US court files reveal Italian link to Indymedia server grab
John Lettice (reposted by Registroid) | 03.08.2005 13:13 | Analysis | Indymedia | Technology | World
New article on "The Register" on the UK Indymedia server seizure case. Register coverage of this case has been very good so far. Read on...
http://www.theregister.co.uk/2005/08/03/indymedia_texas_docs_unsealed/ US court files reveal Italian link to Indymedia server grab
By John Lettice
Published Wednesday 3rd August 2005 12:12 GMT
---
Documents relating to the seizure of Indymedia's servers at Rackspace's Heathrow premises have finally been unsealed by a Texas district court. Some information remains under seal, and the documents released by no means provide the full picture, but it is now clear that yes, it was the Italians, and no, there was no obvious legal basis for the seizure of the servers themselves. And as regards the British Government's apparent insouciance regarding the (faulty) operation of US court orders within British jurisdiction but without any British authorisation, well, that remains a puzzle.
The various documents, which are available at the EFF, here, show that the action took place as a consequence of a mutual legal assistance request from Italy to the US, relating to servers hosted by Rackspace in Texas. The Italian request pretty much confirms what it was possible to piece together a few weeks after the seizure. That is, an investigation into an anarchist grouping which the Italian authorities believed was connected to parcel bombs sent to, among other people, former EU Commission President Romano Prodi was trying to track the origins of some posting allegedly made at Indymedia Italy. Indymedia denies the existence of such postings, and insists that the group, the FAI, doesn't use Indymedia, but as Indymedia was never contacted about the matter it has never had a chance to cooperate.
According to the Italian request, the postings it wanted information on were at URLs (which have been redacted from the document) that "are all part of the web site
http://indymedia.org. Indymedia is a self-styled 'international collectively run media network providing a radical objective and impassioned account of the truth', which is politically near to the extremist millieu, and purports to be an alternative to the news supplied by institutionally recognised and officially registered press and radio-TV broadcasting agencies." Nor, they might have added, is it owned by the Italian Prime Minister. The request does contain a couple of unredacted URLs which it associates with hosts in the Netherlands and Spain, but if there was any UK connection then it was in the redacted section. The document, from the Bologna Public Prosecutor's Office, does make clear what is required, and it is the log files, not the servers. "To the purpose of identifying the internet users who published the web version of the document claiming responsibility for the terrorist attacks in the above listed web spaces, Italian prosecuting authority needs to obtain the log files in relation to the creation and updating of the contents of said spaces. The examination of the log files might disclose the IP addresses as well as the date and time of the internet connections, through which the documents were published in the web. The log files should be obtained from the Internet Service Provider managing the servers hosting the above web spaces."
The document goes on to suggest that a widespread conspiracy may exist, saying "said terrorist attacks are the result both of a common strategy agreed upon by different pro-insurrection factions of the anarchist movement and of world-wide operational links, also consisting in the dissemination on the web of copies of the document claiming responsibility for the attacks."
The US authorities seem receptive to the notion that Indymedia is the publishing arm of some kind of global conspiracy, and have had some run-ins with it over log files in the past. As far as we know Indymedia servers do not generally log originating IPs, and when requests for cooperation are made (generally to the ISP, rather than direct to Indymedia), Indymedia will usually try to resist them, within the bounds of legality. Which is pretty much what you'd expect your ISP to do for you, but as you may have noticed, most of them don't.
It's not clear from the documents how the request for log files from Rackspace in Texas resulted in the seizure of servers operated by Rackspace in Heathrow, however the documents include a certification dated 21st December 2004 from Assistant US Attorney Don Calvert that a CD "is a true and correct copy of log files in relation to the creation and updating of the web spaces corresponding to the following URLs [redacted]". So we don't know whether they got the log files from Texas or Heathrow, but we do know they think they got the right log files. They also, potentially, got the run of Indymedia's servers at Rackspace, Texas, and the only thing stopping them having the run of the Heathrow servers, which they had in their possession for several days, would have been their own honesty and uprightness.
Rackspace's role in the affair doesn't look particularly glorious. The subpoena required Rackspace to hand over log files by 13th August 2004, but on 7th October 2004 Rackspace told Indymedia that it had "received a federal order to provide your hardware to the requesting agency." The day after, Rackspace issued a statement saying that "The court prohibits Rackspace from commenting further on this matter." Which it doesn't - the court order merely says that notice to the other parties (i.e. Indymedia) is not required.
Now, it's perfectly conceivable (actually, we'd say 'probable') that it wouldn't exactly be easy for the hosting company to just lift the log files from an Indymedia server, and that some form of more radical surgery might be required to get them. It's also perfectly conceivable that attempts to track down the log files might lead to servers in Heathrow, London. But if either of these were the case it would be nice to think that the hosting company might try to mount some kind of legal defence against what might easily be seen as a fishing expedition.
Certainly, one would expect the company to do this once the request got as far as London, if only to protect its own arse. The Home Office's denials of involvement or responsibility for the seizures leaves only one target, and if as seems likely there was no legal authority for the seizures in the UK, then Rackspace could well have been in violation of the Data Protection Act or the Regulation of Investigatory Powers Act. We've had occasion to observe before now that the powers that be seem not to have a totally firm grasp of the operation of RIPA and its ilk, but it'd be something of a breakthrough if they contrived to get themselves busted under its terms - isn't it supposed to be pointing in the other direction?
Related Links:
EFF info and documentation on the case
Indymedia's case history
Legal row after police seize Bristol Indymedia server
We seize servers, you can't complain - US gov
Indymedia server grab - Home Office knew, but isn't telling
Indymedia: the tale of the servers 'nobody' seized
Indymedia seizures: a trawl for Genoa G8 trial cover-up?
John Lettice (reposted by Registroid)
Homepage:
http://www.theregister.co.uk/2005/08/03/indymedia_texas_docs_unsealed/
Comments
Hide the following 7 comments
you may also add...
03.08.2005 20:07
Unauthorised access to computer material
This is the lowest level of offence. It includes, for example, finding or guessing someone’s password, then using that to get into a computer system and have a look at the data it contains. This is an offence even if no damage is done, and no files deleted or changed. The very act of accessing materials without authorisation is illegal. This offence carries a penalty of imprisonment up to six months and/or a fine.
Unauthorised access with intent to commit or facilitate commission of further offences
This builds on the previous offence. The key here is the addition of ‘intent to commit...further offences’. It therefore includes guessing or stealing a password, and using that to access, say another person’s on-line bank account and transferring their money to another account. For this offence the penalty is up to five years’ imprisonment and/or a fine.
magoo
Good point, Magoo.
03.08.2005 23:06
rocket
rocket
04.08.2005 05:11
I'd hazard a guess that the Home Office had rubber stamped the actions under some anti-terrorist legislation or the like... it could make for at least some embarrassment if the obtaining of evidence is queried.
There is also the possibility of bringing a private action against someone, but that is possibly a financial impossibility for IMC?
Not that I have any sympathy for twats sending bombs to people, regardless of their politics.
magoo
Money
04.08.2005 15:05
In fact this story is on the EFF's front page as I write this:
And agreed BTW that twats who send bombs deserve zero sympathy. But Indymedia UK routinely hides anything that advocates the politics of bombing, by govts or any other group.
rocket
confused!
04.08.2005 19:02
The most amazing thing is when you read what the device actually was. You'd get better odds for Shergar winning the next grand national than for that device to do anything other than make Prodi piss his bed?
Is there a clear target for private prosecution in regards to HM Govt.? Or is that conveniently protected "top secret"?
It all sounds a bit suspiciously over the top given from what I can gather IM has been quite accomodating. I'd hazard a guess that perhaps the Italians have a rather flimsy case. But surely they wouldn't be so stupid to physically tamper with the server to create evidence in faked logs? I hope there is some sort of offsite backup of the logs?
All very odd! Perhaps it's all just an exercise in intimidation???
magoo
Acoomodation
05.08.2005 15:27
..and it seems that Indymedia admins were never given a chance to cooperate with anything, in any of the seizures made by the US cops and agents. The US Feds don't bother asking for cooperation, they just go straight to the Internet Service Provider (Rackspace in this case), and try to grab the disks. In this case they succeeded, but they failed when these tactics were tried on another ISP hosting Indymedia NYC for an investigation about actions at the Republican convention in NY City.
The guy who administers the seized hardware is a Slashdot user too: he posts as "Yeb". Have a look at his very informative comments on that article linked above. Apparently there's nothing useful whatsoever for a cop in those logs.
As for action against the UK govt, well, that all seems a bit murky for now. The Home Office denied all knowledge of the seizure when it happened. It seems that US federal agents just walked in and demanded the disks, with no cooperation from UK govt or cops. Or so they say.
So at least in theory, Rackspace is the one at fault here.
I suspect you're right, that this is mostly an exercise in intimidation. I also suspect we'll see a lot more of this sort of thing in future, as part of the "Global War On Terror".
I hope Indymedia UK now uses a provider with a track record in not bending over when some other country's cops say boo.
rocket
"They are jealous of our freedom and democracy"...
05.08.2005 21:33
Interesting stuff. I wonder if it was overzealous compliance or whether someone was threatened with being rumbled for kiddy porn or something!
Christ, if it was the USSR pulling this gag it'd be a face off with DEFCON highest. This SHOULD be a diplomatic sore point.
Again, I do hope IM are making regular offsite backups.
So now we are too have a countrywide firewall just like those lovely democracies such as Saudi. Having Charles Clark as our net nanny sounds like a barrel of laughs. How they going to pull it off technically??? Call in USAF airstrikes on the BT Backbone???
Perhaps we need a mass demonstartion where we all (SS-Style) swear that we promote terrorism and regularly read banned literature and visit deathtoalinfedel.com. Are they really going to prosecute 20k dissenters?
This is what happens when politicians ignore the courts and police and decide they need to be seen to be doing something... anything.
As if we are all too stupid to understand that there really is little you can do to stop people hitting soft targets (by defintion so...)
It's almost bloody surreal being a child of the sixties! The scarier thing is (like Thatcherism) the next generation will accept this as the norm.
Fuck that!
magoo