Legal Attacks Against Tor

Last week, we learned that the NSA targets people who look for information about Tor. A few days later, the operator of a Tor exit node in Austria has been found guilty as an accomplice, because someone used his computer to transmit child porn. Even more recently, Tor has been named as a defendant in a revenge-porn suit in Texas because it provides web-porn operators with privacy.

Here's the EFF: "Seven Things You Should Know About Tor."

EDITED TO ADD (7/16): It seems that article about Tor in Austria was wrong.


Posted on July 15, 2014 at 6:13 AM • 28 Comments

Comments

PeterJuly 15, 2014 6:49 AM

Sorry Bruce, but the information regarding the trial in Austria is terribly wrong. The guy was not sentenced because of running a TOR node at all. The sentence was about offering services to host child pornography and recommending to use TOR for this purpose. This is a much more truthful article about the story: http://www.pcworld.com/article/2452320/tor-exit-node-operator-convicted-of-abetting-spread-of-child-porn.html or a local news paper in German: http://derstandard.at/2000002903509/Verurteilter-empfahl-Tor-zur-Verbreitung-von-Kinderpornographie.

WinterJuly 15, 2014 7:24 AM

Should we conclude from these "attacks" on Tor that Tor is indeed a nuisance to the TLA's?

Or doe the TLA's just want us to believe this and this is a hidden campaign to make us feel safe using Tor?

Or should we just flip a coin to decide to use Tor or not?

On the other hand, I suspect that this is just the international media catching any mentioning of Tor after the Snowden revelations.

JoeJuly 15, 2014 9:22 AM

Thanks to Peter's link, the guy's chat incriminated himself. It mattered little that it was TOR:

"W. habe seine Chatpartner ausdrücklich auf die Möglichkeiten hingewiesen, kinderpornografisches Material anonymisiert über das Tor-Netzwerk zu verbreiten, heißt es in dem Urteil. "Du kannst Kinderpornos auf unseren Servern hosten", "You can host 20TB child porn with us on some encrypted hdds" ("Du kannst 20 Terabyte Kinderpornos auf verschlüsselten Festplatten bei uns hosten") bzw. "wenn du kinderpornos hosten willst", "nehm ich TOR", werden Auszüge aus den Chatprotokollen zitiert."

SaraJuly 15, 2014 9:24 AM

@Peter Thanks for posting that article. Its unfortunate that such a useful tool has gotten such a bad reputation because people choose to misuse it.

trinityJuly 15, 2014 9:37 AM

@Peter: I agree, whether or not the guy was using Tor seems irrelevant in this particular case. The PinkMeth case on the other hand is more worrying because they are suing Tor directly. Are they also going to sue Facebook for providing the victims' personal details? What about Dell, or IBM for proving the guy with a computer? Logitech, for providing him with a keyboard?

jdgaltJuly 15, 2014 9:45 AM

Whether or not our "safe harbor" law extends to running a Tor relay, I would be uncomfortable doing so if it meant I'd be automatically forwarding something nasty such as child porn for others.

I'd also be quite surprised if that "loophole" weren't taken away in the future, maybe retroactively, so I have to ask: is Tor "forward secure"?

renkeJuly 15, 2014 10:00 AM

@jdgalt: I'm not sure if reasoning against running a relay is a valid one (I'm not saying that I don't understand your point ^^). The network can be abused but the whole point is to create an anonymous way to access the net. I, as operator of a very small relay, do this because of the benefits of an anonymous net - Tor can (and will) be used for malicious stuff but this is not the only (or - arguable / most likely - even the main use case). If the articles about the Austrian Tor operator are correct (and not out of context) I can understand the sentence, though the trial was in this case only loosely connected to Tor.

toorJuly 15, 2014 10:26 AM

Germany tried to lock up relay operators a few years ago too. The lawsuit is some failed lawyer trying to make a name for himself, it won't be successful.

not anonymousJuly 15, 2014 10:34 AM

@jdgalt

If that "loophole" of "safe harbor" were "taken away," then all network operators on the entire internet would be liable for everything their customers do... you want to sue the entire internet???

@trinity

next religious people will be suing god for making the air that they breathe or something ridiculous.

@Peter

thanks for setting the record straight... as usual, the press generally gets it wrong...

Nick PJuly 15, 2014 1:45 PM

Re legality of Tor

Let us remember that a criminal using these crypto services isn't the same as a criminal using general services. Most online goods can be tracked to the person one way or another. Tor is specifically designed to hide identities from resourceful snoops. It does that well enough that GHCQ even uses it.

