Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: phranque
You have to follow your own concious .. do you know what they are looking for? is it clearly someone up to Illegal activities..? Dont stick your next out for the crimininals...they certainly wouldnt for you
I don't see how the email can be real. If this was a serious investigation, wouldn't they have CALLED you or gone to your home or place of work as a means of first contact? Something is fishy about getting an EMAIL...
2. Don't destroy anything at all - and make an extra backup just in case. You don't want to go to jail yourself for destroying evidence, even if it happens inadvertently.
3. If you are unsure of anything, consult a lawyer.
4. Before giving out any confidential information at all, make sure you have a court order, in writing, delivered to your door.
5. Confirm everything in writing - not email, real paper sent by courier with a signature on receipt. Electronic communications are not the right medium for this.
For a simple request, try to be cooperative, especially if you are given a good reason. Definitely definitely don't destroy a darn thing or tell them to go f--- themselves.
However, also don't give a carte blanche. A law enforcement agency that will go unnamed asked me for my entire customer database. I politely refused and said that if they have particular types of transaction they were looking for, I could be on the lookout. As a result, I have forwarded two or three transactions that fit the criteria and met a very legitimate law enforcement need.
However, if you DON'T cooperate with them, all you're doing is angering them and putting yourself in the middle of something that you shouldn't be in the middle of.
Second, destruction of evidence could be a separate crime. (Obstruction of Justice, etc.)
Third, consult with a lawyer. There may be competing laws. For instance, in the USA, generally you will need a subpoena or a warrant in criminal situations. Tell them, if legit, that you will preserve the info (if it's your server to control). If the alleged villian is hip to the fed on his trail he may employ hackers to attack the server, so external backups a must. All depends.
You really need to run this by 1) an attorney in your county; and, 2) possibly an attorney in the State where the website is hosted. There may be conflicts of law about disclosure. You could have 3 jurisdictions or more involved: Yours, as owner/operator, the posters jurisdiction and the good old USA as host to the server and website. You may even have an obligation to notify the alleged offender so he may retain counsel to defend or assert his/her rights, such as free speech or confidentiality rights, which you may or may not lawfully surrender in some circumstances. A lot may depend on exactly what was said, such as making threats or disclosing someone else's priviledged info or trade secrets.
Ahhhhh, the pleasures of global enterprise.
Webwork, Webmaster and Attorney at Law (my other job)
OBTW - this isn't legal advice, just a general list of concerns, and no, I doubt I'm positioned to help and I'm NOT soliciting further inquiries. Good-luck.
If you are not required by law, then ask some questions about why they need the information. If it sounds like a bona fide reason to you then help them out. If you don't agree with them, don't give them the info. If they won't tell you why they need it (at least in general terms) then I'd withhold telling them anything.
If you are required by law to provide them with information, then give it to them.
If you are not required by law, then ask some questions about why they need the information.
If you are not required by law to divulge private information, tell them you will only cooperate if the courts tell you to... that's the proper legal route for these things isn't it? If you do give them anything, without the legal need to, post a big notice on your site that says, "WE FORWARD ALL INFORMATION ON OUR CLIENTS TO THE FBI/(Gestapo/whoever)".
Consider this: You post some message at some forum. Somebody (let's just pretend that it really is the FBI, for arguments sake) approaches the owner of that forum and asks for information that is not publicly available about your post.
In this case, would you, as poster, prefer:
A) That the owner just handed out this information "as a favour", or
B) that the people wanting that information had to present their claim to a court first in order to get a judgement of the validity of their claim (eg. a subpoena or a denial)?
Remember, in this case, that even though we pretend that it's really the FBI, and they're really doing some kind of investigation, that particular investigation might not concern you at all, and an investigation does not automatically imply that you have ever done anything wrong, whatsoever.
Now, as a perfectly innocent person (you are, until otherwise proved guilty of something)...
A) would you like that forum owner to just hand out your personal non-publicly available information, because he thinks he's doing somebody (perhaps the FBI) a favour, or
B) would you say "if the courts deem it necessary, then of course, he has to - but he has to see physical evidence that this need is really substantial first, eg. a subpoena"
Think about it...
