
Tor exit node operator gets raided by police - morninj
http://www.npr.org/sections/alltechconsidered/2016/04/04/472992023/when-a-dark-web-volunteer-gets-raided-by-the-police
======
LeoPanthera
> Seattle police spokesman Sean Whitcomb says the department understands how
> Tor relays work, and they knew Robinson was a Tor host.

> "Knowing that, moving in, it doesn't automatically preclude the idea that
> the people running Tor are not also involved in child porn," Whitcomb says.
> "It does offer a plausible alibi, but it's still something that we need to
> check out."

> Whitcomb also says Seattle police were "artful" in the way they did the
> search. Instead of impounding all of Robinson's computers, which the warrant
> would have allowed, they offered to search them on the premises as long as
> he consented to turning over his passwords. He did, and they let him keep
> his machines after they scanned them.

This is the important part. They didn't shut down the exit node. They didn't
even take away the computer. This sounds bad, but in all honesty, it could
have gone at lot worse.

~~~
AnthonyMouse
It's still stupid though. It's like raiding the mailman's house for delivering
an illegal letter with no return address. Sure, it could have been sent by the
mailman, but it could have been sent by _anyone_. There isn't any more reason
to suspect the exit node operators than anyone else in the whole world who
could also have used the exit node.

~~~
dogma1138
No it sounds actually like good police work.

Running a Tor exit node shouldn't give you some blanket against police
investigations.

~~~
AndrewUnmuted
I would have said the same, if it were not for the police's unnecessary and
demeaning execution of their warrant at 6:00AM. If the police knew he was a
tor exit node operator, then surely they could have executed this search at a
more reasonable hour?

~~~
kbenson
When planning an operation like this you need to plan for a time when the
suspect is likely to be home. I imagine the most likely time someone is to be
home is right at their regular waking time (people often get home at different
times). Additionally, 6:00 AM is not excessively early for a large swath of
the population. It's not a _convenient_ time, but when is?

~~~
Godel_unicode
I couldn't help but imagine the police sending a request to view his outlook
calendar while reading your comment.

------
mattbee
Someone I know (in the UK) was arrested and spent a day in a cell when some
criminal postings to Twitter were traced to his Tor exit node.

When the police interviewed him and admitted they _knew_ what a Tor exit node
was, and that he was unlikely to be responsible for the traffic. But they did
want him to know that running a Tor exit node makes their life harder, and
would land him in this sort of trouble.

(I can't remember the exact words he reported, but it was outright
intimidation).

------
gherkin0
> Robinson admits it might be safer, legally, to host the Tor relay on rented
> space from a commercial Internet service to avoid mingling his personal
> traffic with Tor, but he says he shouldn't have to.

It'd probably be safer still setup a nonprofit group to own and run the exit
node(s).

~~~
kbenson
I don't understand this. If the police see the law being broken, they have an
obligation to investigate, even if it's _probably_ just the tor exit node.

Allowing any random person to forward mail through your address may not end up
well for you either, but I think people are more willing to accept that
they've opened themselves up to the liability in that case.

~~~
pmocek
> If the police see the law being broken, they have an obligation to
> investigate

I have seen no reporting--not even in Detective Daljit Gill's affidavit in
support of her application for search warrant (which I've read)--that police
observed any violation of law related to the search. They claim to have
received a tip, from 4chan, filtered through a national clearinghouse, that
about seven weeks prior someone had allegedly transferred to 4chan a video of
an unidentified woman abusing an unidentified child in an unknown location at
an unknown time, allegedly from an IP address that they discovered was
assigned by an ISP to David and that they learned prior to the search was the
exit point from an anonymizing proxy network.

~~~
kbenson
I'm not sure what this has to do with my comment. Is your point that they
should not have bothered to investigate further because they found that there
happened to be a TOR exit node? If so, I'm not sure it's a better situation,
where the police say "eh, he's probably not trading in child porn himself. We
can let this one go." That's just sloppy policing.

The point is not whether he was responsible for the child porn traffic, but
whether they have an obligation to investigate, and I think they do. In this
case, that means a raid, since it's an individual and not a business (a
business would likely have people that would speak out, and individual mean
that if he's guilty, there's no reason for him to incriminate himself). Even
so, raids on businesses happen as well, when there is a belief a evidence
might be destroyed.

~~~
pmocek
Your assertion was based on the flawed premise that police observed a
violation of law in this case. I have seen no indication that they saw such.
They reportedly acted on a fourth-party tip about a third party claim that an
unknown person transferred a file apparently containing evidence of a past
crime to that third party's computer. I edited my comment to quote yours in
clarification of this.

~~~
kbenson
You are correct, but I think it's well within the purview of the police to
decide to investigate a tip like that, even if it is a TOR exit node.

That is, I'll amend my earlier statement. If the police have been notified
about a law being broken, it's within acceptable behavior to follow up on that
tip.

In this case, while inmy eyes the existence of a TOR exit node might reduce
the likelihood that the person running it was responsible for the traffic, it
also raises the likelihood that the traffic existed in the first place in my
opinion. That puts the police in an interesting position, in that depending on
how they weight those items, they may decide to investigate further.

In any case, I think my point stands, which is that when you make yourself
responsible for delivering other people's traffic without oversight, you are
increasing the chance that something problematic may result. Thinking it
should have no effect on you is unrealistic.

~~~
pmocek
Imagine that police got a tip from some clearinghouse about contraband someone
else claimed to have received via FedEx delivery of a sealed container, so
they convinced a judge to authorize them to go into the FedEx depot to search
for and seize any delivery vehicle, shipping carton, shipping label, or
related documentation in sight. That's roughly what happened here, but worse,
the Tor exit relay operator _could not_ trace backward from the package they
delivered to the person from whom it originated, and the police knew it.

Sure, the package could have been injected by somebody at the FedEx depot, but
there is no evidence of such, and thus no cause for search.

~~~
kbenson
I'm not sure why you're using an example I specifically addressed a few
comments back in a way that accounts for nothing I said.

A business with multiple employees is not the same as an individual when
investigating a crime, depending on whether you think it's likely that they
are colluding.

The traffic of the suspect and TOR was mingled, therefor it is not possible to
say whether the offending traffic was from TOR or the suspect. If it was from
the suspect, there could have been traces on his systems.

A low probability is not the same as no possibility, and there _was_ a
possibility he was trading in child pornography. Your threshold for how high
that probability should be compared to the investigating officers, or their
superiors, may differ. At this point, it's _subjective_ , which is what I was
getting at in my prior comment.

In any case, this is _irrelevant to my original point_ , which I already
clarified in my prior comment. But to address what may have been your intent,
yes, I believe that a package forwarding service may have some problems with
the police from time to time. It may not be to the level you describe, but my
point clearly does not require that.

To put it _plainly_ , if you in any way enable illegal activity, even
unknowingly, it's not entirely unexpected that at times you may face increased
scrutiny, or legal misunderstandings. For the suspect in this case to say he
"shouldn't have to" is not realistic. That would allow a de-facto smokescreen
for real criminals to hide behind.

~~~
pmocek
> I believe that a package forwarding service may have some problems with the
> police from time to time.

Yes, of course, they may. Police act in unethical or even unlawful manners
from time to time. At question is not whether judges may warrant searches by
police that they should not warrant, it is whether those searches should be
warranted.

A fourth-party tip relayed through a third party about someone allegedly
transferring via a computer network that provides locational privacy a file
that apparently contains evidence of crime committed by an unidentified person
in an unknown place at an unknown time is not any indication that the operator
of the machine from which the file exited the anonymizing network onto the
open Internet is party to any crime, whether that operator performs the
service for fee, for free, at a commercial property, or at a residential
property, as an individual, or as part of a group.

------
brbsix
I'm blown away that someone (obviously so security savvy) would willingly hand
over their passwords. There's little sense accepting their assurances at face
value in potentially serious matters. LE can and will lie pursuant to their
duties. I suppose I'm even more surprised they didn't end up impounding all
the equipment anyways.

~~~
_wmd
It seems to me the risk is almost entirely on the police in this scenario,
meddling with running equipment is far from forensically sound and potentially
leaves ample room for doubt in court. Volunteering to comply with the police
request would also seem to exemplify the searchee's own presumption of
innocence

(IANAL!)

~~~
djsumdog
No no no no.

You never corporate with the police. It doesn't matter if you're innocent. It
doesn't matter if you're guilty. The police are not your friends. They are not
there to help you. They don't give a shit about you. Never comply with police.
Never consent to a search. They had a warrant in this case so it wouldn't have
mattered, but he still shouldn't have consented. He should have never given
them his passwords. He should have waited for a lawyer. He made so many
mistakes that I'm surprised he isn't in jail for incompetence.

[https://www.youtube.com/watch?v=6wXkI4t7nuc](https://www.youtube.com/watch?v=6wXkI4t7nuc)

