The EFF Reflects On ICE Seizing a Tor Exit Node

An anonymous reader writes "Marcia Hofmann, senior staff attorney at the EFF, gives more information on the first known seizure of equipment in the U.S. due to a warrant executed against a private individual running a Tor exit node. 'This spring, agents from Immigration and Customs Enforcement (ICE) executed a search warrant at the home of Nolan King and seized six computer hard drives in connection with a criminal investigation. The warrant was issued on the basis of an Internet Protocol (IP) address that traced back to an account connected to Mr. King's home, where he was operating a Tor exit relay.' The EFF was able to get Mr King's equipment returned, and Marcia points out that 'While we think it's important to let the public know about this unfortunate event, it doesn't change our belief that running a Tor exit relay is legal.' She also links to the EFF's Tor Legal FAQ. This brings up an interesting dichotomy in my mind, concerning protecting yourself from the Big digital Brother: Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes."

Obligatory:

Your ice just ain't cool no mo'

Re:Obligatory:

Rickroll

This is why we need COMMUNISM!

[For+a+Free+Internet]

Folks, if you can't see that capitalism is a bloody hellhole, you are blind. We need Communism now! International proletarian revolution is the only way!

Re:This is why we need COMMUNISM!

[Hazel+Bergeron]

Straight from today to communism? That's an unlikely sequence.

As long as you have a capitalist welfare state supporting by a local labour aristocracy, you won't have a local exploited proletariat in which to raise united consciousness. The anarchists a century ago were already arguing this and it's come true. You would be better campaigning for better conditions abroad or for the sort of trade protectionism against abusive states which caused South Africa to be shunned in the '80s.

Re:This is why we need COMMUNISM!

[Toonol]

I thought you were a nutjob single-issue poster who was just overly zealous; now I think you are just trolling, like a less-clever Dr. Bob.

Re:This is why we need COMMUNISM!

[MightyMartian]

Because look how free the Russians were!

Re:This is why we need COMMUNISM!

[arkane1234]

You mean like all of the Ron Paul "supporters" nowadays?
"zOMG ur sheeple!~@! gold backed monetary system! you don't get it because you've been brainwashed and programmed by the illuminati!@!"

Re:This is why we need COMMUNISM!

[Mashiki]

Funny that. Wasn't it communism that gave east germans the STASI and a few hundred million dead, along with mass starvation now?

Yeah...

Re:This is why we need COMMUNISM!

[darthdavid]

Communism means one thing and one thing only: the workers own the means of production. Citing a failed state that did just about everything wrong that it's possible to do wrong within a system no more disproves the value of communism that doing the same with a similar capitalist state would for capitalism.

Re:This is why we need COMMUNISM!

[Mashiki]

Yeah. And people in positions of power in communist states never expand, consolidate, or take over said 'workers' who own production. In turn claiming that they're working, for the works, to strengthen them. How about the USSR, well I realize that's another failed state. Or Cambodia? China? Look at that, the blood of millions.

So here's a family story. My mothers father was a farmer in the Ukraine. The government decides to take all of the food and livestocks that's been produced in order to give it to the central state. They leave him with 2 cows, and tell him he needs to have an additional 187 cows the following year. Which is what they took from him. Of course being that he didn't have it, they tossed him in a gulag for 25 years.

I'm sure that the reality of those of us who had family suffer under the "justice" of communism, are just peachy with your idea. Right behind the mass starvation that the government caused. A communist state is a very nice wonderful utopian idea, that fails in reality because the communist system has no balances, or checks against the inherent greed of a person for power.

Re:This is why we need COMMUNISM!

[darthdavid]

The plural of anecdote is not data, and repeating the exact same argument that was just refuted does not suddenly make it correct. Nice try though.

ICE is doing what now?

[d3ac0n]

Isn't ICE supposed to be dealing with illegal immigrants? Oh, right. I forgot. This is the Barry administration, where the Justice Department doesn't prosecute the Black Panthers for voter intimidation (even though they already won the case) and ICE has been tasked with ensuring that illegals are allowed to remain here, as long as they are registered Democrats.

Welcome to the United States of Chicago politics.

Re:ICE is doing what now?

[betterunixthanunix]

Immigration and Customs Enforcement. If you are downloading child pornography across US borders, it falls under the jurisdiction of ICE. Of course, harassing Tor exit node operators should not fall under the jurisdiction of any agency, but in Soviet America, harassing service operators who are not registered corporations is what we do.

Re:ICE is doing what now?

[Speare]

Isn't ICE supposed to be dealing with illegal immigrants?

While I decry ICE's decision-making process and think it's reaching beyond its authority, I think it's silly to say that TOR investigation is entirely outside of ICE's domain. Immigration and Customs Enforcement. We still live in a USA where some software and data imports and exports are considered unlawful, whether it's controlled technology (cryptology, espionage, classified data) or the more pedestrian types like child pornography.

Re:ICE is doing what now?

[For+a+Free+Internet]

Imperialist commander-in-chief Obama is kidnapping and deporting more immigrants than any president in history. So shut up you lying racist fuckface. Why don't you learn Spanish, you ignorant bigoted slob? Down with the Democrats and Republicans, parties of racist American capitalism! Full citizenship rights for all immigrants! COMMUNSIM NOW!

Re:ICE is doing what now?

Isn't ICE supposed to be dealing with illegal immigrants? Oh, right. I forgot. This is the Barry administration, where the Justice Department doesn't prosecute the Black Panthers for voter intimidation (even though they already won the case) and ICE has been tasked with ensuring that illegals are allowed to remain here, as long as they are registered Democrats.

No, ICE (which was renamed during the reorganization of INS that took place under the Bush II administration, you partisan hack) stands for Immigrations and Customs Enforcement.

Sovereign states have the right to control what passes over their borders. It's part of the definition of statehood. Immigration is about who, Customs is about what.

Back on topic, EFF's "Tor is Legal" sounds an awful lot like the arguments made to justify Freenet back in the day. Ultimately, they all rely on notions like "in any sane legal system", or "in any free country". Problem is, by those sorts of definitions of "free" or "sane", the country hasn't been free since Patriot I, and its legal system has never been sane.

With the end of the Cold War and the demise of the USSR, we lost any motivation for claiming the moral high ground. From printers that identify their owners (like the Romanian archives of individual keystrokes from every manual typewriter), to widespread and omnipresent surveillance (decades before it became a meme, "In Soviet Russia, television watches YOU" was a joke about how much more free we were than the Russians), we ended up becoming what we fought against.

Re:ICE is doing what now?

Obama is doing as much if not more than Bush. Sorry Mr. Republican. Also more than Reagan.

BTW- ICE is also supposed to regulate customs. Their resposibilities exceed removing non-whites from your purview.

Re:ICE is doing what now?

[dreemernj]

You are acting like the fact this guy was running a Tor exit node somehow means it was impossible for him to commit the crime. That is a ridiculous line of thought and if things operated that way, every criminal could simply operate a Tor exit node and be out of reach of investigation.

Re:ICE is doing what now?

[betterunixthanunix]

every criminal could simply operate a Tor exit node and be out of reach of investigation.

Or they could just use Tor, and avoid being investigated in the first place. Which is what happened in this case.

The "every criminal will use this excuse" theory is baseless. If an IP address is the only evidence that someone committed a crime, then that person should not be convicted -- and we should be examining what sort of laws led to a situation where IP addresses are the only evidence needed for a search or arrest warrant. I share an Internet connection with several other people; should we all be arrested if the IP address happened to be an endpoint of illegal data? There are dozens of people who have SSH access to my research group's server, and it is possible that any of them could use that server as a proxy -- should the server and all of our computers be confiscated, and all of us arrested, if the IP address shows up during an investigation?

IP addresses are not a form of identification, and even less so when a Tor exit node has that IP address. Anyone could be a criminal, but we should have higher standards for evidence when it comes to issuing warrants and confiscating equipment.

Re:ICE is doing what now?

[rainsford]

IP addresses don't definitively identify individuals (and I'm not aware of any case where that alone was used to convict someone), but disallowing their use as probable cause for a search warrant would seem to set an unreasonably high legal bar.

Re:ICE is doing what now?

[DanTheStone]

I share an Internet connection with several other people; should we all be arrested if the IP address happened to be an endpoint of illegal data?

Don't be silly, only the men would be arrested.

Re:ICE is doing what now?

[zeroshade]

I don't think he's disallowing their use, he's disallowing their use as the ONLY basis for probable cause. If your investigation leads to a specific IP address which multiple people could possibly have used to commit the crime, an arrest warrant should not be given for EVERYONE. A search warrant should be given for the end point, but only if the operator will not respond to a subpeona for the logs.

IP Addresses alone are used to definitively identify copyright infringement all the time, frequently it is wrong but has been allowed to go through.

Re:ICE is doing what now?

[betterunixthanunix]

disallowing their use as probable cause for a search warrant would seem to set an unreasonably high legal bar.

No, it would set the legal bar exactly where it should be: requiring the police to actually identify a person as a suspect. If the police are unable to do so, then they should not be granted a warrant -- this is not a country where we grant the police general search warrants, and it is better to let some criminals walk free than to harass innocent people.

Re:ICE is doing what now?

[Sarten-X]

So the investigation would have to be finished before it could begin... great plan!

Re:ICE is doing what now?

[hairyfeet]

I'd say the truly sad part is all this Gestapo crap is a complete waste of time because the cops know that isn't where the target is. I have a friend that works state crime lab and according to him after those big busts around 5 years ago actual predators simply stopped using the Internet for CP. he said the only ones you catch that way now are social retards that touch nobody but themselves and are whacking off to the same shit that has been floating around since the 80s.

So what do the real child molesters use? USPS of all things. They only use the net long enough to set up a trade on a back alley board which according to my friend there is ZERO chance of a cop infiltrating because the entrance fee is video of you molesting a kid with an object of their choosing and they don't give enough time to fake the video.

After that it is all encrypted DVDs and mail dumps. So many DVDs go through media mail nobody is ever gonna notice and if they don't get a response within x amount of time they consider that link dead and move on. According to my friend they are quite worried that terrorist types are taking notes from the CP scum as their system is damned near foolproof. the only reason they even know of it is every once in a while a kid that one of them was abusing will tell and they'll find the discs, not that they can read them of course. And with guys looking at 500+ years for all the abuse and no prosecutor EVER gonna make a deal with a serial child rapist good luck on getting one to flip.

So in the end all you get is what my friend calls the "Social retards" that are completely harmless. One they busted had been so isolated from humans, even going so far as to have all his food delivered, that they had to tranc him like an animal to get him out of the building. According to him the ones they get now are a complete waste of money as you are throwing guys that if you threw them in a room with a kid would go hide in a corner into a cell for 60 years at taxpayer expense while the ones who actually rape children are nowhere near there. but the politicos want the "catch a predator" style headlines so they waste the cash.

So just as in TFA we piss money down a rathole all in the cause of "doing something" even if that something is completely fucking pointless and doesn't actually solve anything. Welcome to Amerika, where your rights can be shot to shit as long as its "for teh childrenz!"

Re:ICE is doing what now?

[hawkeyeMI]

Wow, if that's true, it's crazy, and interesting. Especially the part about submitting a video of yourself committing molestation. Talk about self-incrimination. Must be a really compelling vice/urge to go to such lengths.

Re:ICE is doing what now?

[hawkeyeMI]

I hope you're kidding/ironic with the communism schtick.

Re:ICE is doing what now?

[Applekid]

So the investigation would have to be finished before it could begin... great plan!

Police have had to have probable cause, including identifying what they want, before getting a warrant well before the internet even existed.

I guess because of OMGHACKERS and OMGKIDDIEPORN those sorts of principles get the boot.

Re:ICE is doing what now?

[betterunixthanunix]

No, it would have to be far enough along that the police have more to go on than an IP address before they harass and embarrass someone by seizing his equipment and accusing him of downloading child pornography.

Re:ICE is doing what now?

[Sarten-X]

They never accused him of anything. He was a part of an investigation. Heck, I was part of an investigation into a 3-car motor vehicle crash. I had been walking down the sidewalk at the time. I certainly didn't do anything criminal, but I was able to provide evidence.

What more evidence than an IP address is possible, given the architecture of the Internet at this point? By your standards, the Internet is place where any crime can go unpunished, because you can't know for certain who was pressing the keys, and you can't ask without already knowing.

Re:ICE is doing what now?

[Sarten-X]

They wanted any computer equipment that may have had evidence relating to the investigation. The probable cause was that the IP address used was assigned to Mr. King's Internet connection, and Mr. King had entered into a legal agreement taking responsibility for the use of that connection, so it's probable that he knows what happened.

I guess because of OMGPRIVACY and OMGFUCKTHEPOLICE those sorts of facts get the boot.

Re:ICE is doing what now?

[FredFredrickson]

If you had access to a child to molest yourself.. why would you need access to the porn?

Re:ICE is doing what now?

[Bob9113]

You are acting like the fact this guy was running a Tor exit node somehow means it was impossible for him to commit the crime.

No, he is acting like the fact that this guy's IP address appeared in somebody's log is not probable cause for search and seizure. He is acting like running a Tor node is not probable cause for search and seizure. He is acting like common carriage of Tor traffic does not imply responsibility for the content of the packets -- something that was found to be critical to the protection of First Amendment rights when the telephone companies were treading this very ground.

Re:ICE is doing what now?

[Mordok-DestroyerOfWo]

What more evidence than an IP address is possible, given the architecture of the Internet at this point?

Serious? If you don't know the answer to that question then you have absolutely zero business posting on a tech site like this one. Just another pro-jackboot shill willing to sell civil liberties for the illusion of security.

Re:ICE is doing what now?

[Sarten-X]

Then please educate me.

Assuming law enforcement has taken down a server with evidence of a crime, they'd have access to logs. Web server access logs usually store only IP addresses. There may be a session identifier, but that's not much use after 30 minutes. If the log were ridiculously detailed, it might have a cookie in it - but that's no good without something to match it to, which would require searching a suspect's computer.

If the investigators are monitoring packet data, they could get the MAC address of the user's computer. That's no more identifying than an IP address, can be changed at will by the user, and is often duplicated across cheap NICs.

If the investigators spent time on the child porn forums or hacking sites or whatever they were investigating, they could infiltrate the community and try to get an actual identity, but that's a ridiculous long shot, and utterly unreliable.

If packets were all encrypted, or otherwise cryptographically authenticated, a person's identity could be changed whenever the keys changed. Yet again, it's an unreliable identification.

Then there's the IP address... for bidirectional communication, it usually cannot be spoofed, and it's usually assigned by someone other than the end user. No, it's not perfect, but it's better than any alternative.

If there's something I'm missing here, please feel free to point it out. The intricacies of network architecture are not my strongest suit, and I'd love to learn more.

Re:ICE is doing what now?

[ifiwereasculptor]

If you had access to a wife/girlfriend/boyfriend/husband/dog yourself.. why would you need access to porn? Same reason.

Re:ICE is doing what now?

[bonch]

If your car is used in a drive-by shooting, your car will get impounded by investigators. It's not "harassment" to seize computer hardware used in a criminal act.

Re:ICE is doing what now?

[betterunixthanunix]

If the investigators spent time on the child porn forums or hacking sites or whatever they were investigating, they could infiltrate the community and try to get an actual identity, but that's a ridiculous long shot, and utterly unreliable.

Not such an unreliable longshot, as it turns out. I cannot remember the exact name, but there was a case where IP address logs would not have been terribly useful because an organized and very dangerous child pornography ring -- not just people downloading it, but people who were actually producing it -- was using a combination of the remailers network and Usenet (it would have required a global surveillance program to actually catch them without infiltrating the group). The FBI did wind up infiltrating the group when one of the members became an informant (he may have been caught by other means), and eventually members of the group were indicted.

If packets were all encrypted, or otherwise cryptographically authenticated, a person's identity could be changed whenever the keys changed. Yet again, it's an unreliable identification.

Not really -- the members of the group still need to be able to identify each other, and so you will be able to reestablish someone's identity as a member of the group (and charge them as part of a criminal conspiracy). Changing master keys is a fairly expensive thing to do, since all your contacts need to reauthenticate your new master key, so it is unlikely that a master signing key will change frequently. I would say that a cryptographic key is more reliable as a way to identify a person than an IP address, given that keys are generally passphrase protected and rarely shared (at least signing keys are rarely shared).

Then there's the IP address... for bidirectional communication, it usually cannot be spoofed, and it's usually assigned by someone other than the end user. No, it's not perfect, but it's better than any alternative.

In the real world, however, IP addresses are frequently shared among several people -- think NAT, wardriving, etc. Computers may also be shared among several people, making IP addresses even less reliable as a form of identification. People may have guests in their home, neighbors who use their Internet connection, they may grant SSH access to friends (like I did in high school), or they may be a victim of malware. A computer is not an extension of a person's body, and an IP address is not an extension of a person's computer.

If there's something I'm missing here, please feel free to point it out

There is something missing from this entire conversation: what sort of crimes are we prosecuting where IP addresses are the only method the police can use to identify someone? Are the police really unable to use things like the thermal noise in an image (e.g. in a child pornography case), physical evidence from a package (e.g. for drug cases), serial numbers on money, or any of the other forms of evidence collection? If we are talking about "crimes" in which there is no physical evidence, no money trail, and in which no evidence except an IP address and data on a hard drive are used to incriminate someone, we have a problem (and since that is exactly the situation we are currently facing, I would say that we certainly do have a problem).

Re:ICE is doing what now?

[interkin3tic]

They only use the net long enough to set up a trade on a back alley board which according to my friend there is ZERO chance of a cop infiltrating because the entrance fee is video of you molesting a kid with an object of their choosing and they don't give enough time to fake the video.

Is telling someone to molest a kid and send the video to you not illegal? Seems like there are so many laws justified as protecting the kids that you'd think legislators would have made that massively illegal long ago. Or is it that even if cops saw the request and it was illegal, they'd be unable to track the requester down to arrest them?

Re:ICE is doing what now?

[nabsltd]

They never accused him of anything. He was a part of an investigation.

No, he was a suspect. If he was merely a source of information for the investigation, they would have asked him for the information, or possibly used a subpoena. Warrants are only used when it is likely that the entity in possession of the evidence would have reason not to hand it over because it would incriminate them. As an example, you don't need a warrant for security camera footage if you are not accusing the owner of the security camera of a crime that the security camera footage could be used as evidence against them. It's probably TV shows that have created this belief, as cops often threaten unrelated people with a "warrant", when in reality a subpoena would be the appropriate document.

Heck, I was part of an investigation into a 3-car motor vehicle crash. I had been walking down the sidewalk at the time. I certainly didn't do anything criminal, but I was able to provide evidence.

What would your reaction have been if the police had physically detained you as their first action, instead of asking if you had seen anything? This is the difference in this case. Instead of just asking, they immediately treated the man as a suspect. If you had been treated as a suspect (i.e., possibly at fault for the crash), instead of a witness, how would you feel about it?

Re:ICE is doing what now?

[s73v3r]

It shouldn't, but if I'm tracking CP downloaders, say from a honeypot, I'm going to investigate the IPs that show up, be they Tor exit node or not.

Re:ICE is doing what now?

[s73v3r]

No, it's not. I agree that if the only evidence is an IP address, then they shouldn't be convicted. However, that doesn't mean they shouldn't be investigated, and other evidence possibly brought up.

Re:ICE is doing what now?

[s73v3r]

No, that is a completely unreasonably high bar to attain. An IP address might not identify a person, but given an IP address, a time, and logs from the ISP, it can definitely identify a residence. Which is plenty enough for a warrant.

Re:ICE is doing what now?

[s73v3r]

I like how you go off on him, and don't provide any sort of answer to his question. It totally makes you seem bad ass.

Re:ICE is doing what now?

[arkenian]

We were talking about what constitutes probable cause for a search warrant, not what should constitute sufficient evidence for an arrest warrant or an indictment.

Nobody should be arrested just on the basis of an IP address, or, for that matter, sued. But I think a search may be reasonable. What we need, however, is better definitions of what a 'search' is in the case of a computer. When someone is searching my physical property, they can only search for specific things, and when they find it they have to leave (excepting plain sight), we need an equivalent for data.

Re:ICE is doing what now?

[s73v3r]

So in order to identify the person they serve the warrant on, they go to the ISP, get who was *legally responsible* for that connection at whatever time, and then serve the warrant on them for searching the premises. That accounts for multiple roommates sharing the IP, and if it is someone freeloading on their wifi, it will be found out that the persons at the residence don't have any more evidence.

Re:ICE is doing what now?

[s73v3r]

Fuck off with your "Amerika" and "Gestapo" bullshit. That might have worked had this been an unprovoked seizure, but the fact of the matter is, they had a warrant, they followed proper procedure, and they gave the guy due process. No rights were violated.

Re:ICE is doing what now?

[s73v3r]

No, but I would imagine someone's IP showing up in the logs of a kiddie porn server might.

And read the fucking article. The guy was not accused of anything; he was not charged with anything. He had a search warrant served on him, and he got his stuff back after it was shown that his computers had no evidence. There is no violation of anyone's rights going on here.

Re:ICE is doing what now?

[s73v3r]

I know you like to toe the Republican line and all, but you realize that Obama has overseen more deportations and raids on plants and businesses that employ illegal immigrants than any other President, right?

Re:ICE is doing what now?

[ibpooks]

Often child and other illegal pornography production is found when ICE is going after human trafficking, indentured servitude, sex slavery and all of the other unsavory elements in the economy of illegal immigration.

Re:ICE is doing what now?

[betterunixthanunix]

Not when "investigated" means "take anything that might store any digital information," and not when the "investigation" does not include a check to see whether or not Mr. King is running an exit node, proxy server, remailer, etc. The police busted in, took his computers, storage media, etc., and then returned it all with a "we'll be back if you keep this up" message.

Re:ICE is doing what now?

[trytoguess]

I'm a bit perplexed. So, these actual child molesters will be told to mail CP to a specific location, and the cops can't infiltrate this system because they lack means, and the desire to make the porn? What stops law enforcement from promising to send the porn then simply watching the mailing address like a hawk until they get a suspect?

Re:ICE is doing what now?

[Sarten-X]

Not such an unreliable longshot, as it turns out. I cannot remember the exact name, but there was a case...

So one case, that really had nothing to do with the Internet at all. The forum could be replaced by a poker table, and things would be the same. Infiltrations take a lot of time and money, and pose a significant risk to the investigation as well. After years of work, the investigators could come up with a few identities, or likely none at all. One case does not make a statistic.

you will be able to reestablish someone's identity

Why, exactly? If it's a forum, they have a username and password... but those might be shared, too! There's the same disconnect between "ID token" and "actual human" as IP addresses have.

Changing master keys is a fairly expensive thing to do, since all your contacts need to reauthenticate your new master key, so it is unlikely that a master signing key will change frequently.

All you need to do is have a promiscuous certificate authority, approved by your contacts (and others, for the sake of reputation). One based in Moscow, with lax paperwork standards.

I would say that a cryptographic key is more reliable as a way to identify a person than an IP address, given that keys are generally passphrase protected and rarely shared (at least signing keys are rarely shared).

And I would say that I can generate 500 new keys by the time you finish reading this comment. I can delete them just as fast, too. The "identity" of a key is disposable.

In the real world, however, IP addresses are frequently shared among several people -- think NAT, wardriving, etc. Computers may also be shared among several people, making IP addresses even less reliable as a form of identification.

And yet, it's no less reliable than any other form of identifying evidence. Nothing is as reliable as you want, which is why I say you're pushing for a world where all crime using a computer is nonpunishable.

A computer is not an extension of a person's body

That's the main disconnect. You can never identify someone 100% by anything they do with their computer.

and an IP address is not an extension of a person's computer.

Nor is anything else that gets sent over a network. Yet again, nothing is 100%.

There is something missing from this entire conversation: what sort of crimes are we prosecuting where IP addresses are the only method the police can use to identify someone?

Anything involving a computer where the user didn't outright say "My name is John Doe, and I live at 123 Main St., and my SSN is 000-00-0000."

Are the police really unable to use things like the thermal noise in an image (e.g. in a child pornography case),

Wait, what? There's been some research done into using CCD noise to identify cameras, but that only works on high-res images and is easily fooled by things like rotating & cropping, and using a digital zoom. To my knowledge, no such technique is in use in courts today, and even if it were, it requires having the suspect camera to match. How is that supposed to happen to establish an identity?

If we are talking about "crimes" in which there is no physical evidence, no money trail, and in which no evidence except an IP address and data on a hard drive are used to incriminate someone, we have a problem (and since that is exactly the situation we are currently facing, I would say that we certainly do have a problem).

And again, I'll ask for an example of any criminal prosecution where that was the only evidence, where other factors could have come into play (like having a shared connection).

But we're not talking about prosecution. We're talking about an investigation, where there must only be

Re:ICE is doing what now?

[DRJlaw]

[H]e is acting like the fact that this guy's IP address appeared in somebody's log is not probable cause for search and seizure..

But it is. If the IP address is in the chain of addresses in an unlawful act, *bingo*, there is reasonable suspiscion to search it in order to determine if it was the source, or to further locate the source.

He is acting like running a Tor node is not probable cause for search and seizure.

GP didn't claim that.

He is acting like common carriage of Tor traffic does not imply responsibility for the content of the packets -- something that was found to be critical to the protection of First Amendment rights when the telephone companies were treading this very ground.

Tor exit nodes are not common carriers. End of story. Common carrier immunity is a privilege granted to defined entities which, *bingo*, still need to cooperate with investigations of individuals who are abusing the communications system. What are the odds that AT&T is going to destroy logs that show that one of its employees was the responsible party, versus a Tor exit node operator destroying logs that would show that he or she was the responsible party? Exactly.

Re:ICE is doing what now?

[Sarten-X]

This is something that's bothered me for a long time, since I realized (mid-90's) that computers can hold a lot of stuff. From what I've seen, search warrants for data read much like other generic warrants, where the police are expecting to find a certain kind of evidence, and must ignore everything else. Now, this is getting into deep lawyer territory, and I'm not one, but my understanding is that if the cops are looking for evidence in a shooting case, and find a bloody knife in your home, they can't do much about it.

My understanding is that current data searches are similar. If they're looking for something relating to kiddy porn, and they find unsent threatening emails to your boss, they can't use those emails for anything.

I'd welcome a lawyer's input on that, if there's one around...

Re:ICE is doing what now?

[SETIGuy]

It takes time. And if you know any detective rank cops,you know that the one thing that kills an investigation is time. If it takes more than a few days, forget about it. There are other crimes to work. The boss will tell you that it's a numbers game.... The DA wants convictions. That's all. Work the easy cases.

Re:ICE is doing what now?

[hairyfeet]

Because they have to upload the CP video FIRST before they are given the address. According to my friend it is maddening because trying to catch these guys is like trying to catch ghosts. they use fake IDs for mail dumps, some even pay a flunky to simply pick up the DVD and stick it in another envelope and mail it somewhere completely different, it is really maddening.

As for why they would want more CP if they have a kid to molest? Because the sick fucks collect CP the way some collect baseball cards, and it lets them show off their latest fucktoys? Remember we aren't talking the social retards here, the one they caught that let them learn of this in the first place is accused of over 27 molestations over a 16 year period.

As for seeing their faces on the videos? not gonna happen because after the "Mr Swirly" case they all invested (or pirated) video editing software and screw the hell out of their voices and faces. That is why the cops often pass around pics of an abused kid and not the abuser, because while they obscure the fuck out of their faces seeing the face of the child is a turn on for those sick fucks so they never obscure that.

Anyway I get to hear all about it since we "talk shop" around 3 times a year when I'm in the state capital, I let him know I'm gonna be in town and we set up lunch somewhere. the bitch is he is trying like hell to recruit me because they are seriously short handed and he knows I've always been damned good at data recovery, but honestly? I don't think I could take it.

