FBI Seizes Servers In Virginia

Axolotl_Rose writes "The FBI has seized servers belonging to several clients of a hosting company in Reston, VA, disrupting service for many other clients. 'In an e-mail to one of its clients on Tuesday afternoon, DigitalOne’s chief executive, Sergej Ostroumow, said: “This problem is caused by the FBI, not our company. In the night FBI has taken 3 enclosures with equipment plugged into them, possibly including your server — we cannot check it.” Mr. Ostroumow said that the FBI was only interested in one of the company’s clients but had taken servers used by “tens of clients.” He wrote: “After FBI’s unprofessional ‘work’ we can not restart our own servers, that’s why our Web site is offline and support doesn’t work.” The company’s staff had been working to solve the problem for the previous 15 hours, he said.'"

The FBI should try that on cloud hosting

[initialE]

1. Take the servers
2. There is nothing on the servers - take the Storage
3. The storage is remotely replicated - pull the remote storage
4. You can't pull the remote storage, you don't have jurisdiction overseas

Civil and criminal liability

[dgatwood]

I think it's time to hold the FBI to the same standards that they would hold the rest of us. If I went in waving a gun around and demanding to walk away with somebody else's server, they'd throw my ass in jail.

If they want access to a particular client's content, they can go through the same process as a DMCA takedown request or a backup request would. They make a request, the company yanks that customer's access, then clones that customer's data onto a new drive, then hands them the drive.

As far as I'm concerned, every single client of this ISP ought to sue the FBI for the damage they caused—for the downtime, for the loss of data, for the time spent trying to reach the ISP to figure out what was going on, for the cost of any failover hardware or service that they had to pay for in lieu of that service, etc. If the FBI had to pay out a few million dollar settlements every time they pulled a stunt like this, they'd think twice about acting like a bunch of thugs, and they would go through proper channels and do their investigation in a way that doesn't cause collateral damage.

There's simply no excuse for such sloppy investigative work. If they screwed up so royally with the servers, you have to wonder how many grievous errors they made in other areas that would lead to the evidence being declared tainted, criminals going free, etc.

Re:Civil and criminal liability

[icebike]

You can try to file a suit, but you probably wouldn't get anywhere.

The Federal Tort Claims Act was enacted by Congress in 1946 to allow citizens to sue the federal government. Prior to that you had to get something
passed by congress in order to sue the government.

From http://www.finchmccranie.com/refresher.htm

While the passage of the FTCA constitutes a limited waiver of sovereign immunity, Congress specifically limited the government's amenability to suit in a variety of different circumstances. In 28 U.S.C. 2680, Congress specified that its limited waiver of immunity would not apply to the following claims:

(a) any claim based upon an act or omission of an employee of the government, exercising due care, in the execution of a statute or regulation, whether or not such statute or regulation be valid, or based upon the exercise of performance or the failure to exercise or perform a discretionary function or duty on the part of a federal agency or an employee of the government, whether or not the dis- cretion involved be abused; ...

So you see, you are effectively shut down before you get to the courthouse steps. All they need do is say "We had evidence that all servers we took were involved" and there is nothing more you can do. You will not be granted the ability to examine that evidence.

FBI: Driving businesses out of the country

[mykos]

I think most of the smart IT people are beginning to view the U.S. as a threat to their business. If U.S. investigative agencies can disrupt dozens, or even thousands, of innocent individuals and businesses with impunity, why the hell would anyone take the risk hosting in the U.S.?

Re:Solution

[TooMuchToDo]

The hosting company I co-own with the rest of my employees is mid-sized (several million a year, but under 10 people), but we operate this way. Equipment is owned by corporations incorporated in the jurisdiction where it resides on a country-level basis. We own gear in the US, the EU, Japan, China, and Australia. No corporate entity is tied to another, and resources are redundant through the infrastructure. Come to me in the US with a subpoena for anything on any of our gear outside the US? Fark off. When the hell did people give up on their principles?

Re:Restore from backup?

[Black+Parrot]

Of the data, yes. Of the hardware, which is currently missing, not really.

Really? I copy my hardware to my 3-D printer every night.

Re:Cloud

[billcopc]

(unless it's been bugged)

You just negated your own argument. Sorry, man, do not pass go. Do not collect 200 karma.

Law enforcement needs to decide on a firm, reliable way to identify those responsible for cybercrime, to punish them and ONLY them, not the people who happen to be providing service along the way.

Do they shut down the power company every time the crooked DEA finds a grow op ? No, because the power company is simply providing a service irrespective of usage. We need to start treating the internet like any other utility, since that's what it has become. Want a site shut down ? Track the IP, look up Whois, call the ISP, follow procedure. Randomly and illegally seizing property is NOT going to solve any problem. It will only incite more to rebel against the broken legal system.

Go ahead FBI, ruin someone's business and livelihood over fabricated evidence and feeble-minded assumptions, but don't act surprised when that ex-entrepreneur shows up at your doorstep with a bottle of jack and a loaded shotgun. Actions have consequences, and abuse of power merits the harshest consequences of all.