To people claiming a physical raid is pointless from the point of gathering data :
- you are thinking about a company doing good things the right way. You are thinking about a company abiding by the law, storing data on its own server, having good practices, etc.
The moment a company starts to do dubious stuff then good practices start to go out the window. People write email with cryptic analogies, people start deleting emails, ... then as the circumvention become more numerous and complex, there needs to still be a trail in order to remain understandable. That trail will be in written form somehow and that must be hidden. It might be paper, it might be shadow IT but the point is that if you are not just forgetting to keep track of coffee pods at the social corner, you will leave traces.
So yes, raids do make sense BECAUSE it's about recurring complex activities that are just too hard to keep in the mind of one single individual over long periods of time.
It's also just very basic police work. We're investigating this company, we think they've committed a crime. Ok, why do you think that. Well they've very publicly and obviously committed a crime. Ok, are you going to prosecute them? Probably. Have you gone to their offices and gathered evidence? No thanks.
Of course they're going to raid their offices! They're investigating a crime! It would be quite literally insane if they tried to prosecute them for a crime and how up to court having not even attempted basic steps to gather evidence!
A company I worked for had a 'when the police raid the office' policy, which was to require they smash down the first door, but then open all other doors for them.
That was so that later in court it could be demonstrated the data hadn't been handed over voluntarily.
They also disconnected and blocked all overseas VPN's in the process, so local law enforcement only would get access to local data.
Well, yes, it is actually pretty normal for suspected criminal businesses. What's unusual is that this one has their own publicity engine. Americans are just having trouble coping with the idea of a corporation being held liable for crimes.
Was it ever actually accused of crimes? Was it raided? Was there a list of charges?
It always seemed to me that TikTok was doing the same things that US based social networks were doing, and the only problem various parties could agree on with this was that it was foreign-owned.
American companies held liable for crimes include Bank of America ($87B in penalties), Purdue Pharma (opioid crisis), Pfizer for fraudulent drug marketing, Enron for accounting fraud. Everyone on hn should know about FTX, Theranos, I mean come on.
I'm not sure what you're getting at, physical investigation is the common procedure. You need a reason _not_ to do it, and since "it's all digital" is not a good reason we go back to doing the usual thing.
It's a show of force. "Look we have big strong men with le guns and the neat jack boots, we can send 12 of them in for every one of you." Whether it is actually needed for evidence is immaterial to that.
If law enforcement credibily believes that criminals are conspiring to commit a crime and are actively doing so in a particular location what is wrong with sending armed people to stop those criminal acivities as well as apprehend the criminals and what ever evidence of their crimes may exist?
If this isn't the entire purpose of law enforcement then what is exactly?
But one could reasonably assume that a location that is known to be used for criminal activity and that likely has evidence of such criminal activity likely also has people commiting crimes.
When police raid a grow-op they often may only have a search warrant but they end up making several arrests because they find people actively commiting crimes when they execute the warrant.
It can be both things at once. It obviously sends a message, but hey, maybe you get lucky, and someone left a memo in the bin by the printer that blows the case wide open.
Isn't it both necessary and normal if they need more information about why they were generating CSAM? I don't know why the rule of law shouldn't apply to child pornography or why it would be incorrect to normalize the prosecution of CSAM creators.
1) Even when you move things to a server, or remove it from your device, evidence is still left over without your knowledge sometimes.
2) Evidence of data destruction, is in itself as the name implies, evidence. And it can be used to prove things.
For example, an ext4 journal or NTFS USN $J journal entry that shows "grok_version_2.4_schema.json" where twitter is claiming grok version 2.4 was never deployed in France/UK is important. That's why tools like shred and SDelete rename files before destroying them. But even then, when those tools rename and destroy files, it stands out, it might even be worse because investigators can speculate more. It might corroborate some other piece of evidence (e.g.: sdelete's prefetch entry on windows, or download history from a browser for the same tool), and that might be a more serious charge (obstruction of justice in the US).
Indeed, actions leaves traces, including the action of deleting data. It takes a LOT of expertise to be able to delete something without leaving a trail behind, if that's even feasible without going to extraordinary length.
They don't just take paper when they raid offices. They take the computers too. I've never worked anywhere where desktop machines are encrypted as a matter of routine. Laptops yes (but only recently). Servers maybe, depending on what they do.
At some point in the near future I see a day where our work laptops are nothing more than a full screen streaming video to a different computer that is housed in a country that has no data extradition treaties and is business friendly.
Because that country and the businesses that support that are going to get RICH from such a service.
Takes literally minutes to setup with Webtop (assuming you are familiar with Docker/Podman https://docs.linuxserver.io/images/docker-webtop/ ) , nothing to install on the thin client, the stock browser is enough.
I used this when an employer was forcing me to use Windows and I needed Linux tools to work efficiently so I connected home. Goes through firewalls, proxies, etc.
Anyway if you want to host this not at home but a cloud provider there was HavenCo https://en.wikipedia.org/wiki/HavenCo don't ask me how I know about it, just curiosity.
I've definitely witnessed some pretty big companies that have got all their employees, including developers, set up on Citrix. In those cases, the "foreign friendly legal environment getting rich off of it" was the United States
> At some point in the near future I see a day where our work laptops are nothing more than a full screen streaming video to a different computer that is housed in a country that has no data extradition treaties and is business friendly.
Do you mean they will be pure worker surveillance systems, or did you mean “from” instead of “to”?
Not video but that's essentially how companies like Google operate today. That's why their engineers can use an off the shelf Chromebook. Their IDE is on the web, etc.
No need to be coy the raid exists because it's a way to punish the company without proving anything. They have zero intention of getting even the slightest bit of valuable data related to Grok from this.
Unlike the current American administration who condones raids on homes without warrants and justifies violence with lies, this France raid follows something called rule of law.
So no, don't be coy and pretend that all governments are like American institutions.
>Unlike the current American administration who condones raids on homes without warrants and justifies violence with lies, this France raid follows something called rule of law.
There was legal warrant and the wikipedia does not mention any lies or rules being being broken. There is nothing "Iffy" on that front.
And, to spell it out, it is also funny to see who was complaining about it back then. On the free speech grounds, not less, literally people trying to dismantle democracy and create autocracy. Russian soldiers and operators, Maria Butina, Medvedev and Elon Musk. Bad faith actors having bad faith arguments.
- you are thinking about a company doing good things the right way. You are thinking about a company abiding by the law, storing data on its own server, having good practices, etc.
The moment a company starts to do dubious stuff then good practices start to go out the window. People write email with cryptic analogies, people start deleting emails, ... then as the circumvention become more numerous and complex, there needs to still be a trail in order to remain understandable. That trail will be in written form somehow and that must be hidden. It might be paper, it might be shadow IT but the point is that if you are not just forgetting to keep track of coffee pods at the social corner, you will leave traces.
So yes, raids do make sense BECAUSE it's about recurring complex activities that are just too hard to keep in the mind of one single individual over long periods of time.