Skip to content or view screen version

Man arrested in Indymedia animal extremism probe

original: Chris Williams | 09.02.2009 15:06 | Indymedia Server Seizure | Animal Liberation | Indymedia | Repression | Sheffield

Police act on web comment including judge's details

A man has been arrested in connection with comments posted to the activist news site Indymedia.


The postings on January 21 included the personal details of a prominent High Court judge who had earlier that day handed down prison sentences in a landmark animal testing extremism trial.

A spokeswoman for Kent Police said the arrest was made this morning in Sheffield. No further details about the man, who has not been charged, were released. His arrest follows Kent Police's seizure of an Indymedia server in Manchester on January 22.

The two user comments that prompted the investigation were posted on Indymedia in response to a story about the jail sentences given to members of Stop Huntingdon Animal Cruelty (SHAC). Mr Justice Neil Butterfield handed down sentences of between four and 11 years for blackmail to three women and four men after they were convicted of harassing people and companies connected to Huntingdon Life Sciences (HLS).

Kent Police carried out the SHAC investigation, led by Detective Chief Inspector Andy Robbins. The receipt left with the Manchester colocation firm hosting Indymedia's server said he had instigated the seizure.

The first comment, entitled "Mr No Justice Butterfield", said: "Or plain old Neil Butterfield when you strip away his wig, gown and pompous titles. You might want to let this friend of HLS know exactly what you think about him. Just don't mention his son Sam who was killed in a taxi crash in India last year."

Sam Butterfield died on his honeymoon in January 2008. The post went on to give Mr Justice Butterfield's personal details, which were deleted by Indymedia administrators in line with the site's privacy policy.

A second commenter however reposted the information hours later on 21 January, writing: "Butterfield's details were posted on Indymedia but removed. Not before I had a chance to write them down though :-)." Indymedia administrators again removed the personal details.

The site was contacted by Kent Police on the morning of 22 January requesting that information about the posters be retained. Indymedia responded that it had configured its Apache server software not to log IP addresses in order to protect its users' privacy.

An Indymedia spokesman declined to immediately comment on today's development. Kent Police said the investigation was ongoing.

In 2004 Indymedia servers were seized as part of an FBI investigation into violent protests at G8 meetings.

original: Chris Williams
- Homepage: http://www.theregister.co.uk/2009/02/09/indymedia_shac_arrest/

Comments

Hide the following 31 comments

hmm...

09.02.2009 16:04

Maybe IP are logged?

ARA


To Dave

09.02.2009 18:25

Then why do Indy claim not to?

ARA


no they'r not

09.02.2009 18:54

to ban an ip u don't need to log 'em, wake up guys, this is a firm point on which indymedia stands

cpp


dont know

09.02.2009 18:59

I'm really don't know. I would more than welcome to be corrected if I'm wrong.
But i can't understand how they could trace the person without such a log file.

dave


a smoke screen?

09.02.2009 19:37

a smoke screen would hide the real source of the information that got someone arrested and scare people into not posting or even looking at indimedia??

either the logs exist or they dont. if they dont then this is a smokescreen.

not me


TELL US THE TRUTH PLEASE INDYMEDIA

09.02.2009 19:42

Come on indymedia its quite important that you tell us the truth now lot's of people could be done for incitement or conspiracy for articles on these channels

dAn


excuse to raid

09.02.2009 20:54

The police are clearly using the "comment witchunt" to start raiding and arresting activists. This is overtly obvious as IMC doesn't log IPs. This investigation wasn't done based on any evidence, but based upon assumption and tactical repression, "who might of done it? who do we want to repress?".

The clue is in the statement: "No further details about the man, who has not been charged, were released." If he had posted the comment, why not charge the individual? No evidence.

The animal liberation movement is more than used to this by now!! They fail to catch any underground activists so instead attack the aboveground hoping to 'stumble' across them, in return successfully repressing law-abiding citizens. Green scare ring any bells? I hope so.

 http://greenscare.org  http://en.wikipedia.org/wiki/Green_Scare

I imagine some IMC admins and users are still confused though, time to wake up! They've been raiding above-ground animal liberationists to investigate under-ground/illegal actions for decades. This is the same, but instead of being based on a liberation, sabotage or arson, its based on an "illegal" comment on Indymedia. All other social movements are next.

