Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The EFF Reflects On ICE Seizing a Tor Exit Node

timothy posted more than 3 years ago | from the when-dumb-things-happen dept.

Electronic Frontier Foundation 252

An anonymous reader writes "Marcia Hofmann, senior staff attorney at the EFF, gives more information on the first known seizure of equipment in the U.S. due to a warrant executed against a private individual running a Tor exit node. 'This spring, agents from Immigration and Customs Enforcement (ICE) executed a search warrant at the home of Nolan King and seized six computer hard drives in connection with a criminal investigation. The warrant was issued on the basis of an Internet Protocol (IP) address that traced back to an account connected to Mr. King's home, where he was operating a Tor exit relay.' The EFF was able to get Mr King's equipment returned, and Marcia points out that 'While we think it's important to let the public know about this unfortunate event, it doesn't change our belief that running a Tor exit relay is legal.' She also links to the EFF's Tor Legal FAQ. This brings up an interesting dichotomy in my mind, concerning protecting yourself from the Big digital Brother: Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes."

cancel ×

252 comments

Sorry! There are no comments related to the filter you selected.

Obligatory: (-1)

Anonymous Coward | more than 3 years ago | (#37217476)

This is why we need COMMUNISM! (1)

For a Free Internet (1594621) | more than 3 years ago | (#37217512)

Folks, if you can't see that capitalism is a bloody hellhole, you are blind. We need Communism now! International proletarian revolution is the only way!

Re:This is why we need COMMUNISM! (2)

Hazel Bergeron (2015538) | more than 3 years ago | (#37217618)

Straight from today to communism? That's an unlikely sequence.

As long as you have a capitalist welfare state supporting by a local labour aristocracy, you won't have a local exploited proletariat in which to raise united consciousness. The anarchists a century ago were already arguing this and it's come true. You would be better campaigning for better conditions abroad or for the sort of trade protectionism against abusive states which caused South Africa to be shunned in the '80s.

ICE is doing what now? (0, Flamebait)

d3ac0n (715594) | more than 3 years ago | (#37217538)

Isn't ICE supposed to be dealing with illegal immigrants? Oh, right. I forgot. This is the Barry administration, where the Justice Department doesn't prosecute the Black Panthers for voter intimidation (even though they already won the case) and ICE has been tasked with ensuring that illegals are allowed to remain here, as long as they are registered Democrats.

Welcome to the United States of Chicago politics.

Re:ICE is doing what now? (5, Informative)

betterunixthanunix (980855) | more than 3 years ago | (#37217560)

Immigration and Customs Enforcement. If you are downloading child pornography across US borders, it falls under the jurisdiction of ICE. Of course, harassing Tor exit node operators should not fall under the jurisdiction of any agency, but in Soviet America, harassing service operators who are not registered corporations is what we do.

Re:ICE is doing what now? (4, Insightful)

dreemernj (859414) | more than 3 years ago | (#37217734)

You are acting like the fact this guy was running a Tor exit node somehow means it was impossible for him to commit the crime. That is a ridiculous line of thought and if things operated that way, every criminal could simply operate a Tor exit node and be out of reach of investigation.

Re:ICE is doing what now? (5, Interesting)

betterunixthanunix (980855) | more than 3 years ago | (#37218062)

every criminal could simply operate a Tor exit node and be out of reach of investigation.

Or they could just use Tor, and avoid being investigated in the first place. Which is what happened in this case.

The "every criminal will use this excuse" theory is baseless. If an IP address is the only evidence that someone committed a crime, then that person should not be convicted -- and we should be examining what sort of laws led to a situation where IP addresses are the only evidence needed for a search or arrest warrant. I share an Internet connection with several other people; should we all be arrested if the IP address happened to be an endpoint of illegal data? There are dozens of people who have SSH access to my research group's server, and it is possible that any of them could use that server as a proxy -- should the server and all of our computers be confiscated, and all of us arrested, if the IP address shows up during an investigation?

IP addresses are not a form of identification, and even less so when a Tor exit node has that IP address. Anyone could be a criminal, but we should have higher standards for evidence when it comes to issuing warrants and confiscating equipment.

Re:ICE is doing what now? (2)

rainsford (803085) | more than 3 years ago | (#37218108)

IP addresses don't definitively identify individuals (and I'm not aware of any case where that alone was used to convict someone), but disallowing their use as probable cause for a search warrant would seem to set an unreasonably high legal bar.

Re:ICE is doing what now? (2)

zeroshade (1801584) | more than 3 years ago | (#37218226)

I don't think he's disallowing their use, he's disallowing their use as the ONLY basis for probable cause. If your investigation leads to a specific IP address which multiple people could possibly have used to commit the crime, an arrest warrant should not be given for EVERYONE. A search warrant should be given for the end point, but only if the operator will not respond to a subpeona for the logs.

IP Addresses alone are used to definitively identify copyright infringement all the time, frequently it is wrong but has been allowed to go through.

Re:ICE is doing what now? (4, Insightful)

betterunixthanunix (980855) | more than 3 years ago | (#37218232)

disallowing their use as probable cause for a search warrant would seem to set an unreasonably high legal bar.

No, it would set the legal bar exactly where it should be: requiring the police to actually identify a person as a suspect. If the police are unable to do so, then they should not be granted a warrant -- this is not a country where we grant the police general search warrants, and it is better to let some criminals walk free than to harass innocent people.

Re:ICE is doing what now? (-1)

Sarten-X (1102295) | more than 3 years ago | (#37218358)

So the investigation would have to be finished before it could begin... great plan!

Re:ICE is doing what now? (2)

DanTheStone (1212500) | more than 3 years ago | (#37218148)

I share an Internet connection with several other people; should we all be arrested if the IP address happened to be an endpoint of illegal data?

Don't be silly, only the men would be arrested.

Re:ICE is doing what now? (4, Interesting)

hairyfeet (841228) | more than 3 years ago | (#37218448)

I'd say the truly sad part is all this Gestapo crap is a complete waste of time because the cops know that isn't where the target is. I have a friend that works state crime lab and according to him after those big busts around 5 years ago actual predators simply stopped using the Internet for CP. he said the only ones you catch that way now are social retards that touch nobody but themselves and are whacking off to the same shit that has been floating around since the 80s.

So what do the real child molesters use? USPS of all things. They only use the net long enough to set up a trade on a back alley board which according to my friend there is ZERO chance of a cop infiltrating because the entrance fee is video of you molesting a kid with an object of their choosing and they don't give enough time to fake the video.

After that it is all encrypted DVDs and mail dumps. So many DVDs go through media mail nobody is ever gonna notice and if they don't get a response within x amount of time they consider that link dead and move on. According to my friend they are quite worried that terrorist types are taking notes from the CP scum as their system is damned near foolproof. the only reason they even know of it is every once in a while a kid that one of them was abusing will tell and they'll find the discs, not that they can read them of course. And with guys looking at 500+ years for all the abuse and no prosecutor EVER gonna make a deal with a serial child rapist good luck on getting one to flip.

So in the end all you get is what my friend calls the "Social retards" that are completely harmless. One they busted had been so isolated from humans, even going so far as to have all his food delivered, that they had to tranc him like an animal to get him out of the building. According to him the ones they get now are a complete waste of money as you are throwing guys that if you threw them in a room with a kid would go hide in a corner into a cell for 60 years at taxpayer expense while the ones who actually rape children are nowhere near there. but the politicos want the "catch a predator" style headlines so they waste the cash.

So just as in TFA we piss money down a rathole all in the cause of "doing something" even if that something is completely fucking pointless and doesn't actually solve anything. Welcome to Amerika, where your rights can be shot to shit as long as its "for teh childrenz!"

Soviet America? (1)

RulerOf (975607) | more than 3 years ago | (#37217928)

harassing Tor exit node operators should not fall under the jurisdiction of any agency, but in Soviet America,

In Soviet America, ICE melts you?

Re:ICE is doing what now? (4, Informative)

Speare (84249) | more than 3 years ago | (#37217566)

Isn't ICE supposed to be dealing with illegal immigrants?

While I decry ICE's decision-making process and think it's reaching beyond its authority, I think it's silly to say that TOR investigation is entirely outside of ICE's domain. Immigration and Customs Enforcement. We still live in a USA where some software and data imports and exports are considered unlawful, whether it's controlled technology (cryptology, espionage, classified data) or the more pedestrian types like child pornography.

Re:ICE is doing what now? (1)

For a Free Internet (1594621) | more than 3 years ago | (#37217612)

Imperialist commander-in-chief Obama is kidnapping and deporting more immigrants than any president in history. So shut up you lying racist fuckface. Why don't you learn Spanish, you ignorant bigoted slob? Down with the Democrats and Republicans, parties of racist American capitalism! Full citizenship rights for all immigrants! COMMUNSIM NOW!

Re:ICE is doing what now? (5, Insightful)

Anonymous Coward | more than 3 years ago | (#37217620)

Isn't ICE supposed to be dealing with illegal immigrants? Oh, right. I forgot. This is the Barry administration, where the Justice Department doesn't prosecute the Black Panthers for voter intimidation (even though they already won the case) and ICE has been tasked with ensuring that illegals are allowed to remain here, as long as they are registered Democrats.

No, ICE (which was renamed during the reorganization of INS that took place under the Bush II administration, you partisan hack) stands for Immigrations and Customs Enforcement.

Sovereign states have the right to control what passes over their borders. It's part of the definition of statehood. Immigration is about who, Customs is about what.

Back on topic, EFF's "Tor is Legal" sounds an awful lot like the arguments made to justify Freenet back in the day. Ultimately, they all rely on notions like "in any sane legal system", or "in any free country". Problem is, by those sorts of definitions of "free" or "sane", the country hasn't been free since Patriot I, and its legal system has never been sane.

With the end of the Cold War and the demise of the USSR, we lost any motivation for claiming the moral high ground. From printers that identify their owners (like the Romanian archives of individual keystrokes from every manual typewriter), to widespread and omnipresent surveillance (decades before it became a meme, "In Soviet Russia, television watches YOU" was a joke about how much more free we were than the Russians), we ended up becoming what we fought against.

Re:ICE is doing what now? (0)

Anonymous Coward | more than 3 years ago | (#37217698)

Obama is doing as much if not more than Bush. Sorry Mr. Republican. Also more than Reagan.

BTW- ICE is also supposed to regulate customs. Their resposibilities exceed removing non-whites from your purview.

don't let your stuff be used for criminal stuff (4, Insightful)

alen (225700) | more than 3 years ago | (#37217544)

seizing anything that is suspected of being used for criminal activity has been perfectly legal for hundreds of years. and there is no excuse that you were running some service or other and didn't know what other people were doing. if the cops get a hunch they will seize your stuff to look for evidence and impound it if there is evidence of a crime

Re:don't let your stuff be used for criminal stuff (4, Insightful)

pseudocode (2445502) | more than 3 years ago | (#37217562)

You're right - it's like lending someone a car which they then commit a crime with; you're not guilty of a crime, but it's still fair enough for them to impound the car as evidence.

Re:don't let your stuff be used for criminal stuff (1)

bjamesv (1528503) | more than 3 years ago | (#37217636)

Keep your gate open for your neighbors, but if there is a crime on your patio - you want the doors to your house to be securely and _clearly locked.

Hardware is so inexpensive now a days; a participatory, community-building point of view suggests you should be running two sets of hardware. One set for your open WiFi and Tor exit node, and the other for your personal use.

With costs as low as they are you should not have to abandon your peers just to protect yourself from heavy-handed law enforcement.

Re:don't let your stuff be used for criminal stuff (2)

Zerth (26112) | more than 3 years ago | (#37217682)

Hardware is so inexpensive now a days; a participatory, community-building point of view suggests you should be running two sets of hardware. One set for your open WiFi and Tor exit node, and the other for your personal use.

Except they won't bother to check, they'll just take everything you own. Although I suppose you could go the "True Names" route and bury your personal equipment.

Re:don't let your stuff be used for criminal stuff (2)

ofc (311641) | more than 3 years ago | (#37217748)

And when they come to seize your hardware, they will simply leave your for personal use equipment alone, because you told them that it hasn't been used for illegal activities.

Re:don't let your stuff be used for criminal stuff (1)

AJH16 (940784) | more than 3 years ago | (#37218298)

It isn't heavy handed law enforcement and they won't be able to tell the difference at the time of seizure. They confiscate the equipment not because they even necessarily expect you of a crime, but rather because evidence of a crime may exist on it. If they don't find anything, they can return it. Running separate hardware is a good way to make sure you can get your personal stuff back faster if anything useful to the investigation is actually found on the public hardware.

Re:don't let your stuff be used for criminal stuff (1)

Richard_at_work (517087) | more than 3 years ago | (#37217686)

How about agreeing to take a sealed parcel for a stranger with you while you travel the world, and delivering it to another stranger...

How many people would say yes to that?

Re:don't let your stuff be used for criminal stuff (3, Insightful)

biodata (1981610) | more than 3 years ago | (#37217756)

Quite a few corporations do this routinely and are never prosecuted for it. Individuals are unlikely to take the risk due to the personal cost of a mistake, against which they can't insure. Carrying parcels for people on aeroplanes is not the same as sharing your spare computer capacity with anyone who needs some at the time. You are not carrying anything for anyone.

Re:don't let your stuff be used for criminal stuff (1)

elrous0 (869638) | more than 3 years ago | (#37218090)

You are not carrying anything for anyone.

The feds don't see it that way, anymore than they see someone's illegal computer files as "just a bunch of 1's and 0's."

Re:don't let your stuff be used for criminal stuff (1)

Anonymous Coward | more than 3 years ago | (#37217766)

I don't know, how many FedEx, UPS, and USPS guys are there?

Re:don't let your stuff be used for criminal stuff (0)

Anonymous Coward | more than 3 years ago | (#37217922)

about the same number of people who make moronic internet posts.

wow. that's a lot.

Re:don't let your stuff be used for criminal stuff (1)

viridari (1138635) | more than 3 years ago | (#37218024)

Pretty much any courier.

Re:don't let your stuff be used for criminal stuff (5, Insightful)

betterunixthanunix (980855) | more than 3 years ago | (#37217574)

Right, that's why ISPs constantly have their routers and DNS servers seized, because so many people are using those computers for criminal activity.

Oh, wait -- ISPs are corporations, so we treat them differently. When it is some guy running a service out of his home, then the other set of rules applies, where the service operator is harassed by ICE and threatened when his equipment is returned.

Re:don't let your stuff be used for criminal stuff (1)

Anonymous Coward | more than 3 years ago | (#37217672)

Oh, wait -- ISPs are corporations, so we treat them differently.

Yes, because you know that those routers are not endpoints. You can't know that of a TOR relay.

Re:don't let your stuff be used for criminal stuff (0)

Anonymous Coward | more than 3 years ago | (#37218012)

What do you mean by endpoint? The Tor exit node is between the source and destination of the traffic.
source -> routers -> exit node -> routers -> tor node -> ... -> destination

Re:don't let your stuff be used for criminal stuff (1)

Inda (580031) | more than 3 years ago | (#37217712)

Mr King, if that's his real name, had an Internet Protocol (IP) address that was leaking onion rings on to the internets.

Have you not seen the warnings? He had an unsecure IP address!

Re:don't let your stuff be used for criminal stuff (0)

Anonymous Coward | more than 3 years ago | (#37218340)

What's all this about onion rings and the Burger King?

Re:don't let your stuff be used for criminal stuff (1)

Sarten-X (1102295) | more than 3 years ago | (#37217864)

One guy running an exit node does not a service provider make.

Traffic through ISPs is expected to originate with the customers. If an ISP itself is also participating in criminal activity, their equipment gets seized, too [google.com] . That's just not as common as some end user doing something illegal. Then, of course, there's the various political reasons. ISPs maintain logs of who has what address, and can quite quickly turn those logs over to police when asked. Note that I said "asked", not "presented with a search warrant". It's a professional relationship, and it's a great way to stay out of severe trouble.

The fact that an ISP is a corporation adds another important detail as well - multiple people. As a group grows larger, the probability for dissent increases. This is why conspiracies fail and governments are inefficient [schlockmercenary.com] . At a corporation, there is a reasonable expectation that the business and the majority of its employees will follow applicable laws. If someone is found not following laws, it's likely that the first ones to know about it will be their coworkers, who will take steps to ensure their job security, including talking to police. With a one-man operation, there is no such expectation. The police can reasonably expect the guy to say whatever he can to avoid being convicted, whether or not he actually did anything illegal.

Running an exit node is like volunteering yourself for anything. You might end up helping someone commit a crime. If you want to protect yourself, keep logs of what the exit node's doing, establish a good relationship with police, and hand over those logs at a moment's notice. You're still likely to have equipment seized/searched, but it's much easier to claim you were unknowingly used if you can point at someone else. If this is too much against the principles that caused you to run an exit node in the first place, then expect to suffer for your cause.

Re:don't let your stuff be used for criminal stuff (2, Insightful)

betterunixthanunix (980855) | more than 3 years ago | (#37218008)

Traffic through ISPs is expected to originate with the customers

A provably false assumption even when Tor is not involved. I share an Internet connection with several other people, and my name is not the name of the account holder. When I was in high school, my (nerdier) friends and I used to grant ssh access to each other -- someone who was not even a resident of my home could have been using my Internet connection. I once discovered that a network administrator had not changed the default password on a router; I could have used that router to relay any traffic I wanted. Then there is this:

http://www.itworld.com/security/84077/child-porn-malwares-ultimate-evil [itworld.com]

As the EFF said, an IP address does not identify a human being, and it does not necessarily identify a specific computer. An IP address may be helpful in an investigation as a clue, but a lot more evidence is needed before you can claim that any person or residence is responsible for the traffic originating at an IP address.

Running an exit node is like volunteering yourself for anything. You might end up helping someone commit a crime.

Parking your car in the right spot on the street might help someone commit a crime. So what? Even the police use Tor, when for example they are investigating illegal websites and don't want to reveal that they are law enforcement. Exit node operators should not face this sort of harassment, especially not in the United States (the country that started the Tor project).

Re:don't let your stuff be used for criminal stuff (3, Insightful)

Sarten-X (1102295) | more than 3 years ago | (#37218288)

I didn't say that traffic always originates with customers. I said it's expected to. That's a reasonable expectation, because the vast majority of home internet connections are for one household and not shared. The US Constitution only protects against unreasonable search and seizure.

These days, more connections are being shared across multiple computers, but still rarely outside the same household. Malware does happen, but it's also rare. Similarly, picking people out of a lineup isn't perfect. DNA evidence degrades over time, and can be contaminated very easily. Firearms can be altered to change their striations. Every kind of evidence used has a level of uncertainty to it, and that's why we have trials to determine whether the amount of evidence supporting a theory is sufficient to show guilt.

The purpose of any investigation is to look for evidence. In this case, the investigation found nothing substantial connecting Mr. King to the crime, so he's not being investigated anymore. Rant all you like about how unreasonable ICE is, but it doesn't change the fact that they did their job perfectly ethically and in accordance with the Constitution. How do you think the investigation should have been conducted, balancing the need to check all potential sources of evidence with the need to respect privacy? Bear in mind, any evidence left in the possession of the suspect after he knows he's under investigation is tainted, and cannot be trusted.

Re:don't let your stuff be used for criminal stuff (2, Insightful)

betterunixthanunix (980855) | more than 3 years ago | (#37218376)

How do you think the investigation should have been conducted

  • Police get logs related to CP investigation.
  • Mr. King's IP address shows up; the police check if it is a known proxy or Tor exit.
  • It is a Tor exit. The police ask Mr. King for any logs he might have, and leave him alone while they continue looking for the real criminal.

Oh no, you mean that while we are busy respecting the rights of our citizens, some criminals might go free?! Yes, that is what I mean.

Re:don't let your stuff be used for criminal stuff (1)

Sarten-X (1102295) | more than 3 years ago | (#37218444)

So your plan involves leaving him alone with his equipment after he knows the investigation is underway. What happens if his logs don't check out? You've created a scenario where the standard of evidence is so high, any criminal can invalidate any evidence of any crime by just sending the police off on a wild goose chase. I sincerely hope you're never on a jury.

Re:don't let your stuff be used for criminal stuff (1)

dvoecks (1000574) | more than 3 years ago | (#37218058)

ISPs are a "common carrier". They're expected to be agnostic about the content going over their network (which is part of why filtering is so heinous. They're having their cake and eating it too, but that's another conversation). As a consumer, you're supposed to be in control of your traffic, and you don't have the same protections.

Re:don't let your stuff be used for criminal stuff (1)

Anonymous Coward | more than 3 years ago | (#37218306)

ISPs are a "common carrier". They're expected to be agnostic about the content going over their network (which is part of why filtering is so heinous.

You're wrong. They negotiated themselves the protections while managing not to be declared common carriers. Theoretically, the same protections should go to the rest of us, too. In real life, they can't arrest a corporation like they can arrest a person.

Re:don't let your stuff be used for criminal stuff (1)

Sockatume (732728) | more than 3 years ago | (#37218110)

There's a balance between the impact of the seizure and the evidentiary value of the equipment. If you seize a TOR node, you're causing a large inconvenience to one, possibly-involved person, seizing a whole lot of unrelated information related to that person, and in return getting one unit of evidence. If you seize just about any single machine from an ISP, in order to get the same unit of evidence, you're causing a large inconvenience to many, almost certainly uninvolved people, and seizing a whole lot of unrelated information related to those people. Correspondingly the latter is frowned upon more than the former, and is much less likely to get a warrant.

Re:don't let your stuff be used for criminal stuff (2)

cheekyjohnson (1873388) | more than 3 years ago | (#37217584)

and there is no excuse that you were running some service or other and didn't know what other people were doing

So just make sure you're watching what every single one of your users/customers are doing at all times. I know I'd want to use such a service.

Re:don't let your stuff be used for criminal stuff (0)

Anonymous Coward | more than 3 years ago | (#37217588)

Criminals use Google. I hear Google has a few computers under the desks as well.

TOR exit nodes are by design free of information about the original source of the traffic.

Re:don't let your stuff be used for criminal stuff (1)

jank1887 (815982) | more than 3 years ago | (#37217660)

So where does the ICE store all the switching network equipment they confiscate from the local bells? I mean, that stuff is used in criminal activity all the time. Wire fraud, internet fraud, hacking, etc. I mean, with the amount of criminal activity on the internet, they must be confiscating enough hardware to fill a few airplane hangars. Think of the expense to the telecom industry in keeping the infrastructure up and running with the government constantly pulling pieces out. Wow.

Re:don't let your stuff be used for criminal stuff (0)

Anonymous Coward | more than 3 years ago | (#37217870)

They'd better get more than a hunch. They'd better get a fucking warrant.

Re:don't let your stuff be used for criminal stuff (1)

Seumas (6865) | more than 3 years ago | (#37217932)

By that logic, they should be seizing servers and shutting down services of the guy's ISP.

