[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

William was raided for running a Tor exit node. Please help if you can.



The entire point of Tor is to be untraceable back to the source.  Egress
filters can prevent future abuse but do not provide for tracing back to
the original source of offending conduct. They are not trying to stop
the flow of the data in this case, they want the source in jail.  If law
enforcement comes to you and asks you to show them the source or
destination on a case like the one in question, you cannot comply and if
law enforcement asks you to trap this data in the future you will also
have a problem complying because I think you cannot identify the
original source. 

You ARE providing a network if you are running a Tor exit node just the
same as someone who builds a MPLS VPN would be responsible for
responding to law enforcement requests for data inside the secure
network.  A licensed LEC and CLEC has very specific requirements in
terms of CALEA and DCMA.  It is not something they optionally comply
with. An ISP that does not respond to CALEA and DCMA can become liable
for events that happen after their non-response.  Their "safe harbor"
protection ends the moment they do not act in good faith to comply with
the law.  

Even a small ISP that does not own their own network can be subpoenaed
to provide logs, sniffer traces, and file dumps from any system they
own.  I know this for a fact and have provided this data under court
orders.  CALEA applies just as well to servers and data as it does to
the communication circuits themselves.  If you have a server on the
network, it has a communications circuit into it and you can be required
to provide access to that circuit.  You can also be required to tap
email accounts or data directories as well.  This data may not fall
strictly under CALEA but a court order can compel you to provide any
data you are in possession of.  That is why law enforcement can grab a
server or PC.  ISPs and carriers are often given the benefit of the
doubt and law enforcement accepts copies of data they want.  If they
view you as an adversary or have any inclination of hiding data, they
will seize the machine.  If they view a Tor exit node owner as an
accessory, they are not going to be nicey nice about it.

The main problem with Tor is that it purposefully attempts to make this
data obscure which could be construed as obstruction.  As far as US law
enforcement attitudes on Tor, those can and will change as the
government sees fit.  It is all a matter of the "greater good" in their
eyes and whether they think the fight is worthwhile.  You better believe
that as soon as it becomes a "national security threat" it is coming
down.

Steven Naslund





-----Original Message-----
From: George Herbert [mailto:george.herbert at gmail.com] 
Sent: Thursday, November 29, 2012 2:14 PM
To: Naslund, Steve
Cc: NANOG
Subject: Re: William was raided for running a Tor exit node. Please help
if you can.

On Thu, Nov 29, 2012 at 12:00 PM, Naslund, Steve <SNaslund at medline.com>
wrote:
> ISPs also do not "allow strangers to do whatever they want"  ISPs have

> responsibilities to act on DCMA notices and CALEA requests from law 
> enforcement.  These are things that Tor exit nodes are not capable of 
> doing.  If you were an ISP and could not respond to CALEA requests, 
> you will find yourself out of business in a big hurry.

Sure, Tor exit nodes are 'capable of doing' those things if a report is
generated that someone's using it to source child porn or terrorist
communications or DMCA violations.  At the most extreme the owner can
shut down a node; they might also put egress filters in place pursuant
to notifications.

Plenty of small ISPs in one sense or another don't comply with CALEA
because they own systems not networks (open access sites, etc).  CALEA
goes to the network providers in those cases, as I understand it.

The Tor owner also might chose to fight it and leave it completely open,
but an ISP might chose to do that in response to certain notices as
well.

This presumes that law enforcement deems them the right place to go
investigating an incident, and notifies them.  But if they seem to be
aware of what Tor is in the US and be generally reasonable in responding
to issues with it, that I know of.


--
-george william herbert
george.herbert at gmail.com