Raided For Running a Tor Exit Node 325
An anonymous reader writes "A Tor Exit node owner is being prosecuted in Austria. As part of the prosecution, all of his electronics have been held by the authorities, including over 20 computers, his cell phone and hard disks. 'During interview with police later on Wednesday, Weber said there was a "more friendly environment" once investigators understood the Polish server that transmitted the illegal images was used by Tor participants rather than by Weber himself. But he said he still faces the possibility of serious criminal penalties and the possibility of a precedent that Tor operators can be held liable if he's convicted.' This brings up the question: What backup plan, if any, should the average nerd have for something like this?"
Backup Plan (Score:5, Insightful)
There is no preparation for this. (Score:4, Insightful)
Look at Kim Dotcom.
ISPs as well? (Score:5, Insightful)
If a TOR exit node can be prosecuted for traffic passing through it, should the ISP and backbone router owners not also be held responsible for traffic passing through their nodes? If the ISP and network operators are not held responsible then neither should the TOR node owner.
Don't run an exit node. (Score:4, Insightful)
Run a dark net.
Don't run a TOR exit node? (Score:4, Insightful)
I think not running TOR is about all you can do.
Of course if this is something they can prosecute you for, can they also prosecute your ISP as well?
Shipping analogy (Score:5, Insightful)
If you ship contraband via FedEx, is FedEx a criminal?
Never (Score:2, Insightful)
If you want real security, you should be using a network where the data never "exits" from the secure zone. And never let other people use your network blindly for their own purposes, until something like common carrier status is established for that sort of thing.
This was Austria. I can't imagine the FBI or any other local jurisdiction being that much friendlier. Even if the law is technically on your side, expect to have to lose everything defending your rights.
Plausible Deniability (Score:5, Insightful)
Define "average?" (Score:4, Insightful)
What average nerd runs a TOR exit node?
Re:Store your data someplace else (Score:4, Insightful)
You suggest pumping 30 terabytes of data per day through your neighbors wifi?
Wondered From Day One (Score:5, Insightful)
I've wondered, from day one, why anyone would be crazy enough to run a TOR exit node. Why would you willing serve as the front man for someone else's unknown but likely illegal activity? It's just crazy.
Running an exit node is just begging to get arrested for child porn. I'm positively amazed that it doesn't happen a LOT more often.
Re:non-destructive backup plan (Score:4, Insightful)
They likely will not turn it off when they remove it. There are products just for that purpose.
Destruction of the USB stick would get you Obstruction of Justice charges.
Re:ISPs as well? (Score:4, Insightful)
Just like the mail service can be held responsible if they deliver a package with drugs in it? It's basically the same thing as bringing a bag full of drugs that a stranger gave you while on holidays... right?
No.
Common Carrier vs Doing a Favour for a Stranger.
Totally different.
Re:non-destructive backup plan (Score:5, Insightful)
The problem is not the exit node, no information of any value contains there, and nothing that can incriminate you will be on the exit node.
The problem is the complete raid of everything of value you own and depend on that had no part in the exit node, no matter what is stored on the machines. Likely keeping them for months, even years depending on how far they want to go with the case.
Re:ISPs as well? (Score:4, Insightful)
For the police it is pretty clear that an ISP almost exclusively forwards traffic, so it makes sense to contact them to get connection details for specific illegal activities. There is no way to know from the outside whether a home line is used by a person or is forwarding someone elses requests like Tor (rare). So you have to hold that person, in the first step, accountable for the traffic that comes from his place.
Then in the process of the allegations, you can show plausible deniability, e.g. you are well-known to run a Tor exit node / participate in the Tor community, and the raid did not turn up any illegal material stored on your drives.
While it is extremely annoying to the guy, I do understand the taken measures (except perhaps the power-cord ripping). It really depends on the judge now though, hopefully they don't decide something silly. The question is really whether it is your responsibility to check each forwarded request (ISPs must not read content, or store anything beyond what is needed for forwarding and billing), and whether you may allow anonymous forwarding (ISPs don't I believe, not sure what the law says there).
Comment removed (Score:5, Insightful)
Don't expect to get your data back. (Score:4, Insightful)
Traditional backup methods are good against media failure, or even natural disaster, but ineffective against seizure. The standard police procedure is 'if in doubt, take everything,' because it isn't practical to train frontline officers to work out what is and isn't potentially evidence. That's why they take cell phones and games consoles. That and, as the more cynical point out, the more miserable they can make the defendent the easier it is to force a plea bargin. So they'll take all your backups too.
You can forget about getting that back, too. Even if all charges are dropped. Law enforcement is well-known all around the world for their reluctance to return siezed evidence, espicially evidence that may one day go into police auction. Even if they are willing to return it, many areas have overwhelmed forensics staff and computers can sit in the locker for months before there is an expert available to poke around and declare them free of anything incriminating.
