Results 1 to 20 of 20
  1. #1
    Join Date
    Sep 2008
    Location
    Melbourne
    Posts
    405

    Agency forces to pull the plug

    We have a client on a cPanel server. Now we all know how shared hosting works, with the multiple websites on one server.

    There was one user, who hosted kiddy porno which is ilegal. However the server owner did not know. This agency has forced our hand, and required us to pull the plug. Without even letting the user terminate the account etc.

    Rather they are taking the drive away for inspection. Is this normal? Is there a way to bypass this or something?

    Suggestions are much appreciated.

    Thanks!

  2. #2
    Join Date
    Apr 2007
    Posts
    3,531
    Without a warrant they can't really force you to do anything.
    If they have no intention on using the files as evidence I would delete the files ASAP, they can then no longer request a pull the plug method...
    It is however a forensically accepted method if they are going to examin the data at a later stage to "pull the plug"....
    So you need to be 100% clear what there intentions are.
    BotWars.io - Code the AI of your Battle Bot!

  3. #3
    Join Date
    Jan 2004
    Location
    Washington, DC
    Posts
    450
    No, that isn't right at all. It's important to assist law enforcement but it's also vital that you know your rights and know how to operate in the best interest of your innocent client.

    What agency were you working with? I can certainly provide tips and insights if I know that.
    Christian Dawson Exectuive Director and Co-Founder, i2Coalition
    The i2Coalition is comprised of small to medium cloud providers, data centers, registrars, registries and other foundational Internet enterprises. Join today!
    Follow us on Twitter @i2coalition or checkout our forum!

  4. #4
    Join Date
    Nov 2001
    Location
    The South
    Posts
    5,408
    What "agency"? If they don't have a warrant or court order, uh oh!

    I should add, I've helped assist law enforcement (ABI - Alabama Bureau of Investigation) on a handful of kiddie porn cases and they don't sneeze without a hand signed order or warrant from a judge. Not that it takes them long to get one, we had a PC full of it in our shop once years ago, I called them, agent showed up within minutes (he had worked with me before), showed the agent the pics, he called a judge, got a warrant and arrest order, over the phone faxed to our office, he walked up front (mom & pop PC store) and arrested the guy who was waiting to pick up his PC, from my initial phone call to the arrest? 30 minutes, maybe.
    Gary Harris - the artist formerly known as Dixiesys
    resident grumpy redneck

  5. #5
    Join Date
    Sep 2008
    Location
    Melbourne
    Posts
    405

  6. #6
    Join Date
    Nov 2001
    Location
    The South
    Posts
    5,408
    Oh you're not in the US? So anything I know about dealing with law enforcement doesn't really apply for you does it?
    Gary Harris - the artist formerly known as Dixiesys
    resident grumpy redneck

  7. #7
    Join Date
    Jan 2004
    Location
    Washington, DC
    Posts
    450
    Ok, now's a good time to share some tips for hosters on this subject.

    All responsible hosts need to maintain policies in compliance with The Victims of Child Abuse Act of 1990 and The Protection of Children from Sexual Predators Act which amended it. As such, you need to abide by the guidelines of the reporting section of 42 U.S.C. § 13032, and assume as normal business practices certain additional steps which enable you to better assist law enforcement in their efforts to catch the perpetrators of these illegal acts.

    The reporting section of 42 U.S.C. § 13032 requires anyone who is engaged in providing an electronic communication service to the public, and obtains knowledge of a violation of the child exploitation statutes, to report such violation to a law enforcement agency or agencies. A failure to report is subject to a civil fine of up to $50,000 in the first instance and $100,000 for any subsequent failure. No service provider may be held civilly liable for any action taken in good faith to comply with the reporting requirement. Abide by these clear steps, and you will protect your company as well as yourself when a claim of child pornography is brought to your attention.

    When you get a case like this you ned to begin doing some due diligence to determine whether you believe that this is being posted by a client intentionally or whether they are also unknowing victims. That is something that will guide you when it comes to either 'fixing the problem' or parting ways with the client (to say the least). But that's something you don't need to determine right away. You have other goals first.

    1) Do not click on any links that have been sent to you regarding this subject matter. Doing so puts you at risk.

    2) You must inform two separate groups of the complaint you have received. First, contact the following:

    The Federal Bureau of Investigation:
    http://www.fbi.gov/

    At ServInt we work with the Washington D.C. FBI Field Office: Cyber Unit

    Next, contact the National Center for Missing & Exploited Children, or NCMEC. Their website is NCMEC.org, but a direct link to the necessary contact form is as follows:

    https://secure.missingkids.com/missi...eCountry=en_US

    In filling out that form, identify yourself as a hosting provider, operating in an official capacity on behalf of your company. Include a copy of the complaint that has been sent, and where it asks whether you have contacted any other agencies, inform them that you have contacted the FBI.

