> Seattle police spokesman Sean Whitcomb says the department understands how Tor relays work, and they knew Robinson was a Tor host.
> "Knowing that, moving in, it doesn't automatically preclude the idea that the people running Tor are not also involved in child porn," Whitcomb says. "It does offer a plausible alibi, but it's still something that we need to check out."
> Whitcomb also says Seattle police were "artful" in the way they did the search. Instead of impounding all of Robinson's computers, which the warrant would have allowed, they offered to search them on the premises as long as he consented to turning over his passwords. He did, and they let him keep his machines after they scanned them.
This is the important part. They didn't shut down the exit node. They didn't even take away the computer. This sounds bad, but in all honesty, it could have gone at lot worse.
He wasn't present. Last paragraph reads "he may now have to get rid of his computers because he can't be sure what the police did to them while he was being questioned outside his apartment"
The Seattle PD can plug a device they purchased into a USB port as well as anyone else.
There have been various public and leaked catalogues of law enforcement tools put online now, these abilities are commoditized and packaged in a user friendly manner. This is pretty old news at this point.
Purchased from where? They probably couldn't find their asses with both hands, but if they could it'd cost several hundred thousand dollars, take 48 hours with the roads blocked off, and the scandal of them finding some soccer mom's ass instead wouldn't die down for 3 years.
Do you think that they came up with this in their emergency war room, as they planned out the sneak attack on the Tor node, or was this a more general policy developed over the previous months and years and this was just one of the first times they got to practice it?
Any company considered a "defense contractor" will probably offer tools along these lines. They are in high demand.
Of course the FBI, Homeland security and the NSA have their own tools as well. And they share with local law enforcement (probably not the latest and greatest ones).
> Do you think that they came up with this in their emergency war room, as they planned out the sneak attack on the Tor node,
I don't really have any idea what the Seattle PD methods or procedures would be, but they knew what TOR was and tracked the traffic to his exit node. I doubt it was the same cops who did that part ... so how likely was it that this briefing didn't include anything like "Just plug the CriminalBuster(tm) box into the computer until the light turns green, then coordinate with Bob to get access to the information you want later. You can get things like X, Y and Z from the CriminalBuster. To requisition a unit fill out form TPS-01 and give it to John."
The entire reason to commoditize these things is to make it easy to use within an inefficient bureaucracy that doesn't have a lot of tech training or a "war room". Just like they have done with phone taps or gps car trackers for years.
> this was just one of the first times they got to practice it?
Why assume this was the first time? It's standard practice for all sorts of infosec workers, journalists, etc to assume this was done to their laptop if it was out of their hands. You can literally download one of these and put it on a usb stick yourself (for your own personal use of course, anything else would be very illegal).
> Any company considered a "defense contractor" will probably offer tools along these lines. They are in high demand.
Can someone show me the Seattle PD budget that has in it those kinds of purchases?
Can you show me where they'd at least hide it in the budget somehow? This isn't DOD black ops slush funds, after all.
Maybe these defense contractors do it for free, out of the goodness of their hearts?
I don't make the mistake of thinking that the government or its agencies are the good guys who would never do anything underhanded. But I feel pretty safe believing that they're A) incompetent and B) piss-poor strategists and C) not interested in anything but the current investigation.
The idea that they've Jason Bourned his computer is absurd paranoid blather.
> The idea that they've Jason Bourned his computer is absurd paranoid blather.
I think you have a miss-calibrated idea of how hard/technical/uncommon/expensive this is. This is the IT equivalent of collecting DNA, not Jason Bourne stuff.
Funnily enough the annual National Technical Investigators Association conference is in Seattle this year.
Tacoma PD has at least one Stingray. Tacoma. That's a few orders of magnitude more expensive and complex than a little usb drive.
They have identified a number of western LEO's on that customer list, no American ones yet but FinFisher is just one company and there are FinFisher command and control servers in the US.
Anyway, I'm responding just because I am interested in the subject and not because I think a dialogue is going to happen here and that's not the best use of my time.
> I think you have a miss-calibrated idea of how hard/technical/uncommon/expensive this is. This is the IT equivalent of collecting DNA, not Jason Bourne stuff.
I think you have little experience with cops. It's surprising they can figure out shoe laces.
It's still stupid though. It's like raiding the mailman's house for delivering an illegal letter with no return address. Sure, it could have been sent by the mailman, but it could have been sent by anyone. There isn't any more reason to suspect the exit node operators than anyone else in the whole world who could also have used the exit node.
I would have said the same, if it were not for the police's unnecessary and demeaning execution of their warrant at 6:00AM. If the police knew he was a tor exit node operator, then surely they could have executed this search at a more reasonable hour?
When planning an operation like this you need to plan for a time when the suspect is likely to be home. I imagine the most likely time someone is to be home is right at their regular waking time (people often get home at different times). Additionally, 6:00 AM is not excessively early for a large swath of the population. It's not a convenient time, but when is?
You are correct. The thing that should give you the blanket against police investigations is the fact that an IP address does not identify any particular person, and never has. It identifies--temporarily, I might add--a network interface.
A warrant based on an IP address should be specific to the computing device associated with that IP address at the time it was logged. The cops should never be able to threaten someone with additional seizures--beyond what is specified on the warrant--to coerce cooperation.
I wonder if it wouldn't be prudent, if you wanted to run an exit, to pay for dedicated static IP, maybe even on a totally different ISP. Hard to guess what the warrant would cover, exactly, in that case (probably still a free pass to all your machines). Of course, it's easy to imagine the opposite situation, where someone connects an exit node to ${random neighbors ap}, with terrible results.
"...The computing device associated with that IP..."
Just the NAT router? Computer(s) behind the NAT router? Phones which have wi-fi and may or may not have been on it at the time? Computers on the other end of the site-site VPN which routes traffic out that NAT router to get around Geo IP restrictions? Any computer in the world which has TOR installed and therefore may have been "behind" that NAT router?
The Internet is really complicated, how specifically would you write that warrant without details of the network design?
Those defenses - whilst valid in many cases, and for many reasons - also are a core part of the "reasonable" in "reasonable doubt".
Many conflate reasonable doubt with "any doubt whatsoever", and think that any excuse that can be concocted which is technically feasible is an alibi. "But Your Honor, it is possible that someone snuck into his house, spoofed his MAC address to get on his Wifi, used that to download this and that, and then left undetected!"
So there's a standard of reasonability, and there should be corroborating evidence.
Beyond reasonable doubt is the standard at a criminal trial. To conduct a search, you only need probable cause, which is a lesser standard.
But if it is not reasonable to believe that an IP address is connected with a person, it is not justifiable to search or seize anything else that person may own or possess, beyond the particular device identified by the IP. I don't think an IP address alone is sufficient to even meet the probable cause standard.
It is also possible that someone with authorized access to his computer used an unsecured browser to view a compromised advertisement on an ordinary website, which recruited the machine into a botnet, which used infected machines as a distributed filesystem.
It is also possible that a wardriver with a cantenna brute-forced his Wi-Fi WPS PIN and extracted the WPA password, obtaining easy access to the network.
It is also possible that the ISP regularly refreshes its IP leases, and gave the cops identifying information for the customer who had the IP at the time the request was made, rather than the customer that had the IP at the time the suspicious traffic was logged.
None of those scenarios are necessarily exculpatory alibis, but they may cast doubt on any hypothesis that purports to connect an IP to a particular person.
In practice, warrant-signing judges seem to believe that an IP address is analogous to a postal address, possibly because it also contains the word "address", which may be conceptually ingrained into their minds as a permanent physical location.
> The Internet is really complicated, how specifically would you write that warrant without details of the network design?
You've discovered the fundamental problem. You can't. An exit node IP address is completely useless for that purpose because it tells you nothing about where the ultimate endpoint is. The person who actually did it could be in Brazil or Korea or on the International Space Station. You have no actual information on which to base a search.
There is at least a reasonable argument to make that for most residential IP addresses the devices that use the IP address are in the same building as the NAT router. And then you have an obvious solution: You look at the NAT router and then you look at the devices it has given a DHCP lease to, as in most cases there will only be a small number of them which will be in the same building.
