Back to previous post: James Arthur Ray convicted of negligent homicide

Go to Making Light's front page.

Forward to next post: Fort Knox Threatened!

Subscribe (via RSS) to this post's comment thread. (What does this mean? Here's a quick introduction.)

June 24, 2011

Nice datacenter you have there
Posted by Abi Sutherland at 04:56 AM * 76 comments

So. After a raid in which they seized equipment from DigitalOne, a Swiss-based hosting company with equipment in Reston, Virginia, the FBI has announced that it is bringing action against a couple of fake antivirus software distributors. The defendants are accused of using scareware to convince people to buy their stuff, and of infecting web ads with malware that locked away users’ data unless they did so. These are serious crimes affecting many people all over the world. So yay, right?

Well, sorta.

The Bureau’s search warrant seems to have been overbroad. According to the DigitalOne’s CEO, the raid had a wider impact than just the customers under investigation:

“FBI was interested in one of our clients and in his servers, but they took besides target servers tens of not related servers of other customers,” he said. “Most of our customers are sub-providers which host hundreds and thousands of smaller customers.”

It appears that the FBI agents removed the entire racks containing the servers of interest. This affected several well-known sites whose equipment happened to be on those racks, including Curbed.com, Pinboard and Instapaper. Depending on what hardware was removed, a whole bunch of online companies were either entirely dark or running on restricted services.

Marco Arment, the founder of Instapaper, blogged today that they now have their server back. Logs indicate that its drives weren’t booted into the OS during its absence. It’s possible, of course, that the FBI copied them without booting, though Arment says he sees no reason for them to retain the data if they did. (He was substantially less sanguine in the immediate aftermath of the raid.)

I expect that many of the companies affected will be explaining their password encryption protocols to their customers over the next few days. I also expect that many of them will be upgrading their security if those explanations don’t reassure.

And I expect that many of them will also move their business away from DigitalOne. Instapaper already has, citing customer service failures.

For whatever it’s worth, I have deleted the code, data, and keys from the server and asked DigitalOne to cancel my account immediately. I’m not convinced that they did everything they could to prevent the seizure of non-targeted servers, and their lack of proactive communication with the affected customers is beneath the level of service I expect from a host.

He clearly intends to move on from this incident.

I appreciate the outreach from people wanting to help me fight the FBI or DigitalOne somehow, but that’s honestly the last thing I’d want to do. Even if money were no object, I can’t afford the time or the stress, I’m not looking for any sort of reimbursement, and nothing they say would absolutely assure me (or even the slightest skeptics) that they had zero copies of the data.

As he points out, it makes perfect sense for his company to do this.

I have a great product to maintain, expand, and improve, and there’s nothing I’d rather do than get back to work doing what I love.

But I’m flashing back about half a year here. Remember when Amazon booted Wikileaks from their servers after being contacted by Senator Lieberman? The cited reason was a Terms of Service violation, and of course, I have no basis for asserting that Wikileaks was not in violation of the TOS. But I do wonder whether the specter of a disruptive FBI raid on a datacenter or two might not have been raised, either on the phone from Washington or in the boardroom in Seattle.

I suspect that the pressure on hosting companies to avoid problematic customers is enormous, and incidents like this one will only increase it. Sometimes the problematic customers will be spammers or scammers, fraudsters or criminals. But how sure are we that there won’t also be investigations of politically or economically inconvenient targets? The FBI’s record on this sort of thing isn’t exactly reassuring.

And even if the evidence gathered in an investigation doesn’t pass the threshold for a search warrant, all the hosting company has to do is, you know, overhear that the G-men are looking at one of their customers. No responsible business would want to take the risk that a judge might issue a warrant to an agency that has a history of taking down unrelated customers as well as suspect ones. Better to let the problematic ones seek hosting elsewhere, right?

And customers of said hosting companies, if they’re wise, will start worrying about who is in the server next to theirs. It may become prudent to put some (or all) of their custom with hosts that choose their clients with an eye to these sorts of risks. This may make it difficult for anyone with more inclusive policies to stay afloat, but that’s the way that business goes.

Nor will moving out of the U.S. help. As U.S. Attorney B. Todd Jones of the District of Minnesota says in the FBI’s statement on the investigation:

Addressing cybercrime requires international cooperation; and in this case, the FBI, collaborating with our international law enforcement and prosecution partners, have worked tirelessly to disrupt two significant cybercriminal networks. Their efforts demonstrate that no matter the country, Internet criminals will be pursued, caught and prosecuted.

As Assistant Attorney General Lanny A. Breuer says in the same statement,

…computer users must be vigilant in educating themselves about cyber security and taking the appropriate steps to prevent dangerous and costly intrusions.

Indeed.

Comments on Nice datacenter you have there:
#1 ::: Teresa Nielsen Hayden ::: (view all by) ::: June 24, 2011, 06:52 AM:

When I saw that story, my first thought was that it was clumsy procedure on the FBI's part. Thank you for pointing out the other implications.

#2 ::: David Harmon ::: (view all by) ::: June 24, 2011, 07:21 AM:

The thing is, that implication -- both shutdown and copying -- has been around as long as computer seizures were needed to take evidence. Even before that, a full LEO investigation was known to be potentially disabling or deadly to a company, especially a records-heavy one.

And the flip side of the broad is a legitimate law-enforcement interest: Unless they know for sure that the provider isn't in bed with the crooks, they can't afford to let said provider tell them which servers they "get to" take off the racks.

Yes, this is an unusual position for me to take, but I'm very much in favor of shutting down spammers with extreme prejudice.

As for Washington vs. Amazon, there are far worse things Amazon could have been threatened with. Say, new rules imposing various liabilities on them, or a tax investigation....

#3 ::: Handslive ::: (view all by) ::: June 24, 2011, 09:26 AM:

This notion of walking in and seizing a single customer's server is not entirely reasonable if your server is hosted with a large provider, and it gets less reasonable if you're hosted by a cloud service similar to Amazon's.

The data associated with your server may not be on a single disk or even directly attached to the hardware that runs the operating system and applications for one thing. If the provider is making use of a SAN (Storage Array Network), your data might be scattered across many disks used by hundreds of other customers. If the server itself is a virtual machine, then your server may be running on a single physical blade server mounted in a blade chassis with several other blade servers. You may be one of 10 or 20 other customers running on the same hardware, completely isolated from each other.

The hosting company might offer to halt the virtual machine that's of interest and make a copy of its image, but will the officer in front of them know what that means in terms of forensics? Will it match what the wording of the warrant has told him they're obligated to provide? His forensics specialists will probably be concerned that they can't look at deleted files that are potentially still on the physical disk somewhere. Does the hosting company have its own forensic specialists who can work with the officer to extract something useful without shutting down a couple of racks of servers and storage?

