
Germany to make it a crime to run a Tor node or website - ccnafr
https://translate.google.com/translate?hl=&sl=de&tl=en&u=https%3A%2F%2Fwww.zeit.de%2Fdigital%2Fdatenschutz%2F2019-03%2Ftor-netzwerk-darknet-gesetzentwurf-strafverfolgung-internet-kriminalitaet-anonymitaet%2Fkomplettansicht&sandbox=1
======
blastbeat
I skimmed through that law draft. Translation: They want you to face jail, if
you provide an "internet based service", which "accessibility is restricted
due to specific, technical precautionary measures", and which "purpose is to
allow or encourage specific illegal actions".

They refer in particular to the Tor network and its abuse by serious crime,
but how I read this law, you could apply it for all kind of things. For
instance if somebody runs an encrypted IRC channel or email service. This is
yet another attack on freedom in Germany thanks to the Christian Democratic
Union.

EDIT: The original law draft can be found here:

[https://www.bundesrat.de/SharedDocs/TO/975/erl/10.pdf?__blob...](https://www.bundesrat.de/SharedDocs/TO/975/erl/10.pdf?__blob=publicationFile&v=1)

~~~
jolmg
> "purpose is to allow or encourage specific illegal actions"

And who's to determine what the purpose was? The creator of a new technology
has no way to force a particular use for their creation. One can invent the
cooking knife to help with all sorts of cutting tasks in cooking, and now
they'll be held responsible if people decide to use those knives for murder?
That's silly.

~~~
dragonwriter
> And who's to determine what the purpose was?

While that's perhaps an interesting question in the general case, for Tor, we
know the purpose was to protect US covert intelligence communications
overseas, which is very much about enabling illegal (by local law) activity.

And actually, purpose requirements in law are not uncommon and, in systems
with meaningful proof requirements that benefit they accused, since they
provide additional facts which must be established by evidence before
punishment can be imposed.

~~~
jolmg
> we know the purpose was to protect US covert intelligence communications
> overseas, which is very much about enabling illegal (by local law) activity.

Says who? According to the torproject.org homepage[1], the purpose is:

> [to help] you defend against traffic analysis, a form of network
> surveillance that threatens personal freedom and privacy, confidential
> business activities and relationships, and state security.

That includes stuff like preventing your ISP from knowing private personal
details like how one was fired, or is secretly gay, or likes to write or draw
porn, etc.

Also, if you own a big business and you just bought a supplier to eliminate
the costs of a middle-man, you might also want to keep that confidential from
your competitors for whatever business strategy you have.

[1] [https://www.torproject.org/](https://www.torproject.org/)

~~~
hxegon
Yes, That's part of how people use it now but TOR was created for the explicit
purpose that parent said:
[https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29#Hi...](https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29#History)

Edit: On further reading the distinction is the _TECH_ behind tor was created
for that purpose, TOR itself was created for what it says on the tin.

------
KenanSulayman
Bullshit. It’s literally saying “if your goal is to allow criminal
activities”. Per TMG §8ff any service provider providing a free service whose
traffic is neither filtered nor inspected bears neither responsibility nor is
required to keep logs. [1]

This law cannot be applied in practice as there would need to be non refutable
proof that the operation of the nodes would be used to facilitate illegal
activities. That’s already illegal if they can prove it, or else it wouldn’t
be illegal.

Source: my lawyers. I’ve been running massive exit nodes for years in Germany.

[1] [https://www.gesetze-im-internet.de/tmg/__8.html](https://www.gesetze-im-
internet.de/tmg/__8.html)

------
atoav
AFAIK this is a draft for a new police law in North-Rhein Westfalia (NRW), so
it would affect “only” that province. NRW was also the province that made the
draft for the infamous new police law.

The article says the draft is beeing discussed in the Bundesrat. The draft is
mainly targeted on dark net market places, but its formulation is broad enough
that one could argue TOR exit nodes could be affected by it (its forbids
platforms that enable criminal behaviour, which is arguably nearly everything
if you squint your eyes the right way).

German privacy activists are mainly suspicous here because there is no real
reason for the draft to exist. Running illegal black market sites is already
illegal under german law, because the stuff you sell there is illegal — it
doesn’t matter if you do it online.