Re:don't let your stuff be used for criminal stuff (0)

Anonymous Coward | more than 3 years ago | (#37217986)

there is no excuse that you were running some service or other and didn't know what other people were doing

Unless you have lots of money. Face it, this is the legal defense of every ISP and communications service.

Re:don't let your stuff be used for criminal stuff (1)

elrous0 (869638) | more than 3 years ago | (#37218010)

Even if running a Tor exit node is legal or not, it still wouldn't change the fact that it's an excellent way to end up with the the feds kicking your door in and sticking a gun in your face. Sure; after you spend a fortune on lawyers, fix your door, deal with the fallout of a public arrest and having your name in the papers a kiddie porn aficionado, and (maybe) get your computer(s) back; you may well win your court case. But that's a pyrrhic victory at best.

Intimidation (0)

Anonymous Coward | more than 3 years ago | (#37217558)

What information regarding their case can ICE hope to get from the seized computer? None at all. Seizing the computer has just one purpose: Intimidation. That's an abuse of the law and whoever authorized it needs to pay the price.

Re:Intimidation (2)

maxwell demon (590494) | more than 3 years ago | (#37217586)

What information regarding their case can ICE hope to get from the seized computer?

For example if the traffic in question really came from someone else through the TOR exit node as claimed. After all, he could well have downloaded the file himself but then claimed "oh, it was coming through TOR, I'm not guilty!" If the file is on his hard drive, he'll have a hard time to explain it.

Re:Intimidation (5, Interesting)

betterunixthanunix (980855) | more than 3 years ago | (#37217640)

An employee at an ISP could download child pornography and disguise it as traffic from a customer. Why, then, does ICE not seize the ISP's equipment as part of their investigation, just to see whether or not that is the case?

The way you know that this has nothing to do with legitimate investigatory techniques is that ICE threatened the guy when they returned his equipment, telling him that he have to deal with more law enforcement harassment in future should he continue operating a Tor exit. This is a straightforward case of harassing the exit node operator because ICE was unable to defeat Tor. Aside from the minority of law enforcement officers who understand that law enforcement agencies benefit from Tor, law enforcement officers in general disdain Tor and think that it is a tool for criminals.

Re:Intimidation (1)

unencode200x (914144) | more than 3 years ago | (#37217774)

Good points.

Just as food for thought. Imagine (hypothetically) that the NSA had a way to defeat TOR (not that they do, but who knows...). They may have turned this over to the NSA who found what they needed, but determined that making it public that they know how to defeat TOR was not worth it for this case.

Re:Intimidation (1)

rainsford (803085) | more than 3 years ago | (#37217824)

That is not at all the same thing. Why would police want to go poking at the ISP in your example if there was no reason to believe the ISP had done anything? And even if they DID want to, how would they get a warrant to do so with no probable cause? As much as people would like to believe that running a TOR exit node makes them an ISP, the technical and practical realities mean that at least at the start, YOU are going to be suspected of any wrongdoing going through your node. The legal system will protect you eventually (as it did in this case), but you're running a service that, by design, makes it look like a bunch of strangers' Internet traffic is coming from your computer. If police want to investigate that traffic and you tell them "sorry, I'm just running TOR" and they just take your word for it and go away...that would be some pretty incompetent police work. Running and exit node is legally protected, but expecting it to be totally hassle free is just silly.

Re:Intimidation (1)

betterunixthanunix (980855) | more than 3 years ago | (#37217876)

The point here is that an IP address does not identify a person and that the fact that illegal data was received at that IP address is not "probably cause." There is just as much reason to believe that an ISP employee is using a customer's IP address as a cover to download child pornography as there is to believe that a Tor exit operator is using Tor as a cover.

If police want to investigate that traffic and you tell them "sorry, I'm just running TOR" and they just take your word for it and go away...that would be some pretty incompetent police work.

If the police had received more than 3 hours of "computer training," they would know that they can get a list of Tor exit node IP addresses at no cost from the Tor project itself. They can verify any claim that a person is running a Tor exit by checking that list, just like they can verify a claim that a particular server is owned by an ISP or that there are millions of websites hosted on that server.

As I have said, what makes it clear that this was a case of harassment is that they threatened the exit node operator when they returned his equipment.

Re:Intimidation (0)

Sarten-X (1102295) | more than 3 years ago | (#37218072)

Getting that list of addresses and comparing it takes time, and what's supposed to happen between when the suspect says "I'm running Tor" and when they come back saying "no you're not?" Do they just leave the guy with all his equipment, ripe for a freak house fire? Can law enforcement even get historical lists, to show that the guy wasn't actually running the node at the time the crime was committed?

It's not clear at all that this is "harassment". It's clear that ICE expects more crime to be committed through Tor, and the warning that "this could happen again" is simply honest: it could. In my opinion, Mr. King should take this opportunity to set up logging, so he can quickly show what connections came through the node. Next time ICE shows up, he can turn over that log quickly and easily, and possibly avoid any seizure at all.

Re:Intimidation (1)

betterunixthanunix (980855) | more than 3 years ago | (#37218184)

Getting that list of addresses and comparing it takes time,

Really, a comment like this on /. of all places? You are talking about search a list of strings for a particular string, and not even a very long list. The bottleneck is in the amount of time it takes the police to enter the query into their computer.

what's supposed to happen between when the suspect says "I'm running Tor" and when they come back saying "no you're not?"

Then you have someone who lied to the police (which is evidence that can be used against them), and if they destroyed the incriminating evidence, they are guilty of another crime -- destruction of evidence.

Can law enforcement even get historical lists, to show that the guy wasn't actually running the node at the time the crime was committed?

They could maintain their own up-to-date list of Tor exits, or just download the list before they go ahead and get a search warrant. It is really not that hard, and given how many years Tor has been around and how widespread its use is, this sort of thing should be automatic during computer crime investigations.

warning that "this could happen again" is simply honest

I view it as a threat -- they are telling the guy that he will have to go through this entire situation again if he continues to run a Tor exit.

