Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Boing Boing Handled an FBI Subpoena Over Its Tor Exit Node

Posted by Soulskill on from the very-carefully dept.

An anonymous reader writes: Cory Doctorow has posted an account of what happened when tech culture blog Boing Boing got a federal subpoena over the Tor exit node the site had been running for years. They received the subpoena in June, and the FBI demanded all logs relating to the exit node: specifically, "subscriber records" and "user information" for everybody associated with the exit node's IP address. They were also asked to testify before a federal grand jury. While they were nervous at first, the story has a happy ending. Their lawyer sent a note back to the FBI agent in charge, explaining that the IP address in question was an exit node. The agent actually looked into Tor, realized no logs were available, and cancelled the request. Doctorow considers this encouraging for anyone who's thinking about opening a new exit node: "I'm not saying that everyone who gets a federal subpoena for running a Tor exit node will have this outcome, but the only Tor legal stories that rise to the public's attention are the horrific ones. Here's a counterexample: Fed asks us for our records, we say we don't have any, fed goes away."

104 comments

  1. A service to the community: release the text by Rinisari · · Score: 2, Interesting

    I think it would be a great service to the Tor community to release the text of what Boing Boing sent to the FBI as a shining example of how to handle such requests. It may need to be specifically tailored to the sender, but something to go off of might be of benefit to folks running a node who don't have the funds to see legal help outside of /r/legaladvice.

    --
    Colin Dean Go a year without DRM
    1. Re:A service to the community: release the text by Anonymous Coward · · Score: 5, Informative

      From the article, literally the first link in the summary:

      Special Agent XXXXXX.

      I represent Boing Boing. I just received a Grand Jury Subpoena to Boing Boing dated June 12, 2015 (see attached).

      The Subpoena requests subscriber records and user information related to an IP address. The IP address you cite is a TOR exit node hosted by Boing Boing (please see: http://tor-exit.boingboing.net/). As such, Boing Boing does not have any subscriber records, user information, or any records at all related to the use of that IP address at that time, and thus cannot produce any responsive records.

      I would be happy to discuss this further with you if you have any questions.

    2. Re:A service to the community: release the text by quantaman · · Score: 4, Informative

      I think it would be a great service to the Tor community to release the text of what Boing Boing sent to the FBI as a shining example of how to handle such requests. It may need to be specifically tailored to the sender, but something to go off of might be of benefit to folks running a node who don't have the funds to see legal help outside of /r/legaladvice.

      From the article:

        We contacted our lawyer, the hard-fightin' cyber-lawyer Lauren Gelman, and she cooled us out. She sent the agent this note:

      Special Agent XXXXXX.

              I represent Boing Boing. I just received a Grand Jury Subpoena to Boing Boing dated June 12, 2015 (see attached).

              The Subpoena requests subscriber records and user information related to an IP address. The IP address you cite is a TOR exit node hosted by Boing Boing (please see: http://tor-exit.boingboing.net...). As such, Boing Boing does not have any subscriber records, user information, or any records at all related to the use of that IP address at that time, and thus cannot produce any responsive records.

              I would be happy to discuss this further with you if you have any questions.

      And that was it.

      --
      I stole this Sig
    3. Re:A service to the community: release the text by demonlapin · · Score: 1

      And if you're not Boing Boing and don't have the personal cell phones of the EFF's lawyers, what are your results going to look like?

    4. Re:A service to the community: release the text by Anonymous Coward · · Score: 5, Funny

      I think it would be a great service to the Tor community to release the text of what Boing Boing sent to the FBI

      Seems unlikely, considering that it being a single click away was a sufficient deterrent to you reading it.

    5. Re:A service to the community: release the text by Actually,+I+do+RTFA · · Score: 2

      Probably fairly similar. Or at least no worse than it would be otherwise. Most of the times your read about the feds jumping up and down on someone, it's when they decided to be "clever" or belligerent, or similar. Nothing is more likely to get a good response than a calm, respectful response.

      --
      Your ad here. Ask me how!
    6. Re:A service to the community: release the text by tlhIngan · · Score: 3, Insightful

      Note the FBI asked for logs and stuff - they were assuming the IP address in question was loaned out - either they were an ISP, or maybe a VPN provider, or some other thing.

      Presumably Boing Boing owns enough IP addresses that they can dedicate it just for TOR exit nodes. And nothing else - I mean, if they had a webserver on it, they presumably they would have logs to hand over.

      If it was you or I with a leaf connection to our ISP, then most likely things will not be so easy - since they will go after the ISP, who will happily give up your information. Unless of course, you decide you want to give Comcast more money and buy a connection just to run Tor on.

      So the trick may work in the limited case where yes, it's a dedicated Tor exit node and not used for anything else. But if there's a chance it was used for personal reason or there were logs for some other service, then maybe things won't be so good.

    7. Re:A service to the community: release the text by Anonymous Coward · · Score: 2, Funny

      If you have the personal cell phones of the EFF's lawyers, you're most likely a thief and in need of some jail time.

