What will happen to Tor after the new German data retention law takes effect?

[Ringo Kamens]

Yeah, and they certainly should get involved with this, although I'm
not sure how. This is a dark day for germany. I keep hearing the word
draft being thrown around, so I'm guessing this isn't law yet. Has the
time for public comment ended? Which german officials can/do stand in
the way of this becoming law? We can get an advocacy campaign running
fairly quickly with letters, phone calls, and the whole deal. This is
a big issue that could warrant street protests and I'll personally
make a visit to my german consulate if there's one within 100 miles of
me. If anybody is interested in such a campaign, please email me off
list to keep traffic down.
Comrade Ringo Kamens

On 6/14/07, Smuggler <smuggler at kryptohippie.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Eugen Leitl wrote:
> > Do you have a link to the draft? You don't mention private individuals,
> > just organisations.
>
> Draft and comments sent via private email.
> Private individuals: It seems to me that private individuals fall under
> the same rule when providing services to the public.
>
> > I'm not sure Tor is a "telecommunication service" in the sense of the law,
> > IANAL, of course. As a middleman, I'm just stripping the skin and
> > passing on an encrypted payload to somebody else. I do not offer any
> > access to any web site, etc. This is different from exit nodes.
> > The difference might be significant enough.
>
> In the sense of the law both middlemen and exit nodes provide
> "telecommunication services". The concept of relaying communication is
> enough already. Though for middlemen nodes one could take your argument
> and say that it is an internal service (that means not affected by the
> law) if it doesnt accept connections by any senders accept other Tor
> nodes. I am pretty sure that if middlemen dont relay any traffic to/from
> non-Tor IPs then they should be pretty safe. Unless however the Tor
> network is seen as being ONE service (not many, i.e. per node).
>
> > Assuming our interpretation of a yet unpassed law is correct, it would
> > depend very much whether this is going to be actively enforced against
> > middleman nodes, which do not draw direct complaints.
>
> I have made some daunting experiences with German law enforcement
> (anonymizing only servers being stolen, home and office searched in very
> early morning, direct charges against me as operator) even today. I do
> NOT think that this is going to become better. So far non of their
> assaults was successful because we had still some law to protect us. But
> with data retention in the books we will loose that protection. I
> imagine several LKA and BKA people already waiting for the day to f***
> us/me.
>
> > In the end, if (note the conditional) the criminalization of anonymizing
> > mix cascades is complete in a certain jurisdiction, or most jurisdictions,
> > I suggest utilizing the few advantages of illegality: deploying Tor as a
> > self-propagating and self-updating botnet vector -- as benign as humanly
> > possible, of course. It would be very important that whoever is to do
> > that is in no ways connected to the Tor project. By posting to this
> > list this my purely private (I speak only for myself and nobody
> > else) opinion, I am of course completely disqualified to do that.
> > I would also expect and welcome any Tor developers to condemn and
> > distance themselves from this particular idiotic suggestion here.
>
> I hereby distance myself without being a core Tor developer or otherwise
> affiliated with them.
>
> > How about adding more hops, and/or use jurisdictional compartments
> > who can't/won't persecute and/or do not cooperate well with each
> > other. I'm cure we can think of a few tuples off-hand.
>
> Seems to be the most effective way for me. But it would leave the Tor
> node ops with the problem of having to store the connection data. Which
> can be some substantial cost to bear.
>
> >> "connection data" is. I am pretty sure that they will claim that streams
> >
> > Connection data is who is talking to whom, when. It does not
> > include the contents of the communication.
>
> I meant that they might qualify streams as connections as well which
> means that not only TCP/IP connection parameters are to be stored but
> also connection data that is created by the protocol (e.g. being in the
> stream). They already claim that for VoIP.
> The problem with all that is that the exact technicalities are not part
> of the law but are decided on level of bureaucracy and can be changed
> every so often. The politicians have no clue about the Internet at all
> and they don't have to because they leave the details to non-elected
> "consultants" and other <put in curse>.
>
> > I think at this point a few of German Tor operators need to think
> > whether we should pool funds, and consult a lawyer sufficiently competent
> > with German/EU online law. Maybe the EFF can recommend sombody, or even
> > offer a more competent interpretation?
>
> I think the best organisation to call for that would be the CCC.
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFGcW2UOMmnRrmEoQkRAlpIAJ4iXhCrzNBOkvxSRXWM5gypMB439ACgqN86
> bYZzT0OCvXpewg6/CMvqs5M=
> =3er1
> -----END PGP SIGNATURE-----
>