These are not, repeat not, legal requests, delivered through the legal process of court orders, but are almost all just fishing expeditions. A very serious problem in terms of freedom of expression and just plain freedom in general.
Hopefully this will change soon, but there's no guarantee currently.
Any law enforcement agency would have simply shown up and secured access to the computer that contained the data. They definately would not have emailed you.
The bottom line is we don't know what a law enforcement agency would do. They could send a carrier pigeon to your house and hold you legally responsible for the contents of the message, for all we know (the CIA might have one on ice somewhere, you never know). So contact the organization (encyclos advice not to use the number in the email is smart) and confirm/disprove the validity of the email.
And for god's sake, don't destroy any evidence. That's just the stupidest peice of advice I've ever heard...
>> And for god's sake, don't destroy any evidence. That's just the stupidest peice of advice I've ever heard...
I would normally agree with you on this BUT what's right in one country would not necessarily be right in another. There is one country where I would definitely trash the evidence if it meant avoiding being dragged into litigation. Particularly if the litigation would incarcerate me for 10 years but the destruction of evidence attracts a slap on the wrist.
...Not that I would intentionally do anything that attracts a 10 year jail sentence.
If it's a European country, I'm assuming it's a more legit request than,
But speaking to a lawyer can't be a bad move.
[edited by: Macro at 12:58 pm (utc) on Sep. 27, 2004]
Sometimes if you ask for a subponea or a warrant you might get some other goverment agency asking from more detailaied documents from you.(I believe in the states it is called the IRS). This was not mentioned directly but suggested, I could have been getting paranaoid as well. Trying too much to read bettween the lines (words in this case).
This happened in a so called first world country.
So from my experience :
1. Check the request is legit.
2. Co-operate like it was St peter asking for the information.
3. Witholding information will get you now where! (I am not saying that one should give all his databases)
4. Keep your mouth shut about the whole issue.
Bye for now
back to my desk coding in perl ...
Yes, avoid collaboration with evil dictatorships.
But legitimate requests need NOT be accompanied by the threat of legal consequences for you to cooperate in full. It does not take an expert in human relations to realize that telling a law enforcement agent with a very legitimate request to go f&%# themselves unless they have a legal warrant is simply a way to get yourself in deeper trouble.
Yes, if you have suspicions about the legitimacy, seek a lawyer. No, don't give anything over carte blanche. And no, don't help out Sudan or Iran in their quest for personal information about average citizens.
Otherwise, if you get a legit law enforcement request, treat the person on the other end as if they were a human being (they are one) and try to anticipate what their reaction will be if you tell them to go jump off a pier or if, say, you say you are happy to cooperate in a legitimate fashion.
And no, don't help out Sudan or Iran in their quest for personal information about average citizens
Ah, but the FBI et al are the good guys, eh? Thanks to America and its "Patriot Act", you can't trust first world governments anymore, either, (not that you ever could, really... does McCarthy ring a bell?)
For any civilized country, this is indeed the only right thing to do - it does not take an expert in neither human rights nor law to realize that. I would advice to use a more, say, polite language though.
There is simply no way any individual can judge if a claim against another is legitimate or not, as that is legal matter and hence should be judged in the legal system, ie. by a court and/or judge.
Any request like that has to be proven legitimate for it to become so. Otherwise - that is, in any other case - it is not a legitimate request.
treat the person on the other end as if they were a human being (they are one)
According to a certain hit TV show (now defunct), at least SOME of those 'people' are, in fact, alien hybrids, although if you let on that you know this they are forced to place you and your family in a glass jar beneath the arctic ice caps, so it's probably better to treat them like 'people,' too. ;)
On Wednesday, U.S. District Judge Victor Marrero ruled that surveillance powers granted to the FBI under the Patriot Act, a cornerstone of the U.S. war on terror, were unconstitutional.
In the first decision against a surveillance portion of the act, Marrero ruled for the American Civil Liberties Union in its challenge against what it called "unchecked power" by the FBI to demand secret customer records from communication companies, such as Internet service providers or telephone companies.