<<< Date Index >>>     <<< Thread Index >>>

[IP] Another Take on Indymedia Takedown





Begin forwarded message:

From: David Bolduc <dbolduc@xxxxxxxxxxx>
Date: October 27, 2004 11:17:53 AM EDT
To: dave@xxxxxxxxxx
Subject: Another Take on Indymedia Takedown

For IP, if you wish:

(Kerr teaches at George Washington University Law School and is active
on technology-related legal issues.)

http://volokh.com/archives/archive_2004_10_21.shtml#1098833437

[Orin Kerr, October 26, 2004 at 7:30pm] Possible Trackbacks
Deconstructing the Indymedia Server Story:Two weeks ago, Indymedia's
servers being seized by the FBI was a big story around the web. The
reports were very vague on the facts, but gave the impression that the
FBI knocked on Indymedia's door and grabbed their servers to shut down
Indymedia's service. The story generated a great deal of attention: a
google search uncovers lots and lots of outrage about what (was believed
to have) happened. There were lots of reports with titles like "FBI
Stooges Seize Global Indymedia Servers", "Big Brother is Acting", and
"FBI Shutdown of Indymedia Threatens Free Speech".

  The story is back in the news today with an AP story, Web Server
Takedown Called Speech Threat, that received the bright red link from
the Drudge Report. The AP story mostly reviews the facts of what
happened two weeks ago, and it also includes the mandatory
sky-is-falling quote from the ACLU:
"The implications are profound," said Barry Steinhardt of the American
Civil Liberties Union, calling the Indymedia activists "classic
dissenters" and likening the case to "seizing a printing press or
shutting down a radio transmitter."
  "It smells to high heaven," he said.
  But what really happened? I decided to take a closer look, and I have
reached a tentative conclusion: This story was badly misreported from
the beginning. Not only did the FBI do everything by the book, but they
didn't even seize or attempt to seize any computers.

  Here's what I think happened. The Swiss and Italians were conducting
domestic investigations involving violations of their laws; at some
point, they had reason to believe that suspects had posted items on
Indymedia's servers. Indymedia has different sites focused on audiences
in different - here is their Italian site, for example - so it isn't
surprising that a foreign investigation might involve Indymedia. The
Swiss and Italian governments wanted to find out who had posted that
information, so they wanted to get information from the only known place
it might exsist: Indymedia's server. As a practical matter, Swiss and
Italian investigators couldn't know if the information was actually
located there; it is quite possible that Indymedia intentionally does
not retain such information so as to thwart investigations such as this.
But to find out, they had to go to the United States, where they
believed the relevant servers hosting Indymedia's sites were located.

  Foreign government just can't go to the U.S. and demand information
from U.S. companies, of course; they need to go to the United States
government and make a request for assistance under Mutual Legal
Assistance Treaties (MLATs). MLAT's are agreements between two countries
in which the governments agree to help the other in their criminal
cases, subject to specific conditions. The Swiss and Italian authorities
went to the U.S. authorities and requested a court order that whoever
hosted the Indymedia sites disclose the relevant information. A federal
prosecutor was commissioned to work on the case, in a procedure
described by DOJ here, here, and obtained a court order ordering the
host of Indymedia's computers, Rackspace, to divulge the information.

  Here's the important part: It seems fairly certain that the FBI order
did not order Rackspace to hand over the server or shut down the site.
Based on what we know, it seems highly likely that the order was
obtained under the Electronic Communications Privacy Act, which gives
the government the authority to compel information (not physical things)
from ISPs. Why is this likely? There are a few reasons, but one is that
Rackspace has claimed that it cannot disclose the details of what
happened under a court order. A non-disclosure order is a "smoking gun"
that ECPA provided the authority. Normal subpoenas are not accompanied
by any type of order not to disclose, but ECPA allows prosecutors to
apply for a court order requiring the ISP not to disclose the existence
of an order to disclose information under 18 U.S.C. 2705(b). I can't be
sure, but it seems highly likely that Rackspace's refusal to comment
further is a response (whether justified or not) to a Section 2705(b)
order. If that's true, all the FBI did was serve a court order to
disclose information on Rackspace.

  Why was Indymedia's service shut down? This post from Eugene offers
the most probable answer; in all likelihood, Rackspace figured it would
be easier to give up the server and let the law enforcement folks figure
out what they want rather than go through and get the information
themselves. It seems that the servers were not given to the FBI,
however; the relevant servers were located in England, and the FBI has
denied involvement. All we know is that Rackspace handed over the
servers to someone in England, and that the servers were then returned
to Rackspace a few days later - apparently after the relevant
information was obtained. When its service was disrupted as a result of
the server switch, and Rackspace was asked to explain what happened,
Rackspace put out a press release pointing to the FBI for the problem:
the statement says that "Rackspace is acting as a good corporate citizen
and is cooperating with international law enforcement authorities. The
court prohibits Rackspace from commenting further on this matter."

  To summarize, it seems highly likely that the FBI only served an order
to disclose information on Rackspace. Rackspace was lazy, though, and
instead, on its own volition, handed over the entire server (to whom, we
don't know). We can't be sure yet, but it seems very likely that
Indymedia's sites were down not because the FBI ordered that they be
taken down, or because the FBI ordered that Rackspace had to hand over
the servers, but because Rackspace was being lazy. Further, it's not
clear why any gag order on Rackspace would forbid Rackspace from
admitting this. I don't know much about Rackspace, but I wouldn't be
surprised if they are taking an unreasonably broad interpretation of the
nondisclosure order to try to shield their goof-up from the public.

  Of course, this is only my best guess of what happened, and it is only
a circumstantial case. If it turns out that I am wrong in whole or in
part, I would be happy to post a correction.

UPDATE: A reader points out that I am making a big value judgment by
suggesting, if this basic scenario is accurate, that Rackspace was
"lazy." That's a good point; I don't know enough about the practical
difficulties of turning over the information to say whether Rackspace's
decision to hand over the servers was the result of laziness or just a
recognition of the high costs of gathering the information.


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/