|Helping the FBI ....|
I do not need this
I got a genuine email from the equivalent of the FBI of my country. My sites ae all based in the US but serve a niche market in Europe.
Now Should I help or if I do I could end up testifying in court?
They need the IP from which certain messages have originated.
IF the email is definitely genuine, can you NOT help without going to jail? Is there some overwhelming moral or ethical reason why you wouldn't help them?
Do everything in your power not to cooperate - completely destroy any physical evidence you may have recorded about your site visitors - let them harass the ISP.
Do everything you can to help ..
do NOT destroy everything as bcolflesh suggest ..or you'll find yourself in deep doo doo.
You have to follow your own concious .. do you know what they are looking for? is it clearly someone up to Illegal activities..? Dont stick your next out for the crimininals...they certainly wouldnt for you
I don't know what country you're in, but here I'm pretty sure you wouldn't want to cheese off the FBI, or the equivalent in any country, by hindering an ongoing investigation that involves information that you may have inadvertently obtained.
I don't see how the email can be real. If this was a serious investigation, wouldn't they have CALLED you or gone to your home or place of work as a means of first contact? Something is fishy about getting an EMAIL...
1. Phone them up. Ask for the person the email came from. If they gave you a phone number in the email, don't use it - use the number in your phone book and get their switchboard to connect you. It's a quick but effective way of confirming whether the message is genuine or not.
2. Don't destroy anything at all - and make an extra backup just in case. You don't want to go to jail yourself for destroying evidence, even if it happens inadvertently.
3. If you are unsure of anything, consult a lawyer.
4. Before giving out any confidential information at all, make sure you have a court order, in writing, delivered to your door.
5. Confirm everything in writing - not email, real paper sent by courier with a signature on receipt. Electronic communications are not the right medium for this.
If it's a European country, I'm assuming it's a more legit request than, say, if it were coming from the military junta in Myanmar.
For a simple request, try to be cooperative, especially if you are given a good reason. Definitely definitely don't destroy a darn thing or tell them to go f--- themselves.
However, also don't give a carte blanche. A law enforcement agency that will go unnamed asked me for my entire customer database. I politely refused and said that if they have particular types of transaction they were looking for, I could be on the lookout. As a result, I have forwarded two or three transactions that fit the criteria and met a very legitimate law enforcement need.
I would make sure they have a subpoena in hand and consult your lawyer. If this is something that was posted on your site, you could very well be held responsible.
As for roscoepico's concern, they know about this because it was posted on your site. So helping them or not helping them is not going to determine your legal culpability. The deed was already done.
However, if you DON'T cooperate with them, all you're doing is angering them and putting yourself in the middle of something that you shouldn't be in the middle of.
A law enforcement agency such as the FBI is not going to contact you by email. It's probably a fraud.
First, per the outline above, confirm it's legit. Sounds bogus unless there was no other easily ascertainable method for reaching you. I could see email in THAT situation as a matter of expediency, BUT it does have an air of bogusness.
Second, destruction of evidence could be a separate crime. (Obstruction of Justice, etc.)
Third, consult with a lawyer. There may be competing laws. For instance, in the USA, generally you will need a subpoena or a warrant in criminal situations. Tell them, if legit, that you will preserve the info (if it's your server to control). If the alleged villian is hip to the fed on his trail he may employ hackers to attack the server, so external backups a must. All depends.
You really need to run this by 1) an attorney in your county; and, 2) possibly an attorney in the State where the website is hosted. There may be conflicts of law about disclosure. You could have 3 jurisdictions or more involved: Yours, as owner/operator, the posters jurisdiction and the good old USA as host to the server and website. You may even have an obligation to notify the alleged offender so he may retain counsel to defend or assert his/her rights, such as free speech or confidentiality rights, which you may or may not lawfully surrender in some circumstances. A lot may depend on exactly what was said, such as making threats or disclosing someone else's priviledged info or trade secrets.
Ahhhhh, the pleasures of global enterprise.
Webwork, Webmaster and Attorney at Law (my other job)
OBTW - this isn't legal advice, just a general list of concerns, and no, I doubt I'm positioned to help and I'm NOT soliciting further inquiries. Good-luck.
If you are required by law to provide them with information, then give it to them.
If you are not required by law, then ask some questions about why they need the information. If it sounds like a bona fide reason to you then help them out. If you don't agree with them, don't give them the info. If they won't tell you why they need it (at least in general terms) then I'd withhold telling them anything.
|If you are required by law to provide them with information, then give it to them. |
If you are not required by law, then ask some questions about why they need the information.
If you are not required by law to divulge private information, tell them you will only cooperate if the courts tell you to... that's the proper legal route for these things isn't it? If you do give them anything, without the legal need to, post a big notice on your site that says, "WE FORWARD ALL INFORMATION ON OUR CLIENTS TO THE FBI/(Gestapo/whoever)".
>> Should I help
Consider this: You post some message at some forum. Somebody (let's just pretend that it really is the FBI, for arguments sake) approaches the owner of that forum and asks for information that is not publicly available about your post.
In this case, would you, as poster, prefer:
A) That the owner just handed out this information "as a favour", or
B) that the people wanting that information had to present their claim to a court first in order to get a judgement of the validity of their claim (eg. a subpoena or a denial)?
Remember, in this case, that even though we pretend that it's really the FBI, and they're really doing some kind of investigation, that particular investigation might not concern you at all, and an investigation does not automatically imply that you have ever done anything wrong, whatsoever.
Now, as a perfectly innocent person (you are, until otherwise proved guilty of something)...
