Server data in RAM must be saved, court says

The data lived in RAM—gone every time the server rebooted. The court said: you should have saved it. A federal judge ordered a website operator to turn over server logs stored only in temporary memory, rejecting the argument that the data was too volatile to preserve.

The server software had a checkbox on its configuration screen. One click would have written the logs to the hard drive. The operator never pressed it. Then came the lawsuit, and the data was already gone—overwritten by newer traffic, erased by every restart. The studios wanted those logs. The operator said: impossible. The judge said: your own fault.

When the server logs vanished

The case began with a familiar Hollywood problem: movie studios losing money to online piracy. Columbia Pictures Industries and other film studios sued Justin Bunnell, the operator of a website called Torrent Spy. The site, they alleged, helped users share copyrighted movies without permission—a form of secondary copyright infringement (helping others break copyright law).

To prove their case, the studios needed one critical piece of information: the IP addresses of users who had downloaded movies through the site. That data lived in the server logs—records of every connection the server made. But there was a problem. Bunnell's server stored those logs only in RAM (Random Access Memory, the computer's temporary workspace that clears every time the machine shuts down or reboots).

The studios filed a discovery motion (a formal request to force the other side to hand over evidence). They wanted the server log data. Bunnell said it was impossible to produce. The data, he argued, had "limited storage and overwriting of the data with the newer data"—meaning the RAM kept writing new information on top of the old, erasing the logs the studios needed.

Why the court said 'not good enough'

The US District Court for the Central District of California did not buy the argument. The judge looked at what Bunnell could have done but didn't. The server software had a built-in function that could write server logs directly to the hard disk—a permanent storage that doesn't disappear on reboot. Bunnell had simply never enabled it.

The court "faulted failure on the part of the defendant to enable the webserver function that writes the server log to the hard disk." In plain English: the judge said Bunnell had an affirmative duty to preserve the data (a legal obligation to keep evidence that might be relevant in a lawsuit). He had the tools to save it. He just didn't use them.

The court directed Bunnell to enable the hard-disk logging function and produce the data. The ruling confirmed that server log data stored in RAM—highly volatile, temporary information—was discoverable (could be legally demanded as evidence).

The procedural mechanics of the discovery motion

This was a discovery motion—a pre-trial skirmish, not the final battle. The plaintiffs (Columbia Pictures Industries and others) sought to compel the defendant (Justin Bunnell) to produce server log data that existed only in volatile memory. The motion was filed to support their case of secondary copyright infringement, which required proof that users had downloaded copyrighted material through the Torrent Spy website. Without the IP addresses in the server logs, the studios could not identify the alleged infringers, and their case would collapse at the starting line.

The defendant's argument was technical: the data had "limited storage and overwriting of the data with the newer data." In other words, the RAM was a finite resource—every new connection wrote over old information, and every server restart erased everything. The data, Bunnell claimed, was simply not there anymore. The court did not find favour with this reasoning. It examined what had happened inside the server room: the machine hummed, data cycled through RAM every few seconds, and the logging checkbox sat unchecked on the configuration screen—a single setting that could have saved it all to the hard disk, untouched.

The court's reasoning on affirmative duty

The critical move in the court's logic was the concept of an affirmative duty to preserve. The court did not merely say the data was discoverable in theory. It said the defendant had failed to take a concrete step—enabling the hard-disk logging function—that would have preserved the data for litigation. The ruling makes clear that a party cannot rely on the inherent volatility of a storage medium if they had the ability to make that data permanent and chose not to.

The court's language was pointed: it "faulted failure on the part of the defendant to enable the webserver function that writes the server log to the hard disk." The word "faulted" is significant—it implies not just a technical oversight but a legal failing. The defendant had an affirmative duty to preserve evidence relevant to reasonably anticipated litigation. By leaving the logging function disabled, Bunnell had breached that duty. The court then "directed the defendant to enable the same"—ordering him to turn on the feature and produce whatever data remained. The order landed like a single page with a single instruction: enable logging.

This concept of an affirmative duty is not new, but its application to volatile data is what makes the ruling significant. The duty to preserve arises when litigation is reasonably anticipated—not when a lawsuit is filed, but when a party should know it is coming. In Bunnell's case, the Torrent Spy website had been operating for years, and the studios had sent cease-and-desist letters before filing. The court found that Bunnell should have anticipated litigation and taken steps to preserve data. The failure to enable hard-disk logging was not a technical oversight; it was a legal breach.

The court's reasoning also addressed the nature of the data itself. RAM is volatile by design—it is meant to be temporary. But the court refused to treat that volatility as a shield. If a party could avoid discovery simply by choosing to store data in a volatile medium, the entire edifice of e-discovery would collapse. The ruling closes that loophole by focusing on what the party could have done rather than what the technology naturally does.

Implications for e-discovery law

The Torrent Spy case is a landmark in e-discovery (the process of finding and producing electronic evidence in lawsuits). It establishes that data stored in RAM—the most volatile form of digital storage—is not immune from discovery obligations. The ruling closes a potential loophole: if companies could avoid producing data simply by storing it in temporary memory, they could hide evidence in plain sight. The court's decision prevents that strategy.

For legal professionals, the case means that preservation obligations extend to all forms of data storage, including temporary ones. If your server software has a logging feature that writes to permanent storage, you must enable it—especially if you anticipate litigation. The ruling also suggests that courts will look at what steps a party could have taken, not just what they did take. A failure to flip a switch is a failure to preserve.

For IT departments and compliance officers, the lesson is operational. Server configurations matter. A simple setting—enable hard-disk logging—can mean the difference between producing evidence and being sanctioned for spoliation (the destruction or loss of evidence). The case also highlights the importance of document retention policies that cover volatile data. If your systems only store logs in RAM, you may need to change that configuration before a lawsuit lands on your desk.

The ruling also has implications for cloud service providers and SaaS companies. Many cloud platforms store logs in temporary memory by default, overwriting old data as new data comes in. The Torrent Spy case suggests that these companies may have an affirmative duty to preserve data if they anticipate litigation—or even if they should reasonably anticipate it. A standard terms-of-service clause disclaiming data retention may not be enough to shield a company from discovery obligations.

The broader message for digital businesses

The Torrent Spy ruling sends a clear message to anyone operating a website, a cloud service, or any digital platform: you cannot hide behind technical limitations you created yourself. If your server software has a feature that saves data permanently, and you choose not to turn it on, a court will not accept "the data got overwritten" as an excuse.

For lawyers and compliance officers, the ruling means that preservation obligations (the duty to keep evidence) extend to data in temporary storage. RAM is not a safe haven. If the data could have been saved—even if it required changing a setting or writing a few lines of code—the court expects you to have done it.

The case also serves as a reminder that discovery obligations are not passive. A party cannot simply wait for a lawsuit and then claim the data is gone. The duty to preserve is active: you must take steps to ensure that relevant data is not destroyed, even if that means changing your server configuration. The court's order in Torrent Spy—directing Bunnell to enable hard-disk logging—was not just about producing data; it was about establishing a standard of conduct for all parties facing potential litigation.

THE PLAY: Enable server logging to permanent storage before litigation begins—courts will not excuse data loss caused by your own failure to flip a switch.

The data lived in RAM. The court said it should have lived on a hard drive. That distinction may define the next generation of electronic discovery disputes.