Why such a law then?

~~~
e12e
> Why such a law then?

Fight "herd anonymity" provided by a large tor network? Ironically(?) that'd
make the original purpose for Tor (covert channel for covert operatives) less
viable too.

Broad, redundant overreaching legislation with ample room for "discretionary"
enforcement seems a prime way to enable tyranny in a country otherwise
democratic/ruled by a normal three-way powersplit (executive, legislative and
judicial branches).

~~~
tgragnato
National powers want to filter the contents circulating on the net, but the
application of the rules is subject to the limitations of enforcement
capabilities. And I'm not only thinking to espionage, terrorism, money
laundering and child porn, but to article 13 and copyright violations too.

The government would like to push for overly broad regulations, but they
realise that the application of such creates incentives to adopt and
democratise radical technologies.

Platform operators who do not want to comply with the regulations can move
them beyond national / European borders, or use darknets and decentralization
to resist the capacity of police forces.

Response: "Let's ban the darknet"

------
stakhanov
The article actually details that the proposal on the table is to make it a
crime to run sites whose access is restricted by specific technical measures
and whose purpose or activity is oriented towards the goal of aiding crime.

The notion that it would become a crime to run a tor exit node is actually
speculation on the part of the authors of this article.

But is not apparent to me how that would follow from such a law: For example,
since anyone can access tor, and, by implication, any tor exit node, access to
a tor exit node is not restricted in any way, so it would not seem to fall
under this law in my opinion.

As for running a tor hidden service, this would seem to apply but still: How
do you draw the line between running a service where it just so happens that
criminal business is conducted over that service, versus running a service
whose purpose or activity is actually directed towards aiding crime?

~~~
mreome
The problem with laws like these is just as you say... How do you draw the
line? Vague laws allow the government to draw the line wherever they want to
achieve their goals. It's speculation yes, but abusing and reinterpreting
vague laws is something governments do quite regularly when it suites their
needs.

Unless you specifically clarify things, even the part you seem to think is
clear can be interpreted differently. You say that a Tor node does not meet
the criteria that "access is restricted by specific technical measures". But
one could easily argue that Tor is a "specific technical measures" and access
is to a Tor Node is restricted because you need to know what software to
install and how to install it in order to access the Node.

It could also be argued that any encrypted communications is "restricted" in
that it's private. It's restricted to the parties involved and not visible to
outside observers.

~~~
beatgammit
Wouldn't an unencrypted website also fail the same test? You need specific
software (web browser) to access a website. And if you allow that, encrypted
websites (TLS) would probably fail because you further need a browser that
supports TLS.

If those don't fail, I don't see how Tor would fail, since Tor requires
similar software (Tor browser) that if freely available, just like a web
browser.

Likewise, wouldn't other services, like video games and chat applications also
fail because you can only access those through a specific app?

Honestly, this seems completely unenforceable. If there's proof you've done
something illegal, you can already be charged with that. If there isn't, then
this law is too vague to add anything. This law should go straight to the
dumpster...

~~~
kbwt
Latest revision of the law drops the "restricted access" condition.

Diff can be found here: [https://www.internet-strafrecht.com/wp-
content/plugins/downl...](https://www.internet-strafrecht.com/wp-
content/plugins/download-attachments/includes/download.php?id=2691)

------
_bxg1
Does anyone familiar with German politics know how likely it actually is to be
ratified? Politicians here in America _love_ to draft soapbox bills that they
know will never get ratified, just for the publicity.

~~~
blastbeat
It would not be the first time, that such a law finally passes the parliament.
And it would not be the first time, that such a law is invalidated by the
Federal Constitutional Court after that.

~~~
maze-le
We cannot always hope that the Constitutional Court comes to the rescue and is
the final straw that will invalidate these laws. First, last year a very
conservative constitutional judge has been appointed, which probably will be
more common, especially now that a reactionary party has become part of the
House of representatives. Second, the court has made problematic rulings in
the past -- even under more liberal judges.

~~~
anoncake
> especially now that a reactionary party has become part of the House of
> representatives.

What does the US parliament have to do with this?

~~~
maze-le
Nothing, I just wanted to use another word for the Budestag, since it is an
equivalent institution and not everyone is familiar with the german political
institutions. Especially the Bundestag and Budesrat (equivalent to the Senate)
is often mixed up. The reactionary party I was referring to is of course the
AfD, not the GOP.

~~~
anoncake
> Nothing, I just wanted to use another word for the Budestag, since it is an
> equivalent institution and not everyone is familiar with the german
> political institutions.

