The Federal Court, the Music Industry and the Universities: Lessons for Forensic Computing Specialists Vlasti Broucek 1 Sandra Frings 2 Paul Turner 1 1 School of Information Systems, University of Tasmania, e-mail: Vlasti.Broucek@utas.edu.au Paul.Turner@utas.edu.au 2 Fraunhofer Institut fuer Arbeitswirtschaft und Organisation, Competence Center Software-Management, Stuttgart, Germany e-mail: Sandra.Frings@iao.fhg.de Abstract The recent judgement in the Australian Federal Court case involving the Music Industry and three Australian Universities is disturbing in a number of ways. Aside from the worrying implications of the judgement for individual privacy and data protection, the case has revealed serious flaws in understanding amongst all participants over the nature of digital evidence and how it should best be collected, analysed and presented. In this context, this paper reviews the case from a forensic computing perspective and considers the approaches of the three parties involved – applicants, respondents and federal court judge. The paper also recommends the development of standard framework for forensic investigations and briefly presents the framework proposed by European CTOSE project. The paper concludes by considering the implications of this case for the forensic computing domain. Keywords MP3, computer forensics, process model, CTOSE, C*CAT, legal, privacy, cyber crime, federal court INTRODUCTION The recent case in the Federal Court of Australia involving Sony Music Entertainment (Australia) Limited, Universal Music Australia Pty Limited and EMI Music Australia Pty Limited (the applicants) and three Australian Universities – the University of Tasmania, University of Melbourne and University of Sydney (the respondents) has generated considerable public interest and debate. Unfortunately, much of the debate and conjecture around the case has been misplaced due to incorrect reporting in many media reports that suggested the case was about the Universities being sued for copyright infringement. There were also other media reports suggesting eleven Australian Universities were involved in the “MP3 Piracy Case“ as it has alternatively been called (Aust unis in court over file-swapping, 2003; Lamount, 2003; Morgan, 2003; Rose, 2003). If this is the situation, it is indeed noting that of all the Australian Universities approached only these three offered any resistance to initial requests by the Music Industry for access to their digital files and networks. In reality this Federal court case was procedural in nature and involved the Music Industry applicants seeking a “discovery ruling” against the three Universities involved. This paper reviews the case, identifies issues and challenges and draws out lessons for forensic computing specialists. The paper also presents details of the European “Cyber Tools On-line Search for Evidence” (CTOSE) project and its reference process model that has made a major contribution to the development of a standardised approach to the conduct of forensic computing investigations (Frings, Stanisic-Petrovic, & Urry, 2003; Urry & Mitchison, 2003). THE CASE SO FAR On January 23, 2003 the Australian Record Industry Association (ARIA) released information suggesting that the industry was suffering significant losses in earnings due to on-line piracy and that the industry was determined to combat these activities (Online piracy hurts 2002 music sales: ARIA, 2003). While peer-to-peer (P2P) networks were not specifically targeted in this case, ARIA also cited its US counterpart, the Record Industry Association of America (RIAA), ongoing war with peer-to-peer networks and their users. At around Broucek, Frings, Turner (Paper #20) 1st Australian Computer, Network & Information Forensics Conference 2003 Page 1 25 November 2003, Perth, Western Australia