ISPs maintain hash values of known child porn files? Show me a single ISP in the Seattle area that runs any of its residential customer http traffic through a caching proxy that examines and hashes each file, I'll eat my shoe.
Apparently, the National Center for Missing and Exploited Children provides ISPs with a hash database of known illegal images [1]. ISPs are then required by statute to notify the government when images with matching hashes cross their network [2].
I know the hashes exist, but they're not used on traffic in transit except in very unusual circumstances. They're used by web hosting companies/dedicated server providers/VPS hosting companies etc to examine the disk/storage device contents of a suspicious server against a known list of the hashes of previously-seized CP.
All you have to do is get access to that DB and then you have A1 blackmail material, ready to bury any enemy of yours, specially in America, specially if they have/deal-with children.
I think, since it's a database of hashes, it's non-reversible. Access to the database gives you nothing but a way to detect the files, and even if a file happens to have the same hash (which would be exceedingly rare) it's easy to see that it's a false positive. Actually a pretty good win for cryptography in fighting the problem (as it doesn't require the illegal material to detect the illegal material - regardless of how irresponsible it is to have a concept of illegal information).
If someone were to crop an arbitrary side of the image by 1-2 pixels would that defeat a system like this? Extending that thinking a bit further, would it be trivial to just build out an Apache extension like Google Pagespeed that sort of did this randomly?
"This hash is computed such that it is resistant to alterations in the image, including resizing and minor color alterations."
(https://en.wikipedia.org/wiki/PhotoDNA)
Ugh, this is not how you do crypto. Crypto algorithms have to be understood with regards to what guarantees they provide and in what context. Your approach here is basically ZOMG COLLISIONS ARE BAD when in fact collision-resistance was never a property of this hash function and a collision doesn't provide an attacker with any power they didn't already have.
If an attacker has the power to create a non-CP file that has the same hash as a CP file and plant it without detection, they have the power to plant a CP file without detection. Why would they go to the effort to create a collision with a non-CP file? It's wasted effort.
Bob is found with a file of pseudo random data that matches a hash on the database.
There's no evidence of other images of child sexual abuse on his machine; there's no history of sites that distribute images of child sexual abuse; there's no history of the file being opened by Bob; Bob claims that he didn't know the file was there and he doesn't know what it is.
How does that benefit an attacker? How does that benefit an attacker more than just taking actual images of child sexual abuse and putting those on Bob's computer?
I don't know the laws in the US; is the police obligated to respond if someone warns them of this event? (Bob has a file matching a "bad hash".) How seriously - will there be a polite guy knocking on the door, or a SWAT team at 3 am? If nothing is found, and another such event occurs next month, will they have to check again?
People can come up with crazy scenarios for anything :)
>"[t]he duty to provide public services is owed to the public at large, and, absent a special relationship between the police and an individual, no specific legal duty exists."
That's not how this works. When a service provider detects a match, they send the file when they report the match. They don't just say "hey, some file matched this hash" and then SWAT kicks down the door, because that would be stupid. They send the file, NCMEC looks at it, and then forwards it to law enforcement who also looks at it. If it's a random file that happens to collide, NCMEC won't send it to law enforcement, and if they did, law enforcement wouldn't act on it.
It not like a md5 hash. The hashing function is designed such that similar images will produce similar hashs. But yes if you modify it enough it will not match, you will have to modify it much more then just cropping though. They usually do very well with that.
Isn't that what they're going for? I certainly haven't seen any signs of intent to correct or rehabilitate the convicted for many crimes. The Department of Corrections should just be called the Department of Punishment, in my opinion, though that's perhaps not as catchy.
This is 100% true for anyone in IT could ruin anyone they want to. I am shocked the number of people caught doing this is so low but few people realize the power an IT person has.
I can't even think of how someone could prevent this type of thing. Even if you kept your own access logs it's doubtful a judge would allow you to use it as evidence.
While good, sort of scary because a lot of small players would host ads to get revenue and some of the ads would be filed with sexual content, even though these websites aren't even porn sites. Just some random humor site or some fortunate teller site, so if this were really true, wouldn't we be be looked at!?
yes, I know, but 1/1000 may be. what if it's loaded over http behind the scene without any display? still transmitted over your network. What if the site just got hacked?
Then those facts become part of the investigation. Having your computer searched doesn't mean you at guilty or even that you will be charged. It just means your machine is implicated in a crime.
The unfortunate reality is that if you become a suspect that is good enough to burn you at the stake for much of the population. The same with rape really. Once you've been a suspect or, even worse, accused you are basically screwed.
There is so much explaining going on here that it seems like the judge has no understanding of how the internet works.
If that's the case, how could the judge be able to give a reasonable response to this affidavit? Seems like a case that requires such a long-winded technical preface could at least be handled by a judge who knows what an IP address is...
Most of the text in the warrant appears to be boilerplate language that is legally required or at least legally advisable in case it is ever challenged in court. I'm sure FBI agents have template word documents they keep, detailing their experience and relevant basic facts about each kind of case and then they just fill in the blanks when they have a case of that genre. This way no one can argue that the judge was not apprised of the basic facts.
That is an interesting read. They just seem to dump everything they know about how computers are used in relation to child pornography even if it's unrelated to the case at hand.
Even though they mention the hashing and Photo DNA (which is a real system that ISPs use) the warrant rests on regular old reporting of a video by site admins.
Don't know about Seattle but my ISP does run a transparent proxy that does mitm for http and caches files.
They use http://www.peerapp.com/ devices to do so.
I was also successful in poisoning their cache quite easily
"When we get into things like this," [Judge William Downing] said, "anonymizing stuff, that’s well over my head technologically, then it becomes very murky and hazy."
That sounds to me like the judge likely wouldn't have known what a TOR node was if the police had told him these guys were running one.
Technology isn't slowing down, so how can we make sure the law keeps up?
He is willing to admit that it goes over his head, which presumably also means that he'd be willing to read up on it or seek advice if necessary.
The biggest problem isn't judges who doesn't know everything - they have to deal with cases covering every possible discipline and can't possibly know everything about everything put before them. The problem is when they believe they do, or don't care, or don't want to admit it and decides to just trust law enforcement blindly instead.
I'd like to think that a judge that readily admits what he doesn't know will make sure to learn or seek suitable advice when necessary.
Or when a judge is given a request with missing information and he can't ask an expert, do research, or say, "Wait, what is a Tor Exit Node and why did you mention it in your report?"
The point of this article is given the fact that they left that off then he can't reasonably ask for more information.
Right. This is somewhat the point of the oppositional trial system; we can't expect a biased party to bring up all facts relevant to the case, so we bring in someone else with the opposite bias to give the judge the rest of the facts.
In these expedited judicial-request hearings, there isn't an explicit defendant, so there's no oppositional counsel to bring in. Maybe we need to bring back the concept of a "devil's advocate"...
prosecutors have a duty to 'justice' not simply to deliver the strongest result against the defendant. This is why they have to disclose information that suggests innocence.
... which is absurd and why the US Constitution provides for a better system, which sadly does not extend to protection for invasions short of prosecution.
Although I agree with you, but if I was on trial, I wouldn't want to trust a judge who brought in "his friend who knows a lot about computers". I'd want to make sure they were vetted first.
But would you have suspected the existence of a tor node if nothing in the warrant suggested it? Would you have stopped the investigation to call some experts?
The judge wouldn't have known what a Tor node is—but that's not a bad thing. What he's saying here is that the facts as originally presented to him translated into a well-known "cached" judgement; but the facts as they actually were would require original thought and research on his part (and/or those of analysts working for the judge) to come to a decision. "Guy has child porn on his computer" has a clear-cut answer; "open proxy server contains child porn" is indeed much less clear-cut. What the law says about that subject is murky; hazy, even. It's something you would need to think about.
And this thinking is, in practice, what the vast majority of a judge's every-day job is: to Do The Research—to become experts in the things they're asked to rule on, to build up the context necessary to discriminate between assertions made to them by opposed parties. Judges are already experts on the law; but that only helps when the law is already so well-established that a judge isn't even necessary. In most cases, the law is vague: it doesn't already have the answer for what should happen in this particular case, with these particular facts. The point of the judge is to decide what the law should be—to gather facts about the world, and use them to answer a question in a way that sets legal precedent going forward.
Everyone else in the court's job is, then, to feed the judge all the necessary facts about the case, on both sides, so that the judge can know just what subjects must be made clear—must be researched, or questioned, or followed up on—before the case can be decided.
(Even the irrelevant statements; the judge is the one expected to know what the law must blind itself to, so the judge wants to hear everything, and then cull the pile of statements themselves. When a jury is present and must be the one to decide, the judge will attempt to moderate the jury using this same legal-blinding... but with mixed results. In jury trials, you'll see judges trying to keep attorneys from making certain assertions that might irreparably bias a jury; but in non-jury trials, judges just want all the information they can get.)
In short: as long as judges are doing their jobs, the law keeps up. That's what we pay judges to do. If the law isn't keeping up, we've just hired some bad judges.
Judges don't decide cases. The jury does. Judges are there to lead the proceedings and instruct jurors in matters of the law. No evidence or facts exist outside the courtroom. Only what is stated in court can be considered. It is against the law for a juror to research an issue outside the courtroom.
Most trials don't have juries. Think small-claims court, divorce court, etc. That's the default—the judge, judging. Jury-trials are a special case, there for when where no judge could be impartial enough, but they're still implemented in terms of a judge sitting there and then delegating some, but not all, of their responsibilities to the jurors.
The entire story here is about crime, specifically in the USA. All criminal defendants in the USA are entitled to a trial by jury on all factual elements of the offense to reach a verdict, unless explicitly waived by the defendant. Most defendants waive a trial (usually by plea of guilty), but relatively few who go to trial waive a jury.
Judges do rule on pretrial proceedings including warrant applications; although in federal and some state jurisdictions grand juries still return indictments on felonies.
That said it is wrong that judges do not decide criminal cases. Besides ruling on evidence and instructing jurors, they can also acquit, dismiss, or declare mistrial without the jury.
N.B. Right to jury may not apply to so-called "petty" and/or non-criminal offenses which can carry as much as 6 months jail.
Just pointing out that the judge who authorized the warrant didn't say that. From the article:
Judge Bowman, who authorized the warrant, said he could not talk about the case and referred me to his colleague Judge William Downing, who spoke about some of the underlying issues. "When we get into things like this," he said, "anonymizing stuff, that’s well over my head technologically, then it becomes very murky and hazy.
For good or bad, the American legal system (and the English one on which it's largely based) is about who makes the better argument. It's a debate contest among expert jurists. The judge is supposed to be knowledgeable about the law, and particularly good at recognizing logical fallacies.
A good judge who is not an subject matter expert should be good at asking the salient questions and stopping a rambling jurist in their tracks. The whole idea isn't to become an expert, it's to find the right questions, and provide the opportunity to expediently arrive at conclusions and solution to them. And it often is just one question.
Glad to see someone here understands the basics of our legal system. All this arguing about what happens when a judge is deciding a case they don't understand makes me cringe.
Let's hope that was his quick answer to reporters. I'd hate to think that when a Judge has a hard time learning something he decides, well I don't understand this so, let's just violate someone's 4th amendment rights and go harrass them rather than learning how I should apply the law (aka do my job).
The singularity has come in the sense that technological progress has been accelerating and the rate of legal adaptation to it is constant. The rate of technological change outpaced legal change 20-30 years ago and now the difference is really starting to hurt.
This problem will only get worse. Can we build new laws that handle the ever growing expanse between the capacity of technology and the legal system and cultural expectations?
The purpose of the legal system is to enforce cultural expectations. There is no reason to let technology run ahead of cultural expectations.
Maybe one day running Tor will be routine and not a cause for suspicion. Until then, there is nothing wrong with investigating the origin of illegal activity, with appropriate measures, and requiring Tor to be raised and proven as an affirmative defense.
It likely will never 'keep up' and really, the law never has been 'up to date' with technology. American law
allows most things until a lawyer is needed and then makes a decision to forbid or not (this is law, so there are many exceptions). We are a common law system (except Louisiana), not a code law or theocratic law system [0]. As such, the law will inherently lag. Remember, we are dealing with humans here, nothing can be perfect nor can we anticipate the ingenuity of idiots.
A statement made that leaves out pertinent information in order to suggest a different conclusion than would be reached with the information is an implicitly false statement.
The tech community would undoubtedly volunteer resources in the interests of a better world, the problem is it seems the government has very little interest in the justice system actually dispensing justice, it seems to increasingly be one of many tools used to control the populace. It's not only "a" tool, it is almost a magical "wild card" where you can put any opponent away forever if you so choose, and it is completely indefensible.
Would it / they / we? From what I've seen, the tech community (on the whole, averaged) isn't great at synthesizing and communicating information to non-technical people.
Yes it is a disservice to themselves and others that non-technical people zone out as soon as someone starts talking about technical issues.
But it is also a disservice to themselves and others when technical people don't even try to simplify (in a non-patronizing way) high level concepts for consumption by the general public.
Both sides aren't actually "trying". Both sides should be. Someone has to take the first step toward a halfway point, and history shows it ain't gonna be "joe/jane public".
To be fair, I rarely understand what they do even if it's rather mundane. I do like to hear passionate people talk and see them work, but I admit that my curiosity is higher than most.
Here's what I don't understand: You go to a judge for a warrant and the only piece of evidence you have an IP address. How is an IP address even remotely considered "evidence" enough to search someone's home? An IP address is not an identity. It is not a location. It is not even permanent in most cases!
I cannot fathom that police are granted warrants to search and seize people's homes and property based solely on, "logs indicate an illegal file was uploaded from this IP address." That is incredibly flimsy evidence.
At the very least they should create a profile on the individuals and demonstrate that they were present in the home and appeared to be using their computers at the time of the crime. They didn't even do the most basic of police work in this case. WTF!?
Since 2010 there have been more than 6000 requests and 0 denials.
They could have showed up with anything, and request would have been granted. I have no doubt that both parties see this as "need to follow rules" formality and nothing else.
There's a huge difference between evidence strong enough to convict someone (it's reasonably held that an IP address is not good enough evidence to charge a person with a crime) and probable cause for a warrant. I'd argue it's more than adequate to get a warrant.
Again, a warrant is only having reasonable suspicion to go look and see if something illegal is going on, it's not a determination of guilt.
They didn't just have an IP address. Police had an IP address and timestamp of a video of child-rape, as provided by 4-chan, said IP address belonging to an ISP as provided by MaxMind, and said ISP confirming its ownership of the IP and providing a subscriber name and address for that IP and timestamp, indicating that the posting originated from a cable modem at a residential location.
