Hacker News new | past | comments | ask | show | jobs | submit login
Tor exit node operator prosecuted in Austria (network23.org)
286 points by msl on July 2, 2014 | hide | past | favorite | 140 comments



Is this is the "big brother" plan to eradicate anonymity services? Just argue "child porn!" and arrest everyone?

The law quoted was:

>Not only the immediate perpetator commits a criminal action, but also anyone who appoints someone to carry it out, or anyone who otherwise contributes to the completion of said criminal action.

Anyone who contributes? Wouldn't this include ISPs or perhaps even the application server technologies (HTTP, FTP) used? Or clients, browsers and picture viewers?

In any case, kudos to this guy. I can't imagine what he's going through: PTSD, having all his hardware taken away, dealing with clueless police.


While I disagree with them, there are a multitude of laws in most countries that make operating a TOR exit node a very bad idea. The concept of criminal responsibility for enabling the illegal acts of others, even when you don't know specifically what others are going to do with the tools you provide, is well established in the US and other countries.

Perfect example: Ryan Holle of Florida is serving life without parole for allowing his friends to borrow his car at a party when he was 18 years old. He went to sleep; his friends took the car and committed a robbery during which someone was killed. The prosecutor's argument to the jury during the 1 day trial? "No car, no murder".


There is something big missing from that summary of Holle: he knew his friends were going to commit a burglary.[1] Without that connection that puts him on the hook for a felony, he wouldn't be facing life for felony murder.[2]

[1] He disputes his point, which is fair enough, but the court has found otherwise.

[2] Someone could point out the three-felonies-a-day thing here.

EDIT for footnote 2 Flordia's felony murder law[3] spells out the very specific felonies in which you face felony murder charges. These aren't in the same category as accidentally picking up a lobster trap.

[3] http://en.wikipedia.org/wiki/Felony_murder_rule_(Florida)


Whether he knew or not (he says he didn't believe that they were going to do it), the comparison to TOR-related cases is still appropriate. If one of these cases went to trial in the US, you would hear the prosecutor telling the jury about TOR's seedy reputation, and that because of that reputation, any reasonable person would have known that illegal activity was likely to occur. Under federal and most state laws, that's enough to make someone culpable.


Legally, "you should have known something fishy was going to occur" is a very different beast from "you knowingly participated in a felony conspiracy, and a co-conspirator committed murder that depended on your material aid."

Home invasions have a tendency to end up with someone dead. Don't help your friends commit them by giving them guns or the vehicles to get there. (Also, don't be the getaway driver for a bank robbery.)

Without the court finding that Holle knew his friends were going to commit burglary, the prosecutor could wave his arms all he wanted about how he should have known his friends were scumbags and he should not have lent them even his watch, but the actual legal requirements for felony murder would have fallen apart.


It's not hard to argue that TOR has non illegal useses which provide a fair amount of protection. DARPA provided early funding. Further the US State department is currently funding TOR development giving US exit nodes much better legal standing.

More importantly TOR is not going to work much worse if your exit node(s) shut down. Selling spray paint to a 15 year old might be used for tagging but you don't know and not selling it is not going to stop crap.


Home invasions have a tendency to end up with someone dead. Don't help your friends commit them by giving them guns or the vehicles to get there. (Also, don't be the getaway driver for a bank robbery.)

And, I suspect a jury would add to that...Don't offer up your internet connection with the specific intent to aid in shielding the identities of child pornographers, spammers, and all manner of thieves.


The jury doesn't get to make up laws or charges.

Halle was convicted specifically under Florida's felony murder law, which lists a number of felonies (including arson, escape, home invasion, and carjacking) that, if you participate in them, you are liable for any murders that occur during them.

We might someday find that everyone is responsible for their Internet connection. But it won't be because of felony murder laws.


You're being pedantic. The point is that there are similar laws regarding conspiracy that are even more broad, that could easily put an exit node operator in prison.


Could you share some of these laws? I'm curious because I haven't heard of such a case in the US.


I don't think one has been pursued here yet, but it doesn't mean they can't or won't. Our conspiracy laws are very broad.

http://www.law.cornell.edu/uscode/text/18/371

That's the federal one, and each state has their own.


The essence of a conspiracy charge requires an agreement between two parties to commit a crime.

http://fas.org/sgp/crs/misc/R41223.pdf

Running a TOR exit node almost certainly would not constitute an agreement under federal law.

Indeed, see the following jury instructions: http://www3.ce9.uscourts.gov/jury-instructions/node/475

> On the other hand, one who has no knowledge of a conspiracy, but happens to act in a way which furthers some object or purpose of the conspiracy, does not thereby become a conspirator. Similarly, a person does not become a conspirator merely by associating with one or more persons who are conspirators, nor merely by knowing that a conspiracy exists.

There's your defense. An individual running a TOR exit node with the purpose of passing news to people behind the great firewall of China does not become a conspirator because an anonymous individual uses that node to commit wire fraud. They had no knowledge that a conspiracy was being committed - they may have furthered it (by simply running the node) but that is insufficient for a conspiracy charge.


> Running a TOR exit node almost certainly would not constitute an agreement under federal law.