Mr. King should take this opportunity to set up logging, so he can quickly show what connections came through the node

Why? He was never committing a crime to begin with, so why should his behavior change? ICE did shoddy investigative work by relying on only an IP address; the fault lies with ICE, not with the exit node operator.

Next time ICE shows up,

...he should sue? ICE has no business showing up at an exit node operator's home.

Re:Intimidation (1)

SirGarlon (845873) | more than 3 years ago | (#37217998)

Aside from the minority of law enforcement officers who understand that law enforcement agencies benefit from Tor

Could you elaborate on that a bit? I'm not being confrontational, I'm curious. It's not obvious to me how law enforcement agencies benefit from TOR.

Re:Intimidation (1)

drinkypoo (153816) | more than 3 years ago | (#37218052)

They can run their own exit nodes, and do traffic analysis to determine what type of traffic certain people are receiving, then use that to get warrants (since all it seems to take any more is a vague notion.)

Re:Intimidation (1)

betterunixthanunix (980855) | more than 3 years ago | (#37218098)

Suppose that law enforcement is investigating a child pornography forum. The forum operator may have an IQ larger than his shoe size, and when law enforcement IP addresses show up, he is going to destroy all the evidence and possibly send a warning out to the forum's members. The police use Tor to avoid that problem -- it is even more effective since the members of those sorts of forums are often Tor users themselves.

Re:Intimidation (3, Insightful)

elrous0 (869638) | more than 3 years ago | (#37218060)

An employee at an ISP could download child pornography and disguise it as traffic from a customer. Why, then, does ICE not seize the ISP's equipment as part of their investigation, just to see whether or not that is the case?

Because very few police organizations would have the forensic skills to even determine that (outside of the FBI, most police agencies are lucky to have a copy of EnCase and maybe one or two guys on staff who know a little about computers). And a prosecutor would have an almost impossible time proving the case because of the nature of it being an ISP. So they don't waste their time.

Real life law enforcement isn't about being fair. Most of the time they're just going after the low-hanging fruit and the shit they can't ignore.

Re:Intimidation (5, Insightful)

cheekyjohnson (1873388) | more than 3 years ago | (#37217744)

Between letting a criminal get away and harming an innocent, I'd rather let the criminal get away, to be honest.

Re:Intimidation (3, Insightful)

pseudocode (2445502) | more than 3 years ago | (#37217594)

Not at all - just because it's a TOR endpoint and any traffic there is a dead end doesn't invalidate checking all the other forensic options like browser cache etc, running TOR could just be a way of hiding in data volume. It's probably not the case, but if they don't follow a piece of evidence then that's bad.

Re:Intimidation (2, Interesting)

betterunixthanunix (980855) | more than 3 years ago | (#37217650)

So why not treat corporate ISPs the same way -- after all, one of the ISP's employees might be using the ISP's equipment to download child pornography, and attempting to disguise that as if it were one of the ISP's customers. Why is ICE not seizing routers and other equipment from ISPs as part of its investigation?

Right, because individual citizens are not supposed to be providing communication services, only registered corporations are supposed to be doing that sort of thing.

Re:Intimidation (0)

Anonymous Coward | more than 3 years ago | (#37217784)

Right, because individual citizens are not supposed to be providing communication services, only registered corporations are supposed to be doing that sort of thing.

Why not? Is there a law against it now?

Re:Intimidation (0)

Anonymous Coward | more than 3 years ago | (#37217818)

Sarcasm [wikipedia.org]

Re:Intimidation (1)

Sarten-X (1102295) | more than 3 years ago | (#37217888)

It's because individual citizens are not expected to be providing communication services, but ISPs are supposed to be doing that sort of thing.

Re:Intimidation (1)

rainsford (803085) | more than 3 years ago | (#37217908)

A router is not a TOR exit node. If illegal activities take place through a router, it doesn't look like the router is the origin of that traffic. TOR exit nodes, on the other hand, intentionally make it look like they ARE the origin of the illegal activity. In fact, that's the whole purpose of TOR. ISPs mostly just forward traffic from their customers, individual citizens mostly originate traffic. If an individual citizen is "providing communication services" through an intentionally obfuscated channel, they will be cleared of wrongdoing. But surely you don't expect them to be cleared with absolutely no investigation, do you?

Re:Intimidation (1)

betterunixthanunix (980855) | more than 3 years ago | (#37218302)

But surely you don't expect them to be cleared with absolutely no investigation, do you?

Yes, I do, because IP addresses do not identify people and the only thing that links a Tor exit node to the illegal activity is the IP address. An IP address is an unacceptably low standard of evidence for granting a search warrant. IP addresses are frequently shared, computers may be taken over by malware, your neighbors might guess your WPA passphrase, etc. The police should gather more evidence before they are granted a search warrant; this would avoid the problem of harassing innocent exit node operators.

It is better that a couple of pedophiles are not arrested for downloading child pornography than that innocent people are embarrassed and harassed by law enforcement.

Re:Intimidation (1)

pseudocode (2445502) | more than 3 years ago | (#37217990)

Given a search warrant the ISP will provide all the logs and so on without needing the machine to be seized, they have clear procedures in place for it. They should also have secure backups to reduce the likelihood of tampering. Like any company they also have procedures in place to audit their kit to stop this sort of thing, and having multiple admins with access makes it harder to hide, but if the cops think it's inadequate they'll still seize kit to check. Citizens (in most countries) can do whatever a company can, but don't always get the same protection that's offered by doing it commercially with the corresponding requirements for regular checking. There's nothing stopping an individual getting their access mechanisms and machine audited, so if something illegal shows up through hacking or a virus then they'd have a defense in court, it just doesn't happen because it's expensive and not worthwhile.

