Law Enforcement Raids Another Tor Exit Node Because It Still Believes An IP Address Is A Person
from the TASE-THAT-ROUTER dept
An IP address is not a person, even less so if said IP address traces back to a Tor exit relay. But that’s not going to stop the “authorities” from subjecting people with no knowledge at all of alleged criminal activity from being subjected to raids and searches.
It happened in Austria. Local police seized a bunch of computer equipment from a residence hosting a Tor exit node. ICE — boldly moving forward with nothing more than an IP address — seized six hard drives from Nolan King, who was also running a Tor exit relay.
Those more familiar with Tor suggested ICE’s “upon information and belief” affidavit statements should probably include at least a little “information” and recommended law enforcement check publicly-available lists of Tor exit nodes before conducting raids based on IP addresses. ICE, however, vowed to keep making this same mistake, no matter what information was brought to its attention.
ICE wasn’t involved in the latest raid predicated on nothing more than an IP address — at least not directly. This search/seizure was performed by Seattle PD conducting a child porn investigation. Sure enough, investigators had traced the activity back to an IP address, which was all the probable cause it needed to show up at privacy activist David Robinson’s home at 6 a.m. and demand access to his computers.
“They were there because I run a Tor exit relay,” he says. Tor (which stands for The Onion Router) is a system that allows people to surf the Internet anonymously. It’s sometimes referred to as the “dark Web,” and it relies on Internet connections provided by volunteers like Robinson.
Robinson said the Seattle PD “should have known” he couldn’t “see” the traffic passing through his node and that relay was little more than a “post office:” something anyone can use, even criminals, to send and receive information.
Considering he’s depicted as a “prominent privacy activist,” Robinson “should have known” a few things himself. This is not the correct response to a 6 a.m. visit by misguided police officers.
[W]hen Seattle police showed up at David Robinson’s home shortly after 6 a.m. last Wednesday, he figured he had little choice but to let them in and hand over all his computer passwords.
That’s no way to handle the police. Of course, they did present Robinson with a bad/worse proposition.
Instead of impounding all of Robinson’s computers, which the warrant would have allowed, they offered to search them on the premises as long as he consented to turning over his passwords. He did, and they let him keep his machines after they scanned them.
On-site imaging: now a thing thanks to extremely cheap, portable storage. Still, that’s not much comfort to Robinson, who no longer trusts his computers.
Given his early morning wake-up call last week and the fact that he may now have to get rid of his computers because he can’t be sure what the police did to them while he was being questioned outside his apartment, Robinson says he may have to reassess whether it’s practical for him to [continue running Tor relays].
It would be a lot more practical if law enforcement didn’t assume “IP address” = “smoking gun.” It also would help if people — including politicians — didn’t assume just because something’s not visible, it must be criminal. As has been pointed out before, Tor Project publishes a list of publicly-available exit relays and anyone can access that list — even law enforcement. Courts have declared, on multiple occasions, that an IP address is not a person. I guess those logical conclusions have yet to trickle down to law enforcement level.
Filed Under: ice, ip address, nolan king, tor
Comments on “Law Enforcement Raids Another Tor Exit Node Because It Still Believes An IP Address Is A Person”
Improper raids aren't a bug, they're a feature....
Improper raids aren’t a bug, they’re a feature….
Even if the police knew that ip address != person there is no incentive for them to check and even less of one for them to stop.
Every time they raid an innocent Tor exit node it increases the likelihood that the user running the node decides it’s too much trouble and shuts it down.
Re: Improper raids aren't a bug, they're a feature....
Police funded via State FORCED extortion (aka ‘taxation’) will always have no real incentive to do good, as they get paid whether they do good or bad.
I’d much prefer a market of competing security/”policing” companies in which you pay for the security you want, consensually.
That way, if said security/policing company is up to no good, you can take your business elsewhere.
I prefer consensual relationships and exchange.
Re: Re: Improper raids aren't a bug, they're a feature....
Glad to see there’s plenty of voluntarists on Techdirt these days
Re: Re: Improper raids aren't a bug, they're a feature....
It’s even worse.