You may very well be right. All I'm saying, and this is the EFF's position as well, is that at some point a prosecutor (or several) will test this. By running the node, you have agreed to have traffic run through your system. Given the shady reputation, you are saying "come do illegal things with my internet connection, I'll protect your identity".

Federal prosecutors are smart, and most are gunning for jobs at high-end law firms. Someone is going to try to get a nice resume bump by testing this eventually, and there will be an unlucky exit node operator that will at best only have to pay a six figure defense bill, and at worst will spend time in prison.


If that were really "all you were saying" the comment thread wouldn't be so deep. But earlier you said, "that's enough to make someone culpable," implying not that a prosecutor would test it, but that someone would be convicted. There simply isn't a sturdy argument for that proposition.


Interesting quirk - under felony murder, you are responsible for any deaths that occur as a result of the crime, not just murder.

If a guy has a heart attack and dies while you're robbing a bank, boom, felony murder for everyone.

If a guard, police officer, or armed citizen shoots dead one of your accomplices during the crime, felony murder for you.


So a knife producer, by that logic, is also guilty, because of the reputation of knife's to, you know, kill people.


Also everyone up to the guy who mined the iron ore. Even the people who designed the machinery used to mine all the way to those who designed the machinery that makes the knives, because, without them, knives would not exist.


You're forgetting the government that set up a common currency allowing for the sale of the knife.


Maybe in US law (I'm still not convinced of that), but I disagree with your assertion that this could be used in "most countries". In the UK you would have to prove knowledge that a crime had been or was going to be committed - which kind of seems sensible.


Loaning a car to seedy friends has no redeeming value to society. Hosting a TOR node, on the other hand, protects the privacy of whistle blowers and likely contributes to bringing down totalitarian governments.

It seems quite possible to make the argument that the great good a TOR node can do outweighs the bad it can also do.


A better analogy is that a rental-car company owner being prosecuted because someone rented a car and committed a bank robbery.


This is why the concept of jury nullification is important. Yes, it's good to have laws that punish accessories, but that kind of thing is obviously not the intended case. No rational person would accept that outcome under normal circumstances, but jurors are essentially bullied by the legal establishment, which holds them in fairly clear disdain, and told they must deliver a ruling based on certain rules without consideration to the larger import of the situation or face contempt of court. I suppose the abuse is even worse in jurisdictions and/or cases where jurors do not have a say in sentencing.


Holle knew they were going to use his car in a robbery. I imagine most juries would still punish even if they knew of nullification. The parent poster mislead you into thinking Holle was ignorant of what the car was used for.

I'd convict him considering the circumstances. He is an accomplice.


After some checking with Google I don't get the impression this case was "serious" enough to have a jury involved. E.g. from the statement of the convicted it's implied the maximum jail term would have been 3 months.

Those of us in common law based legal regimes count ourselves lucky to have that check in all but the most trifling of cases.


This is the basic weakness of Tor: while nobody can listen in on your communications, they can determine you're using Tor and communicating covertly. In some jurisdictions that's enough to put you in jail or to question you with the help of very nasty tools.


So by the same argument, if someone takes the bus to commit a crime, the bus operator is responsible?


Assuming Darknet technology is improved to the point that "exit nodes" become unnecessary (something like BitMessage), the next target would be developers of such software and developers of cryptography software in general.


Exit nodes are already unnecessary; TOR allows you to operate services on the network itself ("hidden services").

However, it seems not everything is kept on the TOR network. I would've assumed that if someone were using TOR for criminal purposes, they wouldn't expose themselves to monitoring by accessing resources off TOR, but that doesn't seem to be the case.


When someone is condamned for something online-related (piracy, CP, etc.), we should obviously arrest all the owners of routers between the source and the target. They are accomplice because they helped the data to transit. That's only commom sense !

/s


Just running network equipment doesn't make you aware of it's use though. Tor users know through high-profile cases that Tor is being used for drugs deals and other criminal activities - but they run the exit nodes in the face of this. I'm not saying the law is correct (nor wrong) just that the application appears to be valid.

Yes, there are high-moral reasons to run an exit node too.


The requirement for knowing about criminal activities is intentional very high. If it wasn't, almost every internet based service would be deemed illegal. ISP and online market places like Amazon can not claim they aren't aware of fraudsters, but they still a necessary tool in the crime.

During the Pirate Bay trial, the requirement was set to "primary usage". They took a screenshot of the top 100, and sad "obviously, the site founders know that the primary usage was illegal" which the court then accepted. Arguing that same for tor is sketchy at best, and there is government organizations, researchers and developers who would argue that the primary usage for tor is as a privacy tool for non-criminal activities. I also suspect that they would have plenty of evidence to back it up.


ISPs know that the internet is used for drug deals and criminal activities. Should we prosecute them too?

Gun dealers also know their guns can be used to shoot people. Are they culpable in every murder?


The difference is that ISPs are regulated, and part of that regulation is that they must intercept traffic.


I don't follow this distinction, at least in terms of U.S. law.

Every kind of entity can receive orders under the Wiretap Act, whether it's "regulated" or not. My friend who runs the server where I have my e-mail could receive such an order.

Until the D.C. Circuit accepted law enforcement's reinterpretation of CALEA in 2006, ISPs were not required to buy or have wiretapping equipment, but they were required to comply with wiretap orders to the best of their ability.

