Hacker Newsnew | comments | show | ask | jobs | submit login

This seems like a no-brainer to me. The FBI has the duty to find the Pitt bomb threatener. Perhaps Mixmaster truly does make the email untraceable, but it's the FBI's duty to try tracing it - not to take the Mixmaster claims as fact. If the FBI has evidence that criminal emails passed through that server, I absolutely want the FBI to be able to obtain and execute a warrant to seize it and search it for evidence.

Analogy: the cops need to look at a gun store's records to track down a criminal shooter. The cops have reason to believe people with access to the gun store might go in and destroy those records. Should they be able to shut down the gun store (temporarily) and block access to it while they execute a legal search warrant on it?




The biggest injustice is that innocent private parties are forced to carry the costs of something that (allegedly) will benefit the public.

Investigations of crimes benefit the public, and so the public (taxpayer) should pay the costs of the investigation, not whatever private party the costs happen to fall upon. Taking this logic to its conclusion, in a fair and just society, if a law enforcement agency executes a search warrant, it should have to pay those affected by the search warrant the reasonable costs of that seizure (e.g. the cost of renting and deploying an acceptable alternative until the equipment is returned, or the cost of lost business if it is a purely for-profit organisation and loss acceptance appears to be the cheaper based on the information available to the business at the time). This wouldn't apply if the court was satisfied following a contested hearing that the person having assets seized was a party to a crime being investigated.

While the above would be fair, it is not how the law works in many jurisdictions, because politics works on what politicians can fit in a sound bite (lower taxes! more law enforcement on the same budget!), not necessarily what is fair to minorities like innocent parties having their equipment seized.

-----


Criminals (and worse) use all sorts of things, including technology, that everyone else uses. By your logic, the FBI should execute seizure warnings against GMail, Yahoo mail and Facebook... every time they have "evidence that criminal emails passed through that server."

Frankly, your logic makes no practical sense.

-----


> Criminals (and worse) use all sorts of things, including technology, that everyone else uses. By your logic, the FBI should execute seizure warnings against GMail, Yahoo mail and Facebook... every time they have "evidence that criminal emails passed through that server."

They do, actually, except most of the time they don't bother with the warrant, and it doesn't make the news because neither law enforcement nor the companies involved have any interest in disclosing it.

If secure anonymization technologies become a lot more common, law enforcement organizations will eventually learn not to bother. Until then, anyone running such a service (such as a Tor exit node) should expect to have this happen to them periodically.

-----


The FBI should absolutely execute a seizure warrant against those companies, if doing so is effective, but:

- Those companies probably have too many servers and too much data to make seizing all of it productive.

- Those companies would be less likely to be effected, as they have backups and redundant servers for handling outages.

- Those companies keep records that they provide to law enforcement when presented with a warrant or subpoena.

It's 100% ok to run an anonymizing remailer, with no backup strategy in place. It's retarded to act surprised and indignant when the server gets seized because it was probably used to commit a crime.

-----


It's retarded to act surprised and indignant when the server gets seized because it was probably used to commit a crime.

Did you read the press release? Riseup was not running the anonymizing remailer, it just happened to be on the same physical machine as some of Riseup's infrastructure/e-mail accounts/listservs/etc.

From the press release:

The seized server was operated by the European Counter Network (“ECN”), the oldest independent internet service provider in Europe, who, among many other things, provided an anonymous remailer service, Mixmaster, that was the target of an FBI investigation into the bomb threats against the University of Pittsburgh.

-----


Good point. Then it's ok to be surprised. This is a non-obvious risk of shared hosting.

-----


Further, Public Enemy Number 1 (Bin Laden) purportedly used basically no direct network technology to disseminate his bidding he used a sneakernet to get info to various folks.

EDIT:

Obviously the person down voting me is not aware of how Bin Laden used USB sticks...

http://news.techworld.com/security/3279773/bin-laden-used-us...

-----


Law enforcement can of course do seizures when it's warranted. But in this case they, as I understand, did not try to get logs in regular ways (i.e. just asking for them) and there actually is no logs useful for them. So it sounds like an intimidation move - "keep logs so we could have them or we'd just take everything". Using you analogy, it's like when FBI wanted records from gun store and the owner said he doesn't have them, they would just demolish the whole store and move it to FBI facility in case they could find something hidden in the walls. Clearly looks like scenario of "you better give us what we want and quickly, or it would be a world of pain for you, regardless of your innocence and absence of connection to any crimes". Case in point: http://news.ycombinator.com/item?id=3865942

-----


Another question pertinent to the hypothetical situation you pose: Should the FBI be able to keep the store's records of purchases made by other citizens not under investigation if they are "accidently" discovered during the process of search?

Under previous federal administrations, such information was required to be destroyed if collected. However the current administration and counter-terrorism guidelines assert that such private information may be held for 5 years, and shared between government agencies.

-----




Applications are open for YC Winter 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: