...but you can't always chmod the same way you create. I can upload a nice "text file" to a web server, and it's going to sit as a text file forever, regardless of extension.
There's two ways to do business in Africa. First, there's the Western way: Employees do their job honestly, get paid very well for it, and get fired if they're corrupt. UPS probably operates like this.
Then there's the local way. What you do is fill a shipping container with equipment, then bribe an official, say, $200 on the condition that it arrives safely. Of course, attempting to bribe an official is illegal, but so is aiding theft. For a country where the average monthly wage is $40, that's a big bribe, and it gets the job done. Customs officials approve the shipment quickly (because they'll be willing to help a local, especially if they belong to the same ancient tribe), local truckers can be haggled down to shipping at reasonable rates, and the destination is miraculously free of thieves. Once the job's done, you pay off the bribe and get on with the next bit of business.
Or so I've heard, at least, from a guy who worked in shipping mining equipment.
He entered into a legal contract saying that he was responsible for the traffic, and he didn't have any other legal agreement saying that the Tor users were responsible (of course). That means he's not just running a service, but effectively giving his legal culpability away to random strangers.
He was presumed innocent. He wasn't arrested, fined, or subjected to a public defamation (by the government, at least - the media gets freedom of speech). He was part of an investigation, that sought neither innocence or guilt, but evidence. As I pointed out elsewhere, a logged IP address belonging to a Tor exit node is like having bloody footprints leading from a violent crime scene to your front door. Maybe it means someone just used your doormat to change their shoes, or maybe it means you stabbed somebody. Either way, it's probable that more evidence - or even the absence of such - can be found within your home, and it's reasonable for the police to be allowed to search for such.
My needs (mostly just SSH and a web server) haven't upscaled in 5 years. I doubt they will in another 5, and if I want to get something bigger then, I can. Until then, my $500 is sitting in a bank account earning interest that nearly offsets the cost of electricity itself. As for reliability, every moving part in the case (except the hard drive) is original, and in near-perfect condition. Non-moving parts don't really wear out. I don't know why you think replacing something just because it's old makes sense.
If Lubuntu had existed as a standalone disk when I'd gone over, I'd have used that. One of the project requirements was that the system look & act as much like Windows as possible (I blame the government, but that's a rather long rant in itself that I'll only go into by request), so Xfce was out of the question. I had planned on using Kubuntu, but that didn't work for some reason (which I now forget), so I ended up running GNOME, with the panels customized to look like Windows. It sucked, but it was the best option available at the time.
I chose Ubuntu mainly because of the Edubuntu package, and ease of installation. This was a school in rural Africa, and I was the first volunteer they'd had with a significant technology background. The nearest "computer repair technician" was a 2-hour ride away in a shared taxi, and he only knew Windows. I needed something that, if something went badly wrong, American volunteers could reinstall if needed, following a set of instructions I left. Drop in an Ubuntu disk and install, then drop in an Edubuntu disk and install. No Internet connection, and no Linux admin magic necessary.
Both. We had one machine whose video card was entirely unsupported, and had to run the bare-minimum vesa driver. It ended up being used for parts to upgrade other machines so they could boot.
My home server, built in 1999, runs at a maximum of 80W. That means it takes 2 kW (about $0.20) per day, at most. For about $500 I could build a machine that draws 20W, for a monetary savings of about $0.15 per day. In about 10 years, I could break even on what I spent on the new server, but by then, the hardware would be 10 years old again. What I have serves my purposes.
I agree, but I'd love to see someone (with time, experience, and more knowledge than I) take it a step further: A Linux distro to work on ancient machines, with the latest feasible versions of software.
When I volunteered in Africa in 2009, one of my projects was to set up a computer lab, populated with donated machines. These computers were old. The newest one was manufactured in 2003. The oldest was 1997. I ended up installing Ubuntu and Edubuntu, then stripped down the core as much as I could while still keeping things clean. The machines still take several minutes to boot fully.
What I'd love would be a distro designed for just such situations. On install, it would determine what kind of hardware you have available, and only install things that will work well. Support for really old hardware would be patched in for the distro, probably with only major bugs receiving repair attention. If a package isn't likely to run well on your system, it will alert you before installing.
