[tor-relays] Legal situation of tor in Europe

Rejo Zenger rejo at zenger.nl
Mon Mar 9 19:36:41 UTC 2015 

++ 09/03/15 06:16 +0000 - oneofthem at riseup.net:
>Can someone point me to an overview of the different legal situations 
>for running tor relays in European countries? I'm especially 
>interested how the situation differs per country.

I can't really help you: I don't have the overview of Europe, nor I am a 
laywer. 

Having said that, in the Netherlands there would be two considerations 
to make when running an exit-relay.


1) Your provider may consider your use breaching their AUP. You may be 
held responsible by your provider for the traffic to the internet that 
is leaving your connection, even if in fact it is the traffic of others.  
So, if someone else using the Tor-network, is incidentally using your 
exit-node and is doing something your provider doesn't like (e.g.  
sending spam, doing hacking attempts), your provider may complain to 
you. As you are not in the position to stop this, your provider may 
disconnect you. 

However, there's this clause in the eCommerce directive stating that you 
can't held resonsible for what is leaving your connection if you are 
only relaying the information (provided you meet three criteria [1]). 
Whether this also applies to the operator of a Tor-node is unclear: it 
has never been tested in court.

2) The police may knock on your door and ask you to complain. If someone 
hacks into a computer while exiting the Tor-network using your relay, 
your IP-address would seem to be the source of the hack. It's not that 
unreasonable that the police would ask you to elaborate. This explains 
why you should never mix your own traffic with that of your exit-node. 

In the Netherlands, the police does know about Tor more and more. 
Consequently, the changes that the police will knocking at your door 
just before dawn is getting smaller and smaller. Most of the times, the 
police will be able to tell a exit-node is involved and instead will 
call you for a visit to the police station (to explain the situation). 
However, the police of course still needs to consider your involvement 
for a moment and so may make a different judgement in specific cases.

To the best of my knowledge, the last time a house has been raided just
because the IP-address of the Tor exit-node of the owner was the source 
of malicious traffic was a long time ago. More than six years ago. I 
have seen reports of people invited to the police station, but those 
invitations were much more friendly and mostly meant to get a statement 
on the exit-node the owner was running. 

If you do have a different experience, in the Netherlands, please let me 
know. 

I have written about this in Dutch:

  https://www.bof.nl/2014/12/17/juridische-risicos-van-het-draaien-van-een-tor-node/



[1] You do no initiate the transmission, you do no select the receiver 
of the transmission and you do not select or modify the information 
contained in the transmission.

-- 
Rejo Zenger
E rejo at zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl  
T @rejozenger | J rejo at zenger.nl
OpenPGP   1FBF 7B37 6537 68B1 2532  A4CB 0994 0946 21DB EFD4
XMPP OTR  271A 9186 AFBC 8124 18CF  4BE2 E000 E708 F811 5ACF
Signal    0507 A41B F4D6 5DB4 937D  E8A1 29B6 AAA6 524F B68B 
          93D4 4C6E 8BAB 7C9E 17C9  FB28 03
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 931 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150309/959977ac/attachment.sig>

More information about the tor-relays mailing list