Follow Slashdot stories on Twitter


Forgot your password?
Electronic Frontier Foundation Censorship Communications Encryption Privacy The Courts The Internet Your Rights Online

The EFF Reflects On ICE Seizing a Tor Exit Node 252

An anonymous reader writes "Marcia Hofmann, senior staff attorney at the EFF, gives more information on the first known seizure of equipment in the U.S. due to a warrant executed against a private individual running a Tor exit node. 'This spring, agents from Immigration and Customs Enforcement (ICE) executed a search warrant at the home of Nolan King and seized six computer hard drives in connection with a criminal investigation. The warrant was issued on the basis of an Internet Protocol (IP) address that traced back to an account connected to Mr. King's home, where he was operating a Tor exit relay.' The EFF was able to get Mr King's equipment returned, and Marcia points out that 'While we think it's important to let the public know about this unfortunate event, it doesn't change our belief that running a Tor exit relay is legal.' She also links to the EFF's Tor Legal FAQ. This brings up an interesting dichotomy in my mind, concerning protecting yourself from the Big digital Brother: Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes."
This discussion has been archived. No new comments can be posted.

The EFF Reflects On ICE Seizing a Tor Exit Node

Comments Filter:
  • by alen ( 225700 ) on Friday August 26, 2011 @08:23AM (#37217544)

    seizing anything that is suspected of being used for criminal activity has been perfectly legal for hundreds of years. and there is no excuse that you were running some service or other and didn't know what other people were doing. if the cops get a hunch they will seize your stuff to look for evidence and impound it if there is evidence of a crime

    • by pseudocode ( 2445502 ) on Friday August 26, 2011 @08:28AM (#37217562) Homepage
      You're right - it's like lending someone a car which they then commit a crime with; you're not guilty of a crime, but it's still fair enough for them to impound the car as evidence.
      • How about agreeing to take a sealed parcel for a stranger with you while you travel the world, and delivering it to another stranger...

        How many people would say yes to that?

        • by biodata ( 1981610 ) on Friday August 26, 2011 @08:54AM (#37217756)
          Quite a few corporations do this routinely and are never prosecuted for it. Individuals are unlikely to take the risk due to the personal cost of a mistake, against which they can't insure. Carrying parcels for people on aeroplanes is not the same as sharing your spare computer capacity with anyone who needs some at the time. You are not carrying anything for anyone.
          • by elrous0 ( 869638 ) *

            You are not carrying anything for anyone.

            The feds don't see it that way, anymore than they see someone's illegal computer files as "just a bunch of 1's and 0's."

            • I'm not sure I agree. I understand this person was not arrested, tried, or prosecuted for any crime. He did nothing illegal, so I think the feds DO see it that way.
        • Pretty much any courier.
      • Re: (Score:3, Informative)

        by Anonymous Coward

    • by betterunixthanunix ( 980855 ) on Friday August 26, 2011 @08:31AM (#37217574)
      Right, that's why ISPs constantly have their routers and DNS servers seized, because so many people are using those computers for criminal activity.

      Oh, wait -- ISPs are corporations, so we treat them differently. When it is some guy running a service out of his home, then the other set of rules applies, where the service operator is harassed by ICE and threatened when his equipment is returned.
      • by Inda ( 580031 )
        Mr King, if that's his real name, had an Internet Protocol (IP) address that was leaking onion rings on to the internets.

        Have you not seen the warnings? He had an unsecure IP address!
      • One guy running an exit node does not a service provider make.

        Traffic through ISPs is expected to originate with the customers. If an ISP itself is also participating in criminal activity, their equipment gets seized, too []. That's just not as common as some end user doing something illegal. Then, of course, there's the various political reasons. ISPs maintain logs of who has what address, and can quite quickly turn those logs over to police when asked. Note that I said "asked", not "presented with a search w

        • Re: (Score:3, Insightful)

          Traffic through ISPs is expected to originate with the customers

          A provably false assumption even when Tor is not involved. I share an Internet connection with several other people, and my name is not the name of the account holder. When I was in high school, my (nerdier) friends and I used to grant ssh access to each other -- someone who was not even a resident of my home could have been using my Internet connection. I once discovered that a network administrator had not changed the default password on a router; I could have used that router to relay any traffic I

          • by Sarten-X ( 1102295 ) on Friday August 26, 2011 @09:56AM (#37218288) Homepage

            I didn't say that traffic always originates with customers. I said it's expected to. That's a reasonable expectation, because the vast majority of home internet connections are for one household and not shared. The US Constitution only protects against unreasonable search and seizure.

            These days, more connections are being shared across multiple computers, but still rarely outside the same household. Malware does happen, but it's also rare. Similarly, picking people out of a lineup isn't perfect. DNA evidence degrades over time, and can be contaminated very easily. Firearms can be altered to change their striations. Every kind of evidence used has a level of uncertainty to it, and that's why we have trials to determine whether the amount of evidence supporting a theory is sufficient to show guilt.