But that isn't always the case. The NAT router or one of the devices behind it could be routing traffic for a very large number of machines, e.g. an entire corporation or all of a small ISP's customers or a coffee shop's public wifi. And in those cases the number of different machines controlled by different people is large enough that the IP address no longer identifies anything with enough particularity to justify searching all of the possibilities.
Tor and other open proxies are the extreme far end of that spectrum. It could literally be anyone in the whole world. The IP address tells you nothing at all. And if you know it tells you nothing at all, it provides no justification to search anything in particular.
Pretty sure no one was claiming it should. Rather they are claiming that the police should be required to collect evidence showing probable cause. If raids on tor nodes find CP more then 50% of the time then yeah they are collecting enough evidence. But if they don't then the police are in violation of the Constitution.
I disagree. I like Tor so I'm kind of advocating the devil here, but although anyone could have used the node, it would be way too easy if any child pornography maker could install Tor and be completely exempt from checkups.
It's more like raiding the return address even if it says "I was just forwarding this, this is not the actual return address".
If you're messing around with CP, why would you want to use your own exit node though? Why not just use someone else's? I suppose it might help mitigate the risk of de-anon attacks on the Tor network, but it still sounds pretty sketchy.
There's no guarantee you would use your own node. It's entirely possible that the police could find actionable evidence on his systems even if the initiating evidence wasn't actually because of him. Sort of like a police office seeing what looks like a beer bottle in a drivers hand and pulling him over, only to find it's a rootbeer bottle, but the driver actually is drunk.
To make it fit this case, they got an anonymous call about drunk driving with a car that fits the description. It looks like it's just a root beer bottle, but it's not out of the question (IMHO) to stop the driver and make sure.
If "root beer" is tor traffic, and "beer" is illegal non-tor traffic, then they got an anonymous call about the driver holding a bottle. No evidence of drunkenness.
Well, not quite, but eh I can't make it perfect, it's a throwaway analogy.
No, the police showed up because a a report of child pornography was traced to his ip. An actual crime was reported and followed up on. Let's not lose that point, it's important.
Eh, its a yomi thing. At level 1 you want to run a node because the police will ignore you. It doesn't become a bad play until the police are on level 2.
And this return-address analogy needs to include the fact that a Tor node operator is cryptographically prevented from tracing backward toward the sender.
And that's what we get when simple possession of an image is a statutory crime with no means rea.
I can watch videos of people getting killed on reddit. I can watch rape videos. I can even watch videos of horrific crimes....
But how dare I watch someone under 18 get naked through a computer. Even if that someone is myself. The worst part is that, while in most other crimes, account for intentionality is considered. (Something falling in my cart while I walk out the store isn't shoplifting, yet shoving something in my pocket is.) Instead this "crime" frankly shouldn't be. It is proof a crime took place however. Its too easy to have a potential dangerous image... even from hosting a Tor gateway
Edit: at absolute minimum, there should be a mens rea requirement where possession or transmission of child pornography took place.
In honestly though, you're not wrong. Richard Stallman has his controversial stance on child porn as well and I tend to agree with him. It is really really bizarre that modern western society doesn't seem to have a problem with video of soldiers shooting up little kids in Baghdad, yet a picture of a teenager showing her breasts to her boyfriend via text is instant grounds for being locked up (in Australia there is a zero tolerance police and teenagers have gone to jail and are on sex offender registries for just that; although their sex offender databases are confidential and not as fucked up as America's).
However, sexual assault on children is a heinous crime. It's sad and destroys the lives of kids who parents hope to keep from getting tainted by the world as long as possible. It's not unjustified to hate this crime to the degree which it is, but it's also kinda bizarre we don't treat videos of kids getting shot the same way. People get off on that stuff too; sexually.
What's even more interesting about this case is that the police knew CP was downloaded from his IP address. That might because the United States has mandatory ISP reporting, or potentially his IP was found on a raided website:
I'm more interested in how that information was obtained, and whether that process involved violating the rights of individuals of people not associated at all with any crimes.
> Congratulations, you're now on an FBI watch list.
I'm not surprised. Considering I work with Tor extensively, along with cryptocurrencies and other 'interesting stuff', I guess I fit right in with the tech crowd on there.
I'm all for just punishment, from which I think pedophilia is most certainly a crime. It gets... fuzzy around a lot of areas though, especially after puberty up to 17. The law, frankly, is just a total mess. Sex- OK, sext- CP, fake license- pedophilia.... on and on.
The laws on child pornography are obviously formulated with pedophilia / child molesters in mind. Unfortunately, the laws ended up being a typical moral panic mess and ended up being overly harsh and broad. Minors charged with child pornography for sexting each other completely undermines the original intent of the law, in my opinion.
I'm curious what the laws / regulations would be for general social media, image hosts, and other businesses that host user content. It's pretty much a given that at some point, there will probably be some illegal content uploaded onto it (including potentially child pornography). In some ways, a Tor exit node sort of falls under that same boat: you are indirectly passing information generated / requested by users.
Now, Twitter or Facebook doesn't going to get raided / computers confiscated every time an illegal image passes through their network. But I'm sure the police may ask questions during investigations (and I'm sure the companies comply as best they can). So I honestly think what happened here is fine. (I'd think differently if the police automatically confiscated computers and trashed houses of Tor exit nodes for no reason.)
What's even more baffling, in many countries even virtual child porn is illegal. Drawings, computer-generated graphics, adult actors pretending to be children, ... everything. Personally, if pedophiles want to jerk off, I'd prefer they used fake child porn instead of actual kids.
The mailman is operating on behalf of the postal service. Since the postal service is basically the government, that's confusing, so let's say that we're talking about a FedEx delivery person delivering content that is inherently illegal. (Perhaps it's a controlled substance with no medical uses, perhaps it's counterfeit money, perhaps it's a chemical weapon, etc.)
It seems to me that it would be patently unreasonable to raid the FedEx employee's home, but it would be perfectly reasonable to hold FedEx the company responsible for not delivering such things. If it happened once, sure, raiding them is excessive. But if the government knew that FedEx, by design, actively did not care what they were delivering and made it hard for themselves to figure that out until it's loaded onto a truck for local delivery, and they had evidence that some drugs or weapons were being delivered, then sure, raiding the local FedEx distribution center and searching it seems within the realm of reasonable actions. Seizing all packages at that distribution center would be unreasonable, but the analog (seizing the computers) didn't happen.
Isn't that how UPS and FedEx actually work? You can go to FedEx with an already-sealed box and pay them cash to deliver it. They don't know what it is, they're not going to open it, it could be anything. Presumably they have some kind of policy against illegal substances, but how are they supposed to verify that? Some of the packages they deliver most certainly are narcotics or child pornography or some other illegal thing.
You're saying that should justify the FBI going to all the FedEx hubs and opening all the packages to check for various illegal stuff?
I do in fact think that if the FBI knew that certain people were using FedEx to reliably traffic in illegal substances inside sealed boxes, they would put pressure on FedEx to make it stop somehow, and raid them if they flatly refused. This might involve having them open the packages, but it more likely involves them identifying the people who these boxes come from and go to, and having them drop them as customers. And I am pretty confident that this does happen, because the profession of drug smuggling continues to exist, and druglords aren't just outsourcing their logistics to FedEx and UPS. I certainly agree that some fraction of their packages are illegal, but it's not straightforward to use the service this way.
Unlike UPS and FedEx, Tor makes this straightforward, and also tries to avoid knowing the identities of people who are sending things via their service. So the police don't have that option.
(Note that the above is simply a description of what Tor is currently doing, as I understand it, and not an attempt to make a moral judgment one way or the other as to what Tor should be doing.)
Drug smuggling continues to exist because drug smuggling is wholesale and FedEx is retail. And FedEx wouldn't know to provide security to prevent competing dealers from holding up their drivers.
I suspect that package services are used with high frequency by criminals without these constraints, e.g. the ones committing mail fraud. The police deal with this not by searching the contents of random packages but by arresting the actual perpetrators regardless of what they use for a delivery service.
There seems to be a common impression that if the police can't find you using one specific investigative method then they have to give up and go home. There are hundreds of different ways to catch criminals. Most of the ones people complain about the police losing are ones they never traditionally had to begin with.
You have this backwards. The only person in the world who can be suspected of having originated that traffic is the person from whose network the requests can be seen originating. There's no way for law enforcement to know he didn't make those connections until they investigate, and thus (as others have said on this thread) it would be dereliction of duty for the officers not to have raided him.
