Slashdot Mirror
Cops Are Raiding Homes of Innocent People Based Only On IP Addresses (fusion.net)
Kashmir Hill has a fascinating story today on what can go wrong when you solely rely on IP address in a crime investigation -- also highlighting how often police resort to IP addresses. In the story she follows a crime investigation that led police to raid a couple's house at 6am in the morning, because their IP address had been associated with the publication of child porn on notorious 4chan porn. The problem was, Hill writes: the couple -- David Robinson and Jan Bultmann -- weren't the ones who had uploaded the child porn. All they did was voluntarily use one of their old laptops as a Tor exit relay, a software used by activists, dissidents, privacy enthusiasts as well as criminals, so that people who want to stay anonymous when surfing the web could do so. Hill writes: Robinson and Bultmann had [...] specifically operated the riskiest node in the chain: the exit relay which provides the IP address ultimately associated with a user's activity. In this case, someone used Tor to make the porn post, and his or her traffic had been routed through the computer in Robinson and Bultmann's house. The couple wasn't pleased to have helped someone post child porn to the internet, but that's the thing about privacy-protective tools: They're going to be used for good and bad purposes, and to support one, you might have to support the other.Robinson added that he was a little let down because police didn't bother to look at the public list which details the IP addresses associated with Tor exit relays. Hill adds: The police asked Robinson to unlock one MacBook Air, and then seemed satisfied these weren't the criminals they were looking for and left. But months later, the case remains open with Robinson and Bultmann's names on police documents linking them to child pornography. "I haven't run an exit relay since. The police told me they'd be back if it happened again," Robinson said; he's still running a Tor node, just not the end point anymore. "I have to take the threat seriously because I don't want my wife or I to wake up with guns in our faces."Technologist Seth Schoen, and EFF Executive Director Cindy Cohn in a white paper aimed at courts and cops. "For many reasons, connecting an individual to a crime linked to an IP address, without any additional investigation, is irresponsible and threatens the civil liberties of innocent people."
"The police told me they'd be back if it happened again." For what crime? Is it normal for police in Canada to threaten to invade an innocent couple's home for doing something legal?
It's /. so here we go. If you let anyone use your car, no questions asked, then you wouldn't be surprised if the cops traced the plates back to your house when it was used in a crime.
You can't trust what the public will do with such a capability as an anonymizing onion router, so therefore running a Tor exit note is a ticket to having big legal problems, never mind the guns in your face. I wouldn't do it if my life depended on it. I have a wife and kids...
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Breaking news : Cops raid refrigerator for uploading porn .
It's probably not a good idea to use Tor anymore. There was a time when it was very useful, especially as a tool for journalists and dissidents ETC.
My main use for it was as a remote testing platform. Which it excelled at. Heck- I even wrote a small section of the Tor website regarding Tor's use by IT professionals.
Now... there's so much scrutiny on the system that your presence there basically gets you tagged as "suspicious".
My decision to stop using Tor was based on the apparent numbers of pedophiles that were hiding on the darknet. In an effort to not be confused with "them"- I stopped using it.
YMMV- it's a risky proposition. If you've ever run an exit node (not me!!) you are a potential target for misguided law enforcement. Plus the fact you may be unwittingly be aiding illegal activity as a middle man node.
Not for me. Make sure you understand what you are doing if you participate.
Another consultant who stuck it out.
"We are the Priests, of the Temples of Syrinx..."
Makes sense, so long as you're also willing to charge every employee of every telecom company as being accessories to terrorism or child porn distribution.
That's the problem with Tor: Most people aren't brave enough (and, rightfully so) to operate an exit node because of the law enforcement repercussions. So, the only people that can operate exit nodes without repercussions is law enforcement. Which defeats the purpose of Tor.
Could smart criminals just also run a Tor exit node, and just use it to blame anything that they get caught on?
It's one thing for libraries and nonprofits to operate them, but as a private citizen running one? Your misguided attempt to help some people will almost certainly end up badly for you because of bad people using that goodwill to do bad things.
To be perfectly honest, reading the linked story I was quite surprised the end result of the police visit was as positive as it was. I fully expected the cops to not know or care what Tor was and just round everyone and everything up and let the courts deal with it, which has happened several other times. Which again reinforces my point that there are precedents that show running a Tor exit node is just bad news and if you are still doing it, you're playing with fire.
why do we continue to call this "PORN" and not just child exploitation/crime/abuse.
Running a Tor node doesn't mean your intentionally concealing illegal activity. You're aware that political dissidents in other countries, and abuse victims, and others use Tor for perfectly legal purposes, right?
Can a jury look at CP? You own legal team? expert witness?
In a case what if some takes it to court (does not take the plea deal) and demands an jury trail?
What you legal needs the logs / system to prove that it was not from your systems? If they try to say they give that out then they in possession of CP.
As an ISP you're already required to report address allocation information to the regional registry who makes the associations publicly available. The police know whether they're looking for ISP staff or a customer when they show up at the door because as an ISP you published enough information for them to make that determination.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
As an ISP you're already required to report address allocation information to the regional registry who makes the associations publicly available. The police know whether they're looking for ISP staff or a customer when they show up at the door because as an ISP you published enough information for them to make that determination.
What does any of that have to do with police abuse against people doing nothing illegal?
10% of all Tor traffic is used by such people. The rest are people engaged in some degree or another of crime. (Unfortunately, I can't find the citation.)
"I don't know, therefore Aliens" Wafflebox1
The main difference is that the telecom company isn't helping hide the criminal's point of origin.
Sure they are. They provide cellular service to "burner phones" that can be bought with cash and without ID. I see no ethical difference between that and running a Tor node: both are providing a means for somebody to obscure their identity, which can be used for both good and evil.
Actually, that's NOT "perfectly legal". Improper storage of firearms is a misdemeanor or equivalent in most places.
Because its not much different than letting some guy use your garage to store things, but he doesn't tell you its drugs. Its legal for you to let him use your garage, but you are going to have your house seized none the less.
Nothing - are you aware of which thread you're posting on? Hint: You're the one posting off-topic.
Not at all. An ISP that operates according to regulations is no more legal than running a Tor exit node is. So talking about all the things an ISP has to do to act in accordance with the law is irrelevant.
Poor analogy. Tor exit nodes don't store anything. It's a relay that people use in order to obscure the place they came from.
Here's a better analogy. Imagine if a wanted criminal ran inside an open-door city shop in order to dodge the police, and the police then charged the shop owners as an accessory to evading law enforcement.
Just like how a public storage facility lets random people store things?
A lot of countries are cracking down on burner phones. I don't know the regulations where I'm at now (Canada) but I know in Spain, I could not purchase a SIM card without showing my passport.
Could smart criminals just also run a Tor exit node, and just use it to blame anything that they get caught on?
A Tor exit node is just a tool used to obscure your location. Nothing more. So let's rephrase your question as such:
"Could smart criminals just tape over their house numbers, and just use it to blame anything that they get caught on?"
Uh... no...
A Tor exit node is the last "hop" or "layer" before data exits the encrypted tor network.
So let's rephrase the parent's question as such:
"Could smart criminals just operate a package exporting company and just blame other people when they get caught for exporting contraband?"
The answer is yes.
Here's a real-world example from just this week. I'm a moderator on a site on the StackExchange network. We had a problem user who was posting a bunch of stuff the community didn't want posted (consistently badly moderated). What I'm supposed to do in this circumstance is point said user to our instructions for writing acceptable posts. However, such users often are just sock-puppet accounts for someone who's already been suspended. If that's the case, I'm supposed to take more drastic action.
SE has a (community-mod only) link for this, that shows you the user's IP, and all user accounts that have used that user's same IP. I click on this, and discover that he happens to share an IP with one of our better users. Not only is the writing style completely different (writing style is practically a fingerprint), but this user has in fact voted to close all but one post the problem user has ever made.
I talked to the "good" user about this, and he confirmed that his work access point is shared by a very large number of other people.
Just this week we got another new problem user. Again, totally different style than the other two users mentioned above, but also same IP.
As an investigative tool, IP address is useful, but only as a piece of evidence. I'd place it somewhere down with blood-type (perhaps like sharing an uncommon blood type like AB), rather than up in the realm of fingerprints.
The point is that the IP address would be registered to an end user and the police already know who is at the final end point before conducting a raid. The ISP would be subpoenaed for subscriber info first, not get woken up at 6am with a raid. Nothing at all to do with legal regulations.
Yes, like, three of them. The ratio of good vs bad going through Tor routers is abysmal.
The telecoms are responsible for providing a point of origin (account).
And they did.
How do we know they did? Because the cops showed up at the physical address linkable via their records to the IP address.
I had a sucky sig.
The Police Investigated.
were they arrested and sent to prison?
They involved themselves in some thing risky.
The use of the word innocent here is an after the fact determination.
In other news if you lend someone you car and they use it in a crime, the police will also be knocking at your door.
Indeed. The rule of thumb to figure out whether to use "me" or "I" is to try the plural.
If you'd say "us", use "me". If you'd say "we", use "I".
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
is no one going to talk about the line "child porn on notorious 4chan porn."?
Lame analogy.
Try you lend someone your phone and they use it to make a bomb threat.
Or Lend Someone your smart phone and they use it to watch child porn.
That sounds like a good idea up until the point where you expect people to return it......And that no children will happen upon it and assume it's a toy because none has ever explained to them that guns are dangerous.
Otherwise yeah great idea especially in areas with lots of snakes and/or other deadly pests.
Minimum threshold fixed. Thanks!
What penalty have they undergone for this "doing nothing illegal" you speak of? An open case file that has their names in it? So what? They effectively "laundered" data by running the node. Think of it as noble as you want, but in this case, it allowed someone to do something nasty, and yes, since it flowed through them, they're damn well going to get some attention from anyone trying to trace it back.
I bet shiny money that they were violating their ISP's TOS/EULA by running ANY kind of server, let alone a Tor exit node.
Would you be equally . upset or surprised if you opened your home to an unknown party that ended up being a serial killer and then were contacted by the police a few weeks later because they figured out he was sleeping there regularly for a short time that coincided with the murders?
I had a sucky sig.
What does any of that have to do with police abuse against people doing nothing illegal?
Police are responsible for **investigating** crimes. Sometimes this means surprising people so that evidence can not be destroyed. From the summary it seems that the the residents told the police they operate a TOR exit node, the police looked at a laptop and left. The resident is a bit naive thinking that being on a public list of TOR exit nodes should have made the search unnecessary. Being on that list does not indicate that the resident is not the uploader the police are looking for, just that they are unlikely to be that person but it still needs to be **investigated** to rule them out. That what a lot of **investigation** is, ruling innocent people out as suspects.
Poor analogy. Tor exit nodes don't store anything. It's a relay that people use in order to obscure the place they came from.
Here's a better analogy. Imagine if a wanted criminal ran inside an open-door city shop in order to dodge the police, and the police then charged the shop owners as an accessory to evading law enforcement.
Poor analogy. Here is a better analogy.
Imagine if a wanted criminal ran inside an open-door city shop in order to dodge the police, and the police questioned the shop owners to confirm that they were the shop owners and not the criminal.
Could smart criminals just also run a Tor exit node, and just use it to blame anything that they get caught on?
Only if the police were dumb enough to look at a list of Tor exit nodes, find the IP there, and decide not to investigate the owner of that IP.
This reminds me of a late-90s first-dotcom-boom service that was planned to be like Napster, for long-distance phone calls. The general idea was that you'd run a server program on your pc that made your winmodem and phone line available for others to use for making phone calls that were long-distance for them (over the internet), but local and free for you.
It was a great idea, until assholes started using it to make anonymous bomb threats using other people's phone numbers. I think the service lasted for maybe 2 months before it shut down.
You should use Tor — and other systems intended to enhance privacy — just to keep it legal to use them. Rights not exercised are rights lost. This is also why you should be able to burn somebody's Holy Book every once in a while, refuse police' request to search your car, and carry (or, at least, own) a firearm.
Yep, that may very well have been the objective (even if secondary): let's go, guys, either we bust the porn-peddler this morning, or, at least, put the fear of God into these proxy-running hippies.
In Soviet Washington the swamp drains you.
Cops do this because people are usually home and aren't prepared to defend themselves at that time. Doing it at 9pm on a Friday would be a bad idea - you'd probably either be out, or alternatively already 3 or 4 beers in and more likely to fight back in some fashion.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Perhaps the solution is as simple as letting all police departments operate Tor exit nodes. Then they can investigate each other when child porn is posted.
Not really. It's really only necessary when the address block will be dual homed. So that's going to be a class C or larger, certainly not a single IP allocated by DHCP.