This is something that's bothered me for a long time, since I realized (mid-90's) that computers can hold a lot of stuff. From what I've seen, search warrants for data read much like other generic warrants, where the police are expecting to find a certain kind of evidence, and must ignore everything else. Now, this is getting into deep lawyer territory, and I'm not one, but my understanding is that if the cops are looking for evidence in a shooting case, and find a bloody knife in your home, they can't do much about it.
My understanding is that current data searches are similar. If they're looking for something relating to kiddy porn, and they find unsent threatening emails to your boss, they can't use those emails for anything.
I'd welcome a lawyer's input on that, if there's one around...
Not such an unreliable longshot, as it turns out. I cannot remember the exact name, but there was a case...
So one case, that really had nothing to do with the Internet at all. The forum could be replaced by a poker table, and things would be the same. Infiltrations take a lot of time and money, and pose a significant risk to the investigation as well. After years of work, the investigators could come up with a few identities, or likely none at all. One case does not make a statistic.
you will be able to reestablish someone's identity
Why, exactly? If it's a forum, they have a username and password... but those might be shared, too! There's the same disconnect between "ID token" and "actual human" as IP addresses have.
Changing master keys is a fairly expensive thing to do, since all your contacts need to reauthenticate your new master key, so it is unlikely that a master signing key will change frequently.
All you need to do is have a promiscuous certificate authority, approved by your contacts (and others, for the sake of reputation). One based in Moscow, with lax paperwork standards.
I would say that a cryptographic key is more reliable as a way to identify a person than an IP address, given that keys are generally passphrase protected and rarely shared (at least signing keys are rarely shared).
And I would say that I can generate 500 new keys by the time you finish reading this comment. I can delete them just as fast, too. The "identity" of a key is disposable.
In the real world, however, IP addresses are frequently shared among several people -- think NAT, wardriving, etc. Computers may also be shared among several people, making IP addresses even less reliable as a form of identification.
And yet, it's no less reliable than any other form of identifying evidence. Nothing is as reliable as you want, which is why I say you're pushing for a world where all crime using a computer is nonpunishable.
A computer is not an extension of a person's body
That's the main disconnect. You can never identify someone 100% by anything they do with their computer.
and an IP address is not an extension of a person's computer.
Nor is anything else that gets sent over a network. Yet again, nothing is 100%.
There is something missing from this entire conversation: what sort of crimes are we prosecuting where IP addresses are the only method the police can use to identify someone?
Anything involving a computer where the user didn't outright say "My name is John Doe, and I live at 123 Main St., and my SSN is 000-00-0000."
Are the police really unable to use things like the thermal noise in an image (e.g. in a child pornography case),
Wait, what? There's been some research done into using CCD noise to identify cameras, but that only works on high-res images and is easily fooled by things like rotating & cropping, and using a digital zoom. To my knowledge, no such technique is in use in courts today, and even if it were, it requires having the suspect camera to match. How is that supposed to happen to establish an identity?
If we are talking about "crimes" in which there is no physical evidence, no money trail, and in which no evidence except an IP address and data on a hard drive are used to incriminate someone, we have a problem (and since that is exactly the situation we are currently facing, I would say that we certainly do have a problem).
And again, I'll ask for an example of any criminal prosecution where that was the only evidence, where other factors could have come into play (like having a shared connection).
But we're not talking about prosecution. We're talking about an investigation, where there must only be
Assuming law enforcement has taken down a server with evidence of a crime, they'd have access to logs. Web server access logs usually store only IP addresses. There may be a session identifier, but that's not much use after 30 minutes. If the log were ridiculously detailed, it might have a cookie in it - but that's no good without something to match it to, which would require searching a suspect's computer.
If the investigators are monitoring packet data, they could get the MAC address of the user's computer. That's no more identifying than an IP address, can be changed at will by the user, and is often duplicated across cheap NICs.