I mean i'm glad there are guys like him trying to bust the sick fuckers but I think having to look at raped kids all day would fuck my head seriously up. I know he sees a shrink 3 times a week paid for by the state to help him "data dump" as he calls it but I don't think that would help. I have always been very visually oriented and seeing kids getting raped day after day AFTER DAY? And how he stays so cool on the stand is beyond me. I have watched the man work and he is like ice, all facts, never rattled. Sitting there while some smarmy lawyer tries to cover for a guy I KNOW has fucked his 9 year old, because I saw the video? I couldn't be that cool. I'd end up saying something like "Well maybe if your client would quit raping his 9 year old we wouldn't be here huh?"

So while I give the man credit I don't think I could do his job. I have only seen that crap one time, when a computer I was working on was infected with a link slammer bug that would fill the screen with pop ups including to CP sites. Man that shit was sick. I did write down the addresses and send them to that place John Walsh always recommended on AMW, but even looking at the crap long enough to get an address made me want to hurl. How he can do that 5 days a week? I don't care how much money he makes, it ain't enough.

Re:ICE is doing what now?

[westlake]

No, it would set the legal bar exactly where it should be: requiring the police to actually identify a person as a suspect. If the police are unable to do so, then they should not be granted a warrant -- this is not a country where we grant the police general search warrants, and it is better to let some criminals walk free than to harass innocent people.

When requesting a warrant, all you really need to do is to persuade a judge that this is reasonable place to search for evidence of a crime.

It is lunatic to argue that the police must name a suspect before they can even begin to look for the evidence that may point them in the right direction.

The IP address takes you to a street address or to a particular machine.

It probably also gives you the name of the primary account holder, the head of household, for example.

But that for the moment is irrelevant.

_____

The constitutional prohibition is against "unreasonable" search and seizures.

When the purpose of a search is the solution of a crime, many things become more reasonable and more necessary. That the search is inconvenient and uncomfortable does not make it harassment.

Re:ICE is doing what now?

[...] they had a warrant, they followed proper procedure, and they gave the guy due process. No rights were violated.

Except that that guy is now guilty even if proved innocent. No matter where he go, prison or home, he will always be in jail. I think his rights are pretty much void and null now.

Re:ICE is doing what now?

[Applekid]

They wanted any computer equipment that may have had evidence relating to the investigation. The probable cause was that the IP address used was assigned to Mr. King's Internet connection, and Mr. King had entered into a legal agreement taking responsibility for the use of that connection, so it's probable that he knows what happened.

I guess because of OMGPRIVACY and OMGFUCKTHEPOLICE those sorts of facts get the boot.

So, they trace back the traffic to a Tor exit node and conclude that the owner is, contrary to the Tor Exit Notice, actually secretly keeping logs about activity going through it? If they wanted data, they could have done to him what they do other private entities like ISPs and Telcos. But they can't because they know how Tor works, and that he's not going to have anything of benefit for them.

This is just a way to discourage the use of Tor and run an otherwise not-guilty person through The System, enabled by whatever today's criminal boogeyman is.

Re:ICE is doing what now?

[WorBlux]

The warrant was against the computers connected, not the people.

Re:ICE is doing what now?

[hairyfeet]

Look up "Mr Swirly" don't worry, it isn't a new Goatse, it is the name of a case. After the Mr Swirly case, where they caught a child rapist by unswirling his pic the CP scum switched to MUCH heavier video alteration methods. According to my friend it is pretty damned impossible to get their voice and image off the videos due to the amount of effects they use.

The only thing that works in the cops favor is the sick fucks like to see the kids face that is being raped so they never pixelate or alter that, the most they do is put a lone ranger or Mardi Gras style mask on them. that is how they caught another notorious one whose videos of him molesting this girl from the age of 8-12 were the CP scum's version of Jenna Jameson. I couldn't believe when he told me they actually "collect" videos by certain "stars" like a normal guy might collect Ginger Lynn.

But yeah, hearing his stories of what goes down really opened my eyes, as most cops would rather go after the ones making the crap and abusing the kids but because it would cost probably millions and take years worth of man hours and would most likely not end up in their jurisdiction they can't get the higher ups to go for it. that is why most of them are really bummed that America's Most Wanted is going off the air, they said that was a great way to track down the kids.

But as another poster wrote its a numbers game, and the higher ups would rather be able to say "We busted 60 CP pornographers" when they were just social retards passing the same old shit than announce they actually caught a real rapist that took 3 years and cost a couple of million. yet again for the higher ups it is better to do "something" even if that something is pointless and helps no one.

Re:ICE is doing what now?

[zeroshade]

I don't see the difference. Using the same situation, if your investigation leads to an IP address from which multiple people could possibly have used to commit the crime do you automatically get a search warrant for every possible computer that could have used that IP. It seems a bit excessive if you consider a university server which could have any number of students possibly using it. I'd be ok with a search warrant for the server itself but not individual students, or in the case of a domestic situation the router who owns the IP address, but not the other computers in the house.

Re:ICE is doing what now?

[WorBlux]

Routers, unlike servers don't originate traffic of their own. Plus universities generally keep logs, whereas home routers dont, unless you happen to get there quick enough to pull the dhcp tables before they expire. In addition, when I was at uni, every computer connected was assigned an actual ip4 address rather than a subnet one) home routers don't. But anyways the standard of proof for a search warrant is different. It's not even a more probable than not standard, but just some sort of reasonable suspicion. In a uni with 2500+ students sharing a vpn or nat, it's probably not reasonable to believe any given computer was responsible, in a home enviroment of a dozen devices or less, it probably is reasonable.

don't let your stuff be used for criminal stuff

[alen]

seizing anything that is suspected of being used for criminal activity has been perfectly legal for hundreds of years. and there is no excuse that you were running some service or other and didn't know what other people were doing. if the cops get a hunch they will seize your stuff to look for evidence and impound it if there is evidence of a crime

Re:don't let your stuff be used for criminal stuff

[pseudocode]

You're right - it's like lending someone a car which they then commit a crime with; you're not guilty of a crime, but it's still fair enough for them to impound the car as evidence.

Re:don't let your stuff be used for criminal stuff

[betterunixthanunix]

Right, that's why ISPs constantly have their routers and DNS servers seized, because so many people are using those computers for criminal activity.

Oh, wait -- ISPs are corporations, so we treat them differently. When it is some guy running a service out of his home, then the other set of rules applies, where the service operator is harassed by ICE and threatened when his equipment is returned.

Re:don't let your stuff be used for criminal stuff

[cheekyjohnson]

and there is no excuse that you were running some service or other and didn't know what other people were doing

So just make sure you're watching what every single one of your users/customers are doing at all times. I know I'd want to use such a service.

Re:don't let your stuff be used for criminal stuff

Criminals use Google. I hear Google has a few computers under the desks as well.

TOR exit nodes are by design free of information about the original source of the traffic.

Re:don't let your stuff be used for criminal stuff

[bjamesv]

Keep your gate open for your neighbors, but if there is a crime on your patio - you want the doors to your house to be securely and _clearly locked.

Hardware is so inexpensive now a days; a participatory, community-building point of view suggests you should be running two sets of hardware. One set for your open WiFi and Tor exit node, and the other for your personal use.

With costs as low as they are you should not have to abandon your peers just to protect yourself from heavy-handed law enforcement.

Re:don't let your stuff be used for criminal stuff

[jank1887]

So where does the ICE store all the switching network equipment they confiscate from the local bells? I mean, that stuff is used in criminal activity all the time. Wire fraud, internet fraud, hacking, etc. I mean, with the amount of criminal activity on the internet, they must be confiscating enough hardware to fill a few airplane hangars. Think of the expense to the telecom industry in keeping the infrastructure up and running with the government constantly pulling pieces out. Wow.

Re:don't let your stuff be used for criminal stuff

Oh, wait -- ISPs are corporations, so we treat them differently.

Yes, because you know that those routers are not endpoints. You can't know that of a TOR relay.

Re:don't let your stuff be used for criminal stuff

[Zerth]

Hardware is so inexpensive now a days; a participatory, community-building point of view suggests you should be running two sets of hardware. One set for your open WiFi and Tor exit node, and the other for your personal use.

Except they won't bother to check, they'll just take everything you own. Although I suppose you could go the "True Names" route and bury your personal equipment.

Re:don't let your stuff be used for criminal stuff

[Richard_at_work]

How about agreeing to take a sealed parcel for a stranger with you while you travel the world, and delivering it to another stranger...

How many people would say yes to that?

Re:don't let your stuff be used for criminal stuff

[Inda]

Mr King, if that's his real name, had an Internet Protocol (IP) address that was leaking onion rings on to the internets.

Have you not seen the warnings? He had an unsecure IP address!

Re:don't let your stuff be used for criminal stuff

[ofc]

And when they come to seize your hardware, they will simply leave your for personal use equipment alone, because you told them that it hasn't been used for illegal activities.

Re:don't let your stuff be used for criminal stuff

[biodata]

Quite a few corporations do this routinely and are never prosecuted for it. Individuals are unlikely to take the risk due to the personal cost of a mistake, against which they can't insure. Carrying parcels for people on aeroplanes is not the same as sharing your spare computer capacity with anyone who needs some at the time. You are not carrying anything for anyone.

Re:don't let your stuff be used for criminal stuff

I don't know, how many FedEx, UPS, and USPS guys are there?

Re:don't let your stuff be used for criminal stuff

[Sarten-X]

One guy running an exit node does not a service provider make.

Traffic through ISPs is expected to originate with the customers. If an ISP itself is also participating in criminal activity, their equipment gets seized, too. That's just not as common as some end user doing something illegal. Then, of course, there's the various political reasons. ISPs maintain logs of who has what address, and can quite quickly turn those logs over to police when asked. Note that I said "asked", not "presented with a search warrant". It's a professional relationship, and it's a great way to stay out of severe trouble.

The fact that an ISP is a corporation adds another important detail as well - multiple people. As a group grows larger, the probability for dissent increases. This is why conspiracies fail and governments are inefficient. At a corporation, there is a reasonable expectation that the business and the majority of its employees will follow applicable laws. If someone is found not following laws, it's likely that the first ones to know about it will be their coworkers, who will take steps to ensure their job security, including talking to police. With a one-man operation, there is no such expectation. The police can reasonably expect the guy to say whatever he can to avoid being convicted, whether or not he actually did anything illegal.

Running an exit node is like volunteering yourself for anything. You might end up helping someone commit a crime. If you want to protect yourself, keep logs of what the exit node's doing, establish a good relationship with police, and hand over those logs at a moment's notice. You're still likely to have equipment seized/searched, but it's much easier to claim you were unknowingly used if you can point at someone else. If this is too much against the principles that caused you to run an exit node in the first place, then expect to suffer for your cause.

Re:don't let your stuff be used for criminal stuff

They'd better get more than a hunch. They'd better get a fucking warrant.

Re:don't let your stuff be used for criminal stuff

about the same number of people who make moronic internet posts.

wow. that's a lot.

Re:don't let your stuff be used for criminal stuff

[Seumas]

By that logic, they should be seizing servers and shutting down services of the guy's ISP.

Re:don't let your stuff be used for criminal stuff

there is no excuse that you were running some service or other and didn't know what other people were doing

Unless you have lots of money. Face it, this is the legal defense of every ISP and communications service.

Re:don't let your stuff be used for criminal stuff

[betterunixthanunix]

Traffic through ISPs is expected to originate with the customers

A provably false assumption even when Tor is not involved. I share an Internet connection with several other people, and my name is not the name of the account holder. When I was in high school, my (nerdier) friends and I used to grant ssh access to each other -- someone who was not even a resident of my home could have been using my Internet connection. I once discovered that a network administrator had not changed the default password on a router; I could have used that router to relay any traffic I wanted. Then there is this:

http://www.itworld.com/security/84077/child-porn-malwares-ultimate-evil

As the EFF said, an IP address does not identify a human being, and it does not necessarily identify a specific computer. An IP address may be helpful in an investigation as a clue, but a lot more evidence is needed before you can claim that any person or residence is responsible for the traffic originating at an IP address.

Running an exit node is like volunteering yourself for anything. You might end up helping someone commit a crime.

Parking your car in the right spot on the street might help someone commit a crime. So what? Even the police use Tor, when for example they are investigating illegal websites and don't want to reveal that they are law enforcement. Exit node operators should not face this sort of harassment, especially not in the United States (the country that started the Tor project).

Re:don't let your stuff be used for criminal stuff

[elrous0]

Even if running a Tor exit node is legal or not, it still wouldn't change the fact that it's an excellent way to end up with the the feds kicking your door in and sticking a gun in your face. Sure; after you spend a fortune on lawyers, fix your door, deal with the fallout of a public arrest and having your name in the papers a kiddie porn aficionado, and (maybe) get your computer(s) back; you may well win your court case. But that's a pyrrhic victory at best.

Re:don't let your stuff be used for criminal stuff

What do you mean by endpoint? The Tor exit node is between the source and destination of the traffic.
source -> routers -> exit node -> routers -> tor node -> ... -> destination

Re:don't let your stuff be used for criminal stuff

[viridari]

Pretty much any courier.

Re:don't let your stuff be used for criminal stuff

[dvoecks]

ISPs are a "common carrier". They're expected to be agnostic about the content going over their network (which is part of why filtering is so heinous. They're having their cake and eating it too, but that's another conversation). As a consumer, you're supposed to be in control of your traffic, and you don't have the same protections.

Re:don't let your stuff be used for criminal stuff

[elrous0]

You are not carrying anything for anyone.

The feds don't see it that way, anymore than they see someone's illegal computer files as "just a bunch of 1's and 0's."

Re:don't let your stuff be used for criminal stuff

[Sockatume]

There's a balance between the impact of the seizure and the evidentiary value of the equipment. If you seize a TOR node, you're causing a large inconvenience to one, possibly-involved person, seizing a whole lot of unrelated information related to that person, and in return getting one unit of evidence. If you seize just about any single machine from an ISP, in order to get the same unit of evidence, you're causing a large inconvenience to many, almost certainly uninvolved people, and seizing a whole lot of unrelated information related to those people. Correspondingly the latter is frowned upon more than the former, and is much less likely to get a warrant.