Damn straight, Amazon was worried. And short of paying for your own stand-alone hardware, something that is going to get less attractive to the hosting companies as time goes on, where do you think you can go that your business won't be part of the collateral damage? Concentrated, shared storage and hardware makes sense to the hosting company because it's a more efficient use of power, space, cooling, and manpower to operate. All of those things are at a premium now.

I don't imagine that the situation was simple here, nor is it likely to get simpler.

#4 ::: abi ::: (view all by) ::: June 24, 2011, 10:21 AM:

Handslive @3:

Either the reporting is hopelessly muddling the story, or virtualization and cloud-type services are not involved in this situation. I note, for what it's worth, that the FBI took some, but not all, of DigitalOne's racks. That makes me think that we're still talking physical machines allocated to specific customers, and the overreach was in taking whole racks rather than individual boxes.

But as you point out, the infrastructure is shifting to something that doesn't just fit the mental models badly, but doesn't fit them at all. It will soon become like trying to get a warrant for the physical handset on which a telephone conversation took place, rather than the content of the conversation.

I don't think that will change the ways in which these kinds of intrusive and clumsy searches impact businesses. And, although I don't know that the FBI intended to punish DigitalOne for having what they consider to be dodgy customers, I doubt they're crying into their beers about that side-effect of the whole affair.

#5 ::: abi ::: (view all by) ::: June 24, 2011, 10:24 AM:

David Harmon @2:

And the flip side of the broad is a legitimate law-enforcement interest: Unless they know for sure that the provider isn't in bed with the crooks, they can't afford to let said provider tell them which servers they "get to" take off the racks.

It's perfectly possible to get your own sysadmin in to look at the records and untangle which ones are which, either from the logs, billing, and usage records or working alongside the providor's staff. I've been an external auditor. I know how to make that thing work.

Yes, this is an unusual position for me to take, but I'm very much in favor of shutting down spammers with extreme prejudice.

There's always a crime bad enough to make us willing to elide a few rules and accept a little collateral damage when we fight it.

It's never, in my opinion, a good idea.

#6 ::: Bruce Baugh ::: (view all by) ::: June 24, 2011, 10:27 AM:

David and Handslive: I think the situation is quite simple if you look at the situation of Instapaper and all the other people who aren't under investigation. The American constitution does say quite clearly that they shouldn't suffer this kind of loss. Period. If that means that the government will find it impractical to do some kinds of searches...that's tough. The whole point of rights...okay, not the whole point, but a big point, is that they make some things the government would like to do impractical. They are a limit on the exercise of power.

It is one of the first responsibilities of government to go about its business with an eye on the rights both of the accused and of everyone else who isn't accused. If they can't do that, then they shouldn't get to execute their warrants.

#7 ::: Martin Haywood ::: (view all by) ::: June 24, 2011, 11:01 AM:

It's surely possible, given the certainty of collateral damage if they simply remove servers, for the FBI to copy the data and take away the copy. It would seem likely that this would give them more time to look into the matter without tipping off their interest to the people under investigation.

So why didn't they take an image of all the drives that were relevant? Because they're stuck in the G-Men mythos of the 1950s. Charge in waving a warrant and strike fear into the hearts of bad guys and commies everywhere. Nowdays that's just stupidly clumsy.

Like using drone missiles to kill militants in the Waziristan and hitting the wedding party. Or "kettling" hundreds of peaceful protestors to arrest the idiot kid with the brick.

*sigh*

#8 ::: xeger ::: (view all by) ::: June 24, 2011, 11:10 AM:

Having just looked at what DigitalOne provides, the whole seizure suddenly makes a whole lot more sense.

They use HP BladeServers, which means that there's a single chassis containing multiple blades, each of which is seen as a single server (or several virtual servers).

As such, I can absolutely understand the FBI having seized servers rented by more than one customer -- hard not to, when you're talking about more than a dozen "servers" in a single chassis.

I'll absolutely agree that it sucks for the (innocent) companies affected -- and also suggests that the FBI need to update their seizure practices to take things like blades (and virtual machines) into account -- but seizing something like a complete blade enclosure is a different case from randomly grabbing an assortment of physically separate servers in different chassis from a rack.

#9 ::: David Harmon ::: (view all by) ::: June 24, 2011, 11:14 AM:

Abi #5: Just having an armed police force produces "a little collateral damage"! Others have discussed the technical issues; I'll just note that absolute moral positions can be dangerous. It's one thing to do your best to minimize harm and inconvenience to bystanders. But refusing to accept any possible harm to bystanders... that's a problem, because it's not in touch with reality. Offhand, anyone with a potential hostage in reach gets a fee pass, likewise any gangster operating behind a legitimate business... or any cyber-criminal running off someone else's servers.

Law enforcement is a tradeoff, and just as we slam them when they don't do their jobs, or do them incompetently, we should praise them when they do do their jobs, in this case taking down a particularly noxious and hard-to-catch sort of cybercriminal.

#10 ::: Handslive ::: (view all by) ::: June 24, 2011, 11:23 AM:

@abi
Even if virtualization isn't involved here, my point is that finding a provider with all the features Instapaper might want is going to be difficult. And that's not going to get better for other customers concerned about this kind if impact.

#11 ::: TrashedMyCookies ::: (view all by) ::: June 24, 2011, 11:24 AM:

@David: I have a problem with the attitude that rights for which my forefathers put their lives and fortunes on the line are out of touch with reality. It's reality that needs to change here, not the right to be secure in one's effects against unreasonable search and seizure.

#12 ::: abi ::: (view all by) ::: June 24, 2011, 11:32 AM:

David Harmon @9:
Just having an armed police force produces "a little collateral damage"!

Many of my British friends would agree with that statement.

Others have discussed the technical issues; I'll just note that absolute moral positions can be dangerous. It's one thing to do your best to minimize harm and inconvenience to bystanders. But refusing to accept any possible harm to bystanders...

Absolute moral positions can be dangerous. "Innocent until proven guilty in a court of law" is insanely dangerous. And yet entire societies base their legal systems on it.

But exceptions and mitigations that depend on whether you happen to particularly dislike the crime under discussion are even more dangerous. Because there's someone who will use that exception for some other misdeed, one that you don't take seriously, but they do.

Tell me. How much collateral damage would you say is acceptable when fighting spammers? Is it calculated as a proportion of the financial harm inflicted by said spammers, or do we go by percentage of annual income that the companies in question will lose?

Or is there no limit? Can the FBI do the equivalent of "kill all; God will know His own" and take everything from a company hosting a suspected spammer?

And why should these innocent businesses pay that kind of cost, rather than insisting that the FBI use more efficient policing methods?

#13 ::: Douglas Henke ::: (view all by) ::: June 24, 2011, 11:35 AM:

One response (which I'm surprised not to have seen mentioned in any of the 12 comments visible to me as I write this) is to avoid hosting in the US. On the Internet, the distance from New York to Brussels is 150ms.

There are still places which at least pay lip service to the notion of "rule of law", and where said law includes some passing nod to the idea of data protection as a thing which applies to individual human beings.

(Yeah, I know: So why does the URL in my post point to Hostmonster? I'm starting to think that's a really good question...)

#14 ::: john ::: (view all by) ::: June 24, 2011, 11:38 AM:

Bruce Baugh #6 The US constitution says "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

Nothing there says the "person or things" must be a suspected criminal or the property of a suspected criminal. Probable cause will cover all the places evidence of a specific crime might be, including plenty of places which - upon inspection - will turn out to be unrelated. I think this seizure is quite closely analogous to searching two or three or five separate back yards for a single crime weapon, which is clearly reasonable. (Householders are deprived of the use of their property for the time the search is going on, after all.)

For computer crime where remote access and remote wipe are possible, first you get physical custody of the server or servers (as laid out in the warrant and justified in court) and shut them down, then you take any data image, then you do the forensic audit on the static image. You can't either take an image or perform forensics on a running system because a) it changes the state of the system, destroying checksums and evidential value, and b) the software on the server may have a nonobvious data-destruction payload lurking somewhere.

Keeping material definitely known to be unrelated to the crime is, of course, unreasonable and illegal. Fortunately it doesn't seem to be happening.

#15 ::: abi ::: (view all by) ::: June 24, 2011, 11:52 AM:

Douglas Henke @13:

I did point out in the original article that the FBI explicitly emphasized the international reach of its powers. As Jones said,

Their efforts demonstrate that no matter the country, Internet criminals will be pursued, caught and prosecuted.

This is not to say that the FBI's claimed reach is its real reach. Different legal systems may well offer better protections. International hosting is certainly a good idea. Perhaps one day there will be "offshore" hosting the way there's "offshore" banking. Were I a small country with good infrastructure and a reasonably small latency to the US, I'd certainly consider whether it might be a new national industry.

#16 ::: Columbina ::: (view all by) ::: June 24, 2011, 11:58 AM:

The Pinboard guy is planning to dump DigitalOne as well, judging from his Twitter feed since the event, and made a remark at one point in the process (which he may have backed away from since then): "Thinking very seriously about moving servers to the EU after I get everything set back up."

#17 ::: eric ::: (view all by) ::: June 24, 2011, 12:12 PM:

John @ 14:

first you get physical custody of the server or servers (as laid out in the warrant and justified in court) and shut them down

With the rise of on disk encryption, that's actually changing. There's equipment now that can piggyback on a power cord long enough to get it plugged into a portable UPS, and 'wigglers' that will keep the system thinking that there's someone actively working at it. All to keep the machine from going to sleep/shutting down and removing the encryption keys from memory.

Also, the Pinboard guy, Maciej Cegłowski, is a great writer, well worth reading. Argentina on two steaks a day is a good place to start.

#18 ::: David Harmon ::: (view all by) ::: June 24, 2011, 12:15 PM:

abi #12:
"Innocent until proven guilty in a court of law" is insanely dangerous. And yet entire societies base their legal systems on it.

If you're talking about the USA courts, you're forgetting that only applies to the criminal justice system, for good reason, and specifically does not apply to the serving of warrants. Also, you're strawmanning up here.

Which ends up with you responding to my "It's one thing to do your best to minimize harm and inconvenience to bystanders", by inflating to "Or is there no limit?". Abi, that's uncalled for and beneath you.

If you consider posts Handslive #3, xeger #8, and john #14, you can see that there is no "surgical strike" option for this sort of case.

In such a context, to forbid any collateral damage whatsoever, means that cyberscammers, megaspammers, and other criminals operate with impunity, forever -- because they may be violating the laws of a dozen nations, but they'll have carefully arranged things so there's no way to touch them without affecting someone else.

If you declare "better that than than touch a single innocent customer", then you're just making the perfect the enemy of the good, and I can't argue with you.

#19 ::: Serge ::: (view all by) ::: June 24, 2011, 12:21 PM:

Well, that thread sure didn't take long to get where I thought it would.

#20 ::: Serge ::: (view all by) ::: June 24, 2011, 12:23 PM:

Abi @ 15... Were I a small country with good infrastructure and a reasonably small latency to the US, I'd certainly consider whether it might be a new national industry.

...at which point Prince Edward's Island secedes from Canada.
Coming soon on the Skiffy Channel... "Ann of Green Servers"!!!

#21 ::: abi ::: (view all by) ::: June 24, 2011, 12:25 PM:

OK, so given the technical situation, do the economic reasons that the FBI raid (and the possibility of others like it) has a chilling effect on freedom of speech matter less?

I still see "share a hosting provider with someone the FBI gets a search warrant for" being a road to to financial loss for an innocent business. Assuming arguendo that there is no way that the FBI could mitigate that effect with better technical solutions, is this just something businesses have to suck up? And, if they do, must we simply live with the damage that that will do to freedom of speech?

#22 ::: abi ::: (view all by) ::: June 24, 2011, 12:40 PM:

David @18:

I used "innocent until proven guilty" as an example of an absolute that is (a) pretty damn crazy, and (b) utterly necessary. It was a response to your assertion that moral absolutes can be dangerous, and your strong implication that they should not therefore be the basis of our beliefs or actions. The fact that it does not apply to the serving of warrants makes it no less dangerous and no less important.

My reaction to you is substantially based on the way that your comment at 3 carves out an exception for spammers, whom you're for "shutting down" with "extreme prejudice", as though that crime is somehow special. I have often seen that line of argument used to support the elision of rights and freedoms that we, as a society, value. I've never been comfortable with it.

If you declare "better that than than touch a single innocent customer", then you're just making the perfect the enemy of the good, and I can't argue with you.

Well, I am a "though the heavens fall, let justice be done" kind of person, yes. Perhaps that means you can't argue with me.

But it's worth understanding the mental model under which the law, as I understand it, operates. Picture a boat in a canal, with ropes to the towpaths on the left and the right. If the people on one side pull firmly and continuously, without opposition, the boat doesn't go forward. It hits the side of the canal. To go forward, it needs both sides to be pulling, in essential opposition to one another.

It is the job of law enforcement to go after crime, vigorously and energetically. But it is also the job of the citizen body to set the limits of their actions and enforce them with a matching vigor and energy. Because no one else is going to stick up for our rights if we don't.

#23 ::: Kelley Wegeng ::: (view all by) ::: June 24, 2011, 12:43 PM:

I hope some really brave hosting company decides to adopt a "bring it" policy wherein they pull a Cryptonomicon in the event of such. Or rather, I don't, but that's the only way I can imagine our freedoms remaining protected.

