Feeds

US court files reveal Italian link to Indymedia server grab

But no legal authority for grabbing them

  • alert
  • submit to reddit

3 Big data security analytics techniques

Documents relating to the seizure of Indymedia's servers at Rackspace's Heathrow premises have finally been unsealed by a Texas district court. Some information remains under seal, and the documents released by no means provide the full picture, but it is now clear that yes, it was the Italians, and no, there was no obvious legal basis for the seizure of the servers themselves. And as regards the British Government's apparent insouciance regarding the (faulty) operation of US court orders within British jurisdiction but without any British authorisation, well, that remains a puzzle.

The various documents, which are available at the EFF, here, show that the action took place as a consequence of a mutual legal assistance request from Italy to the US, relating to servers hosted by Rackspace in Texas. The Italian request pretty much confirms what it was possible to piece together a few weeks after the seizure. That is, an investigation into an anarchist grouping which the Italian authorities believed was connected to parcel bombs sent to, among other people, former EU Commission President Romano Prodi was trying to track the origins of some posting allegedly made at Indymedia Italy. Indymedia denies the existence of such postings, and insists that the group, the FAI, doesn't use Indymedia, but as Indymedia was never contacted about the matter it has never had a chance to cooperate.

According to the Italian request, the postings it wanted information on were at URLs (which have been redacted from the document) that "are all part of the web site http://indymedia.org. Indymedia is a self-styled 'international collectively run media network providing a radical objective and impassioned account of the truth', which is politically near to the extremist millieu, and purports to be an alternative to the news supplied by institutionally recognised and officially registered press and radio-TV broadcasting agencies." Nor, they might have added, is it owned by the Italian Prime Minister. The request does contain a couple of unredacted URLs which it associates with hosts in the Netherlands and Spain, but if there was any UK connection then it was in the redacted section.

The document, from the Bologna Public Prosecutor's Office, does make clear what is required, and it is the log files, not the servers. "To the purpose of identifying the internet users who published the web version of the document claiming responsibility for the terrorist attacks in the above listed web spaces, Italian prosecuting authority needs to obtain the log files in relation to the creation and updating of the contents of said spaces. The examination of the log files might disclose the IP addresses as well as the date and time of the internet connections, through which the documents were published in the web. The log files should be obtained from the Internet Service Provider managing the servers hosting the above web spaces."

The document goes on to suggest that a widespread conspiracy may exist, saying "said terrorist attacks are the result both of a common strategy agreed upon by different pro-insurrection factions of the anarchist movement and of world-wide operational links, also consisting in the dissemination on the web of copies of the document claiming responsibility for the attacks."

The US authorities seem receptive to the notion that Indymedia is the publishing arm of some kind of global conspiracy, and have had some run-ins with it over log files in the past. As far as we know Indymedia servers do not generally log originating IPs, and when requests for cooperation are made (generally to the ISP, rather than direct to Indymedia), Indymedia will usually try to resist them, within the bounds of legality. Which is pretty much what you'd expect your ISP to do for you, but as you may have noticed, most of them don't.

It's not clear from the documents how the request for log files from Rackspace in Texas resulted in the seizure of servers operated by Rackspace in Heathrow, however the documents include a certification dated 21st December 2004 from Assistant US Attorney Don Calvert that a CD "is a true and correct copy of log files in relation to the creation and updating of the web spaces corresponding to the following URLs [redacted]". So we don't know whether they got the log files from Texas or Heathrow, but we do know they think they got the right log files. They also, potentially, got the run of Indymedia's servers at Rackspace, Texas, and the only thing stopping them having the run of the Heathrow servers, which they had in their possession for several days, would have been their own honesty and uprightness.

Rackspace's role in the affair doesn't look particularly glorious. The subpoena required Rackspace to hand over log files by 13th August 2004, but on 7th October 2004 Rackspace told Indymedia that it had "received a federal order to provide your hardware to the requesting agency." The day after, Rackspace issued a statement saying that "The court prohibits Rackspace from commenting further on this matter." Which it doesn't - the court order merely says that notice to the other parties (i.e. Indymedia) is not required.

Now, it's perfectly conceivable (actually, we'd say 'probable') that it wouldn't exactly be easy for the hosting company to just lift the log files from an Indymedia server, and that some form of more radical surgery might be required to get them. It's also perfectly conceivable that attempts to track down the log files might lead to servers in Heathrow, London. But if either of these were the case it would be nice to think that the hosting company might try to mount some kind of legal defence against what might easily be seen as a fishing expedition.

Certainly, one would expect the company to do this once the request got as far as London, if only to protect its own arse. The Home Office's denials of involvement or responsibility for the seizures leaves only one target, and if as seems likely there was no legal authority for the seizures in the UK, then Rackspace could well have been in violation of the Data Protection Act or the Regulation of Investigatory Powers Act. We've had occasion to observe before now that the powers that be seem not to have a totally firm grasp of the operation of RIPA and its ilk, but it'd be something of a breakthrough if they contrived to get themselves busted under its terms - isn't it supposed to be pointing in the other direction? ®

Related Links:

EFF info and documentation on the case
Indymedia's case history
Legal row after police seize Bristol Indymedia server
We seize servers, you can't complain - US gov
Indymedia server grab - Home Office knew, but isn't telling
Indymedia: the tale of the servers 'nobody' seized
Indymedia seizures: a trawl for Genoa G8 trial cover-up?

High performance access to file storage

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.