Our fears about the wretched Serious Crime Act 2007, and its likely use to chill political dissent and free speech appear to have been borne out.
See our previous article: Serious Crime Act 2007 - proof of how useless the Opposition is to Labour's repressive legal fantasies
The Register reports the chilling news that:
By Chris Williams
Posted in Law, 10th February 2009 15:01 GMT
A Sheffield man has been released on police bail after being questioned in connection with comments posted to the activist news website Indymedia, which included the personal details of a prominent High Court judge.
Note that the controversial new Terrorism Act 2000 section 58A Eliciting, publishing or communicating information about members of armed forces etc., brought in by the Counter Terrorism Act 2008 section 76, does not apply to Judges, juries or prison officers who might be at risk from terrorists or serious criminals.
The man, in his 40s and thought to work as a systems administrator, was arrested on Monday and questioned for about eight hours. He has been bailed without charge to appear at a police station in May. His home was searched and computer equipment and paperwork seized.
The comments at the centre of the investigation were critical of Mr Justice Neil Butterfield for the landmark blackmail sentences he handed down to seven animal rights extremists last month. One posting encouraged other Indymedia users to use the personal information to contact Butterfield and "to let this friend of [animal testing firm Huntingdon Life Sciences] know exactly what you think about him".
Indymedia administrators deleted the personal information soon after it was posted, but they were contacted by Kent Police the following day requesting the IP addresses of the posters. The Kent force carried out the original investigation that resulted in the blackmail sentences handed down by Butterfield.
Indymedia told Kent Police it does not record IP addresses. The same day the force seized a server belonging to Indymedia and hosted at Manchester-based colocation provider UK Grid.
The Register understands that the man arrested was not responsible for either of the comments and is not an Indymedia activist or administrator. Rather the server was hosted by UK Grid under a contract in his name, along with several others on behalf of unrelated clients.
He was arrested under sections 44-46 of the Serious Crime Act 2007, which came into force on October 1 last year. The relevant sections criminalise "intentionally encouraging or assisting an offence", "encouraging or assisting an offence believing it will be committed" and "encouraging or assisting offences believing one or more will be committed".
A spokeswoman for Kent Police confirmed the man was arrested on "suspicion of incitement" under the Serious Crime Act.
Indymedia has a long-standing policy of not retaining IP address logs to preserve anonymity, and the hard drive of the server taken from UK Grid was encrypted, as were the drives taken from the man's home. It's understood police did not use Regulation of Investigatory Powers Act (RIPA) powers to demand he turn over any encryption keys.
Refusing to provide encryption keys is an offence under section 49 of RIPA and carries a prison sentence of up to five years.
Who now doubts that we are living in a Police state under this unpopular and increasingly hated repressive Labour government ?
What happened to freedom of speech on the internet or even in the mainstream media ?
Who will be next ?
If the mainstream media and the UK political blogosphere and the UK telecomms and Internet Service Provider industries do not kick up a huge fuss about this case, then the terrorists will have won, by provoking this morally weak Government into
destroying our fundamental human right of free speech.
UPDATE Sunday 15th February 2009
Some more details about this shocking case, which threatens not just our personal freedoms, but which could also to destroy important sections of the United Kingdom economy, are to be found in this blog posting by Katabasis, a friend of the arrested person:
Help wanted - A chilling landmark for civil liberties in the UK
How on earth could they prove mens rea?
Are they suggesting it is now illegal not to record all the details of visitors to one's website or server?
I wonder if Hotmail managers will be likewise charged, because if I recall correctly terrorists use (or did use) the drafts folder to exchange messages (rather than send emails).
Does this web site (spyblog.org.uk /p10.hostingprod.com) record and store IP addresses for those that post comments here?
@ Andrew - yes and no. All webserver infrastructure keeps multiple IP address and other logfiles, from routers, DNS servers, webservers, load balancers, traffic shapers, firewalls, intrusion detection systems etc. etc. some of which are periodically deleted.
spyblog.org.uk might keep some DNS related logfiles for a while, but the primary and secondary DNS servers are physically located in Canada, an extra legal step for UK authorities. Canada actually has some proper privacy laws, and any requests, even from the UK Government require an actual Canadian Judicial Court Order, something which the UK authorities are unused to having to bother with here.
The p10.hostingprod.com webspace is shared with other customers of the massive Yahoo search engine and web hosting infrastructure, so there are likely to be multiple logfiles of various sorts, but collating them all together would not be trivial. This is based in the USA, which, unlike the UK still retains constitutional protections for free speech, and against unwarranted searches and seizures, even by law enforcement or intelligence agencies.
The SpyBlog.org.uk domain name may be pointed to other backup mirror webspace if there is an illegal denial of service or legally based "collateral damage" or other censorship attack.
As it happens, the comments are stored in a database, which, due to ongoing technical problems with the Yahoo infrastructure, following changes to make it serve web pages faster, only stores IP addresses of various Yahoo reverse proxy load balancing machines, and not the real visitors IP addresses associated with comments.
If you are worried that your IP address, and therefore a potential link to you personally, may be snooped on, by Governments, criminals and unscrupulous advertisers etc., and you would have very good reasons to suspect this, then please use open proxy servers, or open WiFi access points or anonymity enhancing tools like Tor onion routing, but do bear in mind all the warnings and caveats.
@ ukliberty - perhaps the UK ISPs and telecommunications companies and web hosting comopanies should ban, boycott, null route and filter all internet traffic to and from Kent Police, for a while, since to allow them access to the internet, might also fall under the Serious Crimes Act 2007 sections 44 to 46 inchoate offences, regarding possible future criminal breaches of the law by the Kent Police ?
>Indymedia told Kent Police it does not record IP addresses.
Hmm. Wonder if we are all going to be subjected to RIPA before long.
@ Matt - technically we are all already subject to RIPA, as it is an Act of Parliament, which covers the entire United Kingdom, and lays legal claim to "communications systems" anywhere "within the UK" or "outside of the UK" i.e. the entire known and unknown universe, which may use any "electrical" or "electromagnetic" signals, up to and beyond Morse Code messages sent by exploding supernova stars etc.
Unlike with the previous Indymedia computer server seizure scandal in 2004, this time it was the UK police who caused the "collateral damage" to all the other unrelated international websites and forums hosted on the seized machine. Back in 2004, the UK authorities shrugged their shoulders and claimed to know nothing about the international "mutual legal assistance" request which led a UK subsidiary of a US company to cave in and hand over server hard disks to foreign intelligence and police agencies, without any sort of UK warrant.
This time the UK police are directly to blame, and simply must not be allowed to arrest, harass or persecute someone who is not even the publisher of the website in question, let alone the person who posted something dubious, but probably not illegal.
Let me focus the question: can Indymedia be held responsible for not retaining "communications records" under RIPA.
I seem to recall that that relates to listed public authorities (albeit a very long list).
Matt
@ Matt - Indymedia may be a publisher but they are definately not "Communications Service Providers", within the meaning of RIPA or the Communications Act 2003 i.e. they are not regulated Telecommunications or Internet Service Provider companies.
Nobody can be forced by RIPA to log stuff or to retain logfiles for things which they have no need for, for business or technical administration reasons.
The EU Directive on mandatory Data Retention for internet logfiles does not come into force until April 6th this year. Neither it, nor the UK Regulations which will implement it contain any criminal or financial penalties for Communications Service providers if they refuse to, or are technically unable to, log IP addresses etc.
The list of hundreds of Public Bodies under RIPA is a list of bodies who are allowed to demand access to copies of any logfiles which happen to exist, or which have not been destroyed as they otherwise would have been, under the current Anti-Terrorism Crime and Security Act 2001 voluntary UK data retention scheme.
The person arrested in this story is a friend and work colleague.
I've posted a blog up with further information and a request for help - I'd be grateful if any of you have the time to do so, or even just spread the link to the blog around so we can highlight what the police are trying to do and why it is so serious.
Blog link here.
Thanks so much for covering this story here already by the way.
Thanks for the clarification.
Matt
I wonder if Kent Police didn't belive Indymedia when they said they didn't record IP addresses?
After all Indymedia are incapable of lying.
@ Interested Bystander - " no IP address logfiles" has been the policy of Indymedia for years, something which is plainly stated on the website, and which has been borne out by the previous seizures of Indymedia hard disks or servers.
At a guess there will be some IP address information stored for the purpose of blocking and banning spam comments or abusive commentators.
The Kent Police could just as easily have demanded (in secret) the logfiles from the webserver's hosting company or their upstream internet service provider regardless of whether there are any IP address logfiles on the servers or not., so to actually physically seize the server, thereby taking down several totally unrelated websites as well, is unnecessary "collateral damage".or deliberate harassment.
There would obviously not be any relevant IP logfile information on the home computers (which were also seized) of the guy who was arrested, if, as is claimed, he was neither an Indymedia website administrator, nor the person who posted the dubious comments.
A former Indymedia administrator explains,
Some notes for police officers wishing to investigate IndyMedia content
Apart from not keeping IP address logfiles, there is , in fact a network of Indymedia webservers which copy and distribute content to and from each other, so seizing one, even if it did have IP address logfiles on it, would, in all probability, not yield the information about the IP address of the comment poster anyway.
Kent Police are delusional if they think that the IP address used by people posting controversial comments is guaranteed to be the real IP address of the computer used to post the comment. It is more likely than not, to be that of an open proxy server or of an effectively untraceable internet connection of some sort via WiFi or Tor etc or disposable mobile phone etc.
I'm sure that Kent did as you suggest as well - In the end it is they who are going to have to explain to the Chief Justice the events that led to a High Court Judges home address being posted and reposted on the internet - when doing so stating that they didn't take a course of action because the website says it doesn’t log IP addresses may not be well received.
@ Interested Bystander - There is no law which makes the home addresses of Judges secret, unless the catch all Terrorism Act 2000 section 58 collection of information is invoked.
The new Terrorism Act 2000 section 58A does not include Judges in the list of categories of people i.e. current and/or former members of the military, the intelligence agencies or police constables (not PCSOs or civilian sub-contractors).
Since the original comment was rapidly taken offline, it is unclear if the the home address information was accurate or not.
Since this alleged information was no longer being published by the time that Kent Police got around to seizing the server, and then subsequently arresting the person who signed the co-location contact for it (remember neither an actual Indymedia administrator nor the person who posted the alleged comment), then the Lord Chief Justice simply does not come into the affair. It is unclear what legal power he has to meddle in an individual case anyway.
If there was a credible threat to a Judge, then he should get armed Police protection, - harassing innocent web server businessmen or web publishers is not the correct response.
According to the Indymedia discussion thread about this scandal, "DCI 6722 Andy Robbins" and "PSE 42349 Rob Stokes" were involved in the seizure (without a warrant) of the co-located server equipment at UK Grid
They and their Kent Police bosses may have to answer to the not very effective Independent Police Complaints Commission, if a formal complaint is made.
UK Grid have, so far, failed to issue any statement reassuring their existing or future customers that they will only allow the disruption and seizure of their customer's co-located servers on production of a properly authenticated warrant or court order.
There was no excuse for them to allow the physical removal of the server, rather than the copying of the relevant data, without bringing the system offline, especially without a warrant.
They must also have "cooperated" by revealing the name and address of the person who signed the co-location contract, who then arrested and had his home searched and home computers seized., but who has not been yet been charged with any crime.
Until UK Grid issue a statement about this scandal, they do not deserve any further co-location business from their existing or future customers.
While indymedia says IP addresses are not logged it seems that's not entirely true. There is a thread on IMC UK at the moment which begins with indymedia repeating that it never logs IP's but the comments go on to provide documented references to indymedia doing just that. It goes on to discuss the IP logging features found in most of the common indymedia specific CMS. The discussion is a little hard to follow as a lot of it has been hidden.
http://www.indymedia.org.uk/en/2009/02/422330.html?c=all
@ anon? - there is no need for the multiple re-postings of your comment
From the viewpoint of a Police evidential seizure of an Indymedia server, that discussion thread does not invalidate Indymedia's claims not to log IP addresses to disk.
If, as some of the abusive commentators in that thread allege, one or more of the Indymedia administrators is citing as a Police Covert Human Intelligence Source / informer / undercover infiltrator, and was busy manually copying the IP addresses, via the administrative interface, of abusive comment posters, or, presumably that of the comment allegedly containing the the Judge's home address details, then there would have been no need to seize the server, for intelligence investigative purposes.
The Police or intelligence agencies would have to be complete idiots to expose such a well placed CHIS, by forcing them to give Evidence in Court, in a case as petty and unimportant to national security as the alleged publication of a Judge's home address in a comment , an action which, of itself, is unlikely to be illegal, and which was no longer publicly visible well before the server was seized.
It is still an utter scandal that a person unconnected directly with Indymedia publishing was arrested and had his home / business computers seized in this case.
Given that the comment publishing servers are physically different from the various mirror servers which display the articles and comments, it seems that the it is likely that the Police seized the "wrong" server anyway.
Since the IP address information, for what it is worth, is already available from the hosting company's infrastructure logfiles and those of the upstream internet service providers, most of these conspiracy theories seem to be pointless.
The idea of copying Wikileaks.org, and allowing for a user defined delay, plus an extra random delay,to make traffic analysis a bit more difficult when publishing a comment (or article) might be worth following up.
However, it is doubtful that Wikileaks.org claims to be creating "thousands of simultaneous encrypted connections around the world" which somehow hide the real WikiLeakS.org traffic amongst fake / chaff traffic, are actually effective, or even necessarily true.
Is WikiLeakS.org planning to embed "phone home" spyware in its web pages ?
Since this alleged information was no longer being published by the time there would obviously not be any relevant IP logfile information.
@ lawlessness body - nothing is obvious to an inexperienced or deliberately suspicious policeman
The upstream Internet Service Providers may still have relevant logfiles.
Would I be correct in assuming that Section 44 of the Serious Crime Act 2007 will also cover reggae rap lyrics that encourage bodily harm, murder even, of many groups in society including women, Christians and gays?
@ Vee - who knows ? It is vague enough to applied to any of the listed "Serious Crimes" like murder
http://www.opsi.gov.uk/acts/acts2007/ukpga_20070027_en_5#pt2-pb1-l1g44
Proving criminal intent will be quite hard though. however, just because something might not stand up in Court, that will not prevent that bit of law from being used to threaten or harass or even arrest someone.
lnglUr