>Is it reasonable for the police to investigate an exit node operator for traffic coming from his node, even if they know he's an exit node operator?
Realistically, no. It's a fishing expedition -- it's like raiding the phone company's offices when someone has used a prepaid burner phone because they have the ability to spoof the IP address or phone number of any of their unidentifiable customers. There is no more reason to suspect that the exit node operator is at fault than any other ISP. Especially given the amount of harassment these raids cause for the victims -- can you reasonably state that the police should be able to enter a telco hotel and shut down and confiscate all of the equipment because not all of the traffic passing through it can be traced to an identifiable source? If not then what makes this different?
>I'm not aware of a good solution that avoids inconveniencing exit node operators without giving them some kind of blanket immunity to investigation that goes beyond just relayed traffic.
The solution is to rely on less disruptive investigative means until sufficient evidence is available to determine whether the exit node operator is the likely source of the traffic. For example, get a warrant and wiretap their phone and email and see if they're trafficking in illicit materials through those channels. Have an undercover cop chat them up and set up a sting if they're doing something illegal. Standard police work.
The fundamental misunderstanding here is that police (and, down the chain, other authorities) actually care about the nature of an exit node. From their perspective all they see is that this guy's IP address was used to distribute child pornography. All his stuff is gone, and they will persecute him for that offense. In all likelihood the court trial will go like this:
Defendant: "But I was merely running a Tor exit node!"
Judge: "What's that?"
Court-appointed expert: "It's a computer program that allows
pedophiles to exchange pictures online."
Judge: "I see. That'll be 10 years jail time plus court costs.
Also, please stand by for your copyright infringement trial
that came out of searching your computer equipment. Thanks.
Next!"
You're describing a show trial. Not to say that they don't exist (or are even particularly rare), but if you're in a country that has them, you're pretty well already screwed regardless of Tor or anything else, because all it takes to throw you in prison for a decade or more is for a cop in your vicinity who needs to make his quota to decide he doesn't like anyone with a beard (or anyone without a beard, or people who are taller or shorter than he is, or brown people, etc.)
In countries where you get a legitimate opportunity to make your case, cases like these get thrown out, because the prosecutor is almost always required to prove that you knew the nature of the material, which in the case of an exit node (where "he ran an exit node" is the only evidence), they can't very well do. For exactly the same reason that ISP employees aren't prosecuted for the same thing.
Which brings it back to the issue at hand: You have people who apparently (barring additional evidence beyond running an exit node) are not guilty of the offense in question, but still the police bust into their facilities and steal their stuff. That should not be allowed to happen.
> required to prove that you knew the nature of the material
Actually, depending on the laws of the country, the prosecutor might only need to prove that they "knew or should have known" the nature of the material. Or it might instead be sufficient to prove that the operator "had a reckless disregard" for the nature of the material.
Or perhaps the operator "failed to comply with the regulations for running an Internet service provider, including maintaining logs of customer connections." Which itself might not carry a very harsh penalty, but might also make him liable for criminal acts that others carry out using his illegal ISP.
Disclaimer: I am not a lawyer. These ideas are merely guesses. The things in quotation marks are not quoting anything in particular. I have no idea about which, if any, jurisdictions would accept the legal points my hyopthetical prosecutor makes.
>Actually, depending on the laws of the country, the prosecutor might only need to prove that they "knew or should have known" the nature of the material. Or it might instead be sufficient to prove that the operator "had a reckless disregard" for the nature of the material.
Obviously we can theorize whatever laws we want and there may even be countries that have them that way, but I'm not sure how that distinguishes the Tor exit node from the ISP. Telecommunications services don't generally inspect the content of the packets they route. I wouldn't want to have to argue that that is "reckless disregard" or whatever, though you can certainly imagine overzealous bureaucrats doing so when it suits them.
>Or perhaps the operator "failed to comply with the regulations for running an Internet service provider, including maintaining logs of customer connections." Which itself might not carry a very harsh penalty, but might also make him liable for criminal acts that others carry out using his illegal ISP.
Or maybe there is a specific law in a particular country that outlaws anonymizing services. Or maybe a license is required to operate an information processing device. Your mileage may vary, etc. Consult an attorney.
But it's worth pointing out that keeping logs doesn't get the government anywhere: The only thing a Tor node has available to log is which nodes it's connected to, and those nodes have a high probability of not having any logs or, even if they do, of being in another country where you can't get access to them. That's kind of the whole idea. So if all you're achieving is to get exit nodes to keep useless logs to make them safe from prosecution under some kind of safe harbor, you just end up back at square one.
The question is, do you want to ban anonymizing services or not? And if not, stop harassing the operators.
>but I'm not sure how that distinguishes the Tor exit node from the ISP
I think it's closer to raiding someone who had their wifi unprotected and someone jumped on and did something illegal.