---

Repression is nearly always a two in one business, hense why the IMC server hasn't been returned to financially/mentally drain Indymedia, furthermore building barriers between the media centre and the animal liberation movement. Bridges that only recently have been properly established, that's even three in one repression.

For example, the cops don't need the server, but they like frustrating admins/volunteers into thinking its being used to investigate shactivists, despite knowing there's absoloutely nothing to investigate into, as its just a mirror serve. It's a BIG fucking joke, get it?

 https://www.indymedia.org.uk/en/2009/01/419838.html

Think about it; the most repressed campaign in the country, the most repressed media centre in the country - the state clearly want to keep both entities apart, at least for as long as possible! Animal liberation on indymedia clearly threatens the state in a new and terrifying way, which is great to hear, despite the repercussions of such aliments. Reminds me of the new wave of repression thay followed the ALF & ELF cooperation that developed in America.

 http://en.wikipedia.org/wiki/Earth_Liberation_Front#Cooperation_with_the_ALF

Furthermore, not sure why this is on the promoted newswire, as SHAC activists were not convicted of harassing people and companies, but of "conspiring" to do so with unknown persons. I think it's a bit silly to promote an article for its 95% twisted truth and 5% lies. Afterall, isn't this just a mainstream report on what is going on? Bit shameful in my opinion.

 http://www.indymedia.org.uk/en/2009/01/419733.html

repression is not confsing!


If Indymedia does not log IPs, how can they arrest anyone?

09.02.2009 21:49

There is something wrong here, either Indy logs IP or it doesnt, something it is obviously not working.

Maybe the pigs recovered deleted data from the server, whatever it is, Indymedia should be making it clear that anything you post here can be traced back to you!

Do not give people false sense of security, which is what happens when it is declared that no IP logs are kept, people can easily use a proxy for posting at Indymedia.

Frank
- Homepage: http://www.privacylover.com


Please use your brains.

09.02.2009 22:02

Indymedia do not store IP data, simple as that.

imc


The police can trace your IP without going to Indymedia....

09.02.2009 22:36

While I'm not the best techie... I do KNOW that anything and anad everything done from a computer can be traced by the police and other people REMOTELY.....they don't need to to ask Indymedia anything. So please don't blame Indymedia for this.

Mandy in Camden


@laura norder

09.02.2009 23:06

Bravo. well said. People who spread terror should be punished.

ted


reply to 'laura norder'

09.02.2009 23:09

laura, you are a fool, a liar and blind

I know that saying that will get my comment hidden by the occasionally vigilant and much maligned indymedia admin but it needed saying.

You are a fool because you fail to comprehend that indymedia admins hid the comments containing the address of the judge (twice) which may or may not have been posted by 'extremist' animal rights people.

You are a liar because you say indymedia promoted reports inciting racial hatred in whitechapel.

And you are blind because only a few days ago there was an indymedia post covering the 'defection' to the BNP of somebody involved in animal rights campaigning (among over thing)  https://publish.indymedia.org.uk/en/2009/02/421360.html

So, basically, pisss off troll

!


Please use your brains.

09.02.2009 23:25

For some reason somebody has edited my post in which I pointed out that the police didn't arrest the person who posted the offending comment on the server. I won't repeat myself by pointing out the obvious but you can figure it out yourself from the fact that the police have a computer server with completely encrypted drives and all they know is who the server belongs to.

imc


Re : Laura Norder [who ISN'T Lauren Order]

09.02.2009 23:26

Whoever this is a troll pretending to be Lauren Order who would never ever write this and who I know personally.
At least have the bollocks to put your own name on here.....instead of pretending to be Lauren.

Mandy in Camden


I'm a lumberjack and I'm okay

09.02.2009 23:47

The fact that IMC doesn't log IP doesn't mean that every routing hop between the poster and the IMC server are invisible to the police/security services.

Here are a few scenarios that could explain why the individual was caught:

1. The individual was already known to the the police and a surveillance order was already in place to to watch their account, and they were silly enough to use their own account.

2. The individual was already known to the police and they used a public access terminal in a place with CCTV.

3. The security services reverse engineered the originating IP address from IMC's ISP's own logs.

4. The security services already have their own court mandated tracing interception in place for IMC UK.

5. The poster got grassed up by someone close to them or confided in an insecure manner to trustworthy people.

6. A fishing expedition into the major UK ISPs' logs paid off.

7. The whole thing was just a ruse to invented by the police/NECTU/MI5 just to flex their muscles.

The Internet is about as anonymous as turning up in your local pub with a fake beard on. But you'd be amazed at the amount of technically competent people who are surprised that a well resourced place like GCHQ or MI5's own facility could ever catch anyone... and if they had their hands tied, I'm sure there are other outsourced alternatives to coming by information.

Assume that nothing you do on the Internet is anonymous, safe or beyond the reach of the law, and you may just avoid the above.

Flighty


The arrest is just for the cops to cover their tracks...

09.02.2009 23:54

Lets look at what's happened here. The details of the judge were published, and I think the suggestions that it was from the police themselves is very likely. Otherwise, where on earth have "AR" people got the information? As someone said on another thread, this guy could not be found just on google. The comment is bound to cause reperussions for the next SHAC trial. It is also a known fact that cops have posted on here, and are on here regularly.

The police raided, and took the server, costing Indy money and disruption, something they also want. Then they arrest someone, who is released WITHOUT CHARGE. Now the police have got this mystical and it seems, totally wrong "information", from a server that we are told is not only encrypted but also does NOT log IPs. So basically they have got information from a source which is just a jumble of 0s and 1s, a source that does not log personal info and that they don't even have access to. Everyone has immediately forgotten that the suspicions over the police posting the original info because of the arrest; however they really can't charge anyone if they really didn't do it, and this person has been released.

Given the opportunity, the police will arrest AR activists with any exuse. So this is the perfect excuse, to cover the fact that it was them that have posted the information in the first place. Who do we trust more, Indy or the police?

I think I know who is the more trusted side..

Pixie


Sounds way too complex

10.02.2009 00:02

More likely is that someone posted the address and the police wanted to find out who it was. IndyMedia said 'no ip log' etc. But, most criminals say will lie, so the police wanted to check for themselves rather than take Indymedia's word for it. Releasing without charge doesn't indicate the police got anything wrong - people are often arrested to obtain evidence, not to be charged with an offence.

dave


stop the paranoia,

10.02.2009 00:15

Why is everyone assuming that the arrest was connected to the poster of the judges address rather then the seizer of the encrypted server?

Oh, and read a little about how encrypted websites work as well before spouting off here about fanciful 'what ifs'


the police are out to get you
- Homepage: http://www.indymedia.org.uk/en/static/security.html


SHAC/affiliates being repressed?

10.02.2009 00:43

only makes us stronger!
only makes us stronger!

 http://www.shac.net

now there's a suprise


GCHQ/CIA?

10.02.2009 10:43

I always thought that the government lackeys in GCHQ were able to trace communications via E-Mail, mobile phone and fax irrespective of location and exact details.

I expect that there is an intercept on Indymedia.

Don't they look for certain "key" words anyway?

Spooky


2 IP Daily

10.02.2009 15:38

That could be refering to a log of admins, don't jumpt to conclusions. You can understand why admins might need to be logged can't you? Or it could refer to the actual logging facilities that are built in to every OS and most software as the complaint seems to be about it being turned on from off. As long as the log was deleted properly then it won't leave a trace for the cops, especially

If a person has full admin rights on any server then they can identify an IP address of an incoming TCP/IP packet. That is not necessarily identifiable information but it is indicative. It is necessary information in troubleshooting and defending against hacking and there is no way to avoid it. The IM promise of no logging I would take to mean that all logs that link an IP to a post are turned off by default and never saved.

I've been repeatedly grassed up to the police about IM posts by someone I know with admin rights in IMC Scotland but I still have no concerns of Indymedia logging. I wish they had a better 'internal security' procedure for dealing with cases like that though. If anyone posts anything incriminating then post it via Tor, or from an anonymous IP, problem solved.

2 IM

I tried to post on this last night after dAn but the publishing hung, so I posted on El Reg saying it was best to wait until IMC had made a statement. The imc comments here seem to be the most they can say at this point, presumably for legal reasons as they never gave a statement to The Register. I am not a IMCIsta so this is just speculation from the article, a previous thread and imc's comments here.

This isn't about surveillance or network interception, except in terms of the posts here being read by or reported to state agents.

The police took this server in response to a post.
They did this either in the hope that it would reveal the posters identity, in which case they don't know much about PCs or Indymedia logs and mirrors.
Or they did this knowing it would reveal nothing but as a punishment to please a judge, knowing it would disrupt Indymedia and perhaps intimidate them.

The server was encrypted so they couldn't read it without a key.
The person arrested was the owner of the computer, who would've been threatened with serious prison time under RIPA unless they revealed the key.
The owner almost certainly didn't know the key, I've never worked anywhere where the owner even knew there was a key.

So far the police have nothing, and Indymedia have done nothing wrong. I do wonder what is happening now though but it's maybe best for IM not to talk about it while under duress unless they need support or advice.

Speaking as someone who has posted self-incriminating stuff in the past I wouldn't feel let down if you gave them the key. The alleged offence, identifying a judge, isn't that serious, and if you are confident there is no log or means to identify posters then there would be no harm in releasing a key. You should make the police work from mirrored drives even if you cooperate, it is a clear infringement of free speech to have so much kit impounded from any independent media outlet for more than a day or two.

It would be good to see the RIP act challenged sometime, but there is a greater risk than just an innocent person going to prison. So far this scenario is similar to how the original Sunday Herald forum was closed down in a 'dirty-trick'. A new poster posted an allegation about Lord Roberston being linked to the Dunblane Massacre through child abuse. The post was removed, but the paper was sued by Robertson, the then NATO chief, and the forum was closed.
I don't think that is the case here but you should bear it in mind.

Danny


A few presumptions there...

10.02.2009 15:45

It sounds,by what you write, that loads of activists have been arrested by the police after they seized the indy servers, can you tell me when, as i can't remember any. Some indy bod said earlier on this thread that it was not an activist 'poster' that was arrested. But you seem to want to cause disruption and stir it up as if the indy people are doing something they are not - what is your motive.

xxxx


@xxxx

10.02.2009 16:10

I presume you were talking to IP Daily although I'm also making presumptions in my post. If I'm right though this is about RIPA.

This is the equivalent of getting done for supporting terrorism because someone spraypaited 'IRA' on your wall, after you had painted over it.

Any website where anyone can leave comments is the equivalent of nailing a 'message board' to one of your outside walls.
Anyone can come along and put up a message.
If you see a message that is illegal or immoral then you'll remove it.
Some people put up CCTV cameras to monitor their message boards for damage.
The police invented RIPA, which means that CCTV footage has to be handed over.
Indymedia don't keep CCTV footage even though the cameras are built-in.

Danny
- Homepage: http://www.theregister.co.uk/2008/10/14/ripa_self_incrimination_ruling/


Lets say it one more time.

10.02.2009 16:54

Since somebody has published my name here and quoted me from the imc-uk-moderation list and none of my fellow admins have seen fit to remove my name I feel it necessary to repeat yet again....

INDYMEDIA DOES NOT KEEP IP LOGS!!!

So why the reference to IP logs in the mailing list? Well, while IP data is not stored, admins are able to view the IP address of incoming publish requests and do this sometimes to act against persistent spammers and disinformation trolls. That info is held temporarily in memory and is lost when overwritten by subsequent data or when the feature or the server itself is switched off. I'll probably be raked over the coals now for revealing this big secret but it's not a secret really and you can read all about it in the documentation for the MIR code base if you are vaguely interested.

So, from the horses mouth - "Indymedia has in the past attracted the attention of authorities, that have occasionally tried to request logs of whom is accessing the web site and have in one occasion seized without any explanation our server. We believe in the right to anonymous political speech and therefore we do not keep logs that could provide any such information." -  https://publish.indymedia.org.uk/en/static/security.html



ben (ex admin)


"owner" of the server

10.02.2009 18:32

The person arrested is not the owner of the server and is not an admin of indymedia uk - or any other indymedia.

The person arrested is not an animal rights activist either.

The only connection between the server seized and the arrest is a name on a contract.

Posting something self-incriminating on indymedia uk is not too different from writing it on a piece of paper. If you're paranoid about being caught for something you're writing, do not write it. If you still want to write it and are still paranoid, use an internet cafe, pay cash and use a proxy.

But please do not spread your paranoia. We'll think you're a troll :p

one of imc


"owner" of the statement

10.02.2009 19:53

"owner" of the server. - one of imc
"The only connection between the server seized and the arrest is a name on a contract."

A mispresumption of mine, the only information I had to go on was "I won't repeat myself by pointing out the obvious but you can figure it out yourself from the fact that the police have a computer server with completely encrypted drives and all they know is who the server belongs to." - imc

So it's the person who signed the contract with the ISP. I won't ask anymore about that as you have good reasons not to talk publically yet, but you should've released a statement as soon as the Register article was reposted to quell the wilder talk.

"But please do not spread your paranoia. We'll think you're a troll"
What have I said that was paranoid? Ben is simply confirming what I assumed years ago, what anyone who is technical realises. I always said a techie IMCista could see your IP, but I don't anonymise as I see that inevitable and would anonymise if I was posting at risk. The only new information in Ben's post is that all IM admins can see easily incoming IPs, presumably in the cms, but I personally assumed that anyway as the admin who is grassing me up isn't technical.

Danny


It was the butler what did it

10.02.2009 20:16

There is a more up to date Register article, with notably better comments than the first article there.

 http://www.theregister.co.uk/2009/02/10/indymedia/
 http://www.theregister.co.uk/2009/02/10/indymedia/comments/

A Sheffield man has been released on police bail after being questioned in connection with comments posted to the activist news website Indymedia, which included the personal details of a prominent High Court judge.

The man, in his 40s and thought to work as a systems administrator, was arrested on Monday and questioned for about eight hours. He has been bailed without charge to appear at a police station in May. His home was searched and computer equipment and paperwork seized.

The comments at the centre of the investigation were critical of Mr Justice Neil Butterfield for the landmark blackmail sentences he handed down to seven animal rights extremists last month. One posting encouraged other Indymedia users to use the personal information to contact Butterfield and "to let this friend of [animal testing firm Huntingdon Life Sciences] know exactly what you think about him".

Indymedia administrators deleted the personal information soon after it was posted, but they were contacted by Kent Police the following day requesting the IP addresses of the posters. The Kent force carried out the original investigation that resulted in the blackmail sentences handed down by Butterfield.

Indymedia told Kent Police it does not record IP addresses. The same day the force seized a server belonging to Indymedia and hosted at Manchester-based colocation provider UK Grid.

The Register understands that the man arrested was not responsible for either of the comments and is not an Indymedia activist or administrator. Rather the server was hosted by UK Grid under a contract in his name, along with several others on behalf of unrelated clients.

He was arrested under sections 44-46 of the Serious Crime Act 2007, which came into force on October 1 last year. The relevant sections criminalise "intentionally encouraging or assisting an offence", "encouraging or assisting an offence believing it will be committed" and "encouraging or assisting offences believing one or more will be committed".

A spokeswoman for Kent Police confirmed the man was arrested on "suspicion of incitement" under the Serious Crime Act.

Indymedia has a long-standing policy of not retaining IP address logs to preserve anonymity, and the hard drive of the server taken from UK Grid was encrypted, as were the drives taken from the man's home. It's understood police did not use Regulation of Investigatory Powers Act (RIPA) powers to demand he turn over any encryption keys.

Refusing to provide encryption keys is an offence under section 49 of RIPA and carries a prison sentence of up to five years.

Danny


a few responses to other posters

11.02.2009 00:14

Spooky: "I always thought that the government lackeys in GCHQ were able to trace communications via E-Mail, mobile phone and fax irrespective of location and exact details. I expect that there is an intercept on Indymedia."

Indymedia uses an encrypted connection between your browser and the webserver - that's why the address starts with "https" instead of "http" - the "s" stands for "secure".

This means that anyone like GCHQ intercepting the traffic will just see garbage data.

The only way they could do it would be to hijack the traffic with a so-called "Man in The Middle" attack, but that isn't easy and your browser would complain that something is wrong.

ben: "INDYMEDIA DOES NOT KEEP IP LOGS!!!"

Well, I trust you, but others may not. And the point is we should never rely on another person as a single point of failure in the chain protecting our privacy/anonymity. If Indymedia is seen to be a threat, the state will come down hard, they will pressurise people to snitch, or put in their own infiltrators to gain positions of responsibility within Indymedia so they can put in backdoors.

The solution is to use decentralised methods for your anonymity, such as Tor ( http://torproject.org).

Maybe it would be better if Indymedia DID log all IP addresses, displayed your IP address when you visit, and published the logs openly. Then people wouldn't get lulled into a false sense of security, and would know to use things like Tor if that was necessary.

Danny: "...the admin who is grassing me up isn't technical."

In what way is someone grassing you up? Just removing your news items, or something more like reporting you to the police? Do you have proof of this, or is it just conjecture?

anon


Acting like idiots

11.02.2009 11:22

I don't know who are worse, the pitched fork brigade reading to lynch indymedia for having a system in place to protect itself against spam (kind of essential for an open publishing site, especially one of a political nature), or indymedia for trying to hide it in the most hypocritical display of double standards I've seen in ages. This is all irreverent if only there was some openness.

There are obvious security implications of connecting and posting to an online platform like indymedia and anyone with any brains at all regardless of their computer knowledge would know that they have to place their trust in the server admins. They'd also know that they CANT afford to place they trust in the server admins especially on a system where those admins are merely self selected volunteers who have joined open collectives around the country. Therefore, anyone posting incriminating information would do so via a safe location with do direct connect to themselves such an internet cafe or open wireless hotspot, or route their connection through anonymising services.

The protection offered by indymedia, https secure connections and no ip data retention are only to be trusted as far as you would trust a random stranger (the indymedia admin volunteers) with your future liberty. Those security features are essential features but of little use by themselves.

None of this is new. There has been no sudden change which should make people not trust indymedia and no reason for indymedia admins go into censorshop overdrive in their misguided damage control fit.

please stop the paranoia


Even worse than being 'hidden'!

11.02.2009 12:42

"In what way is someone grassing you up? Just removing your news items, or something more like reporting you to the police? Do you have proof of this, or is it just conjecture?"

t's someone I know reporting me to the police via Crimestoppers for arson and terrorism. I have such overwhelming evidence that I doubt he would deny it, he wasn't hiding his identity and included an email from me to him in his grassing plus other 'non-internet' stuff. The police wouldn't give me a written copy of the allegations after FOI and DP requests but they did confirm the seriousness of the allegations in writing. The allegations were aimed at having the cops raid my parents house, which they did eventually so my parents were questioned about the same IM posts too, so you could ask them. If anyone doubts this I am also willing to take them to the cops as a witness where I'll change my original statement - I'd rather go to jail as the last raid hospitalised my dad. I don't blame Indymedia, this sort of abuse can't really be stopped in advance by a collective or any sort of organisation, but if I had reported this to a corporation then they would have investigated and taken appropriate action.

Danny


Solidarity

12.02.2009 20:57

Let's calm down and see this for what it is - a divisive scare tactic. Stay strong with what you know is right, act accordingly and above all, stay united in solidarity. x

anon