~~~
_wmd
I think you're misinterpreting that idea, it's about not granting the police
privilege they did not already possess. In this case the police are offering
to trade the privilege of airtight, forensically sound evidence collection in
for the chance to grab secrets hiding in RAM. If the machine had no such
secrets, there is nothing to lose and everything to gain

~~~
brbsix
I'm a little confused. So you want to potentially give the police access to
additional evidence (via your passwords/decryption keys) in the hopes that
they will fuck something up or make a custodial error in the process of
recovering it? You have everything to lose by giving them your passwords, even
if you are innocent of the charges. You're under no obligation to give them
your passwords or empty the contents of your brain in their presence. Why give
them the opportunity to find something else? Who knows whether the machine has
something they will find interesting. You shouldn't be providing LE with
anything like this absent the advice of your attorney. There's too much to
lose.

I really want to encourage you to read the following:
[https://www.eff.org/issues/know-your-rights](https://www.eff.org/issues/know-
your-rights)

~~~
MagnumOpus
No, he potentially gives the police access to additional evidence (via your
passwords/decryption keys) in the hopes that the police don't do what they
usually do (and what is in their right to do): confiscate all his electronic
equipment and data including all backups of photos, videos, work projects,
documents-in-progress, archives etc and not give it back for years.

------
ksdale
I went to law school at the University of Washington and graduated in 2013 and
I actually did a little research about Tor while I was there and we talked to
some people fairly high up in Seattle area law enforcement and honestly I'm
surprised at how fast they've come along.

At the time, we couldn't find anyone who had even heard of Tor (not to say
there weren't lots of people who were familiar, just that we didn't find any
of them), let alone thought through the implications of someone running an
exit node so I find it interesting that they didn't just seize all of his
equipment. Based on my experience, I would not have predicted such an "artful"
search, to use words from the article, even just a couple years ago.

------
d33
Thought I'd leave it here:

[https://blog.torproject.org/running-exit-
node](https://blog.torproject.org/running-exit-node)

Also, how risky would it be to host an exit node that is HTTPS only?

~~~
amdavidson
If the FBI was able to monitor your traffic they would still see the IP
addresses to which your node was reaching out. Same goes if they are running a
honeypot[0] that your IP is hitting (as could be the case in this
instance[1]).

That might not be much in the way of concrete evidence, but if your exit node
is hitting carder forums all day long it might be enough for them to still
knock on your door.

0: [https://theintercept.com/2016/03/30/fbi-honeypot-ensnares-
mi...](https://theintercept.com/2016/03/30/fbi-honeypot-ensnares-michigan-
man/)

1: [http://www.techworm.net/2016/01/fbi-child-porn-sexually-
expl...](http://www.techworm.net/2016/01/fbi-child-porn-sexually-explicit-
users-arrests.html)

------
TenOhms
Someone tell Apple that they can purchase a lot of privacy street cred if they
hosted or funded a major TOR hosting initiative.

~~~
redbeard0x0a
No, Apple should definitely not be in a position of running TOR nodes. All it
takes is one National Security Letter and a Secret Court ruling that makes it
so they have to compromise that endpoint for law enforcement / anti-terrorism
organizations.

They need to keep doing what they have been doing with the recent FBI case and
bringing these things out into the public's view. There is far too many things
happening to subvert our privacy that we know nothing about...

~~~
TenOhms
Are you suggesting that nobody (companies or individuals) in the US or five
eyes countries should run TOR nodes since the government can slap them with a
court order?

~~~
Karunamon
From a personal safety standpoint, that is what I would suggest at least.
Running a Tor exit means that you're the one who's going to get the knock on
the door when a crook uses your connection for crookery.

I'd rather not deal with the police at all, in any capacity.