    8. Re:A service to the community: release the text by hairyfeet · · Score: 1, Interesting

      I don't think it would matter as they were a corp with money and you are most likely not. Like it or not according to a friend who works at the state crime lab running something like a Tor exit node or Freenet and you can be charged with child porn distribution whether you ever had access to the offending material or not.

      The way it was explained to me was like this.."imagine I give you a safe to carry to the next town. this safe is locked, you have NO way to access this safe or know the contents. Now the cops pull you over, break open the safe and find CP. The ways the laws are currently written you are guilty of distribution even though you had no way of accessing or knowing because you chose to carry the safe no different than how you chose to run Freenet or Tor".

      Now is this wrong and fucked up? Sure it is but the way the CP laws are written you WILL be looking at a couple years of court, costing tens to hundreds of thousands, and of course you'll have your reputation destroyed, probably lose your job, and will most likely never see any of your electronic equipment ever again. If you don't believe this just look at guys getting their lives destroyed over a virus infected computer which any Geek Squad could have detected in 5 minutes or less. What is more you can go to Wikileaks and look up "confessions of a child pornographer" and read that he BRAGS about this exact attack, which he does because he thinks its "funny" and leaves cops chasing innocents instead of his customers. What does the prosecutor say when shown the evidence " He infected his PC on purpose as an excuse" showing the cops do not give a single flying fuck whether they get the right person or not, just that they get somebody. The reason why is simple, prosecutors wanna be governor some day and by showing you are "tough on perverts" you can get votes, no reporter ever checks to see if those busts were actually legit or not.

      So I would strongly think twice if you use this software and ask yourself "can I afford a couple years of my life gone in court, and the risk of decades in prison? Is there anybody that counts on me for income?" because thanks to the fucked up red scare vague as fuck laws we have in the US when it comes to CP that is what you are risking by running this software.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    9. Re:A service to the community: release the text by 2fuf · · Score: 1

      The analogy would be a bit different for a TOR exit node, I'd think. You'd be carrying the safe, but as soon as stuff is put in there, you can see what is going in and where it came from. The only thing an exit node can not see is whom it is addressed to. So there is some level of knowledge that an exit node could have, although they can't point a finger to whom is loading it. Then again, whether you choose to log any of it or not is an entirely different matter. You could also rightfully claim to not have any logs or records for a regular web server for that matter (send all output to /dev/null), but I assume non-tech people would be harder to convince of that.

    10. Re:A service to the community: release the text by Anonymous Coward · · Score: 1

      The Tor Project provides plenty of sound advice for folks running Tor relay and exit nodes.

      The Legal FAQ for Tor Relay Operators.
      https://www.torproject.org/eff/tor-legal-faq.html.en

      Tips for Running an Exit Node with Minimal Harassment
      https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment

      Tor FAQ
      https://www.torproject.org/docs/faq.html.en

    11. Re:A service to the community: release the text by Anonymous Coward · · Score: 1

      Including plenty of boilerplate.

      Tor Abuse Templates
      https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates

    12. Re:A service to the community: release the text by hairyfeet · · Score: 1

      But again you are assuming the cops give a fuck about the truth instead of just getting SOMEBODY. Look at the German guy that was running an exit node, he had his gear snatched by the cops and I don't think he ever did get it back even though he was found not to have been doing anything. Remember only a few states here in the US have stopped the "civil forfeiture" legalized stealing so even if they let you go they can still keep your stuff and if you are like most geeks here that is thousands to tens of thousands worth of gear, poof!

      And again please read the article I linked to, any PC tech could have told you in under 3 minutes that the guy was innocent as his PC was making dozens of connections a second and downloading lists of material on command from the outside, a classic bot. What happened to him? He lost his job,had his reputation destroyed, 2 years of his life in court, and over $150K in lawyers fees, none of which he will EVER get back.

      So just remember you can't use logic and common sense here, we are talking POLITICS, which is why my friend is trying to get the hell out of his job at the crime lab. If somebody gets busted, even if its obviously bogus? Why that makes the front page and helps the prosecutor in his run for whatever office he desires, if its thrown out a couple years later? He done got a new job and the retraction is on page 12, for him its all upsides and no down. Think he gives a fuck if he destroys an innocent life or two? Not a chance, all he cares about is becoming a senator or congressman or governor.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    13. Re:A service to the community: release the text by Anon-Admin · · Score: 4, Insightful

      Not true, I ran an anonymous service for years. (Long before TOR became popular)

      I was visited by the FBI and Secret Service. I was also served warrants and subpoenas.

      The truth is, there is no law requiring that you track users or maintain logs of user activity. (In the USA)

      If you respond politely that let them know that it is part of an anon service and there are no logs available, they normally drop the request.

    14. Re:A service to the community: release the text by oobayly · · Score: 1

      What's the reasoning behind not returning confiscated equipment? I mean the legal reasoning, not the "we're the fucking police, so we'll do whatever we want". As far as I know, the UK police are just as bad.