If the investigators spent time on the child porn forums or hacking sites or whatever they were investigating, they could infiltrate the community and try to get an actual identity, but that's a ridiculous long shot, and utterly unreliable.
If packets were all encrypted, or otherwise cryptographically authenticated, a person's identity could be changed whenever the keys changed. Yet again, it's an unreliable identification.
Then there's the IP address... for bidirectional communication, it usually cannot be spoofed, and it's usually assigned by someone other than the end user. No, it's not perfect, but it's better than any alternative.
If there's something I'm missing here, please feel free to point it out. The intricacies of network architecture are not my strongest suit, and I'd love to learn more.
Have we really gotten to the point where it is unreasonable to think that evidence should actually identify a person?
Yes, we have, and anybody with any knowledge of the criminal justice system will know that we've always been at this point. There is absolutely no 100% certain form of identifying evidence. Even in perfect circumstances, DNA matching can only tell how many million people could have supplied a DNA sample that "matched". Fingerprints give a few hundred matches, and can be altered. Confessions can be faked or coerced. Eyewitnesses can be biased or mistaken. The best we have ever been able to do is to use the uncertain evidence to find more uncertain evidence, until there is so much evidence that the chance of a suspect's innocence is "beyond reasonable doubt".
something as nonspecific as an IP address or telephone number is all the evidence that is necessary to convict someone.
Do you have any specific cases of a criminal conviction that relied solely on an IP address? Sure, there's some instances where a suspect was investigated, and they gave up and confessed. There's many more instances of abuse by the RIAA, forcing people to settle for financial reasons rather than actual guilt. To my knowledge, however, there's no cases where an IP address was the sole, or even the main, piece of evidence. They aren't 100% reliable evidence, and the courts know this. Like any evidence, though, they can lead to more evidence.
They wanted any computer equipment that may have had evidence relating to the investigation. The probable cause was that the IP address used was assigned to Mr. King's Internet connection, and Mr. King had entered into a legal agreement taking responsibility for the use of that connection, so it's probable that he knows what happened.
I guess because of OMGPRIVACY and OMGFUCKTHEPOLICE those sorts of facts get the boot.
They never accused him of anything. He was a part of an investigation. Heck, I was part of an investigation into a 3-car motor vehicle crash. I had been walking down the sidewalk at the time. I certainly didn't do anything criminal, but I was able to provide evidence.
What more evidence than an IP address is possible, given the architecture of the Internet at this point? By your standards, the Internet is place where any crime can go unpunished, because you can't know for certain who was pressing the keys, and you can't ask without already knowing.
You are talking about search a list of strings for a particular string
I've parsed the Tor list before myself. I'm fully aware of how little effort it takes, and I'm also aware that it's far beyond the capacity of most police departments. Remember, these folks are funded by taxes, and nobody ever wants tax increases. If it's a choice between getting a programmer to parse the Tor list and getting an extra set of body armor, no sane police department is going to pick the programmer.
Then you have someone who lied to the police (which is evidence that can be used against them), and if they destroyed the incriminating evidence, they are guilty of another crime -- destruction of evidence.
Lying to the police is useless without more evidence of wrongdoing, and destruction of evidence is trivial compared to child pornography. The suspect could just be an ass to police for the fun of it.
They could maintain their own up-to-date list of Tor exits, or just download the list before they go ahead and get a search warrant. It is really not that hard.
I view it as a threat -- they are telling the guy that he will have to go through this entire situation again if he continues to run a Tor exit.
That's not so much a threat as a statement of fact. It's not a threat for me to tell you that you're likely to be injured if you start throwing punches at random people on the street.
He was never committing a crime to begin with, so why should his behavior change?
He wasn't convicted of a crime or even accused of one. His behavior should change because he's making life more difficult for himself. If he likes making trouble for investigators and himself, fine. It's his choice. He can go through the hassle again.
ICE has no business showing up at an exit node operator's home.
So if a trail of bloody footprints leads from a murder scene to your front door, the police have no business talking to you about it, because those footprints could have been anybody's, and somebody could have used your porch to change shoes, and it's totally not your problem at all, right? Getting a warrant to check for bloody shoes in your closet is unreasonable, and they should have asked you first! Once you tell them that that guy down the street wears shoes sometimes, they should leave you for a while, and ignore the bonfire in your backyard, because you could be innocent, so they should respect your rights at all costs.
So your plan involves leaving him alone with his equipment after he knows the investigation is underway. What happens if his logs don't check out? You've created a scenario where the standard of evidence is so high, any criminal can invalidate any evidence of any crime by just sending the police off on a wild goose chase. I sincerely hope you're never on a jury.
I didn't say that traffic always originates with customers. I said it's expected to. That's a reasonable expectation, because the vast majority of home internet connections are for one household and not shared. The US Constitution only protects against unreasonable search and seizure.
These days, more connections are being shared across multiple computers, but still rarely outside the same household. Malware does happen, but it's also rare. Similarly, picking people out of a lineup isn't perfect. DNA evidence degrades over time, and can be contaminated very easily. Firearms can be altered to change their striations. Every kind of evidence used has a level of uncertainty to it, and that's why we have trials to determine whether the amount of evidence supporting a theory is sufficient to show guilt.
The purpose of any investigation is to look for evidence. In this case, the investigation found nothing substantial connecting Mr. King to the crime, so he's not being investigated anymore. Rant all you like about how unreasonable ICE is, but it doesn't change the fact that they did their job perfectly ethically and in accordance with the Constitution. How do you think the investigation should have been conducted, balancing the need to check all potential sources of evidence with the need to respect privacy? Bear in mind, any evidence left in the possession of the suspect after he knows he's under investigation is tainted, and cannot be trusted.
Getting that list of addresses and comparing it takes time, and what's supposed to happen between when the suspect says "I'm running Tor" and when they come back saying "no you're not?" Do they just leave the guy with all his equipment, ripe for a freak house fire? Can law enforcement even get historical lists, to show that the guy wasn't actually running the node at the time the crime was committed?
It's not clear at all that this is "harassment". It's clear that ICE expects more crime to be committed through Tor, and the warning that "this could happen again" is simply honest: it could. In my opinion, Mr. King should take this opportunity to set up logging, so he can quickly show what connections came through the node. Next time ICE shows up, he can turn over that log quickly and easily, and possibly avoid any seizure at all.
One guy running an exit node does not a service provider make.
Traffic through ISPs is expected to originate with the customers. If an ISP itself is also participating in criminal activity, their equipment gets seized, too. That's just not as common as some end user doing something illegal. Then, of course, there's the various political reasons. ISPs maintain logs of who has what address, and can quite quickly turn those logs over to police when asked. Note that I said "asked", not "presented with a search warrant". It's a professional relationship, and it's a great way to stay out of severe trouble.
The fact that an ISP is a corporation adds another important detail as well - multiple people. As a group grows larger, the probability for dissent increases. This is why conspiracies fail and governments are inefficient. At a corporation, there is a reasonable expectation that the business and the majority of its employees will follow applicable laws. If someone is found not following laws, it's likely that the first ones to know about it will be their coworkers, who will take steps to ensure their job security, including talking to police. With a one-man operation, there is no such expectation. The police can reasonably expect the guy to say whatever he can to avoid being convicted, whether or not he actually did anything illegal.
Running an exit node is like volunteering yourself for anything. You might end up helping someone commit a crime. If you want to protect yourself, keep logs of what the exit node's doing, establish a good relationship with police, and hand over those logs at a moment's notice. You're still likely to have equipment seized/searched, but it's much easier to claim you were unknowingly used if you can point at someone else. If this is too much against the principles that caused you to run an exit node in the first place, then expect to suffer for your cause.
...but you can't always chmod the same way you create. I can upload a nice "text file" to a web server, and it's going to sit as a text file forever, regardless of extension.
I don't "put up with." I just use.
There's two ways to do business in Africa. First, there's the Western way: Employees do their job honestly, get paid very well for it, and get fired if they're corrupt. UPS probably operates like this.