If you're going to run a TOR exit node, which you are absolutely free to do, you have to expect this to happen from time to time and be prepared to explain why you are not responsible for the traffic you appear to have originated.
Cost of doing business. If standing on principle was free, it would be unremarkable.
That cost of doing business is unacceptably high. It amounts to, "run a tor exit node, lose your 4th amendment rights... and your 5th amendment rights, if you want to keep your hardware... and consider your hardware compromised."
Who's going to run a tor exit node if that's the legal precedent?
It's also pointless. While it's possible for a CP collector or distributor to run an exit node as cover, why would they when they can just use tor for real for all their CP dealings?
Think of the ultimate consequences. Such a legal precedent would have CP and other criminal activity causing more collateral damage rather than less. If all it takes to get most tor exit node operators to shut them down is engaging in illegal activities that will draw the attention of the authorities, then I can imagine a lot of countries' intelligence and military services would have an interest in engaging in criminal activities using U.S. tor exit nodes to reduce the available pool of tor exit nodes.
Should they investigate libraries and coffee shops as well? How about the offices of businesses that offer VPN-based proxy services? Homes of those businesses' staff?
Absolutely. If a business is offering services that a customer is using to commit a crime, the police wouldn't be doing their jobs if they didn't go down and ask for logs.
You're conflating a raid with "asking for logs." If the police only asked the exit node operator if they had any logs there would hardly be any objection.
> The only person in the world who can be suspected of having originated that traffic is the person from whose network the requests can be seen originating.
The IP address presumably actually belongs to the exit node operator's ISP. By this logic they should be raiding them instead.
> There's no way for law enforcement to know he didn't make those connections until they investigate
There's no way for law enforcement to know that you didn't make those connections until they investigate. That shouldn't be justification for raiding you, should it?
> If you're going to run a TOR exit node, which you are absolutely free to do, you have to expect this to happen from time to time and be prepared to explain why you are not responsible for the traffic you appear to have originated.
They already knew it was an exit node.
> If standing on principle was free, it would be unremarkable.
That is a very poor justification for unnecessarily making it more expensive.
Not really. The mailman is operating on behalf of the government with specific policies and laws associated with it.
Tor is more like you operating as a volunteer delivery guy who is willing to pick up a locked box anywhere in the city for free and drop it off anywhere else that is requested. You have no idea what's in the box nor who you are picking it up from or dropping it off to.
Right--a common-carrier delivery service, like UPS, DHL, or FedEx, only they cannot snoop into the clients' private business, and clients are by design anonymous.
Common-carrier delivery service, like UPS, DHL, or FedEx are "aware of the "`type-of-content-that-may-be-in-the-box'." They are not held responsible for the actions of their clients of which they are unaware. The same holds true for telephone companies, Internet backbone providers, Internet service providers, and more. The same should hold true of Tor exit node operators.
While I applaud the police for being an unobtrusive as they could, this sort of discretionary enforcement is worrying in and of itself. In no small part, because it seems to set a precedent that they could have raided his house and impounded all his computer for no other reason than he was running a Tor exit node.
But it does give a judge something to point at and be like, "Why couldn't you do it here (in a different situation) like you did over there (this situation)?"
Running a Tor exit node in itself isn't a problem. The problem arises when the exit node operator knowingly is giving up control over the traffic going through his connection.
If you run a tor exit node you need to accept the fact there is a chance something illegal is passing through and that when it happens (as it did here) you are going to get investigated.
It would be irresponsible and neglectful for law enforcement not to raid this man's home.
They have copies of CP collected as evidence, therefore they are distributing it? By this logic, the DEA evidence locker might make them the biggest crack dealer in the US.
The FBI has, on multiple admitted occasions, ran both honeypots for CP, and on seizing a CP site, continued to run it for multiple months to get more suspects.
I have no issue with the intent, and such things are - in a restricted manner - allowed for, see prostitution stings.
But the fact that they -do- distribute CP is verifiable fact.
and the fact that they hold large amounts of CP -- which is the wording the prior post used -- is also verifiable fact.
I'm not even concerned that they hold it. Sometimes it's evidence. Sometimes it can be used to identify and rescue victims. Sometimes it just goes in a database and isn't ever accessed again. Meh.
The continued distribution is concerning, though I understand its purpose, and I presume there are reasonable safeguards in place such that the value in catching new suspects is higher than the harm done to the victims.
The only example I'm aware of, regarding your claim about the FBI operating a site for months, was not in fact the FBI continuing to operate a CP site. In that instance, they kept allowing attempts at signing up to access CP, they did not keep allowing access to the content; the FBI clarified that point when the story came out.
> It would be irresponsible and neglectful for law enforcement not to raid this man's home.
Common sense doesn't dictate a "RAID" here. A simple knock and a 2 minute conversation would suffice. No need to kick down a door at 6am for something simple. People get shot that way.
they raided his house because of child pornography.
that he had a Tor node and that fact got him off the hook is the part that needs more analysis. How do we know he doesn't operate the node for the very purpose of watching kiddy porn go by? Shouldn't everybody interested in child pornography operate their own exit node just for this purpose? Keep the kiddy porn collection in RAM for viewing whenever, then give the police the in-RAM-kiddy-porn-deleter password...
I understand that ghkbrew (and MANY other people here, not picking on you) subscribe to the idea that there should be untraceable currency, perfect privacy delivery mechanisms, etc.
But there are other people who live in the same democratic country that like the idea that somebody who bombthreats can be found.
I understand the issues on both sides, and I don't mind there is a spectrum of beliefs and a discussion. But it's so annoying when people write posts slanted like yours that they don't acknowledge the obvious "other side".
I read/heard something that David Mamet said, that he learned from the study of Jewish law (but it would apply everywhere) that in order for you to have the basis to discuss an argument with the other side, you need to be able to state the other side's argument in a way that the other side would not disagree with, then you get to make your point.
>How do we know he doesn't operate the node for the very purpose of watching kiddy porn go by?"
To support a warrant, the question has to be the other way around. As with any activity the could be in proximity to illegal activity, it's not, by itself, evidence of anything.
Tor network has only become "a thing" (as opposed to US military toy) only in the last few years. Half a decade ago such a log the police saw would probably be a clear-cut case of someone downloading or uploading child porn on the guy's network. Even with Tor being available, it's still worth checking out.
If they were that incompetent about computers they had no business running their own cp investigation. They would have mishandled evidence. They should have handed it off to the state police or the FBI.
Alternatively they could have just been bunch of dicks out to intimidate someone.
IIRC, in logic, an argument is essentially a function that takes premises and produces a conclusion. It's valid as long as the conclusion follows from the premises. The catch is that an argument being valid is not the same as the conclusion being true.
The point being (which we both understand, but not everyone here does) is that in logical terminology, a "valid" argument is one whose conclusions must be true were its premises all true. That is a valid argument, even though its first premise is obviously false, because were its premises true, then its conclusion must be true. A valid argument whose premises are all true is a "sound" argument. But, while philosophers and logicians respect this "sound"/"valid" distinction, in popular usage the word "valid" is used to mean "sound".
That is not a valid argument, because all animals do not live on mars. Your premises have the wrong type, and you have abused them to reach a fallacious conclusion.
This is what you meant to say:
Suppose all animals live on mars.
Suppose all humans are animals.
Therefore, if all animals live on mars, then all humans live on mars.
This argument passes the type-checking test, and is indeed valid.
I mean the type of the conclusion is wrong. If our argument includes premises of type Hypothetical then we may only make conclusions of type Implication, of the form "If <Hypotheticals are True> then <Fact>."
You are confusing the distinction between validity and soundness.
> That is not a valid argument, because all animals do not live on mars
It would be more accurate to say that it is not a sound argument because all animals do not live on mars. Validity relates to whether the conclusions follow from the premises, not whether the premises are true. (There are more constraints than that, but that's the basic version.)
I am aware of the distinction between soundness and validity, but logic has strict types. I am referring to the type of the conclusion being wrong. "Therefore, all humans live on Mars" is not a valid conclusion from those premises if their truth value is not established. One must conclude the entire proposition "Therefore, if all animals live on Mars, then all humans live on Mars" for the argument to be valid.
Our strict types are Fact, Hypothetical, and Implication. It is only valid to use possibly unsound premises if you admit their type as Hypothetical and not Fact. If our argument includes premises of type Hypothetical then it is only valid to make conclusions of type Implication, which have the form "If <Hypotheticals are True> then <Fact>."
Disguising Hypothetical-type premises as Fact-type, and using that to draw conclusions of type Fact instead of type Implication is how people create strawman arguments in bad faith, and can be prevented at the validity-checking phase by enforcing strict typing.
>I read/heard something that David Mamet said, that he learned from the study of Jewish law (but it would apply everywhere) that in order for you to have the basis to discuss an argument with the other side, you need to be able to state the other side's argument in a way that the other side would not disagree with, then you get to make your point.
>I thought that was a nice idea.
Its a truly terrible idea, and not surprising that it stems from someone who found religion worth studying. There is no need to delve into the depths of minutia to dismiss baseless arguments. If you argue that Spiderman is real, and he lives at the Justice League, I don't need to study canon of Marvel comics in order to deal with your argument.
You did not understand. Nothing about the GP's position states that you should make your opponent's case for him. In fact, you already met the criteria if your opponent does not disagree with your assessment that he "argues that Spiderman is real, and lives at the Justice League".
All he's saying is that you need to qualify what exactly the other person is arguing before you start arguing against it. It's a way of preventing strawmanning - you want to get the other person's central viewpoint out in the open, naked and unafraid, so that there is no ambiguity when you make your case. I don't usually do it, mostly because it's patronizing if the point is obvious, but I will do it if the person's argument is convoluted.
> someone who found religion worth studying
Like it or not, religion has been a cornerstone of history and civilization for about as long as there has been history or civilization. Secularism is a relatively recent invention, and secularism's influence has only been really felt in the last 50 years or so.
Religion is history, and history is definitely worthwhile to study.
That's a dangerous statement to make. Yes, religion has been hugely influential across societies. But religion has been equally succesful in rewriting history to suit its narrative.
I suspect religion has destroyed as much history as it has informed.
> "you want to get the other person's central viewpoint out in the open, naked and unafraid, so that there is no ambiguity when you make your case"
Related: you want to face the other person's central viewpoint in its strongest form ("strongest" in the sense of being the best or most compelling variant, not necessarily the variant which has the most supporters or the most vocal supporters.) This is in both sides' best interest, provided both are honest in their motivations.
If someone believes something that's not true, but you only "take down" a misrepresentation of their false belief, you haven't actually helped them, because they know you didn't answer their actual position. It may even strengthen their false belief, because they now have the experience of someone claiming to be able to criticize their position but failing to do so, which they may generalize to "critics of this position have no real argument".
And if someone believes something that is true, but you are able to show a misrepresentation or a weaker formulation of it is false, you haven't done yourself any good. You've missed an opportunity to learn something true, by distracting yourself with a superficially similar position that you can dismiss.
I think there's one exception, and that's the (very common) case where the arguer is leaving their point open to implication and then refuses to explicitly make it. The wink wink nudge nudgers. Then if you try to pin them down, they keep weaseling out of it while continuing to almost make their argument. After a point you just stop engaging them.
If the exit node only permits HTTPS connections out of it then it would be impossible for him to view the contents of exiting traffic, right? That one restriction would seem to absolve the operator of responsibility for the contents of the communications.
Except the communications were going through TOR in his house. If police traced the packets exiting from him, that means they already got the public IP server the porn was sent from or to, but it passed through his computer as the visible endpoint.
That meant it either proceeded elsewhere on the TOR network or stayed on his machine, and they had no external way of knowing without checking his hard drives.
The most likely scenario is that the Police were running a honeypot and tracing every IP that connected to it. Obviously this would pick up a lot of TOR exit nodes. One of the exit nodes is in their jurisdiction so they pay it a visit on the longshot chance that the exit node operator was also a pedophile.
If they knew he was running an exit node it smells a bit like a fishing trip, but since they didn't send the SWAT team in through the windows and hold his computers for 4 years out of spite (the Steve Jackson treatment) I have trouble faulting the cops too badly.
> If [police who conducted the search] knew he was running an exit node
They did know. Martin Kaste of National Public Radio [reported](http://www.npr.org/sections/alltechconsidered/2016/04/04/472...), "Seattle police spokesman Sean Whitcomb says the department understands how Tor relays work, and they knew Robinson was a Tor host."
> in order for you to have the basis to discuss an argument with the other side, you need to be able to state the other side's argument in a way that the other side would not disagree with, then you get to make your point.
This a great way of phrasing what I'd been thinking about as "arguing from someone else's shoes".
"How do we know he doesn't operate the node for the very purpose of watching kiddy porn go by"
Why would anyone do that? If he knows how to install Tor, why wouldn't he download it through somebody IP instead of his own? I can't see any technical advantage to downloading it using your own IP when you could use somebody elses...
The post you've originally replied to said "watch the CP go by". Someone else would fetch it over his exit node, giving him an alibi, and he would just keep a local copy as it passed through.
> "you need to be able to state the other side's argument in a way that the other side would not disagree with"
I particularly like a version of this termed the "Ideological Turing Test". The idea is to anonymously write both your position and an opposing position, and to see if an audience consisting of people from both sides (and, potentially, those who are neutral or are on some other side) can identify which side you actually support. If you can state both arguments convincingly enough that it's difficult to determine which one you really believe, then (according to adherents of this concept) you've earned the right to be critical. If, on the other hand, one side easily identifies you as an outsider, then you require further listening/study before you'll be capable of criticizing that side on a reasonable level.
While I think the process is more cumbersome than necessary, I agree with the underlying concept -- if you can't state someone else's argument in a way that they think is fair, then you either don't understand it well enough, or you understand but you're being intentionally disrespectful by choosing unfair characterizations.
> While I think the process is more cumbersome than necessary, I agree with the underlying concept -- if you can't state someone else's argument in a way that they think is fair, then you either don't understand it well enough, or you understand but you're being intentionally disrespectful by choosing unfair characterizations.
Well this part is still very troubling. Yes, only speculation, but informed and reasonable speculation none the less...
Given his early morning wake-up call last week and the fact that he may now have to get rid of his computers because he can't be sure what the police did to them while he was being questioned outside his apartment, Robinson says he may have to reassess whether it's practical for him to stand on that principle.
And they would have impounded all your computers. That's your choice to make, but I don't think it's obvious it's the correct choice. There's a lot of variables that go into that decision.
I can afford another machine right now, but will that put a monetary strain on other areas of my life that are important to me?
I can afford another machine, and I have backups, but the restoration of the backups is painful enough that I would prefer to avoid it.
I would prefer this episode be over with as quickly as possible as I'm not guilty, so should I comply to speed this process along? (note that I think this isn't necessarily guaranteed to be a good strategy).
Depending on what the police believe about the situation may greatly affect what is the path of least resistance and problems, but you unfortunately have very little insight into exactly what that is. In some cases, talking to and cooperating with the police is the easiest way to extricate yourself from the situation, and in other cases it's the easiest way that they can twist the situation to implicate you in some way. The safest way is to always have a lawyer present and never voluntarily give up information, but not everyone is in a situation that makes the safest choice easy to take.
And they would have likely taken all your shit as a punitive measure had you not complied. (I, too, run FDE on everything I own at home.)
All things considered, this dude dodged a bullet. I don't know if he was acting under the advice of counsel, but he came out relatively unscathed. This time.
This might be a shot across the bow designed to frighten those without the deep pockets of Apple. Just a reminder that The Man still has teeth when it comes to the 99%.
"We can seize all this money and put you in jail, or you can decide to talk to use without a lawyer and we'll let it all stay."
Coercing rights away is never a good situation to allow. Not that he was wrong in accepting it, but that the police were wrong in being able to offer the option.
It went "ok" because he consented to giving them unfettered access to his computers without his oversight when they had no reason to be there. This is more akin to police searching you car with no evidence of drugs, not finding drugs, and then letting you keep your car. It's still a hideous violation of your privacy for no reason.
If you take anything but a ridiculously short term view, the expectations of how police will treat people today are far higher than they have been in the history of the US.