#24 ::: Seth Breidbart ::: (view all by) ::: June 24, 2011, 12:47 PM:

David Harmon (#2), I agree with shutting down spammers with extreme prejudice. I just don't see how seizing a handful of machines will do that. Seizing the spammers and making them secure[0] is what's needed.

john (#14): If the search warrant didn't specify that the FBI could seize whatever it wanted no matter who owned or was using it (or at least any rack containing anything that might be related to the criminals), then the FBI violated the Constitution (and the agents involved committed felonies).

eric (#17): It isn't that difficult to ensure that a system steps on its in-memory encryption keys if it's seized. Physical intrusion detection hardware (including motion sensor and GPS), plus requiring a crypto-secure heartbeat message over the Internet (with some tricks so that a different Internet connection fails the test) will at least add several orders of magnitude difficulty to the problem of acquiring encryption keys by seizing hardware.

abi (#21): The solution for a business is multi-hosting, in separate data centers (and, depending on paranoia level, countries).

0. The only way to make a system secure is to encase it in cement and sink it in the ocean.

#25 ::: David Harmon ::: (view all by) ::: June 24, 2011, 12:54 PM:

abi #21: Eventually, the smarter providers will be setting up to minimize the problems, as some already have. That means that some options in cloud design and the like just won't be viable, or will need their own solutions, but that's how these things work.

In the meantime, yes, this falls into the category of "random shit the world can throw at your business", right along with having someone drive through your display window, or other improbable incidents. I'll note that I'm increasingly jaded about "ultra-high-reliability" of services in general -- even the big boys can't seem to handle black swans.

#26 ::: Larry ::: (view all by) ::: June 24, 2011, 01:13 PM:

Marco of Instapaper has a podcast called "Build & Analyze" where he talks about this. He tends to take defeatist attitudes when dealing with legal matters in general but his take on it was pretty interesting. - http://5by5.tv/buildanalyze/30

As xerger@8 said, they appear to be using a blade chassis. I use them at work. You can't just pull a single blade if it is basically a VM plant for the various hosted servers in some configurations.

If they are using something like ESX and it is setup what would happen is the server would simply move to another blade and startup. Most of these chassis configurations are the same way. You'd need to manually migrate it and shut it down. But then you have a bunch of other issues. I suspect Digital One has not been fully forthcoming in what happened.

The bigger thing here is the fact that the laws are lagging behind the tech. Our current laws cannot handle virtual machines, or cloud computing. which is where all hosting has been moving for the last few years.

#27 ::: Tom Whitmore ::: (view all by) ::: June 24, 2011, 01:27 PM:

A great deal of the constitutionality of this sort of seizure is whether it's reasonable or not. The discussion here about what hardware was involved is an attempt to tease out whether it was -- and there's a fair amount of evidence indicating that it might well have been. In some ways, it's as if the spammers are using civilian corporations as "human" shields, without the problem that they get actually killed (service interruptions are not the same as destroying the company, though there's a chance it'll have that effect -- some of the affected companies are certainly remaining well enough to change their servers).

I don't know enough to say whether the seizure falls in the "reasonable" category. I know more than when I started reading this thread, however.

#28 ::: Bill Stewart ::: (view all by) ::: June 24, 2011, 01:52 PM:

Bruce@6 - The American constitution does say quite clearly that they shouldn't suffer this kind of loss. Period. Furthermore, there are very specific protections in the law for journalistic works in progress, which were enacted in response to the Steve Jackson Games raid (or maybe one of the subsequent raids; it's been a while) that seized mail servers that were being used by people besides the target. And there are also procedures that the Feds have published about copying suspect data from seized systems and returning the originals, though those may have fallen by the wayside and certainly aren't being used by the Customs laptop-seizers.

This strikes me as another of those cases of "Malice or incompetence? Why not both!"

#29 ::: Bill Stewart ::: (view all by) ::: June 24, 2011, 02:10 PM:

Abi @ 15... Were I a small country with good infrastructure and a reasonably small latency to the US, I'd certainly consider whether it might be a new national industry.

Unfortunately, the Netherlands has been recently been buying into the "Data Retention Laws" for ISPs and similar surveillance concepts. Before that they were a good location, and in general it makes sense to put facilities into multiple countries so you at least don't have all your stuff hit at the same time, whether the failure is from clumsy police or earthquakes.

Serge@20 ...at which point Prince Edward's Island secedes from Canada. Coming soon on the Skiffy Channel... "Ann of Green Servers"!!!

Arrgh, no! Back in the 2000s Canada was trying to promote call center business as a way of providing employment to former fishing villages and similar locations. On the surface it makes sense - literate work force that speak English well. And then you look at the problems of providing enough physical diversity to the call centers to make your customers happy, and find that the facilities are designed to support the needs of a fishing village. There does appear to be some cable diversity getting off of PEI, though we were never sure how real that was, and from there you can go down to Halifax or up to a railroad route to Montreal, but of course there's only one telco office in Charlottetown, so that's a single point of failure, and they'd have to build an access ring to the office building where the call centers were going to be, which didn't appear to have actually occurred to anybody. And most of the areas they were trying to promote had issues like that (even if they weren't islands), and while some of them had service from the newer carriers, a lot of them had really old technology that Bell Canada had never bothered upgrading because there wasn't any demand.

#30 ::: heresiarch ::: (view all by) ::: June 24, 2011, 02:21 PM:

David Harmon @ 2: "Yes, this is an unusual position for me to take, but I'm very much in favor of shutting down spammers with extreme prejudice."

Didn't we just have a thread about the extreme stupidity of declaring a crime so outre as to justify any legal response whatsoever, and how it all goes horribly wrong?

abi @ 4: "It will soon become like trying to get a warrant for the physical handset on which a telephone conversation took place, rather than the content of the conversation."

This is the most interesting facet of the story to me--technological change is clearly outpacing the law here. We can't even agree what the proper analogy is--is this case like law enforcement temporarily shutting down a legitimate business because it, through no fault of its own, was the site of a crime? Or is it like shutting down an entire floor of an apartment building, inconveniencing dozens of residents, because one apartment housed a criminal?

Law works by a combination of precedent and legislation, neither of which are particularly nimble. Computer technology is changing faster than legislatures can pass laws, and as it changes, analogies back to settled precedent become increasingly comical and misguided. The legal norms relating to technology increasingly mismatch the reality, and I feel they are entering a phase of constant asynchronicity. That means law enforcement is going to have to invent new standards as they go, and I'm rather sure they'll tend to maximize their own power. As you ask, who will tug the other way?

#31 ::: Nancy Lebovitz ::: (view all by) ::: June 24, 2011, 02:28 PM:

Iceland is a data haven. I don't have any idea how complete the protection is.

#32 ::: Neil in Chicago ::: (view all by) ::: June 24, 2011, 03:07 PM:

Bruce Baugh @ 6
((cue laugh track))

“The Constitution may have its problems, but it beats the hell out of what we have now.”

#33 ::: Neil in Chicago ::: (view all by) ::: June 24, 2011, 03:10 PM:

If the cops had a warrant for a specific physical street address, and brought a squad to simultaneously kick in the doors of every house on the block, there would be repercussions.
As soon as there is a case like this (I take it for granted that this is neither the first, nor will be the last, example of such imbecilic vandalism) that gets explained to the judge, there will be a cause celebre.

#34 ::: Kevin Riggle ::: (view all by) ::: June 24, 2011, 03:15 PM:

Nancy @31: The legal protections are interesting and fairly comprehensive, but the case of Bergitta Jonsdottír suggests that there are deeper problems.

Your data in the country can be as safe as you like, but as long as you host any of your data outside of the country (with eg. Google or Twitter or Yahoo), the US has potential access to it.

As long as Iceland wants to remain friendly with the US, the US will have leverage over them in ways that can be used to hurt you. If Iceland becomes no longer friendly with the US, the US will have *different kinds of* leverage over them, of course.

Additionally, there are only $SMALLNUM cables off the island, so there are a small number of points of control, and the people (telcos) who run them may be (are) susceptible to US leverage. And the TSA is another factor, as physical access is your last trump card, and they can make getting to your box exciting.

Iceland is better than other places, surely, as the Wikileaks people are demonstrating, but it's not the techno-anarchist utopia some people dream it is. This is not Islands in the Net. (Well, okay, maybe it is, at least the later bits of it where the data-havens' protections are shown to be... seriously flawed.)

#35 ::: Jacque ::: (view all by) ::: June 24, 2011, 04:35 PM:

Seth Breidbart @24: The only way to make a system secure is to encase it in cement adamantium and sink it in the ocean.

FTFY. While the ocean floor location slows retrieval, the cement casing is vulnerable to anyone with a pickaxe and sufficient patience.

#36 ::: Serge ::: (view all by) ::: June 24, 2011, 05:27 PM:

Bill Stewart @ 2... the facilities are designed to support the needs of a fishing village

Hook, phone line and sinker?

This reminds me how my friend Elisabeth, up in Chicoutimi, never could send emails to my work address. Apparently there was a lot of spam originating from up there. Or maybe it came from a phishing village.

#37 ::: Charlie Stross ::: (view all by) ::: June 24, 2011, 05:57 PM:

Marco Arment, the founder of Instapaper, blogged today that they now have their server back. Logs indicate that its drives weren’t booted into the OS during its absence.

They wouldn't be.

My understanding is that law enforcement, to preserve the chain of evidence, don't boot computers they've seized. Instead, they pull the disks (and controllers) and image them, archive the images as evidence, then clone the imaged onto an identical hardware chassis and boot that for forensic examination if they need to watch it start up.

(More likely they don't even do that; they stick a copy of the image in one of their own machines, mount the filesystems, and use their own forensic tools to scan it for suspicious stuff.)

For all Marco knows the FBI have taken an exact copy of his server and are pulling it apart in their labs right now. But probably not. (He's not their target, and the whole point of Instapaper is that it digests web pages down into pure text and throws away the images and javascript -- the stuff the FBI is most interested in[*] is vanishingly unlikely to be there.)


[*] I would expect them to scan any seized filesystems for known child pornography images, malware distribution pages, lists of stolen credit card numbers, and possibly DVD disk images of top-grossing movies. Stuff they can prosecute for possession or distribution of, in other words.

#38 ::: David Harmon ::: (view all by) ::: June 24, 2011, 06:29 PM:

abi #22: Though the heavens fall, let justice be done

And what of justice for those victimized by these scareware scammers (not just spammers)? Is that worthless because the investigation didn't magically extract the right data without inconveniencing anyone else?

#39 ::: Jules ::: (view all by) ::: June 25, 2011, 02:35 AM:

Charlie @37: "My understanding is that law enforcement, to preserve the chain of evidence, don't boot computers they've seized. Instead, they pull the disks (and controllers) and image them, archive the images as evidence, then clone the imaged onto an identical hardware chassis and boot that for forensic examination if they need to watch it start up. "

Yep. Which makes me wonder, why is it necessary to perform the seizure in the first place? Why don't law enforcement turn up on site with digital forensics experts and independent witnesses, shut down the systems, make their cloned disk images, and then leave the original equipment in place? Such a process would be less disruptive to everyone, and the evidence it provided would be just as good, as far as I can see.

#40 ::: Damien Neil ::: (view all by) ::: June 25, 2011, 03:20 AM:

Jules @39: Transferring all the data off of a 2TB drive will take several hours under optimistic conditions, and there could be a lot of drives in a rack of servers. There may well be better options available to the FBI, but I'm not surprised that they would want to move the hardware to their own facility for the operation.

#41 ::: abi ::: (view all by) ::: June 25, 2011, 04:56 AM:

David @38:
And what of justice for those victimized by these scareware scammers (*not* just spammers)? Is that worthless because the investigation didn't magically extract the right data without inconveniencing anyone else?

First off, "magically"? On the subject of uncalled for and beneath the participants of this discussion...that is.

Secondly...it's worth being clear that I am not putting Instapaper above the victims of the scammers*. I am putting the systems of justice by which the police operate above any particular set of victims.

I moved to the UK in the immediate aftermath of the Guildford Four acquittals. I had not yet left when they shot de Menezes. I know what happens when the police don't have to watch out for collateral damage or take good care how they collect evidence. It's not pretty, and it's not good for either the police or the society the police are trying to protect.

The reason we have rules of evidence is because, without them, the police will do whatever they feel they have to to get the person they think is guilty. Sometimes, as in both the Guildford Four and de Menendez, the damage is in "think is guilty". But sometimes, it's in "whatever they feel they have to". And the two clauses break in parallel; once it's OK to elide the rules, there's always a good and pressing reason for the next elision. There's always an innocent victim this time whose needs are more important than the cold abstractions and absolutes on which the legal system is based.

Ever heard the saying hard cases make bad law? That's a piece of the same thing.

Third of all, I think it's clear from the thread that the FBI had better develop some new techniques to deal with the new realities of hosting. But pressure on the FBI to develop less disruptive techniques to extract data doesn't come from nowhere. It comes from attention being paid to the costs of their current methods. That's what I'm doing here: paying attention to those costs, highlighting the secondary and tertiary effects.

Secondary effects: Businesses go dark, lose money. Some of them change web hosts. Is that an acceptable cost? Probably. Power outages and technical failures happen, too.

Tertiary effects: Controversial businesses can't find web hosting, because neither the host nor the host's other customers want to suffer the secondary effects if they're avoidable. Is that acceptable?