So if you do have reason to worry about being raided - eg, you run an open wireless hotspot or exit node - then a sensible precaution is to keep backups of critical data somewhere out of reach, like a cloud store hosted overseas, or drives left with trusted friends for safekeeping. Making sure, of course, that no-one else knows - you don't want them to get raided too!
Also beware of another police policy. It varies by country, and even by state and district, but many departments are loathe to let any accused off without charge or found not guilty - it makes them look incompetent, wrongly arresting someone. So they will likely resort to the 'throw the book' approach, going through the evidence looking for any other, unrelated crimes they can find. Sure, you may not have actually launched that attack or trafficked those illegal files they raided you for - but if, in the process of investigating, they discover you've been involved in piracy or find chat logs of you talking about your drunken vandalism or theft of office supplies, or something which would be otherwise borderline illegal, they will happily add more charges - insurance in case you were innocent of the original accusations, and to pile on more pressure for a plea bargin. Prosecutors love guilty pleas - much more reliable than actually having to prove something beyond reasonable doubt.
You can encrypt, of course. But that just makes you look even more suspicious, plus in most countries now it's either an explicit crime to withhold keys from police or considered a form of withholding evidence, either of which gets you jailed anyway. Even if you legally wriggle free from that, good luck getting a jury to see it as anything other than a sign you are trying to hide evidence of whatever terrible act you are accused of.
The Simple Truth? (Score:4, Insightful)
Simply tell the prosecution / judge - "I run a TOR exit node to help preserve freedoms on the internet, especially those of people oppressed in countries like Syria and other places. If you choose to prosecute me for running a TOR exit node which, by its stated purpose and nature, is encrypted and anonymous AND which I have no control of the data flowing through it then you must also prosecute EVERY internet service provider over which the same data flowed. I do not know now, nor have I ever known, exactly what data flows over the exit node. Just like ISPs do not know what data is flowing over their networks."
DO NOTHING ELSE. Even if it makes complete sense to you (keeping an encrypted backup of all your data and computer images off-site), the prosecution will do what they can to skew that to "Why did you keep encrypted backups off-site? What are you hiding?" Fuck 'em. Don't give them any ammunition in their fear-mongering quest to rule your life. Come away clean and then lawyer up and sue the police departments, all government levels* involved, and even the prosecutor. Your aim with the lawsuits is not to get paid, it is to get all your electronics back in a timely manner if they refuse to give them back once you are cleared. Of course, if they're being dicks about it then the object is to get your equipment back and get VERY large settlements.
*Not sure how the government levels are in Austria, but here in the United States we have city government, county government, then state, then federal. Depending on who is doing the prosecution, I would start my lawsuits with that level of government and work my way down. Same with the police forces involved.
Re:ISPs as well? (Score:5, Insightful)
Well, here's a couple of differences....
Your ISP has an acceptable use policy that you are required to agree to in order to get service from them, which most likely states that you're not allowed to do anything illegal, and that if you do use their network to do something illegal, you agree that you are wholly responsible for it. It also keeps records, so that it can cooperate with the authorities in tracking down people who are using their network for illegal purposes.
A Tor operator, on the other hand, by design does not know who is using their connection, and thus, cannot enforce that their users must agree to any policy. Further, and again by design, a Tor node does not keep any records that can be used to help authorities track down people using that connection for illegal purposes.
Much of the law operates on the basis of what a 'reasonable person' would understand. A reasonable person would understand that, given their policies and practices, a typical ISP is not attempting to shield people performing illegal activities. On the other hand, a reasonable person who knows what a Tor exit node is and sets one up should understand that there is a high chance that there will be illegal activities being funneled through their node.
So, from a legal point of view, there's a big difference. Now, ethics and morals... those are different things. But honestly, if you're not willing to go to jail to defend the principle that people should be able to anonymously use the Internet, then maybe operating a Tor exit node isn't something you should be doing.
Re:Ditch your computers and go outside (Score:4, Insightful)
Give it a while and you're back at his plan.
Quite seriously, unless you've been under a rock lately, you should have noticed that sooner or later laws have gotten to the point where the only legal thing you can do online anymore is buying crap.
Re:Be prepared for the concequences (Score:5, Insightful)
As usual, the global population spans the entire spectrum from massive government censorship and oppression and from relatively free communication. Tor enables those in free countries to operate exit nodes for the benefit of those in oppressed areas. Those operators are basically modern-day information Robin Hoods.
That your government is willing to raid you is a sign that you live in one of those oppressed areas and should not be running an exit node. So, you should prepare to face the consequences if the reach of The Man can grab you.
Re:ISPs as well? (Score:4, Insightful)
We (including the very smart lawyers at the EFF) believe Tor nodes qualify as transmission providers under DMCA 512(a), not 512(c). This makes them exempt from "notice and takedown" procedures, including the need to issue "putback" responses. The EFF has even prepared a template response for improper DMCA 512(c) takedown notices.
Question: What are the criteria a service provider must satisfy in order to qualify for safe harbor protection under Subsection 512(a) of the Digital Millennium Copyright Act?
Answer: Subsection 512(a) provides a safe harbor for service providers in regard to communications that do not reside on the service provider?s system or network, but merely pass ?through? the system or network. Any copies of the communications on the system must be temporary, i.e., ?intermediate or transient.?
A service provider must satisfy the following critical elements in order to qualify for the ?safe harbor? or protection from liability provided by subsection 512(a) (note that subsection 512(k)(1)(A) defines ?service provider? as used in subsection 512(a)):
(a) The service provider is an entity offering the transmission, routing, or providing of connections for digital online communications [512(k)(1)(A)];
(b) The service provider did not initiated the transmission of the material [512(a)(1)]
(b) The transmission, routing, provision of connections, or storage is carried out by an automatic technical process [512(a)(2)];
(c) The Internet user, not the service provider, must select the origination and destination points of the communication [512(a)(3) and 512(k)(1)(A)];
(e) The service provider must not modify the communication selected by the Internet user [512(a)(5)];
(f) The communication is transmitted ?through? the system or network of the service provider [512(a)(2)];
(f) No copy of the communication is maintained on the system or network in a manner ordinarily accessible to anyone other than anticipated recipients [512(a)(4)]; and
(g) No copy is maintained on the system or network in a manner ordinarily accessible to anticipated recipients for a longer period than is reasonably necessary for the transmission, routing, and provision of connections [512(a)(4)].
https://www.torproject.org/eff/tor-dmca-response.html
Re:The Simple Truth? (Score:5, Insightful)
You can tell them that... but they're not going to buy it. First off, ISPs operate under legally-established safe harbor provisions, which require them to do certain things. If you haven't also done those things, then you're not operating under the safe harbor provisions, and thus, the rules that apply to you aren't the same as those that apply to the ISPs. It's not simply a matter of not knowing what data goes through your network - there are other things you have to do, which include keeping certain types of records about your users... and TOR by design does not do that.
Second, prosecutors have leeway to choose which cases they will prosecute - so your "you must also prosecute" is simply not true, and the prosecution and judge both know this. So they'll simply ignore your speech, and instruct the jury to do so as well.
Now, whether these things are right is a separate question - but there are definite legal differences between an ISP and you, if you're operating a TOR node.
Re:well fuck me (Score:4, Insightful)
You might want to think about that plausible deniability. First off, if the **AA sues you, the standard of proof in a lawsuit is "preponderance of the evidence", not "proof beyond a reasonable doubt". Second, much law is written on the basis of what a hypothetical 'reasonable person' would do or understand. It's quite easy to argue that a reasonable person with your level of technical skill would understand that their open wifi and tor exit node would likely be used by people engaging in criminal activity. Going from there to persuading a jury that you were knowingly aiding and abetting criminal activity likely would not be hard - especially if they know that the secret service has spoken to you in the past and advised you to stop it.
Re:With that logic (Score:5, Insightful)
No, in both cases the pawn shop owner (or Tor node operator in this case) wasn't explicitly aware that their business (or Tor node) was being used to steal goods (or illegal online activity). The pawn shop owner (or Tor node operator) is likely aware that running a pawn shop (or Tor node) carries the risk that illegal goods (or illegal online activity) will be filtered through, though predictive knowledge itself is not a crime. Rather than seeking the assistance of the business owner (or Tor node operator) in tracking down the perpetrator, the authorities chose to instead implicate the business owner (or Tor node operator) directly for the illegal activities of the perpetrator who utilized the business owner's (or Tor node operator's) property to carry out those illegal activities.
See how that analogy works there? If they arrested all pawn shop owners who had facilitated the stealing of stolen goods without explicit knowledge then likely all pawn shop owners would be arrested.
Re:ISPs as well? (Score:4, Insightful)
Re:Store your data someplace else (Score:5, Insightful)
The original question was how does a Tor-running geek prepare for a computer seizure by authorities. One answer is to backup your data to the cloud, so even after they have your computers, you can at least go buy a new beige box and keep working. That's what the GP was getting at.
Re:ISPs as well? (Score:5, Insightful)
Since you asked. Real-world analogies where you wouldn't be held responsible:
You deliberately have no fence around your yard so that anyone who likes can walk across it from one side to the other. You will not be charged if someone flees from the police through your yard.
You and your neighbors pool various gardening tools and keep them in an unlocked tool shed so that anyone can use them with a policy being that you trust people to bring the tools back. You will not be charged if someone steal a shovel and uses it to kill someone.
You are zip car. Someone uses one to commit any of the ten million crimes you can commit with cars. You will not be charged.
Comment removed (Score:5, Insightful)