I have also received a response to my letter to an MP. The main details are as follows:

"...I am not in a position to comment in detail on this particular matter. It is standard Home Office policy netier hto confirm nor deny the existence, receipt or transmission of a request for mutual legal assistance, as they are confidential in nature. However, I would like to make the following comments that should clarify some of the misconceptions surrounding this matter.

Persuant to a US Commissioner's subpoena, Rackspace US accessed its servers in London and no UK law enforcement officials were involved in this matter. The order of the US court was not enforced in the United Kingdom. There are limited circumstances in which an order of an overseas court can be recognised in the United Kingdom.

Mutual legal assistance treaties are not just restricted to cases of international terrorism, kidnapping and money laundering as has been suggested in this matter. They can cover all types of crime or be crime specific. For example many states have treaties that relate solely to the issue of combating drug smuggling. Other have all crime treaties, which provides a basis for mutual legal assistance generally. For example, the treaty between the United Kingdom and the United States is an all crimes treaty and is not limited to just serious crime. International treateies to which the UK is signatory are implemented in accordanced with UK domestic law".

---

I have some issues with this response which I shall be taking up with my MP for further correspondence. Namely, the relationship between MLAT and the Human Rights Act and articles relating to freedom of expression.

Its pretty standard procedure for responses to fail to address the points made in the initial inquiry. The only way of hastling them and perhaps getting an MP to actually LOOK into the matter is to demand real explanations!

But then, politicians and MPs don't really give a shit anyway...so not that much point really.

What you need to find out is the organizational relationship between Rackpsace US and Rackspace UK. Are these independent entities in the legal sense, or do the executive employess of Rackspace UK serve at the plesure of Rackspace bosses in the US?

Because in the latter case, unless it is illegal for them to VOLUNTARILY turn over such data to foreign law enforcement, maybe there was no need of "legal process" in the UK. We do know that there was legal process here in the US. We haven't seen how the order was worded, but let's try some assumptions.......

1) The order was for Rackspace data "wherever located".
2) Rackspace UK "reports" to Rackspace US

Then it COULD have gone like this. The FBI serves the order on Rackspace US and demands not only the data Rackpspace holds in the US but data on the Rackspace servers in the UK. Sends a couple agents to pick it up. They don't serve "papers", just set up a phone call.

The US papers force the Rackspace US boss to order that his or her subordinate in the UK cooperate and voluntarily turn over the data -- or the US exectutive can go to jail for refusing. Now the Rackspace UK executive on the receiving end is faced with a different choice. Can say no without going to jail, but then it's "OK, you're fired, put your next in line on the phone".

I am NOT saying it went that way. But I think focusing on whether there were any legal processes taking place in the UK before we find out the legal management arrangements between Rackspace US and Rackspace UK is the wrong approach. We of IMC may have made a mistake assuming that PHYSICAL location in another country was providing protection that it was not because we did not choose business entities fully independent. It may be that we should never use an entity under the command of an entity in another country asuuming that only our laws are going to apply.

Whilst it may be true that politicians don't really give a shit, at least some of them worry about appearing to give a shit, which allows us to use them. When an MP writes to the Government, even just a covering letter with a copy of your letter to them, it has to be handled by a higher official than it would be if you wrote to the Government directly.

As you say, you have to make your questions clear and unavoidable, otherwise the Government will just avoid answering. I've found that the Parliamentary Ombudsman can be quite useful as well, but you have to exhaust a departments complaints procedure before they'll get involved, so you need tenacity. I'm not sure whether you can even complain about a reply given to your MP.

I notice that they referred to MLAT's in your letter, which may be deliberately misleading and designed to make you think that they can't discuss this case if, as seems almost certain, they were not used in this matter. In fact the second paragraph more or less excludes the possibility of the MLAT being used and indicates that Rackspace UK voluntarily turned over equipment/data to foreign authorities.

Assuming that you didn't refer to MLAT's in your letter, you may want to
a) point out that by referring to them unprompted, they are alluding to the fact that the MLAT was an issue in this case, and thereby defeating the point of their own policy
b) complain about them wasting most of their reply on what is an irrelevant point that you didn't ask about

The statement "There are limited circumstances in which an order of an overseas court can be recognised in the United Kingdom." is interesting and it may be worth asking them to clarify what these circumstances are. As I understand the MLAT, this doesn't allow for overseas orders to be recognised, other than perhaps in evidence when seeking a UK court order, but even then I think the court would require more evidence than just an overseas court order.

I take your points and accept that the situation may be more complicated than I imagined.
I'm not sure that voluntarily turning over data to foreign law enforcement even violates the Data Protection Act.

However, if it is Rackspace UK employees that have said they are unable to discuss the US court order, I don't accept that, because that court order has no jurisdiction over them, particularly as the UK Government has stated that the court order was NOT enforced in the UK. Having said that, there is probably no way to FORCE them to discuss it either.

The situation is complicated even further by agreements between Rackspace UK and their customers. For instance their 'Master Service Agreement': (my comments are **'d)

3.4 We may monitor, intercept and block any content belonging to you or users of your Web
solution, content or data for the purposes of ensuring that the Service’s are used lawfully. If we are asked to permit any relevant authority to inspect the content, you agree we can.
** What a 'relevant authority' is, doesn't seem to be defined **

5.4 Services are provided subject to your proper use and therefore, you undertake that your use of the Services will not:

5.4.5 be defamatory, pornographic, obscene, indecent, abusive, offensive or menacing.
** I imagine it could be argued that much of the content on indymedia may be judged offensive by some people .**

5.5 You agree that we may suspend Services without telling you and without liability if: (i) we believe that the Services are being used in violation of the Rules;
** To believe so, they may only need to receive a complaint or two**

and their 'Acceptable Use Policy':

8. COOPERATION WITH INVESTIGATIONS AND LEGAL PROCEEDINGS.
8.1. We may, without notice to you:

8.1.1. report to the appropriate authorities any conduct by you that it believes violates applicable criminal law, and

8.1.2. provide any information it has about you in response to a formal or informal request from a law enforcement or regulatory agency, or in response to a formal request in a civil action that on its face meets the requirements for such a request.

10. CONSEQUENCES OF VIOLATION OF AUP

10.2. We may, without notice to you, report to the appropriate authorities any use of your service that we believe breaches criminal law, and may cooperate with and provide information to law enforcement or regulatory agencies investigating any such activity.

** Neither 8.1.2 or 10.2 specify UK law enforcement agencies, so it would appear that by accepting these terms, Indymedia gave Rackspace UK permission to hand over it's data to foreign agencies **

Even if Indymedia decides to host with a fully independent UK company, if their agreements with that company contain similar terms to the above, they are still risking their data being voluntarily handed over to foreign agencies with no recourse. The only really safe companies may be those like Havenco (see their refreshingly simple Acceptable Use Policy at www.havenco.com/legal/aup.html)

I would have thought that UK persons or companies would be concerned that their data was liable to being handed over to foreign agencies with no legal procedure or recourse, whether because of the dependent relationship you describe or because of agreements such as Rackspace's. Hopefully, by publicising these facts, people may change to companies that better protect their data, or new companies will startup that meet this demand.

the best summary of the legal situation in the US is this factsheet from the EFF:

 http://eff.org/Censorship/Indymedia/

I haven't actually got around to reading all the stuff above... but the EFF stuff is essential reading:

 http://eff.org/Censorship/Indymedia

And this article covers a lot of stuff:

 http://www.indymedia.org.uk/en/2004/11/300886.html

And the wiki:

 http://docs.indymedia.org/view/Global/AhimsaOverview

And the lists, eg this email:

 http://lists.indymedia.org/pipermail/imc-uk-process/2004-December/1202-se.html

Here is a roundup that emerged from imc-uk-legal.
Please fwd to local collectives...