Re:don't let your stuff be used for criminal stuff

[Sarten-X]

I didn't say that traffic always originates with customers. I said it's expected to. That's a reasonable expectation, because the vast majority of home internet connections are for one household and not shared. The US Constitution only protects against unreasonable search and seizure.

These days, more connections are being shared across multiple computers, but still rarely outside the same household. Malware does happen, but it's also rare. Similarly, picking people out of a lineup isn't perfect. DNA evidence degrades over time, and can be contaminated very easily. Firearms can be altered to change their striations. Every kind of evidence used has a level of uncertainty to it, and that's why we have trials to determine whether the amount of evidence supporting a theory is sufficient to show guilt.

The purpose of any investigation is to look for evidence. In this case, the investigation found nothing substantial connecting Mr. King to the crime, so he's not being investigated anymore. Rant all you like about how unreasonable ICE is, but it doesn't change the fact that they did their job perfectly ethically and in accordance with the Constitution. How do you think the investigation should have been conducted, balancing the need to check all potential sources of evidence with the need to respect privacy? Bear in mind, any evidence left in the possession of the suspect after he knows he's under investigation is tainted, and cannot be trusted.

Re:don't let your stuff be used for criminal stuff

[AJH16]

It isn't heavy handed law enforcement and they won't be able to tell the difference at the time of seizure. They confiscate the equipment not because they even necessarily expect you of a crime, but rather because evidence of a crime may exist on it. If they don't find anything, they can return it. Running separate hardware is a good way to make sure you can get your personal stuff back faster if anything useful to the investigation is actually found on the public hardware.

Re:don't let your stuff be used for criminal stuff

ISPs are a "common carrier". They're expected to be agnostic about the content going over their network (which is part of why filtering is so heinous.

You're wrong. They negotiated themselves the protections while managing not to be declared common carriers. Theoretically, the same protections should go to the rest of us, too. In real life, they can't arrest a corporation like they can arrest a person.

Re:don't let your stuff be used for criminal stuff

What's all this about onion rings and the Burger King?

Re:don't let your stuff be used for criminal stuff

[betterunixthanunix]

How do you think the investigation should have been conducted

• Police get logs related to CP investigation.
• Mr. King's IP address shows up; the police check if it is a known proxy or Tor exit.
• It is a Tor exit. The police ask Mr. King for any logs he might have, and leave him alone while they continue looking for the real criminal.

Oh no, you mean that while we are busy respecting the rights of our citizens, some criminals might go free?! Yes, that is what I mean.

Re:don't let your stuff be used for criminal stuff

[Sarten-X]

So your plan involves leaving him alone with his equipment after he knows the investigation is underway. What happens if his logs don't check out? You've created a scenario where the standard of evidence is so high, any criminal can invalidate any evidence of any crime by just sending the police off on a wild goose chase. I sincerely hope you're never on a jury.

Re:don't let your stuff be used for criminal stuff

[ltcdata]

That's why all my machines have all the disks encrypted with truecrypt. The performance penalty is very low and if any computer or disk drive of mine is stolen or seized, my data will be safe.

Re:don't let your stuff be used for criminal stuff

[betterunixthanunix]

What happens if his logs don't check out?

Then you arrest him and seize his equipment. If you detect evidence that he tried to destroy illegal files, then he is guilty of destruction of evidence. If you cannot find anything, I guess he gets to go free -- what a tragedy, that someone who might have downloaded some child pornography will not be arrested.

You've created a scenario where the standard of evidence is so high

Have we really gotten to the point where it is unreasonable to think that evidence should actually identify a person? Do you actually think that such a standard is too high? The only evidence the police had that Mr. King was downloading the material was his IP address. There was no other evidence to go on, at all, and on top of that he was running a Tor exit node -- a fact that could have been determined by simply asking the Tor project for the list of exits, and Mr. King would never have known.

I sincerely hope you're never on a jury.

I hope you never have to face a jury that never bothers to ask themselves whether or not there is evidence that you committed a crime, or who are willing to believe that something as nonspecific as an IP address or telephone number is all the evidence that is necessary to convict someone.

Re:don't let your stuff be used for criminal stuff

[yomammamia]

The point of them being corporations is arbitrary. It's because of legal framework. The police have to send court orders to an ISP to request evidence in the event of criminal use. It should be possible for a TOR exit node to register as a relay so that the police can look it up in a database and send a court order when evidence is needed. The problem with this is that everyone then decides to register as a relay.

Re:don't let your stuff be used for criminal stuff

If it's "just a bunch of 1's and 0's" then how can they see it as illegal? For example if I share the number 0x4000C90FDAA22168C232 (I used hex because it easily translates to binary and it much shorter, eg: i didn't feel like typing out all those 1's and 0's) it could mean anything to you, my SSN, a serial for something I downloaded, or just a random sequence of numbers. Say some government agency detects that I sent out that number, and it just happens to match a hash for some illegal download, nuclear missal, or the credit card number for the president. Now I send that number through some application like TOR to one of my friends, and some government agency (eg: ICE) detects this. Does that give them the right to seize any equipment that the number passed through?

In this case the number is the 80 bit float representation for Pi (your welcome to check that if you like), but the defense that it's just a bunch of 1's and 0's doesn't make sense. You need to categorize and somehow indicate what the information is to make that worth while. This is partly why I believe that a lot of this cyber-crime stuff is just BS. But that doesn't change the fact this wasn't the reason for the seizure, it was because the I.P. address was tracked back to him. Now they should have done more checking before the seizure. If they had they may have noticed that the computer was running the TOR exit server, and could have avoided most of this trouble. But our government has shown that it is incapable of doing any real fact checking and leaves us the people to deal with their mess again and again.

Re:don't let your stuff be used for criminal stuff

http://en.wikipedia.org/wiki/Ryan_Holle

Re:don't let your stuff be used for criminal stuff

[biodata]

I'm not sure I agree. I understand this person was not arrested, tried, or prosecuted for any crime. He did nothing illegal, so I think the feds DO see it that way.

Re:don't let your stuff be used for criminal stuff

[stubob]

Isn't this more like getting your house seized because a criminal crossed your yard on the way to robbing a bank?

Re:don't let your stuff be used for criminal stuff

[Sarten-X]

Have we really gotten to the point where it is unreasonable to think that evidence should actually identify a person?

Yes, we have, and anybody with any knowledge of the criminal justice system will know that we've always been at this point. There is absolutely no 100% certain form of identifying evidence. Even in perfect circumstances, DNA matching can only tell how many million people could have supplied a DNA sample that "matched". Fingerprints give a few hundred matches, and can be altered. Confessions can be faked or coerced. Eyewitnesses can be biased or mistaken. The best we have ever been able to do is to use the uncertain evidence to find more uncertain evidence, until there is so much evidence that the chance of a suspect's innocence is "beyond reasonable doubt".

something as nonspecific as an IP address or telephone number is all the evidence that is necessary to convict someone.

Do you have any specific cases of a criminal conviction that relied solely on an IP address? Sure, there's some instances where a suspect was investigated, and they gave up and confessed. There's many more instances of abuse by the RIAA, forcing people to settle for financial reasons rather than actual guilt. To my knowledge, however, there's no cases where an IP address was the sole, or even the main, piece of evidence. They aren't 100% reliable evidence, and the courts know this. Like any evidence, though, they can lead to more evidence.

Re:don't let your stuff be used for criminal stuff

[alen]

ISP's work with law enforcement all the time. i work for one. more than once have i been told to provide a lot of data as evidence in a lawsuit. the reason why legit ISP's don't get equipment seized is they keep records they give to law enforcement.

like in this case where the feds got an IP from the ISP

Re:don't let your stuff be used for criminal stuff

Yes. And it makes sense. If MegaTel ISP's computers are downloading kiddie porn, there's an extremely good chance that it's one of their customers downloading it. If Joe Blogg's computer is downloading kiddie porn, there's an extremely good chance that it's Joe Blogg's downloading it.

The authorities are not going to say, "Oh, a couple of the people we tried to arrest turned out to be using Tor, we might as well give up using IP addresses." So long as it's an effective investigative technique, and people don't get so outraged that it's made illegal, the cops will carry on doing it.

If we were in a situation where the majority of raids of this type turned out to be Tor nodes, you might have a point.

This is one of the inherent problems with Tor. It's for protecting anonymity. It does this by allowing to the participant to borrow what the authorities consider to be the defacto identity of your personal computer. We all know that there are legitimate reasons for doing this, but that some people will use it for nefarious purposes. If you offer to provide someone anonymity by sending traffic on their behalf, you shouldn't be entirely surprised when the negative consequences that person was trying to avoid end up on you.

Re:don't let your stuff be used for criminal stuff

[elrous0]

If it's "just a bunch of 1's and 0's" then how can they see it as illegal?

In the same way that real-world written documents and photographs can be illegal, even though they're just ink and paper arranged in a certain way.

Re:don't let your stuff be used for criminal stuff

[dvoecks]

Won't be the last time... If that's the case, I agree with you that they should be just as responsible as an individual customer. Having it both ways is bullshit!

Re:don't let your stuff be used for criminal stuff

[arkane1234]

I lived through this time period in the 90's, and there's no reason to ever say "that's just how it is, some things will never change, gotta just accept it!"

The FBI kicked in many people's front doors with guns drawn and putting everyone on the ground face first, back then. (LOTS in the Baltimore area) For allegedly having pirated software on their computer's BBS. We've gotten past the jack boot thugs time and it is stemming back to the old saying "if you don't remember history, your condemned to repeat it."

Before anyone spouts on with something like "well, don't have illegal software then!", realize that:
A) there was no hard proof (only hearsay)
B) copyright infringement was a civil matter in the 90's, not requiring paramilitary intervention
C) See A... PROOF, PROOF, PROOF!!! Before the raid!!!

Btw, don't be such a passive pussy.

Re:don't let your stuff be used for criminal stuff

[tftp]

Courier services do not claim ownership of the package, they only act as a carrier. You declare the contents when you send internationally, and then the package can be opened by customs to verify that and to charge the duty if required. The courier service is not responsible for the contents; they present all packages for inspection.

Similarly, if the airline agent asks you "did anyone ask you to carry anything for them?" and you answer "yes" the worst that should happen is that the package will be inspected. Everything else in your luggage and in your pockets belongs to you and you are assumed to know about it; so if a contraband is found at that time it has to belong to you.

Re:don't let your stuff be used for criminal stuff

[tftp]

if any computer or disk drive of mine is stolen or seized, my data will be safe.

Being a true geek, you value safety of your data above safety of yourself and your family. What do you think will happen if the LEO can't decrypt your data?

There are valid business and personal reasons to maintain encrypted volumes. Pretty much any corporate laptop has PGPdisk on it (or should have.) However it's hard to imagine a situation where a corporation refuses to decrypt the contents after being ordered to do so by a judge. Such precedents do exist, but they usually involve jail time for someone; often it's an unconstrained jail time without the trial.

Re:don't let your stuff be used for criminal stuff

[VGPowerlord]

What do you mean by endpoint? The Tor exit node is between the source and destination of the traffic.
source -> routers -> exit node -> routers -> tor node -> ... -> destination

The Tor exit node is a general purpose computer first (i.e. an endpoint), Tor node second. They're seized due to them being general purpose computers.

Re:don't let your stuff be used for criminal stuff

The LEO will be able to decrypt the data if he's using TrueCrypt correctly, just not the data he wants to hide. Look it up if you don't know how TrueCrypt works. The legal term is 'plausible deniability'.

Re:don't let your stuff be used for criminal stuff

[AmiMoJo]

Except that the rule doesn't apply to carriers. If someone uses an email account to commit a crime the police don't go to their ISP and rip the server out of the rack. Similarly if you happen to have free wifi for your cafe customers or run a Tor exit node in support of the repressed in China they shouldn't come and clean out your house of all computers and storage media.

The assumption is that only businesses can be carriers so any IP address that leads to a residential address fingers the person living there. As the EFF points out that is untrue.

Re:don't let your stuff be used for criminal stuff

[AmiMoJo]

I didn't say that traffic always originates with customers. I said it's expected to. That's a reasonable expectation

Is it? Are all criminals, especially those who organise themselves online to share child porn, unable to figure out how to download and click on the Tor bundle? Can they not find or crack wifi using one of the many guides available on the internet, and maybe a GPU with dictionary if WPA is involved? I can tell you right now that there are at least three insecure wifi networks in range of my mouse, two on WEP and one with no encryption at all.

You would have to be pretty stupid to use your own internet connection to break the law, especially when using Tor only takes a few clicks or you can see other insecure wireless networks every time you turn on your laptop or phone. Low-level 4chan Anonymous chump stupid.

Re:don't let your stuff be used for criminal stuff

[s73v3r]

Because the IP that came up on the logs TOTALLY announced itself as a Tor node.

Re:don't let your stuff be used for criminal stuff

[s73v3r]

They got a court order in this instance, though.

Re:don't let your stuff be used for criminal stuff

[s73v3r]

A provably false assumption even when Tor is not involved.

No, it's not. Just because you share the connection with others doesn't mean that the person who signed the agreement to be legally responsible for the connection is any less responsible for it.

Re:don't let your stuff be used for criminal stuff

[s73v3r]

Because someone being a Tor exit means that there's NO CHANCE that they could have committed the crime. Yup.

Re:don't let your stuff be used for criminal stuff

[s73v3r]

Have we really gotten to the point where it is unreasonable to think that evidence should actually identify a person?

YES. In this case, we want to identify the machine that actually downloaded the CP. We can identify the owner after that.

And remember, THIS GUY WAS NOT ARRESTED. He was served a search warrant, overseen by a judge, following proper procedure, and given due process. His rights were very well respected.