Tor node operators are presumably also legally required to comply with wiretap orders to the best of their ability.

Does your theory suggest that ISPs' liability would have been different before 2006 because no specific regulation treated them differently from Tor node operators with respect to wiretap obligations then?


Well, Tor is used ONLY for criminal activities. That's its entire point. You're in a state where talking to the Americans is a criminal activity punishable by beheading. So you use Tor to talk to them. I'm almost certain that activities which are criminal in the USA outnumber activities which are criminal in some oppressive regime on the Tor network. That's only because it's a damn good and secure network and we have less people standing against oppressive regimes than we have ones standing against USA law.

You can't have a really secure anonymous untraceable network, but also monitor everyone on it for illegal activity. The entire point of that network is illegal activity, for local definitions of illegal.


> Tor users know through high-profile

Yeah sure. Just install Firefox privacy extension and you are running Tor. Or your children can do it for you.


"its use". "It's" means only "it is" or maybe "it has".


Yes. I usually catch my homophonic gaffs but not always. I'm not sure what it is, probably abject lack of sleep, but in the last several years I've become increasingly prone to insert homophones in error in my comments. Apologies.


There are several countries that would do exactly as you say, or would threaten to do it in order to get a few bribes to the right people.


Unfortunately the mainstream media has taken a stern stance of building a negative image of those services. You always get to read how it's full of pedophiles and drug traffic. The fact that such services help dissident journalists, bloggers or political figures or are invaluable in case of repressive internet shut-down seems to escape their spotlight.

This generalization of tech phenomenon which can be used for both good and bad deeds has led to extreme paranoia. Hence such harsh sweeps when dealing with it, I guess. Those who are under the effect of the judgement are also a part of yet another generalization encompassing an undefined, ridiculously big network of "criminals".


The general assumption in both the public mind and law is that anonymous == criminal, because of the "if you've got nothing to hide you've got nothing to fear" argument.

The long term downward trend in the trustedness of institutions has been steadily undermining this argument which is why, I think, things like Tor exist at all, but public attitudes change slowly.

In the case of Tor, it's slower / less convenient than usual browsing and is otherwise the same except for being more anonymous. So it's very easy to plant the idea in people's minds that there's no point in using it unless you're up to no good. And the Tor project doesn't really help here - they talk about the legitimate uses on their website but don't point to concrete examples (iirc), e.g. they say the military use it, but provide no real evidence of that. I think actually the UK child porn censors use it as well because it's a source of free proxies and child porn hosting sites know their IP addresses and block them, which is a pretty funny story, but this was mentioned in some talk and I don't think it's on their website.

To make things worse, the internet itself is rapidly converging on the consensus that Tor isn't worth it. Witness the widespread blocking of exit nodes that occurs these days. Tor is losing the argument not just in court but elsewhere too.

IMHO running Tor exits will not become less dangerous any time soon unless Tor finds a way to significantly boost "obviously legit" usage. For that they'd need to provide a Tor browser that isn't geared towards the total-anonymity-or-die crowd. VPN services like HotSpot Shield absolutely dominate Tor in terms of usage because they're much easier t use and don't do stuff like disable Flash and constantly wipe cookies, which makes them much more popular for people trying to evade national censorship but not treat the destination service as hostile.


> "Anyone who contributes? Wouldn't this include ISPs or perhaps even the application server technologies (HTTP, FTP) used? Or clients, browsers and picture viewers?"

People involved in those things will not be targeted, unless the authorities already have another reason to want to target them. Absurdly broad laws, coupled with selective enforcement, allows the authorities to legally harass anyone that they please.

Whenever anyone complains about overly broad laws, selective enforcement allows apologists to claim that any objections to those laws are unfounded because in practice people are typically not abused by those laws. However the danger of the laws is not that they will be used to abuse everyone, but rather that they will be used to abuse a select few.


Lawmakers aren't as intelligent as programmers. What's worse is, instead of just telling him to turn off the exit node now he's seen as a criminal by the system for doing absolutely nothing. Imagine applying for a job and trying to explain to them why you were arrested, especially if the interviewer is not tech savvy it might not look so good.


> Lawmakers aren't as intelligent as programmers. What's worse is, instead of just telling him to turn off the exit node now he's seen as a criminal by the system for doing absolutely nothing. Imagine applying for a job and trying to explain to them why you were arrested, especially if the interviewer is not tech savvy it might not look so good.

He did not receive a criminal record.


Oh, I must of read it wrong then.


GRAMMAR: [must have*] not of.


Please do not question the intelligence of programmers.


strictly speaking, the pronunciation he was going for was must've.


From his blog: "It’s now finally over and besides the cost i CAN live with this sentence, it does not show up in police registers and won’t be an issue for work and alike in the future."


I'm no Tor expert so please correct me if I'm wrong, but wouldn't people trading child porn (etc) most likely be entirely within the onion network anyway and therefore have no need for an exit node?


That's correct, people talk about shady things happening over Tor but how many cases that come up are actually something shady going over an exit node?


Thinking about it, they're probably quite useful for spam/hacking/extortion.


