
Judge Who Authorized Police Search of Privacy Activists Wasn't Told About Tor - nkurz
http://www.thestranger.com/slog/2016/04/08/23914735/judge-who-authorized-police-search-of-seattle-privacy-activists-wasnt-told-they-operate-tor-network
======
walrus01
The warrant is ridiculous even without the tor part. Read pages #6 and #7.

[http://www.thestranger.com/images/blogimages/2016/04/08/1460...](http://www.thestranger.com/images/blogimages/2016/04/08/1460142130-search_warrant_redacted3.pdf)

ISPs maintain hash values of known child porn files? Show me a single ISP in
the Seattle area that runs any of its residential customer http traffic
through a caching proxy that examines and hashes each file, I'll eat my shoe.

~~~
downandout
Apparently, the National Center for Missing and Exploited Children provides
ISPs with a hash database of known illegal images [1]. ISPs are then required
by statute to notify the government when images with matching hashes cross
their network [2].

[1]
[https://www.law.cornell.edu/uscode/text/18/2258C](https://www.law.cornell.edu/uscode/text/18/2258C)

[2]
[https://www.law.cornell.edu/uscode/text/18/2258A](https://www.law.cornell.edu/uscode/text/18/2258A)

~~~
click170
I always assumed antivirus venders were given a copy of the list as well.

It's a way to scan millions of computers without the owners of those computers
knowing they are even being checked. It's perfect.

It also begs the question can you get around detection by re-encoding the
files so the hashes don't match?

~~~
EdHominem
They are. From experience, testing the updates for work.

Didn't try mutating the test vector.

~~~
EdHominem
In response to OOB questions:

No, it was a short string, not an image. If it was an image, I would have
tried various mutations.

Because of this, I assumed at the time, and still do, that it's a simple
digest instead of a context aware image description.

And it phoned "home" instead of alerting the user - even the institutional
user.

------
jobu
Money quote in the last paragraph:

 _" When we get into things like this," [Judge William Downing] said,
"anonymizing stuff, that’s well over my head technologically, then it becomes
very murky and hazy."_

That sounds to me like the judge likely wouldn't have known what a TOR node
was if the police had told him these guys were running one.

Technology isn't slowing down, so how can we make sure the law keeps up?

~~~
vidarh
He is willing to admit that it goes over his head, which presumably also means
that he'd be willing to read up on it or seek advice if necessary.

The biggest problem isn't judges who doesn't know everything - they have to
deal with cases covering every possible discipline and can't possibly know
everything about everything put before them. The problem is when they believe
they do, or don't care, or don't want to admit it and decides to just trust
law enforcement blindly instead.

I'd like to think that a judge that readily admits what he doesn't know will
make sure to learn or seek suitable advice when necessary.

~~~
johansch
If I were in the position of that judge I would like to be able to bring
experts on my own. Is that possible?

(I wouldn't trust either the defense nor the prosecution to provide me with
neutral information via their selected experts.)

~~~
cm2187
But would you have suspected the existence of a tor node if nothing in the
warrant suggested it? Would you have stopped the investigation to call some
experts?

~~~
johansch
Clearly the missing step is for the judges to announce their tech cases on
reddit and ask for ideas.

Only half joking.

------
riskable
Here's what I don't understand: You go to a judge for a warrant and _the only
piece of evidence you have an IP address_. How is an IP address even remotely
considered "evidence" enough to search someone's home? An IP address is not an
identity. It is not a location. It is not even permanent in most cases!

I cannot fathom that police are granted warrants to search and seize people's
homes and property based solely on, "logs indicate an illegal file was
uploaded from this IP address." That is incredibly flimsy evidence.