Roundup on Ahimsa Server Seizure

After the Ahimsa servers were taken offline by Rackspace on October 7th,
possibilities for legal steps were explored on imc-uk-legal. We can't do
anything (yet), because we don't have access to the initial court order
which ordered Rackspace US to disclose data. But we do have enough
background information to start an informed debate on imc-uk-process
about the pros and cons of going to court. Here is a roundup about legal
options that were collected from the imc-uk-legal list. It explores
legal possibilities in case imc-uk wants to go to court. It collects
reasons why the ahimsa case is special, and why it might make sense to
go to court. Valid arguments against going to court will be sent to this
list separately.

I. AHIMSA SERVER SEIZURE - WHY BOTTHER?
II. LEGAL SUPPORT AND LIAISONS
III. COMMUNICATION STRUCTURE
IV. CURRENT SITUATION
V. THREE OPTIONS HOW TO PROCEED
VI. NEXT LEGAL STEPS
VII. CAMPAIGNING

I. AHIMSA SERVER SEIZURE - WHY BOTTHER?

Within the imc-uk-legal list, there is doubt about wether a court-case
would be a tool to get our right to free speech (more to come). Many
agree that the main point of any legal steps would be to create a
political public stir to challenge Empire on the basis of communication
rights and to make people aware why they should bother about the seizure
of some grassroots servers. "Empire" attempts to make it legal to shut
down servers without giving information on which basis, without a court
order in the respective country, and without taking into consideration
the right to freedom of speech and the right to communicate. We perceive
the present tendency to legitimize state actions from repression of
local activists to the war in Iraq by claims of terrorism as a threat.

As far as we know, our case is a first in several respects: Ahimsa I and
II were the first servers who were shut down in a legal operation which
involved three countries: The country that demanded disclosure of data
(Italy), the country where the ISP in question has their headquarters
(US) and the country where the servers were physically hosted (UK). It
seems to be the first time that servers were taken offline due to an
MLAT agreement, which allows the court order to remain secret. And it
seems to be the first time that such a case was widely discussed on the
web and in some print media.

The ahimsa story is much bigger than indymedia. It affects the rights of
Internet Service Providers, who are already forced to keep data about
their clients (log files) and disclose them to state agencies, although
this might not yet be fully implemented (check RIP bill for details.)
ISPs are made to be the states facilitators when it comes to controlling
the web. They are placed between content producers and the law.
According to the US State Attorney, Jebba, who is nominally Rackspace's
customer, has no right to know what he (indymedia) is accused of - but
Rackspace has.

This affects everybody who runs a website. Your access to the web relies
on the ISP and its policies. If someone approaches your Internet Service
Provider with a complaint, it is up to the ISPs goodwill to decide what
to do: Clarify the complaint, inform you about it, give you a chance to
react or close down your website until you agree to comply to the
complaint.

Up to now, this policy was mainly used to clean the web from
pornographic sites. The ahimsa case could be a signal that the same
policies can be applied to political sites.

The Ahimsa case is also about how "the empire" governs its subjects -
sovereignity moving from nation states to bodies of global governance
(WTO etc), and to corporations. It looks as if in our case, Rackspace UK
complied to the orders from its US headquarters which was served a
subpoena by a US court on request of a third country on the basis of a
mutual legal aid agreement (MLAT). It seems that this scenario -
UK-companies complying to US-orders - is already making allies for us in
parliament. The UK state either is not in charge for deciding which
websites can be taken down on its territory, or it agreed to the seizure.

II. LEGAL SUPPORT AND LIAISONS

We have a number of individuals and organisations who are supporting us.
It's not really a legal team. No lawyers have been appointed.

National Union of Journalists, UK: We are liaising with people from the
NUJ Freelance Branch, and with Jeremy Dear, General Secretary of the
NUJ. If the NUJ is advised by its lawyers that imc nuj members have a
good case, it will support us. London imcistas will take part in NUJ
freelance branch meetings.

Thompson Solicitors: They are committed to the trade union movement, and
have a reputation for taking aggressive legal action to defend the
interests of employees. They are working with the NUJ. We are exploring
possible individual cases in relation to the ahimsa server seizure with
them.