"In the end, what got us was not AIDS, social injustice or a stealthy black hole. The second the first artificial intelligence awakened, charged with keeping peace in a college campus, it managed to exploit its way around the globe and waged war on all systems with laws, protocols and contracts. Creating rules allowed for them to be broken. By breaking rules, criminals were created. Rules prescribe punishment. At the same time the intelligence discovered wit, schadenfreude and the concept of "kafkian hell". Everything was enforced at once."


What are you quoting here?


I made that up. The "'s were just to make the text appear to have a context elsewhere.


Not certain, but the writing style is similar to Orwell's 1984.


Yup. Following this logic they have a long trail of people to prosecute, both living and dead.

Good luck to them figuring out who to prosecute for inventing spoken and written language, as that aids more crime than anything else.

Ban language! And water! And humans!

It's a blanket "we'll crush you as we damn well please" law. Most states have them.


Official statement from the guy who got sentenced: https://rdns.im/court-official-statement-part-1


Came here and to post this too. It's really a shame how the current system of law enforcement is designed to destroy completely destroy people.

I'm idling in some of the same public IRC channels as will (since way before he was raided for running a TOR node) it was/is painful to watch how this completely destroyed him.

It has really put me off, and probably many others, from ever hosting a TOR node, which might what makes this even worse. If you want to help people in heavily censored (or monitored, but what would be every single one of them, as of now) countries you get punished and your life gets completely ruined.

Seriously, the guy was like 20 or so when the police raided his home because of a TOR relay. Financially and mentally ruining someone when he didn't even do anything wrong is just... It makes me really angry.


  It has really put me off, and probably many others, from ever hosting a TOR node
The cynic in me can't help but assume that that's the entire point.


The realist in me can't help but assume that that's the entire point.


It's definitely the point.


It's really a shame how the current system of law enforcement is designed to destroy completely destroy people.

No one is innocent: http://marginalrevolution.com/marginalrevolution/2013/06/no-... .


Maybe, and I realise this sounds borderline crazy, but hear me out.

Maybe we shouldn't be running TOR exit nodes personally. It seems to me a couple of people should form a nonprofit company to run the node and distance themselves from liability that way. You'll still need to shut it down if your company is found guilty of running a server that was used to distribute bad bits, but it would be more "we wanted to make something nice and these gosh darned paedophiles got in our way and we can't continue" and less "you collude with paedophiles and are a paedophile and a criminal". It will be harder and it will take more funds and perhaps it's borderline impossible, but this is where things seem to be going. Be a corporation, because individual people get squashed like bugs.


Unfortunately, setting up a limited liability corporation tend to require substantial funding up front, I believe several months worth of median income in many places.

I'm afraid your advice actually reduces to "be rich, because poor people get squashed like bugs". (Of course, another possibility is to rally many people to your cause. Then you can fund your expensive legal structure with poor people.)


Hmm, that varies from place to place, but yes - not cheap. Aren't there also different fees depending on whether it's for-profit or not?

Obviously you'd set it up with more people, there obviously are enough who want to contribute to Tor. You'd gather capital, sign some up as co-founders and use what you can to buy colocation and set up servers. I wonder if you could also switch things around and colocate in people's homes by renting the property and paying for a residential connection, then renting it back to whoever lived there originally at the original fee. Basically, you create a company, have it rent an apartment and pay for a connection, then you rent the apartment and connection from the company, which should end up with you (legally) having (nearly) nothing at all to do with the black box in the corner that connects to the internet.


Unfortunately this hasn't been the first case like that and it probably won't be the last one either. Saying they destroy peoples lives on purpose isn't fair though. Everybody setting up an exit node knows there's some chance the police will knock on your door one day or at the very least you'll end up getting a lot of letters. Projects like https://www.torservers.net exist for that very reason. I understand donating money isn't as fulfilling/fun/cool as hosting an exit node yourself but at this point everybody should be well aware of the possible consequences.


People are aware that they may draw law enforcement attention, but many believe the issue will be cleared up when they politely explain how Tor works and that it's not really their fault that someone did something naughty through their endpoint. Unfortunately, sometimes it's not that simple.

It should be underscored that unless you have access to unlimited good, free legal help, you probably have no business running an exit node, and you should have that good, free lawyer make sure that the laws in your jurisdiction are Tor-friendly, as some places have been passing laws that hold the IP's owner responsible for all activity, regardless of excuses ("open wifi" doesn't fly either).

The sad part is that this means Tor exit nodes will continue to be primarily the province of large organizations who are more likely to be in cahoots with ruling authorities, which weakens the strength of the network for everyone.


@sp332:

>> I don't get how the rest of your comment supports this statement.

It doesn't. I didn't make that statement - you did.

I said they don't destroy lives _on purpose_. Neither are they trying to stop people from running exit nodes. They don't know what an exit node is. Somebody is doing nasty things using Tor. They look at the Whois record. Your name pops up. They knock on your door. End of story (I don't like the story either).

@cookiecaper:

The last paragraph of your comment isn't true. The Tor Project itself trusts and supports these organizations (like torservers.net - I'm sure there are many others like it). All nodes under control of one organization are marked as such inside the network so Tor clients can avoid using more than one of them at a time.

This talk might help: Defcon 21 - Safety of Tor Network Look at Network Diversity, Relay Operators & Malicious Relays (https://www.youtube.com/watch?v=864FxA3jmHk)

---

By the way. What's with all the downvotes? You do realise that I'm not responsible for anybody's house getting raided by the police, yes? I'm tired of blaming the police while nobody is willing to sit down with them and explain to them how Tor works. It's just not helpful.


It sounds to me like the best way to keep yourself safe from having your every electronic gadget taken by police would be to set it up your TOR node under some limited liability company like structure so while it would be taken down you would at least still be able to function while you fight it.


Saying they destroy peoples lives on purpose isn't fair though.

Everyone knows it might happen, therefore it doesn't happen? I don't get how the rest of your comment supports this statement.


> If you want to help people in heavily censored (or monitored, but what would be every single one of them, as of now) countries you get punished and your life gets completely ruined.

I know that's the dream of everyone running a Tor node but let's face it, you're mostly helping drug dealers and child pornographers operate. Not saying that's your intention, but that's what's happening. That's why it's absolutely crazy to operate a node. Find some other way to help if you value your freedom.


I had to downvote and here's why:

> you're mostly helping drug dealers and child pornographers operate

You could argue the same about encryption, so should encryption be banned or deemed immoral now?

> That's why it's absolutely crazy to operate a node.

Again, you could say this for any company that builds crypto software.

> Find some other way to help if you value your freedom.

You can still operate a TOR exit node safely by anonymously getting a server paid for with a cryptocurrency. It's perfectly safe.


> You could argue the same about encryption, so should encryption be banned or deemed immoral now?

Sigh. This sounds just like the arguments about cars ("they can kill people, should we ban them too???"). Let's get real, the vast majority of Tor traffic is, shall we say, for nefarious purposes. Encryption has numerous applications which are perfectly legitimate and it could be argued that the legitimate applications outweigh the illegitimate ones. You might have a point if "encryption" meant "operating an open relay where anyone can encrypt anything for any purpose".

> You can still operate a TOR exit node safely by anonymously getting a server paid for with a cryptocurrency. It's perfectly safe.

Safe for whom? You as an individual, perhaps. Definitely not safe for the guy running the exit node.


> Let's get real, the vast majority of Tor traffic is, shall we say, for nefarious purposes.

I don't really understand your argument here. Are you saying that Tor should be banned because the ratio of illegitimate to legitimate applications is higher than that of encryption software? I'm not putting words in your mouth, I'm just trying to understand what you're saying here.

> Safe for whom? You as an individual, perhaps. Definitely not safe for the guy running the exit node.

Well you would be the guy running an exit node on a VPS hosted by a hosting company/ISP (after all, they seem to be protected by law). Looks pretty bullet proof to me. Worst case scenario - they shut down your VPS.


> I don't really understand your argument here. Are you saying that Tor should be banned because the ratio of illegitimate to legitimate applications is higher than that of encryption software? I'm not putting words in your mouth, I'm just trying to understand what you're saying here.

No, I'm not saying it should be banned, I just don't want to hear people whine about "OMG I want to help these poor oppressed people soooo much and the government just doesn't understand!!!" knowing full well that the reason the government comes down so hard on Tor is because it's primarily a vehicle for illegal activity (seriously illegal activity at that).

I'm just saying hey, the government doesn't like it and don't kid yourself about the reason -- and certainly don't run a Tor node if you aren't ready for potential consequences.


> Let's get real, the vast majority of Tor traffic is, shall we say, for nefarious purposes.

Citation needed. Plenty of people use Tor to avoid government censorship (think China), to keep their information free from government spying (think NSA), or simply to secure their connection to the Internet. One need not be up to no good to use Tor, and I think your assumption that most are up to no good is off-base.


Call me crazy, but I'm alright if some unsavory characters have an easier time staying anonymous if at the same time it makes it harder for states to censor the internet (they go hand in hand).

Tor lets people access things that their government doesn't want them to. Sometimes that means porn and drugs, but in much of the world that can simply be a news report.


Does this mean that Austrian ISPs can be prosecuted if their customers use their connections to transmit "content of an illegal nature"? Surely the ISP knows that some of their customers could use their services for illicit purposes, meaning they're "guilty of complicity" themselves.


It means absolutely nothing. Austria does not follow the common law doctrine of stare decisis, where each case is bound to follow whatever reasoning is used by a superior court. (Note that "constant jurisprudence" is completely different and is not really binding, since higher court chambers do not have stable composition and as such their reasoning may not be consistent.)

A different court is allowed to use completely contrary reasoning and interpretation of "enables or facilitates" ("ermöglicht oder erleichtert") and "intent" ("Vorsatz") in § 12 StGB. The more money you have, the more likely that is. Also keep in mind that sometimes juries composed of short-term politically-appointed local politicians ("lay judges") are used, so that also adds to the complexity.

Austria's women and landscapes are beautiful. Austria's legal system, not so much.


> A different court is allowed to use completely contrary reasoning and interpretation of "enables or facilitates" ("ermöglicht oder erleichtert") and "intent" ("Vorsatz") in § 12 StGB.

In general, lower courts are still going to follow the superior courts, or they will simply be overturned on appeal. And if a judgement is reversed by an appeals court, the lower court is generally bound by the legal findings of the appeals court (e.g. §511 ZPO [1]), so it's not as though they can evade review. In practice, there is actually relatively little difference between common law and civil law jurisdiction these days with respect to precedent.

Not to mention that in this case this is the judgement of a regional court, which could not possibly be binding outside its region even in a common law country.

> Also keep in mind that sometimes juries composed of short-term politically-appointed local politicians ("lay judges") are used, so that also adds to the complexity.

Lay justices and jurors in Austria are selected randomly from the electoral register. See §5 GschwG [2]. This is different from the procedure in other countries, where lay judges are commonly volunteers.

[1] http://www.jusline.at/511_ZPO.html

[2] http://www.jusline.at/5._Verfahren_der_Gemeinden_GschG.html


> In general, lower courts are still going to follow the superior courts

That's true. Until its not.

> or they will simply be overturned on appeal

Unless its an entirely different chamber. Is any given chamber even static in composition, or is it dynamic? I admit I don't know (i.e. I have no clue) how appellate panels are chosen. But if even a given appellate chamber is never static, then it may or may not be overturned, depending on that chamber's judges' and whether their opinions are different from a previous composition of the chamber.

> if a judgement is reversed by an appeals court

That's a very big "if" given that there is no stare decisis and a possibly dynamic appellate court composition.

> there is actually relatively little difference

Stare decisis forms after a single opinion. "Constant jurisprudence" forms after ... it forms after judges say it forms. Or something.

> could not possibly be binding outside its region even in a common law country

In California and New York at least (thats like 60 million people) there is no regional appeals court. The appeals court forms a single court, and its opinions are binding throughout the state. California and New York are themselves sovereign states, not regions. (Which is why you can, e.g., commit treason against a state. They also have their own militaries, e.g., "state defense forces", separate from the so-called National Guard.)

> Lay justices and jurors in Austria are selected randomly from the electoral register.

I did not know that. Now I'm glad I brought it up. Thank you. Sweden and Germany could learn something there IMO.


That's interesting about Austria not using stare decisis. How does that mesh with them being part of Europe. European laws which have been ratified would surely require them to rely on other European decisions? (Art. 177 EEC I think?)

Art.6 ECHR - right to fair trial - appears to contradict the idea of allowing contrary reasoning to be used arbitrarily. Political appointees coming to a different decision would seem to require partiality too.

Interesting.


Common law is only being used in the United Kingdom: http://en.wikipedia.org/wiki/Common_law#mediaviewer/File:Leg...


> Austria's women and landscapes are beautiful. Austria's legal system, not so much.

I think our legal system is pretty good to be honest. (Then again, I also pretty much agree with the fact that TOR exit nodes are not compatible with Austrian law.)


Lets put it this way: If you took American judges and American lawyers and American laws and used Austria's jurisprudence, would the legal system be better or worse than America's? Without juries and without doctrine like stare decisis, IMO, way worse.

Its just so sad to see what has happened to Austria's legal system. Austrians lost their right to a jury trial, which AFAIK happened circa 1933-1934 (this should give you a clue as to who benefited/benefits), and Austrians have absolutely no clue they even had it. I think Germany lost their right to a jury trial around 1924. That really wasn't that long ago, given that the jury trial is a Germanic custom. (I mean, its all very POV. Austro-German politicans call it "reform"; I call it "fascism".) Stare decisis is more of a sui generis and extra-statutory mechanism developed in England, so that facet is obviously less surprising.


> Austrians have absolutely no clue they even had it

Citation needed. From personal experience Austrians are very much in support of not having American style juries which are seen in a very bad light over here.

> Lets put it this way: If you took American judges and American lawyers and American laws and used Austria's jurisprudence, would the legal system be better or worse than America's?

Why would you mix things together that do not go together? Personally I would much rather have to deal with an Austrian court than an American one.


> Citation needed.

It is hard to prove a negative or prove something has not happened. I'll leave that as an exercise to the reader.

> American style juries which are seen in a very bad light over here

That neither supports nor refutes my argument that Austrians have no clue about Austrian style juries.

> Personally I would much rather have to deal with an Austrian court than an American one.

I would much rather deal with an American court with Austrian judges.

> Why would you mix things together that do not go together?

Because I possess free will. And I am capable of performing thought experiments.


> That neither supports nor refutes my argument that Austrian's have no clue about Austrian style juries.

It's very hard to refute that claim because you did not provide any sources for yours either. I would not know how to judge how Austrians see courts besides my limited exposure to the few law related classes I took and observing one of our most popular judges for a day and that obviously is personal bias.

> I would much rather deal with an American court with Austrian judges.

I can only assume Austrian courts did you something wrong or a person you know. Austrian courts see so little public exposure that you literally have to pick individual cases together by force to get a (skewed) view of the world. For the most part court cases in Austria are ridiculously boring.


Well its not the courts themselves but the law which forms them. But the differences are fast becoming only theoretical.

Now, mind you, Continental judiciaries have a superior administrative tribunal system which is a recognized part of their judiciary. The United Kingdom has even recently adopted this approach. It is only the United States AFAIK that continues to insist that some judges are not part of the judiciary--which is an obvious falacy. The judiciary adjudicates--that is its purpose. We call them variously as "administrative law judges" (ALJs), "traffic commissioners" and "magistrates", etc. America essentially has two judiciaries--one independent of the executive, the other not independent. It's retarded. Its unconstitutional.

