FBI Seeks 2 Days Of IndyMedia Traffic Log

john_locke writes: "'On the evening of Saturday, April 21, a day which saw tens of thousands demonstrate against the FTAA in the streets of Quebec City, the Independent Media Center in Seattle was served with a sealed court order by two FBI agents and an agent of the US Secret Service.' indymedia.org is a news center where anyone can be journalist, and a lot of leftist discussions about anti-globalization, etc, take place. The Agents were serving a court order demanding the IP addresses of visitors of the site, and indymedia.org was given a gag order forbidding them to talk about this." John points to the informative release at IndyMedia's front page as well, which serves to dispel some rumors. Note that contrary to early reports, there was not an FBI "raid" on the center. (Now: Where have you connected in the last 30 days, by what means? Was it from a static IP? What other sites did you visit? How long were you connected? This is a quiz, test to follow.)

Re:Policing the 'net

Wow, is that a markov chain? I mean, it's obvious it's a troll-- i don't think i've ever seen so many wave-a-red-flag-at-the-slashdot-bull hit-a-sensitive-spot-and-cause-a-flamewar keywords in one post-- but i have to raise the question of whether there was a human involved in the writing of this at all. I mean, seeing as it was written so quick and all.

In the tiny tiny chance that you actually mean what you are saying, and aren't just trying to get a bunch of posts pissed off at your usage of the words "illegal content", let me clear a few things for you: No one is saying indymedia did the wrong thing. NOBODY is going to fault you for anything you do when faced with a court order telling you to do something. The issue to be raised is whether the government had the right to order them to do what they did. This is to be asked in context of first amendment issues, the legality of a gag order of what they did, and (as they say) "It is not clear whether federal law allows the Attorney General ever to approve such an investigation of US press entities to facilitate a foreign investigation", or whether they had any particular thing they were investigating.. I would also raise some fifth amendment issues, but we all know the fifth amendment is dead.

What the government did to indymedia-- demanding the logs-- was censorship, not some "better alternative", even if that made sense. Read the damn release, they explain it better than i do. Ever hear of the "chilling effect" clause? I.e. (at least according to the supreme courts of the last 40 years or so) a law does not actively have to "censor" in a direct way. If it can indirectly scare you into not saying something in the first place, that is constitutionally as bad as if you had said it and the government had arrested you. If it places a "prior restraint" against your speech-- you want to participate in the spreading of expression, but you have the fear that if you do so it will open you up to government scrutiny and perhaps harrassment (for example, let's say there's an online newspaper that the government seems to have an interest in coming in and attempting to track everyone who posts or reads anything there)-- then that is a violation of your constitutional rights. This is not a wild-eyed FSF "things ought to be this way" type rant. This is a simple statement of the way the law works, or worked in the past, and the proper working of the most simple and precious of american values. (I must say though, i've no idea waht would happen if this went to court. The current supreme court seems a bit unpredictable, to be honest.)

Your next to last paragraph is literal nonsense, and shame on anyone who responds to it in any way.

The Gag order

THIS MATTER having come before the Court pursuant to the Application of the United States of America, which Application requests that an Order be issued:

(1) directing that INDEPENDENT MEDIA, and any other provider of electronic communications service and their agents and employees, not disclose to the user of said electronic communication service, nor to any other person, the existence of this Application and Order or the existence of this investigation unless and until otherwise ordered by the Court;

[other sections omitted...]

IT IS FURTHER ORDERED, pursuant to Title 18, United States Code, Section 5(b), that INDEPENDENT MEDIA, and their agents and employees, shall not disclose to the user of electronic communication service, nor to any other person, the existence of this Application or Order, or the existence of this investigation, unless and until otherwise ordered by the Court; and

IT IS FURTHER ORDERED, pursuant to Title 28, United States Code, Section 1651 that this Order and the Application be sealed until otherwise ordered by the Court.

DATED this 24 day of April 2001.