With the extra that your protection will further depend on whether you’re able to pay or not. More than now.
The problem isn’t in the nature of our police, but in the nature of our citizens, that don’t have the will, brains or guts to punish their politicians when they screw up, or allow such screw ups.
Market isn’t the solution to corruption, as it’s even more corrupt than countries. As an example, who do you think that are the main lobbyists in the laws you get?
Re: Re: Improper raids aren't a bug, they're a feature....
What you are proposing is rule by warlord, as such companies would fight amongst themselves for dominance. Organised government usually avoids the problem of warlord rule, except when there is sufficient profit motive, (relative to the local standard of living), like the drugs trade.
Re: Re: Improper raids aren't a bug, they're a feature....
“I’d much prefer a market of competing security/”policing” companies in which you pay for the security you want, consensually.”
You really wouldn’t. That’s the way policing used to be done, in the early days of the US. And the disaster that it was is reason why that’s not how we do it now.
As bad as the cops are now, they’re positively saints compared to the sort of “cops” that private companies end up producing.
Re: Re: Re: Improper raids aren't a bug, they're a feature....
Aw, bless! Our friend is evidently one of those types who believes that all actions are inherently good if carried out in the name of making a profit since competition (or lack of demand) keeps us honest, or something.
Erm, no. That’s not how it works. As you have correctly pointed out, John, the profit motive tends to bring out the worst in us.
Re: Improper raids aren't a bug, they're a feature....
Would you care to elaborate on why you think this raid was improper? Should police not act on warrants based upon probable cause signed by a neutral magistrate?
Re: Re: Improper raids aren't a bug, they're a feature....
Not when acting means a 6am weapons-hot raid for alleged computer crime, with questionable evidence backing their supposed probable cause, no. In particular, if they were so confident that he was the culprit, why was the warrant not issued to arrest him specifically, rather than to impound his hardware?
Re: Re: Re: Improper raids aren't a bug, they're a feature....
Re: Re: Re:2 Improper raids aren't a bug, they're a feature....
“Your comments show a general ignorance of the legal system”
I think his comments show a general mistrust of the ability of the legal system to make proper decisions rather than an ignorance of how the system works.
Re: Re: Improper raids aren't a bug, they're a feature....
2. warrants are bullshit rubber-stamped creations of convenience for police abuse, NOT high-bars to prevent abuses…
3. neutral magistrates do not exist, or they would not be promoted to such positions of ultimate gatekeeping in a corrupt society…
4. in short, the whole system is corrupted, broken, and serves as an instrument of oppression, not defending freedom…
is that elaborate enough for you ? ? ?
Re: Re: Re: Improper raids aren't a bug, they're a feature....
“the state is”
“warrants are”
“neutral magistrates do not”
“the whole system is”
I understand the personal catharsis such generalized, blanket statements may bring you but these simple heuristics do little to help solve problems.
Re: Re: Re:2 Improper raids aren't a bug, they're a feature....
“…these simple heuristics do little to help solve problems.”
Neither does your criticism of someones post.
https://www.reddit.com/r/iamverysmart/
Re: Improper raids aren't a bug, they're a feature....
Even if the user running the node doesn’t shut it down — what’s to stop the police from putting a traffic monitor on the relay? Over time, they’d be able to figure out who was at the other end of the relay if they did this to enough exit nodes, as the CMU team showed.
Re: Re: Improper raids aren't a bug, they're a feature....
In college I worked on something for a three letter agency as part of some graduate research. This is not a new idea by about two decades.
Re: Improper raids aren't a bug, they're a feature....
cant have the police “go dark”, amirite?
A privacy activist that gives law enforcement all passwords upon “request”. Really.
He was lucky he wasn’t naked though or he would be another dead to the statistics.
Re: Re:
“A privacy activist that gives law enforcement all passwords upon “request”. Really.”
I get your point but I also have ehm… seen a raid like this and if there are 5-6 people standing in front of you, at 6am before your first coffee, with sub machine guns in their hands you kind of feel more cooperative then you would on a forum or blog post.
