On a risk I had not considered

As most of you know by now, I’ve been slowly working in my spare time on a dot-com project. I haven’t knuckled down to do a proper risk analysis yet — let’s face it, coding is much more fun — but I’ve certainly kicked various scenarios around in my head while working on it.

So, for instance, I have design plans to use hash message digests on my server cookies, SSL encryption for most of the core components, outsourcing credit card management, keeping dollar amounts low to reduce incentives for fraudulent card users and so on and so forth. There’s heaps of nasty things that could happen.

I’ve been divided on how to manage server risks: what happens if one of my servers fails? In the early phases I’ve generally decided that this is a risk I will take on. My US provider (Slicehost) is reliable and quite capable. A search for “slicehost sucks” doesn’t turn up too many hits compared to some other firms. Slicehost manages various risks for me: power supply, fire, hardware failure, network disconnection. That’s what I pay them for, and they’re much better at it than I am.

But a few days ago the FBI swept into a Dallas data centre and took everything. And I do mean everything — every server, regardless of whose it was or what it was doing. The FBI have been known to seize individual servers or a handful here and there as part of investigations. They’ve built a rotten reputation for sitting on seized hardware for years and needing constant prodding and harassing to return it. Generally, the thinking goes, if the FBI take your stuff, you might as well write it off. It’s as good as gone.

The general way to manage FBI risk has been to prevent your server from being used for illegal purposes. Keep your server secure, keep the patches up to date, occasionally audit it, use security tools etc etc. If bad guys don’t start using your server, the FBI won’t track it down and take it.

But this is a new class of FBI risk. Now, my risk is based on the security of every server in the same data centre, which is something I cannot control. A commercial data centre could easily contain thousands of servers. A VPS provider like Slicehost could be running tens of thousands of virtual servers in a single centre. It is essentially a certainty that someone in that group has been cracked and has unwittingly started to serve illegal content.

Now I have to worry about dispersing my system across multiple data centres much, much sooner than I had planned to. Thanks a lot, FBI. You’ve basically added hours of work and a lot of extra expense to the plate of anyone who hosts servers in the USA.

This entry was posted in Business, Geeky Musings, IT and Internet, Law. Bookmark the permalink.

7 Responses to On a risk I had not considered

  1. Tel_ says:

    Suddenly the virtual machines are looking a whole lot better.

    I guess, while the US govt is paying their debts in freshly printed money they don’t have to worry much about lawsuits making claims for damages :-)

  2. James A says:

    To be fair this sort of thing happens in the private sector too – a datacentre held a hosting company’s remaining servers hostage after the company started moving to a different datacentre. Although at least in this case you could sue the datacentre, good luck filing suit against the FBI.

  3. Jacques Chester says:

    A similar risk with the same level of oh-crapness.

    In both cases the only strategy is to reduce the risk by placing servers with different firms in different locations. In different countries if possible. I’d run a server in Australia if bandwidth prices weren’t so punishing.

  4. derrida derider says:

    Some small country with decent infrastructure could gain a nice little earner by passing a law saying working servers cannot be physically seized or shut down except in rare circumstances (which doesn’t prevent court-ordered reading of contents and activity monitoring).

    Like Swiss bank accounts they’d attract illegal activity, but they’d get much more volume from those just wanting legitimate security and reliability.

  5. Jacques Chester says:

    derrida — Sealand (the sort-of-country on an old WWII AA platform) tried that but didn’t really succeed. Maybe somewhere like Lichtenstein is what you had in mind though?

    Part of what makes it a poser is that you want somewhere with reliable power and multiple sources of connectivity.

  6. derrida derider says:

    Yep, the “strong infrastructure” bit matters. But it includes legal infrastructure too – you want a good commercial law system for intellectual property, etc. Just stop the buggers from actually shutting you down at the whim of some copper.

    That’s probably what stopped Sealand. But Lichtenstein is the type of place I had in mind, though costs might be a bit high there – you need somewhere where server farms wouldn’t be quite so expensive to build and run.

  7. Patrick says:

    You would need somewhere big enough to put a server farm!!! Eastern Europe is the only real candidate I can think of, or possibly even an Australian State that was willing to put its own physical connections in and tell Conroy where to stick it – but not sure our latency vis-

Comments are closed.