If you don't find child rape to be compelling, substitute an email plotting a bomb attack, a suicide note, etc. etc.
Police are supposed to ignore that, and what, ask for a signed confession? They don't need proof beyond a reasonable doubt, they need probable cause that there is evidence of a crime. Tor is deliberately designed to frustrate what police call "evidence." The police are perfectly justified in searching that location for evidence that might lead to the source of the criminal activity.
Solution: rent an empty room and place TOR exit node equipment there. When the police comes, it's just a computer room with no logs or files cached locally. They can do all the searches they want.
Also, TOR should have a blacklist of CP sites to filter out as much of the bad traffic as possible. It doesn't do anyone any good to allow CP on exit nodes. Even if the sites are using https, the exit node could sample a few pages to pass the data into a CP classifier and whitelist/reject the site. This classification work could be aggregated over many exit nodes to maintain an up-to date filter. In the end, if we can assure TOR node hosts that their IPs will not be used for CP, it would ensure more people are willing to offer their resources to the network.
> How is an IP address even remotely considered "evidence" enough to search someone's home?
Because it localises a particular network request to a piece of hardware, e.g. a modem, located within that home. In my opinion, in the absence of evidence that someone was running a Tor exit node, or that their wireless network was unprotected, there is a high probability that the network request was originally sent by a device within that home, or by a network user known to the owner.
Regular people aren't like technical people: a lot of them have no idea that their nefarious behaviour can and will be tracked back to their home. I would guess that most warrants granted solely on an IP address actually turn up incriminating evidence.
They clearly had more than just an IP address--they had an IP address and the identity of the user who was assigned the IP address at the time. If police found a post-it with a house address in a context where it was clear that it was connected to the perpetrator, that would easily be sufficient for a warrant. The bar is not supposed to be a high one.
"Note: even though it originally came from an acronym, Tor is not spelled “TOR”. Only the first letter is capitalized. In fact, we can usually spot people who haven't read any of our website (and have instead learned everything they know about Tor from news articles) by the fact that they spell it wrong."
Literally the comment just above you had to specify they meant "Golang" in parentheses. It's a very poor choice of name. I remember when the AlphaGo thing came out on HN and there were some people who clicked because they thought it was about the language.
I would beg to differ, maybe because I have never heard of someone searching 'sequel' instead of 'sql' but I have never had a problem with google or bing or duck duck go giving me what I was looking for by just using 'go'
Precisely. I say 'Go' because people think Golang is something else. There is only one thing worse than people talking about your product with the wrong name, and that's nobody talking about your product.
This is probably what I find most worrying about the TOR concept. By running an exit node, you open yourself up to all sorts of legal actions. But if you can't run a TOR exit node as an average citizen, won't all exit nodes end up being run by NSA, GCHQ, and their ilk?
Best practices for running an exit node cover most of these concerns.[0] The most important one the individuals here didn't follow is 'don't run your relay from home.' A properly registered tor exit relay running in a datacenter somewhere will attract a courteous inquiry, rather than a 6am raid.
Yea but that means you have to spend extra money to run a Tor node, again limiting the amount of nodes that people are willing to run. The solution is for more people to run Tor, not fewer. Same with open Wifi nodes, the more the safer.
If you want to contribute with your home broadband connection, a bridge relay is more appropriate. You can run an exit relay for as little as $5/mo with a VPS.
99% of all VPS providers (in the $5/mo category, not $75/mo) will kill your account for running an exit node. They do not want their blocks of ARIN, RIPE or APNIC ipv4 space listed in every abuse and spam swamp realtime black hole list in existence.
If you run it in a DC, don't you risk exposure to someone cloning it and getting the data you have stored on it?
No, you shouldn't keep sensitive data on it, I know, but still could be cloned/compromised without you knowing, right?
It really shouldn't be illegal, it should be protected, like free speech, as noted in the article, "It's like raiding the mailman's house for delivering an illegal letter with no return address"
In fact I think that's why they withheld the fact that he runs a TOR node from the judge.
Its more like getting a warrant to search his house because they found drugs in his car, but not bothering to mention to the judge that "his" car was a rental car he took out from the airport Hertz a month ago.
Except in this case Bultmann and Robinson are Hertz, not the customer. They also knowingly rented to a drug dealer.
Another analogy may be running a Hertz in Saudi Arabia and renting to women without male guardians present.
The computer is not rented, they were in control of a device that may have been used to distribute child pornography. They themselves claim to know and understand this but feel that the risk of enabling criminal behavior is outweighed by the benefits to society of the "good" crime. Such as expression of dissent against regimes they disagree with.
I'm not convinced this search was unreasonable from a legal perspective. I do not know enough about the legal precedent around running a Tor node but I could understand if they are on the hook for what happens with their node. I respect what they are doing and I don't think what they are doing is wrong morally but they are taking on a risk which they believe is outweighed by the benefit.
I know as a fact that by depositing money in the bank, some of that money will be lent out by the bank. I also know that some people who lend money from banks will be criminals. I thus know that by depositing money in the bank, criminal behavior will be enabled.
I do not know however if my money specifically will be use for criminal behavior, nor do I know whom the criminals are or what the crime will be. In order to "knowingly" participate in a crime, the will, whom, and what is kind of important.
You don't own the bank, they owned the computer. You aren't responsible for what happens to money the bank loans out since that money isn't yours.
From the article:
"Bultmann and Robinson had publicly advertised that they operated a Tor exit relay node—a node in the global Tor network, whose purpose is to give users the ability to browse the web anonymously. They said they operated the node as a service to dissidents in repressive countries, knowing full well that criminals might use it as well, much like any other communication tool."
So yes, they didn't know which drug dealer they were renting to or which packets were from drug dealers (or child pornographers) but they did know it was possible. And with Tor I think it would even be considered likely.
There seems to be a difference between say running a Tor exit node and running a commercial VoIP service. With VoIP the operator is required by law to record and make available certain information to LEO. Tor by design prevents the operators from having that information. I'm not sure what the legal consequences are but it seems to me that in any other "communication tool" situation the operator is expected to at least make an attempt to prevent illegal use. With Tor that isn't possible so I don't think it's really "like any other communication tool"
Bultmann and Robinson knew they might be enabling criminal behavior with their own personal equipment in their home. I think it's easy to at least see the perspective of law enforcement in this case or how the legal system could find them at least partially responsible.
I'm not saying this is what should happen but I don't think we have a clearly defined right to run an open proxy as a get out of jail free card.
Then the government is responsible for most crime, because roads are used to transport stolen goods an facilitate a huge number of crimes... we need to stop the roads.
The client has full control. Tor works by having the client chain proxies ("nodes"). Tor hidden services add some complications but in that case too the client creates its own half of the proxy chain.
I don't know why you wouldn't link directly to the paper, unless you're hoping that Schneier acknowledging its existence lends it some credibility.
> most of the content
Easily refuted: the authors had a spider crawl hidden services, which is laughably stupid. They claimed that there where 5,205 hidden services, of which 1,547 hosted illegal content. Another study [1], one which actually took advantage of network statistics, found the number of hidden services closer to 30,000. Also, well over 90% of Tor traffic is unrelated to any hidden services.