STEPHEN C SCHROEDER
Assistant United States Attorney
UNITED STATES ATTORNEY
Seafirst Fifth Avenue Plaza Building
800 Fifth Avenue, Suite 3600
Seattle, Washington 98104
(206) 553-7970

ATTACHMENT A

All user connection logs for 216.213.32.98 for the time period beginning April 20, 2001, to the date of this Order for any connections to or from that IP address.

User connection logs should contain the following:
1. Connection time and date;
2. Disconnect time and date;
3. Method of connection to system (e.g., SLIP, PPP, Shell);
4. Data transfer volume (e.g., bytes);
5. Connection information for other systems to which user connected via , including:
a. Connection destination;
b. Connection time and date;
c. Disconnect time and date;
d. Method of connection to/from system (e.g., telnet, ftp, http);
e. Data transfer volume (e.g., bytes);

Please Note that the name, professional address, and phone number of United states attorney is given in the court order as given on the site.

I am sure that sending your opinion on a post card would be useful.

Re:The Gag order

[KFury]

That's odd. It doesn't look like they're going after server logs at all. It looks like they're trying to get all connection data for a dialup gateway server. They never ask for basic info like pages visited or referrer links, but they do ask for things like connection method (SLIP, PPP, Shell), disconnect time, the remote IPs and methods (telnet, ftp, http) to which the user connected, and so forth.

Again, this doesn't look like they're going after server logs at all, but rather they're trying to track people who used the IP in question (216.213.32.98) as a dialup connection point.

This seems to be a completely different story.

Kevin Fox
--

This is ridiculous.

"The order stated that this was part of an "ongoing criminal investigation" into acts that could constitute violations of Canadian law, specifically theft and mischief." I'm sorry, "theft and mischief?" We are to believe that the _Secret Service_, along with the FBI, are simply upset because people connected with the IMC have been in some way "mischevious?" Frat boys are michevious. This is COINTELPRO. For example, the SS has stated that "the IMC itself was not suspected of criminal activity.", as Indymedia is not the threat itself; it is the vehicle for the threat. It enables the successful organization of events such as the Seattle WTO potests, the DC IMF/WB protests, and most recently, the Quebec FTAA protests. These events are subversive; and we would be foolish to think that (now armed with Carnivore), the FBI and SS are not actively engaged in counterintelligence. The agencies claim that the actions agains the IMC were in response to posts on IMC about stolen documents containing Bush's travel plans. However the posts they refer to only contain "documents detailing police strategies for hindering protesters' mass action". The beuracracy is clamping down here; we need people to be vocal about this and not let this kind of shit slide.

Re:Policing the 'net

Secondly, What the government did to IndyMedia WAS NOT censorship. The FBI did not request that ANYTHING be removed from IndyMedia's website. They were looking for information on an individual who allegedly stole sensitive documents from a police cruiser, and posted their text to the site

Two options exist that the FBI did not excercise: issue a more specific warrant or issue a warrant stating that all logs must be kept in escrow until a more specific warrant can be issued. Instead the FBI and Secret Service have decided to undertake activities that will result in hundreds of thousands of law abiding citizens wondering if they will be subject to harasment and illegal search and seizure as a result perfectly legal activites.

What where the documents stolen from the police car? Evidence of unjust behavior by the authorities? The authorities engage in activities to limit the expression of the public against the behavior government, someone get evidence of the unjustified nature of thos activities, and then the FBI issues a warrant to find the identities of people speaking out against the government in the name of finding the person who initial stole evidence of bad activities.

The issuance of this warrant under these circumstances creates an atmosphere of fear and uncertainty amoung law-abiding citizens how have expressed displeasure at the behavior of their governments. The fear is the fear of harassment and illegal search and seizure. The uncertainty is the not knowing what activities, legal or otherwise, might result in the feared punishment, and the not knowing who will be randomly selected for this punishiment.

This is an old secret police tactic. Make everyone think your watching them all the time. Make everyone think they could be arrested for doing nothing but disagreeing with the authorities. It's the terrorism of authority.