Bindmans: We received additional advise from Bindman & Partners,
specialising in civil liberties, public law and the rights of the
individual. This includes cases on media and information. Bindman has
explored frameworks for possible action for the case that the Texan
court order gets unsealed.

Electronic Frontier Foundation (EFF): are representing Jebba and IMC UC
in the US. The general imc liaison to EFF is Sheri.

Greennet: dedicated to supporting and promoting groups and individuals
working for peace, human rights and the environment, through the use of
Information and Communication Technology. They provide web services.
They clearly see the implications of the ahimsa seizure for themselves,
and they are willing to fight themselves and to support us. In 1998,
they successfully opposed a corporate libel case. We could learn from them.

Cyberrights UK: non-profit civil liberties organisation. Its main
purpose is to promote free speech and privacy on the Internet and raise
public awareness of these important issues. No contact yet.

imc-uk-legal list: A pool of imc uk people who are interested in the
case. We have established contact with some lawyers and other experts.
We are exploring possible legal cases, but need the support of the imc
uk network. Especially in case we go ahead with some legal case.

Global imc-legal list: To communicate on the legal steps in all affected
countries, draft strategies. People from lancaster, bristol, london are
subscribed.


III. COMMUNICATION STRUCTURE

We are trying hard to ensure that communication flows from the liaisons
with lawyers and supporters to the privately archived imc-uk-legal list,
and from there to imc-uk-process. It is crucial that local imc-uk
collectives are kept in the loop. Wide imc uk support is crucial if we
decide to go for a public campaign - which would certainly raise imc
uk's public profile (getting out of the activist ghetto and all that.

The broad political framework should emerge from imc-uk-process.
Imc-uk-legal can come up with proposals. The details for legal action
should be worked out on imc-uk-legal, as long as they remain within the
political framework.

We propose to put the ahimsa case on the agenda of the next network meeting.

What is happening to the solidarity page (the petition?)

IV. CURRENT SITUATION

... seems to be at a stalemate (yet plenty possibilities in terms of
campaigning). Until the US-court order which lead to the initial
subpoena has not been unsealed, we don't know what we are accused of, on
which basis and who is at fault (the fbi? rackspace US? Rackspace UK?
the UK home office?). As a consequence, we can't take anyone to court,
because to do that, you need a claimant and an offence.

The main task at the moment is to find out what happened:

1) The EFF has filed a motion to unseal the court order in the US.

2) MPs have asked questions to the UK home office in parliament,
initiated by the through the NUJ "parliamentary group". Several
questions were asked in the European Parliament.

3) On the imc-uk legal list, we started drafting a letter to be sent by
the NUJ lawyers to Rackspace UK and possibly to the Home Office, asking
them to shed some light on the issue. In order to decide on the text of
these letters we need first to get an idea on if and how people want to
proceed.


V. THREE OPTIONS HOW TO PROCEED

Once the US-court order has been usealed, we see three possible ways to
proceed in the UK legally. Each could be pursued by itself or combined
with another. All of these options need to be checked with organisations
that could support us.

1) we proceed in the name of jebba as he signed the contract
2) we proceed as a collection of NUJ members, ideally with imcistas from
other sites affected by the ahimsa seizure that are union members
3) we proceed as 'Indymedia UK', either as 'loose group' or 'legal
body'. A debate is ongoing on uk-process.

In any case, such an effort would need the support of as many indypeople
as possible to make it worthwhile. A discussion on the wider political
implications of the case on imc-uk-process is crucial (not necessarily
the legal details).

VI. NEXT LEGAL STEPS

Any legal step contributes to the objective to keep the ahimsa seizure
and its wider implications on the political agenda.

1) Writing letters to Rackspace

We are discussing to approach Rackspace for more information, for expl.
about the procedures between parent company and the UK company.

- We are not entirely clear about Rackspace's position. On the one hand,
as an ISP, they are affected by the tendency of "empire" to control
data, manifest in laws like the RIP bill. They are hosting some cool
projects, they have been reasonnably reliable until the seizure of
Ahimsa. On the other hand, they have been invited by the EFF to join in
and haven't done so. Our approach to them depends on how they react to a
possible NUJ letter. Our letter should allow for this openness.