The problem for liberty proponents is that even the Constitution allows search and seizure: it only prevents those that are unreasonable. The Framers were too realistic to give absolute privacy. So, I expect the U.S. to eventually try to rule Tor unconstitutional as it blocks their right to lawful (court ordered) search.

For now, users are fine and can try to battle this eventuality. Yet, at some point, Tor project might have to build in lawful intercept to operate in this or other surveillance loving countries.

BobJuly 15, 2014 3:20 PM

@ Nick P
> Yet, at some point, Tor project might have to build in lawful intercept to operate in this or other surveillance loving countries.

I don't think this will ever happen purely because Tor is decentralized by nature. To do this would require a complete redesign, such that Tor would not actually be Tor anymore but rather some other service. I think this would go against the personal views of a lot of the developers, and thus the project is more likely to just go unmaintained than this outcome. Possibly even maintained within the dark net itself.

Who decides when "lawful interception" is evil and when it is good? Who decides what "evil" is in the first place? Every government has an interest in maintaining power. The only difference is what lengths they are willing to go and how they go about it.

As far as we know this guy incriminated himself pretty severely, assuming the evidence is legitimate. I doubt this court case will have any real impact on the Tor Project or it's future development.

I think it just noise. The media likes chase news stories about child pornography (more than even murder because would be boring), most of them are just after ratings, the fact this one also involves Tor means there's an extra bit of controversy, especially since Snowden.

For most people there is nothing worse than a child being violated sexually. A lot of people think a government should be given ultimate power to prevent this. This is why the media likes these stories, because it inherently comes to the discussion of should there be laws against anonymity on the internet for some people.

There are many crimes occurring daily in the world against children which result in basic necessities being denied from them such as food and housing, ultimately resulting in death, yet people wouldn't really pay any attention to stories about people in a far away land.

These things would be happening anyway even if Tor never existed, and in fact Tor might allow for some whistle-blowing against the perpetrators.

uh, MikeJuly 15, 2014 3:21 PM

#eviltor Under USA political theory, it is necessary for citizens to protect ourselves from the government as well as other assailants. Under theory, we protect ourselves from the government by holding it accountable.

When the government demands trust, it is a signal that the USA political theory is being misapplied.

Privacy of communication is necessary to defend ourselves from adversaries, government or otherwise.

When the government prohibits privacy of communications, it is a signal that the USA political theory is being misapplied.

Privacy of communication demands the best technology available, because the government and other adversaries are using the best technology available to attack privacy.

When the government prohibits, Or Withholds, Or Sabotages, the best technology available for protecting communication, then USA political theory is being Attacked.

DanielJuly 15, 2014 4:38 PM

My local itty bitty paper uses a paywall but offers five free pages views per month. It tracks page views by IP. Since I don't read the local paper that often if I run out of my five free page views I use Tor to get more views. This now makes me a terrorist supporter, a cybercriminal wanna be, and the NSA has a case file on me.

What else can one do but laugh? It is so preposterous.

Nick PJuly 15, 2014 6:54 PM

@ Bob

"I don't think this will ever happen purely because Tor is decentralized by nature. To do this would require a complete redesign, such that Tor would not actually be Tor anymore but rather some other service. I think this would go against the personal views of a lot of the developers, and thus the project is more likely to just go unmaintained than this outcome. Possibly even maintained within the dark net itself."

Their strong views don't matter when the country, TLA's, and courts consider the opposite law. In my hypothetical situation, any type of anonymizing service would be forced to preserve identifying information in a way that only authorized government representatives can access it. All services without this would be illegal. Operators would be subject to prison time, their systems subject to seizure, and any relays/endpoints subject to direct action. Foreign operators could be legally blocked in each country that passed the law. From this simple requirement, TLA's as powerful as FBI and NSA can make short work of a network such as Tor from working outside and inside the network. I devised a takedown strategy for Five Eyes in under 10 minutes. I'm sure TLA's can do better.

One possibility explaining why they haven't taken it down is that the Five Eye's governments use Tor themselves. They'd rather subvert or beat it in a way that allows only a small number of parties (eg NSA and select partners) to break the scheme, while each continues to benefit against other adversaries. They've done this in other products and services. So, it's one possibility.

