I forgot to thank those on the list who replied to this thread. They have been very helpful.
For the benefit of anyone else in a similar position:
My ISP (after consulting with LINX) has conceded that the legality of monitoring the exit is unclear. They have now asked if I would be willing to block port 80 on my exit, or have them monitor my traffic instead in their capacity as a commercial operator. I've reluctantly opted for the former.
Meanwhile, members may be interested to hear what the owner of the ISP had to say about Tor. I thought I'd put it here as a footnote to this thread by way of an example of the range of opinion in the technical community. I have no strong opinion on the matter.
"I'm still not convinced that ToR isn't just an incredibly clever US government scheme where the US government stealthily operate a majority of the ToR (exit and intermediate) nodes, leading themselves to be able to anonymously inspect / MITM traffic from any exit node they operate, as well as correlate flows between non exit nodes to be able to find the original source of a flow."
Jonathan
On 9 September 2015 at 07:10, Gareth Llewellyn < gareth@networksaremadeofstring.co.uk> wrote:
On Tue, Sep 8, 2015 at 9:04 PM, Jonathan Baker-Bates < jonathan@bakerbates.com> wrote:
So does anyone know of any reliable source of information on running Tor exits in the UK?
No but I run several UK based Tor exits and have had little issue other than the usual abuse reports, that said the relays in question are operated by a separate legal entity that is it's own ISP (RIR allocation / ASN etc).
What would happen if my ISP pressed me to monitor my traffic, and I
refused on legal grounds? I'm not suggesting I actually do that, or that there are even any legal grounds to refuse.
**** IANAL **** but to elaborate on something that Thomas said there is also a consideration of the Regulation of Investigatory Powers Act, the Data Retention and Investigatory Powers Act and Counter Terrorism and Security Act.
Starting with RIPA s1.
It shall be an offence for a person intentionally and without lawful authority to intercept, at any place in the United Kingdom, any communication in the course of its transmission by means of—
(a)a public postal service; or
(b)a public telecommunication system.
RIPA s2. defines interception;
(2)For the purposes of this Act, but subject to the following provisions of this section, a person intercepts a communication in the course of its transmission by means of a telecommunication system if, and only if, he—
(a)so modifies or interferes with the system, or its operation,
(b)so monitors transmissions made by means of the system, or
(c)so monitors transmissions made by wireless telegraphy to or from apparatus comprised in the system,
as to make some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication.
Finally an act is unlawful if it falls foul of s1 (5);
(5) Conduct has lawful authority for the purposes of this section if, and only if—
(a) it is authorised by or under section 3 or 4;
(b) it takes place in accordance with a warrant under section 5 (“an interception warrant”); or
(c) it is in exercise, in relation to any stored communication, of any statutory power that is exercised (apart from this section) for the purpose of obtaining information or of taking possession of any document or other property;
So it would seem that RIPA (which is due to be replaced in the next couple of months by the Investigatory Powers Bill) says that you are not allowed to intercept data.
Moving on to the Data Retention and Investigatory Powers Act (and by extension the Counter Terrorism and Security Act) there is s1. of DRIPA which says;
The Secretary of State may by notice (a “retention notice”) require a
public telecommunications operator to retain relevant communications data if the Secretary of State considers that the requirement is necessary and proportionate for one or more of the purposes falling within paragraphs (a) to (h) of section 22(2) of the Regulation of Investigatory Powers Act 2000 (purposes for which communications data may be obtained
s2. defines a telecommunications operator;
“public telecommunications operator” means a person who—
(a) controls or provides a public telecommunication system, or (b) provides a public telecommunications service;
“public telecommunications service” and “public telecommunication system” have the meanings given by section 2(1) of the Regulation of Investigatory Powers Act 2000;
Section 2(1) of RIPA has many definitions but this one closest applies to Tor;
“telecommunication system” means any system (including the apparatus
comprised in it) which exists (whether wholly or partly in the United Kingdom or elsewhere) for the purpose of facilitating the transmission of communications by any means involving the use of electrical or electro-magnetic energy.
So, the Secretary of State or the Police can serve you a retention notice or an interception warrant *allowing* you to intercept data, past that point you can probably point to RIPA and say it'd be illegal.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays