Re: Large Ontario DC busted for hosting petabytes of child abuse material
On Mar 2, 2015, at 10:03 AM, Mike A mi...@mikea.ath.cx wrote: On Mon, Mar 02, 2015 at 05:53:33PM +, Naslund, Steve wrote: Don't know who this is but the legalities are pretty clear I think. The DC is not required to know what data is stored but if the cops can prove that someone DID know what was stored, that person can be criminally charged. IANAL but I have worked with LE on a similar case and that is how it was explained to us by the FBI. It will be hard to prove anyone knew however since anyone that knew and did not report it committed a crime. Charging the company will be a stretch unless they can prove that at least one corporate officer knew. Otherwise the company will fire whichever employee knew and say He should have told us. This is all about who knew what and when. True in the USA, I think; but what about Canadian law? AFAIK it's generally the same in Canada. If a provider is aware of (reported, accidental discovery or otherwise) the existence of child pornography on their network that existence must be reported to LE and the content must be cease to be publicly available. What I've done in the past when such a report is received is created an archive of the whole directory and subdirectories in question, collected all the customer data related to the account including logs of logins and file transfers and sent that directly to law enforcement and through https://www.cybertip.ca/ https://www.cybertip.ca/. Some information for Canadian service providers is in the reporting system itself: https://www.cybertip.ca/app/en/service_provider_report signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Large Ontario DC busted for hosting petabytes of child abuse material
On Mon, Mar 02, 2015 at 05:53:33PM +, Naslund, Steve wrote: Don't know who this is but the legalities are pretty clear I think. The DC is not required to know what data is stored but if the cops can prove that someone DID know what was stored, that person can be criminally charged. IANAL but I have worked with LE on a similar case and that is how it was explained to us by the FBI. It will be hard to prove anyone knew however since anyone that knew and did not report it committed a crime. Charging the company will be a stretch unless they can prove that at least one corporate officer knew. Otherwise the company will fire whichever employee knew and say He should have told us. This is all about who knew what and when. True in the USA, I think; but what about Canadian law? Popcorn and hyperhumongous drinks time. -- Mike Andrews, W5EGO mi...@mikea.ath.cx Tired old sysadmin
Re: Large Ontario DC busted for hosting petabytes of child abuse material
Part of it depends on if the DC was doing managed services as well. If they are just a space tenant then their exposure can be limited. But if it was their servers that will be a little different. Not saying it would make the difference, but opens another avenue to be argued. To me it’s like going after the Landlord of a rental apartment if someone is busted for drugs. How much can be proven that they knew? How much can they interfere with their business? Justin Justin Wilson j...@mtin.net http://www.mtin.net Managed Services – xISP Solutions – Data Centers http://www.thebrotherswisp.com Podcast about xISP topics http://www.midwest-ix.com Peering – Transit – Internet Exchange On Mar 2, 2015, at 12:53 PM, Naslund, Steve snasl...@medline.com wrote: Don't know who this is but the legalities are pretty clear I think. The DC is not required to know what data is stored but if the cops can prove that someone DID know what was stored, that person can be criminally charged. IANAL but I have worked with LE on a similar case and that is how it was explained to us by the FBI. It will be hard to prove anyone knew however since anyone that knew and did not report it committed a crime. Charging the company will be a stretch unless they can prove that at least one corporate officer knew. Otherwise the company will fire whichever employee knew and say He should have told us. This is all about who knew what and when. Steven Naslund Chicago IL 18 million dollars revenue in three months so certainly pretty large sized. Any idea which DC this is? http://motherboard.vice.com/en_ca/read/police-could-charge-a-data-center-in-the-largest-child-porn-bust-ever
RE: Large Ontario DC busted for hosting petabytes of child abuse material
