Indymedia case shows embarrassing levels of snooping
V3.co.uk, 11 Nov 2009
A
test case fought by the Electronic Frontier Foundation (EFF) has shown the
extent to which the US government is willing to bend the law in its quest for
data it wants.
Indymedia is a news aggregator for left-wing and libertarian writers and on 30 January one of its volunteer administrators Kristina Clair received a grand jury subpoena from the Southern District of Indiana federal court.
The subpoena demanded all IP traffic to and from the site for a particular date, including "IP addresses, times, and any other identifying information". It also included a gagging order to prevent Indymedia from discussing the request.
The subpoena was made under the Stored Communications Act (SCA) but after Indymedia went to the EFF for help it discovered that the SCA does not allow such broad searches, or the gagging order that accompanied the request.
“In sum, without any legal authority to back up their purported gag demand, the government ordered Ms Clair not to reveal the existence of the subpoena, a subpoena that as already described was patently overbroad and invalid under the SCA,” said the EFF in its report on the matter.
“This is exactly the kind of unjustified demand of silence that creates a fog around the government's often-overreaching surveillance activities. How many other subpoena recipients have remained silent over the years in response to such bogus demands, and how many of them violated their users' privacy by handing over data that the government wasn't entitled to?”
When contacted, the government first threatened to go to court to enforce the gagging order, before backing down and dropping the subpoena. It's not clear who was responsible for the request, as the subpoena was issued before the Obama administration was fully sworn in.
The case highlights not only the government's tactics but also its ability to trawl databases in the country for information that it wants. Under US law, the government can access any information on servers within national borders.
This raises serious questions about the future of cloud services in the US. For example, with all Google's main server facilities in the US, users of Google Apps may not have the security they expect.
Visit our dedicated Summit web site for more breaking news, views, analysis and video on the topic of Information Overload.
Campaign group argues that proprietary software invades users' freedoms
Phone supplier collects daily data on the whereabouts of its users and their application use
Legal action dropped after suit from Electronic Frontier Foundation
Storage-as-a-Service:
Best efforts or best practice?
IDG research: IT professionals understand the fundamentals of managing and
protecting data, but do not apply best practices
The
seven security myths of Microsoft Windows 7
It is essential to separate myth from reality about the built-in security of
Microsoft’s latest offering
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you thousands of white papers, case studies and analyst reports.
Enterprise social networking tool to be available on the go
Hotly anticipated device to retail for £429 SIM free from...
Do you agree?
Have your say on this article