The seizure of server hardware in London belonging to the international IndyMedia network raises some questions not yet covered by the reports in The Register etc.
The United Kindom's National High Tech Crime Unit used to try to work with businesses to minimize any "collateral damage" caused by a criminal investigative process and to ensure that there is a properly audited , uncompromised chain of evidence, as laid down in its Confidentiality Charter (.pdf)
N.B. the NHTCU website is one of the world's worst designed websites, being entirely published only in Macromedia Shockwave, with documents in Adobe .pdf format. It is now in breach of the new provisions of the Disability Discrimination Act 1995 which came into force on 1st October this year. Perhaps they simply do not want the blind Home Secretary David Blunkett from being able to browse their website.
If the Rackspace the hosting company in Stockley Park near Heathrow, simply acted on the orders of their parent company in the USA, without involving the NHCTU or their local Police force i.e. the Metropolitan Police, they will almost certainly have compromised the chain of evidence needed for any legal court action either in the UK or in the USa, or as is being reported Italy or Switzerland.
If they did go through the NHTCU, then this is a public relations disaster for the Confidentiality Charter, due to the "collateral damage" and disruption to IndyMedia websites hosted on the seized hardware which have nothing to do with any of the countries so far mentioned e.g. Uruguay etc. Why was the second IndyMedia server which serves internet radio streams also seized along with the web server ?
Why should any business or ISP cooperate with, or instigate police investigations into one part of a shared server, if it means that there will be a knock on effect on entirely innocent customers ? This is exactly what the Confidentiality Charter was intended to address.
If a warrant was issued under the UK Regulation of Investigatory Powers Act 2000, then the action of bringing the servers offline constitutes a "tipping off" offence, punishable by up to 5 years in jail. This is a "serious offence" and is therefore one for which the managers and executives of Rackspace in the USA could be extradited to the United Kingdom to face.
Both RIPA and the alleged use of the "Mutual Legal Assistance Treaty (MLAT), which establishes procedures for countries to assist each other in
investigations such as international terrorism, kidnapping and money
laundering." would imply that the investigations are of serious crimes.
IndyMedia are not involved in any such activities, as should be obvious from a quick visit to their websites.
If someone had uploaded some objectionable content to the bulletin board discussion forums, then seizure of server hardware is not only complete overkill, but is counterproductive from an intelligence gatering viewpoint as well.
The stated policy of IndyMedia is not to keep weblog files of people accessing their servers or of people contibuting articles or comments., so again, the seizure of the hardware is counterproductive from any law enforcement point of view.
Has Rackspace also handed over any of their infrastructure management system logfiles which might compromise the identities of IndyMedia readers or contributors e.g. firewall, intrusion detection system, load balancer, router, switch etc. logfiles ?
Why did the Italian or Swiss authorities not go to the UK authorities directly rather than going via the FBI ? Are they incapable of determining which country a web server is physically located in ?
Any business thinking of using Rackspace to host their servers or to use shared server space, should factor this incident into their risk assessment of the likelyhood of Denial of Service caused by the "collateral damage" resulting from Rackspace's inept management procedures.
If we had any shares in Rackspace, we would sell them immediately.
UPDATE: First hand correspondence between Rackapace and one of the administrators of one of the seized servers, including references to Rackspace help desk tickets has been blogged.
Update Wednesday 13th October:
There are some serious United Kingdom political enquiries being made about exactly under whose legal authority the seizure of the Indymedia servers was conducted.
Richard Allan MP. one of the more computer literate Members of Parliament, has tabled a Parliamentary Qquestion to the Home Office, which should be answered on Friday 15th.
"Mr Richard Allan (Sheffield, Hallam): To ask the Secretary of State for the Home Department, what recent discussions he has had with US law enforcement agencies concerning the seizure of material from UK-based internet hosting providers; and if he will make a statement"
The National Union of Journalists trades union is asking questions, and getting its affliated Members of Parliament to do so as well.
We have been told by the NHTCU that they could not comment as they have had nothing to do with the case.
After nearly a week, it seems that the disk hardware has been returned (from where ?, by whom ?)
Update Wednesday 14th October
Richard Allan MP has >another Parliamentary Question tabled to be answeredon Monday 18th October:
"Mr Richard Allan (Sheffield, Hallam): To ask the Secretary of State for the Home Department, which UK law enforcement agencies were involved in the seizure of computer disks containing material published by Indymedia from the London offices of Rackspace."
If it was the Security Service MI5 or other "secret" agencies, then the Government will not answer. However, if the idea was to provide evidence suitable for a foreign court, then there would be no involvement of such "secret" agencies.
They should do if it was the Metropolitan Police (vague reports but no statement from them one way or the other) or the National High Tech Crime Unit ( who were not involved at all , according the reply they gave to us)
Conceivably some other agency such as Her Majesty's Customs and Excise could have been involved, but this would be unlikely.