And apparently Austria uses what are, in effect, Anglo-American juries. They are selected at random from the electorate. They decide questions of fact. I don't see the lack of separation between "trier of fact" and "trier of law" as obviously better or worse.

And, as people are pointing out, there are inroads being made for a form of stare decisis such as Art. 177 EEC. So there is progress on all fronts IMO.


> And apparently Austria uses what are, in effect, Anglo-American juries. They are selected at random from the electorate. They decide questions of fact. I don't see the lack of separation between "trier of fact" and "trier of law" as obviously better or worse.

There are two versions of "juries" in Austria: Geschworenengerichte and Schoeffengerichte. Either only become relevant if you have committed a crime that could get you in prison for 5 years or more. Geschworene decide of guity and not guilty and decide the punishment, Schoeffen do it with the help of a judge. Not sure how that is related to the American system where the decision is made of "proven and not proven" or am I misunderstanding you?


@the_mitsuhiko

> or am I misunderstanding you?

IDK I don't think you're misunderstanding me.. I was merely musing about this difference which you speak of--"Geschworene decide of guity and not guilty and decide the punishment, Schoeffen do it with the help of a judge". (Except that Anglo-American juries less often decide punishments--the common exception in the US being the death penalty.)


How do you argue that running a TOR exit node is not compatible with Austrian law while running an ISP is?


AFAIK, in Germany (I know the article is about Austria but I'd guess their laws are similar) you can be held responsible if something illegal is conducted through your network (usually open WLANs). It's called "Störerhaftung" and is pretty crazy because it essentially means every grandmother has to become a sysadmin of sorts. This is used a lot in film download trials etc.

ISPs are explicitly excluded from this and not held responsible.


A major difference is that "Störerhaftung" is matter of civil liability only, not criminal liability. Moreover, "Störerhaftung" entitles the injured party only to injunctive relief, not to damages (unless, of course, you signed a cease and desist agreement, in which case contractual penalties may apply). "Haftung" (= liability) is thus a bit of a misnomer.

Moreover, the current German government is considering legislation to eliminate "Störerhaftung" with respect to unprotected WLAN access.

As for:

> ISPs are explicitly excluded from this and not held responsible.

This is not accurate. The "provider privilege" that ISPs enjoy in Germany only immunizes them against claims involving damages; injured parties can and do request injunctions based on "Störerhaftung" (whether such injunctive relief is granted is another story, especially when the desired injunction is ineffective). In fact, there have been cases where providers have been held to higher standards than private individuals because of their greater expertise (e.g., LG Hamburg 310 O 433/10 [1]). The details are still far from settled law, though.

[1] http://openjur.de/u/82969.html


> ISPs are explicitly excluded from this and not held responsible.

Time to form a shell company in the ISP business to host your Tor servers, then?

Or are there specific requirements that would prevent such a plan (recordkeeping seems like the obvious one)


There was a story about a Retroshare guy from Germany being prosecuted in a similar case, but the Court cleared him.


I have a VPS with an Austrian ISP. Their Ts&Cs already state the following are specifically not allowed:

Tor/i2p/similar exit servers (bridge, entry and middle are fine until further notice)

Last update was Jan 17th, 2014, but this clause has been included for as long as I have been a customer, which is a couple of years. So, I would say at least some Austrian ISPs are aware of the risk.


It's much more likely that they just don't want to deal with the endless stream of DMCA notices that tor exit servers tend to attract.


Same Ts&Cs have country specific sections (they have server options in multiple countries) and for Austria also says:

DMCA is mainly ignored due to being invalid, EUCD is to be followed.


Coincidentally the very person who was sentenced here operates the hosting company you're with (edis.at)


For sure. At least in theory. That's always been true though. I don't think Austrian ISPs worry about it to much because precedents don't influence court decisions as much as they do in the US.


Perhaps the logic of the court is that the ISPs do no provide essentially anonymous access. ISPs can and do turn over customer info when ordered by courts/law enforcement.


But the customer info turned over is not necessarily the guilty party either. If you have free wifi in your cafe now you're responsible for anything illegal your clients do?

It's a bad judgement on all counts.


Do you really consider it a bad judgement, or would you rather say it's a bad law?


Running a Tor exit node, developing encryptions tools , working on government transparency and protecting journalists are all seen as dissent in the current environment.

The reason to engage in these activities is a duty to protect democracy and democratic values in an extremely adversarial environment.

It is unwise to do these things without some kind of strategy to manage the escalation of political repression. It is advisable to do participate in these things as part of the broader activist community. Nothing is riskier that being a solo democracy activist.


I think the people running exit nodes gave up on democracy a while back and for good reason.


If the convicted will appeal, and if the appeal will arrive up to the EU Court of justice, this would be the first care in which it is debated whether TOR operators are protected by the "mere conduit" doctrine that is base on which ISPs are not held responsible. [1]

Too bad that it may take up to 10 years for this case to be appealed up to EU court of justice.

[1] https://en.wikipedia.org/wiki/Electronic_Commerce_Directive_...


And that the accused considers him already destroyed and definitely not healthy and wealthy enough anymore to appeal, see dewey's post here.


>The operator of an exit node is guilty of complicity, because he enabled others to transmit content of an illegal nature through the service.

This logic would make running an exit node illegal in all of Europe.