We still have to recognize and confront the remaining problems, but national media attention and prosecution of police who commit murders is a step up from police committing murders with no consequences.
Consider the bias of people making such statements. Society hasn't actually moved to that point, but many anti-police advocates want you to believe it has. In actual reality, most encounters with the police don't result in arbitrary killings.
Moreover, repeating such statements only makes the situation worse - especially if its repeated on the (inter)national media scale. Most police officers are normal people (just like most people in general), but when the society in general starts treating them as enemies, it doesn't help them doing their job in peaceful and responsible manner.
US is a pathological case. I wrote this for the sake of fellow Europeans as well as the rest of the world, because I see the increase of anti-police sentiment (including linking to that "Don't talk to the police" YouTube video) in countries where it's not warranted.
Your implication that people who carry military equipment aren't meant to act like "normal people" would be incorrect even if it were the case that most police officers carried military equipment (which they don't.) The actions of the police in the posted article don't really support that assertion either.
They also supposedly know what Tor is, which would mean that they should also know they would need more than just 'it came from this IP endpoint' to have evidence of his wrongdoing.
Would they raid a Starbucks if someone used Starbucks wifi to distribute CP? No, they would need more evidence that someone at that Starbucks was doing it and not just someone who bought a cup of coffee there that day.
Tor is open wifi, the IP of the exit node doesn't provide evidence that the person running the exit node has anything to do with the traffic.
> which would mean that they should also know they would need more than just 'it came from this IP endpoint' to have evidence of his wrongdoing.
That's why they raided his house.
> Would they raid a Starbucks if someone used Starbucks wifi to distribute CP?
Of course they would. Obviously aiming to try and catch the perpetrator in the act, but also at least to get a good look at the network configuration.
"CP came from this IP endpoint" means crime is being committed using this network. It's perfectly reasonable for them to go and investigate. And as others point out, them knowing how Tor works makes no difference - otherwise people making/distributing CP would host their own exit nodes with the sole purpose of being able to point them out to police and tell that CP it's not their traffic.
They didn't jailed him, they checked if he is in fact involved - and finding no additional evidence, left him in peace.
They claim to know how Tor works, which means his network is a _relay_, not an origin, and that by Tor's nature it would have no record of the file passing through, when it happened, or more importantly where it was from. Cursory knowledge of how Tor works would tell you that this was a dead end before they left the station. IMHO it's clear this is an attempt to try to hold Tor operators responsible for the traffic of the Tor network, and in so doing, dissuade people from operating Tor endpoints. There is no other reason for this action, it's good old fashioned scare tactics.
It's quite misleading to state only that "they had evidence of child pornography that traced back to his computer network."
What they (Seattle Police Department) claim to have was a tip, from 4chan, filtered through a national clearinghouse, that about seven weeks prior someone had allegedly transferred to 4chan a video of an unidentified woman abusing an unidentified child in an unknown location at an unknown time, allegedly from an IP address that they discovered was assigned by an ISP to David and that they learned prior to the search was the exit point from an anonymizing proxy network.
SPD staff involved were familiar with Tor and thus knew that there was no more reason to suspect David--an outspoken critic of their public surveillance programs and other privacy-invading programs--of uploading the evidence of some woman's crime to 4chan than to suspect any of the many thousands of users of the Tor network of such. This was pure harassment.
Although my view won't be popular, running an exit mode and having to deal with this is not a smart thing to do. What is the upside vs. having to deal with this type of raid and perhaps police who are not so accommodating at some point? Why draw attention to yourself in this way? Also assumes that some rogue cop won't plant something on your device if it does get hauled away. Seems dangerous the way I see it.
That's what full disk encryption is for. It's not just a privacy tool but tamper protection as well.
IANAL but I sincerely hope one would not be compelled to unlock their device only in the presence of a police officer and prohibited from having a camera, lawyer, witness, judge, internal affairs officer, etc. present.
I'm happy with this level of response. It's a little bad in that they essentially coerced password disclosure and I'm guessing they would have acted on any other crime (say copyright violation) they happened to find during search. But, overall this is how Police should work / act. They need to investigate and they should investigate with consideration, care, moderation, and assumption of innocence until actual evidence indicates otherwise, they should ask for cooperation rather than assume hostile/adversarial stance.
They don't need to have SWAT no-knock the place. They don't need to seize and confiscate everything and make it very hard to recover. They don't need to handcuff anyone. They don't need to act like smug assholes. Etc.
Had it been the CIA, I wouldn't have trusted that there weren't hardware-based changes made, or things that would survive a reinstall. Replacing a USB cable with a wireless transmitter, etc.
Except now he has to wipe everything because their "search" likely involves plugging in a USB drive and infecting his machines with a RAT at the very least. Just given how many companies are out peddling RATs to LEAs like this I think we have to consider it a likely possibility.
> Robinson admits it might be safer, legally, to host the Tor relay on rented space from a commercial Internet service to avoid mingling his personal traffic with Tor, but he says he shouldn't have to.
It'd probably be safer still setup a nonprofit group to own and run the exit node(s).
The problem with running Tor nodes in a datacenter is that mingling your personal traffic with a Tor exit node provides plausible deniability for both you and the people using your node. It's impossible for an advisory to know which traffic is yours and which isn't. Dedicated Tor nodes are suspicious (and often get blacklisted) because they aren't a source of "legitimate" traffic, but Tor nodes run in people's homes don't.
In this scenario you are the somebody else hosting the exit node. For the anonymous strangers using the exit node you are hosting for them, they benefit from having their traffic mingled with yours because theirs won't stand out as much. For you, you benefit from having the anonymous strangers' traffic mingled with yours because anyone spying on you will be very confused.
My guess is that a professional analyst is not going to be particularly confused by the addition of a single user's non-Tor traffic to the firehose stream coming out of an exit node.
But that's just my guess. Perhaps somebody should ask @snowden.
You've got the proportions backwards. A typical Tor exit node only provides a few hundred kib/s of bandwidth, maybe a couple of mib/s for the more generous one. Your traffic, or even the neighbor mooching your WiFi, will be the firehose stream in comparison to that.
I don't understand this. If the police see the law being broken, they have an obligation to investigate, even if it's probably just the tor exit node.
Allowing any random person to forward mail through your address may not end up well for you either, but I think people are more willing to accept that they've opened themselves up to the liability in that case.
> If the police see the law being broken, they have an obligation to investigate
I have seen no reporting--not even in Detective Daljit Gill's affidavit in support of her application for search warrant (which I've read)--that police observed any violation of law related to the search. They claim to have received a tip, from 4chan, filtered through a national clearinghouse, that about seven weeks prior someone had allegedly transferred to 4chan a video of an unidentified woman abusing an unidentified child in an unknown location at an unknown time, allegedly from an IP address that they discovered was assigned by an ISP to David and that they learned prior to the search was the exit point from an anonymizing proxy network.
I'm not sure what this has to do with my comment. Is your point that they should not have bothered to investigate further because they found that there happened to be a TOR exit node? If so, I'm not sure it's a better situation, where the police say "eh, he's probably not trading in child porn himself. We can let this one go." That's just sloppy policing.
The point is not whether he was responsible for the child porn traffic, but whether they have an obligation to investigate, and I think they do. In this case, that means a raid, since it's an individual and not a business (a business would likely have people that would speak out, and individual mean that if he's guilty, there's no reason for him to incriminate himself). Even so, raids on businesses happen as well, when there is a belief a evidence might be destroyed.
Your assertion was based on the flawed premise that police observed a violation of law in this case. I have seen no indication that they saw such. They reportedly acted on a fourth-party tip about a third party claim that an unknown person transferred a file apparently containing evidence of a past crime to that third party's computer. I edited my comment to quote yours in clarification of this.
You are correct, but I think it's well within the purview of the police to decide to investigate a tip like that, even if it is a TOR exit node.
That is, I'll amend my earlier statement. If the police have been notified about a law being broken, it's within acceptable behavior to follow up on that tip.
In this case, while inmy eyes the existence of a TOR exit node might reduce the likelihood that the person running it was responsible for the traffic, it also raises the likelihood that the traffic existed in the first place in my opinion. That puts the police in an interesting position, in that depending on how they weight those items, they may decide to investigate further.