For smaller blocks (but still more than a single IP), an upstream MAY wish to register it so abuse complaints will be routed to that customer rather than to them.
Go ahead and do a whois on your current IP address at home.
They got off lightly this time. This could easily have ended with their door being smashed down at three in the morning and everything with a memory chip in confiscated - to be eventually returned when the investigation is complete, a year and a half later.
How can such a thing possibly be measured? I imagine there are a fair number of people in oppressive countries who use it just to read a few news sites and access Facebook. Very low-level dissidents.
Last year this happened to me! I had run misc. anonymous networks at home to understand the concepts better (I ran a TOR exit node for about 2 months/ Alongside I2P); and for my own development process(es).. FBI came along with the local police to take every piece of electronic device I owned.. along with all my code that I had been working on for years. I also lost my job (doing telework) of 5 + years because my work laptop was taken also..and the FBI had to contact my work (at a well known bank) for them to decrypt the laptop.. I was let go a few days afterwards without reason and my neighbors never talk to me now . This really fu*ked up my life for about a year, just getting back on track now. Its absolute bullshit ! Its been about a year now and have yet to get back any of my property (not that Id use it); but its really screwed up how they can manipulate the courts by tossing around the "child porn" verbiage when they really have no evidence otherwise. Where did that leave me?? FUC*ED..thats where...ha My lawyers advised against any attempt to retaliate against the FBI. Im really curious if anyone else out there is working on any sort of group legal action to be taken up with the FBI about this... we are citizens and should not be treated this way. Hell, no one should be presumed to be doing something illegal just because they are using anonymous networks .
Running an exit node might provide plausibly deniability in court though.
...to suppress the use of TOR and it's ever growing list of alternatives. I'm surprised they didn't break heads and steal their equipment while they were at it.
Please do not read this sig. Thank you.
I don't know how such a thing could be measured.
I don't know about a jury, but I know a cop who dealt with "cybercrime" which included this. From what I gather, it's pretty much (a hated part of) his job to comb through a seized machine looking for the evidence, whatever form that may take.
Pay-as-you-go SIMs can be bought at pretty much any gas station, 7-11, Mac's, Koodo, Fido, or Virgin booth with cash, without showing ID. Some of them require you to fill in an online form to activate the SIM, but you can put any info in there you want, and "payment" is done using the code on the receipt instead of credit card.
Just went through this process to get a Koodo SIM for friends visiting from Australia. No ID required, no paper trail created.
No regulation on this up here (Canada) that I can see.
But if that cop can look at it then your defense team better have the same rights and if not you must acquit
They all get executed?
Or, imagine that you're in football field, full of libraries of Congress.
Think of the people who receive/re-ship stolen merchandise that were most likely purchased with stolen credit cards. Can they really argue, that they are just performing a service like a mailboxes etc, and not committing a crime?
(If at first you don't succeed, do it different next time!)
A nice improvement would be doing away with the "guns in your face" part. Even if this couple had been the perps that the cops were looking for, what part of of "posting child porn" necessitates an early morning armed raid? Do cops not know how to interact with the public at all anymore besides by kicking down doors and shooting their pets?
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
The ratio of good to bad Anonymous Coward posts is abysmal too, yet we still allow you to speak here.
Good-bye
As an ISP you're already required to report address allocation information to the regional registry who makes the associations publicly available. The police know whether they're looking for ISP staff or a customer when they show up at the door because as an ISP you published enough information for them to make that determination.
What does any of that have to do with police abuse against people doing nothing illegal?
They aren't going to jail. But if you run something that makes it difficult to tell whether you or just someone that you're proxying is the source of illegal content, you'll just have to accept that you're going to be an initial suspect in police investigations. That's kindof a part of the "route all information, even illegal traffic, through my network" decision that is running a Tor exit node.
Your grammar is outdated:
https://smile.amazon.com/Sense...
Tor exit node = child sex offender.
and they can slap down some accessory to crime as well on you as you are helping people do stuff on the tor network by running an exit node.
Seriously, I am surprised they didn't get on the sex offenders registry. There seems to be a push to get as many people on it as possible, so people peeing behind a dumpster at 2am on the way back from a bar get put on the registry etc.
In the free world the media isn't government run; the government is media run.
Makes sense, so long as you're also willing to charge every employee of every telecom company as being accessories to terrorism or child porn distribution.
