Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Boing Boing Handled an FBI Subpoena Over Its Tor Exit Node

Posted by Soulskill on from the very-carefully dept.

An anonymous reader writes: Cory Doctorow has posted an account of what happened when tech culture blog Boing Boing got a federal subpoena over the Tor exit node the site had been running for years. They received the subpoena in June, and the FBI demanded all logs relating to the exit node: specifically, "subscriber records" and "user information" for everybody associated with the exit node's IP address. They were also asked to testify before a federal grand jury. While they were nervous at first, the story has a happy ending. Their lawyer sent a note back to the FBI agent in charge, explaining that the IP address in question was an exit node. The agent actually looked into Tor, realized no logs were available, and cancelled the request. Doctorow considers this encouraging for anyone who's thinking about opening a new exit node: "I'm not saying that everyone who gets a federal subpoena for running a Tor exit node will have this outcome, but the only Tor legal stories that rise to the public's attention are the horrific ones. Here's a counterexample: Fed asks us for our records, we say we don't have any, fed goes away."

6 of 104 comments (clear)

  1. Re: "Here's a counterexample" by Anonymous Coward · · Score: 0, Insightful

    Fed asks us for our records, we say we don't have any, fed goes away. Until Tomorrow.

    Ah yes, the tomorrow where they then make you liable for all dodgy material accessed via the exit node...

    You: I didn't access the kiddie fiddler site
    Feds: prove it, you're responsible for the IP address we've logged as downloading from said site.
    You: Err No logs...oh shit...
    Feds: (with Cheshire cat grins) oh dear, oh dear, oh dear.....

    (feel free to substitute whatever local Law enforcement agency with Feds in the above)

    then it's a case of lawyers at dawn..meanwhile you/your company's computers get seized, etc. etc. etc. and there's a nearby drain just waiting to receive the rapidly spinning corpse of the carefree life you/your company once knew...

  2. Re:A service to the community: release the text by tlhIngan · · Score: 3, Insightful

    Note the FBI asked for logs and stuff - they were assuming the IP address in question was loaned out - either they were an ISP, or maybe a VPN provider, or some other thing.

    Presumably Boing Boing owns enough IP addresses that they can dedicate it just for TOR exit nodes. And nothing else - I mean, if they had a webserver on it, they presumably they would have logs to hand over.

    If it was you or I with a leaf connection to our ISP, then most likely things will not be so easy - since they will go after the ISP, who will happily give up your information. Unless of course, you decide you want to give Comcast more money and buy a connection just to run Tor on.

    So the trick may work in the limited case where yes, it's a dedicated Tor exit node and not used for anything else. But if there's a chance it was used for personal reason or there were logs for some other service, then maybe things won't be so good.

  3. This only works for larger companies. by SuricouRaven · · Score: 4, Insightful

    It's not subpoenas that worry node operators. A company gets subpoenas. An individual gets a squad arriving to smash the door down, throw everyone in the house to the floor and confiscate anything with a battery. All done for very good reason: If a suspect had any warning they may use that time to destroy evidence. Still disruptive enough to discourage operating an exit node.

  4. Ummm, kinda the opposite by Sycraft-fu · · Score: 2, Insightful

    The reason they have a high conviction rate is because they very rarely go to court frivolously. They go in ready. They are methodical about their evidence collection and they make sure they have someone 100% before they indict. A friend sat on a federal grand jury and he was stunned by the amount of evidence they presented. This was just a grand jury, the standard is much, much lower than trial but it didn't matter, they went in fully prepared all the time.

    That's a good thing. A low conviction rate is not something we want to see in a court because it means either that the prosecutors are incompetent, or that they are abusing the court system and hauling in innocent people just to fuck up their lives. Ideally conviction rate would be 100%: They'd never bring in anyone unless they had iron clad proof of guilt, and they'd never make any mistakes. Of course we don't have that, but we should try to be as close to it as we can.

    A high conviction rate does not imply a kangaroo court that just convicts anyone. Certainly those have high conviction rate, but a well functioning justice system does as well.

  5. Re: While it might make conspiracy nuts sad by Anonymous Coward · · Score: 3, Insightful

    And this, kiddies, is why we don't keep records any longer than we have to. Not keeping them at all is even better.

  6. Re:A service to the community: release the text by Anon-Admin · · Score: 4, Insightful

    Not true, I ran an anonymous service for years. (Long before TOR became popular)

    I was visited by the FBI and Secret Service. I was also served warrants and subpoenas.

    The truth is, there is no law requiring that you track users or maintain logs of user activity. (In the USA)

    If you respond politely that let them know that it is part of an anon service and there are no logs available, they normally drop the request.