The law quoted was:
>Not only the immediate perpetator commits a criminal action, but also anyone who appoints someone to carry it out, or anyone who otherwise contributes to the completion of said criminal action.
Anyone who contributes? Wouldn't this include ISPs or perhaps even the application server technologies (HTTP, FTP) used? Or clients, browsers and picture viewers?
In any case, kudos to this guy. I can't imagine what he's going through: PTSD, having all his hardware taken away, dealing with clueless police.
Perfect example: Ryan Holle of Florida is serving life without parole for allowing his friends to borrow his car at a party when he was 18 years old. He went to sleep; his friends took the car and committed a robbery during which someone was killed. The prosecutor's argument to the jury during the 1 day trial? "No car, no murder".
 He disputes his point, which is fair enough, but the court has found otherwise.
 Someone could point out the three-felonies-a-day thing here.
EDIT for footnote 2 Flordia's felony murder law spells out the very specific felonies in which you face felony murder charges. These aren't in the same category as accidentally picking up a lobster trap.
Home invasions have a tendency to end up with someone dead. Don't help your friends commit them by giving them guns or the vehicles to get there. (Also, don't be the getaway driver for a bank robbery.)
Without the court finding that Holle knew his friends were going to commit burglary, the prosecutor could wave his arms all he wanted about how he should have known his friends were scumbags and he should not have lent them even his watch, but the actual legal requirements for felony murder would have fallen apart.
More importantly TOR is not going to work much worse if your exit node(s) shut down. Selling spray paint to a 15 year old might be used for tagging but you don't know and not selling it is not going to stop crap.
And, I suspect a jury would add to that...Don't offer up your internet connection with the specific intent to aid in shielding the identities of child pornographers, spammers, and all manner of thieves.
Halle was convicted specifically under Florida's felony murder law, which lists a number of felonies (including arson, escape, home invasion, and carjacking) that, if you participate in them, you are liable for any murders that occur during them.
We might someday find that everyone is responsible for their Internet connection. But it won't be because of felony murder laws.
That's the federal one, and each state has their own.
Running a TOR exit node almost certainly would not constitute an agreement under federal law.
Indeed, see the following jury instructions:
> On the other hand, one who has no knowledge of a conspiracy, but happens to act in a way which furthers some object or purpose of the conspiracy, does not thereby become a conspirator. Similarly, a person does not become a conspirator merely by associating with one or more persons who are conspirators, nor merely by knowing that a conspiracy exists.
There's your defense. An individual running a TOR exit node with the purpose of passing news to people behind the great firewall of China does not become a conspirator because an anonymous individual uses that node to commit wire fraud. They had no knowledge that a conspiracy was being committed - they may have furthered it (by simply running the node) but that is insufficient for a conspiracy charge.
You may very well be right. All I'm saying, and this is the EFF's position as well, is that at some point a prosecutor (or several) will test this. By running the node, you have agreed to have traffic run through your system. Given the shady reputation, you are saying "come do illegal things with my internet connection, I'll protect your identity".
Federal prosecutors are smart, and most are gunning for jobs at high-end law firms. Someone is going to try to get a nice resume bump by testing this eventually, and there will be an unlucky exit node operator that will at best only have to pay a six figure defense bill, and at worst will spend time in prison.
If a guy has a heart attack and dies while you're robbing a bank, boom, felony murder for everyone.
If a guard, police officer, or armed citizen shoots dead one of your accomplices during the crime, felony murder for you.
It seems quite possible to make the argument that the great good a TOR node can do outweighs the bad it can also do.
I'd convict him considering the circumstances. He is an accomplice.
Those of us in common law based legal regimes count ourselves lucky to have that check in all but the most trifling of cases.
However, it seems not everything is kept on the TOR network. I would've assumed that if someone were using TOR for criminal purposes, they wouldn't expose themselves to monitoring by accessing resources off TOR, but that doesn't seem to be the case.
Yes, there are high-moral reasons to run an exit node too.
During the Pirate Bay trial, the requirement was set to "primary usage". They took a screenshot of the top 100, and sad "obviously, the site founders know that the primary usage was illegal" which the court then accepted. Arguing that same for tor is sketchy at best, and there is government organizations, researchers and developers who would argue that the primary usage for tor is as a privacy tool for non-criminal activities. I also suspect that they would have plenty of evidence to back it up.
Gun dealers also know their guns can be used to shoot people. Are they culpable in every murder?
Every kind of entity can receive orders under the Wiretap Act, whether it's "regulated" or not. My friend who runs the server where I have my e-mail could receive such an order.
Until the D.C. Circuit accepted law enforcement's reinterpretation of CALEA in 2006, ISPs were not required to buy or have wiretapping equipment, but they were required to comply with wiretap orders to the best of their ability.
Tor node operators are presumably also legally required to comply with wiretap orders to the best of their ability.
Does your theory suggest that ISPs' liability would have been different before 2006 because no specific regulation treated them differently from Tor node operators with respect to wiretap obligations then?
You can't have a really secure anonymous untraceable network, but also monitor everyone on it for illegal activity. The entire point of that network is illegal activity, for local definitions of illegal.
Yeah sure. Just install Firefox privacy extension and you are running Tor. Or your children can do it for you.
This generalization of tech phenomenon which can be used for both good and bad deeds has led to extreme paranoia. Hence such harsh sweeps when dealing with it, I guess. Those who are under the effect of the judgement are also a part of yet another generalization encompassing an undefined, ridiculously big network of "criminals".
The long term downward trend in the trustedness of institutions has been steadily undermining this argument which is why, I think, things like Tor exist at all, but public attitudes change slowly.
In the case of Tor, it's slower / less convenient than usual browsing and is otherwise the same except for being more anonymous. So it's very easy to plant the idea in people's minds that there's no point in using it unless you're up to no good. And the Tor project doesn't really help here - they talk about the legitimate uses on their website but don't point to concrete examples (iirc), e.g. they say the military use it, but provide no real evidence of that. I think actually the UK child porn censors use it as well because it's a source of free proxies and child porn hosting sites know their IP addresses and block them, which is a pretty funny story, but this was mentioned in some talk and I don't think it's on their website.
To make things worse, the internet itself is rapidly converging on the consensus that Tor isn't worth it. Witness the widespread blocking of exit nodes that occurs these days. Tor is losing the argument not just in court but elsewhere too.
IMHO running Tor exits will not become less dangerous any time soon unless Tor finds a way to significantly boost "obviously legit" usage. For that they'd need to provide a Tor browser that isn't geared towards the total-anonymity-or-die crowd. VPN services like HotSpot Shield absolutely dominate Tor in terms of usage because they're much easier t use and don't do stuff like disable Flash and constantly wipe cookies, which makes them much more popular for people trying to evade national censorship but not treat the destination service as hostile.
People involved in those things will not be targeted, unless the authorities already have another reason to want to target them. Absurdly broad laws, coupled with selective enforcement, allows the authorities to legally harass anyone that they please.
Whenever anyone complains about overly broad laws, selective enforcement allows apologists to claim that any objections to those laws are unfounded because in practice people are typically not abused by those laws. However the danger of the laws is not that they will be used to abuse everyone, but rather that they will be used to abuse a select few.
He did not receive a criminal record.
Good luck to them figuring out who to prosecute for inventing spoken and written language, as that aids more crime than anything else.
Ban language! And water! And humans!
It's a blanket "we'll crush you as we damn well please" law. Most states have them.
I'm idling in some of the same public IRC channels as will (since way before he was raided for running a TOR node) it was/is painful to watch how this completely destroyed him.
It has really put me off, and probably many others, from ever hosting a TOR node, which might what makes this even worse. If you want to help people in heavily censored (or monitored, but what would be every single one of them, as of now) countries you get punished and your life gets completely ruined.
Seriously, the guy was like 20 or so when the police raided his home because of a TOR relay. Financially and mentally ruining someone when he didn't even do anything wrong is just... It makes me really angry.
It has really put me off, and probably many others, from ever hosting a TOR node
No one is innocent: http://marginalrevolution.com/marginalrevolution/2013/06/no-... .
Maybe we shouldn't be running TOR exit nodes personally. It seems to me a couple of people should form a nonprofit company to run the node and distance themselves from liability that way. You'll still need to shut it down if your company is found guilty of running a server that was used to distribute bad bits, but it would be more "we wanted to make something nice and these gosh darned paedophiles got in our way and we can't continue" and less "you collude with paedophiles and are a paedophile and a criminal". It will be harder and it will take more funds and perhaps it's borderline impossible, but this is where things seem to be going. Be a corporation, because individual people get squashed like bugs.
I'm afraid your advice actually reduces to "be rich, because poor people get squashed like bugs". (Of course, another possibility is to rally many people to your cause. Then you can fund your expensive legal structure with poor people.)
Obviously you'd set it up with more people, there obviously are enough who want to contribute to Tor. You'd gather capital, sign some up as co-founders and use what you can to buy colocation and set up servers. I wonder if you could also switch things around and colocate in people's homes by renting the property and paying for a residential connection, then renting it back to whoever lived there originally at the original fee. Basically, you create a company, have it rent an apartment and pay for a connection, then you rent the apartment and connection from the company, which should end up with you (legally) having (nearly) nothing at all to do with the black box in the corner that connects to the internet.
It should be underscored that unless you have access to unlimited good, free legal help, you probably have no business running an exit node, and you should have that good, free lawyer make sure that the laws in your jurisdiction are Tor-friendly, as some places have been passing laws that hold the IP's owner responsible for all activity, regardless of excuses ("open wifi" doesn't fly either).
The sad part is that this means Tor exit nodes will continue to be primarily the province of large organizations who are more likely to be in cahoots with ruling authorities, which weakens the strength of the network for everyone.
>> I don't get how the rest of your comment supports this statement.
It doesn't. I didn't make that statement - you did.
I said they don't destroy lives _on purpose_. Neither are they trying to stop people from running exit nodes. They don't know what an exit node is. Somebody is doing nasty things using Tor. They look at the Whois record. Your name pops up. They knock on your door. End of story (I don't like the story either).
The last paragraph of your comment isn't true. The Tor Project itself trusts and supports these organizations (like torservers.net - I'm sure there are many others like it). All nodes under control of one organization are marked as such inside the network so Tor clients can avoid using more than one of them at a time.
This talk might help:
Defcon 21 - Safety of Tor Network Look at Network Diversity, Relay Operators & Malicious Relays (https://www.youtube.com/watch?v=864FxA3jmHk)
By the way. What's with all the downvotes? You do realise that I'm not responsible for anybody's house getting raided by the police, yes? I'm tired of blaming the police while nobody is willing to sit down with them and explain to them how Tor works. It's just not helpful.
Everyone knows it might happen, therefore it doesn't happen? I don't get how the rest of your comment supports this statement.
I know that's the dream of everyone running a Tor node but let's face it, you're mostly helping drug dealers and child pornographers operate. Not saying that's your intention, but that's what's happening. That's why it's absolutely crazy to operate a node. Find some other way to help if you value your freedom.
> you're mostly helping drug dealers and child pornographers operate
You could argue the same about encryption, so should encryption be banned or deemed immoral now?
> That's why it's absolutely crazy to operate a node.
Again, you could say this for any company that builds crypto software.
> Find some other way to help if you value your freedom.
You can still operate a TOR exit node safely by anonymously getting a server paid for with a cryptocurrency. It's perfectly safe.
Sigh. This sounds just like the arguments about cars ("they can kill people, should we ban them too???"). Let's get real, the vast majority of Tor traffic is, shall we say, for nefarious purposes. Encryption has numerous applications which are perfectly legitimate and it could be argued that the legitimate applications outweigh the illegitimate ones. You might have a point if "encryption" meant "operating an open relay where anyone can encrypt anything for any purpose".
> You can still operate a TOR exit node safely by anonymously getting a server paid for with a cryptocurrency. It's perfectly safe.
Safe for whom? You as an individual, perhaps. Definitely not safe for the guy running the exit node.
I don't really understand your argument here. Are you saying that Tor should be banned because the ratio of illegitimate to legitimate applications is higher than that of encryption software? I'm not putting words in your mouth, I'm just trying to understand what you're saying here.
> Safe for whom? You as an individual, perhaps. Definitely not safe for the guy running the exit node.
Well you would be the guy running an exit node on a VPS hosted by a hosting company/ISP (after all, they seem to be protected by law). Looks pretty bullet proof to me. Worst case scenario - they shut down your VPS.
No, I'm not saying it should be banned, I just don't want to hear people whine about "OMG I want to help these poor oppressed people soooo much and the government just doesn't understand!!!" knowing full well that the reason the government comes down so hard on Tor is because it's primarily a vehicle for illegal activity (seriously illegal activity at that).
I'm just saying hey, the government doesn't like it and don't kid yourself about the reason -- and certainly don't run a Tor node if you aren't ready for potential consequences.
Citation needed. Plenty of people use Tor to avoid government censorship (think China), to keep their information free from government spying (think NSA), or simply to secure their connection to the Internet. One need not be up to no good to use Tor, and I think your assumption that most are up to no good is off-base.
Tor lets people access things that their government doesn't want them to. Sometimes that means porn and drugs, but in much of the world that can simply be a news report.
A different court is allowed to use completely contrary reasoning and interpretation of "enables or facilitates" ("ermöglicht oder erleichtert") and "intent" ("Vorsatz") in § 12 StGB. The more money you have, the more likely that is. Also keep in mind that sometimes juries composed of short-term politically-appointed local politicians ("lay judges") are used, so that also adds to the complexity.
Austria's women and landscapes are beautiful. Austria's legal system, not so much.
In general, lower courts are still going to follow the superior courts, or they will simply be overturned on appeal. And if a judgement is reversed by an appeals court, the lower court is generally bound by the legal findings of the appeals court (e.g. §511 ZPO ), so it's not as though they can evade review. In practice, there is actually relatively little difference between common law and civil law jurisdiction these days with respect to precedent.
Not to mention that in this case this is the judgement of a regional court, which could not possibly be binding outside its region even in a common law country.
> Also keep in mind that sometimes juries composed of short-term politically-appointed local politicians ("lay judges") are used, so that also adds to the complexity.
Lay justices and jurors in Austria are selected randomly from the electoral register. See §5 GschwG . This is different from the procedure in other countries, where lay judges are commonly volunteers.
That's true. Until its not.
> or they will simply be overturned on appeal
Unless its an entirely different chamber. Is any given chamber even static in composition, or is it dynamic? I admit I don't know (i.e. I have no clue) how appellate panels are chosen. But if even a given appellate chamber is never static, then it may or may not be overturned, depending on that chamber's judges' and whether their opinions are different from a previous composition of the chamber.
> if a judgement is reversed by an appeals court
That's a very big "if" given that there is no stare decisis and a possibly dynamic appellate court composition.
> there is actually relatively little difference
Stare decisis forms after a single opinion. "Constant jurisprudence" forms after ... it forms after judges say it forms. Or something.
> could not possibly be binding outside its region even in a common law country
In California and New York at least (thats like 60 million people) there is no regional appeals court. The appeals court forms a single court, and its opinions are binding throughout the state. California and New York are themselves sovereign states, not regions. (Which is why you can, e.g., commit treason against a state. They also have their own militaries, e.g., "state defense forces", separate from the so-called National Guard.)
> Lay justices and jurors in Austria are selected randomly from the electoral register.
I did not know that. Now I'm glad I brought it up. Thank you. Sweden and Germany could learn something there IMO.
Art.6 ECHR - right to fair trial - appears to contradict the idea of allowing contrary reasoning to be used arbitrarily. Political appointees coming to a different decision would seem to require partiality too.
I think our legal system is pretty good to be honest. (Then again, I also pretty much agree with the fact that TOR exit nodes are not compatible with Austrian law.)
Its just so sad to see what has happened to Austria's legal system. Austrians lost their right to a jury trial, which AFAIK happened circa 1933-1934 (this should give you a clue as to who benefited/benefits), and Austrians have absolutely no clue they even had it. I think Germany lost their right to a jury trial around 1924. That really wasn't that long ago, given that the jury trial is a Germanic custom. (I mean, its all very POV. Austro-German politicans call it "reform"; I call it "fascism".) Stare decisis is more of a sui generis and extra-statutory mechanism developed in England, so that facet is obviously less surprising.
Citation needed. From personal experience Austrians are very much in support of not having American style juries which are seen in a very bad light over here.
> Lets put it this way: If you took American judges and American lawyers and American laws and used Austria's jurisprudence, would the legal system be better or worse than America's?
Why would you mix things together that do not go together? Personally I would much rather have to deal with an Austrian court than an American one.
It is hard to prove a negative or prove something has not happened. I'll leave that as an exercise to the reader.
> American style juries which are seen in a very bad light over here
That neither supports nor refutes my argument that Austrians have no clue about Austrian style juries.
> Personally I would much rather have to deal with an Austrian court than an American one.
I would much rather deal with an American court with Austrian judges.
> Why would you mix things together that do not go together?
Because I possess free will. And I am capable of performing thought experiments.
It's very hard to refute that claim because you did not provide any sources for yours either. I would not know how to judge how Austrians see courts besides my limited exposure to the few law related classes I took and observing one of our most popular judges for a day and that obviously is personal bias.
> I would much rather deal with an American court with Austrian judges.
I can only assume Austrian courts did you something wrong or a person you know. Austrian courts see so little public exposure that you literally have to pick individual cases together by force to get a (skewed) view of the world. For the most part court cases in Austria are ridiculously boring.
Now, mind you, Continental judiciaries have a superior administrative tribunal system which is a recognized part of their judiciary. The United Kingdom has even recently adopted this approach. It is only the United States AFAIK that continues to insist that some judges are not part of the judiciary--which is an obvious falacy. The judiciary adjudicates--that is its purpose. We call them variously as "administrative law judges" (ALJs), "traffic commissioners" and "magistrates", etc. America essentially has two judiciaries--one independent of the executive, the other not independent. It's retarded. Its unconstitutional.
And apparently Austria uses what are, in effect, Anglo-American juries. They are selected at random from the electorate. They decide questions of fact. I don't see the lack of separation between "trier of fact" and "trier of law" as obviously better or worse.
And, as people are pointing out, there are inroads being made for a form of stare decisis such as Art. 177 EEC. So there is progress on all fronts IMO.
There are two versions of "juries" in Austria: Geschworenengerichte and Schoeffengerichte. Either only become relevant if you have committed a crime that could get you in prison for 5 years or more. Geschworene decide of guity and not guilty and decide the punishment, Schoeffen do it with the help of a judge. Not sure how that is related to the American system where the decision is made of "proven and not proven" or am I misunderstanding you?
> or am I misunderstanding you?
IDK I don't think you're misunderstanding me.. I was merely musing about this difference which you speak of--"Geschworene decide of guity and not guilty and decide the punishment, Schoeffen do it with the help of a judge". (Except that Anglo-American juries less often decide punishments--the common exception in the US being the death penalty.)
ISPs are explicitly excluded from this and not held responsible.
Moreover, the current German government is considering legislation to eliminate "Störerhaftung" with respect to unprotected WLAN access.
> ISPs are explicitly excluded from this and not held responsible.
This is not accurate. The "provider privilege" that ISPs enjoy in Germany only immunizes them against claims involving damages; injured parties can and do request injunctions based on "Störerhaftung" (whether such injunctive relief is granted is another story, especially when the desired injunction is ineffective). In fact, there have been cases where providers have been held to higher standards than private individuals because of their greater expertise (e.g., LG Hamburg 310 O 433/10 ). The details are still far from settled law, though.
Time to form a shell company in the ISP business to host your Tor servers, then?
Or are there specific requirements that would prevent such a plan (recordkeeping seems like the obvious one)
Tor/i2p/similar exit servers (bridge, entry and middle are fine until further notice)
Last update was Jan 17th, 2014, but this clause has been included for as long as I have been a customer, which is a couple of years. So, I would say at least some Austrian ISPs are aware of the risk.
DMCA is mainly ignored due to being invalid, EUCD is to be followed.
It's a bad judgement on all counts.
The reason to engage in these activities is a duty to protect democracy and democratic values in an extremely adversarial environment.
It is unwise to do these things without some kind of strategy to manage the escalation of political repression. It is advisable to do participate in these things as part of the broader activist community. Nothing is riskier that being a solo democracy activist.
Too bad that it may take up to 10 years for this case to be appealed up to EU court of justice.
This logic would make running an exit node illegal in all of Europe.
But yes, even running a package delivery service is now illegal because it can be used to transport drugs or firearms and such.
I interpret this as a direct malice against myself.
The CCC is currently not advising but sueing the german government. It has also received 0 media attention since it was announced and i am sure it will just fall flat after being stalled for a few years. GG CCC HF Germany.
I didn't say "can't expect them to do their job". I said you can't expect them to keep up with _everything_. Their job is to make legal decisions to the best of their abilities.
@mahouse: Yes. Exit nodes only.
If I run a Tor exit node, can I block outgoing packets to known illegal servers/addresses?
Would some kind of update mechanism of this list (of course, the question is controlled by whom?) warrant that known illegal servers are not available, and thus show/prove my intent that no ill use was endorsed by me?
A lot of government investigations of Tor users do involve the use of pretty mainstream, popular services like Gmail, accessed over Tor. Someone can access Gmail over Tor and send e-mails that provoke a government investigation.
Each policy is of the form "accept|reject
ADDR[/MASK][:PORT]". If /MASK is omitted
then this policy just applies to the host
given. Instead of giving a host or network
you can also use "*" to denote the universe
(0.0.0.0/0). PORT can be a single port
number, an interval of ports "FROM_PORT-TO_PORT",
or "*". If PORT is omitted, that means "*".
I think the way forward is to incorporate some use based digital currency payments to compensate exit node operators for their risk.
Make it a business and let the market decide the insurance premium needed.
TCP/IP as well?