Re:don't let your stuff be used for criminal stuff

Oh really? Datacenters and ISPs get better treatment? Like this?

http://bits.blogs.nytimes.com/2011/06/21/f-b-i-seizes-web-servers-knocking-sites-offline/
He wrote: “After F.B.I.’s unprofessional ‘work’ we can not restart our own servers, that’s why our Web site is offline and support doesn’t work.” The company’s staff had been working to solve the problem for the previous 15 hours, he said.

or this?

http://www.datacenterknowledge.com/archives/2009/04/03/fbi-seizes-servers-at-dallas-data-center/
“The FBI has seized all equipment belonging to our customers,” Matthew Simpson, the CEO of Core IP, said in a message. “Many customers went to the data center to try and retrieve their equipment, but were threatened with arrest.”

Re:don't let your stuff be used for criminal stuff

[s73v3r]

And yet, when they go off to their final destination, the IP that shows up in the logs is the exit node. And if I'm a law enforcement guy with a kiddie porn server log in front of me, I'm gonna go investigate those IPs, be they Tor exit node or not.

Re:don't let your stuff be used for criminal stuff

[tlhIngan]

Carrying parcels for people on aeroplanes is not the same as sharing your spare computer capacity with anyone who needs some at the time. You are not carrying anything for anyone.

Slight difference. If you're an ISP, you're like FedEx, UPS or the mail. You're carrying packages ON BEHALF of someone. The packages don't belong to the carrier any more than the ISP claims ownership of the traffic.

With TOR, you're taking a package and claiming it's yours while in transit. I.e., you are the sender or recipient. It doesn't matter if the thing inside the package contrains instructions that says to mail it to someone else - as far as anyone is concerned, that package is yours (and you received it). Short of a warrant to actually inspect the contents of the package.

That's the primary difference. Carrying a package on behalf of someone is fine. But claiming (temporary) ownership of the package is quite different.

Re:don't let your stuff be used for criminal stuff

[ArsonSmith]

or how cities have all the street lights seized every time there's a police chase through them.

Oh, wait -- cities are government, so we treat them differently....

Re:don't let your stuff be used for criminal stuff

[Jon_S]

If I recall correctly (too lazy to look it up right now), the guy at whom the feds through the book for guessing Sarah Palin's e-mail password was thrown in jail for destroying evidence because he reformatted his hard drive or similiar file desctruction after he found out they were interested in him. Not for guessing the password and accessing her e-mails.

So "leaving the criminal alone with his equipment" doesn't mean all that much. It could actually get the criminal in worse shape.

Re:don't let your stuff be used for criminal stuff

[NormalVisual]

It should be possible for a TOR exit node to register as a relay so that the police can look it up in a database and send a court order when evidence is needed.

Does that not largely defeat the purpose of Tor?

Re:don't let your stuff be used for criminal stuff

[betterunixthanunix]

No more reason than that someone who works at an ISP, coffee shop, or library should not be suspected.

Re:don't let your stuff be used for criminal stuff

Oh, wait -- ISPs are corporations, so we treat them differently.

No, we treat them differently because, in many ways, they are treated as common carriers, just like freight and transport companies are. They are allowed to escape criminal liability and asset seizure, but they are also required to cooperate with law enforcement to identify the actual offender. CALEA and DMCA are both examples of this. They are NOT allowed to cover their eyes and say "VE KNOW NOZING!!!"

Re:don't let your stuff be used for criminal stuff

[simishag]

Two words: "common carrier". They get to escape liability but the trade-off is that they are regulated and have to cooperate with law enforcement. You can of course run a Tor node, and claim you are cooperating but unable to trace the connection. I can almost guarantee that some enterprising prosecutor will eventually decide that this is obstruction of justice, or aiding and abetting, and then you will be charged for someone else's criminal activity. Why anyone would want to take this risk is beyond me. You won't even be able to cut a plea bargain because you can't figure out who the crook is to give up.

Re:don't let your stuff be used for criminal stuff

[rcamans]

Does that mean that the feds should confiscate Wall Street for research into criminal activities, especially those which lead to the Great Mortgage Meltdown? I believe I see a double standard here: must not touch Big Business.

Re:don't let your stuff be used for criminal stuff

You fail to note that TOR is also used for legitimate reasons, such as downloading Linux ISO files. If TOR was exclusively used for copyright infringing purposes, then the government would have a reason to seize.

The slippery slope starts at the DOJ which is filled with ex MPAA / RIAA lawyers (Thanks ObaMPAA / Biden). When the leadership changes, the DOJ may be able to get back to its mandate of fighting real crime.

Re:don't let your stuff be used for criminal stuff

[Yamioni]

Sort of. It's more like that criminal being chopped up into tiny pieces, making his way to the bank sequentially, and then being reassembled when he got there. You as a homeowner couldn't even be expected to know he was a crimal, all you saw were lots of tiny boxes crossing your lawn.

Re:don't let your stuff be used for criminal stuff

[Yamioni]

That's the sort of 'funny' hypocrisy that is the US government. They are all too happy to make laws that burden and inconvenience the entire population based on the actions of one individual. However when it comes to seizing evidence they refrain from inconveniencing a large number of people by seizing ISP equipment, and think nothing of inconveniencing a single citizen by seizing theirs.

Unless you look at it for what it actually is. Corporate favoritism. Corporations are handed more rights than citizens anymore, and that is why they'll take Joe Blow's Tor exit node but leave an ISP alone. Joe Blow didn't contribute millions in bribes^H^H^H^H^H^H campaign contributions like the ISPs did. Welcome the new America, where the only entities with rights are those with the money to buy them.

Re:don't let your stuff be used for criminal stuff

By Tor's very nature the police do not know if Mr. King is the originator of the traffic or not. Their only recourse to determine Mr. King's involvement is to impound his computer and search for evidence of the crime.

Re:don't let your stuff be used for criminal stuff

[rocket+rancher]

How about agreeing to take a sealed parcel for a stranger with you while you travel the world, and delivering it to another stranger...

How many people would say yes to that?

Well, in 2003, for example, Fed Ex said yes about 3,167,000 times per day; UPS, about 13,638,000 times per day. Your point, if you have one?

Re:don't let your stuff be used for criminal stuff

[nurb432]

Then why wasn't their ISP shut down? They were enabling it as well.

Re:don't let your stuff be used for criminal stuff

[blacklint]

And everything is just a certain arrangement of atoms. So why should anything be illegal? :)

Re:don't let your stuff be used for criminal stuff

Quite a few corporations do this routinely and are never prosecuted for it.

No they don't.

Go to FedEx or UPS and hand them a brown package with no return information and refuse to supply any information to them as to the contents. Refuse to sign the legal disclosure form they present to you, on which you state you're not doing anything illegal, etc. See if they'll still ship it... hint: they won't.

What you're missing is that such corporations are required to keep records, and ARE held to account if they do not take steps to ensure the legality of their business ahead of time, and report suspicious activity IN ADVANCE. Employees are trained on how to spot suspicious packages which likely contain drugs, chemicals, dangerous substances, etc.
IF the corporation can show they are doing everything within reason to ensure the legality of their business, they're fine. If not... they can get into a lot of trouble.

If you're going to listen to Bruce and run an open WiFi hotspot, you should probably go talk to an attorney regarding all the different types of records, accounting, logs, audits, etc. which you are legally required to keep when offering a service to the General Public. Of course you'll probably also discover that zoning and your ISP's TOS both forbid such activity in the first place, but that's a different issue.

Re:don't let your stuff be used for criminal stuff

Note that I said "asked", not "presented with a search warrant"

Actually, they DO have to have a subpoena or court order. Just asking isn't enough, there are subscriber record confidentiality issues, as well as confidential business information issues to just giving the info away like that.

Running an open WiFi hotspot, if intentional, is Providing a Service to the General Public. Go talk to a business lawyer about what that entails for you legally.
If it's "accidental", or you manage to claim ignorance, then you might not get prosecuted, but depending on what happened you could still be charged with negligence.

If you throw a party in your back yard which is open to the General Public, you also will get in trouble. Gotta keep it invite-only or else have the right permits and facilities in place to support it. This isn't all that different.

Bruce Schnier is often misquoted as saying you should not protect your Wifi. That's taken out of context to start with. Furthermore, I'm sure Bruce can account for every byte of data on his network for the last 7 years. Can you?

And just for the record, I work in a NOC and we only give information without a subpoena or warrant if there is a Credible immediate threat to human life, or there is a State of Emergency or other Disaster declaration of some type and it's directly related to that event. So if Timmy fell down the Well again, I can tell them where his cell phone is, but not that Suzy has been sending him pictures of her tits.

Re:don't let your stuff be used for criminal stuff

[sjames]

The existance of a Tor exit node disproves your point. The guy's ISP was carrying the traffic and it did not originate with him (the customer). He is just providing a routing service like any ISP might, he just doesn't bundle it with a local loop.

As for likelihood of innocence, isn't innocence supposed to be the default assumption until guilt is shown? It's most direct in a criminal trial (and the bar is highest there), but the philosophy is supposed to pervade the entirely of the law and it's enforcement.

Re:don't let your stuff be used for criminal stuff

[Sarten-X]

He entered into a legal contract saying that he was responsible for the traffic, and he didn't have any other legal agreement saying that the Tor users were responsible (of course). That means he's not just running a service, but effectively giving his legal culpability away to random strangers.

He was presumed innocent. He wasn't arrested, fined, or subjected to a public defamation (by the government, at least - the media gets freedom of speech). He was part of an investigation, that sought neither innocence or guilt, but evidence. As I pointed out elsewhere, a logged IP address belonging to a Tor exit node is like having bloody footprints leading from a violent crime scene to your front door. Maybe it means someone just used your doormat to change their shoes, or maybe it means you stabbed somebody. Either way, it's probable that more evidence - or even the absence of such - can be found within your home, and it's reasonable for the police to be allowed to search for such.

Re:don't let your stuff be used for criminal stuff

[sjames]

Contract law and criminal law are not that closely tied. It is not possible to contract away criminal liability.

As for the rest, you're saying they didn't march into his house and strip it of anything vaguely computer like? That sounds like a punishment to me. Igf you disagree, please post your address, my laser printer is failing.

It's reasonable for police to LOOK, but not strip clean. They can (and should) when in doubt replicate the data and leave the person in peace. Those same bloody footprints also go through his ISP's data center, but they didn't strip that clean. They reserve that treatment for individuals and small businesses.

Re:don't let your stuff be used for criminal stuff

[Anthony+Mouse]

Malware does happen, but it's also rare.

You are kidding, right? I have had to clean "XP Antivirus 2011" and its ilk off of the computers of almost everyone I know who uses Windows. And the only reason that got removed is because it interfered with the user's use of the computer.

A criminal who wants to hide his tracks will compromise an extremely large number of PCs and route through them using the same sort of onion routing that TOR does so that the criminal can avoid being ensnared by a honeypot or leaving evidence on any given compromised PC sufficient to trace criminal activity back to its origin. The criminal seeking to mask his origin, unlike the scareware author, has no reason to interfere with the normal use of the PC so that the user will never be aware of the malware or think to have it removed. Moreover, the criminal will want to switch which PCs are used as proxies for illegal activity in order to avoid consistently reusing a small set of compromised PCs that would allow law enforcement to over time map the path and trace the traffic back to is origin. The bottom line is that it is extremely likely that a large fraction, perhaps even a significant majority of the Windows PCs on the internet have been or are being used to route illegal traffic for criminals.

On top of that, while it may be the case that for normal internet traffic, the source of the traffic is very likely to be in the household of the internet account holder, for illegal internet traffic the opposite is the case because the criminal knows that what they're doing is illegal and will in the typical case take steps to avoid being caught.

That's a reasonable expectation, because the vast majority of home internet connections are for one household and not shared.

That only applies if people don't do things like run TOR exit nodes. Advising people not to run a TOR exit node because no one else is doing it is self-fulfilling but ultimately destructive. What needs to happen instead is for everyone to run one so that the expectation is changed and no one is harassed for doing it.

Re:don't let your stuff be used for criminal stuff

[Anthony+Mouse]

Do you have any specific cases of a criminal conviction that relied solely on an IP address?

That's not the problem. The problem is that the evidence-gathering process has become so intrusive and expensive that being subjected to an investigation can have higher costs than actually being convicted of the crime. Seizing all of someone's computers can be extraordinarily disruptive to that person's life, so the evidence necessary in order to do so needs to be of a sufficiently reliable degree that we aren't subjecting scores of innocent people to it. An IP address should by no means be considered sufficiently reliable evidence for that.

Re:don't let your stuff be used for criminal stuff

[Anthony+Mouse]

The same logic has you impounding the computers of everyone at King's ISP, or any other ISP on the route between King's PC and the destination, since it could just as easily have been any of them.

Re:don't let your stuff be used for criminal stuff

[Anthony+Mouse]

OK, let's see the language in the ISP agreement that has the account holder agreeing to be "legally responsible" for what anyone does with the connection.

If someone does something illegal, that person is the one responsible, not the ISP, the account holder, Microsoft, Obama, the mailman, etc.

Re:don't let your stuff be used for criminal stuff

[Anthony+Mouse]

the reason why legit ISP's don't get equipment seized is they keep records they give to law enforcement.

No it isn't. It's because if law enforcement seized the ISPs' equipment every time someone committed a crime using an ISP, no ISP would have any equipment. If AT&T decided that they would set up their DHCP servers to require users to change their IP address every two hours and then not keep any records of who had what IP address for any longer than that two hour period, law enforcement would not seize their equipment -- because it has no evidentiary value. The logs don't exist, seizing the equipment doesn't cause them to come into existence.

The thing is, a TOR exit node is the same thing. There is no evidence there to collect. The operator of the exit node is no more likely to be the perpetrator than anyone else on the internet who could have made use of it. Seizing the equipment is nothing more than harassment.

Re:don't let your stuff be used for criminal stuff

[Anthony+Mouse]

There are public lists of exit nodes. They could trivially check the IP against the list.

Re:don't let your stuff be used for criminal stuff

yet another reason why i will never set a foot on the soil of that twisted country

Re:don't let your stuff be used for criminal stuff

[s73v3r]

And because he's running an exit node, there's no possible way he could have also been downloading kiddie porn. Nope, running an exit node means you're practically a saint.