Don't know who this is but the legalities are pretty clear I think. The DC is not required to know what data is stored but if the cops can prove that someone DID know what was stored, that person can be criminally charged. IANAL but I have worked with LE on a similar case and that is how it was explained to us by the FBI. It will be hard to prove anyone knew however since anyone that knew and did not report it committed a crime. Charging the company will be a stretch unless they can prove that at least one corporate officer knew. Otherwise the company will fire whichever employee knew and say He should have told us. This is all about who knew what and when. Steven Naslund Chicago IL 18 million dollars revenue in three months so certainly pretty large sized. Any idea which DC this is? http://motherboard.vice.com/en_ca/read/police-could-charge-a-data-center-in-the-largest-child-porn-bust-ever
RE: Large Ontario DC busted for hosting petabytes of child abuse material
Given the size and that the data is stored in encrypted RAR files, I wonder if they just busted a Usenet service provider rather than a P2P / file sharing site. Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-694-5669 -Original Message- From: NANOG [mailto:nanog-bounces+mhuff=ox@nanog.org] On Behalf Of Naslund, Steve Sent: Monday, March 2, 2015 12:54 PM To: nanog@nanog.org Subject: RE: Large Ontario DC busted for hosting petabytes of child abuse material Don't know who this is but the legalities are pretty clear I think. The DC is not required to know what data is stored but if the cops can prove that someone DID know what was stored, that person can be criminally charged. IANAL but I have worked with LE on a similar case and that is how it was explained to us by the FBI. It will be hard to prove anyone knew however since anyone that knew and did not report it committed a crime. Charging the company will be a stretch unless they can prove that at least one corporate officer knew. Otherwise the company will fire whichever employee knew and say He should have told us. This is all about who knew what and when. Steven Naslund Chicago IL 18 million dollars revenue in three months so certainly pretty large sized. Any idea which DC this is? http://motherboard.vice.com/en_ca/read/police-could-charge-a-data-center-in-the-largest-child-porn-bust-ever
Re: Large Ontario DC busted for hosting petabytes of child abuse material
Canadian and US laws are similar. But I'll leave it up to the lawyers to figure it all out, happily I'm no where near this, but it being a small industry here, I suspect I have friends that are dealing with some crap right now On Mon, Mar 2, 2015 at 2:03 PM, Mike A mi...@mikea.ath.cx wrote: On Mon, Mar 02, 2015 at 05:53:33PM +, Naslund, Steve wrote: Don't know who this is but the legalities are pretty clear I think. The DC is not required to know what data is stored but if the cops can prove that someone DID know what was stored, that person can be criminally charged. IANAL but I have worked with LE on a similar case and that is how it was explained to us by the FBI. It will be hard to prove anyone knew however since anyone that knew and did not report it committed a crime. Charging the company will be a stretch unless they can prove that at least one corporate officer knew. Otherwise the company will fire whichever employee knew and say He should have told us. This is all about who knew what and when. True in the USA, I think; but what about Canadian law? Popcorn and hyperhumongous drinks time. -- Mike Andrews, W5EGO mi...@mikea.ath.cx Tired old sysadmin
Re: Large Ontario DC busted for hosting petabytes of child abuse material
In article 1c6ee78f6c1e400289fa7797f3ba6...@pur-vm-exch13n1.ox.com you write: Given the size and that the data is stored in encrypted RAR files, I wonder if they just busted a Usenet service provider rather than a P2P / file sharing site. Unlikely. There aren't that many large usenet providers, none of them are based in Canada, and they are hyper-aware that they don't want child abuse material on their servers. There aren't that many cloud providers physically located in Canada either, but I have no idea which one it is. R's, John
RE: Large Ontario DC busted for hosting petabytes of child abuse material
Here is what is going to hurt or help the cops case. The volume of information is so expansive that in order to store and analyze the data safely and securely, police had to purchase storage hardware similar to what was used by Canadian military forces in Afghanistan. To access the files, many of which are password protected, the cops developed password-cracking software in-house that is slowly sifting through the mountain of information. The key there is that the data was protected. Did the datacenter control that protection and have access to the data or did their customer maintain that control? Certainly a data hosting service is not required (or perhaps even allowed) to crack passwords to see what you are storing on their servers. Steven Naslund Chicago IL 18 million dollars revenue in three months so certainly pretty large sized. Any idea which DC this is? http://motherboard.vice.com/en_ca/read/police-could-charge-a-data-cente r-in-the-largest-child-porn-bust-ever
