpy

Hollywood has pounded TorrentSpy this past week, winning two important court decisions against the BitTorrent search engine that could hand the movie industry some powerful new tools in its fight against illegal file sharing.

But the Electronic Frontier Foundation, a proponent of strong privacy laws on the Web, has criticized the court findings and claim they pose serious threats to Internet users.

Last week, U.S. District Judge Florence-Marie Cooper threw out the lawsuit TorrentSpy brought against the Motion Picture Association of America last year for allegedly purchasing copies of private e-mails belonging to TorrentSpy executives. Robert Anderson, a former business associate of one of TorrentSpy's founders, acknowledged "hacking" into the company's e-mail systems and rigging it so he would receive a copy of all outgoing and incoming e-mail correspondence. He later sold the information to the MPAA for $15,000.

Yet, the theft of the e-mails did not violate the federal Wiretap Act, according to Cooper. Kevin Bankston, an EFF staff attorney, said Cooper misread the law.

"Not only does this open the door to privacy abuses in civil cases but it also could lead to abuses by the government."

--Kevin Bankston,
EFF staff attorney

"Essentially, one can do ongoing surveillance of another party's e-mails without their consent and not violate the law," Bankston said. "Not only does this open the door to privacy abuses in civil cases but it also could lead to abuses by the government...It's an incredibly dangerous decision."

An MPAA representative did not respond to requests for comment.

In TorrentSpy's other courtroom setback in recent days, Cooper denied an appeal that she overturn an earlier court order that required the company to log specific user information. A magistrate judge, in an unprecedented decision, ordered TorrentSpy in June to begin logging IP addresses found in a computer's temporary memory.

On Sunday, just ahead of Cooper's rejection, TorrentSpy announced that it would begin blocking U.S. residents' access to the site. TorrentSpy's executives had said for months that it would shut down in the U.S. rather than give up user data.

Here again, EFF says the judge's decision erodes the public's privacy protections.

Nancy Prager, a Washington, D.C.-based copyright attorney, agreed with the court's decision and said that copyright holders should be allowed access to information about people who may ripping them off.

"It's not about the users in this case," Prager said. "I'm all for Internet privacy, but basically the courts are saying companies aren't allowed to give users a free pass on acts that would be illegal or violate someone's rights."

The legal wrangling began last year when the MPAA first filed a copyright lawsuit against TorrentSpy, alleging that the company was violating copyright law by helping file sharers find pirated movies. The dispute escalated when TorrentSpy accused the MPAA of hiring a hacker to pilfer the company's trade secrets.

In her 12-page finding on the hacking issue, Cooper based part of her decision on how the law defines the word "intercept." She said that to violate the Wiretap Act, someone must intentionally intercept an e-mail, as opposed to acquiring from electronic storage. She interpreted the word intercept to mean "to stop, seize, or interrupt in progress before arrival."

The Wiretap Act is part of the Electronic Communications Privacy Act of 1986. Congress enacted the law to protect the privacy of electronic communications, and the law makes it illegal to "intentionally intercept any wire, oral or electronic communication."

Cooper wrote that because TorrentSpy stored e-mails on its server before they were copied and forwarded to Anderson's e-mail account, there was technically no interception.

"Anderson configured (TorrentSpy's) e-mail server software so that all (of the company's e-mails) were copied and forwarded from the server to his Google e-mail account," the judge wrote. "If the e-mails had not been stored on the server, Anderson would not have acquired copies of them."

Ira Rothken, TorrentSpy's attorney, said that Anderson snatched the e-mails simultaneously with the transmission of incoming and outgoing e-mails.

"We believe that for the Wiretap Act to have any meaning in the digital age," Rothken said, "it would have to apply to a situation like this."

Computer experts have pointed out that e-mails are held in RAM storage even before being sent from one user to another. EFF's Bankston argues that the judge's reading of the case makes it physically and legally impossible to intercept e-mail in a way that violates federal wiretap laws.

Rothken said the company plans to appeal Cooper's decision with the 9th U.S. Circuit Court of Appeals and he expects EFF to join the case as co-counsel.

"There is a split of authority across the United States on whether the wiretap statute applies to the interception of e-mails," Rothken said. "And we are optimistic that the 9th Circuit will provide in appropriate decision."

[inachu]

Seems the judge doesn't know the meaning.

Wiretap be it live data as it is sent or stored data being sent over communication is still a wiretap if it is done by third party or for a third party who is not in direct dealings with the first and second party. This is also known as theft. Let the theives be punished and the data erased.

One theft of a movie or music files does not allow theft by owners of said music/movie.

So if a movie is made and the movie stolen then it is ok for RIAA or MPAA to steal the car of Steven Segal?

[zincmann]

Its amazing what MPAA $$ Can Buy...

It buys the judges decisions, it buys governmental laws, it buys winning lawsuits which on other terms would be illegal and inadmissable but in this case the MPAA did nothing wrong and had no wrong doing. Fun Stuff!

[arluthier]

US Mail Boxes

Hmmm I wonder if the Judge would mind if I went and pulled out her mail from her mailbox on the curb... copied it all and then crammed it back in the mailbox.

