On April 28th 2014 a representative of the brazilian Federal Public Prosecutor (the “Ministério Público Federal” — or just “MPF”) removed the hard disks from Saravá Group’s main server, taking down many services hosted by the group. In the negotiation with the Saravá Group, it was agreed that the MPF would only take the disks and leave the machine untouched.
In accordance with its letter of principles, Saravá Group protects all the data in its servers using cryptography. There is no access key in power of the State University of Campinas (Unicamp), so there is no way that the university can provide the data to whoever requires it. It is also worth noting that in Brazil there is no legal mechanism that enforces the Saravá Group to hand over the hard disks’ encryption keys. This way, with strong, properly implemented, free-software based and security-community recomended encryption, users’ data is not under the risk of being violated.
After the action and departure of the MPF from the university, we installed new disks on the server and in less than 2 hours it was back online. Some systems and services related to the old server are still offline, but they are being restored from remote backups. We will generate new encrypted connection certificates (HTTPS/SSL/TLS) as a preventive measure.
Saravá Group is an horizontal, nonprofit organization run by volunteers who maintain the group structure through donations. It is in behalf of providing access to secure tools that collaborate with articulation and organization of research groups, collectives and individuals, that Saravá offers its services for free, in an attempt to establish a cooperative and mutual aid relationship with groups, collectives and individuals that are part of its community and network.
We thank all for the solidarity.
link : https://www.sarava.org/en/node/109