Another possibility is they're afraid introducing legislation or leveraging some existing law will risk EFF hitting back under carrier neutrality laws. The last thing they want is a high court to rule on an interpretation that protects the anonymity or crypto schemes. This is a huge grey area right now that often defaults against Tor, but a big trial on it might end pro-Tor. I can't see inside their organizations enough to know how much they worry about this in deciding what action they take. It's worth thinking about, though, as it might be a powerful motivator.

SomebodyJuly 15, 2014 7:18 PM

When an authority says "The XXX internet service is used by criminals to ___" you should replace "XXX internet service" with telephone, post office or cars to see if the authority has his head up his #$%!.

While Nick may be right about what the authorities want the constitutional requirement that the government get a warrant before a search is completely unlike a constitutional requirement that everybody must ensure that that warrant is fruitful. Just because the government wants a unicorn doesn't mean it has a legal entitlement to one.

Nick PJuly 15, 2014 8:23 PM

@ Somebody

To clarify, I was keeping in mind a few things as I wrote that Tor risk:

1. We've already seen authorities in various countries act against Tor nodes.

2. We've seen FBI just come in and seize computers all kinds of stuff (including colo's) before any charges are pressed.

3. We see NSA and their partners using both surveillance and hacks against whoever they want with legal immunity. They also sometimes share their findings via parallel construction.

Looking at these three, there's enough reason to believe they could launch a mass of attacks (legal or otherwise) on at least the Exit Nodes right now. Doubly true if they're in a Five Eyes country. Triply if it's one already doing Internet filtering. They might also be able to expand these powers in the future. Fortunately, we're not there yet and Five Eyes aren't trying to totally block it.

SteeeveJuly 15, 2014 8:56 PM

Who wants to bet that the Australian intelligence services fabricated evidence?

NazimJuly 16, 2014 12:02 AM

to Bob.
And you are right Bob.
Look what MS has done to skype.
All supernodes are now within MS datacenters.
Somethinh similar may happen to Tor.

65535July 16, 2014 1:20 AM

“…TLA's, and courts consider the opposite law. In my hypothetical situation, any type of anonymizing service would be forced to preserve identifying information in a way that only authorized government representatives can access it. All services without this would be illegal. Operators would be subject to prison time, their systems subject to seizure…” –Nick P

I see your logic. As long as communication operators are subject CALEA rules then all operators of communications systems are subject to those rules.

“…The last thing they want is a high court to rule on an interpretation that protects the anonymity or crypto schemes. This is a huge grey area right now that often defaults against Tor, but a big trial on it might end pro-Tor.” –Nick P

I hope that this is the outcome. It appears the TLA's are playing both sides of the road. The TLA’s are using Tor for their benefit – yet attacking it when Tor is used to evade them. The TLA’s are trying to have it both ways.

Privacy matters in the USA. One must assume drag net spying is against the US Constitution. Thus, cryptographic communications must be legal for legitimate communications.

Sure, CALEA allows for some monitoring under a court order. But, drag net monitoring of encrypted or Tor anonymous [and encrypted to some point] communications is unacceptable in a democracy.

“All supernodes are now within MS datacenters.”-Nazim

You are correct. That’s what allows the decryption and spying to occur. Skype was a for "profit" business – to be bought and sold [it was sold to M$ for a profit].

Tor is theoretically a non-profit operation dedicated to privacy [yet, Tor depends on the government for funding]. I would like to see Tor funded privately. I hope that Tor doesn't get sold to some big corporation - and become like Skype.

Clive RobinsonJuly 16, 2014 2:24 AM

@ Daniel,

Why leave the DMCA off your list of offences against your local newspaper?

It's a reasonably sure bet that the likes of the Murdoch "Evil Empire" of "phone hackers" has considered it in their Pay Wall design... thus your local rag "is not following best practice" ;-)

MeJuly 16, 2014 8:40 AM

@trinity

"The PinkMeth case on the other hand is more worrying because they are suing Tor directly. Are they also going to sue Facebook for providing the victims' personal details? What about Dell, or IBM for proving the guy with a computer? Logitech, for providing him with a keyboard?"

I don't think it is too worrying yet. In the US, anyone can sue anyone for anything. If the judge doesn't dismiss it, or especially if they prevail, we can start to worry.

Joe KJuly 16, 2014 8:28 PM

Seems pretty obvious to me that the guy's statements in chat were
taken out of context by an opportunistic prosecutor.

From the pcworld article Peter links to:

In its verdict, the court cited transcripts of chat sessions uncovered during the investigation in which the defendant told an unidentified correspondent “You can host 20TB child porn with us on some encrypted hdds” and, in German, “You can host child porn on our servers” and “If you want to host child porn ... I would use Tor.”