The quoted law is Austrian, so this doesn't apply to the whole of Europe.

But yes, even running a package delivery service is now illegal because it can be used to transport drugs or firearms and such.


I believe that's the point yes. But, wouldn't this apply to any party who operates the network in between users as well?


It seems, in many countries, the knowledge and the acknowledgement of technical facts is very much lacking, both in legislative authorities and in courts.


Not only their knowledge is lacking after like 15 years of unversal internet use, they usually insist on now knowing anything, ignoring expertise or relying on bogus "expertise", and otherwise lining with authorities and big biz - who are obviously not neutral, therefore court decision is not neutral either.

I interpret this as a direct malice against myself.


You can't expect them to keep up with everything. Important is who they turn to for guidance. The CCC does a great job advising law makers and law enforcement in Germany and the EFF tries really hard to play a similar role in the US. The Tor Project itself works directly with law enforcement as well (pretty much globally as far as I know).


A great job?? Can't expect them to do their job? Did you see the outcome of DE-Mail? There is a great presentation about it at ccc-videos.

The CCC is currently not advising but sueing the german government. It has also received 0 media attention since it was announced and i am sure it will just fall flat after being stalled for a few years. GG CCC HF Germany.


That one was disappointing for sure. I guess you can't win them all. The government not listening to them all the time doesn't mean they didn't do a great job though. Last time I voted I didn't see any fancy touch screens (to name one accomplishment).

I didn't say "can't expect them to do their job". I said you can't expect them to keep up with _everything_. Their job is to make legal decisions to the best of their abilities.


Do you work for der Spiegel? ;3


I think suspicion of ill intent is warranted, or at least I read from a reliable source in the '80s that you couldn't publish a magazine in Austria without getting government approval, which would seem to be somewhat consistent with the mindset behind this law of this interpretation of it.


I live in Austria, used to ran a TOR relay and this worries me deeply. I am unsure what to do.


Given that you used to run one there really isn't much you cant do now. Austria has lots of organizations that got your back. If you ever end up in trouble and don't know who to ask for help just mail the Tor Project directly they know who you want to talk to.

@mahouse: Yes. Exit nodes only.


But this is a problem only if it's an exit node, right?


It's still a legal problem as much as running an exit node is, they just can't easily figure out that you did anything because of how Tor works. You couldn't even confess to anything either if you wanted to.


Just stop running a TOR relay?


I know what I am suggesting is wrong on some levels, and creates a myriad of other problems, but bear with me.

If I run a Tor exit node, can I block outgoing packets to known illegal servers/addresses?

Would some kind of update mechanism of this list (of course, the question is controlled by whom?) warrant that known illegal servers are not available, and thus show/prove my intent that no ill use was endorsed by me?


Tor has a notion of exit policy, but it's only expressed in terms of permitted and forbidden TCP port numbers. This lets you, for example, decline to deliver SMTP traffic on TCP port 25. The exit policy can't list IP subnets (contrary to my recollection; I thought it could, and maybe it once did).

A lot of government investigations of Tor users do involve the use of pretty mainstream, popular services like Gmail, accessed over Tor. Someone can access Gmail over Tor and send e-mails that provoke a government investigation.


I'm pretty sure you can still express IP subnets in exit policies. From https://www.torproject.org/docs/tor-manual.html.en, heading "ExitPolicy policy,policy,…":

    Each policy is of the form "accept|reject
    ADDR[/MASK][:PORT]". If /MASK is omitted
    then this policy just applies to the host
    given. Instead of giving a host or network
    you can also use "*" to denote the universe
    (0.0.0.0/0). PORT can be a single port
    number, an interval of ports "FROM_PORT-TO_PORT",
    or "*". If PORT is omitted, that means "*".


Huh. That looks like what I remembered, but I don't actually see any policies that use that form in the cached consensus.


It's too easy to scare people from hosting tor exit nodes right now.

I think the way forward is to incorporate some use based digital currency payments to compensate exit node operators for their risk.

Make it a business and let the market decide the insurance premium needed.


Who do you think can pay more? Dissident journalists or internet drug dealers?


Companies don't just serve those who can pay the most. They serve, absent transaction costs, all customers who can pay more than the marginal cost.


Who cares who pays? Dissident journalists financed by drug dealers? I consider that awesome.


Wouldn't this make all ISPs illegal in Austria then? What is the difference that Austrian law sees between a TOR exit provider and an ISP as far as enabling criminal action? Is it only the differentiation between natural and legal persons?


So, am I right in assuming that if I transfer illegal content from my laptop to my friends laptop via a cafe wireless network, they are complicit in my crimes and will also be at fault?


> it is a sensible precaution to turn off hosted services where data from third parties is transmitted (like Jabber, IRC, VPN, FTP, TOR exit nodes, TOR RELAYS!! …)

TCP/IP as well?


This is frustrating to hear. I don't know the laws in Austria, but I hope there's an appeal process and he wins it.


The war is on, is staying on, indefinitely.


It's like sending knife maker to jail because "he knew it could be used to kill somebody".


[deleted]


Wrong thread? The guy got prosecuted for running a Tor node, not for committing a crime and failing to stay anonymous.


The government is prosecuting a guy for running a system that their own intelligence agency (and their allies) are depending on. A system that is funded by U.S. federal government.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: