Man arrested in Indymedia animal extremism probe
original: Chris Williams | 09.02.2009 15:06 | Indymedia Server Seizure | Animal Liberation | Indymedia | Repression | Sheffield
Police act on web comment including judge's details
A man has been arrested in connection with comments posted to the activist news site Indymedia.
The postings on January 21 included the personal details of a prominent High Court judge who had earlier that day handed down prison sentences in a landmark animal testing extremism trial.
A spokeswoman for Kent Police said the arrest was made this morning in Sheffield. No further details about the man, who has not been charged, were released. His arrest follows Kent Police's seizure of an Indymedia server in Manchester on January 22.
The two user comments that prompted the investigation were posted on Indymedia in response to a story about the jail sentences given to members of Stop Huntingdon Animal Cruelty (SHAC). Mr Justice Neil Butterfield handed down sentences of between four and 11 years for blackmail to three women and four men after they were convicted of harassing people and companies connected to Huntingdon Life Sciences (HLS).
Kent Police carried out the SHAC investigation, led by Detective Chief Inspector Andy Robbins. The receipt left with the Manchester colocation firm hosting Indymedia's server said he had instigated the seizure.
The first comment, entitled "Mr No Justice Butterfield", said: "Or plain old Neil Butterfield when you strip away his wig, gown and pompous titles. You might want to let this friend of HLS know exactly what you think about him. Just don't mention his son Sam who was killed in a taxi crash in India last year."
Sam Butterfield died on his honeymoon in January 2008. The post went on to give Mr Justice Butterfield's personal details, which were deleted by Indymedia administrators in line with the site's privacy policy.
A second commenter however reposted the information hours later on 21 January, writing: "Butterfield's details were posted on Indymedia but removed. Not before I had a chance to write them down though :-)." Indymedia administrators again removed the personal details.
The site was contacted by Kent Police on the morning of 22 January requesting that information about the posters be retained. Indymedia responded that it had configured its Apache server software not to log IP addresses in order to protect its users' privacy.
An Indymedia spokesman declined to immediately comment on today's development. Kent Police said the investigation was ongoing.
In 2004 Indymedia servers were seized as part of an FBI investigation into violent protests at G8 meetings.
original: Chris Williams
Homepage:
http://www.theregister.co.uk/2009/02/09/indymedia_shac_arrest/
Comments
Hide the following 31 comments
hmm...
09.02.2009 16:04
ARA
To Dave
09.02.2009 18:25
ARA
no they'r not
09.02.2009 18:54
cpp
dont know
09.02.2009 18:59
But i can't understand how they could trace the person without such a log file.
dave
a smoke screen?
09.02.2009 19:37
either the logs exist or they dont. if they dont then this is a smokescreen.
not me
TELL US THE TRUTH PLEASE INDYMEDIA
09.02.2009 19:42
dAn
excuse to raid
09.02.2009 20:54
The clue is in the statement: "No further details about the man, who has not been charged, were released." If he had posted the comment, why not charge the individual? No evidence.
The animal liberation movement is more than used to this by now!! They fail to catch any underground activists so instead attack the aboveground hoping to 'stumble' across them, in return successfully repressing law-abiding citizens. Green scare ring any bells? I hope so.
http://greenscare.org http://en.wikipedia.org/wiki/Green_Scare
I imagine some IMC admins and users are still confused though, time to wake up! They've been raiding above-ground animal liberationists to investigate under-ground/illegal actions for decades. This is the same, but instead of being based on a liberation, sabotage or arson, its based on an "illegal" comment on Indymedia. All other social movements are next.
---
Repression is nearly always a two in one business, hense why the IMC server hasn't been returned to financially/mentally drain Indymedia, furthermore building barriers between the media centre and the animal liberation movement. Bridges that only recently have been properly established, that's even three in one repression.
