Large Ontario DC busted for hosting petabytes of child abuse material

18 million dollars revenue in three months so certainly pretty large sized.

Any idea which DC this is?

Don't know who this is but the legalities are pretty clear I think. The DC is not required to know what data is stored but if the cops can prove that someone DID know what was stored, that person can be criminally charged. IANAL but I have worked with LE on a similar case and that is how it was explained to us by the FBI. It will be hard to prove anyone knew however since anyone that knew and did not report it committed a crime. Charging the company will be a stretch unless they can prove that at least one corporate officer knew. Otherwise the company will fire whichever employee knew and say "He should have told us".

This is all about who knew what and when.

Steven Naslund
Chicago IL

True in the USA, I think; but what about Canadian law?

Popcorn and hyperhumongous drinks time.

Given the size and that the data is stored in encrypted RAR files, I wonder if they just busted a Usenet service provider rather than a P2P / file sharing site.

Part of it depends on if the DC was doing managed services as well. If they are just a space tenant then their exposure can be limited. But if it was their servers that will be a little different. Not saying it would make the difference, but opens another avenue to be argued.

To me it’s like going after the Landlord of a rental apartment if someone is busted for drugs. How much can be proven that they knew? How much can they interfere with their business?


Justin Wilson Managed Services – xISP Solutions – Data Centers Podcast about xISP topics Peering – Transit – Internet Exchange

Canadian and US laws are similar. But I'll leave it up to the lawyers to
figure it all out, happily I'm no where near this, but it being a small
industry here, I suspect I have friends that are dealing with some crap
right now

Here is what is going to hurt or help the cops case.

"The volume of information is so expansive that in order to store and analyze the data safely and securely, police had to purchase storage hardware similar to what was used by Canadian military forces in Afghanistan. To access the files, many of which are password protected, the cops developed password-cracking software in-house that is slowly sifting through the mountain of information."

The key there is that the data was protected. Did the datacenter control that protection and have access to the data or did their customer maintain that control? Certainly a data hosting service is not required (or perhaps even allowed) to crack passwords to see what you are storing on their servers.

Steven Naslund
Chicago IL

AFAIK it's generally the same in Canada. If a provider is aware of (reported, accidental discovery or otherwise) the existence of child pornography on their network that existence must be reported to LE and the content must be cease to be publicly available.

What I've done in the past when such a report is received is created an archive of the whole directory and subdirectories in question, collected all the customer data related to the account including logs of logins and file transfers and sent that directly to law enforcement and through

Some information for Canadian service providers is in the reporting system itself:

In article <> you write:

Given the size and that the data is stored in encrypted RAR files, I wonder if they
just busted a Usenet service provider rather than a P2P / file sharing site.

Unlikely. There aren't that many large usenet providers, none of them
are based in Canada, and they are hyper-aware that they don't want
child abuse material on their servers.

There aren't that many cloud providers physically located in Canada
either, but I have no idea which one it is.