Re:Proxy servers? No log files?

[Trepidity]

It's not a specific statute, but it can make your defense much harder (though not impossible). If something illegal is traced back to your computer, that's normally evidence that you committed a crime. However, if you run a proxy server and have logs to show that somebody else committed that crime through your proxy, you have an alibi. If you just run a proxy but don't log, this alibi is much more shaky; you could just be running the proxy to cover for crimes that you're actually committing from that computer.

Re:Why would you expect so much of those luddites?

[Ian+Bicking]

I won't bother to argue about the facts that you propose, as opposed to leftist opinions. I doubt that would get anywhere.

However, I would point out that you seem to utterly miss the real issue.

The issue here is not whether the protesters are right or wrong, but whether they will be allowed to protest at all. And, in turn, whether anyone who has a strong opinion will be allowed to effectively voice that opinion (as opposed to just writing useless messages in comment sections like this).

This is a serious attack on free speach. The powers that be do not imprison these leftists (generally), but harass them at every turn. The way pepper spray and other non-lethal deterents have been used is simply torture -- more than once police have applied a pepper spray to the eyes of handcuffed or chained, nonviolent protesters with Q-tips.

During protests hundreds of people are arrested, but actual trials have been on the order of one or two per demonstration, generally with no convictions. This is obviously an abuse of the system, and systematic unjustified arrests.

These are the issues at hand. Now the FBI wants to find out who more of these protesters and dissidents are -- it is unlikely that this is because they have any intention of seeking conviction of anyone. The FBI has consistently shown itself to have no respect for basic civil rights, and is commonly used to sabotage and harass dissidents in the United States. COINTELPRO is largest such project by the FBI, continuing over more than a decade. It is well documented, and to my knowlege no one has ever been disciplined at all over this illegal and immoral operation.

It should also be noted that the FBI and other government institutions have often used agent provacateurs -- government agents and informants that incite dissident groups to violent, and usually self-destructive actions. I would be surprised if this has not been the source of at least some of the (relatively minor) violence.

These are the issues at hand. And you just seem to side with the thugs, ignoring their immoral behavior.

Re:Don't let you paranoia...

[crush]

Moderate me down only because I've overstepped the moderation guidelines, not because you personally happen to disagree with my--admittedly unpopular--viewpoint.

Unfortunately your holding of this opinion doesn't make you part of a minority. Censorship can be achieved through the crude, obvious methods of banning publication of particular material, or it can be achieved through harrassing those that express opinions that are deemed undesirable. I don't believe that the FBI thought that they were going to be succesful. They're just trying to intimidate. You are playing along with them. Same as all the other complacent folk that don't know what democracy looks like.

Re:Don't let you paranoia...

[Platinum+Dragon]

This is from the "I-want-to-disturb-any-conference-I-want-to-withou t-any-governing-powers-looking-over-my-shoulder-wh ile-I-do-it" department.

Or maybe the "protesting-the-drafting-of-a-document-meant-to-af fect-700-million-people-without-letting-even-1-of- those-people-see-it-beforehand" department.

Nah. Couldn't be. Those protesters were just kiddies and pinkos. My democratically-elected government knows best. They'd never do anything not in my best interest. Never.

Proxy servers? No log files?

[Sylvestre]

I run a couple proxy servers around the net and they all log to /dev/null. Don't track a thing. All of my web servers are the same for hit counting... after a half hour, the IPs are all gone. Why can't people who are going to taunt the FBI learn something and just NOT LOG A DAMN THING?

Re:Proxy servers? No log files?

[Vassily+Overveight]

if someone threatents the president from your anonymizer, and you don't keep logs, it's just as though *you* threatened the president from your own machine.

Assuming this to be true (and I've certainly never heard of any law or precedent like this), then I think you'd still be within your rights to have a log destruction policy that deletes them after a short time. This is what lawyers are telling their clients to do with corporate email to avoid having it used against them in court. And by the way, what happens if your logging hard disk crashes and you don't have a backup? Seems like going to jail would be a pretty harsh penalty for incompetence.

