The FBI in Dallas, Texas showed off its technological ignorance on Tuesday when it seized all systems inside two data centers as part of an investigation into companies that owed money to AT&T and Verizon.
Federal Buerau of Investigation is defending their actions based on a belief that all systems in a Data Center are interconnected as Mark White [FBI spokesperson for Dallas office] stated:
"My understanding is that the way these things are hooked up is that they’re interconnected to each other," he says. "Company A may be involved in some criminal activity and because of the interconnectivity of all these things, the information of what company A is doing may be sitting on company B or C or D’s equipment."
We are extremely glad that Mark does not run any of the Data Centers where we have systems; as it would be criminal behavior and violation of just about all co-location agreements I ever saw or signed. To mix my data or the data of any other privately owned servers in a co-location is a serious offence.
To put it simply, when you Co-Locate you are not buying a spot on a server – that is called hosting. The Dallas FBI office should look up the term on a search engine or just hit Wikipedia.
When you Co-Locate you agree to put your physical servers into the care of the place where you are collocating. You either purchase space in a secured rack or the whole cage. Your system does not touch any other systems in the data center where you are collocated. They are yours; you own them and bring them in, you can even lock them up and restrict access to anyone but your network staff. At no time does the Co-Location service give you a server [again that is hosting].
I spoke with a technical support representative at Atlantic.net and asked what the co-location policy was. He stated that Co-located servers are on their own independent networks. They are not connected to any other systems in the co-location area. When you sign up for collocation you purchase an IP range and subnet for your systems. There is no chance of data from one company being on another.
The same is true for physical servers leased through the host. These are complete servers that are only in use by one company. They have their own independent IP addresses and do not talk to the other servers on the network. The ONLY time you might have distributed data is when you agree to shared hosting; shared hosting means that you might have multiple customer websites or data on multiple servers owned by the hosting company.
The purchase of Virtual Servers might also contain multiple server images on a single or multiple physical servers. But again these would be servers owned by the host not by individual businesses in the co-location facility.
In the case of the co-located servers [ones owned by the customer and not by the host] the FBI has illegally seized servers owned by people not involved in any wrong doing and have put their livelihood at risk. Not only that, but they have also risked the safety of many private citizens since some of the systems they seized were being used to provide 911 services.
When all this is over the government and quite possibly AT&T and Verizon [both of whom would know how co-location works] will have quite a bill to pay and many people to answer to. I am sure when President Obama envisioned a Cyber [Savy] Government this was not what he had in mind. After all – disrupting 911 emergency services is a federal crime. The fact that the FBI seized servers used for 911 emergency services and caused some parts of Dallas area to temporarily lose the ability to dial the 911 – does not bode well for them.
Disclaimer: The author of this article is a decorated former US Military Engineer with more than 20 years experience in the Intelligence, Security and Information Technology fields in both civilian and military service.