    It's best to work in collaboration with these outfits to address such problems so telling them something like this should elicit their quick response.

    -----
    Within 24 hours we will be contacting the customer about this as part of our standard procedures. Though we will request that our client disable but not delete any evidence, there is a chance that when we make contact, all evidence will disappear. We will hold off on this contact if you wish to expedite a warrant for the data contained in the customer's hard drives. Please let us know how you wish to proceed as quickly as you can.
    -----


    4) After these two agencies have been contacted, simply cooperate with the law enforcement agencies you have contacted, and to provide them with any information that is subpoenaed.

    You need a warrant to turn over customer data. You should NOT need to turn over primary copies of customer data. If your client is a victim as well, a situation can be addressed with minor headache to all parties. At the end of the day you can feel good knowing that you assisted in a very serious investigation, and behaved appropriately, lawfully and responsibly throughout.

    These agencies are excellent and can work with you to help you figure out what to do and how. They won't destroy your business or unfairly incriminate your clients - they are experts and professionals.
    Christian Dawson Exectuive Director and Co-Founder, i2Coalition
    The i2Coalition is comprised of small to medium cloud providers, data centers, registrars, registries and other foundational Internet enterprises. Join today!
    Follow us on Twitter @i2coalition or checkout our forum!

  8. #8
    Join Date
    Jan 2004
    Location
    Washington, DC
    Posts
    450
    Telefono Arcobaleno is a fantastic International organization but they are a research and reporting organization, not an agency of any government.

    They are based in Rome and their name means "Rainbow Phone". They can't force your hand. What you should do is contact the agencies I cited above and tell Telefono Arcobaleno that this is what you're doing. They want the content DOWN - understandably. But they are reasonable and will be pleased to hear you are working with law enforcement.
    Christian Dawson Exectuive Director and Co-Founder, i2Coalition
    The i2Coalition is comprised of small to medium cloud providers, data centers, registrars, registries and other foundational Internet enterprises. Join today!
    Follow us on Twitter @i2coalition or checkout our forum!

  9. #9
    Some excellent info mrcjdawson - thankyou

  10. #10
    Join Date
    Jan 2004
    Location
    Washington, DC
    Posts
    450
    Anytime! I think this subject is incredibly important.
    Christian Dawson Exectuive Director and Co-Founder, i2Coalition
    The i2Coalition is comprised of small to medium cloud providers, data centers, registrars, registries and other foundational Internet enterprises. Join today!
    Follow us on Twitter @i2coalition or checkout our forum!

  11. #11
    Join Date
    Nov 2007
    Location
    New Jersey
    Posts
    64
    Did we get any further info from the original poster as to what countries the authorities were from? Based on what he said, there are no authorities involved, and a few issues come into play. (no I am not a supporter of kiddie porn)

    1. There is no problem with, and he should, take down the material.

    2. He should NOT delete the material, at least not in the U.S. You delete, you are asking for an obstruction of justice claim.

    3. He doesn't need to take the whole server down unless court ordered or by warrant.
    www.kuzasneu.com
    Internet|Technology|Intellectual Property
    No comments, postings, or exchanges on this forum are intended to be nor shall they be viewed as constituting legal advice, nor does it establish a client attorney relationship. If you need legal advice, please contact your attorney.

  12. #12
    Join Date
    Sep 2008
    Location
    Melbourne
    Posts
    405
    Thank you for that information.

  13. #13
    Join Date
    Sep 2008
    Location
    Melbourne
    Posts
    405
    Quote Originally Posted by legallink View Post
    Did we get any further info from the original poster as to what countries the authorities were from? Based on what he said, there are no authorities involved, and a few issues come into play. (no I am not a supporter of kiddie porn)

    1. There is no problem with, and he should, take down the material.

    2. He should NOT delete the material, at least not in the U.S. You delete, you are asking for an obstruction of justice claim.

    3. He doesn't need to take the whole server down unless court ordered or by warrant.
    Hello,

    I have not been contacting them directly. However, what I have been told is that most agencies don't understand how shared hosting works and when something like this happens. The entire system is forced to be closed down.

    Thanks everyone for your info, it is very much appreciated!

