Large Ontario DC busted for hosting petabytes of child abuse material
18 million dollars revenue in three months so certainly pretty large sized. Any idea which DC this is? http://motherboard.vice.com/en_ca/read/police-could-charge-a-data-center-in-...
Don't know who this is but the legalities are pretty clear I think. The DC is not required to know what data is stored but if the cops can prove that someone DID know what was stored, that person can be criminally charged. IANAL but I have worked with LE on a similar case and that is how it was explained to us by the FBI. It will be hard to prove anyone knew however since anyone that knew and did not report it committed a crime. Charging the company will be a stretch unless they can prove that at least one corporate officer knew. Otherwise the company will fire whichever employee knew and say "He should have told us". This is all about who knew what and when. Steven Naslund Chicago IL
18 million dollars revenue in three months so certainly pretty large sized.
Any idea which DC this is?
http://motherboard.vice.com/en_ca/read/police-could-charge-a-data-center-in-...
On Mon, Mar 02, 2015 at 05:53:33PM +0000, Naslund, Steve wrote:
Don't know who this is but the legalities are pretty clear I think. The DC is not required to know what data is stored but if the cops can prove that someone DID know what was stored, that person can be criminally charged. IANAL but I have worked with LE on a similar case and that is how it was explained to us by the FBI. It will be hard to prove anyone knew however since anyone that knew and did not report it committed a crime. Charging the company will be a stretch unless they can prove that at least one corporate officer knew. Otherwise the company will fire whichever employee knew and say "He should have told us".
This is all about who knew what and when.
True in the USA, I think; but what about Canadian law? Popcorn and hyperhumongous drinks time. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin
Canadian and US laws are similar. But I'll leave it up to the lawyers to figure it all out, happily I'm no where near this, but it being a small industry here, I suspect I have friends that are dealing with some crap right now On Mon, Mar 2, 2015 at 2:03 PM, Mike A <mikea@mikea.ath.cx> wrote:
Don't know who this is but the legalities are pretty clear I think. The DC is not required to know what data is stored but if the cops can prove
someone DID know what was stored, that person can be criminally charged. IANAL but I have worked with LE on a similar case and that is how it was explained to us by the FBI. It will be hard to prove anyone knew however since anyone that knew and did not report it committed a crime. Charging
On Mon, Mar 02, 2015 at 05:53:33PM +0000, Naslund, Steve wrote: that the
company will be a stretch unless they can prove that at least one corporate officer knew. Otherwise the company will fire whichever employee knew and say "He should have told us".
This is all about who knew what and when.
True in the USA, I think; but what about Canadian law?
Popcorn and hyperhumongous drinks time.
-- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin
On Mar 2, 2015, at 10:03 AM, Mike A <mikea@mikea.ath.cx> wrote:
On Mon, Mar 02, 2015 at 05:53:33PM +0000, Naslund, Steve wrote:
Don't know who this is but the legalities are pretty clear I think. The DC is not required to know what data is stored but if the cops can prove that someone DID know what was stored, that person can be criminally charged. IANAL but I have worked with LE on a similar case and that is how it was explained to us by the FBI. It will be hard to prove anyone knew however since anyone that knew and did not report it committed a crime. Charging the company will be a stretch unless they can prove that at least one corporate officer knew. Otherwise the company will fire whichever employee knew and say "He should have told us".
This is all about who knew what and when.
True in the USA, I think; but what about Canadian law?