A) would you like that forum owner to just hand out your personal non-publicly available information, because he thinks he's doing somebody (perhaps the FBI) a favour, or
B) would you say "if the courts deem it necessary, then of course, he has to - but he has to see physical evidence that this need is really substantial first, eg. a subpoena"
Think about it...
this problem has expanded significantly in the US, the patriot act basically gave law enforcement free reign to request any and all digital tracking records from ISP's, to the degree that many of the larger ones have had to assign people to handle just these requests.
These are not, repeat not, legal requests, delivered through the legal process of court orders, but are almost all just fishing expeditions. A very serious problem in terms of freedom of expression and just plain freedom in general.
Hopefully this will change soon, but there's no guarantee currently.
Any law enforcement agency would have simply shown up and secured access to the computer that contained the data. They definately would not have emailed you.
yeah if they really need the data they will come and get it. they should be able to do their job without asking you for favors.
|Any law enforcement agency would have simply shown up and secured access to the computer that contained the data. They definately would not have emailed you. |
The bottom line is we don't know what a law enforcement agency would do. They could send a carrier pigeon to your house and hold you legally responsible for the contents of the message, for all we know (the CIA might have one on ice somewhere, you never know). So contact the organization (encyclos advice not to use the number in the email is smart) and confirm/disprove the validity of the email.
And for god's sake, don't destroy any evidence. That's just the stupidest peice of advice I've ever heard...
>> the CIA might have one on ice somewhere
Poor bird! :)
>> And for god's sake, don't destroy any evidence. That's just the stupidest peice of advice I've ever heard...
I would normally agree with you on this BUT what's right in one country would not necessarily be right in another. There is one country where I would definitely trash the evidence if it meant avoiding being dragged into litigation. Particularly if the litigation would incarcerate me for 10 years but the destruction of evidence attracts a slap on the wrist.
...Not that I would intentionally do anything that attracts a 10 year jail sentence.
|If it's a European country, I'm assuming it's a more legit request than, |
There are a lot of tin pot European countries. And one or two even in the EU, like Italy ;)
But speaking to a lawyer can't be a bad move.
[edited by: Macro at 12:58 pm (utc) on Sep. 27, 2004]
Isn't the first step to phone the FBI and ask if it's legit or not?
Thanks all for your help and suggestions. I am not going into details. But the request was legit.
Sometimes if you ask for a subponea or a warrant you might get some other goverment agency asking from more detailaied documents from you.(I believe in the states it is called the IRS). This was not mentioned directly but suggested, I could have been getting paranaoid as well. Trying too much to read bettween the lines (words in this case).
This happened in a so called first world country.
So from my experience :
1. Check the request is legit.
2. Co-operate like it was St peter asking for the information.
3. Witholding information will get you now where! (I am not saying that one should give all his databases)
4. Keep your mouth shut about the whole issue.
Bye for now
back to my desk coding in perl ...
I think some of the threads here have been too paranoid.
Yes, avoid collaboration with evil dictatorships.
But legitimate requests need NOT be accompanied by the threat of legal consequences for you to cooperate in full. It does not take an expert in human relations to realize that telling a law enforcement agent with a very legitimate request to go f&%# themselves unless they have a legal warrant is simply a way to get yourself in deeper trouble.
Yes, if you have suspicions about the legitimacy, seek a lawyer. No, don't give anything over carte blanche. And no, don't help out Sudan or Iran in their quest for personal information about average citizens.
Otherwise, if you get a legit law enforcement request, treat the person on the other end as if they were a human being (they are one) and try to anticipate what their reaction will be if you tell them to go jump off a pier or if, say, you say you are happy to cooperate in a legitimate fashion.
|And no, don't help out Sudan or Iran in their quest for personal information about average citizens |
Ah, but the FBI et al are the good guys, eh? Thanks to America and its "Patriot Act", you can't trust first world governments anymore, either, (not that you ever could, really... does McCarthy ring a bell?)
>> It does not take an expert in human relations to realize that telling
>> a law enforcement agent with a very legitimate request to go f&%#
>> themselves unless they have a legal warrant is simply a way to get
>> yourself in deeper trouble.
For any civilized country, this is indeed the only right thing to do - it does not take an expert in neither human rights nor law to realize that. I would advice to use a more, say, polite language though.
There is simply no way any individual can judge if a claim against another is legitimate or not, as that is legal matter and hence should be judged in the legal system, ie. by a court and/or judge.
Any request like that has to be proven legitimate for it to become so. Otherwise - that is, in any other case - it is not a legitimate request.
|treat the person on the other end as if they were a human being (they are one) |
According to a certain hit TV show (now defunct), at least SOME of those 'people' are, in fact, alien hybrids, although if you let on that you know this they are forced to place you and your family in a glass jar beneath the arctic ice caps, so it's probably better to treat them like 'people,' too. ;)
From Reuters, Sep 30:
|On Wednesday, U.S. District Judge Victor Marrero ruled that surveillance powers granted to the FBI under the Patriot Act, a cornerstone of the U.S. war on terror, were unconstitutional. |
In the first decision against a surveillance portion of the act, Marrero ruled for the American Civil Liberties Union in its challenge against what it called "unchecked power" by the FBI to demand secret customer records from communication companies, such as Internet service providers or telephone companies.
Lawyer, lawyer, laywer. But, then again, I'm a teeny bit paranoid ;).
Check it's authentic (phone FBI), then lawyer.
Don't go wasting legal fees on a spoof.
The first thing a lawyer will do is advise you to check it's authentic anyway.