On Tuesday, the FBI raided a hosting facility called DigitalOne, a Swiss hosting company leasing blade servers at a Virginia datacenter. Early in the morning, the FBI raided the datacenter to seize servers used by a DigitalOne customer for fraudulent “scareware” distribution, according to the FBI’s press release, but they also took several more servers that happened to be physically near the server or servers they were after.
One of the companies affected by this was Intsapaper. If you are not familiar with them, it is a simple online tool that allows you to save web pages for later reading. I use it on my iPhone all the time.
As it turns out, Instapaper was leasing the servers from DigitalOne. However, the hardware was pretty expensive to DigitalOne: each of these servers costs well over $6,000.
What is important to everyone is that the FBI is now in possession of a copy of the Instapaper database! This includes a complete list of users and their bookmarks.
Instapaper states that they store only salted SHA-1 hashes of passwords, so those are somewhat safe. But they store email addresses in the clear, and the saved content of each bookmark saved by the bookmarklet.
So the FBI now has illegal possession of nearly all of Instapaper’s data and a moderate portion of its codebase.
Instapaper states that they believe that after talking with legal experts they “don’t expect to ever get an explanation for this, have the server or its data returned, or be reimbursed for the damage.”
I find this very troubling. It frightens me to think that this could happen to any of us. The FBI could raid our hosting facility and “accidentally” take one of our boxes.
And apparently, we would have very little recourse. For some reason, I am reminded of all the stories I would hear about the KGB and the Soviet Union in school when I was growing up. Is this what we’ve become?