US court files reveal Italian link to Indymedia server grab

But no legal authority for grabbing them

  • alert
  • submit to reddit

The essential guide to IT transformation

Documents relating to the seizure of Indymedia's servers at Rackspace's Heathrow premises have finally been unsealed by a Texas district court. Some information remains under seal, and the documents released by no means provide the full picture, but it is now clear that yes, it was the Italians, and no, there was no obvious legal basis for the seizure of the servers themselves. And as regards the British Government's apparent insouciance regarding the (faulty) operation of US court orders within British jurisdiction but without any British authorisation, well, that remains a puzzle.

The various documents, which are available at the EFF, here, show that the action took place as a consequence of a mutual legal assistance request from Italy to the US, relating to servers hosted by Rackspace in Texas. The Italian request pretty much confirms what it was possible to piece together a few weeks after the seizure. That is, an investigation into an anarchist grouping which the Italian authorities believed was connected to parcel bombs sent to, among other people, former EU Commission President Romano Prodi was trying to track the origins of some posting allegedly made at Indymedia Italy. Indymedia denies the existence of such postings, and insists that the group, the FAI, doesn't use Indymedia, but as Indymedia was never contacted about the matter it has never had a chance to cooperate.

According to the Italian request, the postings it wanted information on were at URLs (which have been redacted from the document) that "are all part of the web site http://indymedia.org. Indymedia is a self-styled 'international collectively run media network providing a radical objective and impassioned account of the truth', which is politically near to the extremist millieu, and purports to be an alternative to the news supplied by institutionally recognised and officially registered press and radio-TV broadcasting agencies." Nor, they might have added, is it owned by the Italian Prime Minister. The request does contain a couple of unredacted URLs which it associates with hosts in the Netherlands and Spain, but if there was any UK connection then it was in the redacted section.

The document, from the Bologna Public Prosecutor's Office, does make clear what is required, and it is the log files, not the servers. "To the purpose of identifying the internet users who published the web version of the document claiming responsibility for the terrorist attacks in the above listed web spaces, Italian prosecuting authority needs to obtain the log files in relation to the creation and updating of the contents of said spaces. The examination of the log files might disclose the IP addresses as well as the date and time of the internet connections, through which the documents were published in the web. The log files should be obtained from the Internet Service Provider managing the servers hosting the above web spaces."

The document goes on to suggest that a widespread conspiracy may exist, saying "said terrorist attacks are the result both of a common strategy agreed upon by different pro-insurrection factions of the anarchist movement and of world-wide operational links, also consisting in the dissemination on the web of copies of the document claiming responsibility for the attacks."

The US authorities seem receptive to the notion that Indymedia is the publishing arm of some kind of global conspiracy, and have had some run-ins with it over log files in the past. As far as we know Indymedia servers do not generally log originating IPs, and when requests for cooperation are made (generally to the ISP, rather than direct to Indymedia), Indymedia will usually try to resist them, within the bounds of legality. Which is pretty much what you'd expect your ISP to do for you, but as you may have noticed, most of them don't.

It's not clear from the documents how the request for log files from Rackspace in Texas resulted in the seizure of servers operated by Rackspace in Heathrow, however the documents include a certification dated 21st December 2004 from Assistant US Attorney Don Calvert that a CD "is a true and correct copy of log files in relation to the creation and updating of the web spaces corresponding to the following URLs [redacted]". So we don't know whether they got the log files from Texas or Heathrow, but we do know they think they got the right log files. They also, potentially, got the run of Indymedia's servers at Rackspace, Texas, and the only thing stopping them having the run of the Heathrow servers, which they had in their possession for several days, would have been their own honesty and uprightness.

Rackspace's role in the affair doesn't look particularly glorious. The subpoena required Rackspace to hand over log files by 13th August 2004, but on 7th October 2004 Rackspace told Indymedia that it had "received a federal order to provide your hardware to the requesting agency." The day after, Rackspace issued a statement saying that "The court prohibits Rackspace from commenting further on this matter." Which it doesn't - the court order merely says that notice to the other parties (i.e. Indymedia) is not required.

Now, it's perfectly conceivable (actually, we'd say 'probable') that it wouldn't exactly be easy for the hosting company to just lift the log files from an Indymedia server, and that some form of more radical surgery might be required to get them. It's also perfectly conceivable that attempts to track down the log files might lead to servers in Heathrow, London. But if either of these were the case it would be nice to think that the hosting company might try to mount some kind of legal defence against what might easily be seen as a fishing expedition.

Certainly, one would expect the company to do this once the request got as far as London, if only to protect its own arse. The Home Office's denials of involvement or responsibility for the seizures leaves only one target, and if as seems likely there was no legal authority for the seizures in the UK, then Rackspace could well have been in violation of the Data Protection Act or the Regulation of Investigatory Powers Act. We've had occasion to observe before now that the powers that be seem not to have a totally firm grasp of the operation of RIPA and its ilk, but it'd be something of a breakthrough if they contrived to get themselves busted under its terms - isn't it supposed to be pointing in the other direction? ®

Related Links:

EFF info and documentation on the case
Indymedia's case history
Legal row after police seize Bristol Indymedia server
We seize servers, you can't complain - US gov
Indymedia server grab - Home Office knew, but isn't telling
Indymedia: the tale of the servers 'nobody' seized
Indymedia seizures: a trawl for Genoa G8 trial cover-up?

5 things you didn’t know about cloud backup

More from The Register

next story
Microsoft exits climate denier lobby group
ALEC will have to do without Redmond, it seems
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?