So not most. As far as the analogy is concerned, hidden services would be more like the personal thoughts of the mailman - not the mail he is routing.
Most of the content stored on hidden services may very well be illegal but AFAIK most Tor traffic isn't for anything stored on Tor, it's for content on the internet at large. That's like saying that most PO boxes without a real name are used for illegal purposes. It may be true, but that's only part of the analogy. I'd say the analogy still stands.
That's the sad consequence of supporting basic rights. The first customers of basic rights are bad people.
Imagine a hypothetical world where the government could search anyone's house at any time without a warrant. And some service came up that, through a strange legal technicality involving registering as a religious institution, could prevent your home from being searched. The first users of such a service, would of course be actual criminals. Most people wouldn't bother because they have nothing to hide.
Imagine you want to create a website that allows users to create forums with minimal moderation. Of course your first users will be interested in hate speech, because who else needs a forum that doesn't have moderation?
Or if you create a service that lets people distribute files peer to peer. Of course your first users will be copyright infringers, because they've been blocked from everywhere else. Or an anonymous currency will first be used for drugs and online gambling, etc.
If your mail server is an open relay and sends a lot of spam, you might expect it to get blocked at a minimum, and possibly to see some legal problems.
> Most cash contains traces of drugs. ... pays in cash
If you run an ATM and the money you put out has a higher proportion of drugs on it than the average currency, you might expect some inquiries.
> Most BitTorrent content infringes copyright. ... torrents a Debian ISO
This isn't even hard to disambiguate like the others. Is the torrent being downloaded/served infringing in some manner? If it's not, you're fine, if it is, you might have a problem. BitTorrent isn't a single system, it's bunch of loose networks.
There's a useful discussion to be had over whether someone running a Tor exit node should expect some increased risk of inconvenience and/or exposure to mistaken legal action, but I don't think these really advance that conversation at all.
> If your mail server is an open relay and sends a lot of spam, you might expect it to get blocked at a minimum, and possibly to see some legal problems.
But it isn't an open relay. It's just a normal mail server. It's cash with the typical trace amount of drugs on it. That's the whole point -- just because a lot of X is bad and you did X that doesn't mean that you did something bad. It's even possible, as is the case for Tor, that percent-of-thing and percent-of-people-who-do-thing have completely different numbers, because it's possible for a small number of bad actors to generate a disproportionately large amount of traffic.
> This isn't even hard to disambiguate like the others. Is the torrent being downloaded/served infringing in some manner? If it's not, you're fine, if it is, you might have a problem. BitTorrent isn't a single system, it's bunch of loose networks.
That's the point. "Is using BitTorrent" is not a useful metric for badness because the false positive rate is extremely high. If you sit on my internet connection and see me download encrypted data via BitTorrent, you don't know if it's a legal copy of Debian Testing or a pirated copy of Windows 7. Which means you should have to do more work before you can send a fracking SWAT team to my house.
> But it isn't an open relay. It's just a normal mail server. It's cash with the typical trace amount of drugs on it. That's the whole point
See, I think the "typical" usage would be your own usage. I don't think the typical person happens to have a certain small percentage of traffic that happens to by child pornography pass through their connection, even if the internet as a whole does. Once you run a Tor exit node and you are proxying something closer to the statistical average of types of internet traffic (even though there's probably more illegal traffic on average on Tor than on the Internet, whether it's 1% more or significantly more), and you are doing it from home and mixing your own traffic with it, I think it's not out of the question for the Police to investigate. That doesn't mean every time, but I'm not going to immediately condemn them for looking into a crime.
I also think how the police handle it has to do with the entity they are interacting with. If it's a multi-person business in good standing, I would expect a subpoena. If it's an individual, it might be a raid, because I think the chance and capability of an individual to destroy evidence is higher.
I equate this to tracking the source of a gun that was used in a crime. If the last known source is a business, a subpoena may or may not suffice. If it's a guy selling out of his house (legally), a raid may be warranted.
Now, all that said, the police should be doing their part and providing the relevant info to the judge. The judge should be making this call, not you or I, and only when he has all the relevant info, which includes whether the suspect is running a Tor exit node (and as others have stated, it's up to the judges to either consult an expert or learn the facts themselves to deal with this information). Given our current laws and my understanding of them (probably poor), this is how I think it should currently function legally. Whether I think that's how they should function given changes, I'm not sure I would opt for the current system.
> See, I think the "typical" usage would be your own usage.
It's your own usage only if you're the only user, which is an invalid assumption even before Tor. People aren't shy about sharing wifi with house guests. Tor takes it from "could be any of 25 people" to "could be any of 7 billion people."
But even regardless of that, why should the expected result of offering a service to the general public put you under suspicion? If you sell sandwiches you're going to end up with cash that has traces of drugs on it, even if you don't use drugs, because some of your customers or some people they transact with do. Everyone who sells sandwiches for cash will end up with population-typical cash in their possession. Which is exactly why having such cash isn't at all suspicious. It's the thing you would expect from an honest person in that situation which means it provides no utility in distinguishing honest people from criminals.
> That doesn't mean every time, but I'm not going to immediately condemn them for looking into a crime.
By what criteria do you propose that they distinguish the times they do from the times they don't, which would reasonably put the case in question in the "do the raid" category?
> I also think how the police handle it has to do with the entity they are interacting with. If it's a multi-person business in good standing, I would expect a subpoena. If it's an individual, it might be a raid, because I think the chance and capability of an individual to destroy evidence is higher.
A large super-majority of individuals work for a business in good standing. Why would they be less likely to destroy evidence at work than at home?
Actually implementing such a rule would also seem to give undue comfort to criminal conspiracies.
Would it not make more sense to issue a warrant only if the crime can be tied to the suspect with something more than an IP address known to be shared by multiple people?
> It's your own usage only if you're the only user, which is an invalid assumption even before Tor. People aren't shy about sharing wifi with house guests. Tor takes it from "could be any of 25 people" to "could be any of 7 billion people."
> But even regardless of that, why should the expected result of offering a service to the general public put you under suspicion?
Because the police have an obligation to investigate. By mixing personal usage with the Tor traffic, you've muddied the source of the offending traffic, and given them something they can investigate, even if just to remove a suspect. Another way to look at this is should I be able to run a Tor exit node and then expect any criminal traffic seen from that connection, even if from me, should not be investigated? Is the mere presence of a Tor exit node enough to deter the investigation? If so, everyone even considering doing anything illegal should run one.
> If you sell sandwiches you're going to end up with cash that has traces of drugs on it, even if you don't use drugs, because some of your customers or some people they transact with do.
I don't think trace drugs is an equitable substitution. We aren't talking about portscans, we are talking about a higher classification of crime, siuch as child pornography (and I would think crime network tracking, murder evidence, etc). If you're selling sandwhiches out of your house, and spending the cash directly (little or none is going to the bank), and a murder is traced back to you from the cash, yeah, the police might raid you, depending on circumstance. You have a good explanation, but that doesn't prevent you from all suspicion.
> By what criteria do you propose that they distinguish the times they do from the times they don't, which would reasonably put the case in question in the "do the raid" category?
First by police discretion (by whether they try to obtain a warrant), and then by the judge involved. If something needs to change, then it's at this level. If that means the vast majority of the times, the person is not investigated, that's probably not only fine, but right. But I don't think a Tor exit node operator is immediately excluded from all suspicion. For example, investigation of an active terror threat. The reward is so high for active seizure of someone involved, and the possible risk so great for not breaking up the network, that a raid on the exit node operator might be worth it even if the likelihood of them being complicit is very small. Whether other crimes meet that criteria is up for debate, but that's why we have judges to mediate that desire with the rights of the people.