In any case, I think my point stands, which is that when you make yourself responsible for delivering other people's traffic without oversight, you are increasing the chance that something problematic may result. Thinking it should have no effect on you is unrealistic.
Imagine that police got a tip from some clearinghouse about contraband someone else claimed to have received via FedEx delivery of a sealed container, so they convinced a judge to authorize them to go into the FedEx depot to search for and seize any delivery vehicle, shipping carton, shipping label, or related documentation in sight. That's roughly what happened here, but worse, the Tor exit relay operator could not trace backward from the package they delivered to the person from whom it originated, and the police knew it.
Sure, the package could have been injected by somebody at the FedEx depot, but there is no evidence of such, and thus no cause for search.
I'm not sure why you're using an example I specifically addressed a few comments back in a way that accounts for nothing I said.
A business with multiple employees is not the same as an individual when investigating a crime, depending on whether you think it's likely that they are colluding.
The traffic of the suspect and TOR was mingled, therefor it is not possible to say whether the offending traffic was from TOR or the suspect. If it was from the suspect, there could have been traces on his systems.
A low probability is not the same as no possibility, and there was a possibility he was trading in child pornography. Your threshold for how high that probability should be compared to the investigating officers, or their superiors, may differ. At this point, it's subjective, which is what I was getting at in my prior comment.
In any case, this is irrelevant to my original point, which I already clarified in my prior comment. But to address what may have been your intent, yes, I believe that a package forwarding service may have some problems with the police from time to time. It may not be to the level you describe, but my point clearly does not require that.
To put it plainly, if you in any way enable illegal activity, even unknowingly, it's not entirely unexpected that at times you may face increased scrutiny, or legal misunderstandings. For the suspect in this case to say he "shouldn't have to" is not realistic. That would allow a de-facto smokescreen for real criminals to hide behind.
> I believe that a package forwarding service may have some problems with the police from time to time.
Yes, of course, they may. Police act in unethical or even unlawful manners from time to time. At question is not whether judges may warrant searches by police that they should not warrant, it is whether those searches should be warranted.
A fourth-party tip relayed through a third party about someone allegedly transferring via a computer network that provides locational privacy a file that apparently contains evidence of crime committed by an unidentified person in an unknown place at an unknown time is not any indication that the operator of the machine from which the file exited the anonymizing network onto the open Internet is party to any crime, whether that operator performs the service for fee, for free, at a commercial property, or at a residential property, as an individual, or as part of a group.
If the FBI was able to monitor your traffic they would still see the IP addresses to which your node was reaching out. Same goes if they are running a honeypot[0] that your IP is hitting (as could be the case in this instance[1]).
That might not be much in the way of concrete evidence, but if your exit node is hitting carder forums all day long it might be enough for them to still knock on your door.
I'm blown away that someone (obviously so security savvy) would willingly hand over their passwords. There's little sense accepting their assurances at face value in potentially serious matters. LE can and will lie pursuant to their duties. I suppose I'm even more surprised they didn't end up impounding all the equipment anyways.
It seems to me the risk is almost entirely on the police in this scenario, meddling with running equipment is far from forensically sound and potentially leaves ample room for doubt in court. Volunteering to comply with the police request would also seem to exemplify the searchee's own presumption of innocence
You never corporate with the police. It doesn't matter if you're innocent. It doesn't matter if you're guilty. The police are not your friends. They are not there to help you. They don't give a shit about you. Never comply with police. Never consent to a search. They had a warrant in this case so it wouldn't have mattered, but he still shouldn't have consented. He should have never given them his passwords. He should have waited for a lawyer. He made so many mistakes that I'm surprised he isn't in jail for incompetence.
I think you're misinterpreting that idea, it's about not granting the police privilege they did not already possess. In this case the police are offering to trade the privilege of airtight, forensically sound evidence collection in for the chance to grab secrets hiding in RAM. If the machine had no such secrets, there is nothing to lose and everything to gain
I'm a little confused. So you want to potentially give the police access to additional evidence (via your passwords/decryption keys) in the hopes that they will fuck something up or make a custodial error in the process of recovering it? You have everything to lose by giving them your passwords, even if you are innocent of the charges. You're under no obligation to give them your passwords or empty the contents of your brain in their presence. Why give them the opportunity to find something else? Who knows whether the machine has something they will find interesting. You shouldn't be providing LE with anything like this absent the advice of your attorney. There's too much to lose.
No, he potentially gives the police access to additional evidence (via your passwords/decryption keys) in the hopes that the police don't do what they usually do (and what is in their right to do): confiscate all his electronic equipment and data including all backups of photos, videos, work projects, documents-in-progress, archives etc and not give it back for years.
No, Apple should definitely not be in a position of running TOR nodes. All it takes is one National Security Letter and a Secret Court ruling that makes it so they have to compromise that endpoint for law enforcement / anti-terrorism organizations.
They need to keep doing what they have been doing with the recent FBI case and bringing these things out into the public's view. There is far too many things happening to subvert our privacy that we know nothing about...
Are you suggesting that nobody (companies or individuals) in the US or five eyes countries should run TOR nodes since the government can slap them with a court order?
From a personal safety standpoint, that is what I would suggest at least. Running a Tor exit means that you're the one who's going to get the knock on the door when a crook uses your connection for crookery.
I'd rather not deal with the police at all, in any capacity.
You can tell the exit node which out-bound ports you want to allow. So for example, you can deny port 25 traffic so people can't send spam (as easily) anonymously via your exit.
If I ever get the balls to host an exit node myself, I'd likely only allow port 22. Even allowing 443 seems a bit risky after reading this.
Technically speaking, you can do whatever you want to traffic passing in/out of your node. In practice I recall reading that there's some degree of monitoring on the network that attempts to detect and flag misbehaving exit nodes.
You could certainly, for example, redirect HTTP traffic through the Internet Watch Foundations child-porn filters, if you had the connections.
I went to law school at the University of Washington and graduated in 2013 and I actually did a little research about Tor while I was there and we talked to some people fairly high up in Seattle area law enforcement and honestly I'm surprised at how fast they've come along.
At the time, we couldn't find anyone who had even heard of Tor (not to say there weren't lots of people who were familiar, just that we didn't find any of them), let alone thought through the implications of someone running an exit node so I find it interesting that they didn't just seize all of his equipment. Based on my experience, I would not have predicted such an "artful" search, to use words from the article, even just a couple years ago.
In his position, I would immediately cease operations after that police software was used on the system. Resume operations only after restoring from a clean backup taken prior to the raid.
Why would anybody give up their password & allow the police to work on your computer? Let them take the systems and accept the risk that running a TOR node in this day and age will get you a visit from the police or similar.
This guy gave up the password & now doesn't trust what they did to his systems. He has to get rid of them now? This is no different if they took his computers away without knowing his passwords.
What if this guys was working with the police all along. Now some guy decides to give away his password to the police so they can check his computer? Sounds fucking suspicious to me. I guess they are testing the waters to see if other TOR node exit maintainers are going to do the same.
Listen up! Never give your password out. Encrypt your systems & keep them separated if you are running a TOR node. Let them take your systems, because you will have to trash them anyway if you grant them access.
Should the police be allowed to do this? I don't know. Obviously the line has to be drawn somewhere right? Child pornography isn't like narcotics. It isn't in any way a victimless crime and I would prefer that the police be able to inhibit its distribution. But then again if they had taken the same actions because someone was purchasing drugs I would be totally opposed. Severity of a crime is subjective, but a the law is still the law no matter how unfair it may seem. My point is that either the police should be allowed to take these actions or they shouldn't and the crime in question shouldn't really enter the picture. Actions taken based on one type of crime can be fairly easily justified for another. This is why in the US free speech is limited as little as is possible. It's a slippery slope. So I think the real question is if you operate a Tor exit node and something illegal passes through it should the police be able to compel you to release the passwords to your servers. I think they probably shouldn't. You would be hard pressed to find a Tor node that something illegal hasn't passed through. Does that give police carte blanche to access any information on any Tor node they want? Maybe.
Seattle, and most of cascadia for that sake, is a complete police state. They are far enough and fringe enough from the rest of the population to get away with whatever they would like.
