Two weeks ago, Indymedia’s servers being seized by the FBI was a big story around the web. The reports were very vague on the facts, but gave the impression that the FBI knocked on Indymedia’s door and grabbed their servers to shut down Indymedia’s service. The story generated a great deal of attention: a google search uncovers lots and lots of outrage about what (was believed to have) happened. There were lots of reports with titles like “FBI Stooges Seize Global Indymedia Servers”, “Big Brother is Acting”, and “FBI Shutdown of Indymedia Threatens Free Speech”.
The story is back in the news today with an AP story, Web Server Takedown Called Speech Threat, that received the bright red link from the Drudge Report. The AP story mostly reviews the facts of what happened two weeks ago, and it also includes the mandatory sky-is-falling quote from the ACLU:
“The implications are profound,” said Barry Steinhardt of the American Civil Liberties Union, calling the Indymedia activists “classic dissenters” and likening the case to “seizing a printing press or shutting down a radio transmitter.”
“It smells to high heaven,” he said.
But what really happened? I decided to take a closer look, and I have reached a tentative conclusion: This story was badly misreported from the beginning. Not only did the FBI do everything by the book, but they didn’t even seize or attempt to seize any computers.
Here’s what I think happened. The Swiss and Italians were conducting domestic investigations involving violations of their laws; at some point, they had reason to believe that suspects had posted items on Indymedia’s servers. Indymedia has different sites focused on audiences in different — here is their Italian site, for example — so it isn’t surprising that a foreign investigation might involve Indymedia. The Swiss and Italian governments wanted to find out who had posted that information, so they wanted to get information from the only known place it might exsist: Indymedia’s server. As a practical matter, Swiss and Italian investigators couldn’t know if the information was actually located there; it is quite possible that Indymedia intentionally does not retain such information so as to thwart investigations such as this. But to find out, they had to go to the United States, where they believed the relevant servers hosting Indymedia’s sites were located.
Foreign government just can’t go to the U.S. and demand information from U.S. companies, of course; they need to go to the United States government and make a request for assistance under Mutual Legal Assistance Treaties (MLATs). MLAT’s are agreements between two countries in which the governments agree to help the other in their criminal cases, subject to specific conditions. The Swiss and Italian authorities went to the U.S. authorities and requested a court order that whoever hosted the Indymedia sites disclose the relevant information. A federal prosecutor was commissioned to work on the case, in a procedure described by DOJ here, here, and obtained a court order ordering the host of Indymedia’s computers, Rackspace, to divulge the information.
Here’s the important part: It seems fairly certain that the FBI order did not order Rackspace to hand over the server or shut down the site. Based on what we know, it seems highly likely that the order was obtained under the Electronic Communications Privacy Act, which gives the government the authority to compel information (not physical things) from ISPs. Why is this likely? There are a few reasons, but one is that Rackspace has claimed that it cannot disclose the details of what happened under a court order. A non-disclosure order is a “smoking gun” that ECPA provided the authority. Normal subpoenas are not accompanied by any type of order not to disclose, but ECPA allows prosecutors to apply for a court order requiring the ISP not to disclose the existence of an order to disclose information under 18 U.S.C. 2705(b). I can’t be sure, but it seems highly likely that Rackspace’s refusal to comment further is a response (whether justified or not) to a Section 2705(b) order. If that’s true, all the FBI did was serve a court order to disclose information on Rackspace.
Why was Indymedia’s service shut down? This post from Eugene offers the most probable answer; in all likelihood, Rackspace figured it would be easier to give up the server and let the law enforcement folks figure out what they want rather than go through and get the information themselves. It seems that the servers were not given to the FBI, however; the relevant servers were located in England, and the FBI has denied involvement. All we know is that Rackspace handed over the servers to someone in England, and that the servers were then returned to Rackspace a few days later — apparently after the relevant information was obtained. When its service was disrupted as a result of the server switch, and Rackspace was asked to explain what happened, Rackspace put out a press release pointing to the FBI for the problem: the statement says that “Rackspace is acting as a good corporate citizen and is cooperating with international law enforcement authorities. The court prohibits Rackspace from commenting further on this matter.”
To summarize, it seems highly likely that the FBI only served an order to disclose information on Rackspace. Rackspace was lazy, though, and instead, on its own volition, handed over the entire server (to whom, we don’t know). We can’t be sure yet, but it seems very likely that Indymedia’s sites were down not because the FBI ordered that they be taken down, or because the FBI ordered that Rackspace had to hand over the servers, but because Rackspace was being lazy. Further, it’s not clear why any gag order on Rackspace would forbid Rackspace from admitting this. I don’t know much about Rackspace, but I wouldn’t be surprised if they are taking an unreasonably broad interpretation of the nondisclosure order to try to shield their goof-up from the public.
Of course, this is only my best guess of what happened, and it is only a circumstantial case. If it turns out that I am wrong in whole or in part, I would be happy to post a correction.
UPDATE: A reader points out that I am making a big value judgment by suggesting, if this basic scenario is accurate, that Rackspace was “lazy.” That’s a good point; I don’t know enough about the practical difficulties of turning over the information to say whether Rackspace’s decision to hand over the servers was the result of laziness or just a recognition of the high costs of gathering the information.
Comments are closed.