Perilous Data Retention Policies: What not to ignore.
By: Chad A. Kirby, J.D., Ph.D.
TorrentSpy.com is a popular web site that maintains a searchable index of torrent files. A “torrent” is a file that is used by peer-to-peer file sharing programs, such as BitTorrent. Torrents create a method of distributing large amounts of data widely without the original distributor incurring the entire costs of hardware, hosting and bandwidth resources. Instead, each recipient supplies pieces of the data to newer recipients, reducing the cost and burden on any given individual source, providing redundancy against system problems, and reducing dependence on the original distributor. However, just like the pear-to-peer protocols that allowed the unauthorized sharing of music, many torrents contain information from which one could obtain unauthorized copies of copyrighted movies.
Motion Picture Association of America on the Offensive
Much like Napster was sued several years ago, a number of movie studios have sued TorrentSpy, alleging that it contributes to and profits from copyright infringement. During the litigation, the studios requested identifying information about all users who have shared, searched for, or downloaded torrent files for copyrighted movies. The studios expected that such information would be contained in “log files” that are typically stored on computer servers; but, in response to the request, TorrentSpy asserted that no documents existed that contained any such information. The documents did not exist because TorrentSpy had made a conscious decision not to store any log files on its servers.
In the dispute that followed, the studios sought to force TorrentSpy to begin storing identifying user data, arguing that identifying “documents” did exist because the RAM in TorrentSpy’s servers had to store for at least a few milliseconds the IP addresses of users who searched for and downloaded movie torrent files. The studios asserted that data “stored” in RAM even for an instant is “electronically stored information” for purposes of federal discovery Rule 34 and is therefore subject to preservation and discovery. In response, TorrentSpy asserted that Rule 34 requires only that a party produce documents that are already in existence. It argued that data is not “stored” in RAM when the data exists only transiently and is used only to enable the normal operation of a web server.
TorrentSpy lost, and the magistrate judge hearing the case ordered TorrentSpy to begin preserving and producing log data from its servers. For the first time, a court held that data stored only fleetingly in RAM constitutes electronically stored information (ESI) under Rule 34.
What can you learn from TorrentSpy?
This holding is potentially troubling to litigants because it could dramatically expand the burdens that companies face in federal lawsuits, potentially forcing them to create and store an unprecedented amount of data, including not only computer server logs, but also digital telephone conversations and drafts of documents never saved or sent. Think about the data that is stored in the RAM of your company’s computers: Every keystroke you type, every file or email you ever create is temporarily stored in RAM, even if you never save the file or send the email.
The court in TorrentSpy was aware of the potential impact of its holding and attempted to limit the reach of the order, emphasizing that the court’s ruling “should not be read to require litigants in all cases to preserve and produce electronically stored information that is temporarily stored in RAM.” The court went on to set out four factors that it used to determine whether data in RAM must be preserved and produced: 1) the “nature” of the case; 2) whether the data in question would potentially definitively decide an issue in the case; 3) whether the data in question is otherwise unavailable; and 4) whether preservation and production is unduly burdensome or costly.
Should you be doing things differently?
So what does all this mean for potential litigants? First, the ruling only potentially affects litigants in federal court, not those in state court. For those in federal court, the ultimate impact of TorrentSpy will probably not be determined for several years. For the moment, it will probably only impact a few cases in which server log data is particularly important. But it may be hard to unring this bell. As we increasingly rely on computers and as the amount of data that we create and store grows ever larger, courts will have to struggle to find a balance that allows full and fair access to necessary information without imposing completely unrealistic data retention burdens on litigants that rely heavily on large information technology systems. In the meantime, potential litigants would be wise to consider their data retention policies before landing in court.