    15. Re:A service to the community: release the text by Anonymous Coward · · Score: 0

      I mean the legal reasoning, not the "we're the fucking police, so we'll do whatever we want".

      Unfortunately, that is exactly the legal reasoning. Welcome to the United Police States of America, hand in your civil liberties at the border.

      "We had to destroy the Bill of Rights to protect it."

    16. Re:A service to the community: release the text by 2fuf · · Score: 1

      Dude, relax. I wasn't commenting at all on what you said about the way authorities handle this. I merely pointed out that exit nodes work in a certain way. I was neither agreeing nor disagreeing with you, and certainly not "assuming" anything.

    17. Re:A service to the community: release the text by bkr1_2k · · Score: 2

      "Special Agent XXXXXX.

      I represent Boing Boing. I just received a Grand Jury Subpoena to Boing Boing dated June 12, 2015 (see attached).

      The Subpoena requests subscriber records and user information related to an IP address. The IP address you cite is a TOR exit node hosted by Boing Boing (please see: http://tor-exit.boingboing.net...). As such, Boing Boing does not have any subscriber records, user information, or any records at all related to the use of that IP address at that time, and thus cannot produce any responsive records.

      I would be happy to discuss this further with you if you have any questions."

      Bold emphasis mine. The "at that time" portion is what is relevant here. What it has been used for at other times is irrelevant, if they're asking for a specific point or period of time. You can provide logs all day long about the activities during other times without it implying anything about the activities during the time the address was used as an exit node. It may still implicate YOU as someone who runs an exit node but there's currently nothing illegal about that.

      That's where my concern would be. How many times will this happen before some jackass tries to make logs a requirement or makes it illegal to even host such a thing in the USA.

      --
      "Growing old is inevitable; growing up is optional."
    18. Re:A service to the community: release the text by Anonymous Coward · · Score: 0

      A service to the community: release the dogs of tor!

    19. Re:A service to the community: release the text by fulldecent · · Score: 1

      More US citizens were killed in conscription to foreign wars than lives destroyed while defending domestic civil rights.

      Which would you rather fight for?

      --

      -- I was raised on the command line, bitch

    20. Re:A service to the community: release the text by Anonymous Coward · · Score: 0

      Is there an exception written into the law for the USPS?

      I'm sure they have been responsible for 'distributing' tons of illicit contraband over the decades.

    21. Re:A service to the community: release the text by tlhIngan · · Score: 1

      I don't think it would matter as they were a corp with money and you are most likely not.

      No, it's more likely BoingBoing owns a bunch of IP addresses. They dedicated one of them for a Tor exit node, much like you'd have another for web servers, etc.

      As in, that IP address most likely does not belong to a leaf user - it's in Boing Boing's address space, and they simply replied that that server does not keep logs as is the nature of a Tor exit node. And since that machine is only a Tor exit node, that's it. It never was a webserver or any other service.

      Whereas you and I are leaf nodes - we don't just run Tor exit nodes, but also we browse the web, download files, stream movies, etc through the connection. So you cannot claim innocence like Boing Boing can - because it could very well have been you that downloaded the files and not Tor.

      The basic rule in play is this - if you run a Tor exit node, make sure that's the ONLY thing running at that IP. Do not do your web surfing or run any other service on that IP - ever. If you did, make sure you keep really good notes on when you switched over, and make it complete and absolute.

    22. Re:A service to the community: release the text by TheCarp · · Score: 1

      On the virus laden PC thing.... I have a friend who did forensics work on a case that was far more solid (and not CP related) than that and the PC contents were kind of the icing on the cake.

      Anyway he got an image of the machine, and tried to go over the evidence where he ran into a snag. The machine was so virus and malware/adware laden that it was barely usable and was generating a near constant stream of network activity, including web requests, all on its own.

      Between that and almot losing my shit watching him turn colors trying to come up with a nice way to explain to a lawyer that the questions he was asking were technically too specific to be answered by the logs.... I can only say I expect to see more of these issues as time goes on.

      --
      "I opened my eyes, and everything went dark again"
    23. Re:A service to the community: release the text by Anonymous Coward · · Score: 0

      And the way you're judged in the court of public opinion also depends on it: if you get "clever" in the wrong way you're likely to have everyone who watches yelling "Three cheers for P. Barnes! Hip hip, horray!" after you get tazed.

      cite: https://www.youtube.com/watch?v=Ebt0l8s3aMQ (Watch it start to tazing. It makes the tazing much funnier.)

    24. Re:A service to the community: release the text by Krishnoid · · Score: 1

      "Chief, the Doctorow subpoena turned up nothing -- he said they have no logs."
      "Isn't this like that other one with that guy a while back -- Anon-Admin, was it?"
      "Yup, pretty much identical."
      "Ok, if this happens again, let me know. We'll kick it back through the law channels and get them forced to keep logs."
      "Gotcha. Where do you want to get lunch?"

