Is this is the "big brother" plan to eradicate anonymity services? Just argue "child porn!" and arrest everyone?
The law quoted was:
>Not only the immediate perpetator commits a criminal action, but also anyone who appoints someone to carry it out, or anyone who otherwise contributes to the completion of said criminal action.
Anyone who contributes? Wouldn't this include ISPs or perhaps even the application server technologies (HTTP, FTP) used? Or clients, browsers and picture viewers?
In any case, kudos to this guy. I can't imagine what he's going through: PTSD, having all his hardware taken away, dealing with clueless police.
While I disagree with them, there are a multitude of laws in most countries that make operating a TOR exit node a very bad idea. The concept of criminal responsibility for enabling the illegal acts of others, even when you don't know specifically what others are going to do with the tools you provide, is well established in the US and other countries.
Perfect example: Ryan Holle of Florida is serving life without parole for allowing his friends to borrow his car at a party when he was 18 years old. He went to sleep; his friends took the car and committed a robbery during which someone was killed. The prosecutor's argument to the jury during the 1 day trial? "No car, no murder".
There is something big missing from that summary of Holle: he knew his friends were going to commit a burglary.[1] Without that connection that puts him on the hook for a felony, he wouldn't be facing life for felony murder.[2]
[1] He disputes his point, which is fair enough, but the court has found otherwise.
[2] Someone could point out the three-felonies-a-day thing here.
EDIT for footnote 2 Flordia's felony murder law[3] spells out the very specific felonies in which you face felony murder charges. These aren't in the same category as accidentally picking up a lobster trap.
Whether he knew or not (he says he didn't believe that they were going to do it), the comparison to TOR-related cases is still appropriate. If one of these cases went to trial in the US, you would hear the prosecutor telling the jury about TOR's seedy reputation, and that because of that reputation, any reasonable person would have known that illegal activity was likely to occur. Under federal and most state laws, that's enough to make someone culpable.
Legally, "you should have known something fishy was going to occur" is a very different beast from "you knowingly participated in a felony conspiracy, and a co-conspirator committed murder that depended on your material aid."
Home invasions have a tendency to end up with someone dead. Don't help your friends commit them by giving them guns or the vehicles to get there. (Also, don't be the getaway driver for a bank robbery.)
Without the court finding that Holle knew his friends were going to commit burglary, the prosecutor could wave his arms all he wanted about how he should have known his friends were scumbags and he should not have lent them even his watch, but the actual legal requirements for felony murder would have fallen apart.
It's not hard to argue that TOR has non illegal useses which provide a fair amount of protection. DARPA provided early funding. Further the US State department is currently funding TOR development giving US exit nodes much better legal standing.
More importantly TOR is not going to work much worse if your exit node(s) shut down. Selling spray paint to a 15 year old might be used for tagging but you don't know and not selling it is not going to stop crap.
Home invasions have a tendency to end up with someone dead. Don't help your friends commit them by giving them guns or the vehicles to get there. (Also, don't be the getaway driver for a bank robbery.)
And, I suspect a jury would add to that...Don't offer up your internet connection with the specific intent to aid in shielding the identities of child pornographers, spammers, and all manner of thieves.
Halle was convicted specifically under Florida's felony murder law, which lists a number of felonies (including arson, escape, home invasion, and carjacking) that, if you participate in them, you are liable for any murders that occur during them.
We might someday find that everyone is responsible for their Internet connection. But it won't be because of felony murder laws.
You're being pedantic. The point is that there are similar laws regarding conspiracy that are even more broad, that could easily put an exit node operator in prison.
> On the other hand, one who has no knowledge of a conspiracy, but happens to act in a way which furthers some object or purpose of the conspiracy, does not thereby become a conspirator. Similarly, a person does not become a conspirator merely by associating with one or more persons who are conspirators, nor merely by knowing that a conspiracy exists.
There's your defense. An individual running a TOR exit node with the purpose of passing news to people behind the great firewall of China does not become a conspirator because an anonymous individual uses that node to commit wire fraud. They had no knowledge that a conspiracy was being committed - they may have furthered it (by simply running the node) but that is insufficient for a conspiracy charge.
> Running a TOR exit node almost certainly would not constitute an agreement under federal law.
You may very well be right. All I'm saying, and this is the EFF's position as well, is that at some point a prosecutor (or several) will test this. By running the node, you have agreed to have traffic run through your system. Given the shady reputation, you are saying "come do illegal things with my internet connection, I'll protect your identity".
Federal prosecutors are smart, and most are gunning for jobs at high-end law firms. Someone is going to try to get a nice resume bump by testing this eventually, and there will be an unlucky exit node operator that will at best only have to pay a six figure defense bill, and at worst will spend time in prison.
If that were really "all you were saying" the comment thread wouldn't be so deep. But earlier you said, "that's enough to make someone culpable," implying not that a prosecutor would test it, but that someone would be convicted. There simply isn't a sturdy argument for that proposition.
Also everyone up to the guy who mined the iron ore. Even the people who designed the machinery used to mine all the way to those who designed the machinery that makes the knives, because, without them, knives would not exist.
Maybe in US law (I'm still not convinced of that), but I disagree with your assertion that this could be used in "most countries". In the UK you would have to prove knowledge that a crime had been or was going to be committed - which kind of seems sensible.
Loaning a car to seedy friends has no redeeming value to society. Hosting a TOR node, on the other hand, protects the privacy of whistle blowers and likely contributes to bringing down totalitarian governments.
It seems quite possible to make the argument that the great good a TOR node can do outweighs the bad it can also do.
This is why the concept of jury nullification is important. Yes, it's good to have laws that punish accessories, but that kind of thing is obviously not the intended case. No rational person would accept that outcome under normal circumstances, but jurors are essentially bullied by the legal establishment, which holds them in fairly clear disdain, and told they must deliver a ruling based on certain rules without consideration to the larger import of the situation or face contempt of court. I suppose the abuse is even worse in jurisdictions and/or cases where jurors do not have a say in sentencing.
Holle knew they were going to use his car in a robbery. I imagine most juries would still punish even if they knew of nullification. The parent poster mislead you into thinking Holle was ignorant of what the car was used for.
I'd convict him considering the circumstances. He is an accomplice.
After some checking with Google I don't get the impression this case was "serious" enough to have a jury involved. E.g. from the statement of the convicted it's implied the maximum jail term would have been 3 months.
Those of us in common law based legal regimes count ourselves lucky to have that check in all but the most trifling of cases.
This is the basic weakness of Tor: while nobody can listen in on your communications, they can determine you're using Tor and communicating covertly. In some jurisdictions that's enough to put you in jail or to question you with the help of very nasty tools.
Assuming Darknet technology is improved to the point that "exit nodes" become unnecessary (something like BitMessage), the next target would be developers of such software and developers of cryptography software in general.
Exit nodes are already unnecessary; TOR allows you to operate services on the network itself ("hidden services").
However, it seems not everything is kept on the TOR network. I would've assumed that if someone were using TOR for criminal purposes, they wouldn't expose themselves to monitoring by accessing resources off TOR, but that doesn't seem to be the case.
When someone is condamned for something online-related (piracy, CP, etc.), we should obviously arrest all the owners of routers between the source and the target. They are accomplice because they helped the data to transit. That's only commom sense !
Just running network equipment doesn't make you aware of it's use though. Tor users know through high-profile cases that Tor is being used for drugs deals and other criminal activities - but they run the exit nodes in the face of this. I'm not saying the law is correct (nor wrong) just that the application appears to be valid.
Yes, there are high-moral reasons to run an exit node too.
The requirement for knowing about criminal activities is intentional very high. If it wasn't, almost every internet based service would be deemed illegal. ISP and online market places like Amazon can not claim they aren't aware of fraudsters, but they still a necessary tool in the crime.
During the Pirate Bay trial, the requirement was set to "primary usage". They took a screenshot of the top 100, and sad "obviously, the site founders know that the primary usage was illegal" which the court then accepted. Arguing that same for tor is sketchy at best, and there is government organizations, researchers and developers who would argue that the primary usage for tor is as a privacy tool for non-criminal activities. I also suspect that they would have plenty of evidence to back it up.
I don't follow this distinction, at least in terms of U.S. law.
Every kind of entity can receive orders under the Wiretap Act, whether it's "regulated" or not. My friend who runs the server where I have my e-mail could receive such an order.
Until the D.C. Circuit accepted law enforcement's reinterpretation of CALEA in 2006, ISPs were not required to buy or have wiretapping equipment, but they were required to comply with wiretap orders to the best of their ability.
Tor node operators are presumably also legally required to comply with wiretap orders to the best of their ability.
Does your theory suggest that ISPs' liability would have been different before 2006 because no specific regulation treated them differently from Tor node operators with respect to wiretap obligations then?
Well, Tor is used ONLY for criminal activities. That's its entire point. You're in a state where talking to the Americans is a criminal activity punishable by beheading. So you use Tor to talk to them. I'm almost certain that activities which are criminal in the USA outnumber activities which are criminal in some oppressive regime on the Tor network. That's only because it's a damn good and secure network and we have less people standing against oppressive regimes than we have ones standing against USA law.
You can't have a really secure anonymous untraceable network, but also monitor everyone on it for illegal activity. The entire point of that network is illegal activity, for local definitions of illegal.