Re:Proxy servers? No log files?

[BlueTurnip]

Because if you run a gateway of any sort (in the US) and you don't log, you're held liable for the actions of anyone using the gateway. That means, in the eyes of the government, if someone threatents the president from your anonymizer, and you don't keep logs, it's just as though *you* threatened the president from your own machine.

REALLY??? I wasn't aware of any such law. Could you quote the statute and or precidents please?

I know that law enforcement has been trying to get something like this passed, but I was unaware that they had succeeded yet. Please tell me more.

Logs for good and evil

[anticypher]

From the court order:

All user connection logs for 216.213.32.98 for the time period beginning April 20, 2001, to the date of this Order for any connections to or from that IP address.
User connection logs should contain the following:
1. Connection time and date;
2. Disconnect time and date;
3. Method of connection to system (e.g., SLIP, PPP, Shell);
4. Data transfer volume (e.g., bytes);
5. Connection information for other systems to which user connected via , including:
a. Connection destination;
b. Connection time and date;
c. Disconnect time and date;
d. Method of connection to/from system (e.g., telnet, ftp, http);
e. Data transfer volume (e.g., bytes);


If you are running a site with controversial material, the logs will always be of interest by people who wish to do evil. Whether crackers or rogue FBI agents, your logs will always be a weapon in the wrong hands. Because of this fact, any controversial site should have a clearly stated policy of destroying logs on a regular basis. By stating this policy in advance and clearly posting it, it leaves little room for a legal charge of destroying evidence if and when the law shows up. What happens to IndyMedia when they hand over the logs the FBI discover most of that information is not logged? Will they face additional criminal charges, even if apache just doesn't log things like connection method?

On the down side, by regularly destroying logs, or never logging sensitive info to begin with, it makes it difficult to counter cracking/defacement/troll attempts, but that might be the price a controversial site like IndyMedia has to pay to protect the value of free speech.

Slashdot and other legitimate news sites will always hand over logs whenever the slightest demand is made. But if slashdot truely wanted to protect its posters, it would destroy the connection information on a regular basis, to thwart law enforcement or civil persecution. But since the acquisition by bendover, /. is just another commercially run site, and Rob and company no longer care about anything other than page impressions and banner revenues. Implementing policies to protect slashdot posters was possible when the site was Taco's and Hemos' pet, but now its just another business.

the AC

Re:IndyMedia is Scary

[arty3]

You have to realize of course that I could simply substitute Indymedia for CNN, NBC, ABC, or FOX News into your post, and it would make just as much sense.

Re:You have it wrong.

[sunbird]

I am one of a team of people coordinating the legal response to this. The Seattle IMC has not turned over any logs and plans to fight in court for our right not to turn over even 1 log entry. And while we haven't found any posts with the President's travel info, we did find two posts with classified info, see here and here. These were the posts the agents were referring to. Their reference to the president's travel information was just plain wrong -- we have looked carefully on all IMC sites and have failed to find any such post. The agents were either lying (likely) or very stupid (also a possibility).

Legal response

[sunbird]

Unfortunately, it's not quite that simple. Yes, the Privacy Protection Act applies and we plan to rely on it. However, there are cross-border bilateral treaties which gives US law enforcement the authority to investigate a certain subset of Canadian crimes.

The alleged crimes here are theft and mischief. Mischief is not one of the listed crimes, so there is no jurisdiction for it. However, it is unclear whether theft is or is not. We are currently looking into the scope of the treaty. We have also asked the US attorney to clarify the basis of his jurisdiction. Not surprisingly, he has not responded.

We did have a press conference on Friday, you can listen to the statement, plus some good q&a with our attorney, Dave Burman. The whole thing is right here.