At the very least they should create a profile on the individuals and
demonstrate that they were present in the home and appeared to be using their
computers at the time of the crime. They didn't even do the most basic of
police work in this case. WTF!?

~~~
cplease
Seriously?

They didn't just have an IP address. Police had an IP address and timestamp of
a video of child-rape, as provided by 4-chan, said IP address belonging to an
ISP as provided by MaxMind, and said ISP confirming its ownership of the IP
and providing a subscriber name and address for that IP and timestamp,
indicating that the posting originated from a cable modem at a residential
location.

If you don't find child rape to be compelling, substitute an email plotting a
bomb attack, a suicide note, etc. etc.

Police are supposed to ignore that, and what, ask for a signed confession?
They don't need proof beyond a reasonable doubt, they need probable cause that
there is evidence of a crime. Tor is deliberately designed to frustrate what
police call "evidence." The police are perfectly justified in searching that
location for evidence that might lead to the source of the criminal activity.

~~~
visarga
Solution: rent an empty room and place TOR exit node equipment there. When the
police comes, it's just a computer room with no logs or files cached locally.
They can do all the searches they want.

Also, TOR should have a blacklist of CP sites to filter out as much of the bad
traffic as possible. It doesn't do anyone any good to allow CP on exit nodes.
Even if the sites are using https, the exit node could sample a few pages to
pass the data into a CP classifier and whitelist/reject the site. This
classification work could be aggregated over many exit nodes to maintain an
up-to date filter. In the end, if we can assure TOR node hosts that their IPs
will not be used for CP, it would ensure more people are willing to offer
their resources to the network.

------
bcook
PSA: "Tor", not "TOR".

[https://www.torproject.org/docs/faq.html.en#WhyCalledTor](https://www.torproject.org/docs/faq.html.en#WhyCalledTor)

"Note: even though it originally came from an acronym, Tor is not spelled
“TOR”. Only the first letter is capitalized. In fact, we can usually spot
people who haven't read any of our website (and have instead learned
everything they know about Tor from news articles) by the fact that they spell
it wrong."

~~~
Arzh
People still do that crap with Go (Golang) for no damn reason, it'll never
stop because even if they have read that they don't care.

~~~
tomjakubowski
Read what? Isn't it just a way to disambiguate the language from the game or
the verb?

~~~
Arzh
Context will do that for you in 99% of the cases, the other 1% is people who
are confused for about 15 seconds.

~~~
Houshalter
Literally the comment just above you had to specify they meant "Golang" in
parentheses. It's a very poor choice of name. I remember when the AlphaGo
thing came out on HN and there were some people who clicked because they
thought it was about the language.

~~~
Arzh
Yeah that's my comment, I was driving my point home that Golang is dumb.

------
Freak_NL
This is probably what I find most worrying about the TOR concept. By running
an exit node, you open yourself up to all sorts of legal actions. But if you
can't run a TOR exit node as an average citizen, won't all exit nodes end up
being run by NSA, GCHQ, and their ilk?

~~~
Synaesthesia
It really shouldn't be illegal, it should be protected, like free speech, as
noted in the article, "It's like raiding the mailman's house for delivering an
illegal letter with no return address"

In fact I think that's why they withheld the fact that he runs a TOR node from
the judge.

~~~
rayiner
Given that most of the content on Tor is illegal,[1] I'm not sure the mail is
really the appropriate analogy.

[1]
[https://www.schneier.com/blog/archives/2016/02/survey_of_the...](https://www.schneier.com/blog/archives/2016/02/survey_of_the_d.html)

~~~
woodman
I don't know why you wouldn't link directly to the paper, unless you're hoping
that Schneier acknowledging its existence lends it some credibility.

> most of the content

Easily refuted: the authors had a spider crawl hidden services, which is
laughably stupid. They claimed that there where 5,205 hidden services, of
which 1,547 hosted illegal content. Another study [1], one which actually took
advantage of network statistics, found the number of hidden services closer to
30,000. Also, well over 90% of Tor traffic is unrelated to any hidden
services.

So not most. As far as the analogy is concerned, hidden services would be more
like the personal thoughts of the mailman - not the mail he is routing.