I don't think so. Not because I worry about spammers and scammers, but because it's not just spammers and scammers who will be caught in that net. And some of the people who are entangled, who go dark, are going to be important people with important but unpopular things to say. And this isn't an abstraction. I cited an example of an organization that struggled to get a web host. I'm entirely confident that there are many more, smaller, quieter examples.

If those effects are wrong, and I believe they are, then the way to avert them is to push back against the thing that causes them and advocate that it be fixed. That's what I'm doing.

----
* There's potential here for an interesting and complicated narrative about the hipsters who use Instapaper, Pinboard and Curbed verses the more naïve people who are the stereotypical victims of these kinds of scams. It's not true; quite ordinary people use the former service, and very sophisticated users can get end up in the latter group. I don't think it's flavoring this discussion, but I'm declaring here so it doesn't start doing so.

#42 ::: John A Arkansawyer ::: (view all by) ::: June 25, 2011, 09:09 AM:

I know the technology involved, having maintained several HP blade enclosures and put together the last one we bought.

abi is right, all down the line, from beginning to end. I'm going to join her in pushing back, to the extent that I can bear it.

But like the poor schmoe in Night by Night, I don't know that I have the heart to lose another fight.

All my adult life, I've been watching the systematic destruction of the protections provided by the rules of evidence*, in cases and situations where the issues were clear and easily explicable, and it's been a consistently losing fight.

This one is a hard case and it is going to make bad law.

I'm not going to make that sort of downer prediction again. It's not good to dwell on if you're determined to fight anyway. Gramsci wrote from prison about pessimism of the intellect and optimism of the will, and I guess that's what I'm advocating.

*and by rule of law and by the constitution generally, in the sense of protections which bear on all people. The advances we've been making have been bringing classes of people formerly discriminated against under what protections remain.

#43 ::: Charlie Stross ::: (view all by) ::: June 25, 2011, 10:46 AM:

Jules @39: in addition to the aforementioned problem with copying terabytes of data, they can't allow the servers to shut down normally -- there may be panic scripts hidden on them by the unscrupulous that will scrub incriminating files if they're not shut down in just the right way.

SOP -- again, my understanding of it -- is to abruptly pull the power cable, then image the (not checked, possibly corrupt) filesystems. Fixing a modern journaling filesystem from such a "dirty" image isn't hard and avoids any risk of time bombs.

#44 ::: John A Arkansawyer ::: (view all by) ::: June 25, 2011, 11:26 AM:

Charlie @ 43: In theory, I suppose they could pull every other drive out of a RAID 1 array and carry those off. That'd leave the system in a very dangerous but running state, plus the performance hit when you stick the blank drives in to restore the mirror.

#45 ::: David Harmon ::: (view all by) ::: June 25, 2011, 11:52 AM:

Abi #41: Complaining about my "magically":

Well, how would you go about serving a warrant against the scammer's servers in a blade farm, without interrupting service for any other customer? But also remembering that (1) the hosting provider may be a conspirator, and (2) the suspect may have booby-trapped the server?

Third of all, I think it's clear from the thread that the FBI had better develop some new techniques to deal with the new realities of hosting.

Given both historical precedents and technical realities, the "new techniques" are likely to take the form of regulating the architecture of hosting providers, or at least demanding "easy-open" back doors.

#46 ::: John A Arkansawyer ::: (view all by) ::: June 25, 2011, 11:57 AM:

David @ 45:

Well, how would you go about serving a warrant against the scammer's servers in a blade farm, without interrupting service for any other customer?

A fair question, but to put it differently, why isn't that the FBI's problem rather than the customers'?

#47 ::: albatross ::: (view all by) ::: June 25, 2011, 12:23 PM:

I think there are three related issues here:

a. There's the collateral damage done by FBI raids. How big a deal this is mainly is determined by how common the raids are, and how much damage is done to bystanders. If the raids are rare and the damage is a day or two of unscheduled downtime, it's probably manageable. If the raids are common and the damage is often wrecking the business, then there's a serious issue there.

What we want here is for the FBI to take the likely collateral damage into account, and only do raids that result in a lot of it for serious crimes that can't be dealt with another way. This is almost exactly the same concern I have with SWAT team raids. I get that there are situations where the only sensible thing to do is send a whole bunch of armed, armored guys into every opening in the building, tossing flash-bangs and trying to quickly rescue hostages and disable or kill anyone threatening. But there's enough chance of killing bystanders that this should only be done in very rare situations, not (as often happens) to search the homes of alleged small-time drug dealers.

b. There's the chilling effect, if (for example) socially or politically unacceptable sites tend to get raided. If the gay bondage porn site, the white supremacist site, or the Wikileaks mirror are subject to raids that involve shutting down everything else in the datacenter, that becomes a practical force for making it harder for those sites to get hosting.

c. There's the use of the inconvenience as a method of punishment or retaliation. For example, if I can seize all your computers for months or years, I can cost you several thousand dollars, can shut down your business and deprive you of a livelihood. This can be and has been done as a form of harassment, notably to some Wikileaks supporters in the US when crossing borders. It can be useful not only in harassing people you don't like, but also in silencing critics and in applying pressure to get people or companies to cooperate with you. All those things have happened with existing tools available to police, prosecutors, and the US federal government at different times.

#48 ::: abi ::: (view all by) ::: June 25, 2011, 12:27 PM:

David Harmon @45:

"Magically" was still inappropriately snarky. There are plenty of civil ways to say what you wanted to say. But John @46 is correct. The FBI has many people with much more technical expertise than I do. And the burden is very much on them to provide a solution.

But one approach would be to fail the other servers in the enclosure—those not suspect—onto blades in a separate frame, and then take away the targeted one. (This assumes a heck of a lot about the hardware and the OS, which I don't know, but it's not rocket science or a bleeding-edge technical problem.)

I do also think that you overstate the likelihood of collusion both in reality and in the FBI's thought processes. Do they assume that the telephone company is in league with a criminal when they wiretap his phone? Not so much.

If the FBI have probable cause enough to include the host in their warrant, then they should be casting the net very differently than if they do not.

#49 ::: Ingvar M ::: (view all by) ::: June 25, 2011, 03:04 PM:

Martin Haywood @ #7:

They do make copies. Most of the forensic process is done using (verified true) copies of the hard disks. That is, however, not evidence, merely artifacts of evidence. The true evidence is the original hard disk, but you take copies to work on, because (some) steps in the investigation MAY modify the bits.

So, taking the whole hardware does make sense from the way the case law is (or, at least, to the best of my understanding of the case law).

No, I am not in any legal profession, nor am I a forensic investigator. I do, however, read up on the matter once in a while, as I find it interesting (and it has occasionally given me ideas for recovering data off broken servers and thus saved an awful lot of hassle).

Jules @ #39:

Fore "purposes of analyzing", yes. For the purpose of providing evidence in court, they need to be able to provide the original seized hardware (or, at least, that is how I've understood things; see discussion above).

#50 ::: Dave Bell ::: (view all by) ::: June 25, 2011, 03:41 PM:

While I'm all for individual law enforcement officers having personal liability for their misfeasance and malfeasance, it sometimes feels as though these persons are scapegoats for the organisation.

#51 ::: abi ::: (view all by) ::: June 25, 2011, 03:55 PM:

Dave Bell @50:

Out of curiosity, whom are you responding to?

#52 ::: David Harmon ::: (view all by) ::: June 25, 2011, 07:19 PM:

abi #48: I'll cop to on the snarkiness charge, especially since you did respond to my challenge.

You yourself note that your method implies a lot about the provider's architecture; I suspect that any such method will have such implications, different for each method. It still seems to come down to mandating that hosts use an architecture that can support LEO seizures. They did it with the old and new telecoms, I see no practical barrier to doing it with cloud providers.

Albatross #47 said a lot of what I've been too inarticulate to assemble; I'll add that downtiming a company for a few hours balances a lot lighter than risking someone's life in a shootout.

#53 ::: Antongarou ::: (view all by) ::: June 26, 2011, 01:24 AM:

One way I can think to easily pressure the FBI about collateral damage is suing them for damages. I know next to nothing about US law, so I don't know if it's a viable option, but if the FBI has to pay each time they create such collateral damage without being able to show good cause, I suspect they will be very motivated to lower that damage to minimum.

#54 ::: Heather K ::: (view all by) ::: June 26, 2011, 05:31 AM:

Well, I suppose Steve Jackson Games v. United States Secret Service might serve as a precedent.

#55 ::: David Harmon ::: (view all by) ::: June 26, 2011, 07:45 AM:

Antongarou #53: And yes, I'd say that suing law-enforcement for damages is entirely fair. That, after the raid, is when there's time and a hope of balance, for asking "hey, did they really need to take servers B and C?"

#56 ::: Nancy Lebovitz ::: (view all by) ::: June 26, 2011, 08:08 AM:

#53 ::: Antongarou:

Suing for monetary damages does happen-- I've read about it in regards to police and court bad behavior. I haven't heard of anyone suing the FBI, but it may well be possible.

However, there are cities that pay out large sums per year in court awards, and it doesn't change institutional behavior.

I'm pretty sure that the only thing which does that is politics, and so far as I know, outrage at abuses can drive politics, but the money doesn't.

#57 ::: Prefer to keep this slightly tricky to trace ::: (view all by) ::: June 26, 2011, 01:28 PM:

I work (in IT) for a law firm. Much of the data we possess is subject to attorney-client privilege.

Because such privilege is absolute, even with a warrant, the FBI or other police would not be entitled to access that data without the consent of the relevant client.

Every time I've spoken to a cloud service provider, I've asked them to make a clear statement that they would tell an FBI agent with a warrant to get lost. Not one has ever been prepared to say so.

There is a pretty good chance for a lot of hosts that they have got privileged data - either emails from a client to their attorney or vice versa, for example - on their systems, and that they are therefore under a legal obligation to resist any warrant.

We prefer to keep the data under our direct control to ensure that our lawyers don't get struck off for breach of privilege and so that we can resist a warrant.

#58 ::: Devin ::: (view all by) ::: June 26, 2011, 02:14 PM:

@57

Well, you guys also have a much better chance at resisting a warrant successfully.

I don't think Blades'R'Us is going to get very far with the FBI arguing that there's privileged data somewhere in that datacenter and they can't let the FBI in (maybe if it seems likely that the warrant covers privileged data, but I don't see the feds listening if they have a warrant for non-privileged data, y'know? Seems like a good way to lose a door.) Knocking on a law firm's door, on the other hand...

#59 ::: Dave Bell ::: (view all by) ::: June 26, 2011, 04:48 PM:

Abi @51

Yes, Heather K. does point out one instance that came to my mind. Here in the UK, several major accidents/disasters have developed the idea of Corporate Manslaughter: there's some of the same issue of personal and collective responsibility there. Entangled with this is the workplace safety law. It helps if you at least try to get employees to work safely and use the right equipment.

#60 ::: Jacque ::: (view all by) ::: June 26, 2011, 06:27 PM:

Prefer @57: Heh. That actually suggests a useful sideline for law firms as data hosting service.

Actually, I wonder if a data hosting specialization has/will evolve specifically and explicitly catering to privileged data.

#61 ::: bryan ::: (view all by) ::: June 27, 2011, 10:26 AM:

'Absolute moral positions can be dangerous. "Innocent until proven guilty in a court of law" is insanely dangerous. And yet entire societies base their legal systems on it.'

When you say entire societies base their legal systems on it do you mean that entire societies claim to base their legal systems on it or that entire societies actually practice it, if the latter which societies do you believe actually do this? I suppose at this late date that nobody really believes that the U.S practices what it preaches?

#62 ::: abi ::: (view all by) ::: June 27, 2011, 11:55 AM:

bryan @61:

There's a distinction between the legal system, in the sense of the body of laws which govern the society, and the real-world choices around the enforcement of those laws.

US laws, along with the laws of many other countries, are based on the idea that you can't punish anyone until you've figured out that they're guilty. Those laws are the reason that Guantanamo Bay has such a population of gentlemen in natty orange one-piece garments. (Those laws are under assault, as Messrs Manning and Reid, intra alia can testify.)

In other words, American practice varies from its principles. I think this is a bad thing. Indeed, that's why I reacted so strongly to the implication that the police should be able to be a little casual about their search procedures if the crime (email scamming) were sufficiently vexatious. Because that's how we get from the principle to current practice.

But to shrug it off cynically and say, "Meh, that's what you get in America" pretty much robs one of the moral force to demand that the US do it better.

#63 ::: Terry Karney ::: (view all by) ::: June 27, 2011, 04:46 PM:

john (@14). I think this seizure is quite closely analogous to searching two or three or five separate back yards for a single crime weapon, which is clearly reasonable. (Householders are deprived of the use of their property for the time the search is going on, after all.)

It may be commonsense reasonable, but if a warrant was issued, and didn't list all the properties, it's not a legal search.

Moreover, there are parallels in the present. If I rent a room, and the police have a warrant to search my landlord's property... the portion I rent is not covered in the warrant. If they intrude to my private spaces (which may include defined areas of open space, such as a shed or garage) they are in violation of the warrant.

David Harmon: I don't know that I'd describe this as improbable. Given the broad scope of warrants for electronic search, and the ways in which data moves/gets stored, the specific odds may be small, but the repercussive effects are huge. The coffee shop in my plaza had a car plow through the window/wall. It cost them about three hours of business.

That's a whole lot different from the effect of a police agency having all of one's client's data in their offices; and depending on their good faith to do nothing with it.

The tech vs. law question isn't new (the first "roving" wiretap was meant to deal with the use of public telephones, and allowed the police to tap the calls a person was on, not the phone in question). The question of tracing counterfeit monies has always been a game of pre-emptive catch-up, with almost all of the features of our coinage being vestiigal aspects of the time when coins were valuable; in their own right.

re suing for damages: If the FBI had a facially valid warrant the are immune to lawsuits under the, "acting in good faith" protections of the caselaw interpretations of the doctrine of sovereign immunity.

#64 ::: bryan ::: (view all by) ::: June 28, 2011, 04:52 AM:

'But to shrug it off cynically and say, "Meh, that's what you get in America" pretty much robs one of the moral force to demand that the US do it better'

To say that the U.S is immoral does not rob one of moral force. However as I have no rights in America I expect that I do not have any force whatsoever to demand that it does better. What pointing out that the U.S does not have any moral stature provides one is the moral force to demand that one's own government not bow to American demands.

#65 ::: Serge Broom ::: (view all by) ::: June 28, 2011, 07:11 AM:

bryan @ 61... I suppose at this late date that nobody really believes that the U.S practices what it preaches

My America should indeed do better, but need I ask if other countries are themselves without this flaw?

#66 ::: john ::: (view all by) ::: June 28, 2011, 08:02 AM:

Terry Karney @ 63 Yes, my analogy was imperfect (I think I was confusing the concepts of hot pursuits and/or reasonable cause with those of the search warrant and probable cause).

Would a better analogy be a valid search warrant served on an accountancy firm, or other business service firm, for printed records relating to a specific business and/or person? To serve such a warrant will involve a) suspending the accountant's normal business in at least one office for some period of time, however short, and b) a police examination, however brief and cursory, of the other records present in the office - I see no way to exclude records unrelated to the warrant without examining them!

(Incidentally I think courts willing to treat police claims sceptically, robust investigative journalism, and other social contexts are at least as important as the written law to prevent police and executive abuses. This does not necessarily fill me with optimism. On the other hand I have just learned that the UK's Independent Custody Visitors - like prison visitors but for police cells between arrest and charge - have a remit which explicitly includes all terrorist suspects, and multiple people currently have full security clearance to visit any such suspects. So hopefully there'll be no more "falling down stairs".)

#67 ::: Paul A. ::: (view all by) ::: June 28, 2011, 09:30 AM:

Bill Stewart @ #29:

In other words, before we can have Serge's "Ann of Green Servers", we need the intervention of Ann of Green Cables.

#68 ::: abi ::: (view all by) ::: June 28, 2011, 09:47 AM:

john @66:

The problem with your analogy is that the FBI also stopped other clients of the accountancy firm from doing business, or at least materially hampered their ability to do business, for the duration of the search.

#69 ::: SamChevre ::: (view all by) ::: June 28, 2011, 09:57 AM:

The problem with your analogy is that the FBI also stopped other clients of the accountancy firm from doing business, or at least materially hampered their ability to do business, for the duration of the search.

Which is, I will note, the way that the investigative agencies generally pressure accounting firms--"you can co-operate, or we'll investigate ALL your clients and publicize that we're doing so." It's been a really effective way of keeping accounting firms from, for example, letting their (former) employees have access to the materials they relied on in their work so they can use them in their own defense.

I will note that I consider this abusive behaviour in both cases. Tom Kirkendall has done a great deal of writing on this subject under his category criminalization of business

#70 ::: Jacque ::: (view all by) ::: June 28, 2011, 12:38 PM:

john @66: robust investigative journalism

I've heard The Press (back in the days before the oligarchical take-over) referred to as The Fourth Branch of government. (Separate from, but in its way as important as, Executive, Judicial, and Legislative.)

I think we could do very well to return to this idea. (In fact, I kind of feel this is the function the blogosphere is serving these days.)

#71 ::: bryan ::: (view all by) ::: July 01, 2011, 01:16 AM:

"My America should indeed do better, but need I ask if other countries are themselves without this flaw?"

I am of the opinion that the bigger and more important a country becomes the less likely it is to follow the noble words that supposedly guide it.

I live in a small country, but not one that is small enough that I would feel confident it practices what it preaches.

#72 ::: Mycroft W ::: (view all by) ::: July 04, 2011, 01:26 PM:

Well, America Should Do Better, and it's becoming clear that ideals make very handy words to kill discussion, and that's about it - here and in other places.

That doesn't mean that I'm discouraging "fight the good fight", not at all. But I think that's the fight that needs to be made, first, in addition to the real good fight.

But I really hit send to say it's "'Anne of Green Cables' with an E", #20, #67.

#73 ::: P J Evans ::: (view all by) ::: July 04, 2011, 01:40 PM:

One other issue here is that the FBI is notoriously bad at anything involving computers and higher tech; I suspect it's left over from the days of J Edgar Hoover, but not understanding the technology we live with is now a liability for them.

#74 ::: Paul A. ::: (view all by) ::: July 06, 2011, 08:32 AM:

Mycroft W @ #72:

I'm going to take the coward's way out and blame it all on Serge. "I thought it was Anne-with-an-E, but I assumed Serge would know what he was talking about! You can't pin any E thing on me!"

#75 ::: Serg(with an E) Broom ::: (view all by) ::: July 06, 2011, 09:01 AM:

Paul A @ 74... I assumed Serge would know what he was talking about

What fools these mortals be.

#76 ::: Tracie sees spam ::: (view all by) ::: July 08, 2014, 12:05 PM:

From "someone" who spells "her" name differently.

Welcome to Making Light's comment section. The moderators are Avram Grumer, Teresa & Patrick Nielsen Hayden, and Abi Sutherland. Abi is the moderator most frequently onsite. She's also the kindest. Teresa is the theoretician. Are you feeling lucky?

Comments containing more than seven URLs will be held for approval. If you want to comment on a thread that's been closed, please post to the most recent "Open Thread" discussion.

You can subscribe (via RSS) to this particular comment thread. (If this option is baffling, here's a quick introduction.)

Post a comment.
(Real e-mail addresses and URLs only, please.)

HTML Tags:
<strong>Strong</strong> = Strong
<em>Emphasized</em> = Emphasized
<a href="http://www.url.com">Linked text</a> = Linked text

Spelling reference:
Tolkien. Minuscule. Gandhi. Millennium. Delany. Embarrassment. Publishers Weekly. Occurrence. Asimov. Weird. Connoisseur. Accommodate. Hierarchy. Deity. Etiquette. Pharaoh. Teresa. Its. Macdonald. Nielsen Hayden. It's. Fluorosphere. Barack. More here.















(You must preview before posting.)

Dire legal notice
Making Light copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 by Patrick & Teresa Nielsen Hayden. All rights reserved.