An ISP is a legal entity that has a certain relationship with its customers. This includes identity and at least some form of monitoring (logging and cooperation with authorities). Tor is opening your connection up to anyone in a totally anonymous and encrypted way. This is not to say that the guy is guilty or even that it's right to raid him, it's just saying that I don't think it's fair to argue he has similar legal protections. In the case of an ISP they don't have to raid them, they just show up with a subpoena and the ISP coughs up the info.
>The question is, do you want to ban anonymizing services or not?
>I think it's closer to raiding someone who had their wifi unprotected and someone jumped on and did something illegal.
That's what I'm saying. In what world is that a reasonable thing for the police to do? A raid is a thing they should do last, after they already know who they're dealing with and are just sewing up an already strong case against them, not the first thing to do with a suspicious IP address.
>In the case of an ISP they don't have to raid them, they just show up with a subpoena and the ISP coughs up the info.
They could do the same thing to the operator of the exit node and it would get them the same result as the raid (which is to say really nothing useful) without the harassment, at least in the case that the operator wasn't the perpetrator. Which is the same case for the ISP. Nothing stops criminal ISP employees from responding to a subpoena by destroying the evidence and then fingering some ISP customer known to have open WiFi.
>I think that is precisely what they want to do.
Then they ought to stop pussyfooting around and actually come right out and propose legislation to that effect. And if it subsequently gets (or already has been) defeated in the legislature or struck down by the courts then they ought to stop pretending it wasn't.
What you're proposing gives anyone with open wifi a license to do whatever they want and then claim it was someone else, that doesn't make sense either. The likely chain of events is as follows:
1. Criminal activity is observed from an IP address.
2. The ISP is contacted, proper permission is received and a wiretap is set up
3. Further traffic patterns are observed
4. A raid is conducted on the owner of the IP address.
At this point there is no need to raid the ISP because the traffic can be traced back farther than the ISP to a more specific place. In the case of the IP, the traffic essentially ends at the owner of the IP. It can't be tracked back any further so a raid is conducted to move the investigation to the next level. If the ISP didn't log or wouldn't turn over information, the ISP would be raided, I imagine.
Obviously running a TOR exit node, open wifi or ISP can't be a blank check to get away with crime. Once the investigation was stopped, the next logical level was to get more information from the last place it was seen (the IP owners equipment).
>Then they ought to stop pussyfooting around and actually come right out and propose legislation to that effect.
This assumes that "they" is a single unified entity with a single, unified goal. Very likely there are people who want to discourage this sort of activity without the trouble of actually legislating it. That's obviously wrong, but it happens all the time, often totally benignly, in this case much more maliciously.
>At this point there is no need to raid the ISP because the traffic can be traced back farther than the ISP to a more specific place.
It seems like you're still not distinguishing it from the exit node: In order to set up a wiretap, the ISP is going to know about it (it's their equipment). If the ISP employees are the criminals then getting a wiretap for the customer's IP address that they've been spoofing is going to tip them off. If you're not worried about that for the ISP then stop worrying about it for the exit node -- in which case you could do the same thing, require the exit node operator to install wiretapping software on the exit node and trace the traffic "back farther than the [exit node] to a more specific place" (i.e. the next Tor node in the chain). It still doesn't get you anything, but neither does a subpoena to the ISP that just leads you to an otherwise-clean exit node.
>Obviously running a TOR exit node, open wifi or ISP can't be a blank check to get away with crime.
People keep saying this -- it's wrong twice. First, just because you can't do a smash and grab police raid doesn't mean you can't do an investigation. Digital forensics are crap anyway -- way too easy to forge. (Criminal installs remote control software on some poor sap's PC to do dirty work, secure removes it when finished and everything ends up pointing to the sap.) Try doing some actual police work, interview suspects, look at the illicit materials to see if there are clues from the background, on and on. And after you've done your homework, if the evidence still points to the exit node operator (instead of just the exit node's IP address), then you do a raid.
But perhaps more importantly, how is it the operators of the anonymizing thing who we are worried about getting away with something? If you know enough about Tor to set up an exit node and you're a criminal, you can just use somebody else's exit node instead of setting up your own. Or hop on some public wifi, or break into some sucker's PC to use it as a proxy, etc. If the police have successful methods to catch those criminals, then use them against the criminal who hides under an exit node instead of raiding it.
And if not, well, that's life. A police state is very helpful to the police. The cost of not having a police state is that some criminals get away with it. It's the cost of doing business in a free society.
>That's obviously wrong, but it happens all the time, often totally benignly, in this case much more maliciously.
Which is why they ought to be stopped. Government malfeasance is all but universally a more serious problem than private malfeasance, because a good government can often save you from bad private actors, but almost nobody can save you from a bad government.
