[tor-talk] William was raided for running a Tor exit node. Please help if you can.

Eugen Leitl eugen at leitl.org
Fri Nov 30 09:43:53 UTC 2012


----- Forwarded message from "Naslund, Steve" <SNaslund at medline.com> -----

From: "Naslund, Steve" <SNaslund at medline.com>
Date: Thu, 29 Nov 2012 17:39:21 -0600
To: NANOG <nanog at nanog.org>
Subject: RE: William was raided for running a Tor exit node. Please help if
	you can.

You are correct about most people not falling under CALEA.  That also
means that they do not have the "safe harbor" provisions provided to
facilities based providers (however an open wireless hotspot MIGHT just
make you a wireless facilities based provider).  You are not under an
obligation to provide data under CALEA but a court can order you collect
that data going forward, allow LE to tap a device, or just seize the
server to study it anytime they feel you may have evidence of a crime.
A court can seize almost anything from anyone as long as a judge thinks
it is a reasonable search and seizure.  If you provide someone with any
kind of tools or services (free or not) you are opening yourself up to a
liability.  If you are in physical possession of a server that contains
kiddie porn you are likely to go to jail.  I am not saying this Tor
server has data like that onboard (but I suppose there could be caches,
temp files, and such) but they are going to look until they understand
it.  You may very well be able to defend your right to a Tor server but
it is certainly going to cost you a lot of money and I am sure it is
going to be uncomfortable to explain why you want to have one to a judge
when LE explains all the evil uses for one.

When it comes to running an open access point, I think the legal issue
would be negligence.  Is it negligence for the 90 year old grandma to
have an open AP (probably not, just didn't know better)?  Is it
negligence for me to have an open AP (probably, I am a network
professional and know how to secure a network).

As a long time service provider I can tell you that a lot of CALEA
enforcement has to do with good faith more than the letter of the law.
If your policy is to delete logs after 30 days and the cops show up on
day 31, no big deal.  If they show up at day 5 and you say you dump your
logs at day 4, expect to get grilled.  They can tell real quick if you
are cooperating to the best of your ability.  In the early Internet
days, before the CALEA applied to ISPs I had to try to work with LE to
comply with court orders and often we explained the technology and
limitations of it to the FBI.  We were even involved in expert testimony
to explain how this "Internet Stuff" worked.  Often we did not have the
data they wanted but there were ways to get it for an ongoing
investigation.  Our policy was to not provide specific data without a
court order but we would begin collecting it as soon as a LE agent told
us they were going to try to obtain it.  It was just a professional
courtesy to them.  I know there is a big counter-culture, no big
brother, no regulation attitude toward a lot of Internet issues but I
have seen some sick cases involving emailed threats (later carried out)
and kids that made me give the law the benefit of the doubt in a lot of
cases.  There are lots of evil people out there and the Internet is a
big tool for them.

I have no statistics to back this up (and no one probably does) but with
my many years of experience in engineering ARPANET, MILNET, and the
Internet I would have to guess that most Tor servers are used for no
good much more than they are protecting anyone's privacy.  I am guessing
that a ton of the Tor traffic is likely to be BitTorrent that is just as
likely copyrighted material.  That does not mean that Tor or BitTorrent
is evil but as network professionals we all know (wink, wink) what that
kind of stuff is really mainly used for. That probably does not affect
your legal rights to have a Tor server but certainly affects my decision
to donate to your defense if you get in a legal case.

This is certainly an interesting discussion and I think there are not a
lot of concrete answers since this is on the edge of technology law.  I
do think history shows us that while the government lags behind, they
will eventually find a way to control this if it suits them and becomes
a source of pain for them.

Done with this subject, sorry for the long windedness 

Steven Naslund



-----Original Message-----
From: George Herbert [mailto:george.herbert at gmail.com] 
Sent: Thursday, November 29, 2012 2:53 PM
To: Naslund, Steve
Cc: NANOG
Subject: Re: William was raided for running a Tor exit node. Please help
if you can.

On Thu, Nov 29, 2012 at 12:42 PM, Naslund, Steve <SNaslund at medline.com>
wrote:
> The entire point of Tor is to be untraceable back to the source.  
> Egress filters can prevent future abuse but do not provide for tracing

> back to the original source of offending conduct. They are not trying 
> to stop the flow of the data in this case, they want the source in 
> jail.  If law enforcement comes to you and asks you to show them the 
> source or destination on a case like the one in question, you cannot 
> comply and if law enforcement asks you to trap this data in the future

> you will also have a problem complying because I think you cannot 
> identify the original source.

If you run an open wireless access point and don't log MACs / MAC to IP
DHCP assignments, you are in similar straights.

If they come to you 31 days after the data flow and you retain logs for
30, you are in similar straights.

If someone faked their wireless MAC and the data in your log is not
definitive, everyone's stymied.

If someone went into a Library and used an open access computer, there's
often no log of who / when.


The assertion being made here, that it's somehow illegal (or immoral, or
scary) for there to be not-completely-traceable internet access in the
US, is absurd.

CALEA doesn't say what you're asserting.  From the First Report and
Order:

"24. In this section, we find that facilities-based providers of any
type of broadband Internet access service, including but not limited to
wireline, cable modem, satellite, wireless, fixed wireless, and
broadband access via powerline are subject to CALEA"  (
http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-05-153A1.pdf  )

If you're not a facilities-based provider, you aren't covered.



--
-george william herbert
george.herbert at gmail.com

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


More information about the tor-talk mailing list