Re:Intimidation (2)

betterunixthanunix (980855) | more than 3 years ago | (#37218342)

There's nothing stopping an individual getting their access mechanisms and machine audited,

The police never asked for Mr. King's logs, they just busted in and seized his equipment. They simply assumed that because his home address was listed on the account that the IP address was assigned to, he was the person they were looking for. The most optimistic view is that this was bad police work.

Re:Intimidation (1)

Sarten-X (1102295) | more than 3 years ago | (#37218462)

The police never asked for Mr. King's logs, they just busted in and seized his equipment.

[citation needed]

It appears to me that they simply assumed the guy responsible for the Internet connection was... you know... responsible.

Investigated == not good (3, Insightful)

SirGarlon (845873) | more than 3 years ago | (#37217570)

Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes

Unfortunately there is a lot the authorities can do under the name of "investigation" to harass, abuse, intimidate, and even detain you. Seizing computers is bad enough but if they really want to play hardball they can haul you in "for questioning" ... on a daily basis ... and pick you up at inconvenient times like when you're at the office or in the middle of the night. So really being investigated is the thing you don't want, because it can make your life hell and in the end the cops can just smile and say "No charges. Have a nice day, citizen."

Re:Investigated == not good (1)

Seumas (6865) | more than 3 years ago | (#37217988)

Exactly. The point of stories and incidents like this is to intimidate the population at large. You may have a right to do something, but if it is made difficult enough to do, you just won't bother and the ultimate impact is the same as if you didn't have that right - because everyone is intimidated into not doing it. Very few people care enough about anything to accept the total disruption of their life, possible public accusations (often of really hideous things), massive legal fees, and years tied up in court asserting your rights.

Re:Investigated == not good (1)

Penguinisto (415985) | more than 3 years ago | (#37217996)

I'm pretty sure that if such a pattern (or even habit) arose and word got out about it, you'd have a line of lawyers 10 miles long waiting at your door to help you sue any PD or agency was stupid enough to try.

Sure, they can pull it off for a short period of time, once, and there'd better be a warrant involved (we're talking computers here, not weed - you can't smell illegal computer activity from the front door). More than once (twice at most), and it becomes a pattern of harassment that can be litigated against. Police departments and agencies do have budgets to protect, after all.

Re:Investigated == not good (1)

subreality (157447) | more than 3 years ago | (#37218364)

Also, with the very large number in existence these days, if they decide they don't like you because you're supporting the terrorists / pedophiles / commies, I guarantee you, they can convict you of something. Perhaps it's totally unrelated to what they were originally investigating you for, but as long as they had legitimate probable cause for the initial investigation, anything else they find is fair game. So this isn't true:

Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes.

No sir. It makes you less likely to be convicted than someone else who is being investigated, but overall, you're much more likely to be convicted of something once their gaze falls on you.

Unfortunately... (5, Insightful)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#37217590)

'Mere' investigation can be made rather unpleasant, depending on the crime in question, the enthusiasm of the cops running after it, and your access to legal representation...

There are the practical difficulties: Having everything vaguely resembling a computer siezed and held for who-knows-how-long, potentially quite signifcant legal costs, etc.

And there are the ones arising from the common, but troublesome, opinion that investigation is a sort of lesser degree of guilt. The taint by mere association is worst with kiddie-porn related matters; but the touchier types seem to consider "Police Record: Checked, found absolutely nothing." to simply be a subspecies of "Police Record" and act accordingly. Fan-tastic.

Re:Unfortunately... (1)

bjamesv (1528503) | more than 3 years ago | (#37217652)

What practical physical barriers are there that can prevent "everything vaguely resembling a computer siezed"?

The police will come to your residence, no?

would it have to be as extreme as having a 2nd address with your open WiFi and Tor exit node running? How do hosting companies convince the cops to "only" take one entire rack or server, and not every scrap at their location?

Re:Unfortunately... (1)

rainsford (803085) | more than 3 years ago | (#37217982)

I imagine it's easier for hosting companies because they aren't the prime suspects of whatever the crime is, they're simply assisting the investigation. The person running a TOR exit node IS the prime suspect, because of how TOR works. A hosting company has records and logs of who's using what, a history of helping in police investigations and not being the guilty party. But as far as the cops can tell, you personally own and operate the TOR exit node that the traffic appears to have come from. You have no records of anyone else generating or being responsible for the traffic. If someone downloads kiddy porn through your TOR exit node, the only way the cops can tell it wasn't you is by searching your computing equipment for kiddy porn.

Re:Unfortunately... (1)

Seumas (6865) | more than 3 years ago | (#37218000)

They don't. You recall the recent incident where cops went into a colo and just started yanking servers, which completely fucked over innocent and uninvolved parties like pinboard.in, reddit and others, yes?

Re:Unfortunately... (0)

Anonymous Coward | more than 3 years ago | (#37217762)

Sounds like you have some personal experience in that area. Been "tainted" by looking up pictures of little boys again have you? Tsk-tsk.

Re:Unfortunately... (0)

Anonymous Coward | more than 3 years ago | (#37218074)

I'd have no problem being investigated. Nor having all equipment confiscated. BUT, if I happen to be innocent:
- all equipment returned, fully operational (ALL defects should be considered caused by the transport or the shutting off)
- all damages sustained by the absence of such equipment refunded, something for psychological inconvenience too.
- official excuses from investigators and free space on media to publish it

Else investigations become a de facto payment without trial and that's not what happens in a democracy.

 

What was ICE investigating? (1)

unencode200x (914144) | more than 3 years ago | (#37217668)

Does anyone know what was ICE investigating? Search warrants aren't granted just because someone is using TOR.

Re:What was ICE investigating? (0)

Anonymous Coward | more than 3 years ago | (#37217912)

ICE handles lots of CP cases. TOR is a popular way for pedos to obtain CP. I'm gonna guess these facts may be related.

