This is extremely concerning. I was reading this thread thinking thank god this could only happen in the US.
My concern is around the sequence of events that needed to take place for this to happen to you. Also as a former network operator I want to know how laws like the data retention act, identify and disrupt, etc play a role in these situations - ie who triggered what. I think I’ll review your comment history.
Sounds like you have handled it in about as healthy manner as one could hope. I saw that as a compliment.
To possibly make this even more frustrating, when I was told I could pick up my gear, the detective in charge said that a few things they found flagged as suspicious:
1. I had / used virtual machines
2. I had "Tor" on my computer(s)
3. I had downloaded stuff from Megaupload
Now I'm not entirely sure whether these comments were based on what they found on my seized gear, or whether these were actually sufficient 'red flags' to make them think the warrant was justified initially, but, my god, how completely out of their depth, and therefore totally unqualified, they are to make life-changing adjudications about these things - and that their access to metadata only makes it more likely that they'll make false positive mistakes (which is just terrible for society overall).
I'm literally not sure what they meant by saying "you have tor on your computer", whether there's evidence of my having visited the dark web, or just having a (way outdated) copy of the tor browser saved somewhere.
And I think the only things I'd ever downloaded from Megaupload were Android ROMs.
Regarding Virtual Machines: I can't even... they're obviously non-technical so couldn't possibly understand, and yet... gah, I can't even...