You're creating all sorts of situations and "what-ifs" and "buts" that don't fit the facts. We don't really have any idea what kind of investigation was conducted, or what other steps they have taken before this point. I don't imagine police in most democratic societies -- especially ones with robust free presses -- conduct raids lightly.
Furthermore, it's not really the police's job to interject possibilities into this situation. Phrases like "digital forensics are crap -- way to easy to forge" and "If the ISP employees are the criminals then getting a wiretap for the customer's IP address that they've been spoofing is going to tip them off" and "if you know enough about Tor to set up an exit node" don't really enter into their though process. The investigation reached a dead end, they got more evidence.
I would like to point out that I don't know the specifics of this case either. I will say, however, that in the US, raids and seizures like this are subject to judicial review. Probable cause is shown and permission is granted or denied. It's not as if the police can just walk in there and take what they want. I also don't feel that police work needs to be held up in the face of new technologies. As the public's access to technology increases, so must law enforcements access to tools to investigate crimes. This is not to say there should not be checks and balances, but that getting a warrant already is a check.
>An ISP is a legal entity that has a certain relationship with its customers. This includes identity and at least some form of monitoring (logging and cooperation with authorities).
This a truth that is really bad for society, and goes against every form of common carrier principles made over the last few hundred years (ever since the postal service started). Is't it a bit odd that as soon humanity was able to identify and monitor everyone, it suddenly became the moral obligation to do so?
Here's a notorius austrian court-appointed linguistics "expert" who became infamous during the trial of animal rights activists accused of forming a terrorist group:
He claimed to be able to prove with near certainty that one of the defendants wrote some letters and articles whose real authors were named in the trial, by using contrived (and obviously error-prone) text analysis methods some real linguistics experts called absurd.
The defendants were all acquitted by the judge, who was subsequently moved to a much less prestigious job, while the prosecutor was promoted.
So yes, there are show trials in Austria and the defendant in the Tor case hopefully wasn't a political activist.
That's not what I meant. Given the chronic technophobia of the legal system and the current laws, they practically don't have a choice. He's not a telecom company, so he'll be responsible for whatever his IP address hosts. The seedy nature of Tor doesn't help here either.
>He's not a telecom company, so he'll be responsible for whatever his IP address hosts.
I would challenge you to point to a specific law that actually says that. I'm not saying you can't (there are a lot of countries in the world with a lot of ridiculous laws), but what you're saying would prohibit internet cafes, public libraries with computer terminals, coffee houses or hotels with wifi, etc., because none of them are telcom companies and they allow unauthenticated or poorly authenticated members of the public to use their IP address.
The truth is complicated. But if we're trying to get things to work how they should work, raiding Tor exit nodes just because they're Tor exit nodes is not in the cards. Even if the existing laws are defective in some jurisdictions, they can be fixed, and in the meantime police and prosecutors are very often allowed the discretion to not go out of their way to harass potentially innocent suspects. I may be asking too much asking for them to actually exercise it.
If the police are sophisticated enough to track illegal activity to this guy's IP address, then they ought to be sophisticated enough that they will also perform some digital forensics on his computers (not to mention, smart enough that they can probably understand vaguely what Tor does). If he's really involved in something, they will expect to find some evidence of that on his machine. If it's coming from other users, through Tor, then the evidence ought to demonstrate that.
If the guy has a halfway competent lawyer, that is not what the judge will think. This grossly oversimplifies the exigencies of law enforcement versus the courts. Law enforcement is forced to take down things like exit nodes because they have no other way of tracking down the originators. Whether that will stick in court is an entirely different matter.
It's the primary reason why running an exit node on your own is considered an unwise move. That guy is responsible for the IP addresses he uses. A telecom company, on the other hand, wouldn't be.
Realistically, no. It's a fishing expedition -- it's like raiding the phone company's offices when someone has used a prepaid burner phone because they have the ability to spoof the IP address or phone number of any of their unidentifiable customers. There is no more reason to suspect that the exit node operator is at fault than any other ISP. Especially given the amount of harassment these raids cause for the victims -- can you reasonably state that the police should be able to enter a telco hotel and shut down and confiscate all of the equipment because not all of the traffic passing through it can be traced to an identifiable source? If not then what makes this different?
>I'm not aware of a good solution that avoids inconveniencing exit node operators without giving them some kind of blanket immunity to investigation that goes beyond just relayed traffic.
The solution is to rely on less disruptive investigative means until sufficient evidence is available to determine whether the exit node operator is the likely source of the traffic. For example, get a warrant and wiretap their phone and email and see if they're trafficking in illicit materials through those channels. Have an undercover cop chat them up and set up a sting if they're doing something illegal. Standard police work.