Re: Re: Re:
there is a reason government thugs like to wave their guns around after all.
terrorism is only illegal if you are not a member of government… otherwise the Government is allowed to Terrorize you until you are actually dead, without cause.
Re: Re: Re:
Also, the option is them taking all your stuff which you may never see again or giving your passwords. I certainly understand why he shared them. it is by far the easier route
Re: Re: Re: Re:
Yep, I don’t blame him at all. Once those guys are in front of you, your privacy is essentially shot anyway (plus they’d get access one way or another even if you don’t help), and any of the alternatives to cooperation are significantly worse at that point.
Re: Re: Re:2 Re:
Although giving the cops permission to perform any search whatsoever is a much bigger risk, in my opinion, than refusing. The search is happening no matter what anyway, but if you give them permission to do it then you have reduced the amount of possible recourse in court available to you later.
We will kick your doors down knowing damn well it was a Tor exit node. THATS THE POINT. Its called the Streisand effect. One would think you had heard about it.
How things are supposed to work
They acted on a warrant based on probable cause to gather evidence. Unless you can show that the warrant was improperly issued the fault must lie with the legal process, not the actions of law enforcement.
Re: How things are supposed to work
Law enforcement had the ability to determine that the IP address was a TOR node, which would have lead to the proper conclusion that the hardware, the the owner of said hardware, were highly likely NOT involved in the suspected crime they were investigating. They could have confirmed this with a mid-afternoon chat with the owner, but opted not to. Law enforcement was not required to do what they did, they CHOSE to take those specific actions. Law enforcement is most definitely to blame here.
Re: How things are supposed to work
Unless you can show that the warrant was improperly issued the fault must lie with the legal process, not the actions of law enforcement.
Who do you think initiated the legal process? The search warrant fairy?
Re: How things are supposed to work
That’s the thing. With multiple courts finding that an IP address is not a person, yet warrants still being issued as if they are, the fault IS with the legal process — the warrant-signing judges are not abiding by higher-courts’ decisions — AND with law enforcement, who seek the warrants from those judges based on the “IP address == person” theory.
Features......
“It also would help if people — including politicians — didn’t assume just because something’s not visible, it must be criminal.”
All these people (Police and Politicians) know is that when THEY hide something it is ONLY due to wrongdoing. To them anything not visible is Bad; Cause they hide stuff Often.
Their kung-fu is weak
I can’t really speak about separation of duties in America, but I wouldn’t expect the average police officer to know much about ToR. Policemen seem good at things like directing traffic, breaking up/starting fights, conducting searches, confiscating valuables…
I would, however, expect the IT department whose job it is to investigate serious internet crime, such as terrorism & child porn, to know full well the ToR exit nodes, popular VPN exit points, proxies…
The more I see stories like this the more I am convinced that Law Enforcement and The Security Services are in dire need of professional help.
Re: Their kung-fu is weak
Have you ever watched CSI Cyber? I’m convinced it’s actually a documentary.
Seattle police said they knew Robinson’s IP was a TOR exit node and understood how TOR works. The Seattle police, claim Robinson could have been trading child pornography using his TOR exit node’s existence as a “plausible alibi” to hide behind. This reasoning gives law enforcement an excuse to raid all TOR exit nodes under the pretense the node operator might be involved in the investigated illicit activity.
Re: Re:
Sadly that is kind of a plausible argument.
I at times have thought it would be nice to run an exit relay, not to hide any illegal activity but to generate “noise” on my line. It would make it harder for companies to build a profile of me if my IP was putting out lot of random activity.
Of course, this story is the exact reason I have not gone through with setting up an exit relay. I am not comfortable putting those I live with in danger of being shot.
Re: Re: Re:
I think that you got it sort of screwed up. Rather than worrying about “who gets shot” (nobody has gotten shot in a TOR raid), you should worry about what kinds of activities you would be encouraging and supporting by operating a TOR exit node.
The reality is that there are some TOR users who are more than happy to abuse your connection for their own illicit pleasures. Much more harm likely comes from that than any risk related to getting raided.
Re: Re: Re: Re:
Seriously?
You must be new here because if you read techdirt and you do not 1000% believe that if the police raided a Tor node and shot someone they wouldnt walpaper the everliving crap out of it with fake drug charges?
No judge presented with said drug charges would think anything of the ‘Tor’ references other than they were a typo.
Re: Re: Re: Re:
“The reality is that there are some TOR users”
Some people do things, so you should not allow anyone access, even those who have real, honest, even humanitarian reasons for using TOR. If someone might do something bad, nobody should be allowed access at all.
Whatever “logic” at its finest.
“Much more harm likely comes from that than any risk related to getting raided”
As ever, I await your evidence.
Re: Re: Re:2 Re:
Paul, I know you are always desperate to try to show me up, but geez, can you at least get a clue first?
People use TOR for various reasons. Since TOR is not a “performance” network (because of lots of handling of packets), it’s used by people who want to hide their activities online.
If you are operating a TOR exit node, those are the people you are “serving”. It would be foolish and ignorant not to accept that at least some of those users are going to use TOR to hide criminal activity or general creepy actions that nobody wants to be part of. The criminal activities are the sorts of things that do get law enforcement attention.
As for “evidence”, I know you know how to use Google (or at least one of your caregivers does it for you), but you can look at:
http://arstechnica.com/tech-policy/2016/03/new-data-suggests-94-percent-of-tor-traffic-is-malicious/
or even TOR themselves trying to excuse their horrible users:
https://blog.torproject.org/blog/tor-80-percent-percent-1-2-percent-abusive
Plenty of reading there, that should take you a couple of weeks to get through.
Re: Re: Re:3 Re:
“As for “evidence”, I know you know how to use Google”
From experience, I know that the things you randomly Google often say the opposite of what you say they do, or at least act as poor evidence for whatever point you’re trying to make. For example, the Ars Technica article’s headline is “CloudFlare: 94 percent of the Tor traffic we see is “per se malicious”. Given that single source, the type of service Cloudflare operates and the nature of the blog post itself, it’s an interesting viewpoint but not “evidence” for anything other than you Googled and found some people who agreed with you.
If your argument is that some users will be using TOR for nefarious means and thus an exit node operator should apply caution and be aware that some such activity will happen, I agree.
If, as appeared to be your original point, that anyone operating an exit node should expect to be met with retribution and should probably not do it, I strongly disagree. If you have a real point to make (other than your usual game of “I’ll make up any old crap to disagree with the article”), I am as ever open to a real discussion backed with facts over a well argued point. If you can present one, do so.
“one of your caregivers”
Which fantasy version of me have you invented to pretend I need one of those?
Re: Re: Re:3 Re:
Whined the spambot.
Re: Re: Re: Re:
…you should worry about what kinds of activities you would be encouraging and supporting by operating a TOR exit node.
Warning! reductio ad absurdum ahead:
…you should worry about the kinds of speech you would be encouraging and supporting by advocating First Amendment rights for everyone.
Also, it seems to me that Tor exit nodes fall dead center within the definition of an ISP in regards to Section 230 safe harbors. Do you have an argument as to why they shouldn’t be protected by Section 230?
Re: Re: Re:
“Sadly that is kind of a plausible argument.”
No, it’s not. If he wanted to hide illegal activity then the worst thing he could do is run a TOR exit point (for obvious reasons).
Re: Something else is fishy here...
Isn’t Tor supposed to bounce traffic from multiple exit nodes? So assuming stupidity and not malice, either there aren’t enough exit nodes and a significant amount of traffic was going from Robinson’s node to the CP site(s), or police are acting on a very small amount of traffic. Other more nefarious explanations could be that the “knowledgable” police used an ignorant judge to find probable cause just so they could intimidate Robinson and perhaps plant malware on his systems.
Re: Re: Something else is fishy here...
Exit points are not invisible. In all likelihood what happened was that the cops were watching the illegal site’s traffic and traced packets back to the TOR exit point (TOR does nothing between the exit point and whatever site the traffic is being exchanged with).
So the cops raided the exit point because they literally had no trail to follow past that.