[0]
[http://www.tandfonline.com/doi/abs/10.1080/00396338.2016.114...](http://www.tandfonline.com/doi/abs/10.1080/00396338.2016.1142085)
[1] [https://research.torproject.org/techreports/extrapolating-
hi...](https://research.torproject.org/techreports/extrapolating-hidserv-
stats-2015-01-31.pdf)

------
Overtonwindow
Point of clarification: I know the police are allowed to lie and fudge the
truth to suspects and defendant, but is there a legal requirement for them to
be forthcoming and truthful to Judges in warrants?

Also, tending to agree that even if they had included TOR in the search
warrant, the judge would have most likely signed it anyways becasue child porn
is a big "must do something" thing, and the technology would have probably
gone over the Judges' head anyways. In this day if the police use the words
"child porn" they could get a warrant for just about anything under the sun.

~~~
dsp1234
_is there a legal requirement for them to be forthcoming and truthful to
Judges in warrants?_

This is called Perjury[0]. There is no law enforcement exception to it.

[0] -
[https://en.wikipedia.org/wiki/Perjury](https://en.wikipedia.org/wiki/Perjury)

~~~
merpnderp
There is no legal exception to it, but there is in fact a _de facto_ exception
to it, since a DA must decide to press charges. How else can all those videos
contradicting sworn testimony go nowhere?

~~~
Overtonwindow
Good point.

------
tombert
If my job requires me to have an understanding of something new, I learn it.
Like an adult. Why the hell is technology the only exception for people on
this front?

~~~
blakeyrat
If you're referring to the quote at the bottom of the article, that's from a
_different_ judge than the one who signed-off on this warrant.

In any case, the judge involved didn't have an opportunity to research "Tor
exit node", even assuming he is the most competent and responsible judge in
Seattle, because that information wasn't included on the warrant. That's...
kind of the exact point of the article.

------
downandout
I'm all for privacy technologies like Tor, but this is one of the risks you
assume when you operate an exit node. The alternative would be to give all Tor
exit node operators not only legal immunity, but immunity from investigation,
for illegal activities originating from any IP address associated with them.
Even if the judge and the police were aware of the exit node, it wouldn't have
changed the way this was investigated.

~~~
AnthonyMouse
Suppose I'm AT&T and one of my customers is running a Tor exit node. Do I now
have "immunity from investigation, for illegal activities originating from any
IP address associated with them"? I can certainly use a router spoof my
customer's IP address for any connections I want to use for illegal activity.
Then the IP address will trace back to that customer, which is a Tor exit
node, and the police can't investigate me.

For that matter, every user of Tor is in the same situation.

But the premise is wrong. The police can investigate you as much as they like,
they just can't assume that the traffic coming from that IP address has
anything to do with anyone in particular.

You're still going to jail when you buy something with a stolen credit card
and have it shipped to your house, regardless of whether you used Tor or
operated a Tor exit node or are an ISP and used an IP address assigned to a
customer.

~~~
downandout
_> Suppose I'm AT&T_

ISPs have a specific set of statutes that grant them immunity as long as they
comply with certain requirements [1]. Individual users do not.

[1]
[https://www.law.cornell.edu/uscode/text/18/2258B](https://www.law.cornell.edu/uscode/text/18/2258B)

~~~
MertsA
In practice some individuals do have immunity. If this case led the detectives
to a local coffee shop do you really think they would have raided the owner's
house at 6am and ransacked his home and business searching for something that
they knew they were unlikely to find? It's not really that different from
running a Tor exit node. The police knew that the traffic was likely coming
from another source and that the most likely outcome was that the Tor node
operator had no way of potentially knowing that anything illegal had even
happened. How does that equate to probable cause to raid his house?

~~~
downandout
The coffee shop owner probably wouldn't be prosecuted, but he would likely
still be investigated.

~~~
MertsA
Yes, up until it comes to light that there is very little reason to believe
that the owner is guilty. More importantly though they wouldn't handcuff him
and trash his business when there's clearly no probable cause to do so.

------
ajmurmann
Let me pay devil's advocate for a moment: let's say I want to do bad things on
the Internet and obviously I don't want to get my house raided. So now I set
up a Tor node in my house. Doing that I created reasonable doubt and my house
can't get raided.

~~~
stonemetal
An ip address is not good enough to locate someone. If they have evidence
beyond an ip address sure raid the house, but if they have no identity
evidence beyond an ip address then they need to understand they have no
identifying evidence.

Per this article yesterday, MaxMind(a geolocation ip service) lists a farm in
Kansas (selected because it is roughly the midpoint of the US) as it's unknown
location as a result it is given as the address for something like 600 million
ip addresses. The farm's owner has been harassed by several law enforcement
agencies and countless vigilantes.

[https://news.ycombinator.com/item?id=11466849](https://news.ycombinator.com/item?id=11466849)

~~~
ajmurmann
I agree that's a larger issue. However, IP addresses being enough evidence for
a search seems somewhat out of scope of the article.

------
phasmantistes
At what point does lack of information disclosure in the warrant application
render the warrant itself invalid? Is there any precedent for invalidating
warrants -- and therefore any information gleaned from the search, and perhaps
allowing suits against the offending searchers -- due to circumstances
surrounding the application for the warrant?

------
zaphar
I have a question for any Legal Professionals here.

Reading these news stories it sounds like warrants can be very invasive but
that there is no advocate for the target of the warrant involved in the
process. What protections for the target are there in the process of obtaining
a warrant, given the serving of one can be so invasive and damaging?

~~~
Floegipoky
You're correct, there is no advocate

------
yason
Obviously running a TOR node will attract interest. It can be debated whether
acting as a TOR router/carrier should impose on the operator at least some
requirements to divulge connection logs to the authorities -- not that TOR
would actually produce any meaningful logs in the first place. That's roughly
what physical ISPs need to do if one of their IP addresses is associated with
child porn. There's also the argument that if TOR nodes were given a
guaranteed free pass when it comes to illegal content then why wouldn't people
just run a TOR node and an open wifi on their home network just to cover their
ass should they intend to use a torrent of shady network services.

However, the question that pops into my mind is that given how easy the
trigger finger on child porn actually is in the current climate, then why are
the producers and consumers of child porn still on the regular internet and
not in the TOR darknet? If consumers are already willing to use TOR to access
these sites there's no barrier to switch at all. The producers could even
offer a legit site with no illegal content hosted there but which just
redirects the browser to the (current) TOR address. I suppose there's a market
for consumers who aren't using TOR but I would suspect that segment to be
continuously shrinkin in the form of being prosecuted.

------
Gratsby
Does operating a Tor node preclude someone from being investigated? I should
hope not. Just because they do operate a node doesn't mean that a given
household is free from criminal activity.

------
eric_arrr
Here is everything you ever wanted to know about the law as it applies to
material omissions from search warrants:

[https://www.fletc.gov/sites/default/files/imported_files/tra...](https://www.fletc.gov/sites/default/files/imported_files/training/programs/legal-
division/downloads-articles-and-faqs/research-by-subject/civil-
actions/liabilityforfalseaffidavits.pdf)

------
usrusr
I never understood the value of a judge authorization requirements for
surveillance. Has there ever been a recorded case where the request was
denied, except maybe for even more shady reasons? I just don't see any
incentive the judge could have to actually make an informed decision instead
of just issuing rubber-stamp approval. Even in the unlikely worst case
scenario of a scandal of rampant spouse-spying, a simple "but i trusted these
guys!" would grant complete forgiveness. The only advantage, in terms of civil
right is a weak paper trail and a slight slowdown of operations.

What if, instead of the judge approval requirement there would be a simple,
"mechanical" lockdown of surveillance capabilities that would just ensure a
paper trail and enforce an artificial quota of operations per time?

"Want to spy on that guy because you don't like his face? Your call, but don't
come running when you have run out of quota, you really don't want to be that
guy who could not stop an actual terrorist because he wasted all his
surveillance wildcards on a personal vendetta".

This sure would not yield perfect results, but i really believe that the
existing judge authorization requirements are even worse.

~~~
cplease
> Has there ever been a recorded case where the request was denied, except
> maybe for even more shady reasons?

Yes. And most are never reported, since law enforcement will either fix what
was wrong with their application, pursue a different line of investigation, or
drop the investigation.

Perhaps you are thinking of FISA court surveillance requests in the national
security arena. Those have been revealed to have an extremely low denial rate.
But nonzero. And that's a different space than criminal search warrants.

Perhaps as important as the level of judicial scrutiny of warrants in the
first instance, and their denial rate, is subsequent review. An improperly
granted warrant is invalid. A party with notice of an invalid warrant can move
to quash it. A criminal defendant implicated with evidence from an invalid
warrant may be able to have the "fruit of the poisonous tree" suppressed.

Just a few:
[http://lmgtfy.com/?q=%22in+re+search+warrant%22](http://lmgtfy.com/?q=%22in+re+search+warrant%22)

Your alternative is ridiculous; saying the police can conduct so many searches
without respect as to whether or not there is probable cause that a crime has
been committed and that the search will yield evidence of a crime.

The point of the warrant is to force police to show probable cause to a
neutral arbiter. That, plus judicial review and the suppression rule, plus
federal §1983/Bivens claims, provide a powerful check on arbitrary behavior by
law enforcement. Of course most warrants are granted; for the most part police
don't waste time going to judges saying outright "Joe Bloggs is suspicious,
unlikable, and has a Green Party yard sign. We want to go turn his house over
just to harass him with a fishing expedition." If the police are corrupt and
abusing warrants, what would their motivation be to use them properly just
because they had some arbitrary quota? If they use them properly, what purpose
does a quota serve?

The idea that having to show a defensible reason to a judge with a paper trail
is worse, betrays a complete ignorance of the legal system, and how much worse
it could be in a really authoritarian society that doesn't have meaningful
constitutional protections.

~~~
usrusr
As you correctly guessed, I was arguing about surveillance warrants and not
physical searches. So I am to blame not only for being off-topic but also for
causing confusion by not even being clear about if.

For physical searches, I agree with all your points. Searches are visible and
can be questioned if invalid, so there is incentive for good (or at least
acceptable) work on both sides of the warrant application. Besides, physical
searches are inherently bottlenecked by manpower, so an artificial quota would
not improve anything over unlimited warrantless searches, whereas a warrant
requirement certainly does.

In the immaterial world of modern electronic surveillance, important things
change (invisibility, no natural upper bound, it having so much more utility
for illegitimate use than detectable physical intrusion). I do believe that
there, unbounded rubberstamping approval could easily reach a level where a
blind artificial quota would be the lesser evil.

------
Floegipoky
What he says- "When we get into things like this," he said, "anonymizing
stuff, that’s well over my head technologically, then it becomes very murky
and hazy."

Or, stated another way- "I'm not qualified to do my job, so I just rubber-
stamp it"

Now imagine somebody saying that about a code review.

------
xbmcuser
That's the risk they are taking for hosting a tor node. What if a tor node
user is also browsing child porn. The isp will only see child porn being
accesed by the tor node in.

------
ikeboy
>"It's like raiding the mailman's house for delivering an illegal letter with
no return address," said one commenter on the tech website YCombinator.

------
asrt
Bultmann and Robinson? Do they operate the Tor node on a Bultcave or
something?

------
sickbeard
what difference would it have made if the Judge was told about it?

~~~
mulmen
He could do his job effectively by asking for more information about what Tor
is. This understanding may impact his decision to issue the warrant. Law
enforcement lied by omission, do you think they would take that risk if they
thought the outcome would stay the same?

~~~
sickbeard
They provided enough evidence to the judge to convince him that there was
child pron at this location. I'm not sure how knowing there is a TOR node
would have made much of a difference.

~~~
mulmen
The difference is that the decision would be in the hands of the judge instead
of law enforcement. The balance of power would be in check.

------
Dowwie
Maybe the omission from the warrant application was a plausible deniability
arrangement between the judge and Seattle PD..

------
shockzzz
lol at hn being quoted

------
CrankyBear
Wait, you expect a judge to know what a TOR node was? Heck, you expected the
police to get it? Please.

