On 6 November 2010, on request from the Italian police, the Norwegian police seized the data on the Norwegian servers of Autistici/Inventati (A/I) “a group of people who mantain and develop electronic communication services for individuals, associations, informal groups and movements and, among their particular aims, defend the freedom of expression and privacy” by confiscating and cloning the disks in its server. It hosts mailboxes and a number of activist discussion groups, providing encryption services.
A/I has found out that a public prosecutor in Avezzano sent international rogatory letters to the Netherlands, Norway and Switzerland, where it has servers, asking the local authorities to contact the internet service providers that host their servers to obtain data that they had not been provided by A/I’s legal representatives. A/I stresses that it did not possess the information that the Italian police sought. The Norwegian postal police visited its ISP’s webfarm and copied the disks, “whose contents are mostly encrypted”.
Read more about the history of the case and how 2,000 people had their e-mail scooped up on StateWatch.org.
A/I as issued its own statement at http://cavallette.noblogs.org/2010/11/7029 (scroll down for the English version). It says, in part:
We don’t understand what legal motivation can justify a damage to 2,000 people’s privacy just to obtain an evidence that the data regarding one unknown individual do not exist. This investigation regards a single mailbox, and what was requested in November 2010 was some logs dating back to late 2008, which we did not have even back then.
Some answers can be perhaps found in the text of the rogatory letter, and a passage from that brilliant English translation must be quoted:
“to obtain the file of log, and IP-access, for consultation, registration, change of password and updating relative to the mailbox ORSA @ CANAGLIE . NET (SHE-BEAR @ SCOUNDREL . NET) in the time span 2008–12-09 to 2009–12-09.”
The Public prosecutor’s office ordered the seizure, but did not realize that translating a user name and a mail domain is as ridiculous as it is useless. To be honest, we don’t think that this office is able to produce any technical assessments regarding an IT case.
To sum up: this action appears as a small political intimidatory retaliation against Autistici/Inventati, who have been considered reticent in denying a piece of information we have never had and never will have in the future.
But this small retaliation implies a major privacy problem for the 2,000 users who had a space in that server. Likewise, the facts that gave rise to this investigation have been seemingly overrated. Starting from an irrelevant political skirmish, overstated charges were used to send three rogatory letters abroad.
Hat-tip, @PrivacyMatters