> A large super-majority of individuals work for a business in good standing. Why would they be less likely to destroy evidence at work than at home?
There are more people around, it's harder to hide a crime when other people may have witnessed a part of it, even if they didn't know it at the time. The leaders of the business likely would want to help the police and not the criminal (for many reasons, both selfish and altruistic). If you believed the entire business and all employees were complicit in the crime, or that people with little oversight such as the owner were complicit, then a raid might be warranted in that case as well. A single person working as a business would be equivalent to the entire business being complicit, for the purposes of deciding risk of evidence tampering.
> Would it not make more sense to issue a warrant only if the crime can be tied to the suspect with something more than an IP address known to be shared by multiple people?
Preferably, but I'm more arguing that it should not be a reason they can't. There are simple things people can do to prevent this, such as clearly distinguishing your personal traffic from Tor (such as not running it from your home connection). Providing for ambiguity in the source of criminal behavior will lead to ambiguity in the application of resources to investigate that behavior.
> Because the police have an obligation to investigate. By mixing personal usage with the Tor traffic, you've muddied the source of the offending traffic, and given them something they can investigate, even if just to remove a suspect.
The whole issue is that it doesn't give them someone they can investigate. There is no more reason to suspect the exit node operator any more than anyone else. Investigating people effectively at random is nothing more than a fishing expedition and a waste of police resources.
> Is the mere presence of a Tor exit node enough to deter the investigation? If so, everyone even considering doing anything illegal should run one.
I'm not sure why this is supposed to be such an unreasonable result. It's the same result you get as a Tor client rather than an exit node and the same result you get when using public wifi at a coffee house or anywhere else. There are a hundred ways to get an IP address that isn't tied to you, why is this one special?
> First by police discretion (by whether they try to obtain a warrant), and then by the judge involved.
That isn't how, that's who. By what criteria are the police or the courts supposed to make the decision?
> For example, investigation of an active terror threat. The reward is so high for active seizure of someone involved, and the possible risk so great for not breaking up the network, that a raid on the exit node operator might be worth it even if the likelihood of them being complicit is very small.
I'm not convinced that the severity of a crime should change the standard for probable cause, but even accepting that premise, the problem is still that the existence of a Tor exit node takes the probability that the traffic originated at any particular place to 1/(population size). Any justification to raid the location of the exit node would apply equally to any other place that could have used the exit node. You're trying to justify the search with an argument that could equally be used to justify a general warrant.
> There are more people around, it's harder to hide a crime when other people may have witnessed a part of it, even if they didn't know it at the time.
This doesn't really apply to almost anything that could be done via the internet. You can see your coworkers carting off toxic waste to be dumped in the river or conducting in person meetings with the victim of a scam. If you see them sitting in their office typing things into a computer, what is that supposed to provide evidence of?
> The leaders of the business likely would want to help the police and not the criminal (for many reasons, both selfish and altruistic).
Which obviously doesn't apply when the leaders could be the ones engaged in the criminal activity, and how are you supposed to know? Even regardless, what are the leaders supposed to do? One of their employees or customers signed into the company guest network with a personal laptop and did some illegal thing. The company has no way to know who it was and no authority to search all their employees' and customers' personal devices, and the device may not even be on company property anymore.
The inability to determine the source of network traffic is clearly a problem for investigators, but it isn't a problem you can reasonably solve by issuing warrants against scads of innocent people. It's a problem you solve by tying the crime to the perpetrator in some way that doesn't apply equally to innocent people.
> Providing for ambiguity in the source of criminal behavior will lead to ambiguity in the application of resources to investigate that behavior.
I don't understand why you think this mixing together of traffic is supposed to change anything. If you pay for both cable internet and DSL and use one for your own activities and the other to operate an exit node then there is a clean separation between your traffic and the traffic of the exit node, but how is that supposed to make any difference? You still control the IP address of the exit node and therefore could still have used it for criminal activity, as could anyone else.
> There is no more reason to suspect the exit node operator any more than anyone else.
It's not that they are suspected more, it's that they are a lead that can be followed on. If everyone that used that Tor exit node where known, the Police would be faced with a different problem, too many leads to follow up on, too little manpower to do so, and not enough info to differentiate one suspect from another. In this case there is enough info to differentiate one suspect from another in that one suspect is known.
> It's the same result you get as a Tor client rather than an exit node and the same result you get when using public wifi at a coffee house or anywhere else.
No, it's the same as someone running a wifi at their home. The scale is larger, but one thing we can assume with a fairly high degree use correctness is that the connection is also used by the people that live there, which is not something we can assume about a business, as nobody lives there.
To be clear, I think running an open WiFi or a Tor exit node is adequate defense against prosecution (barring further evidence), but not against investigation, and that investigation may warrant a raid, depending on circumstances. I would like to see those circumstances tightened significantly with corroborating evidence (such as repeated logging of activity and during times the suspect is known to be on premises, etc), but I don't believe discounting the information that the traffic went through the suspect's connection just because they allow public use is ultimately beneficial.
> I'm not convinced that the severity of a crime should change the standard for probable cause
I'm not saying it should affect the standard beyond not removing it as a factor. That the suspect is linked (not necessarily in culpability) in some small way to the crime through this information should not be ignored simply because of probability if it's the only evidence you have. It should be weighed appropriately though, and in almost all cases that will be that it's a red-herring.
> Any justification to raid the location of the exit node would apply equally to any other place that could have used the exit node.
Except that "any other place" may not have a concrete link to the crime, while this one does, even if it ends up only being as a conduit. Should someone previously convicted of child molestation that's a Tor exit node operator and happens to have the IP address associated with some child pornography not be looked at simple because of the Tor exit node? My assertion is that they should be given the extra scrutiny that the traffic has warranted; that we shouldn't stop a cursory investigation due to finding early on that they allow public access to their network. It's entirely possible that the evidence will end up being coincidental and the person is not related to the crime in any way, but should these leads be ignored entirely? I don't think so.
> This doesn't really apply to almost anything that could be done via the internet.
Sure it does. Plenty of businesses log all sorts of information. For example, was that email being investigated sent through the company mail server originally received from your workstation, someone else's, or some external IP? Would someone else notice and report some weird data loss on the mail server if they noticed it and were asked?
> Which obviously doesn't apply when the leaders could be the ones engaged in the criminal activity,
Which I specifically noted.
> and how are you supposed to know?
You make a call based on the situation and try to justify it to a judge? Is someone scamming someone else for $5k likely to be the CEO of a milti-million dollar company? Is a murder linked to the company but only really likely for a small subset of the employee base that doesn't include management likely to have management cover for them? Alternatively, if it has to do with bonuses, profits, mergers, stock, etc, maybe it is likely it may go to the top, so you take appropriate steps.
> I don't understand why you think this mixing together of traffic is supposed to change anything.
It provides a lead to an individual where none existed previously. As a single piece of evidence it's not obviously anything more than coincidental, but combined with further information may yield compelling enough evidence to investigate further, whether the person is ultimately responsible for the crime or not. I think the cases where the evidence is compelling based on further information are likely more often to yield useful investigation that otherwise, if done responsibly.
