Our FBI has caused their own version of a “force majeure” event. According to The New York Times, the Federal Bureau of Investigation seized “3 enclosures” of equipment while actively investigating activities that were believed to be related to the LulzSec group. The seizure took down not only servers that were under investigation, but also affected sites that offer services like InstaPaper and PinBoard.
First and foremost, the FBI needs to understand what they are seizing. If this is a rack of physical equipment, understanding the co-location relationship is a must. I envision an enclosure of equipment to be a “rack”. When the FBI is seizing equipment from a “colo” provider, they must look at the evidence to be seized on an equipment by equipment basis. A rack or enclosure is NOT a piece of equipment, but an enclosure of several pieces of equipment. Evidentiary seizure must be handled differently in shared environment than when seizing equipment from a private property. I think the FBI probably failed here—unless.
Unless what? Think about the new challenges of virtualization and evidentiary seizure. How can anyone seize a physical machine without affecting the many other servers that are on the same hardware platform? Should the Bureau settle for an electronic image of the virtual server(s)? Maybe so, or maybe it should depend on the urgency on a case by case basis. The virtualization infrastructure should “heal” itself, unless too many physical servers are seized. Maybe the FBI should work with an on-site administrator, unless they are too close to the situation being investigated.
I certainly don’t have all of the answers and would like to hear other’s comments. I am not anti-cloud, but do believe that we must educate companies on the challenges and potential issues. We must understand and educate about how non-private cloud computing is different from the traditional arrangement of having privately owned equipment in one’s own datacenter. I’m not sure if virtualization added to the challenges in this particular seizure or not. I do believe that virtualization, while a great technology, will add a layer of complexity to physical seizures performed by law enforcement. By using public cloud technologies, our organizations may be sharing rack space or even physical servers with entities that they are unaware of. If they become a subject of investigation, it is possible that our processes and data can be exfiltrated from the “colo” facility and possibly render our services unuseable.