Reports from news outlets (NY Times, CBC) suggest that the target of the FBI raid was Lulz Group, a hacker organization that are allegedly responsible for some high profile hacks such as Sony and, possibly, the CIA.
Regardless of the target, the FBI's tactics have been criticized as being heavy handed, though they may be justified in that the target was a purported hacker ring who may have had various assets stored on adjacent equipment hosted by their data center provider. While I am not a lawyer, it is incumbent on the FBI to ensure that all private information remains private and that it is not disclosed publicly, by accident or by design; the warrant should limit their investigation to information that is relevant to the target.
I will continue to look for information related to this event and will post more as it becomes available.
The Case for Cloud is an ongoing discussion about cloud computing and how it impacts business and the economy.
Jun 28, 2011
Jun 22, 2011
FBI raids data center in the US
Yesterday, the FBI reportedly raided a data center in Reston, Virginia, (unknown at this time but Verizon, CoreSite, Net2EZ, DFT, Quotecolo, and others have facilities in the area), as reported in the NY Times Bits blog.
The interest in the legal aspects of cloud computing has been a very important topic of discussion and debate over the past couple of years. The most obvious case is the use of the PATRIOT Act to obtain information and data from service providers and how that could impact the privacy and confidentiality of data.
The main issue with PATRIOT is that the subpoena is secret and, as such, not subject to challenge by the target, presumably to protect the nature of the investigation when ferreting out terrorists or their supporters. Every service provider/vendor I've spoken with has claimed that they will (paraphrasing) "comply with the letter of the law" while "vigorously defending their customers' rights". While it is not clear which data center provider was raided nor what their actions were (comply with defense or simply comply) is unknown.
The bottom line is that the FBI used a heavy handed approach when investigating a single organization (Lulz Security group, according to the NYT). And it is this very approach that is cause for concern to foreign governments and other organizations such as financial services companies and the principal reason behind reluctance to put data in the cloud. Or anywhere in the US now.
Thanks to those who Tweeted and Retweeted about this to make us all aware of the situation. I will try to find additional information and post as it becomes available.
The interest in the legal aspects of cloud computing has been a very important topic of discussion and debate over the past couple of years. The most obvious case is the use of the PATRIOT Act to obtain information and data from service providers and how that could impact the privacy and confidentiality of data.
The main issue with PATRIOT is that the subpoena is secret and, as such, not subject to challenge by the target, presumably to protect the nature of the investigation when ferreting out terrorists or their supporters. Every service provider/vendor I've spoken with has claimed that they will (paraphrasing) "comply with the letter of the law" while "vigorously defending their customers' rights". While it is not clear which data center provider was raided nor what their actions were (comply with defense or simply comply) is unknown.
The bottom line is that the FBI used a heavy handed approach when investigating a single organization (Lulz Security group, according to the NYT). And it is this very approach that is cause for concern to foreign governments and other organizations such as financial services companies and the principal reason behind reluctance to put data in the cloud. Or anywhere in the US now.
Thanks to those who Tweeted and Retweeted about this to make us all aware of the situation. I will try to find additional information and post as it becomes available.
Subscribe to:
Posts (Atom)