US court files reveal Italian link to Indymedia server grab

But no legal authority for grabbing them

  • alert
  • submit to reddit

High performance access to file storage

Documents relating to the seizure of Indymedia's servers at Rackspace's Heathrow premises have finally been unsealed by a Texas district court. Some information remains under seal, and the documents released by no means provide the full picture, but it is now clear that yes, it was the Italians, and no, there was no obvious legal basis for the seizure of the servers themselves. And as regards the British Government's apparent insouciance regarding the (faulty) operation of US court orders within British jurisdiction but without any British authorisation, well, that remains a puzzle.

The various documents, which are available at the EFF, here, show that the action took place as a consequence of a mutual legal assistance request from Italy to the US, relating to servers hosted by Rackspace in Texas. The Italian request pretty much confirms what it was possible to piece together a few weeks after the seizure. That is, an investigation into an anarchist grouping which the Italian authorities believed was connected to parcel bombs sent to, among other people, former EU Commission President Romano Prodi was trying to track the origins of some posting allegedly made at Indymedia Italy. Indymedia denies the existence of such postings, and insists that the group, the FAI, doesn't use Indymedia, but as Indymedia was never contacted about the matter it has never had a chance to cooperate.

According to the Italian request, the postings it wanted information on were at URLs (which have been redacted from the document) that "are all part of the web site http://indymedia.org. Indymedia is a self-styled 'international collectively run media network providing a radical objective and impassioned account of the truth', which is politically near to the extremist millieu, and purports to be an alternative to the news supplied by institutionally recognised and officially registered press and radio-TV broadcasting agencies." Nor, they might have added, is it owned by the Italian Prime Minister. The request does contain a couple of unredacted URLs which it associates with hosts in the Netherlands and Spain, but if there was any UK connection then it was in the redacted section.

The document, from the Bologna Public Prosecutor's Office, does make clear what is required, and it is the log files, not the servers. "To the purpose of identifying the internet users who published the web version of the document claiming responsibility for the terrorist attacks in the above listed web spaces, Italian prosecuting authority needs to obtain the log files in relation to the creation and updating of the contents of said spaces. The examination of the log files might disclose the IP addresses as well as the date and time of the internet connections, through which the documents were published in the web. The log files should be obtained from the Internet Service Provider managing the servers hosting the above web spaces."

The document goes on to suggest that a widespread conspiracy may exist, saying "said terrorist attacks are the result both of a common strategy agreed upon by different pro-insurrection factions of the anarchist movement and of world-wide operational links, also consisting in the dissemination on the web of copies of the document claiming responsibility for the attacks."

The US authorities seem receptive to the notion that Indymedia is the publishing arm of some kind of global conspiracy, and have had some run-ins with it over log files in the past. As far as we know Indymedia servers do not generally log originating IPs, and when requests for cooperation are made (generally to the ISP, rather than direct to Indymedia), Indymedia will usually try to resist them, within the bounds of legality. Which is pretty much what you'd expect your ISP to do for you, but as you may have noticed, most of them don't.

It's not clear from the documents how the request for log files from Rackspace in Texas resulted in the seizure of servers operated by Rackspace in Heathrow, however the documents include a certification dated 21st December 2004 from Assistant US Attorney Don Calvert that a CD "is a true and correct copy of log files in relation to the creation and updating of the web spaces corresponding to the following URLs [redacted]". So we don't know whether they got the log files from Texas or Heathrow, but we do know they think they got the right log files. They also, potentially, got the run of Indymedia's servers at Rackspace, Texas, and the only thing stopping them having the run of the Heathrow servers, which they had in their possession for several days, would have been their own honesty and uprightness.

Rackspace's role in the affair doesn't look particularly glorious. The subpoena required Rackspace to hand over log files by 13th August 2004, but on 7th October 2004 Rackspace told Indymedia that it had "received a federal order to provide your hardware to the requesting agency." The day after, Rackspace issued a statement saying that "The court prohibits Rackspace from commenting further on this matter." Which it doesn't - the court order merely says that notice to the other parties (i.e. Indymedia) is not required.

Now, it's perfectly conceivable (actually, we'd say 'probable') that it wouldn't exactly be easy for the hosting company to just lift the log files from an Indymedia server, and that some form of more radical surgery might be required to get them. It's also perfectly conceivable that attempts to track down the log files might lead to servers in Heathrow, London. But if either of these were the case it would be nice to think that the hosting company might try to mount some kind of legal defence against what might easily be seen as a fishing expedition.

Certainly, one would expect the company to do this once the request got as far as London, if only to protect its own arse. The Home Office's denials of involvement or responsibility for the seizures leaves only one target, and if as seems likely there was no legal authority for the seizures in the UK, then Rackspace could well have been in violation of the Data Protection Act or the Regulation of Investigatory Powers Act. We've had occasion to observe before now that the powers that be seem not to have a totally firm grasp of the operation of RIPA and its ilk, but it'd be something of a breakthrough if they contrived to get themselves busted under its terms - isn't it supposed to be pointing in the other direction? ®

Related Links:

EFF info and documentation on the case
Indymedia's case history
Legal row after police seize Bristol Indymedia server
We seize servers, you can't complain - US gov
Indymedia server grab - Home Office knew, but isn't telling
Indymedia: the tale of the servers 'nobody' seized
Indymedia seizures: a trawl for Genoa G8 trial cover-up?

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Nokia offers 'voluntary retirement' to 6,000+ Indian employees
India's 'predictability and stability' cited as mobe-maker's tax payment deadline nears
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
Adrian Mole author Sue Townsend dies at 68
RIP Blighty's best-selling author of the 1980s
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Analysts: Bright future for smartphones, tablets, wearables
There's plenty of good money to be made if you stay out of the PC market
prev story


Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.