Re:don't let your stuff be used for criminal stuff

[s73v3r]

Go read your contract. It's in there. If you can prove that it was someone else using your connection, then you're off the hook. But until then, you are the one responsible.

Intimidation

What information regarding their case can ICE hope to get from the seized computer? None at all. Seizing the computer has just one purpose: Intimidation. That's an abuse of the law and whoever authorized it needs to pay the price.

Re:Intimidation

[maxwell+demon]

What information regarding their case can ICE hope to get from the seized computer?

For example if the traffic in question really came from someone else through the TOR exit node as claimed. After all, he could well have downloaded the file himself but then claimed "oh, it was coming through TOR, I'm not guilty!" If the file is on his hard drive, he'll have a hard time to explain it.

Re:Intimidation

[pseudocode]

Not at all - just because it's a TOR endpoint and any traffic there is a dead end doesn't invalidate checking all the other forensic options like browser cache etc, running TOR could just be a way of hiding in data volume. It's probably not the case, but if they don't follow a piece of evidence then that's bad.

Re:Intimidation

[betterunixthanunix]

An employee at an ISP could download child pornography and disguise it as traffic from a customer. Why, then, does ICE not seize the ISP's equipment as part of their investigation, just to see whether or not that is the case?

The way you know that this has nothing to do with legitimate investigatory techniques is that ICE threatened the guy when they returned his equipment, telling him that he have to deal with more law enforcement harassment in future should he continue operating a Tor exit. This is a straightforward case of harassing the exit node operator because ICE was unable to defeat Tor. Aside from the minority of law enforcement officers who understand that law enforcement agencies benefit from Tor, law enforcement officers in general disdain Tor and think that it is a tool for criminals.

Re:Intimidation

[betterunixthanunix]

So why not treat corporate ISPs the same way -- after all, one of the ISP's employees might be using the ISP's equipment to download child pornography, and attempting to disguise that as if it were one of the ISP's customers. Why is ICE not seizing routers and other equipment from ISPs as part of its investigation?

Right, because individual citizens are not supposed to be providing communication services, only registered corporations are supposed to be doing that sort of thing.

Re:Intimidation

[cheekyjohnson]

Between letting a criminal get away and harming an innocent, I'd rather let the criminal get away, to be honest.

Re:Intimidation

[unencode200x]

Good points.

Just as food for thought. Imagine (hypothetically) that the NSA had a way to defeat TOR (not that they do, but who knows...). They may have turned this over to the NSA who found what they needed, but determined that making it public that they know how to defeat TOR was not worth it for this case.

Re:Intimidation

Right, because individual citizens are not supposed to be providing communication services, only registered corporations are supposed to be doing that sort of thing.

Why not? Is there a law against it now?

Re:Intimidation

Sarcasm

Re:Intimidation

[rainsford]

That is not at all the same thing. Why would police want to go poking at the ISP in your example if there was no reason to believe the ISP had done anything? And even if they DID want to, how would they get a warrant to do so with no probable cause? As much as people would like to believe that running a TOR exit node makes them an ISP, the technical and practical realities mean that at least at the start, YOU are going to be suspected of any wrongdoing going through your node. The legal system will protect you eventually (as it did in this case), but you're running a service that, by design, makes it look like a bunch of strangers' Internet traffic is coming from your computer. If police want to investigate that traffic and you tell them "sorry, I'm just running TOR" and they just take your word for it and go away...that would be some pretty incompetent police work. Running and exit node is legally protected, but expecting it to be totally hassle free is just silly.

Re:Intimidation

[betterunixthanunix]

The point here is that an IP address does not identify a person and that the fact that illegal data was received at that IP address is not "probably cause." There is just as much reason to believe that an ISP employee is using a customer's IP address as a cover to download child pornography as there is to believe that a Tor exit operator is using Tor as a cover.

If police want to investigate that traffic and you tell them "sorry, I'm just running TOR" and they just take your word for it and go away...that would be some pretty incompetent police work.

If the police had received more than 3 hours of "computer training," they would know that they can get a list of Tor exit node IP addresses at no cost from the Tor project itself. They can verify any claim that a person is running a Tor exit by checking that list, just like they can verify a claim that a particular server is owned by an ISP or that there are millions of websites hosted on that server.

As I have said, what makes it clear that this was a case of harassment is that they threatened the exit node operator when they returned his equipment.

Re:Intimidation

[Sarten-X]

It's because individual citizens are not expected to be providing communication services, but ISPs are supposed to be doing that sort of thing.

Re:Intimidation

[rainsford]

A router is not a TOR exit node. If illegal activities take place through a router, it doesn't look like the router is the origin of that traffic. TOR exit nodes, on the other hand, intentionally make it look like they ARE the origin of the illegal activity. In fact, that's the whole purpose of TOR. ISPs mostly just forward traffic from their customers, individual citizens mostly originate traffic. If an individual citizen is "providing communication services" through an intentionally obfuscated channel, they will be cleared of wrongdoing. But surely you don't expect them to be cleared with absolutely no investigation, do you?

Re:Intimidation

[pseudocode]

Given a search warrant the ISP will provide all the logs and so on without needing the machine to be seized, they have clear procedures in place for it. They should also have secure backups to reduce the likelihood of tampering. Like any company they also have procedures in place to audit their kit to stop this sort of thing, and having multiple admins with access makes it harder to hide, but if the cops think it's inadequate they'll still seize kit to check. Citizens (in most countries) can do whatever a company can, but don't always get the same protection that's offered by doing it commercially with the corresponding requirements for regular checking. There's nothing stopping an individual getting their access mechanisms and machine audited, so if something illegal shows up through hacking or a virus then they'd have a defense in court, it just doesn't happen because it's expensive and not worthwhile.

Re:Intimidation

[SirGarlon]

Aside from the minority of law enforcement officers who understand that law enforcement agencies benefit from Tor

Could you elaborate on that a bit? I'm not being confrontational, I'm curious. It's not obvious to me how law enforcement agencies benefit from TOR.

Re:Intimidation

[drinkypoo]

They can run their own exit nodes, and do traffic analysis to determine what type of traffic certain people are receiving, then use that to get warrants (since all it seems to take any more is a vague notion.)

Re:Intimidation

[elrous0]

An employee at an ISP could download child pornography and disguise it as traffic from a customer. Why, then, does ICE not seize the ISP's equipment as part of their investigation, just to see whether or not that is the case?

Because very few police organizations would have the forensic skills to even determine that (outside of the FBI, most police agencies are lucky to have a copy of EnCase and maybe one or two guys on staff who know a little about computers). And a prosecutor would have an almost impossible time proving the case because of the nature of it being an ISP. So they don't waste their time.

Real life law enforcement isn't about being fair. Most of the time they're just going after the low-hanging fruit and the shit they can't ignore.

Re:Intimidation

[Sarten-X]

Getting that list of addresses and comparing it takes time, and what's supposed to happen between when the suspect says "I'm running Tor" and when they come back saying "no you're not?" Do they just leave the guy with all his equipment, ripe for a freak house fire? Can law enforcement even get historical lists, to show that the guy wasn't actually running the node at the time the crime was committed?

It's not clear at all that this is "harassment". It's clear that ICE expects more crime to be committed through Tor, and the warning that "this could happen again" is simply honest: it could. In my opinion, Mr. King should take this opportunity to set up logging, so he can quickly show what connections came through the node. Next time ICE shows up, he can turn over that log quickly and easily, and possibly avoid any seizure at all.

Re:Intimidation

[betterunixthanunix]

Suppose that law enforcement is investigating a child pornography forum. The forum operator may have an IQ larger than his shoe size, and when law enforcement IP addresses show up, he is going to destroy all the evidence and possibly send a warning out to the forum's members. The police use Tor to avoid that problem -- it is even more effective since the members of those sorts of forums are often Tor users themselves.

Re:Intimidation

[betterunixthanunix]

Getting that list of addresses and comparing it takes time,

Really, a comment like this on /. of all places? You are talking about search a list of strings for a particular string, and not even a very long list. The bottleneck is in the amount of time it takes the police to enter the query into their computer.

what's supposed to happen between when the suspect says "I'm running Tor" and when they come back saying "no you're not?"

Then you have someone who lied to the police (which is evidence that can be used against them), and if they destroyed the incriminating evidence, they are guilty of another crime -- destruction of evidence.

Can law enforcement even get historical lists, to show that the guy wasn't actually running the node at the time the crime was committed?

They could maintain their own up-to-date list of Tor exits, or just download the list before they go ahead and get a search warrant. It is really not that hard, and given how many years Tor has been around and how widespread its use is, this sort of thing should be automatic during computer crime investigations.

warning that "this could happen again" is simply honest

I view it as a threat -- they are telling the guy that he will have to go through this entire situation again if he continues to run a Tor exit.

Mr. King should take this opportunity to set up logging, so he can quickly show what connections came through the node

Why? He was never committing a crime to begin with, so why should his behavior change? ICE did shoddy investigative work by relying on only an IP address; the fault lies with ICE, not with the exit node operator.

Next time ICE shows up,

...he should sue? ICE has no business showing up at an exit node operator's home.

Re:Intimidation

[betterunixthanunix]

But surely you don't expect them to be cleared with absolutely no investigation, do you?

Yes, I do, because IP addresses do not identify people and the only thing that links a Tor exit node to the illegal activity is the IP address. An IP address is an unacceptably low standard of evidence for granting a search warrant. IP addresses are frequently shared, computers may be taken over by malware, your neighbors might guess your WPA passphrase, etc. The police should gather more evidence before they are granted a search warrant; this would avoid the problem of harassing innocent exit node operators.

It is better that a couple of pedophiles are not arrested for downloading child pornography than that innocent people are embarrassed and harassed by law enforcement.

Re:Intimidation

[betterunixthanunix]

There's nothing stopping an individual getting their access mechanisms and machine audited,

The police never asked for Mr. King's logs, they just busted in and seized his equipment. They simply assumed that because his home address was listed on the account that the IP address was assigned to, he was the person they were looking for. The most optimistic view is that this was bad police work.

Re:Intimidation

[Sarten-X]

The police never asked for Mr. King's logs, they just busted in and seized his equipment.

[citation needed]

It appears to me that they simply assumed the guy responsible for the Internet connection was... you know... responsible.

Re:Intimidation

[SirGarlon]

Between letting a criminal get away and harming an innocent, I'd rather let the criminal get away, to be honest.

Would you please become a judge or a police chief? If you do let me know what city you work in.

Re:Intimidation

[dbet]

Unfortunately, for both police and prosecutors, they don't get any pay raise, recognition, or good points on their record for letting innocent people get away.

Re:Intimidation

[Sarten-X]

You are talking about search a list of strings for a particular string

I've parsed the Tor list before myself. I'm fully aware of how little effort it takes, and I'm also aware that it's far beyond the capacity of most police departments. Remember, these folks are funded by taxes, and nobody ever wants tax increases. If it's a choice between getting a programmer to parse the Tor list and getting an extra set of body armor, no sane police department is going to pick the programmer.

Then you have someone who lied to the police (which is evidence that can be used against them), and if they destroyed the incriminating evidence, they are guilty of another crime -- destruction of evidence.

Lying to the police is useless without more evidence of wrongdoing, and destruction of evidence is trivial compared to child pornography. The suspect could just be an ass to police for the fun of it.

They could maintain their own up-to-date list of Tor exits, or just download the list before they go ahead and get a search warrant. It is really not that hard.

Maintaining an accurate list is hard. My purpose was to identify incoming Tor connections on my web server. In testing, I found that the list of exit nodes changes significantly within a span of 10 minutes, and the list I was using had update delays of up to 30 minutes. That's enough variation to cast doubt on any list. Linked in TFA is the ExoneraTor, which strives to do exactly what you suggest, but apparently its results can only show that a given exit node was likely to be running or not.

I view it as a threat -- they are telling the guy that he will have to go through this entire situation again if he continues to run a Tor exit.

That's not so much a threat as a statement of fact. It's not a threat for me to tell you that you're likely to be injured if you start throwing punches at random people on the street.

He was never committing a crime to begin with, so why should his behavior change?

He wasn't convicted of a crime or even accused of one. His behavior should change because he's making life more difficult for himself. If he likes making trouble for investigators and himself, fine. It's his choice. He can go through the hassle again.

ICE has no business showing up at an exit node operator's home.

So if a trail of bloody footprints leads from a murder scene to your front door, the police have no business talking to you about it, because those footprints could have been anybody's, and somebody could have used your porch to change shoes, and it's totally not your problem at all, right? Getting a warrant to check for bloody shoes in your closet is unreasonable, and they should have asked you first! Once you tell them that that guy down the street wears shoes sometimes, they should leave you for a while, and ignore the bonfire in your backyard, because you could be innocent, so they should respect your rights at all costs.

Re:Intimidation

[s73v3r]

What information regarding their case can ICE hope to get from the seized computer?

Kiddie porn? Remember, they were probably going off some server logs, and this guy's IP showed up. It's pretty reasonable to think that he might have had something to do with it, so you investigate. Note that he was NOT arrested, and did get his stuff back.

Re:Intimidation

[Discrete_infinity]

The police never asked for Mr. King's logs, they just busted in and seized his equipment.

[citation needed]

It appears to me that they simply assumed the guy responsible for the Internet connection was... you know... responsible.

They assumed and therein lies the problem, but hey don't let the facts get in the way because that's inconvenient. ;^P

Re:Intimidation

[s73v3r]

You've made this argument several times, and it still doesn't hold water. You're saying that there is no reason to investigate, when that is blatantly false. His computer was used in the transmission of kiddie porn. His IP was in the logs. It's completely reasonable to want to investigate whoever had that IP at that time.

Note that I said INVESTIGATE; I'm not saying he should have been accused or arrested. They should have gotten a warrant, investigated the machines he had, and when no evidence came up, returned the equipment, and sent him on his way.

The way you know that this has nothing to do with legitimate investigatory techniques is that ICE threatened the guy when they returned his equipment, telling him that he have to deal with more law enforcement harassment in future should he continue operating a Tor exit.