    25. Re:A service to the community: release the text by hairyfeet · · Score: 1

      The other guy nailed it, picture the cops giving you the bird and just keeping your stuff, they don't need a legal reason. Look up "civil forfeiture medical marijuana" and you'll get to see videos of cops just coming in and stealing shit from pot stores where pot stores are legal and regulated and fucking laughing about it on camera!

      Welcome to fascism, where rights are only for the elite and for everybody else there is only the iron boot. the ONLY REASON you have anything right now is because some cop hasn't decided he wants to take it PERIOD. in the majority of states a cop can walk right in, cook up some obviously bogus charge, and take everything you own and never give it back. No trial, no judge, they just take what they want.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    26. Re:A service to the community: release the text by Zak3056 · · Score: 1

      More US citizens were killed in conscription to foreign wars than lives destroyed while defending domestic civil rights.

      Which would you rather fight for?

      [citation needed]

      The US suffered more dead in the civil war than in all other wars combined. Both sides in that war were fighting for domestic civil rights (with wildly differing definitions of what that meant, granted, but that doesn't change the numbers).

      --
      What part of "shall not be infringed" is so hard to understand?
  2. logs? by ganjadude · · Score: 4, Funny

    what logs?

    would be funny if they sent them literal wood logs

    --
    have you seen my sig? there are many others like it but none that are the same
    1. Re:logs? by bigfinger76 · · Score: 1

      That was covered. In the summary, no less.

    2. Re:logs? by Anonymous Coward · · Score: 0

      Hell no. Its going to be cold this winter. There's no way I'm sending any firewood to anybody. I'll need it for myself.

    3. Re:logs? by ganjadude · · Score: 1

      yes... i know....

      --
      have you seen my sig? there are many others like it but none that are the same
    4. Re:logs? by FatdogHaiku · · Score: 2

      all logs relating to the exit node

      Now I'm thinking about building a rack frame out of some thin lodgepole pines...
      Then you could take the frame apart and FedEX it to them as...
      wait for it...
      Support Logs!

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
    5. Re:logs? by Z00L00K · · Score: 1

      Those on the RAM disk of course, unfortunately we had a power failure.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    6. Re:logs? by Anonymous Coward · · Score: 2, Funny

      You just gave me the idea of a nerd costume party outfit...

      A guy with shirt that says "cron" who is holding a big log and looking at his watch, when it hits the minute mark he rotates the log and then goes back to looking at the watch waiting for the next minute.

      The right people would laugh their ass off...

    7. Re:logs? by Actually,+I+do+RTFA · · Score: 4, Informative

      would be funny if they sent them literal wood logs

      This is the kind of "clever" response that gets contempt charges.

      When dealing with a subpena, don't be clever. Don't be witty. Don't be funny. Don't ignore it (like lavalbit did). Just comply or fight it. Cause you are allowed to fight them. You just have to do so within a certain framework.

      --
      Your ad here. Ask me how!
    8. Re:logs? by dweller_below · · Score: 4, Informative
      Actually, we got the same response when we offered to send the actual logs.

      A very similar thing happened to USU. We received a summons from Homeland/ICE to produce 3 months of records (plus identifying info) for an IP that was one of our TOR exit nodes.

      I eventually managed to contact the Special Agent in charge of the investigation. He turned out to be a reasonable person. I explained that the requested info was for an extremely active TOR exit node. I said that we had extracted and filtered the requested data, it was 90 4 gig files (for a total of 360 gigs of log files) or about 3.2 billion log entries. I asked him how he wanted us to send the info. He replied that all he needed to know was that it was a TOR exit node. I then asked again if he wanted the data. He said something like: "Oh God no! Somebody would have to examine it. It won't tell us anything. It would greatly increase our expenditures. Thanks anyway."

      And that was the end of it.

      YMMV. All Rights Reserved. Not Available In All States. It helps if your institution has it's own Police, Lawyers, and (an extremely active and effective) department of Journalism. And, it doesn't hurt if it is cheaper (and easier) for you to respond to the summons/subpoena, than it is for the Authority to issue it and deal with the result.

    9. Re:logs? by Anonymous Coward · · Score: 0

      The right people would laugh their ass off...

      Unfortunately the same people are unlikely to hang out on parties...

    10. Re:logs? by Anonymous Coward · · Score: 0

      "Yes, I wanted you to view the... captain's logs." https://www.youtube.com/watch?v=q51kzOJ3Tlc

    11. Re:logs? by bill_mcgonigle · · Score: 1

      Just comply or fight it. Cause you are allowed to fight them. You just have to do so within a certain framework.

      How does this work, then?

      The subpoena said they must appear to testify AND they must provide logs.

      Their lawyer responded, "there are no logs, kthxbye" and Corey is like, "ya, we won!".

      How do they get out of travelling cross-country to be compelled to testify again?

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    12. Re:logs? by Anonymous Coward · · Score: 0

      What use is it for USU to run a Tor exit node if you're going to log everything that goes through it? You're not only able but obviously willing to extract logs on demand. This doesn't seem to help Tor's users, or USU's employees. Why not operate with minimal or no logging, as Boing Boing is doing?

    13. Re:logs? by Krishnoid · · Score: 1

      You just have to do so within a certain framework.

      Perhaps a framework constructed from ... support logs?

    14. Re:logs? by Anonymous Coward · · Score: 0

      What about smelly squishy logs?

    15. Re:logs? by Actually,+I+do+RTFA · · Score: 1

      How do they get out of travelling cross-country to be compelled to testify again?

      The testimony was about the logs. No logs, no testimony.

      Their lawyer responded, "there are no logs, kthxbye"

      No, very importantly, their lawyer said "there are no logs, can we help explain/help more?" and the agent said "oh, kthxbye" You want them to walk away from the conversation first.

      --
      Your ad here. Ask me how!
  3. "Here's a counterexample" by turkeydance · · Score: 1

    Fed asks us for our records, we say we don't have any, fed goes away. Until Tomorrow.

    1. Re: "Here's a counterexample" by Anonymous Coward · · Score: 0, Insightful

      Fed asks us for our records, we say we don't have any, fed goes away. Until Tomorrow.

      Ah yes, the tomorrow where they then make you liable for all dodgy material accessed via the exit node...

      You: I didn't access the kiddie fiddler site
      Feds: prove it, you're responsible for the IP address we've logged as downloading from said site.
      You: Err No logs...oh shit...
      Feds: (with Cheshire cat grins) oh dear, oh dear, oh dear.....

      (feel free to substitute whatever local Law enforcement agency with Feds in the above)

      then it's a case of lawyers at dawn..meanwhile you/your company's computers get seized, etc. etc. etc. and there's a nearby drain just waiting to receive the rapidly spinning corpse of the carefree life you/your company once knew...

    2. Re: "Here's a counterexample" by gl4ss · · Score: 1

      what do you mean tomorrow? that's already the assumption for private ip's.

      the only reason they didn't come busting in and sorting the mess later was that it was a company ip address.

      so yeah, great - not so great if you plan on running a tor exit node from your home network. which might be a bad idea anyways for other reasons as well but hey..

      --
      world was created 5 seconds before this post as it is.
    3. Re: "Here's a counterexample" by Anonymous Coward · · Score: 0

      And it swings the other way too - plausible deniability if you did want to access illegal content because they can't prove it was you and not one of the Tor users.

  4. There's a lot of fantasy in that last line... by He+Who+Has+No+Name · · Score: 4, Interesting

    "Fed asks us for our records, we say we don't have any, fed goes away"

    Normally the response is "Fed finds some way to screw with you until you cry uncle, end up in Club Fed, or both".

    Federal prosecutors don't enjoy a conviction rate higher than the Spanish Inquisition because they're reasonable.

    1. Re:There's a lot of fantasy in that last line... by AHuxley · · Score: 2

      The US gov at a federal level has had a lot of success on onion routing due to its design, years of US funding and popularity.
      If subscriber records at both ends can be presented thats great for parallel construction in open court.
      The "who" is hard to find as a user at first, but working out when, how much data and the entire onion routing path is not hard.
      So watch the first hop, the exit node and :)
      Metadata and time is another key. Watch the user go online and appear on the other end of onion routing.
      A traffic confirmation attack then helps with that drops on the logs..

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re:There's a lot of fantasy in that last line... by Anonymous Coward · · Score: 0

      Yes, but we can typically predict when the Fed will show up. Or at least have an idea that they are on their way.

      The Spanish Inquisition however...Nobody expects the Spanish Inquisition!!!

    3. Re:There's a lot of fantasy in that last line... by Anonymous Coward · · Score: 2, Informative

      Except that in EVERY case where a tor related "takedown" occurred, it only occurred because some aspect of basic operational security was neglected.

      OPSEC fucking matters, above all else.

    4. Re:There's a lot of fantasy in that last line... by Anonymous Coward · · Score: 0

      The enjoy that conviction rate because you're too chickenshit to stand up and fight so you take the plea.
      Which do you want?
      a) a guaranteed felony conviction and a nice fully paid pile of years in federal prison.
      b) a guaranteed felony conviction and slightly fewer years in prison.
      c) freedom now
      When you cop the plea you completely give up and you perpetuate the system.
      Fuck it, grow some BALLS and fight, your odds are quite reasonable given (a) and (b) are effectively the same.

    5. Re:There's a lot of fantasy in that last line... by Anonymous Coward · · Score: 0

      I just got out of the Federal Correctional Institute at Coleman Florida and I assure you, the difference between taking the plea and getting sentenced after a trial is a long way from a "slight" difference in years. Try multiples of 3 and 4, i.e., take the 60 month plea or expect to get 240 months when you lose. I've done time with many people that took that gamble and lost.

    6. Re:There's a lot of fantasy in that last line... by Anonymous Coward · · Score: 0

      Normally the response is "Fed finds some way to screw with you until you cry uncle, end up in Club Fed, or both".

      But in this case the FBI is involved. They don't need actual evidence, they will just whip some up in their "crime lab" and present it as fact.

  5. Re: Onions are for cows by Anonymous Coward · · Score: 0

    I feel sorry for you. :-(

    Do you really think you incovenience anybody other than yourself by sitting on top of a keyboard and type these crap responses all day, everyday?

  6. A service to the community: RTFA by Anonymous Coward · · Score: 0

    Honestly, I'm not sure how helpful it would be to post the text. Things worked out this time; the FBI was given a link to read, and they actually read the link. Yay!

    That doesn't always happen. But hey, I guess it's worth a shot. MOD PARENT UP!

  7. Re: Onions are for cows by ArchieBunker · · Score: 1

    He has more talent than the "editors" who run this site. They can't even figure out how to write a simple filter.

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
  8. Across the world... by Anonymous Coward · · Score: 0

    *pedos everywhere breathe a sigh of relief*

    1. Re:Across the world... by behrooz0az · · Score: 1

      Yes, please do think of the children.

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
  9. While it might make conspiracy nuts sad by Sycraft-fu · · Score: 4, Interesting

    That is actually how it works. The FBI it not, by and large, dumb about investigations. They are arguably one of the best in the business. Part of that is they know that you can't always get the evidence you want. So they'll subpoena records, but so long as you make a good faith effort to comply, they tend to be happy.

    At work (a university) we get FBI subpoenas once and awhile. Quite often it is for shit that we don't have, like someone's e-mail from a long time ago. We look, see if we have a backup, and if not let them know. They are then on their way.

    When people get in trouble is when they try to jam them up or break their own rules. Like if you have a company rule that says you keep all documents of X type for Y years, and they are asking for something that is Y-3 years old, they may well get miffed and go after you if you don't have it. However if you do not retain document type X, and there is no law requiring it, simply letting them know that will make them happy.

    This isn't to say nobody ever gets a bad/vindictive/whatever agent that tries to create problems, but if you were to do a study, I bet you'd find that most of the interactions are very professional and they are perfectly understanding if you don't have the information they want. In the cases where a hissing match started it was because someone had the information and refused (or made it sound like that) or otherwise jammed them up.

    1. Re: While it might make conspiracy nuts sad by Anonymous Coward · · Score: 3, Insightful

      And this, kiddies, is why we don't keep records any longer than we have to. Not keeping them at all is even better.

  10. And if you're not BoingBoing? by SuperBanana · · Score: 2

    It's amazing that Doctorow is so thick as to not understand his privilege.

    The FBI agent probably dropped it as soon as he realized who Boing Boing was.

    Your average home user or small business running a tor exit node is not going to be treated with anywhere near that kind of kindness.

    --
    Please help metamoderate.
    1. Re:And if you're not BoingBoing? by Anonymous Coward · · Score: 4, Interesting

      I have received a scary call from a random police department investigating a case of a guy blackmailing an underage girl for nude pictures, connected with my Tor exit node. I explained to the guy what Tor is, he researched it, they said thanks that's all.

      I immediately contacted the EFF after they called me and they said if anything more came up they'd be happy to help me out. It's not just Doctorow.

    2. Re:And if you're not BoingBoing? by Dutch+Gun · · Score: 2

      Are you kidding me? Hell, I don't know who Boing Boing is. No, seriously, I'd heard the name mentioned once or twice, but I had no idea what it was until I just now took a quick peek at the site. And I still don't know exactly what it is.

      I'd also bet the vast majority of US citizens have never heard of Boing Boing.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    3. Re:And if you're not BoingBoing? by Anonymous Coward · · Score: 1

      Just to be clear, I run a Tor exit off of a dedicated IP, on a dedicated server in a datacenter, with proper reverse DNS and all that, not from my home IP. Doing the latter is just a bad idea.

    4. Re:And if you're not BoingBoing? by Anonymous Coward · · Score: 0

      Well then here's hoping that you GamerGate douchebags ignore his advice when the FBI comes calling for you and it leads you directly to the federal pen as a result. That will be pretty hilarious.

    5. Re: And if you're not BoingBoing? by Anonymous Coward · · Score: 0

      Now now, you need to be realistic about these things. Scalzi is at least twice the opportunistic twat that Doctorow is, thus reducing Doctorow's standing on the totem pole of opportunistic twats to less than the highest order

    6. Re:And if you're not BoingBoing? by tehcyder · · Score: 1

      It's amazing that Doctorow is so thick as to not understand his privilege.

      The FBI agent probably dropped it as soon as he realized who Boing Boing was.

      Your average home user or small business running a tor exit node is not going to be treated with anywhere near that kind of kindness.

      Wouldn't the average agent be more likely to say "what the fuck is boing boing?"

      I mean it gets mentioned on slashdot every now and then, so I know the name and have occasionally followed links to it, but it's not like it's in the Facebook league for universal brand recognition.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    7. Re:And if you're not BoingBoing? by Anonymous Coward · · Score: 0

      You could say the same thing without coming across like a complete cunt. Try it some time.

  11. Re: Onions are for cows by Anonymous Coward · · Score: 0

    You must be new here

  12. This only works for larger companies. by SuricouRaven · · Score: 4, Insightful

    It's not subpoenas that worry node operators. A company gets subpoenas. An individual gets a squad arriving to smash the door down, throw everyone in the house to the floor and confiscate anything with a battery. All done for very good reason: If a suspect had any warning they may use that time to destroy evidence. Still disruptive enough to discourage operating an exit node.

    1. Re:This only works for larger companies. by Anonymous Coward · · Score: 0

      It's not subpoenas that worry node operators. A company gets subpoenas. An individual gets a squad arriving to smash the door down, throw everyone in the house to the floor and confiscate anything with a battery. All done for very good reason: If a suspect had any warning they may use that time to destroy evidence. Still disruptive enough to discourage operating an exit node.

      Your post was another one where I think we need a "+1 Frighting" choice. Tim S.

  13. They realize that... by Anonymous Coward · · Score: 0

    ...the NSA has hooks in the entire Tor network and they could get what they need from them, even that Boing Boing did have the information, the NSA logs it. Who paid to invent Tor? It is a government honeypot.

  14. So naive... by Anonymous Coward · · Score: 0

    > sent a note back to the FBI agent in charge, explaining that the IP address in question was an exit node. The agent actually looked into Tor, realized no logs were available, and cancelled the request.

    This is what he thinks happened. What actually happened was: FBI sent a Post-it to NSA asking can you help out with this uncooperative Tor case? NSA replied: sure, but provide a pickup truck cause there will be a lot of tapes to haul...

  15. Ummm, kinda the opposite by Sycraft-fu · · Score: 2, Insightful

    The reason they have a high conviction rate is because they very rarely go to court frivolously. They go in ready. They are methodical about their evidence collection and they make sure they have someone 100% before they indict. A friend sat on a federal grand jury and he was stunned by the amount of evidence they presented. This was just a grand jury, the standard is much, much lower than trial but it didn't matter, they went in fully prepared all the time.

    That's a good thing. A low conviction rate is not something we want to see in a court because it means either that the prosecutors are incompetent, or that they are abusing the court system and hauling in innocent people just to fuck up their lives. Ideally conviction rate would be 100%: They'd never bring in anyone unless they had iron clad proof of guilt, and they'd never make any mistakes. Of course we don't have that, but we should try to be as close to it as we can.

    A high conviction rate does not imply a kangaroo court that just convicts anyone. Certainly those have high conviction rate, but a well functioning justice system does as well.

    1. Re:Ummm, kinda the opposite by Anonymous Coward · · Score: 1

      .. it helps to have a corrupt/sloppy evidence lab that will return 'helpful' results to use at trial.

      see: http://www.washingtonpost.com/local/crime/fbi-overstated-forensic-hair-matches-in-nearly-all-criminal-trials-for-decades/2015/04/18/39c8d8c6-e515-11e4-b510-962fcfabc310_story.html
      and: https://www.google.ca/search?q=fbi+evidence+lab&rlz=1C1VFKB_enCA652CA652&oq=fbi+evidence+lab#q=fbi+evidence+lab+scandal

    2. Re:Ummm, kinda the opposite by Inoen · · Score: 3, Interesting
      A friend of mine who used to as a prosecutor (in a different country) told they aimed for an 80% conviction rate (ie. conviction in 80% of the cases that went to court).

      If they got less than 80 it would be a sign that they were generally taking cases to court with insufficient evidence. More than 80 meant they were being too cautious.

      That was their reasoning anyway. 100% was explicitly not their aim.

    3. Re: Ummm, kinda the opposite by Anonymous Coward · · Score: 0

      Your logic would only be true if we didn't have this ridiculous concept of plea bargaining that has ruined so many lives.

      If prosecutors had to go to court and convince a jury every time we would have a lot less frivolous prosecutions.

      When you couple our current system with the ridiculous amount of things that are illegal and shouldn't be but for somebody's religious beliefs or to protect some megacorp's profits, you get the raging injustice system we have today.

    4. Re:Ummm, kinda the opposite by Anonymous Coward · · Score: 0

      Of course, that 20% of people who are innocent and whose time was wasted never get reimbursed for the time or stress.

    5. Re:Ummm, kinda the opposite by ImprovOmega · · Score: 1

      Doesn't mean they were innocent, it just means there wasn't *quite* enough evidence to convict them. The standard (in the United States) for criminal prosecution is "beyond a reasonable doubt" which is something like you're 95% sure that they did it. For civil cases it's "based on the preponderance of evidence" which means you're at least 51% sure they did it. See for example OJ Simpson: not guilty criminally, found guilty civilly because of the difference in the burden of proof. So an 80% conviction rate is pretty reasonable and probably means most of those 20% were actually guilty it just wasn't totally provable.

    6. Re:Ummm, kinda the opposite by DaHat · · Score: 1

      Innocent isn't the same thing as not guilty.

      --
      Help Brendan pay off his student loans
    7. Re:Ummm, kinda the opposite by Anonymous Coward · · Score: 0

      Wrong. They're innocent until proven guilty.

    8. Re:Ummm, kinda the opposite by david_thornley · · Score: 1

      There are two applicable definitions of "innocent" here: didn't commit the crime, and can't be proven to have committed the crime. You're mixing them up.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  16. Re:Boing Boing Sucks by nickweller · · Score: 1

    @brit74 : "why does your website censor people who argue against your pro-piracy ideas?"

    Do you have any citations or links to what you are referring to?

  17. Not buying it by ThatsNotPudding · · Score: 1

    This same system you praise hounded and drove Aaron Swartz to suicide for the high crime of... downloading publicly-funded research.

    1. Re:Not buying it by david_thornley · · Score: 1

      Swartz was not in fact innocent. He covertly used another institution's connections in a way that harmed people, due to his high access rate. I'd have a much higher opinion of him if he'd put as much thought and energy into not harming people as he did to not being caught. The fact that he was doing something he considered right doesn't absolve him of that; morally, it's on a par with making a human chain around an abortion clinic because you think abortion is murder.

      Moreover, he wasn't the first person to face piled-on charges and the option to plead guilty and get out of prison in a few months. Many people have been in that position and haven't killed themselves. It's regrettable that he committed suicide, but that's more a matter of his personal demons than the legal system.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  18. and custom license plate GUILTY by raymorris · · Score: 1

    > Most of the times your read about the feds jumping up and down on someone, it's when they decided to be "clever" or belligerent, or similar. Nothing is more likely to get a good response than a calm, respectful response.

    So true. Most of the time. Of course there are exceptions.
    Also, getting a custom license plate that says GUILTY probably doesn't help.

    1. Re:and custom license plate GUILTY by xrayspx · · Score: 1

      BoingBoing's publisher actually has evidence to the contrary:
      His license plate is "DRUNK"

      If your position is that use of Tor is circumstantial evidence that you're trying to evade the law or do something otherwise "shady", I don't think that's a valid assumption.

      --
      I like music
    2. Re:and custom license plate GUILTY by raymorris · · Score: 1

      No, it was a Kim Dotcom reference. He got the GUILTY license plate. That and similar "rub their nose it" actions didn't help his relationship with law enforcement and the courts.

      I WAS not saying that using Tor indicates that one might be doing something shady, but I'll say it now. People using the internet in the clear, not using Tor , are doing something shady maybe 1% of the time. On Tor, maybe 80% of the traffic is shady. So arithmetic tells us that Tor traffic is 80 times more likely to be shady than non-Tor traffic.

      Which is why if I were the NSA, FBI, or ONI, I'd run most of the Tor nodes or otherwise ensure that I could map all Tor traffic. That's the fundamental weakness of Tor - it protects against ONE node spying on you, by assuming that MOST nodes are friendly.

      If I were a bad guy, I'd stay far away from Tor and instead send coded messages via Facebook, Youtube, or some other channel in which 99.99% of the bytes are completely uninteresting, cat videos and such. It's easy to hide 128 bytes of coded message when it's buried within 1,000,000,000,000,000,000,000,000 bytes of inanity. "Hiding " your shady dealings in a pile of shady, illegal stuff that the feds want to look at seems like a less optimal strategy.

    3. Re:and custom license plate GUILTY by xrayspx · · Score: 1

      Hah, no shit? I think Kim Dotcom should start a business with Mark Cuban and John Malone, just to see what would happen.

      /the more you know...

      --
      I like music
  19. Re: Onions are for cows by xonen · · Score: 1

    So Occam's razor says he is an editor.

    --
    A glitch a day keeps the bugs away.
  20. Re: Onions are for cows by Anonymous Coward · · Score: 0

    it could be worse, it could be APK with his host file shilling spam, or Bennet with a long winded rant.

  21. Has nobody watched The Wire? by mykro76 · · Score: 1

    All this means is that the Feds can now go to a judge and say "normal investigative methods have failed, we need a wiretap on Cory Doctorow's phone".

  22. Don't log or track too much in general by uniquegeek · · Score: 2

    Are we capable of logging information at our workplace that would give concrete answers about some legal issues that could arise? Yes.
    Do we do it? Oh, hell no.

    We log some stuff, but we're careful not to do too much as we don't want to be accused as being "responsible" for the behaviour of some idiot or jerk because "we should have known what was happening".

    A desire to nail someone for being naughty could be one of your own undoing.