Then there's the local way. What you do is fill a shipping container with equipment, then bribe an official, say, $200 on the condition that it arrives safely. Of course, attempting to bribe an official is illegal, but so is aiding theft. For a country where the average monthly wage is $40, that's a big bribe, and it gets the job done. Customs officials approve the shipment quickly (because they'll be willing to help a local, especially if they belong to the same ancient tribe), local truckers can be haggled down to shipping at reasonable rates, and the destination is miraculously free of thieves. Once the job's done, you pay off the bribe and get on with the next bit of business.
Or so I've heard, at least, from a guy who worked in shipping mining equipment.
He entered into a legal contract saying that he was responsible for the traffic, and he didn't have any other legal agreement saying that the Tor users were responsible (of course). That means he's not just running a service, but effectively giving his legal culpability away to random strangers.
He was presumed innocent. He wasn't arrested, fined, or subjected to a public defamation (by the government, at least - the media gets freedom of speech). He was part of an investigation, that sought neither innocence or guilt, but evidence. As I pointed out elsewhere, a logged IP address belonging to a Tor exit node is like having bloody footprints leading from a violent crime scene to your front door. Maybe it means someone just used your doormat to change their shoes, or maybe it means you stabbed somebody. Either way, it's probable that more evidence - or even the absence of such - can be found within your home, and it's reasonable for the police to be allowed to search for such.
Yes, I missed an 'h'. Sorry about that.
My needs (mostly just SSH and a web server) haven't upscaled in 5 years. I doubt they will in another 5, and if I want to get something bigger then, I can. Until then, my $500 is sitting in a bank account earning interest that nearly offsets the cost of electricity itself. As for reliability, every moving part in the case (except the hard drive) is original, and in near-perfect condition. Non-moving parts don't really wear out. I don't know why you think replacing something just because it's old makes sense.
If Lubuntu had existed as a standalone disk when I'd gone over, I'd have used that. One of the project requirements was that the system look & act as much like Windows as possible (I blame the government, but that's a rather long rant in itself that I'll only go into by request), so Xfce was out of the question. I had planned on using Kubuntu, but that didn't work for some reason (which I now forget), so I ended up running GNOME, with the panels customized to look like Windows. It sucked, but it was the best option available at the time.
I chose Ubuntu mainly because of the Edubuntu package, and ease of installation. This was a school in rural Africa, and I was the first volunteer they'd had with a significant technology background. The nearest "computer repair technician" was a 2-hour ride away in a shared taxi, and he only knew Windows. I needed something that, if something went badly wrong, American volunteers could reinstall if needed, following a set of instructions I left. Drop in an Ubuntu disk and install, then drop in an Edubuntu disk and install. No Internet connection, and no Linux admin magic necessary.
Both. We had one machine whose video card was entirely unsupported, and had to run the bare-minimum vesa driver. It ended up being used for parts to upgrade other machines so they could boot.
My home server, built in 1999, runs at a maximum of 80W. That means it takes 2 kW (about $0.20) per day, at most. For about $500 I could build a machine that draws 20W, for a monetary savings of about $0.15 per day. In about 10 years, I could break even on what I spent on the new server, but by then, the hardware would be 10 years old again. What I have serves my purposes.
I agree, but I'd love to see someone (with time, experience, and more knowledge than I) take it a step further: A Linux distro to work on ancient machines, with the latest feasible versions of software.
When I volunteered in Africa in 2009, one of my projects was to set up a computer lab, populated with donated machines. These computers were old. The newest one was manufactured in 2003. The oldest was 1997. I ended up installing Ubuntu and Edubuntu, then stripped down the core as much as I could while still keeping things clean. The machines still take several minutes to boot fully.
What I'd love would be a distro designed for just such situations. On install, it would determine what kind of hardware you have available, and only install things that will work well. Support for really old hardware would be patched in for the distro, probably with only major bugs receiving repair attention. If a package isn't likely to run well on your system, it will alert you before installing.
This is something that's bothered me for a long time, since I realized (mid-90's) that computers can hold a lot of stuff. From what I've seen, search warrants for data read much like other generic warrants, where the police are expecting to find a certain kind of evidence, and must ignore everything else. Now, this is getting into deep lawyer territory, and I'm not one, but my understanding is that if the cops are looking for evidence in a shooting case, and find a bloody knife in your home, they can't do much about it.
My understanding is that current data searches are similar. If they're looking for something relating to kiddy porn, and they find unsent threatening emails to your boss, they can't use those emails for anything.
I'd welcome a lawyer's input on that, if there's one around...
Not such an unreliable longshot, as it turns out. I cannot remember the exact name, but there was a case...
So one case, that really had nothing to do with the Internet at all. The forum could be replaced by a poker table, and things would be the same. Infiltrations take a lot of time and money, and pose a significant risk to the investigation as well. After years of work, the investigators could come up with a few identities, or likely none at all. One case does not make a statistic.
you will be able to reestablish someone's identity
Why, exactly? If it's a forum, they have a username and password... but those might be shared, too! There's the same disconnect between "ID token" and "actual human" as IP addresses have.
Changing master keys is a fairly expensive thing to do, since all your contacts need to reauthenticate your new master key, so it is unlikely that a master signing key will change frequently.
All you need to do is have a promiscuous certificate authority, approved by your contacts (and others, for the sake of reputation). One based in Moscow, with lax paperwork standards.
I would say that a cryptographic key is more reliable as a way to identify a person than an IP address, given that keys are generally passphrase protected and rarely shared (at least signing keys are rarely shared).
And I would say that I can generate 500 new keys by the time you finish reading this comment. I can delete them just as fast, too. The "identity" of a key is disposable.
In the real world, however, IP addresses are frequently shared among several people -- think NAT, wardriving, etc. Computers may also be shared among several people, making IP addresses even less reliable as a form of identification.
And yet, it's no less reliable than any other form of identifying evidence. Nothing is as reliable as you want, which is why I say you're pushing for a world where all crime using a computer is nonpunishable.
A computer is not an extension of a person's body
That's the main disconnect. You can never identify someone 100% by anything they do with their computer.
and an IP address is not an extension of a person's computer.
Nor is anything else that gets sent over a network. Yet again, nothing is 100%.
There is something missing from this entire conversation: what sort of crimes are we prosecuting where IP addresses are the only method the police can use to identify someone?
Anything involving a computer where the user didn't outright say "My name is John Doe, and I live at 123 Main St., and my SSN is 000-00-0000."
Are the police really unable to use things like the thermal noise in an image (e.g. in a child pornography case),
Wait, what? There's been some research done into using CCD noise to identify cameras, but that only works on high-res images and is easily fooled by things like rotating & cropping, and using a digital zoom. To my knowledge, no such technique is in use in courts today, and even if it were, it requires having the suspect camera to match. How is that supposed to happen to establish an identity?
If we are talking about "crimes" in which there is no physical evidence, no money trail, and in which no evidence except an IP address and data on a hard drive are used to incriminate someone, we have a problem (and since that is exactly the situation we are currently facing, I would say that we certainly do have a problem).
And again, I'll ask for an example of any criminal prosecution where that was the only evidence, where other factors could have come into play (like having a shared connection).
But we're not talking about prosecution. We're talking about an investigation, where there must only be
Then please educate me.
Assuming law enforcement has taken down a server with evidence of a crime, they'd have access to logs. Web server access logs usually store only IP addresses. There may be a session identifier, but that's not much use after 30 minutes. If the log were ridiculously detailed, it might have a cookie in it - but that's no good without something to match it to, which would require searching a suspect's computer.
If the investigators are monitoring packet data, they could get the MAC address of the user's computer. That's no more identifying than an IP address, can be changed at will by the user, and is often duplicated across cheap NICs.
If the investigators spent time on the child porn forums or hacking sites or whatever they were investigating, they could infiltrate the community and try to get an actual identity, but that's a ridiculous long shot, and utterly unreliable.
If packets were all encrypted, or otherwise cryptographically authenticated, a person's identity could be changed whenever the keys changed. Yet again, it's an unreliable identification.
Then there's the IP address... for bidirectional communication, it usually cannot be spoofed, and it's usually assigned by someone other than the end user. No, it's not perfect, but it's better than any alternative.
If there's something I'm missing here, please feel free to point it out. The intricacies of network architecture are not my strongest suit, and I'd love to learn more.
Have we really gotten to the point where it is unreasonable to think that evidence should actually identify a person?
Yes, we have, and anybody with any knowledge of the criminal justice system will know that we've always been at this point. There is absolutely no 100% certain form of identifying evidence. Even in perfect circumstances, DNA matching can only tell how many million people could have supplied a DNA sample that "matched". Fingerprints give a few hundred matches, and can be altered. Confessions can be faked or coerced. Eyewitnesses can be biased or mistaken. The best we have ever been able to do is to use the uncertain evidence to find more uncertain evidence, until there is so much evidence that the chance of a suspect's innocence is "beyond reasonable doubt".
something as nonspecific as an IP address or telephone number is all the evidence that is necessary to convict someone.
Do you have any specific cases of a criminal conviction that relied solely on an IP address? Sure, there's some instances where a suspect was investigated, and they gave up and confessed. There's many more instances of abuse by the RIAA, forcing people to settle for financial reasons rather than actual guilt. To my knowledge, however, there's no cases where an IP address was the sole, or even the main, piece of evidence. They aren't 100% reliable evidence, and the courts know this. Like any evidence, though, they can lead to more evidence.
They wanted any computer equipment that may have had evidence relating to the investigation. The probable cause was that the IP address used was assigned to Mr. King's Internet connection, and Mr. King had entered into a legal agreement taking responsibility for the use of that connection, so it's probable that he knows what happened.
I guess because of OMGPRIVACY and OMGFUCKTHEPOLICE those sorts of facts get the boot.
They never accused him of anything. He was a part of an investigation. Heck, I was part of an investigation into a 3-car motor vehicle crash. I had been walking down the sidewalk at the time. I certainly didn't do anything criminal, but I was able to provide evidence.
What more evidence than an IP address is possible, given the architecture of the Internet at this point? By your standards, the Internet is place where any crime can go unpunished, because you can't know for certain who was pressing the keys, and you can't ask without already knowing.
You are talking about search a list of strings for a particular string
I've parsed the Tor list before myself. I'm fully aware of how little effort it takes, and I'm also aware that it's far beyond the capacity of most police departments. Remember, these folks are funded by taxes, and nobody ever wants tax increases. If it's a choice between getting a programmer to parse the Tor list and getting an extra set of body armor, no sane police department is going to pick the programmer.
Then you have someone who lied to the police (which is evidence that can be used against them), and if they destroyed the incriminating evidence, they are guilty of another crime -- destruction of evidence.
Lying to the police is useless without more evidence of wrongdoing, and destruction of evidence is trivial compared to child pornography. The suspect could just be an ass to police for the fun of it.
They could maintain their own up-to-date list of Tor exits, or just download the list before they go ahead and get a search warrant. It is really not that hard.
Maintaining an accurate list is hard. My purpose was to identify incoming Tor connections on my web server. In testing, I found that the list of exit nodes changes significantly within a span of 10 minutes, and the list I was using had update delays of up to 30 minutes. That's enough variation to cast doubt on any list. Linked in TFA is the ExoneraTor, which strives to do exactly what you suggest, but apparently its results can only show that a given exit node was likely to be running or not.
I view it as a threat -- they are telling the guy that he will have to go through this entire situation again if he continues to run a Tor exit.
That's not so much a threat as a statement of fact. It's not a threat for me to tell you that you're likely to be injured if you start throwing punches at random people on the street.
He was never committing a crime to begin with, so why should his behavior change?
He wasn't convicted of a crime or even accused of one. His behavior should change because he's making life more difficult for himself. If he likes making trouble for investigators and himself, fine. It's his choice. He can go through the hassle again.
ICE has no business showing up at an exit node operator's home.
So if a trail of bloody footprints leads from a murder scene to your front door, the police have no business talking to you about it, because those footprints could have been anybody's, and somebody could have used your porch to change shoes, and it's totally not your problem at all, right? Getting a warrant to check for bloody shoes in your closet is unreasonable, and they should have asked you first! Once you tell them that that guy down the street wears shoes sometimes, they should leave you for a while, and ignore the bonfire in your backyard, because you could be innocent, so they should respect your rights at all costs.
The police never asked for Mr. King's logs, they just busted in and seized his equipment.
[citation needed]
It appears to me that they simply assumed the guy responsible for the Internet connection was... you know... responsible.
So your plan involves leaving him alone with his equipment after he knows the investigation is underway. What happens if his logs don't check out? You've created a scenario where the standard of evidence is so high, any criminal can invalidate any evidence of any crime by just sending the police off on a wild goose chase. I sincerely hope you're never on a jury.
So the investigation would have to be finished before it could begin... great plan!
I didn't say that traffic always originates with customers. I said it's expected to. That's a reasonable expectation, because the vast majority of home internet connections are for one household and not shared. The US Constitution only protects against unreasonable search and seizure.
These days, more connections are being shared across multiple computers, but still rarely outside the same household. Malware does happen, but it's also rare. Similarly, picking people out of a lineup isn't perfect. DNA evidence degrades over time, and can be contaminated very easily. Firearms can be altered to change their striations. Every kind of evidence used has a level of uncertainty to it, and that's why we have trials to determine whether the amount of evidence supporting a theory is sufficient to show guilt.
The purpose of any investigation is to look for evidence. In this case, the investigation found nothing substantial connecting Mr. King to the crime, so he's not being investigated anymore. Rant all you like about how unreasonable ICE is, but it doesn't change the fact that they did their job perfectly ethically and in accordance with the Constitution. How do you think the investigation should have been conducted, balancing the need to check all potential sources of evidence with the need to respect privacy? Bear in mind, any evidence left in the possession of the suspect after he knows he's under investigation is tainted, and cannot be trusted.
Getting that list of addresses and comparing it takes time, and what's supposed to happen between when the suspect says "I'm running Tor" and when they come back saying "no you're not?" Do they just leave the guy with all his equipment, ripe for a freak house fire? Can law enforcement even get historical lists, to show that the guy wasn't actually running the node at the time the crime was committed?
It's not clear at all that this is "harassment". It's clear that ICE expects more crime to be committed through Tor, and the warning that "this could happen again" is simply honest: it could. In my opinion, Mr. King should take this opportunity to set up logging, so he can quickly show what connections came through the node. Next time ICE shows up, he can turn over that log quickly and easily, and possibly avoid any seizure at all.
It's because individual citizens are not expected to be providing communication services, but ISPs are supposed to be doing that sort of thing.
One guy running an exit node does not a service provider make.
Traffic through ISPs is expected to originate with the customers. If an ISP itself is also participating in criminal activity, their equipment gets seized, too. That's just not as common as some end user doing something illegal. Then, of course, there's the various political reasons. ISPs maintain logs of who has what address, and can quite quickly turn those logs over to police when asked. Note that I said "asked", not "presented with a search warrant". It's a professional relationship, and it's a great way to stay out of severe trouble.
The fact that an ISP is a corporation adds another important detail as well - multiple people. As a group grows larger, the probability for dissent increases. This is why conspiracies fail and governments are inefficient. At a corporation, there is a reasonable expectation that the business and the majority of its employees will follow applicable laws. If someone is found not following laws, it's likely that the first ones to know about it will be their coworkers, who will take steps to ensure their job security, including talking to police. With a one-man operation, there is no such expectation. The police can reasonably expect the guy to say whatever he can to avoid being convicted, whether or not he actually did anything illegal.
Running an exit node is like volunteering yourself for anything. You might end up helping someone commit a crime. If you want to protect yourself, keep logs of what the exit node's doing, establish a good relationship with police, and hand over those logs at a moment's notice. You're still likely to have equipment seized/searched, but it's much easier to claim you were unknowingly used if you can point at someone else. If this is too much against the principles that caused you to run an exit node in the first place, then expect to suffer for your cause.