Feeds

Indymedia server grab - Home Office knew, but isn't telling

Search for culprits moves on by millimetres

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Almost a month after Indymedia servers in London were seized by agencies unknown working for states unknown, a parliamentary answer suggests that the Home Office does know who seized them, and under what authority. But it's not telling.

The Home Office has been subjected to a steady drizzle of questions on the subject of Indymedia, but these have generally been answered with a denial of any involvement on the part of the agency the question refers to, followed by Caroline Flint's catchphrase: "In the circumstances I do not therefore believe that it is necessary for me to make a statement." Yesterday however John McDonnell MP scored a hit of sorts by bowling a question in fairly broad terms: "To ask the Secretary of State for the Home Department on what (a) grounds and (b) legal authority the web servers of the news agency Indymedia were seized on 7 October."

Flint's response this time was: "I can only confirm that no UK law enforcement agencies were involved in the matter. I am not at liberty to discuss the specific case in more detail."

Experienced watchers of Government stonewalling may consider the first part, which answers a question that McDonnell did not ask, as perhaps significant. Flint has already established this in previous answers, so it's not strictly necessary. The remainder isn't exactly what you'd call a full and frank disclosure, but it is not a denial of knowledge and/or involvement, and it's stronger than a refusal to comment. The Home Office would deny all knowledge and involvement if this were sustainable, but it's not. If the Home Office didn't know about foreign court order being enforced on UK soil, then as we pointed out here its lack of knowledge would be an issue.

Presumably we are therefore intended to take Flint's answer as meaning that the Home Office does know. Why, though, is the Home Office not at liberty to discuss the case in more detail?

This would be the kind of construction that might be used to avoid confirming or denying the use of the US-UK Mutual Legal Assistance Treaty (MLAT), which has a non-disclosure clause written into it. In addition, the Home Office declines to comment on any MLAT-related matter. It is therefore possible that this is an early (even a first?) sighting of the Home Office not telling the legislature about the use of an MLAT, while attempting not to tell it why it's not telling it at the same time. There is, one hopes, an obvious, inherent instability to shady treaties of this variety.

If an MLAT was not used we could still reasonably postulate some kind of informal or semi-formal MLAT-type arrangement. Rackspace handed over the servers under a US court order, the Home Office had some knowledge of what was happening and green-lighted the procedure, and the Home Office is in some way bound to secrecy. The US-UK MLAT incidentally provides for proceeding on the basis of a verbal agreement, documentation to follow, so there's some scope for it to blur into 'buddies' deals which could have an MLAT effect without even leaving a sketchy MLAT audit trail.

Also yesterday, Flint said the Secretary of State "did not receive any representations from the Federal Bureau of Investigations" in the matter. It's conceivable that somebody else might have received such representations, but as the FBI has denied involvement we can probably rule this out with a reasonable degree of certainty. Flint's denial of the involvement of UK law enforcement agencies also rules out most varieties of cop, but not the Home Office itself, and not security agencies which do not have direct enforcement powers in the UK. It occurs to The Register that hosting companies faced with court order from outside national jurisdiction might do themselves and their customers a favour if they dug their heels in for long enough to force the local uniform branch to show up with some kind of warrant. It might take a bit of nerve, but it would surely greatly enhance the audit trail.

The next stage in the slow unpicking will most likely be the Electronic Frontier Foundation's action in the US. The EFF has filed a motion in the Western Texas US District Court to unseal the seizure order. The motion itself notes that the FBI, the DoJ, the US Attorney's Office in San Antonio and the District Court itself all deny responsibility for the order, but points out that the US legislation under which the ghostly order was issued only authorises "the district court of the district in which a person resides or is found" to order the production of documents or things. As the order was served on Rackspace in San Antonio, a court in the Western District of Texas must, logically, have issued it.

If the EFF motion is successful, it should reveal more concrete details of the process, and would perhaps provide some pointers for future questions from UK MPs. It should also expose the international MLAT regime to long overdue scrutiny, because although we do not know for certain that a US-UK MLAT was used, we know one was, by the country that originated the request (Italy remains the most likely here).

It's possibly instructive at this juncture for us to provide a brief run-down of a slightly earlier FBI matter involving Indymedia, because it provides some measure of how flimsy and miscommunicated the evidence that could trigger a shutdown can be, these days. There was a post on the Indymedia Nantes site involving pictures of Swiss police, which led to the following Rackspace trouble ticket to Indymedia (22nd September 2004): " We have received a complain from the FBI regarding some images and material hosted on your server on the page below. http://nantes.indymedia.org/article.php3?id%20article=3910 [link now dead, there are several mirrors to be found] Please remove this material immediately and we understand that it contains personal information regarding two Swiss police officers as well as threats against them. Regards, Jennifer O'Connell, Rackspace AUP."

There was no personal information or threat on the page. We've heard it alleged that "Il n'y a pas que le Carpacio comme plat qui se mange froid!" is a threat but this bizarre French saying simply suggests revenge, in the sense that 'carpaccio is not the only dish that's eaten cold.' In any event, as it is said in the context of "Perhaps there are other things that this inspector will never forget," the sense is that it is the policeman who may be doing the threatening.

Both of them however look a hell of a lot jollier than anything we ever saw looking into a camera at demos in our mispent youth. They clearly do things differently in Switzerland. There's something on a related board posting (link also now dead) that could be interpreted as personal details, but unless the chubbier one is indeed called Mike and lives near a pizzeria, we suspect this of having been a joke. A further post then menaces the other, "the little shit on the right" with what might happen (unspecified) if the poster ever meets him in the street, but that's it for threats, and it's not much unless you want to lock up every mouthy juvenile on the internet.

It's followed by a heavily sarcastic post on the subject of "you courageous heroes of the revolution... you and your culinary metaphors", and the remainder of the thread then morphs (national stereotypes? We got 'em) from G8 aggro to humorous exchange of said metaphors.

So what was that all about? Well might you ask, but it seems to have been enough to prompt an FBI approach to Rackspace 'on behalf of the Swiss police', and that approach seems to have been enough for Rackspace to go into take-down mode. There's a fuller parsing of this ridiculous incident here, and a Google on 'Carpacio comme plat qui se mange froid' will find you uncensored versions practically everywhere, except for at Indymedia. ®

Related stories

Indymedia seizures: a trawl for Genoa G8 trial cover-up?
Seized servers returned, but who wanted what?
Home Office in frame over FBI's London server seizures
Feds seize Indymedia servers

Providing a secure and efficient Helpdesk

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.