When the FBI Raids a Data Center: A Rare Danger

As part of coordinated raids in early April, FBI agents seized computers from a data center at 2323 Bryan Street in Dallas, attempting to gather evidence in an ongoing investigation of two men and their various companies accused of defrauding AT&T and Verizon for more than $6 million.

Slideshow: Five tools to prevent energy waste in the data center
The FBI as an ethical hacker?

The FBI's target in the data center raid-one of five seizures conducted that day-is simply listed as Cabinet 24.02.900 in the affidavit and search warrant.

Cabinet 24.02.900 allegedly held the computers and data used to serve voice-over-IP clients for the companies at the center of the case. Yet, it was also home to the digital presence of dozens of other businesses, according to press reports. To LiquidMotors, a company that provides inventory management to car dealers, the servers held its client data and hosted its managed inventory services. The FBI seizure of the servers in the data center rack effectively shut down the company, which filed a lawsuit against the FBI the same day to get the data back.

"Although the search warrant was not issued for the purpose of seizing property belonging to Liquid Motors, the FBI seized all of the servers and backup tapes belonging to Liquid Motors, Inc.," the company stated in its court filing. "Since the FBI seized its computer equipment earlier today, Liquid Motors has been unable to operate its business."

The court denied the company's attempt to get its data back, but the FBI offered to copy the data to blank tapes to help the company restart its services, according to a report in Wired.

The incident has worried IT managers, especially those with a stake in cloud computing, where a company's data could be co-mingled with other businesses' data on a collection of servers.

"The issue, I think, is one of how search and seizure laws are being interpreted for assets hosted in third-party facilities," James Urquhart, manager of Cisco Systems' Data Center 3.0 strategy, said in a recent blog post. "If the court upholds that servers can be seized despite no direct warrants being served on the owners of those servers-or the owners of the software and data housed on those servers-then imagine what that means for hosting your business in a cloud shared by thousands or millions of other users."

Yet, a careful reading of the case suggest that such issues are unlikely, says attorney and former Department of Justice prosecutor James M. Aquilina, who argues that the FBI and the judges took the correct actions.

"Probably cause to search is probably cause to search," says Aquilina, who is the executive managing director and deputy general counsel for Stroz Friedberg, a digital forensics and intellectual property advisory firm. "That being said, federal law enforcement agents, prosecutors, and magistrate judges alike remain sensitive to the realities of co-mingled data encountered at hosting providers."

Typically, judges and law enforcement agents will attempt to work with co-location and data center providers to hone a search to specific data, he says. However, two factors in the current case changed that policy. Most importantly, the co-location firm was a suspect in the case. In addition, the firm's owner had stated that it "was transitioning from the service provider business to the Venture Capital business and they only had a handful of telecommunications customers," according to the FBI's affidavit. Such an assertion could make a judge less likely to limit a search and seizure, says Aquilina.