Chilling effect (0)

Anonymous Coward | more than 3 years ago | (#37217696)

This absolutely sucks. If your stuff is taken, it's possible you will never see those drives again after they have been forensically disassembled and scanned. If you do, they'll likely be infected with surveillance stuff.

In other words, this fulfills its purpose and intimidates people into not using Tor. No conviction is necessary.

It may be legal... (0)

Anonymous Coward | more than 3 years ago | (#37217714)

...but it still can make you responsible. Being the exit node means you're the first target for stuff being backtracked. It's a risk that you have to accept.

Answer To This. (2)

bjamesv (1528503) | more than 3 years ago | (#37217720)

Is registering as a business the answer to "confiscate everything in sight that looks like a computer?"

Maybe paying for a business line will frame the cops expectations correctly before they roll up on your residence. Make them more willing to listen to your network setup and only take the publicly accessible _half of your kit.

Re:Answer To This. (2)

rainsford (803085) | more than 3 years ago | (#37218054)

I imagine a better solution would be to get a virtual or dedicated server at some hosting company, clearly labeled as a TOR exit node (have it host a webpage explaining that fact) and if you can, ONLY use it for that. If you set up a separate corporate entity that owns the server, even better. The law protects you no matter where you run the exit node, but if you want to avoid even being personally investigated at all, you definitely need some significant separation between your home and your exit node.

Re:Answer To This. (2)

Riceballsan (816702) | more than 3 years ago | (#37218126)

I don't believe simply registering as a company, you need to be a corporation large enough to be capable of contributing at least a few hundred thousand to re-election funds, or have lobyests to get any kind of legal grace. A small company of 100 or less people, really doesn't bother them if it goes bankrupt while they spend a few months checking the equipment to see if they possibly were used as a tool for a crime.

Re:Answer To This. (3, Insightful)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#37218326)

I am neither a lawyer nor your lawyer; but I suspect that once the boys in blue are knocking on or down your door, you have a problem. It is unlikely that you'll manage to convince them to take your word for how your network is set up and just seize part of the potential evidence. Even if you do strike it lucky and get a techie with a gun and badge, rather than a cop who can pretty much handle dealing with physical evidence, why would he trust you, or do the fiddly forensics on site instead of just hauling it all off and doing the work back at the office?

You might have better luck with the seedy-but-legalish-if-often-a-cover-for-dodgy-activities techniques adopted by besuited scammers and corporations with creative accountants. A shell company, incorporated in one of the states with virtually bulletproof corporate veils and lax reporting requirements(scenic Nevada, for instance) with a vaguely telcomm-related name and no assets aside from a cheap hosted server somewhere, is no more immune to a raid than you are; but might encourage the investigators to finish picking over the raid evidence before deciding whether or not to try to hunt up the corporate officers/owners...

Re:Answer To This. (1)

delinear (991444) | more than 3 years ago | (#37218360)

It's only BIG business that's above the law.

What about in Europe? (1, Interesting)

ChumpusRex2003 (726306) | more than 3 years ago | (#37217728)

Does anyone know what the legal issues about TOR are in Europe?

European law makes the last 'named' user of an internet connection responsible for any transmissions via it. So, if running a TOR exit node from your home, your name would be the last name on the list (after your ISP, etc.). As a result, if a offence is committed via your connection, then you as the last named party are the person responsible for it.

The only defences are:
1. That you can provide proof of identity of the person who did commit the offence, or other strong evidence that you were not responsible.
2. You can prove that the use of your connection was unauthorized (and that you were not negligent in securing access to your equipment).

Re:What about in Europe? (0)

Anonymous Coward | more than 3 years ago | (#37217938)

Run TOR on EC2 or another cloud provider and see what happens ;-)

Re:What about in Europe? (1)

Anonymous Coward | more than 3 years ago | (#37218092)

Because Europe is a single country with equal laws regarding this subject, amirite?

Re:What about in Europe? (1)

Anonymous Coward | more than 3 years ago | (#37218096)

European law makes the last 'named' user of an internet connection responsible for any transmissions via it. So, if running a TOR exit node from your home, your name would be the last name on the list (after your ISP, etc.). As a result, if a offence is committed via your connection, then you as the last named party are the person responsible for it.

The only defences are:
1. That you can provide proof of identity of the person who did commit the offence, or other strong evidence that you were not responsible.
2. You can prove that the use of your connection was unauthorized (and that you were not negligent in securing access to your equipment).

That's just not true.

Re:What about in Europe? (2)

delinear (991444) | more than 3 years ago | (#37218378)

2. You can prove that the use of your connection was unauthorized (and that you were not negligent in securing access to your equipment).

Well that's pretty much everyone with an unpatched Windows botnet zombie going to jail, then.

Re:What about in Europe? (1)

Z00L00K (682162) | more than 3 years ago | (#37218492)

depends on which country, but you may breach your agreement with your ISP by running a TOR node.

Re:What about in Europe? (0)

Anonymous Coward | more than 3 years ago | (#37218518)

I imagine it varies by country. The EU has standardised the field to some extent, but not so much as it has in other areas.

I've gotten a call from the police about TOR (5, Interesting)

hawkeyeMI (412577) | more than 3 years ago | (#37218514)

I run an exit node on a VPS. Apparently it'd been used by some guy to try to get a teenaged girl to send him naked pics. They subpoenaed everything back to my business cable connection at home and then called up my company (i.e. me) about it citing a scary amount of information about me. I explained to the detective what TOR was (I already have the standard exit node info page up as recommended on the web server), and he'd already heard it from someone else (a civil lib organization running TOR exits used by the same guy). They dropped it there. Scared me a little and I contacted the EFF, who did not hesitate to offer support should something worse happen in the future. EFF is one of the only organizations I donate to, ever, and I donate a decent chunk of change every month. I'm a proud supporter and it's good to know they're there to support me too.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?