William was raided for running a Tor exit node. Please help if you can.

I'm not William and a friend pasted a link on IRC to me. I'm going to
send him a few bucks because I know how it feels to get blindsided by
the police on one random day and your world is turned upside down.

Source: http://www.lowendtalk.com/discussion/6283/raided-for-running-a-tor-exit-accepting-donations-for-legal-expenses

From the URL:

Yes, it happened to me now as well - Yesterday i got raided for
someone sharing child pornography over one of my Tor exits.
I'm good so far, not in jail, but all my computers and hardware have
been confiscated.
(20 computers, 100TB+ storage, My Tablets/Consoles/Phones)

If convicted i could face up to 6 years in jail, of course i do not
want that and i also want to try to set a legal base for running Tor
exit nodes in Austria or even the EU.

Sadly we have nothing like the EFF here that could help me in this
case by legal assistance, so i'm on my own and require a good lawyer.
Thus i'm accepting donations for my legal expenses which i expect to
be around 5000-10000 EUR.

If you can i would appreciate if you could donate a bit (every amount
helps, even the smallest) either by PayPal (any currency is ok):
https://paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=2Q4LZNBBD7EH4

Or by Bank Transfer (EUR only please):

Holder: William Weber
Bank: EasyBank AG (Vienna, Austria)
Account: 20011351213
Bank sort number: 14200
IBAN: AT031420020011351213
BIC: EASYATW1

I will try to pay them back when i'm out of this (or even before) but
i can obviously not guarantee this, please keep this in mind.
This money will only be used for legal expenses related to this case.

If you have any questions or want to donate by another way
(MoneyBookers, Webmoney, Bitcoin, Liberty Reserve, Neteller) feel free
to send me a mail (william@william.si) or a PM, or contact me in LET
IRC.

Thanks!
William

If you run Tor, then you should probably accept that it might be used
for activity that you don't approve of or even is in violation of the
law.

I'm not saying Tor is good or bad, just that if you're using it you
probably know what you're getting into.

In order to catch someone in a criminal case, most law enforcement
will certainly take whatever they think could be used as evidence,
perform forensic analysis on it, and retain it as long as they think
necessary.

Depending on how well your laws are written, you might be not be
protected from them discovering "other" activity that is outside the
scope and bringing a separate criminal case against you directly.

Got any pirated music or movies?

Hi,

I gotta ask and I'm sure someone would if I didn't, but how do we know
this guy is legit?
He's jumped up on a forum saying, "Hey, police raided me, help. gib
mone plz" and failed to provide and reason as to how he's real and not
just making it up.

Maybe if there's a way to know this guy is legit, I'll help out if
possible, but until then I'm just going to watch others with caution
and I suggest others do as well.

Back in the early days of the public internet we didn't require any id
to create an account, just that you found a way to pay us. We had
anonymous accts some of whom dropped by personally to pay their bill,
some said hello but I usually didn't know their names and that's how
they wanted it, I'd answer "hello <ACCOUNT>", whatever their login was
if I recognized them. Some mailed in something, a mail order, even
currency tho that was rare but it did happen, or had someone else drop
by to pay in cash (that is, no idea if they were local.)

LEO occasionally served a warrant for information, usually child porn
biz (more than just accessing child porn, selling it) tho I don't
remember any anonymous accts being involved.

I never expected to be held accountable for anyone's behavior unless I
was knowingly involved somehow (just the usual caveat.) LEO never
showed any particular interest in the fact that we were ok with
anonymous accounts. If I was made aware of illegal activities we'd
shut them off, didn't really happen much, maybe some credible
"hacking" complaint on occasion.

It's funny, it's all illusion like show business. It's not hard to set
up anonymous service, crap, just drop in at any wi-fi hotspot, many
just ask you to click that you accept their T&Cs and you're on. Would
they raid them, I was just using one at a major hospital this week
that was just like that, if someone used that for child porn etc? But
I guess stick your nose out and say you're specifically offering anon
accts and watch out I guess.

Back in the early days of the public internet we didn't require any id
to create an account, just that you found a way to pay us. We had
anonymous accts some of whom dropped by personally to pay their bill,
some said hello but I usually didn't know their names and that's how
they wanted it, I'd answer "hello <ACCOUNT>", whatever their login was
if I recognized them. Some mailed in something, a mail order, even
currency tho that was rare but it did happen, or had someone else drop
by to pay in cash (that is, no idea if they were local.)

LEO occasionally served a warrant for information, usually child porn
biz (more than just accessing child porn, selling it) tho I don't
remember any anonymous accts being involved.

"Mere conduit" defense. (Please do not anyone mention "common carrier status" or the like, ISPs are _not_ common carriers.)

I never expected to be held accountable for anyone's behavior unless I
was knowingly involved somehow (just the usual caveat.) LEO never
showed any particular interest in the fact that we were ok with
anonymous accounts. If I was made aware of illegal activities we'd
shut them off, didn't really happen much, maybe some credible
"hacking" complaint on occasion.

How do you "shut off" a Tor "account"?

It's funny, it's all illusion like show business. It's not hard to set
up anonymous service, crap, just drop in at any wi-fi hotspot, many
just ask you to click that you accept their T&Cs and you're on. Would
they raid them, I was just using one at a major hospital this week
that was just like that, if someone used that for child porn etc? But
I guess stick your nose out and say you're specifically offering anon
accts and watch out I guess.

Do you think if the police found out child pr0n was being served from a starbux they wouldn't confiscate the equipment from that store?

I dunno, has it ever happened? I mean confiscated the store's
equipment, I assume that's what you mean. Is that because no one has
ever been involved with child porn etc from a Starbucks? Does that
seem likely? I don't know, really.

And why would confiscating it from one location address the issue if
they offer anonymous hotspots (I don't know if they do but whatever,
there are plenty of others) at all locations and they're one company?

It would seem like they'd have to confiscate the equipment at every
Starbucks in their jurisdiction, which could be every one in the US
for example.

   -b

It's funny, it's all illusion like show business. It's not hard to set
up anonymous service, crap, just drop in at any wi-fi hotspot, many
just ask you to click that you accept their T&Cs and you're on. Would
they raid them, I was just using one at a major hospital this week
that was just like that, if someone used that for child porn etc? But
I guess stick your nose out and say you're specifically offering anon
accts and watch out I guess.

Do you think if the police found out child pr0n was being served from a starbux they wouldn't confiscate the equipment from that store?

I dunno, has it ever happened?

No idea. However, I would not be the least bit surprised. In fact, I would be surprised if they failed to do so, after having "proof" that child pr0n was served from one.

I mean confiscated the store's
equipment, I assume that's what you mean. Is that because no one has
ever been involved with child porn etc from a Starbucks? Does that
seem likely? I don't know, really.

And why would confiscating it from one location address the issue if
they offer anonymous hotspots (I don't know if they do but whatever,
there are plenty of others) at all locations and they're one company?

It would seem like they'd have to confiscate the equipment at every
Starbucks in their jurisdiction, which could be every one in the US
for example.

They didn't confiscate every Tor exit node in the US once they found something nefarious emanating from one.

I think if they took the cash registers too the Starbucks lawyer would
be in court an hour later with a motion to quash in one hand and an
offer of full cooperation in the other.

Regards,
Bill Herrin

It's difficult to compare a guy in Austria to a multi-billion dollar
corporation. Here in the US, the fed has charged 3 men with involuntary
manslaughter for their parts in the Gulf of Mexico Rig explosion. BP
received a slap on the wrist, and a decent (to us, not them) sized fine.

And if the sky were orange....

Any other non-sequitors?

How would this be legally different than receiving the illegal content
in an envelope and anonymously forwarding the envelope via the post
office? I am pretty sure you are still liable since you were the
sender. I realize that there are special postal regulations but I think
that agreeing to forward anything for anyone sight unseen is pretty
risky and I think you will have a hard time pulling of the "service
provider" defense if you are not selling services and are not licensed
as a carrier.

Steven Naslund

Assuming it's true, it was bound to happen. Running anything , TOR or otherwise, that allows strangers to do whatever they want is just folly.

People will spend time and money securing their home wireless so their neighbor can't steal their internet, but willingly allow strangers from anywhere in the world to use their connections no strings attached. It's hilarious.

I think the best analogy I would use in defense is something like the
pre-paid cellular phones that are sold. That is about the only
anonymous communications service I can think of off the top of my head.
Problem is that most people are not licensed carriers and may not be
able to hide behind that protection.

I can see an argument both ways with the feds saying that you are
running a service for the express service of concealing the identity of
a person allowing them to avoid law enforcement (among other uses). On
the other hand, the makers of guns do not get charged with murder even
though their tool enabled a criminal. Could go either way but the
problem is that in any case it will be expensive to defend so win or
lose, you lose. I guess you can't run a Tor exit unless you have a
legal defense fund set up. I understand the legit uses of Tor but
wonder what the actual percentage of good vs. evil use really is.

Steven Naslund

Hi,

I gotta ask and I'm sure someone would if I didn't, but how do we know
this guy is legit?
He's jumped up on a forum saying, "Hey, police raided me, help. gib
mone plz" and failed to provide and reason as to how he's real and not
just making it up.

Maybe if there's a way to know this guy is legit, I'll help out if
possible, but until then I'm just going to watch others with caution
and I suggest others do as well.

This matter is being investigated by the Tor developers.
It looks legitimate, so far.

Not sure if there is a legal precedent for this, but logically the
difference is that there are no robots that I know of that can automatically
receive and parse postal mail, then re-address and forward it. For a human
to forward a letter takes a conscious manual action, even if they choose not
to look inside.

Having a Tor node for no specific purpose, having a hacked server/pc that is
then compromised for some nefarious purpose, etc. are not necessarily
purposeful actions that one could be held accountable for without other
proof. I'd think the LEA would have to establish motive, like in any other
crime, to make that jump. Perhaps in this case they believe they have, and
that would end up in the courts, where you'd have to hope the Judge and or
Jury sees that difference.

Don't see this as very different either from when an agency confiscates a
whole rack of shared servers because one user was suspected of some bad
action, and we all know that does happen.

-Scott

We had a guy (aka potential customer) inquire the other day about hosting a
Tor exit on our infrastructure the other day; he disappeared fairly
quickly when he figured out that we weren't just going to give him an
endless supply of unmetered 10G bandwidth. I was looking forward to
billing him.

I'm not sure that armchair lawyering, here, actually helps anyone. Also,
spel-chek, sequitur.

best,

--e

All of Mr. Weber's equipment was seized. Last I checked the cash
registers at Starbucks were networked computers too. Maybe your
Starbucks is different.

Mr. Weber lives in another jurisdiction, but in the U.S. the warrant
is limited to material plausibly connected to the alleged crime. If
the guy was shot with a 9mm and the warrant says "all firearms," it's
unlawfully broad. The most it should be is "small calliber handguns"
and not even that much if they know for sure it's a 9mm. If the police
seize a shotgun and a couple of knives, they've overstepped.

If the computer at IP:port:timestamp transmitted child porn, a warrant
for "all computers" is also too broad. "Computers which use said IP
address or which employ forensic countermeasures which prevent a ready
determination whether they employed said IP address." And have a
qualified technician on the search team, same as you would for any
other material being searched.

On the flip side, I think that if you're running a Tor node you'd
better hope the police *want* your cooperation. If they don't your
activity falls somewhere between criminal recklessness and criminal
facilitation. Seriously, who do you think uses your Tor node? Whistle
blowers exposing corruption and freedom loving libertarians? Fool.

Well, pursuant to the "mere conduit" defense, I believe (IANAL) a defensible
case could be made that the (people operating) Tor nodes are not "servers" as
that term is generally understood in the industry, in the same way that web
browser/caches are not "copies" as IP law understands *that* term.

Cheers,
-- jra

The hell it is: cops sieze things which are not only not related to a crime,
but cannot *possibly be* relevant to that crime *all the effing time*, Patrick.

You know this, I'm sure.

Cheers,
-- jra

Such as, say, an Internet Service Provider business?

...