

Tor operator charged for child porn transmitted over his servers - roadnottaken
http://arstechnica.com/tech-policy/2012/11/tor-operator-charged-for-child-porn-transmitted-over-his-servers/

======
droithomme
Were the operators of all the other dozens of routers, switches and exchange
point nodes that the files passed through also arrested? Or did the police
selectively choose to only arrest the operator of one particular node that
just happens to also be used for preserving privacy?

~~~
anigbrowl
_just happens to also be used for preserving privacy_

As if there were no correlation between that and the use of the service for
distributing CP. I'm sorry, but I find it hard to get exercised about the
invasion of privacy aspect, considering much greater invasions of both person
and privacy that take place in the manufacture of child pornography. Liberty
does not subsist in the oppression of others.

~~~
mistercow
It's not possible to create a system which protects the anonymity and privacy
of users with integrity, but not of criminals. The cost of a free society is
that sometimes people will do bad things and get away with it.

As regards Tor, it's extremely debatable that its existence has any impact at
all on the distribution of child pornography. If you don't care about hurting
people, there are _way_ more effective ways to protect your anonymity than
Tor.

In addition, Tor is an incredibly useful tool for fighting corruption in
countries where online privacy would otherwise be non-existent.

So on the one hand it's a tool that gives anonymity to a group that already
has it. On the other hand, it's a tool that aids in reducing human rights
abuses across the board, including human trafficking.

~~~
Hannan
>> It's not possible to create a system which protects the and privacy of
users with integrity, but not of criminals.

Do you have more information or references on this? It seems very intuitively
correct to me, but I was hoping someone much more intelligent than me has
actually formalized somehow.

~~~
mistercow
I'm not sure there's any way to formalize it really. It follows pretty much in
one step from the axiom "your computer doesn't know if you're scum or not".
And if we had the strong AI needed to change that, we'd just be letting a
computer invade our privacy and judge us instead of a human or government.

~~~
tzs
Every time the AI checks and finds out that you are not a scum, its memory
could be wiped so that it retains no knowledge of anything private it learned
about you during the check.

~~~
mistercow
That only solves one minor issue with loss of privacy.

------
dragonbonheur
Then the phone company should be charged for the same content that went
through their wires.

~~~
goostavos
Heck, by the logic the police are using, the state should be charged with drug
trafficking since surely their roads are using to transport illicit drugs by
individuals. So long as we're charging people who have nothing to do with the
actual crime.

The terrifying part is I wonder if the judge will have any idea _what_ Tor is,
or even be capable of understanding once it's explained to him. I don't see
how anyone with even the slightest technical knowledge could do anything but
throw this case out.

~~~
gizmo686
>The terrifying part is I wonder if the judge will have any idea what Tor is,
or even be capable of understanding once it's explained to him. I don't see
how anyone with even the slightest technical knowledge could do anything but
throw this case out.

This is why we have trials. Even ignoring the fact that the judges often need
to learn new things (and therefore doing so is part of their job), Tor is not
very difficult to understand. An user sends an encrypted message to a Tor
'exit node' (which can be run from any internet connected computer). This exit
node then decrypts the message to get another encrypted message, which it
sends to a 'relay node'. This process is repeated several times until it
becomes fully decrypted at another 'exit node'. At this point, the exit node
sends the message through normal channels to the intended recipient. The
recipient may sends a response back to the exit node, in which case the
response is encrypted and sent back up the chain of relays until it reaches
the user.

If a judge cannot be bothered to invest the time needed to understand that
system, then the legal system already has serious problems.

------
konstruktor
IANAL, TINLA. I just had a look at the law concerning service providers
(E-Commerce-Gesetz - E-Commerce Law) in Austria. It is quite liberal in its
definition of a service provider, i.e. it does not only cover commercial
service providers, and does not require any kind of license, but basically
defines a service provider as a personal or legal entity that "provides a
service of information society". Also, it contains several clauses that give
providers immunity for the data they store and transmit. However, one explicit
requirement is that the provider may not change any of the content transmitted
to claim immunity. I am very interested in seeing whether the
decryption/encryption of the data will prevent him from claiming immunity.

I want to add that Austrian law is very strict when it comes to the
presumption of innocence. The right of a suspect not to be named, shown on a
picture or otherwise identified is almost abolute (the only exception are
suspects on the run, where this could help apprehend them). As an Austrian, I
found it very disturbing to read the guy's full name in the ars article,
something local media would not be allowed to do. If he is lucky and found
innocent in court, the top search result with his name will forever be the ars
article.

~~~
gizmo686
> However, one explicit requirement is that the provider may not change any of
> the content transmitted to claim immunity. I am very interested in seeing
> whether the decryption/encryption of the data will prevent him from claiming
> immunity.

I am not familiar with the Austrian law, but my guess would be it acknowledges
changing content as part of a technical protocol as different from changing
the content's meaning. For example, if a service provider runs a site to
convert _.tiff into_.jpg, and someone uploads an illegal picture, I suspect
that the conversion would not be considered changing content. This suspision
comes from the fact that the type of not content changing that would otherwise
be required exludes a great number of the services that seem like would be
protected under this law.

Again, I am not a lawyer, nor am I fammilar with any Austrian law.

------
cypherpunks01
Where exactly do you find a 'child face in sliced red onion' stock photo?

~~~
Karunamon
One of Ars' editors, Aurich, is a serious photoshop wizard. He's known for
some pretty witty headline images.

~~~
ChuckMcM
No, he is frickin' AMAZING with photoshop. I love his work.

------
SeanDav
He must be making money from running the tor exit node servers, otherwise how
does he afford the terrabytes of bandwidth?

~~~
gtt
I wonder, is it possible to mine that data for something valuable?

~~~
cjbprime
> I wonder, is it possible to mine that data for something valuable?

Yes, people have published papers doing this:

[http://homes.cs.washington.edu/~yoshi/papers/Tor/PETS2008_37...](http://homes.cs.washington.edu/~yoshi/papers/Tor/PETS2008_37.pdf)

My understanding is that looking at exit node traffic individually rather than
statistically is likely to be illegal in many jurisdictions.

~~~
gtt
Statistical approach is more interesting imo as it could lead to some insights
for data compression algorithm perhaps?

------
thinkling
This was just discussed here: <http://news.ycombinator.com/item?id=4847468>

~~~
graeme
This seems like new news. There's a difference between a raid and a charge.

~~~
bstpierre
I was looking for the difference too. The two articles seem contradictory
about whether he's actually been charged.

Arstechnica says: > nine officers searched his home on Wednesday after
presenting him with a court order charging him with distribution

The blog post says: > During the raid, numerous computers and other electronic
devices, as well as legal and registered firearms and some other items, were
seized. William is likely to be charged with distribution

The Ars subtitle also says "Austrian man is latest to be _held responsible_
for traffic passing through Tor" [my emphasis], which seems misleading -- his
machines were taken, but he hasn't been convicted of anything yet.

------
Tyrant505
So why would anyone run a exit node?

~~~
fiatpandas
Altruism like someone said, but also snooping. I can only imagine all the
fascinating traffic that comes in and out of an exit node. I guess people
weigh the risk of getting in trouble for child pornography with the advantages
of being able to monitor a ton of data for interesting information.

