Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Boing Boing Handled an FBI Subpoena Over Its Tor Exit Node

Posted by Soulskill on from the very-carefully dept.

An anonymous reader writes: Cory Doctorow has posted an account of what happened when tech culture blog Boing Boing got a federal subpoena over the Tor exit node the site had been running for years. They received the subpoena in June, and the FBI demanded all logs relating to the exit node: specifically, "subscriber records" and "user information" for everybody associated with the exit node's IP address. They were also asked to testify before a federal grand jury. While they were nervous at first, the story has a happy ending. Their lawyer sent a note back to the FBI agent in charge, explaining that the IP address in question was an exit node. The agent actually looked into Tor, realized no logs were available, and cancelled the request. Doctorow considers this encouraging for anyone who's thinking about opening a new exit node: "I'm not saying that everyone who gets a federal subpoena for running a Tor exit node will have this outcome, but the only Tor legal stories that rise to the public's attention are the horrific ones. Here's a counterexample: Fed asks us for our records, we say we don't have any, fed goes away."

5 of 104 comments (clear)

  1. Re:A service to the community: release the text by Anonymous Coward · · Score: 5, Informative

    From the article, literally the first link in the summary:

    Special Agent XXXXXX.

    I represent Boing Boing. I just received a Grand Jury Subpoena to Boing Boing dated June 12, 2015 (see attached).

    The Subpoena requests subscriber records and user information related to an IP address. The IP address you cite is a TOR exit node hosted by Boing Boing (please see: http://tor-exit.boingboing.net/). As such, Boing Boing does not have any subscriber records, user information, or any records at all related to the use of that IP address at that time, and thus cannot produce any responsive records.

    I would be happy to discuss this further with you if you have any questions.

  2. Re:A service to the community: release the text by quantaman · · Score: 4, Informative

    I think it would be a great service to the Tor community to release the text of what Boing Boing sent to the FBI as a shining example of how to handle such requests. It may need to be specifically tailored to the sender, but something to go off of might be of benefit to folks running a node who don't have the funds to see legal help outside of /r/legaladvice.

    From the article:

      We contacted our lawyer, the hard-fightin' cyber-lawyer Lauren Gelman, and she cooled us out. She sent the agent this note:

    Special Agent XXXXXX.

            I represent Boing Boing. I just received a Grand Jury Subpoena to Boing Boing dated June 12, 2015 (see attached).

            The Subpoena requests subscriber records and user information related to an IP address. The IP address you cite is a TOR exit node hosted by Boing Boing (please see: http://tor-exit.boingboing.net...). As such, Boing Boing does not have any subscriber records, user information, or any records at all related to the use of that IP address at that time, and thus cannot produce any responsive records.

            I would be happy to discuss this further with you if you have any questions.

    And that was it.

    --
    I stole this Sig
  3. Re:logs? by Actually,+I+do+RTFA · · Score: 4, Informative

    would be funny if they sent them literal wood logs

    This is the kind of "clever" response that gets contempt charges.

    When dealing with a subpena, don't be clever. Don't be witty. Don't be funny. Don't ignore it (like lavalbit did). Just comply or fight it. Cause you are allowed to fight them. You just have to do so within a certain framework.

    --
    Your ad here. Ask me how!
  4. Re:There's a lot of fantasy in that last line... by Anonymous Coward · · Score: 2, Informative

    Except that in EVERY case where a tor related "takedown" occurred, it only occurred because some aspect of basic operational security was neglected.

    OPSEC fucking matters, above all else.

  5. Re:logs? by dweller_below · · Score: 4, Informative
    Actually, we got the same response when we offered to send the actual logs.

    A very similar thing happened to USU. We received a summons from Homeland/ICE to produce 3 months of records (plus identifying info) for an IP that was one of our TOR exit nodes.

    I eventually managed to contact the Special Agent in charge of the investigation. He turned out to be a reasonable person. I explained that the requested info was for an extremely active TOR exit node. I said that we had extracted and filtered the requested data, it was 90 4 gig files (for a total of 360 gigs of log files) or about 3.2 billion log entries. I asked him how he wanted us to send the info. He replied that all he needed to know was that it was a TOR exit node. I then asked again if he wanted the data. He said something like: "Oh God no! Somebody would have to examine it. It won't tell us anything. It would greatly increase our expenditures. Thanks anyway."

    And that was the end of it.

    YMMV. All Rights Reserved. Not Available In All States. It helps if your institution has it's own Police, Lawyers, and (an extremely active and effective) department of Journalism. And, it doesn't hurt if it is cheaper (and easier) for you to respond to the summons/subpoena, than it is for the Authority to issue it and deal with the result.