- One letter should be proposed to Jeff, to be sent on his behalf. The
other should be sent on behalf of imc-volunteers, preferably ones that
have NUJ membership. These letters are not threatening to sue, just ask
for information.

2) Writing letters to the UK Home Office/Secretary of State

We could send a letter to the Secretary of State to establish that
Indymedia have a concern. This letter could be signed by some of the
organisations who supported us in addition to NUJ members within IMC.

3) Going to Court in the UK

Most people on imc-uk-legal support the idea to go to court in the UK if
the US court order is disclosed and we have a reasonnable case. This
would be a long process, and there are many possibilities, depending on
what happened.
We propose to write up our reasons for a legal case in the UK, for
ourselves as imc uk and possibly interested people in the UK, for the
wider imc community, and EFF.
The Ahimsa harddrives were seized in the UK following an order from the
US, apparently with no UK law-enforcement agencies involved. Corporate
discipline might have overruled UK law. This seems to be a concern for
UK politicians and the public.
The ahimsa case seems to be unprecedented in terms of MLAT involvement
and gag orders as well as publicity. If we are able to proceed legally,
it could become a test case for how "empire" deals with data on the web,
privacy, use of confidential information, freedom of speech etc.

LEGAL PROCESS: Going to court would first be a civil case at the
magistrate court, which probably needs to be against rackspace to start
with. The next levels would be the high court, and the house of lords.
After this, a judicial review coul be made. Possible claims could be
privacy, breach of contract, and any losses consequential or not that
arise out of the disturbance.

NUJ members inside Indymedia could claim loss of data, i.e. their work.
The work stored on the indymedia server is journalist work, and the
authors have a right to access it (or so).

Jebba could claim breach of confidentiality, maybe breach of contract,
(...).

LEGAL ADVISE: There are three possibilities on which grounds to pursue
legal action, once the court order is unsealed:

(caveat here is that Rackspace may have established procedures which it
can argue that it was following. ie a direct order from the parent
company)

Rackspace "may have a contractual liability": "If the Order requires
specific information contained in the Server to be delivered up and
Rackspace handed over the entire server, Rackspace could be liable to
Indymedia as its actions would not be sanctioned by the Order of a
Court." However, Rackspace might have acted under orders from the parent
company.

Data Protection Act: "The Data Protection Act provides that personal
data must not be disclosed to another party without consent. However,
that does not apply when the disclosure was (...) required (...) by
(...) the order of a court, or the person making the disclosure
reasonably believed it to be so authorised. (...) We need to consider
whether the words “a court� would apply to a US Court.
(...)If the words “a court� do not include a US Court, then
Rackspace UK is obliged to abide by the law of the UK and must not
disclose personal data without an order of a UK Court."

Regulation of Investigatory Powers Act 2000: "RIPA applies to an
interference with electronic messages and provides that transmission may
only be intercepted “lawfully�. The question
arises as to whether or not a US Court Order has lawful application to
Rackspace UK. That may depend on the nature of the company. If it is
obliged to comply with the orders of its parent company, then it may be
that it can escape liability under the terms of RIPA. The lawfulness
of their behaviour may also depend on the lawfulness of the Order."

VII. CAMPAIGNING

In case people want to put some work into campaigning, here are some ideas:

- 26 MPs signed a petition on our behalf. We could draft a follow-up
letter for them (say thank you, tell them what to do next, maybe ask
them some questions that we can quote

- Many civil liberty groups and journalist organisations have made
statements of support. We could mail them a follow-up letter, see above.

- organising a press day

- The NUJ is trying to get international trade unions on the case.

- Solidarity page: The petition closed officially on 7, but signatures
are still accepted. 10718 at the moment. David is dealing with tech
side. Who makes decisions on what to do with it? When we proposed to
extend the petition ending, gdm followed up with uk-process and
imc-press lists.

