Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Boing Boing Handled an FBI Subpoena Over Its Tor Exit Node

Posted by Soulskill on from the very-carefully dept.

An anonymous reader writes: Cory Doctorow has posted an account of what happened when tech culture blog Boing Boing got a federal subpoena over the Tor exit node the site had been running for years. They received the subpoena in June, and the FBI demanded all logs relating to the exit node: specifically, "subscriber records" and "user information" for everybody associated with the exit node's IP address. They were also asked to testify before a federal grand jury. While they were nervous at first, the story has a happy ending. Their lawyer sent a note back to the FBI agent in charge, explaining that the IP address in question was an exit node. The agent actually looked into Tor, realized no logs were available, and cancelled the request. Doctorow considers this encouraging for anyone who's thinking about opening a new exit node: "I'm not saying that everyone who gets a federal subpoena for running a Tor exit node will have this outcome, but the only Tor legal stories that rise to the public's attention are the horrific ones. Here's a counterexample: Fed asks us for our records, we say we don't have any, fed goes away."

6 of 104 comments (clear)

  1. A service to the community: release the text by Rinisari · · Score: 2, Interesting

    I think it would be a great service to the Tor community to release the text of what Boing Boing sent to the FBI as a shining example of how to handle such requests. It may need to be specifically tailored to the sender, but something to go off of might be of benefit to folks running a node who don't have the funds to see legal help outside of /r/legaladvice.

    --
    Colin Dean Go a year without DRM
    1. Re:A service to the community: release the text by hairyfeet · · Score: 1, Interesting

      I don't think it would matter as they were a corp with money and you are most likely not. Like it or not according to a friend who works at the state crime lab running something like a Tor exit node or Freenet and you can be charged with child porn distribution whether you ever had access to the offending material or not.

      The way it was explained to me was like this.."imagine I give you a safe to carry to the next town. this safe is locked, you have NO way to access this safe or know the contents. Now the cops pull you over, break open the safe and find CP. The ways the laws are currently written you are guilty of distribution even though you had no way of accessing or knowing because you chose to carry the safe no different than how you chose to run Freenet or Tor".

      Now is this wrong and fucked up? Sure it is but the way the CP laws are written you WILL be looking at a couple years of court, costing tens to hundreds of thousands, and of course you'll have your reputation destroyed, probably lose your job, and will most likely never see any of your electronic equipment ever again. If you don't believe this just look at guys getting their lives destroyed over a virus infected computer which any Geek Squad could have detected in 5 minutes or less. What is more you can go to Wikileaks and look up "confessions of a child pornographer" and read that he BRAGS about this exact attack, which he does because he thinks its "funny" and leaves cops chasing innocents instead of his customers. What does the prosecutor say when shown the evidence " He infected his PC on purpose as an excuse" showing the cops do not give a single flying fuck whether they get the right person or not, just that they get somebody. The reason why is simple, prosecutors wanna be governor some day and by showing you are "tough on perverts" you can get votes, no reporter ever checks to see if those busts were actually legit or not.

      So I would strongly think twice if you use this software and ask yourself "can I afford a couple years of my life gone in court, and the risk of decades in prison? Is there anybody that counts on me for income?" because thanks to the fucked up red scare vague as fuck laws we have in the US when it comes to CP that is what you are risking by running this software.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  2. There's a lot of fantasy in that last line... by He+Who+Has+No+Name · · Score: 4, Interesting

    "Fed asks us for our records, we say we don't have any, fed goes away"

    Normally the response is "Fed finds some way to screw with you until you cry uncle, end up in Club Fed, or both".

    Federal prosecutors don't enjoy a conviction rate higher than the Spanish Inquisition because they're reasonable.

  3. While it might make conspiracy nuts sad by Sycraft-fu · · Score: 4, Interesting

    That is actually how it works. The FBI it not, by and large, dumb about investigations. They are arguably one of the best in the business. Part of that is they know that you can't always get the evidence you want. So they'll subpoena records, but so long as you make a good faith effort to comply, they tend to be happy.

    At work (a university) we get FBI subpoenas once and awhile. Quite often it is for shit that we don't have, like someone's e-mail from a long time ago. We look, see if we have a backup, and if not let them know. They are then on their way.

    When people get in trouble is when they try to jam them up or break their own rules. Like if you have a company rule that says you keep all documents of X type for Y years, and they are asking for something that is Y-3 years old, they may well get miffed and go after you if you don't have it. However if you do not retain document type X, and there is no law requiring it, simply letting them know that will make them happy.

    This isn't to say nobody ever gets a bad/vindictive/whatever agent that tries to create problems, but if you were to do a study, I bet you'd find that most of the interactions are very professional and they are perfectly understanding if you don't have the information they want. In the cases where a hissing match started it was because someone had the information and refused (or made it sound like that) or otherwise jammed them up.

  4. Re:And if you're not BoingBoing? by Anonymous Coward · · Score: 4, Interesting

    I have received a scary call from a random police department investigating a case of a guy blackmailing an underage girl for nude pictures, connected with my Tor exit node. I explained to the guy what Tor is, he researched it, they said thanks that's all.

    I immediately contacted the EFF after they called me and they said if anything more came up they'd be happy to help me out. It's not just Doctorow.

  5. Re:Ummm, kinda the opposite by Inoen · · Score: 3, Interesting
    A friend of mine who used to as a prosecutor (in a different country) told they aimed for an 80% conviction rate (ie. conviction in 80% of the cases that went to court).

    If they got less than 80 it would be a sign that they were generally taking cases to court with insufficient evidence. More than 80 meant they were being too cautious.

    That was their reasoning anyway. 100% was explicitly not their aim.