[tor-relays] Legal status of operating Tor exit in UK?

Wed Sep 23 17:02:54 UTC 2015

I forgot to thank those on the list who replied to this thread. They have
been very helpful.

For the benefit of anyone else in a similar position:

My ISP (after consulting with LINX) has conceded that the legality of
monitoring the exit is unclear. They have now asked if I would be willing
to block port 80 on my exit, or have them monitor my traffic instead in
their capacity as a commercial operator. I've reluctantly opted for the
former.

Meanwhile, members may be interested to hear what the owner of the ISP had
to say about Tor. I thought I'd put it here as a footnote to this thread by
way of an example of the range of opinion in the technical community. I
have no strong opinion on the matter.

"I'm still not convinced that ToR isn't just an incredibly clever
US government scheme where the US government stealthily operate a
majority of the ToR (exit and intermediate) nodes, leading themselves
to be able to anonymously inspect / MITM traffic from any exit node
they operate, as well as correlate flows between non exit nodes to be
able to find the original source of a flow."

Jonathan

On 9 September 2015 at 07:10, Gareth Llewellyn <
gareth at networksaremadeofstring.co.uk> wrote:

> On Tue, Sep 8, 2015 at 9:04 PM, Jonathan Baker-Bates <
> jonathan at bakerbates.com> wrote:
>
>> So does anyone know of any reliable source of information on running Tor
>> exits in the UK?
>>
>
> No but I run several UK based Tor exits and have had little issue other
> than the usual abuse reports, that said the relays in question are operated
> by a separate legal entity that is it's own ISP (RIR allocation / ASN etc).
>
>
> What would happen if my ISP pressed me to monitor my traffic, and I
>> refused on legal grounds? I'm not suggesting I actually do that, or that
>> there are even any legal grounds to refuse.
>>
>
> **** IANAL **** but to elaborate on something that Thomas said there is
> also a consideration of the Regulation of Investigatory Powers Act, the
> Data Retention and Investigatory Powers Act and Counter Terrorism and
> Security Act.
>
> Starting with RIPA s1.
>
>> It shall be an offence for a person intentionally and without lawful
>> authority to intercept, at any place in the United Kingdom, any
>> communication in the course of its transmission by means of—
>>
>> (a)a public postal service; or
>>
>> (b)a public telecommunication system.
>>
>
>  RIPA s2. defines interception;
>
>> (2)For the purposes of this Act, but subject to the following provisions
>> of this section, a person intercepts a communication in the course of its
>> transmission by means of a telecommunication system if, and only if, he—
>>
>> (a)so modifies or interferes with the system, or its operation,
>>
>> (b)so monitors transmissions made by means of the system, or
>>
>> (c)so monitors transmissions made by wireless telegraphy to or from
>> apparatus comprised in the system,
>>
>> as to make some or all of the contents of the communication available,
>> while being transmitted, to a person other than the sender or intended
>> recipient of the communication.
>>
>
> Finally an act is unlawful if it falls foul of s1 (5);
>
>> (5) Conduct has lawful authority for the purposes of this section if, and
>> only if—
>>
>> (a) it is authorised by or under section 3 or 4;
>>
>> (b) it takes place in accordance with a warrant under section 5 (“an
>> interception warrant”); or
>>
>> (c) it is in exercise, in relation to any stored communication, of any
>> statutory power that is exercised (apart from this section) for the purpose
>> of obtaining information or of taking possession of any document or other
>> property;
>>
>
> So it would seem that RIPA (which is due to be replaced in the next couple
> of months by the Investigatory Powers Bill) says that you are not allowed
> to intercept data.
>
> Moving on to the Data Retention and Investigatory Powers Act (and by
> extension the Counter Terrorism and Security Act) there is s1. of DRIPA
> which says;
>
> The Secretary of State may by notice (a “retention notice”) require a
>> public telecommunications operator to retain relevant communications data
>> if the Secretary of State considers that the requirement is necessary and
>> proportionate for one or more of the purposes falling within paragraphs (a)
>> to (h) of section 22(2) of the Regulation of Investigatory Powers Act 2000
>> (purposes for which communications data may be obtained
>
>
> s2. defines a telecommunications operator;
>
> “public telecommunications operator” means a person who—
>> (a) controls or provides a public telecommunication system, or
>> (b) provides a public telecommunications service;
>>
>> “public telecommunications service” and “public telecommunication system”
>> have the meanings given by section 2(1) of the Regulation of Investigatory
>> Powers Act 2000;
>>
>
> Section 2(1) of RIPA has many definitions but this one closest applies to
> Tor;
>
> “telecommunication system” means any system (including the apparatus
>> comprised in it) which exists (whether wholly or partly in the United
>> Kingdom or elsewhere) for the purpose of facilitating the transmission of
>> communications by any means involving the use of electrical or
>> electro-magnetic energy.
>>
>
>
>
> So, the Secretary of State or the Police can serve you a retention notice
> or an interception warrant *allowing* you to intercept data, past that
> point you can probably point to RIPA and say it'd be illegal.
>
>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150923/d318df0d/attachment.html>