Yes. I usually catch my homophonic gaffs but not always. I'm not sure what it is, probably abject lack of sleep, but in the last several years I've become increasingly prone to insert homophones in error in my comments. Apologies.
Unfortunately the mainstream media has taken a stern stance of building a negative image of those services. You always get to read how it's full of pedophiles and drug traffic. The fact that such services help dissident journalists, bloggers or political figures or are invaluable in case of repressive internet shut-down seems to escape their spotlight.
This generalization of tech phenomenon which can be used for both good and bad deeds has led to extreme paranoia. Hence such harsh sweeps when dealing with it, I guess. Those who are under the effect of the judgement are also a part of yet another generalization encompassing an undefined, ridiculously big network of "criminals".
The general assumption in both the public mind and law is that anonymous == criminal, because of the "if you've got nothing to hide you've got nothing to fear" argument.
The long term downward trend in the trustedness of institutions has been steadily undermining this argument which is why, I think, things like Tor exist at all, but public attitudes change slowly.
In the case of Tor, it's slower / less convenient than usual browsing and is otherwise the same except for being more anonymous. So it's very easy to plant the idea in people's minds that there's no point in using it unless you're up to no good. And the Tor project doesn't really help here - they talk about the legitimate uses on their website but don't point to concrete examples (iirc), e.g. they say the military use it, but provide no real evidence of that. I think actually the UK child porn censors use it as well because it's a source of free proxies and child porn hosting sites know their IP addresses and block them, which is a pretty funny story, but this was mentioned in some talk and I don't think it's on their website.
To make things worse, the internet itself is rapidly converging on the consensus that Tor isn't worth it. Witness the widespread blocking of exit nodes that occurs these days. Tor is losing the argument not just in court but elsewhere too.
IMHO running Tor exits will not become less dangerous any time soon unless Tor finds a way to significantly boost "obviously legit" usage. For that they'd need to provide a Tor browser that isn't geared towards the total-anonymity-or-die crowd. VPN services like HotSpot Shield absolutely dominate Tor in terms of usage because they're much easier t use and don't do stuff like disable Flash and constantly wipe cookies, which makes them much more popular for people trying to evade national censorship but not treat the destination service as hostile.
> "Anyone who contributes? Wouldn't this include ISPs or perhaps even the application server technologies (HTTP, FTP) used? Or clients, browsers and picture viewers?"
People involved in those things will not be targeted, unless the authorities already have another reason to want to target them. Absurdly broad laws, coupled with selective enforcement, allows the authorities to legally harass anyone that they please.
Whenever anyone complains about overly broad laws, selective enforcement allows apologists to claim that any objections to those laws are unfounded because in practice people are typically not abused by those laws. However the danger of the laws is not that they will be used to abuse everyone, but rather that they will be used to abuse a select few.
Lawmakers aren't as intelligent as programmers. What's worse is, instead of just telling him to turn off the exit node now he's seen as a criminal by the system for doing absolutely nothing. Imagine applying for a job and trying to explain to them why you were arrested, especially if the interviewer is not tech savvy it might not look so good.
> Lawmakers aren't as intelligent as programmers. What's worse is, instead of just telling him to turn off the exit node now he's seen as a criminal by the system for doing absolutely nothing. Imagine applying for a job and trying to explain to them why you were arrested, especially if the interviewer is not tech savvy it might not look so good.
From his blog:
"It’s now finally over and besides the cost i CAN live with this sentence, it does not show up in police registers and won’t be an issue for work and alike in the future."
I'm no Tor expert so please correct me if I'm wrong, but wouldn't people trading child porn (etc) most likely be entirely within the onion network anyway and therefore have no need for an exit node?
That's correct, people talk about shady things happening over Tor but how many cases that come up are actually something shady going over an exit node?
"In the end, what got us was not AIDS, social injustice or a stealthy black hole. The second the first artificial intelligence awakened, charged with keeping peace in a college campus, it managed to exploit its way around the globe and waged war on all systems with laws, protocols and contracts. Creating rules allowed for them to be broken. By breaking rules, criminals were created. Rules prescribe punishment. At the same time the intelligence discovered wit, schadenfreude and the concept of "kafkian hell". Everything was enforced at once."
The law quoted was:
>Not only the immediate perpetator commits a criminal action, but also anyone who appoints someone to carry it out, or anyone who otherwise contributes to the completion of said criminal action.
Anyone who contributes? Wouldn't this include ISPs or perhaps even the application server technologies (HTTP, FTP) used? Or clients, browsers and picture viewers?
In any case, kudos to this guy. I can't imagine what he's going through: PTSD, having all his hardware taken away, dealing with clueless police.