Re:The Motion to Vacate the Gag Order

[sunbird]

APR 27 2001

UNITED STATES DISTRICT COURT WESTERN DISTRICT OF WASHINGTON AT SEATTLE

N0. GS 01-184
ORDER VACATING ORDER OF NONDISCLOSURE

In the matter of the application of the United States of America for an order authorizing the disclosure of records and other information pertaining to electronic communication service provided by Indymedia

This court having considered the motion by Independent Media Center to vacate that portion of its order in this case entered on April 21, 2001, which forbids independent Media Center, and its agents and employees, to disclose to any person the existence of the order, or of the application for that order, or of the existence of the investigation which prompted that application.

It is hereby ordered that the portion of the order in this case entered on April 21, 2001, which forbids Independent Media Center, and its agents and employees, to disclose to any person the existence of the order, or of the application for that order, or of the existence of the investigation which prompted that application, is vacated.

Dated this 26 day of April, 2001.
Monica Benton
UNITED STATES MAGISTRATE JUDGE

Violates Privacy Protectoin Act of 1980

[Animats]

The Privacy Protection Act of 1980 clearly applies here. (That's the one that got the Secret Service in big trouble in the Steve Jackson Games case.) This order looks like it's outside DOJ's own guidelines, too.

From the Wall Street Journal Front Page

[YIAAL]

"I'd rather have a sister in a whorehouse than a brother in the FBI." Securities Commissioner Tom Krebs, discussing the heavyhanded Ineptitude of the FBI 20 years ago. Apparently, some things never change.

It's more complicated than that...

[tunesmith]

They've got a tough contradiction they are dealing with. On the one hand, their mission is to be alternative media; to let people post news that normally would be squelched in other media realms. On the other hand, if they want stuff worth reading and disseminating, they really need better moderation and editorial control. Any time they start talking about a more restrictive moderation system, I imagine they get in all sorts of arguments.

The problem with most moderation systems is that they homogenize and get rid of the extremes. What they really need instead of basic moderation (where everyone polices each other and where articles are judged by how often folks agree with them) is some sort of trust metric that is seeded from the people that have the reputations of being the most knowledgable and reliable.

(While I agree that the "inbred ideas" thing is a problem with groupthink, that isn't the point with indymedia. The whole point is that indymedia is the alternative to the mainstream media. And it's supposed to be more of a news site where they report on happenings that normally go unsupported, rather than a purely editorial/philosophy site where everyone pats each other on the back.)

But they've got a lot of articles that are really frustrating... for instance, articles that might show some good insight about Palestinian hardships, but that then devolve into some really nasty anti-Semitism. Aside from an example like that being offensive, it's also just a shame because it's a good example of how it undermines its own potential. The site often feels like it demonstrates the stereotype that the protesting population is just continually disorganized and falling off message. It is also confusing that indymedia is just as much populated by anarchists as it is by the nonviolent "peaceful" protestors. There's a lot of infighting going on there, and their aims are very often contradictory.

But overall I like it better than most protest sites because the motivation behind it is constructive - it's not inteded to be a big "insert-vent-here" like a lot of other left-wing and right-wing sites. And some of their efforts are extremely impressive, like during the election - they had live audio webcasts witnessing Nader's difficulties getting into the presidential debates, for instance, which showed a lot of detail that wasn't in the news. It was very cool. I don't visit often, though - I think I'm holding out for a future version when there is that trust metric and where the discussions are more like sourceforge; where there are political "project managers" visualizing actual goals and mileposts and benchmarks and putting together virtual teams to actually accomplish changes in a methodical constructive way.

tune

Re:Policing the 'net

[dannywyatt]

1) turn over server logs containing the IP address of the alleged lawbreaker

This does not seem reasonable. In their statement the IMC makes a good point that turning over the entire log(s) would expose more IP addresses than just the lawbreaker's. This could be seen as intimidating people from visiting their site just to read it.

It would seem we need something akin to the Video Privacy Protection Act for internet traffic.

what about random mouse clicks?

[firewort]

I very often find myself taken to sites I had no intention of going to (disguised goatse links, anyone?) and don't want to be subject to inquisition by the FBI or other services for those clicks.

While I admit that I am responsible for my own actions, I submit that clicking on links is as risky as changing channels on a television- You never know what content you'll get unless you've targetted that channel before. If I pass over the sex channel or local-cable access showing paranoid survivalists, should I be held accountable because TiVo shows that I requested that channel for a few minutes before becoming bored and moving on?

I say that this is an imposition that we shouldn't have to suffer.

(donning flamesuit now to be ready for the replies)

A host is a host from coast to coast, but no one uses a host that's close

Mystery solved.

[Eladio+McCormick]

Again, this doesn't look like they're going after server logs at all, but rather they're trying to track people who used the IP in question (216.213.32.98) as a dialup connection point.

$ nslookup www.indymedia.org
Non-authoritative answer:
Name: stallman.indymedia.org
Address: 216.231.32.98
Aliases: www.indymedia.org

Looks like the order simply has a typo ("213" instead of "231"), and that they are going after the IMC web server indeed.

The weird requests (SLIP, PPP, etc.) could be explained away by just assuming the FBI has some boilerplate host logs request document. Somebody just grabbed that, plugged in a mistyped IP, and sent it off.

Which makes the part in the IMC press release which goes

the court order contained a non-working IP address, rather than an address assigned to any of the IMC sites.

to be just wrong. Presumably, if the IMC people are knowledgeable enough to do a nslookup on this IP, then they should also be capable of noticing how similar it is to their own server's, right?

The FBI wants YOUR log files

[corvi42]

The FBI wants YOUR log files ( insert unlce same here )

So why don't we give them to them? How would things stand if slashdot and 20 other websites just voluntarily submitted their log files to a few select members at the DOJ. Say, one email per page-view, you know, just 'cause they were so interested in seeing them.
This would give a new meaning to the word slashdot effect.

Rage against the machine

[deran9ed]

*sigh* And the US wants to pass this shit too...

Maybe you're a civil libertarian, and maybe you're not. Maybe you worry about how the United States exercises its vast investigative and prosecutorial powers, and maybe you don't.

But if you counsel U.S. corporations on computer-related issues, you should be concerned about a new proposed treaty known as the "Convention on Cybercrime." The Council of Europe, a 43-nation public body created to promote democracy and the rule of law, is nominally drafting the treaty. Curiously, however, the primary architect is the United States Department of Justice.

The Department of Justice and Federal Bureau of Investigation are using a foreign forum to create an international law-enforcement regime that favors the interests of the feds over those of ordinary citizens and businesses. Their goal is to make it easier to get evidence from abroad and to extradite and prosecute foreign nationals for certain kinds of crimes.

Maybe you trust the law-enforcement chiefs in D.C. to do the right thing. But here's the catch. The same new powers given to the United States will also handed over to Bulgaria, Romania, Azerbaijan, and other Council of Europe nations that-although officially democratic now-don't have a strong traditions of checks and balances on police power.

Do you want investigators rummaging around your clients' computer systems on warrants issued by former Soviet bloc nations?

(read full article here)

I wonder how many people visit the site using proxies, and if IP addresses are going to be used, I hope Indy Media know how circumstantial thay shit is. I wonder if it can be fought with in court with a demonstration of Packet Replays and Packet Injections, to show how just how shitty using IP addresses as identification can be.

And people think I'm paranoid about using daisy chaining proxies along with Safeweb

Well for those here who need it (I doubt there's many) here are my privacy links.

Re:Policing the 'net

[freeweed]

the 'net would be nothing more than a cesspool or porn, warez, and hax0rs, with none of the redeeming content that we so value

Hmm... I always thought that this WAS the redeeming content of the internet that we so value.

USENET

[janpod66]

That is one of the many reasons why centralized web-based services are not such a good idea. In fact, we have a perfectly good service for distributing information widely without the ability for anyone to identify readers: USENET. For better or for worse (I think for worse, actually), it is even permanently archived and searchable now. And USENET offers a choice of jurisdiction of where the identity of a poster is protected.