AFAIK it's generally the same in Canada. If a provider is aware of (reported, accidental discovery or otherwise) the existence of child pornography on their network that existence must be reported to LE and the content must be cease to be publicly available. What I've done in the past when such a report is received is created an archive of the whole directory and subdirectories in question, collected all the customer data related to the account including logs of logins and file transfers and sent that directly to law enforcement and through https://www.cybertip.ca/ <https://www.cybertip.ca/>. Some information for Canadian service providers is in the reporting system itself: https://www.cybertip.ca/app/en/service_provider_report
Given the size and that the data is stored in encrypted RAR files, I wonder if they just busted a Usenet service provider rather than a P2P / file sharing site. ---- Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-694-5669 -----Original Message----- From: NANOG [mailto:nanog-bounces+mhuff=ox.com@nanog.org] On Behalf Of Naslund, Steve Sent: Monday, March 2, 2015 12:54 PM To: nanog@nanog.org Subject: RE: Large Ontario DC busted for hosting petabytes of child abuse material Don't know who this is but the legalities are pretty clear I think. The DC is not required to know what data is stored but if the cops can prove that someone DID know what was stored, that person can be criminally charged. IANAL but I have worked with LE on a similar case and that is how it was explained to us by the FBI. It will be hard to prove anyone knew however since anyone that knew and did not report it committed a crime. Charging the company will be a stretch unless they can prove that at least one corporate officer knew. Otherwise the company will fire whichever employee knew and say "He should have told us". This is all about who knew what and when. Steven Naslund Chicago IL
18 million dollars revenue in three months so certainly pretty large sized.
Any idea which DC this is?
http://motherboard.vice.com/en_ca/read/police-could-charge-a-data-center-in-...
Here is what is going to hurt or help the cops case. "The volume of information is so expansive that in order to store and analyze the data safely and securely, police had to purchase storage hardware similar to what was used by Canadian military forces in Afghanistan. To access the files, many of which are password protected, the cops developed password-cracking software in-house that is slowly sifting through the mountain of information." The key there is that the data was protected. Did the datacenter control that protection and have access to the data or did their customer maintain that control? Certainly a data hosting service is not required (or perhaps even allowed) to crack passwords to see what you are storing on their servers. Steven Naslund Chicago IL
18 million dollars revenue in three months so certainly pretty large sized.
Any idea which DC this is?
http://motherboard.vice.com/en_ca/read/police-could-charge-a-data-cente r-in-the-largest-child-porn-bust-ever
In article <1c6ee78f6c1e400289fa7797f3ba647b@pur-vm-exch13n1.ox.com> you write:
Given the size and that the data is stored in encrypted RAR files, I wonder if they just busted a Usenet service provider rather than a P2P / file sharing site.
Unlikely. There aren't that many large usenet providers, none of them are based in Canada, and they are hyper-aware that they don't want child abuse material on their servers. There aren't that many cloud providers physically located in Canada either, but I have no idea which one it is. R's, John
Part of it depends on if the DC was doing managed services as well. If they are just a space tenant then their exposure can be limited. But if it was their servers that will be a little different. Not saying it would make the difference, but opens another avenue to be argued. To me it’s like going after the Landlord of a rental apartment if someone is busted for drugs. How much can be proven that they knew? How much can they interfere with their business? Justin Justin Wilson j2sw@mtin.net http://www.mtin.net Managed Services – xISP Solutions – Data Centers http://www.thebrotherswisp.com Podcast about xISP topics http://www.midwest-ix.com Peering – Transit – Internet Exchange
On Mar 2, 2015, at 12:53 PM, Naslund, Steve <SNaslund@medline.com> wrote:
Don't know who this is but the legalities are pretty clear I think. The DC is not required to know what data is stored but if the cops can prove that someone DID know what was stored, that person can be criminally charged. IANAL but I have worked with LE on a similar case and that is how it was explained to us by the FBI. It will be hard to prove anyone knew however since anyone that knew and did not report it committed a crime. Charging the company will be a stretch unless they can prove that at least one corporate officer knew. Otherwise the company will fire whichever employee knew and say "He should have told us".
This is all about who knew what and when.
Steven Naslund Chicago IL
18 million dollars revenue in three months so certainly pretty large sized.
Any idea which DC this is?
http://motherboard.vice.com/en_ca/read/police-could-charge-a-data-center-in-...
participants (8)
-
jim deleskie
-
John Levine
-
Justin Wilson - MTIN
-
Landon Stewart
-
Matthew Huff
-
Mike A
-
Naslund, Steve
-
Suresh Ramasubramanian