Why should she? It was stored in her mailbox before I copied it!

Idiot? Or on the MPAA payroll?

[Josh Freedman]

Is this not Piracy?

I don't get this...

If I write an email or any sort of text, is that not my intellectual
property? Regardless of wiretap, this should be considered piracy.
The MPAA paid for and had in their possession illegal copies of
someone elses work. They knowingly purchased stolen and copies
IP. Shouldn't the torrent spy executives be able to sue the MPAA
for at least $15,000+ punitive damages?

[unknown unknown]

RE

I am not an attorney, but I believe the judge must rule on complaints before her. Since TorrentSpy didn't claim that the actions of the hacker and subsequent purchase by the MPAA violated TorrentSpy's copyright interest in those emails the judge can't rule on it.

[ben::zen]

It's all a matter of privacy

Basically, what they did was corporate
espionage, and spying. By buying copies of
communications to and from people, the MPAA
actually seriously violated their reasonable
expectation of privacy. Why the hell they
weren't encrypting mail is beyond me.

[vhac]

Amazing Judge

Wow
"Anderson configured (TorrentSpy's) e-mail server software so that all (of the company's e-mails) were copied and forwarded from the server to his Google e-mail account," the judge wrote. "If the e-mails had not been stored on the server, Anderson would not have acquired copies of them."
So it's not a crime to hack into a bank, copies the credit card numbers/customer information too huh Judge? I mean, after all, it the credit cards/customers information isn't on the server, then the hacker wouldn't be able to acquire copies of them. I sure wonder how much this judge get paid from MPAA.....eh, I mean donation.

[V1Joker]

Its only illegal...

...when you do not work for the bank. If you work for the company in question then its not illegal is just bad judgement. Anderson did not hack into the server he had access to it because of his status in the company. So if you are an it person with access to the mail servers its ok for you to reconfigure the server to send any email to your private account. Got to love the law.

[SirWumpus]

Luser Judge

Email, more specifically the SMTP protocol (RFC 821, 2821), was designed as a store-then-forward model in order to guarantee relibility of email delivery in the event of outages and communication problems; each mail server along the delivery route would temporarily store a copy of an email between a few seconds to days, depending on the accessibility of the next mail server closer to the destination to receive and process the mail.

By design almost every mail transfer agent will store a copy of an email into a queue file before forwarding onto the next server that is "closer" to the recipient's mailbox. Eventually the mail will arrive in the recipient's "inbox" at their mail provider / hosting service, but I could argue that this is NOT the final destination and that the mail is still in transit until it is received by the recipient on their (primary) computer and removed from the mail provider/host server.

This ruling effectively makes it legal to copy any email in transit, while it remains in the form of a temporary queue / transit file. Essentially this ruling sets a precedent where law enforcement could have carte blache to copy queue files for email or other computer communications that save messages in temporary files, rather than "intercept off the wire" in the classic sense with packet sniffing tools like WireShark or similar.

If you use store your email on a mail server for access by IMAP, web mail interface, or POP-leave-on-server-mode you could be open to legalised information theft by law enforcement or computer savvy private investigator (eg. hacker for hire).

[Hardrada]

"legal to copy any email"

"This ruling effectively makes it legal to copy any email"

Only if you can defend doing it, in another court.

[Invalid_Username]

Then phone calls can't be "intercepted"

That judge is a complete moron. Does she think that the wiretap laws don't apply to phone lines being TAPPED if the receiver can still HEAR the conversation?? What an idiot. This will never get past a court with judges that are aware of either the english language, electronics, the law, or communications.

[Hardrada]

If judges can MAKE law...

...we're all screwed. It's been going on for how long now?

Judges are not the least bit accountable, as any body that makes law must be.

The Constitution does not provide for any judiciary to have a law-making role.

This unwanted role is responsible for some of the most repellent aspects of our existence: Tyranny by a virtual "god", a party of one, who decides what all of us must have meant when we instructed our lawmakers by electing them to represent us.

Just look at California's propositions that have been overturned, some repeatedly. Disgusting.

One answer: Jury nullification (of bad "laws""), but judges fight tooth and nail, includinf threats, if juries exercise this right.

[kromaethius007]

Legislation From The Bench...

Yeah, this has been going on for quite a long time, decades in fact. This is what happens when the "Sovereign? becomes complacent through various means. One comes to the tip of my tongue, and that?s the blind sidedness of Civics being dropped from the curriculum of public education, and oh, not to mention the ?Pledge of Allegiance.?

Where am I going with this?

The American Government and the ?Sovereign? meaning all of us citizens have become quite, two different entities. The American Government want nothing more to use the media to distract and detour the public?s eye from themselves, dummy down America by several key means, manipulating the Media on where the Media spends more time and energy sensationalizing and entertaining rather than true unadulterated journalism. Besides, anyone who really knows and understands, the media is nothing more than a profit margin ? It all use to be a loss in the Corporate TV World, and certainly never used as a forth wing of the government.
The second in the ?Dummying Down America? is simply numbing and reversing the educational standards in the public and even the private sector. So who?s fault is it ultimately?

Ours!

[gerardogerardo80]

Is it Memorex? then a copy is not a pirated movie.

I WONDER IF THE JUDGE IS GETTING A PIECE OF PIE SOMEWHERE UNDER THE RAINBOW. It must be

[inachu]

Awsome comeback.

Personally I never liked torrentspy anyway. But anyhow this shows the education level of the judge of what he really knows about copies..... not much.

[aabcdefghij987654321]

Some judge...

Makes judicial activism look bad.

[Rob07601]

Judicial activism is bad, very bad.

I've often heard references to the "letter" of the law and the "spirit" of the law, if there is any doubt about how to apply the law they should research what it was meant to do (judges do still have law clerks?). Today?s reinterpretation could be reinterpreted tomorrow.

If we apply the law whatever way we feel like it, we have FDR ignoring the 14th amendment and Habeas Corpus and imprisoning an entire race of people that were American citizens (Japanese descended, Google Manzanar).

Imagine your boss "investigating" possible theft by legally hacking all employees home computers and all of your incoming and outgoing email for possible evidence and that's ok?

Some people say the Constitution is a living document and it is, but it lives through amendment, not reinterpretation.

[wmorriss]

Don't Blame the Judge

If you read the opinion, it becomes clear that the judge did understand the implications of the order (e.g., she knew that emails are always stored at least temporarily in memory) and the wiretap act. The problem was that the law is written so that stealing emails is covered by a different law, and that law wasn't violated. In this case, it would have been judicial activism (i.e., ignoring the law to reach a desired result) if the judge <i>hadn't</i> found against the plaintiffs. I put more information (including links) <a href="http://ephemerallaw.blogspot.com/2007/09/know-your-pleadings-electronic.html">here</a>. However, the bottom line is that, while this wasn't necessarily a just result, it wasn't a result that was reached by an out of control judge who didn't know the first thing about email.

[shawnlin]

All remote communications are "stored"...

No offense, all remote communications (including phone calls &#38; traditional emails) are stored in one way or another. These communications travel through either copper wires or fiber optics. In either case, the communications are traveling within a medium. So since it is in a medium while it is traveling inside it, isn't the communications being store in a wire or fiber for a very brief period when it is traveling between two ends of the wire or fiber? Also, don't forget about the routers and switches that connect the wire and/or fiber, many of them "store and forward" (in its RAM) as well. What this judge is basically claiming the wiretap law can't really apply as it can only be applied in a theoretical scenario).

[albundyhere]

Follow in Pirate Bay's Footsteps...

All Torrentspy has to do is follow in Pirate Bay's Footsteps and all is well. But in worst case scenario, Torrentspy shoul do the same to the MPAA's emails and use that against them. Hey, its now legal!

[shawnlin]

Judge Doesn't Understand Technology (Yes, I read the 12 page ruling)

The ruling does not mention the technical details of how the "copy and forward" function was implemented in the server.

If the "copy and forward" function was implemented by a program (including processes or threads) either running on the same mail server or on an external computing device that actively pulls information from the mail file/db, then I would agree that it isn't wiretapping.

If the "copy and foward" function was implemented more like a the ".forward" file on Linux/Unix systems (not sure what it would be in Windows), where one could put an external email account on the first line, and the mailbox name of the intended email recipient of the server on the second line, the mail server would store a copy in the recipient's mail file/db as well as forward another copy to the external email account as indicated. If this is the case, then the wiretap law would apply as the mail was being copied, before it was placed in the mail file/db for the user. In the case, the mail was wiretapped when it was enroute to the destination; at this stage, the mail was still being "routed".

If the judge's decision holds, then wiretaps would be impossible to impliment in reality. When remote communications occur, they travel through wires or fiber optics. So aren't the communications being "stored" while traveling between to ends of a wire or fiber? For data communications, the data travels through routers which would also temporarily store the data in the memory of routers so it can be routed. So it wouldn't be illegal under wirelap law if I configured the router to send a copy of all inbound communications to another destination without proper authorization? Even for voice calls, not many phone companies use switchboard ladies to swith phone calls anymore. Most of them use automated computing devices as switchboards that would end up storing the voice in these devices for a brief period of time. Most cell phone transmission devices/towers (2nd generation and up) have to cache voice as they are being transmitted as cell phones as the trasmission switches on &#38; off very fast. Its just that the switching is very fast that to us, we may not notice it. So does that mean that I can monitor conversations on cell phone tranmission devices/towers without authorization and not violate wiretap laws?

Clearly if the judge does understand the wirelap law, the judge should have considered how the "copy and forward" function was implemented. The judge used examples of previous rulings where individuals who logged on to systems (BBS or some sort of ERP system) without authorization to view confidential were determined not to have violated the wiretap law. Yet, the judge did not investigate whether a program (including processes or threads) was actively accessing the user's mail file and forward any new mail that was detected. Or whether the standard routing feature of a mail server was modified to forward a copy of all incomming mail (either before or after storing the email in the recipient's mail file/db). If it was a latter case, I would think the wiretap law would be violated. Otherwise, the wiretap law would be impossible to violate in real life. (ie. I'm only making a copy of information stored in wire, fiber, or router. So that's not intercepting, right? )