For example, the cops don't need the server, but they like frustrating admins/volunteers into thinking its being used to investigate shactivists, despite knowing there's absoloutely nothing to investigate into, as its just a mirror serve. It's a BIG fucking joke, get it?
https://www.indymedia.org.uk/en/2009/01/419838.html
Think about it; the most repressed campaign in the country, the most repressed media centre in the country - the state clearly want to keep both entities apart, at least for as long as possible! Animal liberation on indymedia clearly threatens the state in a new and terrifying way, which is great to hear, despite the repercussions of such aliments. Reminds me of the new wave of repression thay followed the ALF & ELF cooperation that developed in America.
http://en.wikipedia.org/wiki/Earth_Liberation_Front#Cooperation_with_the_ALF
Furthermore, not sure why this is on the promoted newswire, as SHAC activists were not convicted of harassing people and companies, but of "conspiring" to do so with unknown persons. I think it's a bit silly to promote an article for its 95% twisted truth and 5% lies. Afterall, isn't this just a mainstream report on what is going on? Bit shameful in my opinion.
http://www.indymedia.org.uk/en/2009/01/419733.html
repression is not confsing!
If Indymedia does not log IPs, how can they arrest anyone?
09.02.2009 21:49
Maybe the pigs recovered deleted data from the server, whatever it is, Indymedia should be making it clear that anything you post here can be traced back to you!
Do not give people false sense of security, which is what happens when it is declared that no IP logs are kept, people can easily use a proxy for posting at Indymedia.
Frank
Homepage: http://www.privacylover.com
Please use your brains.
09.02.2009 22:02
imc
The police can trace your IP without going to Indymedia....
09.02.2009 22:36
Mandy in Camden
@laura norder
09.02.2009 23:06
ted
reply to 'laura norder'
09.02.2009 23:09
I know that saying that will get my comment hidden by the occasionally vigilant and much maligned indymedia admin but it needed saying.
You are a fool because you fail to comprehend that indymedia admins hid the comments containing the address of the judge (twice) which may or may not have been posted by 'extremist' animal rights people.
You are a liar because you say indymedia promoted reports inciting racial hatred in whitechapel.
And you are blind because only a few days ago there was an indymedia post covering the 'defection' to the BNP of somebody involved in animal rights campaigning (among over thing) https://publish.indymedia.org.uk/en/2009/02/421360.html
So, basically, pisss off troll
!
Please use your brains.
09.02.2009 23:25
imc
Re : Laura Norder [who ISN'T Lauren Order]
09.02.2009 23:26
At least have the bollocks to put your own name on here.....instead of pretending to be Lauren.
Mandy in Camden
I'm a lumberjack and I'm okay
09.02.2009 23:47
Here are a few scenarios that could explain why the individual was caught:
1. The individual was already known to the the police and a surveillance order was already in place to to watch their account, and they were silly enough to use their own account.
2. The individual was already known to the police and they used a public access terminal in a place with CCTV.
3. The security services reverse engineered the originating IP address from IMC's ISP's own logs.
4. The security services already have their own court mandated tracing interception in place for IMC UK.
5. The poster got grassed up by someone close to them or confided in an insecure manner to trustworthy people.
6. A fishing expedition into the major UK ISPs' logs paid off.
7. The whole thing was just a ruse to invented by the police/NECTU/MI5 just to flex their muscles.
The Internet is about as anonymous as turning up in your local pub with a fake beard on. But you'd be amazed at the amount of technically competent people who are surprised that a well resourced place like GCHQ or MI5's own facility could ever catch anyone... and if they had their hands tied, I'm sure there are other outsourced alternatives to coming by information.
Assume that nothing you do on the Internet is anonymous, safe or beyond the reach of the law, and you may just avoid the above.
Flighty
The arrest is just for the cops to cover their tracks...
09.02.2009 23:54
The police raided, and took the server, costing Indy money and disruption, something they also want. Then they arrest someone, who is released WITHOUT CHARGE. Now the police have got this mystical and it seems, totally wrong "information", from a server that we are told is not only encrypted but also does NOT log IPs. So basically they have got information from a source which is just a jumble of 0s and 1s, a source that does not log personal info and that they don't even have access to. Everyone has immediately forgotten that the suspicions over the police posting the original info because of the arrest; however they really can't charge anyone if they really didn't do it, and this person has been released.
Given the opportunity, the police will arrest AR activists with any exuse. So this is the perfect excuse, to cover the fact that it was them that have posted the information in the first place. Who do we trust more, Indy or the police?
I think I know who is the more trusted side..
Pixie
Sounds way too complex
10.02.2009 00:02
dave
stop the paranoia,
10.02.2009 00:15
Oh, and read a little about how encrypted websites work as well before spouting off here about fanciful 'what ifs'
the police are out to get you
Homepage: http://www.indymedia.org.uk/en/static/security.html
SHAC/affiliates being repressed?
10.02.2009 00:43
only makes us stronger!
now there's a suprise
GCHQ/CIA?
10.02.2009 10:43
I expect that there is an intercept on Indymedia.
Don't they look for certain "key" words anyway?
Spooky
2 IP Daily
10.02.2009 15:38
If a person has full admin rights on any server then they can identify an IP address of an incoming TCP/IP packet. That is not necessarily identifiable information but it is indicative. It is necessary information in troubleshooting and defending against hacking and there is no way to avoid it. The IM promise of no logging I would take to mean that all logs that link an IP to a post are turned off by default and never saved.
I've been repeatedly grassed up to the police about IM posts by someone I know with admin rights in IMC Scotland but I still have no concerns of Indymedia logging. I wish they had a better 'internal security' procedure for dealing with cases like that though. If anyone posts anything incriminating then post it via Tor, or from an anonymous IP, problem solved.
2 IM
I tried to post on this last night after dAn but the publishing hung, so I posted on El Reg saying it was best to wait until IMC had made a statement. The imc comments here seem to be the most they can say at this point, presumably for legal reasons as they never gave a statement to The Register. I am not a IMCIsta so this is just speculation from the article, a previous thread and imc's comments here.
This isn't about surveillance or network interception, except in terms of the posts here being read by or reported to state agents.
The police took this server in response to a post.
They did this either in the hope that it would reveal the posters identity, in which case they don't know much about PCs or Indymedia logs and mirrors.
Or they did this knowing it would reveal nothing but as a punishment to please a judge, knowing it would disrupt Indymedia and perhaps intimidate them.
The server was encrypted so they couldn't read it without a key.
The person arrested was the owner of the computer, who would've been threatened with serious prison time under RIPA unless they revealed the key.
The owner almost certainly didn't know the key, I've never worked anywhere where the owner even knew there was a key.
So far the police have nothing, and Indymedia have done nothing wrong. I do wonder what is happening now though but it's maybe best for IM not to talk about it while under duress unless they need support or advice.
Speaking as someone who has posted self-incriminating stuff in the past I wouldn't feel let down if you gave them the key. The alleged offence, identifying a judge, isn't that serious, and if you are confident there is no log or means to identify posters then there would be no harm in releasing a key. You should make the police work from mirrored drives even if you cooperate, it is a clear infringement of free speech to have so much kit impounded from any independent media outlet for more than a day or two.
It would be good to see the RIP act challenged sometime, but there is a greater risk than just an innocent person going to prison. So far this scenario is similar to how the original Sunday Herald forum was closed down in a 'dirty-trick'. A new poster posted an allegation about Lord Roberston being linked to the Dunblane Massacre through child abuse. The post was removed, but the paper was sued by Robertson, the then NATO chief, and the forum was closed.
I don't think that is the case here but you should bear it in mind.
Danny
A few presumptions there...
10.02.2009 15:45
xxxx
@xxxx
10.02.2009 16:10
This is the equivalent of getting done for supporting terrorism because someone spraypaited 'IRA' on your wall, after you had painted over it.
Any website where anyone can leave comments is the equivalent of nailing a 'message board' to one of your outside walls.
Anyone can come along and put up a message.
If you see a message that is illegal or immoral then you'll remove it.
Some people put up CCTV cameras to monitor their message boards for damage.
The police invented RIPA, which means that CCTV footage has to be handed over.
Indymedia don't keep CCTV footage even though the cameras are built-in.
Danny
Homepage: http://www.theregister.co.uk/2008/10/14/ripa_self_incrimination_ruling/
Lets say it one more time.
10.02.2009 16:54
INDYMEDIA DOES NOT KEEP IP LOGS!!!
So why the reference to IP logs in the mailing list? Well, while IP data is not stored, admins are able to view the IP address of incoming publish requests and do this sometimes to act against persistent spammers and disinformation trolls. That info is held temporarily in memory and is lost when overwritten by subsequent data or when the feature or the server itself is switched off. I'll probably be raked over the coals now for revealing this big secret but it's not a secret really and you can read all about it in the documentation for the MIR code base if you are vaguely interested.
So, from the horses mouth - "Indymedia has in the past attracted the attention of authorities, that have occasionally tried to request logs of whom is accessing the web site and have in one occasion seized without any explanation our server. We believe in the right to anonymous political speech and therefore we do not keep logs that could provide any such information." - https://publish.indymedia.org.uk/en/static/security.html
ben (ex admin)
"owner" of the server
10.02.2009 18:32
The person arrested is not an animal rights activist either.
The only connection between the server seized and the arrest is a name on a contract.
Posting something self-incriminating on indymedia uk is not too different from writing it on a piece of paper. If you're paranoid about being caught for something you're writing, do not write it. If you still want to write it and are still paranoid, use an internet cafe, pay cash and use a proxy.
But please do not spread your paranoia. We'll think you're a troll :p
one of imc
"owner" of the statement
10.02.2009 19:53
"The only connection between the server seized and the arrest is a name on a contract."
A mispresumption of mine, the only information I had to go on was "I won't repeat myself by pointing out the obvious but you can figure it out yourself from the fact that the police have a computer server with completely encrypted drives and all they know is who the server belongs to." - imc
So it's the person who signed the contract with the ISP. I won't ask anymore about that as you have good reasons not to talk publically yet, but you should've released a statement as soon as the Register article was reposted to quell the wilder talk.
"But please do not spread your paranoia. We'll think you're a troll"
What have I said that was paranoid? Ben is simply confirming what I assumed years ago, what anyone who is technical realises. I always said a techie IMCista could see your IP, but I don't anonymise as I see that inevitable and would anonymise if I was posting at risk. The only new information in Ben's post is that all IM admins can see easily incoming IPs, presumably in the cms, but I personally assumed that anyway as the admin who is grassing me up isn't technical.
Danny
It was the butler what did it
10.02.2009 20:16
http://www.theregister.co.uk/2009/02/10/indymedia/
http://www.theregister.co.uk/2009/02/10/indymedia/comments/
A Sheffield man has been released on police bail after being questioned in connection with comments posted to the activist news website Indymedia, which included the personal details of a prominent High Court judge.
The man, in his 40s and thought to work as a systems administrator, was arrested on Monday and questioned for about eight hours. He has been bailed without charge to appear at a police station in May. His home was searched and computer equipment and paperwork seized.
The comments at the centre of the investigation were critical of Mr Justice Neil Butterfield for the landmark blackmail sentences he handed down to seven animal rights extremists last month. One posting encouraged other Indymedia users to use the personal information to contact Butterfield and "to let this friend of [animal testing firm Huntingdon Life Sciences] know exactly what you think about him".
Indymedia administrators deleted the personal information soon after it was posted, but they were contacted by Kent Police the following day requesting the IP addresses of the posters. The Kent force carried out the original investigation that resulted in the blackmail sentences handed down by Butterfield.
Indymedia told Kent Police it does not record IP addresses. The same day the force seized a server belonging to Indymedia and hosted at Manchester-based colocation provider UK Grid.
The Register understands that the man arrested was not responsible for either of the comments and is not an Indymedia activist or administrator. Rather the server was hosted by UK Grid under a contract in his name, along with several others on behalf of unrelated clients.
He was arrested under sections 44-46 of the Serious Crime Act 2007, which came into force on October 1 last year. The relevant sections criminalise "intentionally encouraging or assisting an offence", "encouraging or assisting an offence believing it will be committed" and "encouraging or assisting offences believing one or more will be committed".
A spokeswoman for Kent Police confirmed the man was arrested on "suspicion of incitement" under the Serious Crime Act.
Indymedia has a long-standing policy of not retaining IP address logs to preserve anonymity, and the hard drive of the server taken from UK Grid was encrypted, as were the drives taken from the man's home. It's understood police did not use Regulation of Investigatory Powers Act (RIPA) powers to demand he turn over any encryption keys.
Refusing to provide encryption keys is an offence under section 49 of RIPA and carries a prison sentence of up to five years.
Danny
a few responses to other posters
11.02.2009 00:14
Indymedia uses an encrypted connection between your browser and the webserver - that's why the address starts with "https" instead of "http" - the "s" stands for "secure".
This means that anyone like GCHQ intercepting the traffic will just see garbage data.
The only way they could do it would be to hijack the traffic with a so-called "Man in The Middle" attack, but that isn't easy and your browser would complain that something is wrong.
ben: "INDYMEDIA DOES NOT KEEP IP LOGS!!!"
Well, I trust you, but others may not. And the point is we should never rely on another person as a single point of failure in the chain protecting our privacy/anonymity. If Indymedia is seen to be a threat, the state will come down hard, they will pressurise people to snitch, or put in their own infiltrators to gain positions of responsibility within Indymedia so they can put in backdoors.
The solution is to use decentralised methods for your anonymity, such as Tor ( http://torproject.org).
Maybe it would be better if Indymedia DID log all IP addresses, displayed your IP address when you visit, and published the logs openly. Then people wouldn't get lulled into a false sense of security, and would know to use things like Tor if that was necessary.
Danny: "...the admin who is grassing me up isn't technical."
In what way is someone grassing you up? Just removing your news items, or something more like reporting you to the police? Do you have proof of this, or is it just conjecture?
anon
Acting like idiots
11.02.2009 11:22
There are obvious security implications of connecting and posting to an online platform like indymedia and anyone with any brains at all regardless of their computer knowledge would know that they have to place their trust in the server admins. They'd also know that they CANT afford to place they trust in the server admins especially on a system where those admins are merely self selected volunteers who have joined open collectives around the country. Therefore, anyone posting incriminating information would do so via a safe location with do direct connect to themselves such an internet cafe or open wireless hotspot, or route their connection through anonymising services.
The protection offered by indymedia, https secure connections and no ip data retention are only to be trusted as far as you would trust a random stranger (the indymedia admin volunteers) with your future liberty. Those security features are essential features but of little use by themselves.
None of this is new. There has been no sudden change which should make people not trust indymedia and no reason for indymedia admins go into censorshop overdrive in their misguided damage control fit.
please stop the paranoia
Even worse than being 'hidden'!
11.02.2009 12:42
t's someone I know reporting me to the police via Crimestoppers for arson and terrorism. I have such overwhelming evidence that I doubt he would deny it, he wasn't hiding his identity and included an email from me to him in his grassing plus other 'non-internet' stuff. The police wouldn't give me a written copy of the allegations after FOI and DP requests but they did confirm the seriousness of the allegations in writing. The allegations were aimed at having the cops raid my parents house, which they did eventually so my parents were questioned about the same IM posts too, so you could ask them. If anyone doubts this I am also willing to take them to the cops as a witness where I'll change my original statement - I'd rather go to jail as the last raid hospitalised my dad. I don't blame Indymedia, this sort of abuse can't really be stopped in advance by a collective or any sort of organisation, but if I had reported this to a corporation then they would have investigated and taken appropriate action.
Danny
Solidarity
12.02.2009 20:57
anon