Minimizing Collateral Damage
When the FBI raided DigitalOne, a co-location data center, in search of data belonging to criminals, it also disrupted innocent businesses. One of those was Instapaper. Services for Instapaper were offline for most of a day. The services unexpectedly stopped, and then resumed many hours later.
Whether the disruption was unavoidable is unclear. The FBI did not explain how the raid transpired. DigitalOne suggested that the FBI was clumsy, taking a whole enclosure of servers, rather than the particular servers that were the focus of its raid.
Some in the technical community have criticized the FBI for not knowing the difference between an enclosure and a server.
I don’t know whether the FBI was in fact clumsy. The full story is probably complicated.
Problem Will Be More Common
This not the first time that a well-meaning FBI raid of a contract data center caused disruption to innocent businesses housed at the center. A company named Liquid Motors complained in court when an FBI data center raid damaged its business, which was not connected with the criminal activity that precipitated the raid.
Disruptions like this threaten to grow more common. Co-location, cloud computing and other IT outsourcing are on the rise. FBI and other law enforcement need to refine their methods of investigation. When they must raid a data center that serves multiple clients, they should not cause more harm than good.
What FBI Should Do
Yes, FBI needs to shut down cyber criminals and collect evidence so they can be prosecuted. But FBI undermines the community’s trust when it damages innocent bystanders.
Before executing a raid, FBI should evaluate whether its mission truly requires it to seize hardware and take it offline. It should develop techniques for surgically getting what it needs, while avoiding disruption of anything else.
FBI further should strive for transparency and accountability. It should vow to the community to disclose as much as it can, as soon as it can, about what it is doing and how. It should explain which servers it is impacting, in what way and for what reason.
I realize that explanation to the public is time-consuming work. And explanation can lead to second-guessing and criticism. But explanation is necessary to ensure that FBI is constantly refining its methods and learning from any mistakes it makes. Explanation also promotes FBI’s stature within the technical community.
Mr. Wright teaches the law of data security and investigations at the SANS Institute.
Related: Justice for innocent users of Megaupload