New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Just give them a ring to confirm it's not a scam, then hand over the information as requested. If they want to do it the official way, they certainly won't come to you again but rather your hoster, and they'd just confiscate the servers harddisk, because that's way more convenient to do than asking you. Then your community is pissed, your hoster is pissed, and you could've simply avoided it by cooperating.
nvm
Make sure to follow your local (uk) law. I am pretty sure you are not allowed to provide personal data to any foreign police or agency.
In your case I would contact a lawyer before making any decision and not listen to people you don't know.
It is. I did abuse handling in all jobs until now and settled eg. with Austrian police on emailing PDFs with court/state attorney documents instead of the usual faxing which ends even with both sides digital like crap often.
I generally want a document that at least alleges a crime (so at least the basic outline of what they say happened) in a language i speak (i.e. not French. They love that.). If the suspects data (if any) matches the customer data i confirm and possibly add what i have or give the payment details.
Further i ignore certain countries entirely (some i have to) and set custom burden of proof on others (like US district attorney orders are not much worth or i'd never simply hand out eg. Georgian customer/other data to Russia/AZ) and disregard any legal system based on solely religious (especially muslim) law.
It is a gamble and you need to decide often quickly but in most cases have no IMMEDIATE risk from an external agency if you decide to verify further, else they likely write no emails in the first place.
lol.
Though I certainly agree with your from a hosting organization point of view, I don't think that is necessary here. You can obviously try, consult a lawyer, and do a thousand other things but the matter of fact is that communities like Reddit, 4chan and many others have tried the same thing to no avail. As a (hosting) company you're legally obliged to not just give away personal information, but for individuals like OP running a community, this is different. That's not to say he should just give it away and I reckon it is a rather grey area, but I just don't see the point in fighting it with absolutely no chances to win such case as OP has no legal ground but would just waste his own money on lawyers and the likes.
It is not about fighting the police or do the "right thing" it is about avoiding doing the right thing and get fucked for it by local police. I don't know the laws in uk but I would spend the money for the lawyer just to be sure.
We never rely on the email address. Especially when they asking for personal data.
We always ask for extra identification like an ID or warrent (and call them).
A police officer should always be able to identify himself. This also applies to online criminal investigation. If they don't or they say that's not possible, then we say: Ok, then we will not give you anything.
Then there is always the question: Is de privacy of your customer more important then their case.
Here in the Netherlands, privacy is generally more important and if they (for exemple) only downloaded a movie or uploading them, we are not going to give them any information.
Also if they give you no reason or refusing to give you an reason, we don't cooperate as well.
But if they identify themself and there is a good reason such as big scam, DDoS and high end fraud? We give them al information they want and free of charge.
But in most cases they ask information about a customer that ordered a server 1 year ago. That is how the police works, always 1 year behind
GDPR may be applicable and if there is improper cross-border transfer of data you are potentially open to EU fines (although whether they actually come after some small guy is iffy). Look up cross-border transfer, privacy shield, etc. What does your GDPR privacy policy say - if it says that data may be transferred cross-border and given to law enforcement upon request, then your situation is probably different than if it says you don't share data full stop. If it worries you then consult a lawyer; part of what you pay for is less worry.
nvm
Forum members agree to a TOS and Privacy Policy outlining the use of the data that is being collected. They /are/ clients in that regard. Data protections apply.
--
Do not cooperate with anything other than a court order. Period. Processes exist for a reason.
A courteous reply indicating this is a "nice" thing to do.
If this is really about swatting, that has caused several fatalities in the US. Usually because of trigger happy cops but still it is nasty. Way beyond downloading movies, ddos, or low level financial fraud.
Correct as anyone can pretend via email and request your customers personal information.
If it's a court order in your country, you ought to comply. If it is not, you should write back that you are unable to provide the records requested without a valid court order as per your privacy policy.
I'm not a lawyer but I play one on TV. If a non-federal police agency in the US has reached out to you openly without proxy of your local/federal agency that has jurisdiction over you, they are reaching out in good faith and asking for a favor.
I've been asked for a favor as a mere member of LET before, and extended the favor as it was both warranted and violated no privacy agreements (information I collected about a user through publicly available threads on the site, while I was a regular user and not admin). It was just that though: A favor. I had no obligation to assist. Neither do you.
If you feel compelled to assist them, and it violates no law that you are responsible to uphold, that is your choice. If they believe that the situation is worth going through the proper channels, and they have the proper ability to do so, your government will reach out to you.
Sometimes I wish I had zero knowledge of anything IT related, then I could maybe enjoy these shows.
Once you understand this stuff, it becomes way too cringe
Thanks for that, I phoned NCA they go if it was a genuine request they would go through Interpol and send a local officer around.
Try it and let us know how that goes.
Best answer 😂😂😂
I think they have run out of money as it was a several Nigerian princes and all of them wanted bank account in order to transfer some money
Consult a lawyer. That's the only sensible, somewhat smart advice I can give.
Don't know the laws, or practice in your country.
In my country one would need a court order when giving out information, otherwise, they could be charged. And keep/store the court order for your protection, if the question of giving out info gets raised at any time later.
So police can ask, but you mustn't give.
lawyer costs money.