This is just the latest in a string of Federal, State, and Local government incursion into the fourth Amendment. Note taking data unrelated to your warrant is theft not executing a warrant.
As a subscriber to Instapaper (great product, by the way) This really pisses me off. The FBI is now in possession of my data without warrant or cause just because some goons don’t know how technology works.
Weird, this post somehow ended up in “Uncategorized” rather than in the “Guest Room,” and thus on the homepage without a byline. That shouldn’t even be possible. Hmm. #PANIC
Hey you fixed it! thanks. I used the quick post thing in the login screen… That seems to not work properly.
I think you are over reacting here. They had a warrant to take the servers, they took servers. It may turn out that those specific servers don’t contain the necessary data but how are they supposed to know that without looking at the servers! It’s not like there are labels on the front of each machine listing exactly whats on them.
Now if they keep those servers or misuse the data fine, but how exactly should they have gone about this other than taking the machines and looking to see which ones contian the data they need?
First, I don’t trust them not to misuse the data, nor is there any reason I should trust them nor should I have to trust them. If you have a warrant for a house, you don’t get to search the next door neighbors just because. That’s stupid and overly apologetic to a clear transgression of the fourth amendment.
Now, if the warrant was for the hosting company itself, perhaps the approach is legitimate. But it wasn’t it was for the data of a client of the hosting company. In other words, they should have worked with the hosting company to serve the warrant on the correct data. You know, like they go into an apartment building and get the co-operation of the management because they have a proper warrant.
Unless they can show cause that there is a legitimate concern that the hosting company wont give them what the actually need the actions of the FBI in this case are totally utterly and completely inexcusable. And I’m really tired of people apologizing and given a pass on the various creeping police state tactics of law enforcement. It’s pathetic.
And that doesn’t even get to the part where the client has a right to be informed that they are being served with a warrant.
Have you seen the warrant? Do you know what they were or werent’ authorized to take? Do you know whether or not they had reason to believe the hosting company would impede them or was colluding? There are a lot of legitimate reasons for this that aren’t addressed in the article or your commentary about it.
And yes it might have been possible that people intimately familiar with this particular aspects of computing and hosting would have had the time and knowledge to do a more isolated search, but its not unreasonable or unexpected to imagine that not all FBI agents involved were super experts on the particular sub style of hosting this company engaged in. It’s entirely possible that mistakes were made, but that this wasn’t some sort of gestapo style police state raid where they were going in to take everyones data, but the agents involved in the seizure of the data were not fully aware of the exact particulars of the hosting setup and accidentally grabbed machines they fully believed were necessary to obtain.
If you start from a bad faith assumption about the circumstances involved you miss the entirely more reasonable (and more likely) explanations.
David, I don’t think they were engaging in bad faith. I still think what they did is inexcusable. “we’re really really sorry” does not make up for doing something illegal. They were ridding rough shod over other people rights not named in the warrant. They potentially severely damaged their livelihoods and all they get is an “I’m sorry”? That is unacceptable in a free society. And I really am tired of people apologizing for them when the police do stuff they shouldn’t. It doesn’t matter if it is out of malice or out of stupidity it is wrong either way.
Hmmm … is this happening during the Imperial Nixon presidency ?
No ?
The Eeevil Boosh Presidency ?
Nope !
This is the Era of Hope and Change ! So, for a Change, this Executive Branch seems to be under the oversight of an Administration and Senate that don’t seem to have any difficulty with the little details like this, or selective political prosecutions (or dismissal thereof), or blatant political patronage (in this most transparent of Administrations (MoveOn, nothing to see here)) …
When do we get our Hope realised ?
2012, probably …
I’m curious if warrants can be issued to seize VMs. I can’t wait to see that conundrum resolved!
AML good point. The primary issue is probably that judges are not sufficiently technically adept to clearly understand the question they are being asked to rule on.
One would hope that it would cause a judge to wax Shakespearean …
“I grant you this warrant to seize the 2 named VMs, but you may not take a single bit of the hypervisor, nor any other VM !”
