When the FBI Raids a Data Center: A Rare Danger

The FBI's recent seizure of servers at a Dallas, Texas, co-location facility affected dozens of businesses. Could it happen to you? Experts say that power outages and network disruptions are the far more likely threat, but add that cloud computing complicates the situation.

As part of coordinated raids in early April, FBI agents seized computers from a data center at 2323 Bryan Street in Dallas, Texas, attempting to gather evidence in an ongoing investigation of two men and their various companies accused of defrauding AT&T and Verizon for more than US$6 million.

The FBI's target in the data center raid -- one of five seizures conducted that day -- is simply listed as Cabinet 24.02.900 in the affidavit and search warrant.

Cabinet 24.02.900 allegedly held the computers and data used to serve voice-over-IP clients for the companies at the center of the case. Yet, it was also home to the digital presence of dozens of other businesses, according to press reports. To LiquidMotors, a company that provides inventory management to car dealers, the servers held its client data and hosted its managed inventory services. The FBI seizure of the servers in the data center rack effectively shut down the company, which filed a lawsuit against the FBI the same day to get the data back.

"Although the search warrant was not issued for the purpose of seizing property belonging to Liquid Motors, the FBI seized all of the servers and backup tapes belonging to Liquid Motors, Inc.," the company stated in its court filing. "Since the FBI seized its computer equipment earlier today, Liquid Motors has been unable to operate its business."

The court denied the company's attempt to get its data back, but the FBI offered to copy the data to blank tapes to help the company restart its services, according to a report in Wired.

The incident has worried IT managers, especially those with a stake in cloud computing, where a company's data could be co-mingled with other businesses' data on a collection of servers.

"The issue, I think, is one of how search and seizure laws are being interpreted for assets hosted in third-party facilities," James Urquhart, manager of Cisco Systems' Data Center 3.0 strategy, said in a recent blog post. "If the court upholds that servers can be seized despite no direct warrants being served on the owners of those servers-or the owners of the software and data housed on those servers-then imagine what that means for hosting your business in a cloud shared by thousands or millions of other users."

Yet, a careful reading of the case suggest that such issues are unlikely, says attorney and former Department of Justice prosecutor James M. Aquilina, who argues that the FBI and the judges took the correct actions.

"Probably cause to search is probably cause to search," says Aquilina, who is the executive managing director and deputy general counsel for Stroz Friedberg, a digital forensics and intellectual property advisory firm. "That being said, federal law enforcement agents, prosecutors, and magistrate judges alike remain sensitive to the realities of co-mingled data encountered at hosting providers."

Typically, judges and law enforcement agents will attempt to work with co-location and data center providers to hone a search to specific data, he says. However, two factors in the current case changed that policy. Most importantly, the co-location firm was a suspect in the case. In addition, the firm's owner had stated that it "was transitioning from the service provider business to the Venture Capital business and they only had a handful of telecommunications customers," according to the FBI's affidavit. Such an assertion could make a judge less likely to limit a search and seizure, says Aquilina.

Such determinations will become more difficult as virtualization technologies and cloud computing become more prevalent, says Scott Gode, vice president of product management for Azaleos, a managed service provider for Microsoft services. Virtual machines and nebulous temporal instances of applications divorced from physical machines could turn law enforcement's job into a game of whack-a-mole, he says. Even today's state of partial progress toward cloud computing, with dedicated machines running multi-tenant applications could still lead to massive collateral damage, if the company operating the data center is considered a suspect, Gode says.

"Even with that dedicated box, there are tons of shared components within the data center," he says. "For a SAN storage unit, there is still a lot of caching devices, a lot of those are used ubiquitously by other components in the data center."

Yet for the most part, larger companies contracting with larger providers are not the ones at the most risk, Gode says. Such firms usually will usually not be hosted alongside fly-by-night firms and will likely get more consideration from law enforcement. Smaller firms are the ones that more often cut costs and corners, making them more likely to use an unknown service provider and more ready to consider cloud computing as a solution, he says.

"They are the ones who will take those risks," Gode says. "They will take those risks around power, they will take those risks around security and they will take those risks around FBI seizure, because otherwise, it costs them money."

Follow everything from CIO.com on Twitter @CIOonline

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags policeData CentrefbiData Center

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?