            The purpose of any investigation is to look for evidence. In this case, the investigation found nothing substantial connecting Mr. King to the crime, so he's not being investigated anymore. Rant all you like about how unreasonable ICE is, but it doesn't change the fact that they did their job perfectly ethically and in accordance with the Constitution. How do you think the investigation should have been conducted, balancing the need to check all potential sources of evidence with the need to respect privacy? Bear in mind, any evidence left in the possession of the suspect after he knows he's under investigation is tainted, and cannot be trusted.

            • Re: (Score:3, Insightful)

              How do you think the investigation should have been conducted

              • Police get logs related to CP investigation.
              • Mr. King's IP address shows up; the police check if it is a known proxy or Tor exit.
              • It is a Tor exit. The police ask Mr. King for any logs he might have, and leave him alone while they continue looking for the real criminal.

              Oh no, you mean that while we are busy respecting the rights of our citizens, some criminals might go free?! Yes, that is what I mean.

              • So your plan involves leaving him alone with his equipment after he knows the investigation is underway. What happens if his logs don't check out? You've created a scenario where the standard of evidence is so high, any criminal can invalidate any evidence of any crime by just sending the police off on a wild goose chase. I sincerely hope you're never on a jury.

                • What happens if his logs don't check out?

                  Then you arrest him and seize his equipment. If you detect evidence that he tried to destroy illegal files, then he is guilty of destruction of evidence. If you cannot find anything, I guess he gets to go free -- what a tragedy, that someone who might have downloaded some child pornography will not be arrested.

                  You've created a scenario where the standard of evidence is so high

                  Have we really gotten to the point where it is unreasonable to think that evidence should actually identify a person? Do you actually think that such a standard is too high? The only evidence

                  • Have we really gotten to the point where it is unreasonable to think that evidence should actually identify a person?

                    Yes, we have, and anybody with any knowledge of the criminal justice system will know that we've always been at this point. There is absolutely no 100% certain form of identifying evidence. Even in perfect circumstances, DNA matching can only tell how many million people could have supplied a DNA sample that "matched". Fingerprints give a few hundred matches, and can be altered. Confessions can be faked or coerced. Eyewitnesses can be biased or mistaken. The best we have ever been able to do is to use the u

      • There's a balance between the impact of the seizure and the evidentiary value of the equipment. If you seize a TOR node, you're causing a large inconvenience to one, possibly-involved person, seizing a whole lot of unrelated information related to that person, and in return getting one unit of evidence. If you seize just about any single machine from an ISP, in order to get the same unit of evidence, you're causing a large inconvenience to many, almost certainly uninvolved people, and seizing a whole lot of

      • by alen ( 225700 )

        ISP's work with law enforcement all the time. i work for one. more than once have i been told to provide a lot of data as evidence in a lawsuit. the reason why legit ISP's don't get equipment seized is they keep records they give to law enforcement.

        like in this case where the feds got an IP from the ISP

    • and there is no excuse that you were running some service or other and didn't know what other people were doing

      So just make sure you're watching what every single one of your users/customers are doing at all times. I know I'd want to use such a service.

    • So where does the ICE store all the switching network equipment they confiscate from the local bells? I mean, that stuff is used in criminal activity all the time. Wire fraud, internet fraud, hacking, etc. I mean, with the amount of criminal activity on the internet, they must be confiscating enough hardware to fill a few airplane hangars. Think of the expense to the telecom industry in keeping the infrastructure up and running with the government constantly pulling pieces out. Wow.

    • by elrous0 ( 869638 ) *

      Even if running a Tor exit node is legal or not, it still wouldn't change the fact that it's an excellent way to end up with the the feds kicking your door in and sticking a gun in your face. Sure; after you spend a fortune on lawyers, fix your door, deal with the fallout of a public arrest and having your name in the papers a kiddie porn aficionado, and (maybe) get your computer(s) back; you may well win your court case. But that's a pyrrhic victory at best.

  • by SirGarlon ( 845873 ) on Friday August 26, 2011 @08:31AM (#37217570)

    Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes

    Unfortunately there is a lot the authorities can do under the name of "investigation" to harass, abuse, intimidate, and even detain you. Seizing computers is bad enough but if they really want to play hardball they can haul you in "for questioning" ... on a daily basis ... and pick you up at inconvenient times like when you're at the office or in the middle of the night. So really being investigated is the thing you don't want, because it can make your life hell and in the end the cops can just smile and say "No charges. Have a nice day, citizen."

    • I'm pretty sure that if such a pattern (or even habit) arose and word got out about it, you'd have a line of lawyers 10 miles long waiting at your door to help you sue any PD or agency was stupid enough to try.

      Sure, they can pull it off for a short period of time, once, and there'd better be a warrant involved (we're talking computers here, not weed - you can't smell illegal computer activity from the front door). More than once (twice at most), and it becomes a pattern of harassment that can be litigated a

    • Also, with the very large number in existence these days, if they decide they don't like you because you're supporting the terrorists / pedophiles / commies, I guarantee you, they can convict you of something. Perhaps it's totally unrelated to what they were originally investigating you for, but as long as they had legitimate probable cause for the initial investigation, anything else they find is fair game. So this isn't true:

      Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes.

      No sir. It makes you less likely to be convicted than someone else who is bein

  • Unfortunately... (Score:5, Insightful)

    by fuzzyfuzzyfungus ( 1223518 ) on Friday August 26, 2011 @08:34AM (#37217590) Journal
    'Mere' investigation can be made rather unpleasant, depending on the crime in question, the enthusiasm of the cops running after it, and your access to legal representation...

    There are the practical difficulties: Having everything vaguely resembling a computer siezed and held for who-knows-how-long, potentially quite signifcant legal costs, etc.

    And there are the ones arising from the common, but troublesome, opinion that investigation is a sort of lesser degree of guilt. The taint by mere association is worst with kiddie-porn related matters; but the touchier types seem to consider "Police Record: Checked, found absolutely nothing." to simply be a subspecies of "Police Record" and act accordingly. Fan-tastic.
  • Is registering as a business the answer to "confiscate everything in sight that looks like a computer?"

    Maybe paying for a business line will frame the cops expectations correctly before they roll up on your residence. Make them more willing to listen to your network setup and only take the publicly accessible _half of your kit.

    • I imagine a better solution would be to get a virtual or dedicated server at some hosting company, clearly labeled as a TOR exit node (have it host a webpage explaining that fact) and if you can, ONLY use it for that. If you set up a separate corporate entity that owns the server, even better. The law protects you no matter where you run the exit node, but if you want to avoid even being personally investigated at all, you definitely need some significant separation between your home and your exit node.
    • I don't believe simply registering as a company, you need to be a corporation large enough to be capable of contributing at least a few hundred thousand to re-election funds, or have lobyests to get any kind of legal grace. A small company of 100 or less people, really doesn't bother them if it goes bankrupt while they spend a few months checking the equipment to see if they possibly were used as a tool for a crime.
    • Re:Answer To This. (Score:4, Insightful)

      by fuzzyfuzzyfungus ( 1223518 ) on Friday August 26, 2011 @10:00AM (#37218326) Journal
      I am neither a lawyer nor your lawyer; but I suspect that once the boys in blue are knocking on or down your door, you have a problem. It is unlikely that you'll manage to convince them to take your word for how your network is set up and just seize part of the potential evidence. Even if you do strike it lucky and get a techie with a gun and badge, rather than a cop who can pretty much handle dealing with physical evidence, why would he trust you, or do the fiddly forensics on site instead of just hauling it all off and doing the work back at the office?

      You might have better luck with the seedy-but-legalish-if-often-a-cover-for-dodgy-activities techniques adopted by besuited scammers and corporations with creative accountants. A shell company, incorporated in one of the states with virtually bulletproof corporate veils and lax reporting requirements(scenic Nevada, for instance) with a vaguely telcomm-related name and no assets aside from a cheap hosted server somewhere, is no more immune to a raid than you are; but might encourage the investigators to finish picking over the raid evidence before deciding whether or not to try to hunt up the corporate officers/owners...
    • It's only BIG business that's above the law.
  • I run an exit node on a VPS. Apparently it'd been used by some guy to try to get a teenaged girl to send him naked pics. They subpoenaed everything back to my business cable connection at home and then called up my company (i.e. me) about it citing a scary amount of information about me. I explained to the detective what TOR was (I already have the standard exit node info page up as recommended on the web server), and he'd already heard it from someone else (a civil lib organization running TOR exits used by the same guy). They dropped it there. Scared me a little and I contacted the EFF, who did not hesitate to offer support should something worse happen in the future. EFF is one of the only organizations I donate to, ever, and I donate a decent chunk of change every month. I'm a proud supporter and it's good to know they're there to support me too.
  • I do not think it means what you think it means
    Specifically, a dichotomy is a separation, usually a splitting of one thing into two separate and distinct parts. It usually requires that there be a choice, A or B.

    It does not mean "hey, that's interesting."

  • From the TOR site... []

    An exit relay is the final relay that Tor traffic passes through before it reaches its destination. Exit relays advertise their presence to the entire Tor network, so they can be used by any Tor users. Because Tor traffic exits through these relays, the IP address of the exit relay is interpreted as the source of the traffic. If a malicious user employs the Tor network to do something that might be objectionable or illegal, the exit relay may take the blame. People who run exit relays should be prepared to deal with complaints, copyright takedown notices, and the possibility that their servers may attract the attention of law enforcement agencies. If you aren't prepared to deal with potential issues like this, you might want to run a middle relay instead. We recommend that an exit relay should be operated on a dedicated machine in a hosting facility that is aware that the server is running an exit node. The Tor Project blog has these excellent tips for running an exit relay. See our legal FAQ on Tor for more info.

    I applaud those who do this but sadly they will be taken advantage of for illegal purposes and therefor the operators are at risk.

    In other posts people suggest that ISP's should suffer the same fate but don't are reminded of the "Common Carrier" law. If these individuals were to set them selves up as a common carrier I wonder if they would realize the same protections. Given that those with CC protection do in fact cooperate with LE would that then make them obliged to do so?

I am more bored than you could ever possibly be. Go back to work.