See the ellipsis? You know, those three dots where there used to be a
bunch of words and stuff?

Not only is there no context provided, but the statements themselves
have been edited.

Whether in court or journalism, regardless of venue, that's a hatchet
job. He was jailed for running a tor exit node, full stop.

Remember the pickpocket thing about a week ago? CP is the blocker. Check your wallet.

Duh.

If the context was so damning, how come it wasn't deemed worthy of
publication?

Joe KJuly 16, 2014 8:42 PM

I said: "He was jailed for running a tor exit node, full stop."

Er, not quite. Prosecuted, convicted, and given a suspended
prison sentence and three-years' probation.

My bad.

AndrewJuly 17, 2014 1:30 AM

[...] use [of] Tor [...] makes me a terrorist supporter, a cybercriminal wanna be, and the NSA has a case file on me. [...]
Not wanting to pick on @Daniel here, but I'm not sure how he and many other people get these ideas? It's preposterous to imagine that merely using Tor causes anything like this to happen at the NSA. Somehow people ascribe both almost-magical powers of access and detection, and yet at the same time nursery-school levels of deduction and insight, to intelligence agencies like GCHQ and NSA.

Now obviously it's interesting to use data mining to find the intersection of (say) people who:

  1. use Tor, cryptography, or steganography
  2. have posted tweets with violent political sentiments
  3. have actively researched bomb-making on Google
  4. are connected closely by one or two calls in the phone network to known terrorist group members
  5. have travelled to Yemen or Afghanistan recently
  6. their pattern of activity on the Internet has suddenly changed
  7. made recent withdrawals of large amounts of cash recently
  8. have had their car numberplate seen in the vicinity of an industrial fertiliser plant
This could be indicative of someone in a terrorist cell embarking on the active part of a bombing campaign, and I imagine would be the sort of selector that would be used by GCHQ or MI5 et al to trigger active surveillance or other action directed at finding out what is going on.

Now, someone will almost certainly now reply listing a set of innocuous reasons for each of these items, and suggesting that since there is some conceivable innocent circumstance they are or could be involved in that would trigger these, therefore they are obviously a terrorist (ha ha!) and it is wrong, unethical, unconstitutional, invalid, stupid etc. for anyone to use these criteria to find threats.

But a single false positive is no reason to discard techniques that can result in genuine true positive. Of course any mechanism with enormous false-positive rates should be discarded, but it is pretty childish to assume that agencies like GCHQ or NSA are unable to do the obvious filtering that would discard Bob who is using Tor to access porn that his ISP normally filters, and otherwise uses the Internet to access Facebook and cat videos on YouTube, and Alice who is a member of a radical eco-warrior group and has a history of violent direct action, backed up by posts on radical forums and a suspicious amount of encrypted traffic to other known eco-terrorists. Alice's use of Tor is therefore also certainly suspicious, particularly combined with other indicators of the kind I enumerated earlier.

As I say, there's a sort of black-and-white boolean mindset around people (often, but not always, the mathematically-minded) where they see a criterion and then search for and find a counter-example. No matter how convoluted or unlikely, they imagine that its existence makes the criterion useless, the same way that a mathematical theorem is disproved. But this just doesn't work (or matter) in the fuzzy and confusing real world. These sorts of things can be used to add weight to a hypothesis and are just one part in a chain of evidence.

TL;DR - Using Tor will not automatically cause the NSA or anyone else to open a case file on you. Intelligence agencies use more than a single criterion to select persons of interest, and must employ complex chains of inference and deduction to sift through the mountains of data they collect to reduce it down to useful, actionable product.

Andrew.

SomebodyJuly 17, 2014 12:12 PM

@ Andrew

The question is do the NSA et al. want to catch terrorists or just a few people who can be made to look like a terrorist. So I don't attribute child reasoning, I attribute child like motivation.

The statements and actions of the authorities do not inspire confidence. What they claim is "bomb making equipment" often sounds more like a plumbing supply store.

rewolffJuly 21, 2014 3:17 AM

Bob said that government snooping will never happen because tor is decentralized.

That is NOT how things work in this world. Tor or other telecom provider gets told: "we want to snoop". Tor says: over my dead body. Telecom provider says: no. Government says: The law says you must. If you don't you are illegal. So telecom provider gives access (they want to stay in business) and Tor becomes illegal. So now everybody accessing the tor network and/or providing an exit node will be illegal. Simple.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.