> It's not that they are suspected more, it's that they are a lead that can be followed on.
If they're not suspected more then it isn't a lead.
> If everyone that used that Tor exit node where known, the Police would be faced with a different problem, too many leads to follow up on, too little manpower to do so, and not enough info to differentiate one suspect from another.
Which is exactly the same problem they have when most of the users are unknown. The probability that it was any given person depends on how many other people there are, not how many of the other people you know the names of. When the way you got the one name provides no additional reason for suspicion over any of the others, investigating that one person is the same waste of resources as having the full list of thousands of users and then choosing one to investigate at random.
> In this case there is enough info to differentiate one suspect from another in that one suspect is known.
Being known doesn't differentiate a suspect from the others in terms of suspicion. It's like knowing somehow what town the suspect is in and then, because the investigating officer already knows the name of someone in that town, deciding to raid that person. Waste of police resources and undue harassment of someone who is with 99.995% probability not the offender.
> No, it's the same as someone running a wifi at their home.
That's not what I mean.
Your objection to not raiding the exit node operator is that otherwise someone who doesn't want the police to associate their internet activity with their IP address could put up an exit node. But people can already achieve the same effect by using somebody else's exit node or by using the wifi at a coffee house or a VPN service or any of a hundred other ways. There is no additional criminal advantage to be had by running an exit node.
> The scale is larger, but one thing we can assume with a fairly high degree use correctness is that the connection is also used by the people that live there, which is not something we can assume about a business, as nobody lives there.
So the internet connection in a business can be used by the people who work there instead of the people who live there, because people work in businesses and live in homes. What conclusion is that supposed to reach?
Also, many people have a work VPN account that causes their home internet traffic to go through their work internet connection, so the premise is incorrect.
> I would like to see those circumstances tightened significantly with corroborating evidence (such as repeated logging of activity and during times the suspect is known to be on premises, etc), but I don't believe discounting the information that the traffic went through the suspect's connection just because they allow public use is ultimately beneficial.
It's not a matter of discounting it, it's a matter of accurately calculating its evidentiary value. For the IP address of an exit node that value is very close to zero. The probability that some malicious traffic seen from that IP address came from the exit node rather than the occupants is not 100.0000% but is well in excess of 99%.
So yes, if you have a large pile of other evidence that the occupants are the perpetrators, knowing that it was their IP address will add another thousandth of a percent or so to the probability that it was them. But it isn't anything more than that. And it specifically shouldn't be enough to justify a warrant when it's the only thing you have.
> Should someone previously convicted of child molestation that's a Tor exit node operator and happens to have the IP address associated with some child pornography not be looked at simple because of the Tor exit node?
You're asking the question backwards. Knowing that it was the IP address of an exit node tells you nearly nothing. You don't then discount the operators, you just don't count them any more than you would have otherwise. Investigate as if you didn't know the IP address (because with extremely high probability you don't). If the same exit node operators were actually the perpetrators then the evidence will lead back to them regardless and operating an exit node would only explain the IP address but not any of the rest of it.
> That the suspect is linked (not necessarily in culpability) in some small way to the crime through this information should not be ignored simply because of probability if it's the only evidence you have.
Probability is exactly why it should be ignored. You're just advocating the law enforcement edition of "something must be done, this is something, therefore we must do this."
Doing nothing is better than doing something harmful, wasteful and unproductive.
> Sure it does. Plenty of businesses log all sorts of information.
Your original argument was that people at work would see you doing bad things. Now it's that there will be computer logs. But now the set of people who can "get away with it" expands to include the IT staff. And what logs are you expected to have tying a perpetrator to a personal device on a public guest network?
> Which I specifically noted.
But didn't really address. Granted there are some crimes that are less likely to be committed by corporate executives, but what about all the others? I'm not aware of any reason why executives would be any differently predisposed to child pornography than the population at large. Are you saying the police should raid AT&T every time they're investigating child pornography?
> As a single piece of evidence it's not obviously anything more than coincidental, but combined with further information may yield compelling enough evidence to investigate further, whether the person is ultimately responsible for the crime or not.
The point is that having the IP address of an exit node plus further information has approximately the same value as the further information. You don't ignore further evidence against the same party, you just don't credit the IP address with more than the almost-nothing which it is actually worth.
> If they're not suspected more then it isn't a lead.
Sure it is. "The thief was a member in the AA meeting held on the 28th, but we don't know which one. We do know one person in that group's name though, so let's follow up on what we can." A lead is anything that can be followed up on. If it can't be followed up on, it's not a lead.
This is getting pretty far into the weeds, so I'm going to try to summarize my position more concisely, and from a different direction. I'm interested in if our stances on this are actually all that different.
My stance: The running of a Tor exit node should not be used to exclude a suspect from an initial look just because the traffic has a statistically much smaller chance of having originated with the suspect (based on percentage of traffic, not number of users). That is, it should not be a "fruit of a poisoned tree" type scenario, where the running of the exit node somehow provides protection, as I think none is warranted.
By running the Tor exit node through your home connection (or in any way that easily tracks back to you), you are associating your identity to that traffic. Not necessarily as the originator, but you are associated. If that association happens to bring attention to you that makes you look like a viable suspect (hopefully from more than just that association!), then that should be followed up on, even if it happens to end up not yielding the correct suspect (you can't know ahead of time). To me, this isn't about Tor, or an open WiFi, but about associating your name in any way in criminal activity, no matter how small, no matter how removed. There is increased risk there purely because you've made yourself more present in the minds of the investigators, and they may see something there to your detriment.
I don't think it's any different than if I walked around handing my business card to every person I saw on the street. If one ends up murdered or arrested, the police may see that and decide to take a look at me. Should I be arrested or raided purely on that criteria? No. But if I'ma lawyer, and there was a lawyer associated with the crime in some way, I might start looking like an interesting suspect. It is very clear to me that I have increased my risk by being very undiscerning of who I hand my cards out to.
My position on this comes from a prior article on the same event, discussed at HN[1], where the raided party said:
Robinson admits it might be safer, legally, to host the Tor relay on rented space from a commercial Internet service to avoid mingling his personal traffic with Tor, but he says he shouldn't have to.
"Why should I be spending extra money?" he asks. "There need to be more Tor exit nodes, more Tor nodes generally, and you don't need to be discouraging people from doing it by intimidating them with bogus criminal complaints," he says.
He doesn't have to, but he also doesn't get to act like his actions are completely removed from reality, and don't have any consequences whatsoever. Clearly they do, and they did, and I think it's unrealistic to think they won't or shouldn't, as that's not how people's minds (and thus investigations) work.
Most of Tor usage is as a proxy back to the regular internet. I don't think you meant to, but the term "content on Tor" can be misleading in that respect, restricting the discussion to hidden services when the context is often Tor use in general.
They thing is, they knew he was running a TOR node. They knew they wouldn't find anything. In a _real_ raid for suspected child porn, they confiscate all the equipment. If it's encrypted, you don't get it back (without the money to spend on good lawyers, and then it will be 6 months minimum. Without good lawyers, even if you're never charged, it will probably get wiped and auctioned off, because US police can confiscate anything they damn well please).
There was another article, either here or slahdot or somewhere, talking about how there have been several of these TOR node raids. I doubt they even had any evidence of illegal material being downloaded. I think the FBI got all these local police departments to do this intentionally to scare people.