That doesn't sound like threats; that sounds like reality. Operating an exit, your IP is going to show up in a lot of places where you probably don't want it to. Which means it's going to get investigated. A lot.

Re:Intimidation

[s73v3r]

The point here is that an IP address does not identify a person

No, but it identifies a household, and a person responsible for that connection. It's a start to an investigation. While an IP alone should not be used to charge someone, having an IP means that you probably have the location of a number of computers that probably have evidence. So it's worth it to investigate.

Re:Intimidation

[s73v3r]

You still have not answered the question: Why should operating a Tor exit node absolve you of any wrongdoing you might have done? Because that's what you're advocating. You're saying that someone who's running Tor should be immune from any investigation involving their internet connection.

Re:Intimidation

[s73v3r]

As would I. However, that doesn't mean that law enforcement shouldn't investigate when they have a probable cause to.

Re:Intimidation

[s73v3r]

It doesn't identify a specific person, but it does identify a household and a person responsible for the connection. It's not enough for charging someone, but it is enough for the start of an investigation.

Re:Intimidation

[s73v3r]

Bull Fucking Shit.

They had PROBABLE CAUSE to believe that computers connected to that IP were the source of illegal traffic. They got a warrant. They served it, and they investigated the machines he had.

There is absolutely no reason to believe this was bad police work.

Re:Intimidation

[betterunixthanunix]

His computer was used in the transmission of kiddie porn

So were dozens of computers operated by ISPs (we call these computers "routers").

His IP was in the logs

Which could just as easily have been:

• A neighbor using his Internet connection
• A guest
• Malware running on his computer (in which case Mr. King was not the one committing a crime)
• Mr. King's proxy server or Tor exit node

The problem is that the IP address was the only evidence ICE had, and on that basis alone they busted into his home and took his property.

It's completely reasonable to want to investigate whoever had that IP at that time

A competent investigation would have quickly determine that he was running a Tor exit:

• My, there is a lot of apparently unrelated traffic on this connection
• We checked, this IP address is listed as a Tor exit

No equipment seizure needed, and Mr. King may have even been willing to cooperate with ICE to try to catch whoever it is that they were looking for (if ICE had any clue who exactly they were looking for).

They should have gotten a warrant, investigated the machines he had, and when no evidence came up, returned the equipment, and sent him on his way.

Meanwhile, he does not have a computer -- for some people, that means losing the ability to work. Will the government compensate him for the lost computer time, lost work hours, expired stock options, etc.? Will the government give him another computer to use, while they are examining the equipment they took from his home?

I suspect the answer to those questions is "no."

Re:Intimidation

[betterunixthanunix]

No, I am advocating that Tor exits be treated as what they are: communication services. You don't see the cops seizing routers and servers from ISPs, and you should not see them seizing an exit node operator's equipment either.

Re:Intimidation

[cheekyjohnson]

Yes, but the problem is that not everyone agrees on how much evidence they need before they can take action that may harm one or more individuals. For instance, not everyone thinks that merely having an ip address is enough to confiscate someone's equipment.

Re:Intimidation

[s73v3r]

A competent investigation would have quickly determine that he was running a Tor exit:

No, a competent investigation would not assume that, just because he's running a Tor node, doesn't mean he couldn't have done it. A competent investigation would still investigate his equipment, but quickly come to the conclusion that it wasn't his traffic.

No equipment seizure needed, and Mr. King may have even been willing to cooperate with ICE to try to catch whoever it is that they were looking for (if ICE had any clue who exactly they were looking for).

Or, had Mr. King been the originator of the traffic, it would give him time to destroy evidence. But of course, you don't care about that. You just want to bitch and moan about "da gubbmit takin my stuff!"

Meanwhile, he does not have a computer -- for some people, that means losing the ability to work. Will the government compensate him for the lost computer time, lost work hours, expired stock options, etc.? Will the government give him another computer to use, while they are examining the equipment they took from his home?

You're acting like he can't get access to another computer. Besides, he knew the risks he was undergoing when operating a Tor node. That's like saying it's unfair that someone had their luggage taken for investigation because they agreed to take a package from a stranger, and now they have no spare clothes.

You are VASTLY overreacting about this entire thing. This was a legal, run of the mill search warrant. There was nothing different about this than about any other search warrant out there.

Re:Intimidation

[s73v3r]

Why not? Because an exit node operator can't originate that traffic either? Also, ISPs keep logs. That's why they are given that leeway. Tor node operators usually don't.

Investigated == not good

[SirGarlon]

Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes

Unfortunately there is a lot the authorities can do under the name of "investigation" to harass, abuse, intimidate, and even detain you. Seizing computers is bad enough but if they really want to play hardball they can haul you in "for questioning" ... on a daily basis ... and pick you up at inconvenient times like when you're at the office or in the middle of the night. So really being investigated is the thing you don't want, because it can make your life hell and in the end the cops can just smile and say "No charges. Have a nice day, citizen."

Re:Investigated == not good

[Seumas]

Exactly. The point of stories and incidents like this is to intimidate the population at large. You may have a right to do something, but if it is made difficult enough to do, you just won't bother and the ultimate impact is the same as if you didn't have that right - because everyone is intimidated into not doing it. Very few people care enough about anything to accept the total disruption of their life, possible public accusations (often of really hideous things), massive legal fees, and years tied up in court asserting your rights.

Re:Investigated == not good

[Penguinisto]

I'm pretty sure that if such a pattern (or even habit) arose and word got out about it, you'd have a line of lawyers 10 miles long waiting at your door to help you sue any PD or agency was stupid enough to try.

Sure, they can pull it off for a short period of time, once, and there'd better be a warrant involved (we're talking computers here, not weed - you can't smell illegal computer activity from the front door). More than once (twice at most), and it becomes a pattern of harassment that can be litigated against. Police departments and agencies do have budgets to protect, after all.

Re:Investigated == not good

[subreality]

Also, with the very large number in existence these days, if they decide they don't like you because you're supporting the terrorists / pedophiles / commies, I guarantee you, they can convict you of something. Perhaps it's totally unrelated to what they were originally investigating you for, but as long as they had legitimate probable cause for the initial investigation, anything else they find is fair game. So this isn't true:

Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes.

No sir. It makes you less likely to be convicted than someone else who is being investigated, but overall, you're much more likely to be convicted of something once their gaze falls on you.

Re:Investigated == not good

In the US you have no obligation to even respond to any "questioning." Most lawyers would recommend answering any question from a cop with only "I have nothing to say to you officer." Also, any false answer could be a felony.

Every cop knows the public is not required to answer their questions. They know that they are trying to trick you to answer. And every cop "lawyers up" when the situation is flipped, like when they have fired a gun on duty.

The seizing of your equipment is a real problem, but don't ever compound it by saying anything. Often they don't have enough to arrest someone until they ask questions and are provided with the voluntary answers that can, and will, be used against you.

CA atty

Re:Investigated == not good

[lightbounce]

Also, once they seize your computer for running a Tor node they can also look for evidence of illegal activity elsewhere on the drives. After all, they still have be sure that you aren't the source of the activity. Nothing says there couldn't be several independent sources of illegal activity running through your Tor node or open access Wi-Fi, including possibly your own.

Unfortunately...

[fuzzyfuzzyfungus]

'Mere' investigation can be made rather unpleasant, depending on the crime in question, the enthusiasm of the cops running after it, and your access to legal representation...

There are the practical difficulties: Having everything vaguely resembling a computer siezed and held for who-knows-how-long, potentially quite signifcant legal costs, etc.

And there are the ones arising from the common, but troublesome, opinion that investigation is a sort of lesser degree of guilt. The taint by mere association is worst with kiddie-porn related matters; but the touchier types seem to consider "Police Record: Checked, found absolutely nothing." to simply be a subspecies of "Police Record" and act accordingly. Fan-tastic.

Re:Unfortunately...

[bjamesv]

What practical physical barriers are there that can prevent "everything vaguely resembling a computer siezed"?

The police will come to your residence, no?

would it have to be as extreme as having a 2nd address with your open WiFi and Tor exit node running? How do hosting companies convince the cops to "only" take one entire rack or server, and not every scrap at their location?

Re:Unfortunately...

Sounds like you have some personal experience in that area. Been "tainted" by looking up pictures of little boys again have you? Tsk-tsk.

Re:Unfortunately...

[rainsford]

I imagine it's easier for hosting companies because they aren't the prime suspects of whatever the crime is, they're simply assisting the investigation. The person running a TOR exit node IS the prime suspect, because of how TOR works. A hosting company has records and logs of who's using what, a history of helping in police investigations and not being the guilty party. But as far as the cops can tell, you personally own and operate the TOR exit node that the traffic appears to have come from. You have no records of anyone else generating or being responsible for the traffic. If someone downloads kiddy porn through your TOR exit node, the only way the cops can tell it wasn't you is by searching your computing equipment for kiddy porn.

Re:Unfortunately...

[Seumas]

They don't. You recall the recent incident where cops went into a colo and just started yanking servers, which completely fucked over innocent and uninvolved parties like pinboard.in, reddit and others, yes?

Re:Unfortunately...

I'd have no problem being investigated. Nor having all equipment confiscated. BUT, if I happen to be innocent:
- all equipment returned, fully operational (ALL defects should be considered caused by the transport or the shutting off)
- all damages sustained by the absence of such equipment refunded, something for psychological inconvenience too.
- official excuses from investigators and free space on media to publish it

Else investigations become a de facto payment without trial and that's not what happens in a democracy.

 

Re:Unfortunately...

[SirGarlon]

Else investigations become a de facto payment without trial and that's not what happens in a democracy.

What happens in a democracy is what the people want to happen. Remember that Socrates was executed by a democracy. Democracy is a necessary condition for justice, not a sufficient one. The price of freedom is eternal vigilance, and all that.

Re:Unfortunately...

[zildgulf]

This is why investigation and arrest records need to be sealed from the general public and let only the conviction records be available. Many people get property seized and even arrest when they have committed no crime. Remember the presumption of innocence? I know that a quaint idea but we voters need to insist our representatives pass laws that protect that idea or it will be dead, permanently!

If not then we will have lost our basic rights as citizens for our Constitutional rights will not be preserved if you fight for your rights and authorities can cast you as guilty by seizing property and arresting you with some trumped up charge only to drop the charge before a bond hearing. Spend an hour in jail and be presumed guilty by society forever? That is what we are headed towards.

Re:Unfortunately...

[sjames]

And, of course, there is the significant chance that once your equipment is returned, it just happened to all fail milliseconds before the cops grabbed it (since, of course they would NEVER through malice or carelessness destroy it all while it's in their posession).

What was ICE investigating?

[unencode200x]

Does anyone know what was ICE investigating? Search warrants aren't granted just because someone is using TOR.

Re:What was ICE investigating?

ICE handles lots of CP cases. TOR is a popular way for pedos to obtain CP. I'm gonna guess these facts may be related.

Re:What was ICE investigating?

They also deal with a lot of counterfeiting cases, which have apparently been on the rise lately.

Chilling effect

This absolutely sucks. If your stuff is taken, it's possible you will never see those drives again after they have been forensically disassembled and scanned. If you do, they'll likely be infected with surveillance stuff.

In other words, this fulfills its purpose and intimidates people into not using Tor. No conviction is necessary.

It may be legal...

...but it still can make you responsible. Being the exit node means you're the first target for stuff being backtracked. It's a risk that you have to accept.

Answer To This.

[bjamesv]

Is registering as a business the answer to "confiscate everything in sight that looks like a computer?"

Maybe paying for a business line will frame the cops expectations correctly before they roll up on your residence. Make them more willing to listen to your network setup and only take the publicly accessible _half of your kit.

Re:Answer To This.

[rainsford]

I imagine a better solution would be to get a virtual or dedicated server at some hosting company, clearly labeled as a TOR exit node (have it host a webpage explaining that fact) and if you can, ONLY use it for that. If you set up a separate corporate entity that owns the server, even better. The law protects you no matter where you run the exit node, but if you want to avoid even being personally investigated at all, you definitely need some significant separation between your home and your exit node.

Re:Answer To This.

[Riceballsan]

I don't believe simply registering as a company, you need to be a corporation large enough to be capable of contributing at least a few hundred thousand to re-election funds, or have lobyests to get any kind of legal grace. A small company of 100 or less people, really doesn't bother them if it goes bankrupt while they spend a few months checking the equipment to see if they possibly were used as a tool for a crime.

Re:Answer To This.

[fuzzyfuzzyfungus]

I am neither a lawyer nor your lawyer; but I suspect that once the boys in blue are knocking on or down your door, you have a problem. It is unlikely that you'll manage to convince them to take your word for how your network is set up and just seize part of the potential evidence. Even if you do strike it lucky and get a techie with a gun and badge, rather than a cop who can pretty much handle dealing with physical evidence, why would he trust you, or do the fiddly forensics on site instead of just hauling it all off and doing the work back at the office?

You might have better luck with the seedy-but-legalish-if-often-a-cover-for-dodgy-activities techniques adopted by besuited scammers and corporations with creative accountants. A shell company, incorporated in one of the states with virtually bulletproof corporate veils and lax reporting requirements(scenic Nevada, for instance) with a vaguely telcomm-related name and no assets aside from a cheap hosted server somewhere, is no more immune to a raid than you are; but might encourage the investigators to finish picking over the raid evidence before deciding whether or not to try to hunt up the corporate officers/owners...

Re:Answer To This.

[delinear]

It's only BIG business that's above the law.

What about in Europe?

[ChumpusRex2003]

Does anyone know what the legal issues about TOR are in Europe?

European law makes the last 'named' user of an internet connection responsible for any transmissions via it. So, if running a TOR exit node from your home, your name would be the last name on the list (after your ISP, etc.). As a result, if a offence is committed via your connection, then you as the last named party are the person responsible for it.

The only defences are:
1. That you can provide proof of identity of the person who did commit the offence, or other strong evidence that you were not responsible.
2. You can prove that the use of your connection was unauthorized (and that you were not negligent in securing access to your equipment).