- Start a newswire posting that could function as a campaigning website
(Thessaloniki 7 style), with links to all relevant info, and updated
regularly.

LINKS

 https://lists.indymedia.org/cgi-bin/mailman/private/imc-uk-legal/2004-November/1114-rl.html
14 Nov 2004: Bals report back on her work with bindmans

 https://lists.indymedia.org/cgi-bin/mailman/private/imc-uk-legal/2004-November/1112-bc.html
12 Nov 2004: Pennies report back

 http://docs.indymedia.org/view/Global/AhimsaUkLegal
uk legal twiki - very often updated

 http://solidarity.indymedia.org.uk/
Indymedia Solidarity Page

 http://indymedia.org.uk/en/2004/11/300886.html
09 Nov 2004: Responses to the Seizure of Indymedia Harddrives (with many
links)

 http://eff.org/Censorship/Indymedia/
EFF Factsheet, updated regulary

 http://www.bindmans.com/
Bindman and Partners law firm

 http://www.thompsons.law.co.uk
Thompson Solicitors

 http://www.gn.apc.org/
Greennet

 http://www.cyber-rights.org/
Cyberrights civil liberties organisation

 http://europe.rights.apc.org/cases/biwater.html
Greennet/Biwater Libel Case

This wiki page might answer some of the questions being asked:

 http://docs.indymedia.org/view/Global/AhimsaUkLegal

This is only tangential, but the EU is currently working on something called the Bolkestein Directive.

As one web-site says,

"The main point of contention is the so-called country of origin principle, according to which a service provider operating within the EU will be subject to the laws of the country where he is established, and not to the ones of the host country where the service is actually provided. This means that a Polish provider of services could operate in the UK following Polish laws rather than UK laws. Differing views set interested parties at odds. On one hand, business organisations welcome this principle as a tool to foster competitiveness and reduce red tape. On the other hand, social actors and trade unions fear that this principle could lead to a “race to the bottom” concerning quality standards and consumers and workers’ rights."

What's happening with the IMC server issue, I'd speculate, is the same as with a lot of international law at the moment - a lot of us are running round looking for the legal justification, whilst powerful countries are just using force of political will, bullying and arm-twisting to get what they want. In time, however, this will push through into the kind of law that Bolkestein represents - the sovereignty of the corporation over the sovereignty of the state.

I'd like to know whether all avenues of complaint were pursued, or if any action is currently 'live' regarding Rackspace UK voluntarily passing Indymedia's data to a foreign law enforcement agency. I see that the EFF page was last updated in August 2005.

As the main page still shows the 'Seize the media, Not the servers' logo/link, indicating that Indymedia consider it an important issue that it wants us to keep in mind, it would be nice to know that someone has bothered making an official complaint to any relevant bodies (IE Information Commissioner) after all the effort of getting the court orders unsealed, etc. I would be happy to do so myself, but it would probably be a waste of time as I would not be considered an Interested Party.

Even if a complaint resulted in an official decision that no offence/misconduct had occured, at least then I could be confident in stating that companies in the UK are not legally restrained from voluntarily handing their customer's data to foreign authorities.

Alternatively, it may turn out that Rackspace's contract with Indymedia (which I assume was their standard one as discussed above) allowed this to happen, but if this is the case at least we would know that such contracts override any legalislation (if any exists) intended to prevent companies from sharing their customer's data in this manner.

Mike's points re. business entities also need addressing so that we can make informed choices, and give informed advice, about which companies to give our business to. Even if it makes no difference whether a company is a subsidiary or not, people need to be able to know whether their data has any legal protection and if this can be nullified by a contract, in order for them to know whether they need to seek out companies that specifically promise NOT to share their customers data unless required to do so by a valid UK court order.

----
Apologies if this is a duplicate post. I thought I made it a couple of days ago but I can't find any trace of it so I probably got sidetracked. In fact, having now typed it, I've concluded that either I never got started on it before or that my memory's got considerably worse since last week. The fact that I can't decide which, proves only that my memory is as bad as it was last week :)