Oh look, the FBI actually DIDN’T go around indescriminantly stealing data. Care to retract your accusations now Dane?
http://blog.instapaper.com/post/6990340491
Heh, David K. FTW!
“Heh, David K. FTW!”
File this one under things I never thought I’d see Joe Mama post 😀
I’m sorry when did what they did become not wrong? When did they not over reach their warrant? When did they not pot initially put a number of small businesses out of business by their capricious over reaching bullshit? Sorry David, still wrong.
Damn you auto correct damn you to hell….
When did they not potentially….
Put another way, wrong is still wrong even if you say you are sorry.
They had a warrant to take the servers, they took the servers, where’s the problem?
Then the warrant as issued was wrong. David you are being as stupid about this as you were your rah rah support for invading Iraq. These are people unrelated to the actual issue having their lives and businesses disturbed for no reason, and illegally by the government. There is no excuse for that. Like I said just because someone has a warrant to search an apartment doesn’t give them the right to cease, even temporarily, the entire building.
dcl, how do you propose the warrant be issued to seize evidence out of a cloud environment?
In any case, the above link shows that my speculation from Friday night about how the cloud environment was set up was largely correct: They were using a blade system with direct-attached storage vs. SAN or NAS. Still, if the servers and drives were hot-swappable, they shouldn’t have had to take the whole cluster. OTOH, it strains credulity to argue the FBI should have to have their own HP blade cluster to plug in whatever server(s) and hard drive(s) were under the warrant — taking the whole rack back to the FBI lab and plugging into an outlet makes much more sense.
Actually, moving everything doesn’t make sense. These systems are not exactly uncomplicated. Nor are they particularly fond of bums and bruises. By picking up and moving everything, even assuming everything is done correctly, there is a non negligible chance of unrecoverable data corruption or hardware failure.
Why not lock out the client that is under the warrant and and search or clone the thing in place? It’s a firewall setting and a password re-set. You could probably do that faster. Again this cluster had other people’s business critical stuff on it. The search action simply is unquestionably inarguably over broad. Clone what you need and leave the client in question shutdown. Now it’s possible forensic drive analysis is needed. In which case figure out what drives you need and pull those and only those.
But again, you don’t get to take a whole apartment building back to the FBI because you think there is a hand gun used in a crime in Mr. Smith’s apartment. It’s ludicrous.
If this sort of thing is a potential problem for cluster storage you make a very cost effective approach and up time effective, for that matter, dangerous for businesses to use because you don’t know who is in the colo with you and therefore have no way of knowing if your in danger of random data theft by the FBI. So is everyone supposed to go back to the days where you put in your own mini data center in every office just to mitigate these risks?
This approach to serving a warrant on a hosted website is simply unacceptable. Especially since there are perfectly reasonable alternatives.
As I said at dinner Friday, I think the best solution is not too dissimilar to what you’re proposing above: focus the task on locking down the evidence through sys admin tools and copying / cloning the data. However I’m not sure the laws and courts and evidentiary procedures have caught up with cloud / virtualization technology on that front — a full seizure of the physical evidence to be presented in court may have been necessary.
In any case, your apartment metaphor is not accurate because as Instapaper found out, the hard drives were left behind, so his content was available and restoring service should not have been problematic from DigitalOne’s perspective (assuming they had sufficient spare server capacity on hand).
And it was a most excellent dinner, in congenial company, Friday !
Even from the perspective of a mainframe computer geek, it would seem that it could have been handled much more effectively … still, since we do not know what was sought, we are only second- and further-guessing …
That they left the hard drives behind doesn’t exactly fill me with confidence … (grin) … it smacks of a re-establishment of variations on the Gorelick Wall … whereby different intelligence areas are strongly discouraged from communicating with each other … after all, one would hope that the US Intelligence Community would have easy access to genuine computer-competent geeks …
(grin) Perhaps the agents serving the warrant didn’t want to exceed the competence level of their Commander-in-Chief ?
It would seem that ultimately government has mission creep unless it is forced to stop.
It would seem that ultimately government has mission creep unless it is forced to stop.
Amen brother, Amen.