House of Representatives is not another word for the Bundestag, its the name
of the lower house of the US parliament. Which Im sure does not have exactly
the same role as the Bundestag.

> Budesrat (equivalent to the Senate)

It isnt. For example, Senators are elected as senators, the Bundesrat is a
representation of the state governments. Their roles also differ. You cant
just map political institutions 1:1 like that.

~~~
maze-le
Of course not, I never said they were equal, but 'equivalent'. In order to
facilitate a discussion some simplifications are helpful sometimes. You are
right in the regard that on the level of a formal academic discussion this
would be a false equivalency. But on an informal level (with that level of
simplification in mind) they are similiar enough to make a comparison.

The most striking similiarity of Bundesrat and Senate for example is that both
are institutions that represent political subdivisions (States, Bundesländer),
not the population as such. Another similiarity is the role in the
ratification and oversight [of the federal Budget
([https://www.bundesrat.de/DE/bundesrat/ausschuesse/fz/fz-
node...](https://www.bundesrat.de/DE/bundesrat/ausschuesse/fz/fz-node.html))
especially and generally laws that concern federal and substate-level
interests].

Also, I made that comparison especially because both houses of the german
parliament are regularly mistaken with one another -- even in serious
publications.

------
gatherhunterer
This is a proposed bill. The title posted here suggests that it has been
ratified and is going to implemented but that has not happened. The translated
(and paraphrased) title is "Those Who Make the Darknet Possible Could Soon Be
Offenders."

------
LinuxBender
Is this specific to Tor, or would it also affect CDN's? I am not a fan of
commercial CDN's (for my own hobby sites) so I set up haproxy+strongswan VPN
nodes in various VPS sites around the world, that cache and relay traffic
to/from a few nodes in another VPS. For all intents and purposes, my websites
are actually hidden, despite having public IP addresses and names. I've had
front-end caching nodes in Germany before.

~~~
eleitl
Do you have your setup documented somewhere? It sounds intriguing.

~~~
LinuxBender
I don't, but my setup isn't complicated at all.

The front end caching nodes are just haproxy 1.9 (which has very simple
caching now) which precluded my need for nginx. Those nodes have strongswan in
transport mode using a simple pre-shared key. The backend is just a simple
apache 2.4 server.

DNS is just NSD with multiple IP's in some of the A records. I don't do any
GSLB or Anycast, nothing exciting there. The browser will use whichever IP
answers which means the end users could end up on any nodes. I could get fancy
and use GeoIP mapping to keep most requests on the same continent. Maybe I
should set that up this weekend.

------
accnumnplus1
Germany first, then the EU.

~~~
no1youknowz
I can't argue with that and unfortunately for the UK. Due to our leaders being
so weak, incompetent and impotent. They will be falling over themselves to
implement this to its fullest.

~~~
fvjft
Even after Brexit?

~~~
denysonique
@ben_w, @chmod775 It is incorrect to say that United Kingdom would be worse
off privacy wise after leaving the EU.

The mentioned privacy invasive bill was ruled by the English High Court to be
incompatible with the ECHR.

EU membership is unrelated to United Kingdom being party to the European
Convention of Human Rights (ECHR).

The Council fo Europe is a distinct organisation from the EU.