Well yes, every potential sex offender should go on the registry. Obviously thats the end game here.
In the free world the media isn't government run; the government is media run.
It doesn't make sense, smart criminals wouldn't attract the police, they would just use tor, there is no gain in running an exit node.
If the couple in question didn't unlock their notebook to prove their innocence they would face a legal battle to get it back from the State.
In the same situation, the criminal would lose his electronics and keep praying for the statute of limitations to go faster than the technology to unlock computers (or an image of his HD) with current cryptography.
police seems to be acting like tor itself did.
tor's less than transparent investigations of its employees assumed guilt before any convictions based on allegations.
Being raided at 6 A.M. probably wasn't very fun.
As for ISP policy, that depends. They may well have had a business account.
They're allowing encrypted traffic to traverse their network. How's that any different than folks hosting a Tor exit node?
The real question here is, how did the police discover this IP address was associated with CP? As I understand it, and maybe I'm wrong, but if you're finding CP that came from the Tor network, then you know that the exit node that the offending data came out of wouldn't have been the source. How would a warrant have been granted based on such loose evidence? I mean, this type of situation should be happening more often, no? Seems like every Tor exit node would be raided at some point, because Tor is used for so much illegal activity.
Following the same set of logic exhibited here, UPS and FedEX should be raided every 3 hours.
Politics; n. : A religion whereby man is god.
Don't a lot of libraries run Tor exit nodes?
Makes sense, so long as you're also willing to charge every employee of every telecom company as being accessories to terrorism or child porn distribution.
Well yes, every potential sex offender should go on the registry. Obviously thats the end game here.
Can you provide an example of someone who is NOT a potential sex offender? I'm guessing they must be, thirsty, shut ins or both to start...
At least 13 states require sex offender registration for public urination, according to Human Rights Watch's comprehensive review of sex offender laws in 2007.
The sarcasm fairy really zoomed over your head, didn't she...
In the free world the media isn't government run; the government is media run.
It depends what your definition of child porn is. In cases where it's very clear cut the court would probably take the investigator's word for it, but in the UK at least it can include things like children's clothes magazines and TV shows if the police think you have been jacking off to them. In that case the jury might see them and the defendant might explain why they had them.
There have also been cases where young looking adult actors in porn were claimed to be child porn. There was a prominent lawyer who exposed a lot of police corruption and improper behaviour, so they tried to manufacture child sexual offences against him. The jury accepted that the man in the video in question was an adult and found him not guilty.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
You should have thought about your Wife and Kids before you posted on Slashdot.
Yes you are. It's a well known fact that besides dissidents and abuse victims also criminals use Tor. So yes, running a Tor node means you're intentionally concealing activity, including illegal activity. Claiming you don't know that is just not believable. It just means you think the end justifies the means. And as with every opinion, everybody is entitled to their own, even if it conflicts with yours.
This is your sig. There are thousands more, but this one is yours.
You make a better point than you perhaps think, though I have removed all the identifying information from this profile over the 15 years i've been here.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
They don't know that it came from the Tor network. They only know that a request for CP came from that IP. After that, they provide the internet provider with a warrant asking who owns that IP and raid the place to see what's there.
Doesn't work if anybody is using HTTPS or other encrypted protocols.
Yes you are. It's a well known fact that besides dissidents and abuse victims also criminals use Tor. So yes, running a Tor node means you're intentionally concealing activity, including illegal activity. Claiming you don't know that is just not believable. It just means you think the end justifies the means. And as with every opinion, everybody is entitled to their own, even if it conflicts with yours.
By the same logic, doing anything that encourages anonymity (wearing a hoodie, using public terminals, taking public transportation instead of something that requires a photo ID, etc.) is equally "intentionally concealing [illegal] activity".
I believe the FBI is familiar with Tor, but not every police department is.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
In the US, at least, a technology can't be banned because it has illegal uses, as long as it has significant legal uses. Much Tor traffic is legal, just anonymized.
If we start banning things because they have substantial illegal use, how about starting with cars? Syringes? Sure, it will kill a number of diabetics, but that's better than letting junkies use them, right?
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Running an exit node might provide plausibly deniability in court though.
That's why the police searched the laptop. If files were present it wouldn't be from Tor. The IP is just probably cause for a search, Tor exit node or not.