BS they don’t know or don’t want to know. This is tech terrorism and the US would like policies that are shared with some of the most restrictive in the world.
Suppose I want to contract out to create an exit node elsewhere. Not just donate to a company that runs a bunch of them, but pay to set up and run one exit node.
Is there a company that does this? (Come to think of it, if you’re paying for such a node, is there any way to confirm that your specific node does in fact exist?)
Or will a cloud services provider like Azure let you set up a virtual server to run an exit node? Would it protect you from this sort of incident?
Re: Re:
Or will a cloud services provider like Azure let you set up a virtual server to run an exit node? Would it protect you from this sort of incident?
If you set it up on Azure or AWS or some such and used a prepaid credit card to pay for it I can’t see how anyone could find you. As long as you did all the administration though TOR or a public access point.
They love to disrupt the Tor network.
The Beginning of the End?
Sure, Tor is available to wrongdoers. However, it is also used by very many people around the world who — for perfectly legitimate reasons — wish/need to keep their communications private. And, in turn, they rely upon the public-spirited citizens who host the nodes. This latest event is symptomatic of the US attack on the Tor network itself, and there will be more to come.
This Level of Threat
Whether living in some Mexican barrio, or the U.S. suburbs, when the people with guns break into your house how you manage that situation can be you, or your family member’s life. And death isn’t the only punishment powerful people can use to make sure you comply.
Used to. It’s not an acronym anymore nowadays.
Re: Re:
Of course it’s an acronym. The Tor Project renamed itself from “the onion router” to Tor, but it will always stand for “the onion router”.
Warrant affidavit omits Tor exit node detail
“Judge Who Authorized Police Search of Seattle Privacy Activists Wasn’t Told They Operate Tor Network”, by Ansel Herz, The Stranger, Apr 8, 2016
(Hyperlink and emphasis in source.)
Legal FAQ for Tor Relay Operators
It’s a pity people interested in running Tor exit relays don’t read the ‘Legal FAQ for Tor Relay Operators’ first.
“Should I run an exit relay from my home?
No. If law enforcement becomes interested in traffic from your exit relay, it’s possible that officers will seize your computer. For that reason, it’s best not to run your exit relay in your home or using your home Internet connection.
Instead, consider running your exit relay in a commercial facility that is supportive of Tor. Have a separate IP address for your exit relay, and don’t route your own traffic through it.
Of course, you should avoid keeping any sensitive or personal information on the computer hosting your exit relay, and you never should use that machine for any illegal purpose.”
https://www.torproject.org/eff/tor-legal-faq.html.en
huh
so with this articles reasoning, all someone who likes to diddle the kiddles has to do is run a tor exit node, and therefor should be exempt from warrants for illegal activities related to his exit node’s ip?
no, sherman. no.
How to deal with the Police when running a Tor Exit Node
The simple way to prevent law enforcement from seizing a computer in the United States: Practice law Pro Se. And store attorney/client privileged information on your computer in a unencrypted state.
A pro se (pro se literally meaning for self)litigant doesn’t need a license to practice law. (see e.g. Faretta v. California, etc.) And what is further, is that the pro se litigant retains the attorney/client privilege. (This is because a pro se attorney retains all powers of an attorney as though they were a member of the bar.)
This essentially means that if police size a computer used in the pro se practice of law, the litigant has a cause of action agianst the police under 18 U.S.C. 1983 / Bivens v. six unknown agents,IF the police were told that the computer had attorney/client privileged information on it. (A search warrant for attorney/client privileged information is highly presumptive to be invalid under United States law.)
After you tell them there is attorney client privileged information on the computer, you then tell them if they take the computer or examine it in any way it WILL result in a federal law suit against all officers present at the scene, unless and until they petition the court for a modification of the warrant specifying certain areas that “cant” be searched. (notably “qualified immunity” will not apply, either because this is rather old-school and long standing law that the police have been on notice of for the better part of 30 years.)
When police start seeing a rash of civil rights litigation, they will think twice about shucking about with the owners of Tor exit nodes, because no cop wants to be on the wrong side of a civil law suit.