The german criminal police (in US: FBI) once called me and insisted on a good talk because of something. They finally visited me sensibly at my workplace, dressed up as customers (promised not to tell my coworkers who they really were). Then they told me there had been terror threats for thr Ukraine coming from my TOR server (they knew about Tor...). Bad thing: the terror threat had been some weeks ago and I had reinstalled the server three days before (without Tor) and all logs/evidences had been destroyed. Luckily, they believed me and left me after I simply gave them all passwords concerning the case.
I have not run a Tor server since then. I support the concept, but it can bring you real trouble.
What's crazy is that the cops knew this was a TOR exit node and they still crashed the party. Makes you question their motives and tactics. A simple polite knock would have saved everyone the trouble but I suspect the police wanted to make a point.
Someone I know (in the UK) was arrested and spent a day in a cell when some criminal postings to Twitter were traced to his Tor exit node.
When the police interviewed him and admitted they _knew_ what a Tor exit node was, and that he was unlikely to be responsible for the traffic. But they did want him to know that running a Tor exit node makes their life harder, and would land him in this sort of trouble.
(I can't remember the exact words he reported, but it was outright intimidation).
I'm disgusted the detectives carried around child porn even tho it's evidence and not only brought it to a potential crime scene but offered to show it to him.
Would they bring around cocaine or a gun from another scene? I'm assuming the police officer is exempt from distributing child porn as long as he's accusing of something before showing it.
Having read various police forensic reports, I'd say this is normal. They need the hash of the image to do a forensic sweep of his computer. The search for porn would be mostly automated, especially considering they are searching for one specific image which is probably what the warrant was limited to.
Then they would probably want to compare the image itself if it was detected on the harddrive, instead of relying purely on the file hash.
> considering they are searching for one specific image
That was not the case. They were authorized by warrant to search for the following, which I transcribed from a copy of the affidavit in support of application for warrant:
A. Personal computer hardware to include, the computer system case with internal components, motherboard, CPU, memory, etc., internal and peripheral storage devices (such as fixed disks, external hard disks, floppy disk drives and diskettes, tape drives and tapes, zip drives, optical storage devices, transistor-like binary devices, video cameras, digital cameras, cell phones, and any other memory storage devices); peripheral input/output devices (such as keyboards, mouse/track ball/pad, video display monitor); and all related cables, power cords and connections, RAM or ROM units or CD ROM; as well as any devices, mechanisms, or parts that cat be used to restrict access to computer hardware (such as physical keys and locks).
B. Computer software applications used by the computer system and any related components.
C. Computer-related documentation that explains or illustrates how to configure or use the computer hardware, software, or other related items/devices. The documentation consists of written, recorded, printed, or electronically stored material.
D. Computer-related passwords and other data security devices designed to restrict access or hide computer software, documentation, or data.
E. Digital data that may be kept on any computer related storage device listed in 'A' above. The specific data will be (or will contain or incorporate) digital video and/or image files depicting minors engaged in sexually explicit conduct, any digital data related to the trading or exchange of depictions of minors engaged in sexually explicit conduct, and any digital "user attribution" evidence to include, but not limited to, registry information, configuration files, user profiles, e-mail, e-mail address books, "chat," instant messaging logs, photographs, and correspondence (and the data associated with the foregoing, such as file creation and last accessed dates) that may be evidence of who used or controlled hte computer or storage medium at a relevant time.
F. Photographs of the interior and exterior of the listed residence.
G. Papers showing dominion and control.
H. Any other evidence of the crimes of RCW 9.68A.070, to include but not limited to videotapes, books, magazines, catalogs, photographs, film, diaries, or other documents pertaining to the possession or dealing of child pornography, to include printed material documenting any communication with other persons regarding the trading or exchange of depictions of minors engaged in sexually explicit conduct.
How many bytes do I need? In the countries that have laws against cartoons, can I make an illegal favicon? Can I design a neural network which generates illegal favicons?
More seriously, criminalizing data is a terrible, terrible idea, simply because it provides a backdoor into the justice system.
209 comments
[ 6.0 ms ] story [ 241 ms ] thread> "Knowing that, moving in, it doesn't automatically preclude the idea that the people running Tor are not also involved in child porn," Whitcomb says. "It does offer a plausible alibi, but it's still something that we need to check out."
> Whitcomb also says Seattle police were "artful" in the way they did the search. Instead of impounding all of Robinson's computers, which the warrant would have allowed, they offered to search them on the premises as long as he consented to turning over his passwords. He did, and they let him keep his machines after they scanned them.
This is the important part. They didn't shut down the exit node. They didn't even take away the computer. This sounds bad, but in all honesty, it could have gone at lot worse.
Or do you mean they install their own "special" tor exit node on his machine?
There have been various public and leaked catalogues of law enforcement tools put online now, these abilities are commoditized and packaged in a user friendly manner. This is pretty old news at this point.
Do you think that they came up with this in their emergency war room, as they planned out the sneak attack on the Tor node, or was this a more general policy developed over the previous months and years and this was just one of the first times they got to practice it?
Most famously, because they were recently hacked themselves, the Milan based company Hacking Team. The intercept has a good breakdown of their software manual here: https://theintercept.com/2014/10/30/hacking-team/#manuals
There are many others out there, this cell phone related catalogue is really interesting: https://theintercept.com/2015/12/17/a-secret-catalogue-of-go...
Any company considered a "defense contractor" will probably offer tools along these lines. They are in high demand.
Of course the FBI, Homeland security and the NSA have their own tools as well. And they share with local law enforcement (probably not the latest and greatest ones).
> Do you think that they came up with this in their emergency war room, as they planned out the sneak attack on the Tor node,
I don't really have any idea what the Seattle PD methods or procedures would be, but they knew what TOR was and tracked the traffic to his exit node. I doubt it was the same cops who did that part ... so how likely was it that this briefing didn't include anything like "Just plug the CriminalBuster(tm) box into the computer until the light turns green, then coordinate with Bob to get access to the information you want later. You can get things like X, Y and Z from the CriminalBuster. To requisition a unit fill out form TPS-01 and give it to John."
The entire reason to commoditize these things is to make it easy to use within an inefficient bureaucracy that doesn't have a lot of tech training or a "war room". Just like they have done with phone taps or gps car trackers for years.
> this was just one of the first times they got to practice it?
Why assume this was the first time? It's standard practice for all sorts of infosec workers, journalists, etc to assume this was done to their laptop if it was out of their hands. You can literally download one of these and put it on a usb stick yourself (for your own personal use of course, anything else would be very illegal).
Can someone show me the Seattle PD budget that has in it those kinds of purchases?
Can you show me where they'd at least hide it in the budget somehow? This isn't DOD black ops slush funds, after all.
Maybe these defense contractors do it for free, out of the goodness of their hearts?
I don't make the mistake of thinking that the government or its agencies are the good guys who would never do anything underhanded. But I feel pretty safe believing that they're A) incompetent and B) piss-poor strategists and C) not interested in anything but the current investigation.
The idea that they've Jason Bourned his computer is absurd paranoid blather.
I think you have a miss-calibrated idea of how hard/technical/uncommon/expensive this is. This is the IT equivalent of collecting DNA, not Jason Bourne stuff.
Funnily enough the annual National Technical Investigators Association conference is in Seattle this year.
Tacoma PD has at least one Stingray. Tacoma. That's a few orders of magnitude more expensive and complex than a little usb drive.
Want to see the FinFisher price list? https://wikileaks.org/spyfiles/docs/DREAMLAB_2011_FinFPric_e... I wonder what the "1x Auto-Exec USB Dongle" or "10x Activated FinUSB Dongles" lines refer to? Why wonder, you can read the catalog.
They have identified a number of western LEO's on that customer list, no American ones yet but FinFisher is just one company and there are FinFisher command and control servers in the US.
Anyway, I'm responding just because I am interested in the subject and not because I think a dialogue is going to happen here and that's not the best use of my time.
I think you have little experience with cops. It's surprising they can figure out shoe laces.
Running a Tor exit node shouldn't give you some blanket against police investigations.
B. As others have said 6:00 AM is among the most likely time that most working professionals will be home.
C. I'm not sure what his status as an exit node operator has to do with the hour at which a search is executed?
A warrant based on an IP address should be specific to the computing device associated with that IP address at the time it was logged. The cops should never be able to threaten someone with additional seizures--beyond what is specified on the warrant--to coerce cooperation.
