Indymedia Server Seizure Update (AKA, We Told You So):
Do you remember the major online civil liberties scandal of October 2004, the Indymedia server seizure by the FBI? Recall that according to news reports at the time, the FBI had shut down Indymedia's servers by taking servers owned by a hosting company named Rackspace. The story was sold as an "FBI tries to chill speech by shutting down website" story, and received fairly wide mention in the press. The usual suspects were quoted, such as this bit from an AP story:
  "The implications [of the seizure] are profound," said Barry Steinhardt of the American Civil Liberties Union, calling the Indymedia activists "classic dissenters" and likening the case to "seizing a printing press or shutting down a radio transmitter."
  "It smells to high heaven," he said.
  As you may recall, we here at the VC were pretty skeptical about this story. Here is what I posted about the case on October 26th, 2004:
  But what really happened? I decided to take a closer look, and I have reached a tentative conclusion: This story was badly misreported from the beginning. Not only did the FBI do everything by the book, but they didn't even seize or attempt to seize any computers.
  . . .
  Here's the important part: It seems fairly certain that the FBI order did not order Rackspace to hand over the server or shut down the site. Based on what we know, it seems highly likely that the order was obtained under the Electronic Communications Privacy Act, which gives the government the authority to compel information (not physical things) from ISPs. Why is this likely? There are a few reasons, but one is that Rackspace has claimed that it cannot disclose the details of what happened under a court order. A non-disclosure order is a "smoking gun" that ECPA provided the authority. Normal subpoenas are not accompanied by any type of order not to disclose, but ECPA allows prosecutors to apply for a court order requiring the ISP not to disclose the existence of an order to disclose information under 18 U.S.C. 2705(b). I can't be sure, but it seems highly likely that Rackspace's refusal to comment further is a response (whether justified or not) to a Section 2705(b) order. If that's true, all the FBI did was serve a court order to disclose information on Rackspace.
  Why was Indymedia's service shut down? This post from Eugene offers the most probable answer; in all likelihood, Rackspace figured it would be easier to give up the server and let the law enforcement folks figure out what they want rather than go through and get the information themselves. It seems that the servers were not given to the FBI, however; the relevant servers were located in England, and the FBI has denied involvement. All we know is that Rackspace handed over the servers to someone in England, and that the servers were then returned to Rackspace a few days later — apparently after the relevant information was obtained. When its service was disrupted as a result of the server switch, and Rackspace was asked to explain what happened, Rackspace put out a press release pointing to the FBI for the problem: the statement says that "Rackspace is acting as a good corporate citizen and is cooperating with international law enforcement authorities. The court prohibits Rackspace from commenting further on this matter."
  To summarize, it seems highly likely that the FBI only served an order to disclose information on Rackspace. Rackspace was lazy, though, and instead, on its own volition, handed over the entire server (to whom, we don't know). . . . Further, it's not clear why any gag order on Rackspace would forbid Rackspace from admitting this. I don't know much about Rackspace, but I wouldn't be surprised if they are taking an unreasonably broad interpretation of the nondisclosure order to try to shield their goof-up from the public.
  (emphasis in original) The Electronic Frontier Foundation, thinking it might have another Steve Jackson Games case on its hands, filed a lawsuit to try to have the underlying documents unsealed so as to reveal the extent of the government's wrongdoing.

  Okay, enough recap. Many of the documents have now been unsealed, available here, and seem to reveal what I expected: the FBI did everything right, and the "seizure" (and possibly the cover-up) was the work of Rackspace, not the FBI. As I read the documents, it seems like Rackspace goofed and may have made up the gag order story to make sure that the blame for the shutdown was pinned on the FBI instead of Rackspace.

  Declan McCullagh has the udpated story:
  In October 2004, a federal prosecutor sent a subpoena to Rackspace Managed Hosting of San Antonio, Texas, as part of an investigation underway in Italy into an attempted murder. Under a mutual legal assistance treaty, the U.S. government is required to help other nations secure evidence in certain criminal cases.
  The newly disclosed subpoena, which has been partially redacted, asks only for specific "log files."
  But Rackspace turned over the entire hard drive at the time, taking the server offline and effectively pulling the plug on more than 20 Independent Media Center Web sites for about a week.
  Rackspace claimed at the time that the subpoena required the company to turn over the customer's "hardware."
  Now that the documents have been unsealed by a federal judge in Texas, though, Rackspace is backpedalling. "A Rackspace employee mistakenly used the word 'hardware' to describe the contents of a federal order," company spokeswoman Annalie Drusch said in an e-mail message to CNET on Tuesday.
  Drusch's e-mail also said: "Rackspace employees searched for the specific information requested in the subpoena but were unable to locate this information prior to the strict delivery deadline imposed by the FBI. In order to comply with the mandated deadline, Rackspace delivered copied drives to the FBI. . . .
  Over at the Electronic Frontier Foundation website, they're asking some interesting questions about this alleged gag order:
  On October 8, 2004 Rackspace issued a statement that "The court prohibits Rackspace from commenting further on this matter." However, the unsealed documents do not contain a gag order; the court order authorizing the Commissioner's Subpoena only said that notice to other parties was not required.
  On August 1, 2005, EFF spoke with Annalie Drusch, the Director of Corporate Communications for Rackspace Managed Hosting, seeking comment now that the case files were unsealed. We are awaiting a response.
  This type of dynamic seems to happen a lot in online civil liberties stories. The key seems to be that the FBI and DOJ don't comment on pending cases and matters as a matter of policy, but refusal to comment always sounds kind of suspicious. To get the press very worked up, all that is needed is one vaguely credible person willing to say something that sounds like it may involve government wrongdoing. By the time it becomes clear that there was no 'there' there, the particulars of the story have been forgotten and people just have a general sense that the government was up to no good. Of course, sometimes it is true that the government has erred, and those cases are vitally important. Having a vigilant press is a very good thing. At the same time, there seems to be an unusually low signal-to-noise ratio in this area. The stories follow a predictable course, from press frenzy to Heather MacDonald story recapping the misunderstanding months later.
carpundit (www):
Great post, and you were right, but you buried the lede today:

"FBI and DOJ don't comment on pending cases.... To get the press very worked up, all that is needed is one vaguely credible person willing to say something that sounds like it may involve government wrongdoing."
8.5.2005 1:23pm
Ken Arromdee:
However, government agents can unofficially hint or suggest that companies cooperate with them. They're quite capable of making things miserable for the company if the company doesn't follow the unofficial demand.

So the fact that the ISP claimed there was a gag order and a seizure order, and the documents don't show this, doesn't necessarily mean the ISP was lying or mistaken, and that there was no FBI request. It just means there was no *official* request, but there could have been a lot of under-the-table leg pulling.
8.5.2005 3:44pm

I don't understand. Everyone agrees that there was a court order requiring Rackspace to hand over the logs so the Italian authorities could investigate an attempted murder in Italy. Are you suggesting that the FBI may have pushed Rackspace to hand over the physical servers instead of the logs?
8.5.2005 5:08pm
Ken Arromdee:
Sure. That's a definite possibility. It would explain why Rackspace had described FBI demands that aren't consistent with the unsealed documents--they did receive the demands, but not as official documents.

Alternately, perhaps the demands are in the rest of the documents that remain sealed.

The EFF has also pointed out that the FBI demanded the log files by August, yet Rackspace took the server down in October. This doesn't seem consistent with the theory that Rackspace just gave the FBI more than they asked for--if that theory was true, Rackspace gave them too much, but also gave it too late. Instead it suggests that there was a second demand that we haven't heard about yet.
8.6.2005 2:32am