  14. #14
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,783
    Where is the server Australia or the US.
    How you proceed will depend on which country.
    Different laws in each, but your best bet in both cases is to contact either the AFP or the FBI depending on where the server is and tell them you suspect kiddie porn on your sever.
    Follow their directions from that point on.
    I have worked with both and they are good to work with and will guide you on how they want it handled.
    Do not delete anything and do not start clicking the links yourself.

  15. #15
    Join Date
    Sep 2008
    Location
    Melbourne
    Posts
    405
    The server is in the US.

    Thank you everyone for your info.

  16. #16
    Join Date
    Sep 2008
    Location
    Sydney Australia
    Posts
    580
    Send it to the AFP via
    https://www.afp.gov.au/online_forms/ocset_ispich_form

    They'll liase with the FBI.

  17. #17
    Join Date
    Jan 2004
    Location
    Washington, DC
    Posts
    450
    Quote Originally Posted by AHN-Andrew View Post
    Hello,

    I have not been contacting them directly. However, what I have been told is that most agencies don't understand how shared hosting works and when something like this happens. The entire system is forced to be closed down.
    If you contact the right government agencies you still may get some people who DON'T understand that, but nearly all people in law enforcement you are going to meet ware going to be willing to listen and learn - they'd rather have a reasonable, helpful aid in situations that arise than an innocent person who is upset and out of business. You just need to get on the phone with the right people and explain the way you can best help out that will get them what they need without taking down law abiding customers.

    One last point, though. Make sure they subpoena all of that customer's files, and that is what you provide access to in response. A host should not play 'digital forensics expert' and go in to attempt to extract individual customer files. You can't be responsible for finding exactly what they are looking for.

    Think of it as if you were the proprietor of a hotel where something illegal happened. With a warrant, you would let the police into the room to look around. You wouldn't go in and find the murder weapon FOR them. The same is true in legal issues surrounding hosting.
    Christian Dawson Exectuive Director and Co-Founder, i2Coalition
    The i2Coalition is comprised of small to medium cloud providers, data centers, registrars, registries and other foundational Internet enterprises. Join today!
    Follow us on Twitter @i2coalition or checkout our forum!

  18. #18
    Join Date
    Sep 2008
    Location
    Melbourne
    Posts
    405
    Quote Originally Posted by mrcjdawson View Post
    If you contact the right government agencies you still may get some people who DON'T understand that, but nearly all people in law enforcement you are going to meet ware going to be willing to listen and learn - they'd rather have a reasonable, helpful aid in situations that arise than an innocent person who is upset and out of business. You just need to get on the phone with the right people and explain the way you can best help out that will get them what they need without taking down law abiding customers.

    One last point, though. Make sure they subpoena all of that customer's files, and that is what you provide access to in response. A host should not play 'digital forensics expert' and go in to attempt to extract individual customer files. You can't be responsible for finding exactly what they are looking for.

    Think of it as if you were the proprietor of a hotel where something illegal happened. With a warrant, you would let the police into the room to look around. You wouldn't go in and find the murder weapon FOR them. The same is true in legal issues surrounding hosting.
    That's what we're doing now.

    Thank you!

  19. #19
    Join Date
    Jul 2009
    Location
    Orlando, Florida
    Posts
    38
    Yes, do not panic, just follow the instructions given by authority, but remember them your rights, be carefully with that.

  20. #20
    Join Date
    Jan 2004
    Location
    Washington, DC
    Posts
    450
    Quote Originally Posted by AHN-Andrew View Post
    That's what we're doing now.

    Thank you!
    I am SO glad it's working out for you. If you run into any glitches let me know. Always happy to help.
    Christian Dawson Exectuive Director and Co-Founder, i2Coalition
    The i2Coalition is comprised of small to medium cloud providers, data centers, registrars, registries and other foundational Internet enterprises. Join today!
    Follow us on Twitter @i2coalition or checkout our forum!

Similar Threads

  1. join forces
    By gingerbread in forum Web Hosting Lounge
    Replies: 22
    Last Post: 03-16-2006, 11:14 PM
  2. PTP (Pull The Plug) VS. Defender Hosting?
    By BWorx in forum Colocation, Data Centers, IP Space and Networks
    Replies: 5
    Last Post: 01-19-2006, 08:38 PM
  3. Happy Thanksgiving to the Armed Forces
    By Fair Dinkum in forum Web Hosting Lounge
    Replies: 7
    Last Post: 11-24-2004, 10:38 PM
  4. Californians Can Now Pull The Plug On Telemarketers
    By Atlonim in forum Web Hosting Lounge
    Replies: 4
    Last Post: 04-01-2003, 08:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •