CBS News reporter Declan McCullagh has written an interesting article about a the U.S. Department of Justice request sent to Indymedia.us, a news aggregation site, that ordered one of the site's admins to provide details of all visitors on a specific day. McCullagh wrote:
"Kristina Clair, a 34-year old Linux administrator living in Philadelphia who provides free server space for Indymedia.us, said she was shocked to receive the Justice Department's subpoena. ... The subpoena (PDF) from U.S. Attorney Tim Morrison in Indianapolis demanded "all IP traffic to and from www.indymedia.us" on June 25, 2008. It instructed Clair to "include IP addresses, times, and any other identifying information," including e-mail addresses, physical addresses, registered accounts, and Indymedia readers' Social Security Numbers, bank account numbers, credit card numbers, and so on."
Instead of immediately turning over the requested data (which according to the article, Indymedia.us didn't actually have), Clair turned to the Electronic Frontier Foundation (EFF), who agreed to take on her case. After a series of letters, telephone calls, and faxes between EFF and the U.S. Justice Department, the subpoena was withdrawn and the issue appears to have been dropped. For a more detailed description of the event, Kevin Bankston's, a senior staff attorney with EFF, description of the exchange.
While this article raises a host of legal and privacy issues, I'm most interested in how most IT professionals respond when presented with a similar request. If a government request for traffic or visitor information for one of the site's you support appeared in your mailbox or in your email inbox, what would you do first?
Bill Detwiler has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Bill Detwiler is Managing Editor Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. He was most recently Managing Editor for TechRepublic Pro. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the social research and energy industries. He has bachelor's and master's degrees from the University of Louisville, where he has also lectured on computer crime and crime prevention.