Re:What about in Europe?

Run TOR on EC2 or another cloud provider and see what happens ;-)

Re:What about in Europe?

Because Europe is a single country with equal laws regarding this subject, amirite?

Re:What about in Europe?

European law makes the last 'named' user of an internet connection responsible for any transmissions via it. So, if running a TOR exit node from your home, your name would be the last name on the list (after your ISP, etc.). As a result, if a offence is committed via your connection, then you as the last named party are the person responsible for it.

The only defences are:
1. That you can provide proof of identity of the person who did commit the offence, or other strong evidence that you were not responsible.
2. You can prove that the use of your connection was unauthorized (and that you were not negligent in securing access to your equipment).

That's just not true.

Re:What about in Europe?

[delinear]

2. You can prove that the use of your connection was unauthorized (and that you were not negligent in securing access to your equipment).

Well that's pretty much everyone with an unpatched Windows botnet zombie going to jail, then.

Re:What about in Europe?

[Z00L00K]

depends on which country, but you may breach your agreement with your ISP by running a TOR node.

Re:What about in Europe?

I imagine it varies by country. The EU has standardised the field to some extent, but not so much as it has in other areas.

Re:What about in Europe?

[nosferatu1001]

None of the above is true, and there is no singular "European law" that would enable it; each country has to have primary legislation enabling such a thing, and the implementation in each country can be very different.

Re:What about in Europe?

[ChumpusRex2003]

You are correct. I had mistaken the UK's "Digital Economy Act" for a European directive. It is not an EU directive, it is a piece of UK specific legislation.

The DEA places specific requirements on ISPs (for example, a coffee shop offering a wi-fi service to its customers would be considered an ISP under the legislation) to keep a log of all users of the network, and all the network destinations that they contact. To avoid prosecution in the event of a copyright claim traced to their premises, they will need to provide the name and address of the person making the access. If an ISP fails to keep a log of internet accesses and a real ID associated with them, then they must take responsibility personally for the offence.

Someone providing a totally free Wifi service (for which no fee is taken, and which is not provided as a 'bonus' to another transction) e.g. a home user, keeping a wifi router open for friends and neighbours, is not classed as an ISP. In their case, they are legally responsible for any offence committed using their network.

Re:What about in Europe?

2. You can prove that the use of your connection was unauthorized (and that you were not negligent in securing access to your equipment).

Well that's pretty much everyone with an unpatched Windows botnet zombie going to jail, then.

If there's a downside to that, I'm not seeing it :)

Soviet America?

[RulerOf]

harassing Tor exit node operators should not fall under the jurisdiction of any agency, but in Soviet America,

In Soviet America, ICE melts you?

I've gotten a call from the police about TOR

[hawkeyeMI]

I run an exit node on a VPS. Apparently it'd been used by some guy to try to get a teenaged girl to send him naked pics. They subpoenaed everything back to my business cable connection at home and then called up my company (i.e. me) about it citing a scary amount of information about me. I explained to the detective what TOR was (I already have the standard exit node info page up as recommended on the web server), and he'd already heard it from someone else (a civil lib organization running TOR exits used by the same guy). They dropped it there. Scared me a little and I contacted the EFF, who did not hesitate to offer support should something worse happen in the future. EFF is one of the only organizations I donate to, ever, and I donate a decent chunk of change every month. I'm a proud supporter and it's good to know they're there to support me too.

Re:I've gotten a call from the police about TOR

What a sad state of affairs this country is in.

Re:I've gotten a call from the police about TOR

So... you just protected a pedophile, good job!

Re:I've gotten a call from the police about TOR

[hawkeyeMI]

Unfortunately it seems in order to protect the good you have to protect some of the bad as well. EFF discusses this a bit on their site.

Six hard drives?

Six hard drives to run a Tor exit node? Seems overkill.

You can run a Tor exit node off of a minimal Debian system installed on a 2GB flash drive with no other hard drives (not even CD-ROM's) installed on the system. Not a very powerful PC is needed to run it. You could likely fish a throwaway system out of a dumpster and use that.

How long until

every chimp learns that sticky hosts must live on a remote hosting facility, paid in cash?

Tor's architecture sucks

Too many free riders depending on too few exit nodes. It needs to be peer-to-peer: If you _use_ an exit node, you should _be_ an exit node.

yea nice FAQ EFF you forgot one

[Osgeld]

what the fuck is TOR

Re:yea nice FAQ EFF you forgot one

[u38cg]

Google. Use it. Or go to a website where common technical terms are not assumed to be known by the community.

Re:yea nice FAQ EFF you forgot one

[Osgeld]

I already did, and I am so glad you know every fucking acyronym jargon bullshit name to every open source project every shat out. you must be a awesome person.

Re:yea nice FAQ EFF you forgot one

[u38cg]

Google for tor; the top two links are the project front page and the second is the Wikipedia article. Oh, sorry, do I have to explain what "Google" is? Fuck you, pal; this is a website for people who already know what technical terms here mean and who can operate a search engine when they don't. Tor has been out for nearly ten years now. If you're ignorant, don't blame the rest of us.

Re:yea nice FAQ EFF you forgot one

[Osgeld]

sorry but apparently you cant fucking read, first 3 words "I ALREADY DID" I know how to use google you worthless fuck I did it 10 seconds after posting you retard

  now go troll your superiority somewhere else

my fucking god why has this website turned in to nothing but trolls waving their tiny dicks around

google? thank you mr tech Jesus! the population of the world is too fucking stupid to use google without you giving attitude first, you mom must be proud of her little fag in the basement

now go choke on a dick you worthless troll fuck

Re:yea nice FAQ EFF you forgot one

[u38cg]

Next time, ten seconds before posting. As for "this website turned into", well, 1900440, I can assure you it hasn't changed much in the time you've been here.

Dichotomy?

[ThanatosMinor]

I do not think it means what you think it means
Specifically, a dichotomy is a separation, usually a splitting of one thing into two separate and distinct parts. It usually requires that there be a choice, A or B.

It does not mean "hey, that's interesting."

Someone did or did not read the fine print...

[FlyingGuy]

From the TOR site...

An exit relay is the final relay that Tor traffic passes through before it reaches its destination. Exit relays advertise their presence to the entire Tor network, so they can be used by any Tor users. Because Tor traffic exits through these relays, the IP address of the exit relay is interpreted as the source of the traffic. If a malicious user employs the Tor network to do something that might be objectionable or illegal, the exit relay may take the blame. People who run exit relays should be prepared to deal with complaints, copyright takedown notices, and the possibility that their servers may attract the attention of law enforcement agencies. If you aren't prepared to deal with potential issues like this, you might want to run a middle relay instead. We recommend that an exit relay should be operated on a dedicated machine in a hosting facility that is aware that the server is running an exit node. The Tor Project blog has these excellent tips for running an exit relay. See our legal FAQ on Tor for more info.

I applaud those who do this but sadly they will be taken advantage of for illegal purposes and therefor the operators are at risk.

In other posts people suggest that ISP's should suffer the same fate but don't are reminded of the "Common Carrier" law. If these individuals were to set them selves up as a common carrier I wonder if they would realize the same protections. Given that those with CC protection do in fact cooperate with LE would that then make them obliged to do so?

Re:Someone did or did not read the fine print...

Even if they did cooperate, there's nothing they can do to help them unless the user is using the same TCP connection constantly. They'll get bounced around between exit nodes and the exit node can only see the relay node it's coming from.

I've said this several times here before

That a LOT of these TOR endpoints/exit nodes (as well as "anonymous proxies" out there too) WILL be setup as "honeypots", with highspeed connects behind them to "lure in" scumbags that use them & face it:

A Good 99% of the time, anyone using them IS UP TO NO DAMN GOOD ANYHOW, period. I don't want to hear the std. b.s. line of "I am protecting my anonymity &/or privacy" horseshit either in effete retaliation. I know I am speaking the truth is why... @ least for the MAJORITY of those using those tools.

E.G.-> Hell, I know for a FACT that the trolltalk.com trollsquad around here (a couple names below in fact that I have point-blank CAUGHT admitting they use TOR endpoints to do this very thing no less as well as other nefarious cowardly bullshit - I can produce a link from slashdot itself with them stating it verbatim too, that they'd do that to downmod me & troll myself) does that very thing, just like HBGary was caught in email stating they were doing! This is the province of lowly cowards... especially ones that KNOW they can't stand up to solid computer-oriented on topic technical backing being used by those that "kind/ilk" trolls in effete retaliation (along with bogus technically unjustified mod downs & adhominem forums "illogic logic" based b.s. attacks).

That type of online behaviour? The province of what I call "not men" (weasels in other words).

It's done by trollish weasels a lot, & for allowing them to seem as if they are "many people", to create the illusion of "consensus", which works on the "weak minded" out there!

(Sure, sure... "4 out of 5 dentists chew Trident sugarless gum" (sure, when they are on the company payroll I am sure they do, makes for a GOOD solid bent statistic with a crooked sampleset is why & works for the "jump on the bandwagon" p.r. technique, especially with those that can't think for themselves!)).

Yes, pitiful...

They make it seem like their multiple registered personas here are "many people", when in fact/reality? It's only really 1 or 2 at most, albeit using diff. online ID's to 'gang up' on others etc. here...

They cheat the moderation system too, by up modding "one another" (themselves) via diff. registered "LUSER" account names, & logout afterwards to save their cookie states, then the AC trollings start up from them as well.

It's pitiful... & their FAV. COLOR MUST BE "TRANSPARENT", because they are truly just "too, Too, TOO EASY" to see thru...

* Right WebmistressRachel/TomHudson & crew?

APK

P.S.=> Disclaimer: There MAY be some people who genuinely BELIEVE that TOR endpoint switches + "highly anonymous proxies" are protection for they (TOR has weaknesses with apps set to specific DNS servers, e.g.-> Windows update on the "good end" of things, & malware being another, for 2 quick examples thereof) but... they're stupid!

NOW - that MAY have "held true" @ some points in the past, but for example?? Were I in law enforcement & signals intelligence + online monitoring for security (which you're seeing a LOT more of these days for both GOOD AND BAD reasons)? I'd be setting up TOR endpoints + anon. proxies like MAD as honeypots... & guys, mark my words:

IF I CAN THINK OF IT, it's already being done by law enforcement imo (call it a VERY informed opinion no less)...

... apk

Re:I've said this several times here before

Actually, APK, if you can think of it, it was probably being done by law enforcement 10 years ago, and is now obsolete.

ICE is the least of your concerns

[MrEricSir]

DoD runs Tor nodes around the world. You know, to help "spread democracy through free speech."

Or at least, that's the official reason. It's not like running thousands of Tor nodes could help you spy on Tor users or anything, right?

Re:ICE is the least of your concerns

[Chaonici]

> It's not like running thousands of Tor nodes could help you spy on Tor users or anything, right?

Actually, it really wouldn't. Snooping on the traffic that runs through your exit node doesn't help you identify its source, as all you'll see is the IP address of the relay node that delivered the traffic to you. You would have to control every node in a chain, or at least a great deal of them, in order to begin to have a chance of identifying a Tor user, and since each chain of nodes is randomized for each connection, I highly doubt any organization in the world could pull this off.

Re:ICE is the least of your concerns

[MrEricSir]

An organization with nearly unlimited money can do a lot of scary things.

Geesh -- wake up and smell the internet, dude

[rocket+rancher]

seizing anything that is suspected of being used for criminal activity has been perfectly legal for hundreds of years. and there is no excuse that you were running some service or other and didn't know what other people were doing. if the cops get a hunch they will seize your stuff to look for evidence and impound it if there is evidence of a crime

No, no, and no. Your notions about search and seizure don't work the way you think they do on the net, as I'm sure other people will point out to you in excruciating detail. I'll just stick to your obvious ignorance about anonymizers in general, and TOR in particular. Do you really understand what a TOR route is, and the function of entry and exit nodes? It's like a blind drop, to borrow a phrase from espionage. The traffic that exits TOR back onto the internet can't be associated reliably with the address that it entered TOR from. Law enforcement agencies like ICE understand this -- they know that evidence that leads them to TOR is a dead end. What is interesting here is that ICE decided to intimidate the TOR operator by seizing his equipment anyway, warning him explicitly when they gave him back his gear that they might take it away again. Fwiw, I think the TOR operator has a case that his fourth amendment rights to protection from unreasonable search and seizure were violated, and that ICE actually communicated a threat to him. I hope like hell EFF encourages him to pursue it.

But wait there is more...

Whether intentional or not being investigate for crimes you didn't commit or were not a criminal accessory to is punitive. PUNITIVE.

There is an effect. Making you materially whole again by returning your equipment is just part of the problem.

Plain and simple there needs to be a constitutional amendment regarding privacy in this day and age. There MUST be an expectation of privacy in your digital life and it must be more difficult to breach that by LE and CORPs than by being "significant to an investigation" (must have probable cause/warrant) or a 10 page EULA (See South Park "HUMANCENTiPAD").

I can't see setting up honeypot TOR nodes

OR anonymous proxy honeypots as being obsoleted: It works!

APK

P.S.=> I'd SERIOUSLY consider avoiding them, to any of you that use them for "nefarious/illegal" purposes... that's all!

... apk

Actually, APK, if you can think of it,

Said Dr. Nobody the ac trolling reply using and done nothing of significance in computing ne'er-do-well's requoted below:

Actually, APK, if you can think of it, it was probably being done by law enforcement 10 years ago, and is now obsolete. - by Anonymous Coward the done nothing ne'er-do-well on Friday August 26, @05:23PM (#37223130)

At least he can think and has shown many times online and in written publication in computing he can. Can you? No.

Question: What is it like being a ne'er-do-well trolling little plastic worm that has to dwell in the anonymity shade of loserdom as you do?

BEST YOU HAVE's a mod down?

Is THAT the "Best you've got"? Apparently so - which only means I've done my job, leaving you "speechless" with off-topic b.s. & effete mod downs... lol!

APK

P.S.=> The "effete mod down retaliation" is SO pitiful on your parts, it truly is... makes me laugh!

... apk