Please check facts before spreading misinformation.

~~~
ben_w
ECHR membership is a prerequisite for EU membership, and May is on record
wanting to leave the ECHR.

Additionally, scope creep has turned Brexit from “Leave the EU” to “Leave all
the European institutions which have power over the British government”, or at
least that was the rationale given after the surprise announcement that the UK
was leaving Euratom.

Therefore, while it is correct to say the Council of Europe is different from
the EU, it is sadly also not an important point.

------
chopin
It seems that any end-to-end encrypted messenger could fall into this as well.

I've not seen the draft itself but if it is too broad it could be
unconstitutional.

------
richardhod
This is the same problem we've seen in most countries, especially the US,
where technologically illiterate lawmakers make overly-broad laws that can
capture all sorts of perfectly decent behaviour, which then allows law
enforcement latitude to prosecute who they will, when they will. This is a
deliberate ploy in Russia, of course, but in the West, it happens, especially
with terrorism and technology laws. IT's really important to stop these and
reverse them with literate lawmakers.

------
DyslexicAtheist
many even tech literate folks when they hear "tor" they think bitcoins and
heroin, but - this article spells it out: _An Entire Ecosystem Relies on Tor_
[https://blog.torproject.org/strength-numbers-entire-
ecosyste...](https://blog.torproject.org/strength-numbers-entire-ecosystem-
relies-tor)

a whole ecosystem is thrown under the bus

------
netwanderer3
In China they banned all stores from selling butcher knives simply because it
was commonly used as a weapon in a fight or to kill someone. If you happen to
need to chop some meat at home then you are out of luck as this knife just
cannot be purchased legally in store. This case here is pretty much using that
same stupid logic.

------
daveheq
Aye yay yay this is where government gets scary with the internet. Guess what
this will not prevent (much) crime, but it will allow the government and their
affiliate corporations to track the crap out of you.

------
dimabond
Can I use my startup for communication if it doesn't use the Internet at all?:
[https://github.com/DimaBond174/SpecNet](https://github.com/DimaBond174/SpecNet)

------
Technetium
If something like this goes through, I consider it my duty to run tor nodes
myself. There are multiple cheap VPS services that support you running a node
and will have your back if something happens.

------
Scarbutt
Surprised, as an outsider, I have always seen Germany with the most privacy
conscious and aware people of any country.

EDIT: I was mostly referring to normal citizens, not the goverment.

~~~
valerij
actually the situation in germany in getting hotter as years pass.

last year it was reported that on numerous occasions german police were using
cell-tower data and cross referencing burner and real mobile phones just to
get some guys who were doing graffiti. wonder what data they acquire for
everyone involved in more serious crime cases

~~~
ben_w
That seems implausible given that everyone I’ve talked to about graffiti since
moving to Berlin regards it as “not a crime” (unless its removal necessarily
causes damage to the property).

~~~
akuji1993
It is indeed a crime. Just because your friends don't think so, doesn't make
it legal. It's an act of vandalism, anywhere but clearly marked zones that are
meant for street art.

------
StreamBright
I am pretty sure that this will stop people using Tor because they cannot
figure out any counter measure. People are so dumb, government is so smart.

------
kajumix
How effectively would they able to enforce this? Aren't those nodes precisely
designed to evade detection? I perversely welcome such surmountable hindrances
to liberating technology -- it feeds the antifragility of the target

~~~
aeorgnoieang
I'm pretty sure Tor exit nodes in particular are very public and easy to spot
by ISPs and VPS providers, which is why they're very difficult to host at all
even now.

Traffic on the Tor network itself is designed to evade tracking or
interception but exit nodes are required for communications to reach outside
Tor.

------
013a
What is it with Germany and a continual bias toward fascism?

~~~
e12e
It's not a German thing, it's a late state capitalism thing.

~~~
hannasanarion
I think you mean "late stage". It's supposed to be a cancer pun.

~~~
e12e
Yes. Although now that you point it out, I think it works either way [ed: as a
cancer analogy, rather than a pun, though] .

------
1337shadow
Does this have a real chance of passing through ?

------
elken
You would think the Germans would know better with their recent history.

------
hansflying
I _STRONGLY_ encourage everyone not to come to Germany, especially if you are
an entrepreneur or a developer. Horrific laws like GDPR, Hackerparagraf,
Upload Filter etc. are passed every week. Even the north Korea is more
business and IT friendly than Germany.

~~~
yc-kraln
As a counter-opinion, I strongly encourage people to consider Germany where
the law ensures your rights as individuals are respected by corporations,
regardless of where they are domiciled, and protects people in all
circumstances (public health insurance, generous jobless benefits, good
work/life culture). It's really nice as an entrepreneur not to worry about
getting sick, or how I will feed my family, even in lean times.

~~~
expertentipp
> public health insurance, generous jobless benefits, good work/life culture

What a surprise when foreigners learn that they cannot opt-out from their
monthly healthcare contributions (while debt is accumulating proactively
already), the jobless benefits are a minefield and they don't qualify for
them, the miserable startup they got job in prays on people depending on visas
and stay permits while big industry hire only "doctors" and those from "good
families".

------
wcoenen
Link doesn't work, it is for translating korean to german

~~~
close04
Original link (German): [https://www.zeit.de/digital/datenschutz/2019-03/tor-
netzwerk...](https://www.zeit.de/digital/datenschutz/2019-03/tor-netzwerk-
darknet-gesetzentwurf-strafverfolgung-internet-kriminalitaet-anonymitaet)

