When the FBI Raids a Data Center: A Rare Danger
The FBI's recent seizure of servers at a Dallas, Texas, co-location facility affected dozens of businesses. Could it happen to you? Experts say that power outages and network disruptions are the far more likely threat, but add that cloud computing complicates the situation.
Wed, April 22, 2009
CIO — As part of coordinated raids in early April, FBI agents seized computers from a data center at 2323 Bryan Street in Dallas, Texas, attempting to gather evidence in an ongoing investigation of two men and their various companies accused of defrauding AT&T and Verizon for more than $6 million.
The FBI's target in the data center raid—one of five seizures conducted that day—is simply listed as Cabinet 24.02.900 in the affidavit and search warrant.
Cabinet 24.02.900 allegedly held the computers and data used to serve voice-over-IP clients for the companies at the center of the case. Yet, it was also home to the digital presence of dozens of other businesses, according to press reports. To LiquidMotors, a company that provides inventory management to car dealers, the servers held its client data and hosted its managed inventory services. The FBI seizure of the servers in the data center rack effectively shut down the company, which filed a lawsuit against the FBI the same day to get the data back.
"Although the search warrant was not issued for the purpose of seizing property belonging to Liquid Motors, the FBI seized all of the servers and backup tapes belonging to Liquid Motors, Inc.," the company stated in its court filing. "Since the FBI seized its computer equipment earlier today, Liquid Motors has been unable to operate its business."
The court denied the company's attempt to get its data back, but the FBI offered to copy the data to blank tapes to help the company restart its services, according to a report in Wired.
The incident has worried IT managers, especially those with a stake in cloud computing, where a company's data could be co-mingled with other businesses' data on a collection of servers.
"The issue, I think, is one of how search and seizure laws are being interpreted for assets hosted in third-party facilities," James Urquhart, manager of Cisco Systems' Data Center 3.0 strategy, said in a recent blog post. "If the court upholds that servers can be seized despite no direct warrants being served on the owners of those servers—or the owners of the software and data housed on those servers—then imagine what that means for hosting your business in a cloud shared by thousands or millions of other users."
Yet, a careful reading of the case suggest that such issues are unlikely, says attorney and former Department of Justice prosecutor James M. Aquilina, who argues that the FBI and the judges took the correct actions.
"Probable cause to search is probable cause to search," says Aquilina, who is the executive managing director and deputy general counsel for Stroz Friedberg, a digital forensics and intellectual property advisory firm. "That being said, federal law enforcement agents, prosecutors, and magistrate judges alike remain sensitive to the realities of co-mingled data encountered at hosting providers."
Typically, judges and law enforcement agents will attempt to work with co-location and data center providers to hone a search to specific data, he says. However, two factors in the current case changed that policy. Most importantly, the co-location firm was a suspect in the case. In addition, the firm's owner had stated that it "was transitioning from the service provider business to the Venture Capital business and they only had a handful of telecommunications customers," according to the FBI's affidavit. Such an assertion could make a judge less likely to limit a search and seizure, says Aquilina.
Such determinations will become more difficult as virtualization technologies and cloud computing become more prevalent, says Scott Gode, vice president of product management for Azaleos, a managed service provider for Microsoft services. Virtual machines and nebulous temporal instances of applications divorced from physical machines could turn law enforcement's job into a game of whack-a-mole, he says. Even today's state of partial progress toward cloud computing, with dedicated machines running multi-tenant applications could still lead to massive collateral damage, if the company operating the data center is considered a suspect, Gode says.
"Even with that dedicated box, there are tons of shared components within the data center," he says. "For a SAN storage unit, there is still a lot of caching devices, a lot of those are used ubiquitously by other components in the data center."
Yet for the most part, larger companies contracting with larger providers are not the ones at the most risk, Gode says. Such firms usually will usually not be hosted alongside fly-by-night firms and will likely get more consideration from law enforcement. Smaller firms are the ones that more often cut costs and corners, making them more likely to use an unknown service provider and more ready to consider cloud computing as a solution, he says.
"They are the ones who will take those risks," Gode says. "They will take those risks around power, they will take those risks around security and they will take those risks around FBI seizure, because otherwise, it costs them money."
Follow everything from CIO.com on Twitter @CIOonline