The guy should have never turned over his passwords either. He would have lost his machine, but IIRC, the Seattle privacy group he's with decided to scrap those machines anyway since they couldn't be sure the PD didn't tamper with the tor server.
It's actually really sad because I was wanting to see if I could implement an exit node all by myself as a side proejct, but then I realized the potential danger I'd be putting myself in. Naturally, I'd have to host it to test it, so I had to throw this one to the way-side
You still can but, make sure you don't do it in your house. Even one of the operators said, I guess I should have rented a server for this. Not that I agree with the warrant however, I'm not putting my dog's and children's lives in danger.
This is the advice given by a few people, but I'm not sure how valid it is.
If the police have probable cause to search a server at a datacenter, then they would likely also have probable cause to search the computers of the owner's of those servers. In which case, we're back to 6am raids (probably done at the same time as the datacenter raid to prevent evidence tampering)
Find one that accepts Bitcoin. Use a pseudonym, and a throwaway email address. Find a plausible meatspace address and telephone number online. Maybe a hostel, business hotel, restaurant that just closed, etc.
I'd have called you tinfoil crazy until police raided one of my rental properties because a tenant was suspected of dealing drugs. One of the other 3 tenants (not suspected of any crime) had a friendly pit bull about a year old, wouldn't harm anyone, which was promptly shot 3 times in the abdomen right in front of its owner as police approached the property (and died).
Realistically the only way that I could test it is by whitelisting my home box, but this isn't entirely reasonable given that I wouldn't truly be testing it, as I wouldn't know for certain the kind of throughput it offers.
By running an exit node, you open yourself up to all sorts of legal actions
This is not going to be popular here, but IMO this is actually reasonable: you ought to be aware that running an exit node is enabling all kinds of terrible behaviour. You can't just handwash your responsibility away from this.
(No, this is not the same thing as providing encryption software, or general public chat forums etc)
Point of clarification: I know the police are allowed to lie and fudge the truth to suspects and defendant, but is there a legal requirement for them to be forthcoming and truthful to Judges in warrants?
Also, tending to agree that even if they had included TOR in the search warrant, the judge would have most likely signed it anyways becasue child porn is a big "must do something" thing, and the technology would have probably gone over the Judges' head anyways. In this day if the police use the words "child porn" they could get a warrant for just about anything under the sun.
There is no legal exception to it, but there is in fact a de facto exception to it, since a DA must decide to press charges. How else can all those videos contradicting sworn testimony go nowhere?
It does get really hairy. Having read a few technical related warrants (and by no means can I speak to many), they are truly using every last bit of persuasion to convince a judge to sign the warrant and usually request to sweep as much information as possible. They start off with all their goofy worthless technical qualifications eg "3 week cyber security training at McAfee Sleuthing Summit". Then proceed to go into the facts of what they discovered, blending it with the story they believe is true (and in the case I know of wasn't true and was a narrative that was an extreme over exaggeration). The judge signs the warrant then later on if you were actually charged, you have the legal knowhow, and/or massive amounts of money, you could challenge the sweeping nature of the warrant or grounds it was signed upon.
In this case it didn't really matter much though... they were able to cause great annoyance to a third party and the law enforcement folks involved will likely never be held responsible.
I think its really important for the judge only to look at the facts and to decide to sign based only upon that. In this case, the facts were probably very weak. I'm not sure what other contents could be possible other than, "this was the last known IP address for this packet containing child porn, can we search their premises and copy all their data plz"
The instant case is one of material omission rather than false statement, but there is a substantial amount of case law recognizing that material omissions should be treated the same as false statements.
You might be answering a slightly different question. If there is material omission, the "poisonous fruits of the illegal search" conducted under the fraudulent warrant may be inadmissible in a trial.
But that's separate than whether the intentional omission is itself illegal. Is there any legal consequences for a law enforcement agency to mislead a judge through omission to obtain a search warrant?
Clearly these sort of omissions are happening, especially in the context of parallel construction, and arguably they are technically perjury, but have there been any cases where law enforcement officials have received punishment for this?
If my job requires me to have an understanding of something new, I learn it. Like an adult. Why the hell is technology the only exception for people on this front?
If you're referring to the quote at the bottom of the article, that's from a different judge than the one who signed-off on this warrant.
In any case, the judge involved didn't have an opportunity to research "Tor exit node", even assuming he is the most competent and responsible judge in Seattle, because that information wasn't included on the warrant. That's... kind of the exact point of the article.
Technology is not an exception. He isn't exempt from making informed decisions. Law enforcement omitted a fact that could lead to the judge asking questions.
I'm all for privacy technologies like Tor, but this is one of the risks you assume when you operate an exit node. The alternative would be to give all Tor exit node operators not only legal immunity, but immunity from investigation, for illegal activities originating from any IP address associated with them. Even if the judge and the police were aware of the exit node, it wouldn't have changed the way this was investigated.
Suppose I'm AT&T and one of my customers is running a Tor exit node. Do I now have "immunity from investigation, for illegal activities originating from any IP address associated with them"? I can certainly use a router spoof my customer's IP address for any connections I want to use for illegal activity. Then the IP address will trace back to that customer, which is a Tor exit node, and the police can't investigate me.
For that matter, every user of Tor is in the same situation.
But the premise is wrong. The police can investigate you as much as they like, they just can't assume that the traffic coming from that IP address has anything to do with anyone in particular.
You're still going to jail when you buy something with a stolen credit card and have it shipped to your house, regardless of whether you used Tor or operated a Tor exit node or are an ISP and used an IP address assigned to a customer.
In practice some individuals do have immunity. If this case led the detectives to a local coffee shop do you really think they would have raided the owner's house at 6am and ransacked his home and business searching for something that they knew they were unlikely to find? It's not really that different from running a Tor exit node. The police knew that the traffic was likely coming from another source and that the most likely outcome was that the Tor node operator had no way of potentially knowing that anything illegal had even happened. How does that equate to probable cause to raid his house?
Yes, up until it comes to light that there is very little reason to believe that the owner is guilty. More importantly though they wouldn't handcuff him and trash his business when there's clearly no probable cause to do so.
This isn't even close to a reasonable comparison. Until it can be investigated, the only available suspect in a case where illegal activity originates from a given home user's IP is that user. The DOT isn't the sole operator and user of the roads it builds.
>The DOT isn't the sole operator and user of the roads it builds.
An exit node operator isn't the sole user of the IP address they're assigned either. Yes, they're the only available suspect, but that doesn't change the fact that it's based on outrageously flawed evidence -- it's basically one step up from a hunch, and I don't think it's nearly good enough to be kicking someone's door in.
Let me pay devil's advocate for a moment: let's say I want to do bad things on the Internet and obviously I don't want to get my house raided. So now I set up a Tor node in my house. Doing that I created reasonable doubt and my house can't get raided.
An ip address is not good enough to locate someone. If they have evidence beyond an ip address sure raid the house, but if they have no identity evidence beyond an ip address then they need to understand they have no identifying evidence.
Per this article yesterday, MaxMind(a geolocation ip service) lists a farm in Kansas (selected because it is roughly the midpoint of the US) as it's unknown location as a result it is given as the address for something like 600 million ip addresses. The farm's owner has been harassed by several law enforcement agencies and countless vigilantes.
An IP address is often more than enough to locate a computer. If it's using an ISP which has an account with an address associated with it where that IP has been provisioned, you can locate a site.
No, you can't identify a suspect or a user. But you can say "I detected child porn at this IP address, this IP address is at this house" and that's more than enough reason to search that house.
Simple geolocation APIs, and using a law enforcement request for an account holder's address are two very different things.
That's a fair point. The raid seemed to have been fairly quick, efficient and polite (compared to other raids I've read about). So, combine that and the fact that nothing was seized, and it sounds to me like the police were just checking to make sure the situation you outlined was not the case. It sounds like they were just doing due diligence. I'm not really sure why folks are so surprised and/or offended by this.
I think that traffic originating from an IP address is very weak evidence, regardless of whether someone runs a Tor node or not. With all the malware and insecure, unsupported software running everywhere, it might be more likely than not that random illegal traffic is coming from IPs whose owners are oblivious.
I would hope that law enforcement has more evidence than just an IP in a server log when they raid your place.
How does this compare to a cash-only business? Say I run a banana stand that only accepts cash. What level of proof does law enforcement need in order to look into more personal aspects of my life and business if they believe I am using it launder money?
I don't know what it's like in other countries, but I think in Austria the "finance police" routinely check random businesses for correct books and compliance with the law. No sign of actual wrongdoing necessary. Businesses don't have the rights to privacy that individuals have.
At what point does lack of information disclosure in the warrant application render the warrant itself invalid? Is there any precedent for invalidating warrants -- and therefore any information gleaned from the search, and perhaps allowing suits against the offending searchers -- due to circumstances surrounding the application for the warrant?
I have a question for any Legal Professionals here.
Reading these news stories it sounds like warrants can be very invasive but that there is no advocate for the target of the warrant involved in the process. What protections for the target are there in the process of obtaining a warrant, given the serving of one can be so invasive and damaging?
Obviously running a TOR node will attract interest. It can be debated whether acting as a TOR router/carrier should impose on the operator at least some requirements to divulge connection logs to the authorities -- not that TOR would actually produce any meaningful logs in the first place. That's roughly what physical ISPs need to do if one of their IP addresses is associated with child porn. There's also the argument that if TOR nodes were given a guaranteed free pass when it comes to illegal content then why wouldn't people just run a TOR node and an open wifi on their home network just to cover their ass should they intend to use a torrent of shady network services.
However, the question that pops into my mind is that given how easy the trigger finger on child porn actually is in the current climate, then why are the producers and consumers of child porn still on the regular internet and not in the TOR darknet? If consumers are already willing to use TOR to access these sites there's no barrier to switch at all. The producers could even offer a legit site with no illegal content hosted there but which just redirects the browser to the (current) TOR address. I suppose there's a market for consumers who aren't using TOR but I would suspect that segment to be continuously shrinkin in the form of being prosecuted.
Does operating a Tor node preclude someone from being investigated? I should hope not. Just because they do operate a node doesn't mean that a given household is free from criminal activity.
I never understood the value of a judge authorization requirements for surveillance. Has there ever been a recorded case where the request was denied, except maybe for even more shady reasons? I just don't see any incentive the judge could have to actually make an informed decision instead of just issuing rubber-stamp approval. Even in the unlikely worst case scenario of a scandal of rampant spouse-spying, a simple "but i trusted these guys!" would grant complete forgiveness. The only advantage, in terms of civil right is a weak paper trail and a slight slowdown of operations.
What if, instead of the judge approval requirement there would be a simple, "mechanical" lockdown of surveillance capabilities that would just ensure a paper trail and enforce an artificial quota of operations per time?
"Want to spy on that guy because you don't like his face? Your call, but don't come running when you have run out of quota, you really don't want to be that guy who could not stop an actual terrorist because he wasted all his surveillance wildcards on a personal vendetta".
This sure would not yield perfect results, but i really believe that the existing judge authorization requirements are even worse.
What would you set the quota at? Surely 'zero' is the best quota and each case deserves thorough oversight and consideration.
If you do put in a quota you're implicitly saying 'police should be searching this number of times but no more' and there is simply no way of knowing what that number should be in advance.
> Has there ever been a recorded case where the request was denied, except maybe for even more shady reasons?
Yes. And most are never reported, since law enforcement will either fix what was wrong with their application, pursue a different line of investigation, or drop the investigation.
Perhaps you are thinking of FISA court surveillance requests in the national security arena. Those have been revealed to have an extremely low denial rate. But nonzero. And that's a different space than criminal search warrants.
Perhaps as important as the level of judicial scrutiny of warrants in the first instance, and their denial rate, is subsequent review. An improperly granted warrant is invalid. A party with notice of an invalid warrant can move to quash it. A criminal defendant implicated with evidence from an invalid warrant may be able to have the "fruit of the poisonous tree" suppressed.
Your alternative is ridiculous; saying the police can conduct so many searches without respect as to whether or not there is probable cause that a crime has been committed and that the search will yield evidence of a crime.
The point of the warrant is to force police to show probable cause to a neutral arbiter. That, plus judicial review and the suppression rule, plus federal §1983/Bivens claims, provide a powerful check on arbitrary behavior by law enforcement. Of course most warrants are granted; for the most part police don't waste time going to judges saying outright "Joe Bloggs is suspicious, unlikable, and has a Green Party yard sign. We want to go turn his house over just to harass him with a fishing expedition." If the police are corrupt and abusing warrants, what would their motivation be to use them properly just because they had some arbitrary quota? If they use them properly, what purpose does a quota serve?
The idea that having to show a defensible reason to a judge with a paper trail is worse, betrays a complete ignorance of the legal system, and how much worse it could be in a really authoritarian society that doesn't have meaningful constitutional protections.
As you correctly guessed, I was arguing about surveillance warrants and not physical searches. So I am to blame not only for being off-topic but also for causing confusion by not even being clear about if.
For physical searches, I agree with all your points.
Searches are visible and can be questioned if invalid, so there is incentive for good (or at least acceptable) work on both sides of the warrant application. Besides, physical searches are inherently bottlenecked by manpower, so an artificial quota would not improve anything over unlimited warrantless searches, whereas a warrant requirement certainly does.
In the immaterial world of modern electronic surveillance, important things change (invisibility, no natural upper bound, it having so much more utility for illegitimate use than detectable physical intrusion). I do believe that there, unbounded rubberstamping approval could easily reach a level where a blind artificial quota would be the lesser evil.
What he says- "When we get into things like this," he said, "anonymizing stuff, that’s well over my head technologically, then it becomes very murky and hazy."
Or, stated another way- "I'm not qualified to do my job, so I just rubber-stamp it"
Now imagine somebody saying that about a code review.
That's the risk they are taking for hosting a tor node. What if a tor node user is also browsing child porn. The isp will only see child porn being accesed by the tor node in.
He could do his job effectively by asking for more information about what Tor is. This understanding may impact his decision to issue the warrant. Law enforcement lied by omission, do you think they would take that risk if they thought the outcome would stay the same?
They provided enough evidence to the judge to convince him that there was child pron at this location. I'm not sure how knowing there is a TOR node would have made much of a difference.
http://www.thestranger.com/images/blogimages/2016/04/08/1460...
ISPs maintain hash values of known child porn files? Show me a single ISP in the Seattle area that runs any of its residential customer http traffic through a caching proxy that examines and hashes each file, I'll eat my shoe.