------
antman
In his position, I would immediately cease operations after that police
software was used on the system. Resume operations only after restoring from a
clean backup taken prior to the raid.

~~~
ThrustVectoring
I'd purchase new devices and/or components, and do a full rotation of all my
credentials.

In fact, I should probably build a "invalidate every credential I have on all
my computers and accounts" checklist. That and a tested backup strategy.

------
fhood
Should the police be allowed to do this? I don't know. Obviously the line has
to be drawn somewhere right? Child pornography isn't like narcotics. It isn't
in any way a victimless crime and I would prefer that the police be able to
inhibit its distribution. But then again if they had taken the same actions
because someone was purchasing drugs I would be totally opposed. Severity of a
crime is subjective, but a the law is still the law no matter how unfair it
may seem. My point is that either the police should be allowed to take these
actions or they shouldn't and the crime in question shouldn't really enter the
picture. Actions taken based on one type of crime can be fairly easily
justified for another. This is why in the US free speech is limited as little
as is possible. It's a slippery slope. So I think the real question is if you
operate a Tor exit node and something illegal passes through it should the
police be able to compel you to release the passwords to your servers. I think
they probably shouldn't. You would be hard pressed to find a Tor node that
something illegal hasn't passed through. Does that give police carte blanche
to access any information on any Tor node they want? Maybe.

~~~
goldent777
Seattle, and most of cascadia for that sake, is a complete police state. They
are far enough and fringe enough from the rest of the population to get away
with whatever they would like.

Tor exit nodes in the PNW are a very bad idea.

------
SG-
I'm disgusted the detectives carried around child porn even tho it's evidence
and not only brought it to a potential crime scene but offered to show it to
him.

Would they bring around cocaine or a gun from another scene? I'm assuming the
police officer is exempt from distributing child porn as long as he's accusing
of something before showing it.

~~~
dmix
Having read various police forensic reports, I'd say this is normal. They need
the hash of the image to do a forensic sweep of his computer. The search for
porn would be mostly automated, especially considering they are searching for
one specific image which is probably what the warrant was limited to.

Then they would probably want to compare the image itself if it was detected
on the harddrive, instead of relying purely on the file hash.

~~~
SG-
I agree, but this isn't something the detective would perform himself, it
would be the 'tech' guys and he still shouldn't offer to show it around.

------
l3m0ndr0p
Why would anybody give up their password & allow the police to work on your
computer? Let them take the systems and accept the risk that running a TOR
node in this day and age will get you a visit from the police or similar.

This guy gave up the password & now doesn't trust what they did to his
systems. He has to get rid of them now? This is no different if they took his
computers away without knowing his passwords.

What if this guys was working with the police all along. Now some guy decides
to give away his password to the police so they can check his computer? Sounds
fucking suspicious to me. I guess they are testing the waters to see if other
TOR node exit maintainers are going to do the same.

Listen up! Never give your password out. Encrypt your systems & keep them
separated if you are running a TOR node. Let them take your systems, because
you will have to trash them anyway if you grant them access.

------
stegosaurus
Illegal numbers are my favourite kind of numbers.

How many bytes do I need? In the countries that have laws against cartoons,
can I make an illegal favicon? Can I design a neural network which generates
illegal favicons?

More seriously, criminalizing data is a terrible, terrible idea, simply
because it provides a backdoor into the justice system.

------
geff82
The german criminal police (in US: FBI) once called me and insisted on a good
talk because of something. They finally visited me sensibly at my workplace,
dressed up as customers (promised not to tell my coworkers who they really
were). Then they told me there had been terror threats for thr Ukraine coming
from my TOR server (they knew about Tor...). Bad thing: the terror threat had
been some weeks ago and I had reinstalled the server three days before
(without Tor) and all logs/evidences had been destroyed. Luckily, they
believed me and left me after I simply gave them all passwords concerning the
case. I have not run a Tor server since then. I support the concept, but it
can bring you real trouble.

------
swang
> At one point, a detective offered to show him the image, but Robinson
> refused.

I can't tell if the detective is a moron or just really hoping to induce a
pedophile

------
athenot
I'm not familiar with how Tor works; would it be possible to run an exit node
but have it behind a filter to limit the liability?

~~~
fizgig
You can tell the exit node which out-bound ports you want to allow. So for
example, you can deny port 25 traffic so people can't send spam (as easily)
anonymously via your exit.

If I ever get the balls to host an exit node myself, I'd likely only allow
port 22. Even allowing 443 seems a bit risky after reading this.

~~~
jandrese
Only allowing port 22 seems pretty limiting. How many people ssh over TOR?
Sure they can setup tunnels, but that can't be very common.

In any case, you are always in danger of being identified by honeypot servers.

------
wstrange
This is an area where public libraries could take a lead role by running Tor
exit nodes.

Running an exit node as an individual is going to be a dicey proposition.