Just the NAT router? Computer(s) behind the NAT router? Phones which have wi-fi and may or may not have been on it at the time? Computers on the other end of the site-site VPN which routes traffic out that NAT router to get around Geo IP restrictions? Any computer in the world which has TOR installed and therefore may have been "behind" that NAT router?
The Internet is really complicated, how specifically would you write that warrant without details of the network design?
Many conflate reasonable doubt with "any doubt whatsoever", and think that any excuse that can be concocted which is technically feasible is an alibi. "But Your Honor, it is possible that someone snuck into his house, spoofed his MAC address to get on his Wifi, used that to download this and that, and then left undetected!"
So there's a standard of reasonability, and there should be corroborating evidence.
Should, at least. In theory.
But if it is not reasonable to believe that an IP address is connected with a person, it is not justifiable to search or seize anything else that person may own or possess, beyond the particular device identified by the IP. I don't think an IP address alone is sufficient to even meet the probable cause standard.
It is also possible that someone with authorized access to his computer used an unsecured browser to view a compromised advertisement on an ordinary website, which recruited the machine into a botnet, which used infected machines as a distributed filesystem.
It is also possible that a wardriver with a cantenna brute-forced his Wi-Fi WPS PIN and extracted the WPA password, obtaining easy access to the network.
It is also possible that the ISP regularly refreshes its IP leases, and gave the cops identifying information for the customer who had the IP at the time the request was made, rather than the customer that had the IP at the time the suspicious traffic was logged.
None of those scenarios are necessarily exculpatory alibis, but they may cast doubt on any hypothesis that purports to connect an IP to a particular person.
In practice, warrant-signing judges seem to believe that an IP address is analogous to a postal address, possibly because it also contains the word "address", which may be conceptually ingrained into their minds as a permanent physical location.
You've discovered the fundamental problem. You can't. An exit node IP address is completely useless for that purpose because it tells you nothing about where the ultimate endpoint is. The person who actually did it could be in Brazil or Korea or on the International Space Station. You have no actual information on which to base a search.
There is at least a reasonable argument to make that for most residential IP addresses the devices that use the IP address are in the same building as the NAT router. And then you have an obvious solution: You look at the NAT router and then you look at the devices it has given a DHCP lease to, as in most cases there will only be a small number of them which will be in the same building.
But that isn't always the case. The NAT router or one of the devices behind it could be routing traffic for a very large number of machines, e.g. an entire corporation or all of a small ISP's customers or a coffee shop's public wifi. And in those cases the number of different machines controlled by different people is large enough that the IP address no longer identifies anything with enough particularity to justify searching all of the possibilities.
Tor and other open proxies are the extreme far end of that spectrum. It could literally be anyone in the whole world. The IP address tells you nothing at all. And if you know it tells you nothing at all, it provides no justification to search anything in particular.
It's more like raiding the return address even if it says "I was just forwarding this, this is not the actual return address".
Well, not quite, but eh I can't make it perfect, it's a throwaway analogy.
And this return-address analogy needs to include the fact that a Tor node operator is cryptographically prevented from tracing backward toward the sender.
I can watch videos of people getting killed on reddit. I can watch rape videos. I can even watch videos of horrific crimes....
But how dare I watch someone under 18 get naked through a computer. Even if that someone is myself. The worst part is that, while in most other crimes, account for intentionality is considered. (Something falling in my cart while I walk out the store isn't shoplifting, yet shoving something in my pocket is.) Instead this "crime" frankly shouldn't be. It is proof a crime took place however. Its too easy to have a potential dangerous image... even from hosting a Tor gateway
Edit: at absolute minimum, there should be a mens rea requirement where possession or transmission of child pornography took place.
In honestly though, you're not wrong. Richard Stallman has his controversial stance on child porn as well and I tend to agree with him. It is really really bizarre that modern western society doesn't seem to have a problem with video of soldiers shooting up little kids in Baghdad, yet a picture of a teenager showing her breasts to her boyfriend via text is instant grounds for being locked up (in Australia there is a zero tolerance police and teenagers have gone to jail and are on sex offender registries for just that; although their sex offender databases are confidential and not as fucked up as America's).
However, sexual assault on children is a heinous crime. It's sad and destroys the lives of kids who parents hope to keep from getting tainted by the world as long as possible. It's not unjustified to hate this crime to the degree which it is, but it's also kinda bizarre we don't treat videos of kids getting shot the same way. People get off on that stuff too; sexually.
What's even more interesting about this case is that the police knew CP was downloaded from his IP address. That might because the United States has mandatory ISP reporting, or potentially his IP was found on a raided website:
http://chartsbin.com/view/q4y
I'm more interested in how that information was obtained, and whether that process involved violating the rights of individuals of people not associated at all with any crimes.
I'm not surprised. Considering I work with Tor extensively, along with cryptocurrencies and other 'interesting stuff', I guess I fit right in with the tech crowd on there.
I'm all for just punishment, from which I think pedophilia is most certainly a crime. It gets... fuzzy around a lot of areas though, especially after puberty up to 17. The law, frankly, is just a total mess. Sex- OK, sext- CP, fake license- pedophilia.... on and on.
Whether that is a mental health asylum, prison, or somewhere/somehow else, so be it.
I don't think they should be abused either, as it's a popular trend in the penal system to use rape as an informal deterrent for criminals.
Or do you believe that e.g. audiophiles hump their speakers, and bibliophiles use the library for public orgies?
Well, yes. But only because it's really easy to imagine after browsing their forums.
Homosexuality was viewed as psychiatric disorder not too long ago as well. Although some people still think it is - are you one of them?
I'm sure I'm sitting nice and pretty on several lists.
I'm curious what the laws / regulations would be for general social media, image hosts, and other businesses that host user content. It's pretty much a given that at some point, there will probably be some illegal content uploaded onto it (including potentially child pornography). In some ways, a Tor exit node sort of falls under that same boat: you are indirectly passing information generated / requested by users.
Now, Twitter or Facebook doesn't going to get raided / computers confiscated every time an illegal image passes through their network. But I'm sure the police may ask questions during investigations (and I'm sure the companies comply as best they can). So I honestly think what happened here is fine. (I'd think differently if the police automatically confiscated computers and trashed houses of Tor exit nodes for no reason.)
It seems to me that it would be patently unreasonable to raid the FedEx employee's home, but it would be perfectly reasonable to hold FedEx the company responsible for not delivering such things. If it happened once, sure, raiding them is excessive. But if the government knew that FedEx, by design, actively did not care what they were delivering and made it hard for themselves to figure that out until it's loaded onto a truck for local delivery, and they had evidence that some drugs or weapons were being delivered, then sure, raiding the local FedEx distribution center and searching it seems within the realm of reasonable actions. Seizing all packages at that distribution center would be unreasonable, but the analog (seizing the computers) didn't happen.
You're saying that should justify the FBI going to all the FedEx hubs and opening all the packages to check for various illegal stuff?
Unlike UPS and FedEx, Tor makes this straightforward, and also tries to avoid knowing the identities of people who are sending things via their service. So the police don't have that option.
(Note that the above is simply a description of what Tor is currently doing, as I understand it, and not an attempt to make a moral judgment one way or the other as to what Tor should be doing.)
I suspect that package services are used with high frequency by criminals without these constraints, e.g. the ones committing mail fraud. The police deal with this not by searching the contents of random packages but by arresting the actual perpetrators regardless of what they use for a delivery service.
There seems to be a common impression that if the police can't find you using one specific investigative method then they have to give up and go home. There are hundreds of different ways to catch criminals. Most of the ones people complain about the police losing are ones they never traditionally had to begin with.
If you're going to run a TOR exit node, which you are absolutely free to do, you have to expect this to happen from time to time and be prepared to explain why you are not responsible for the traffic you appear to have originated.
Cost of doing business. If standing on principle was free, it would be unremarkable.
Who's going to run a tor exit node if that's the legal precedent?
It's also pointless. While it's possible for a CP collector or distributor to run an exit node as cover, why would they when they can just use tor for real for all their CP dealings?
Think of the ultimate consequences. Such a legal precedent would have CP and other criminal activity causing more collateral damage rather than less. If all it takes to get most tor exit node operators to shut them down is engaging in illegal activities that will draw the attention of the authorities, then I can imagine a lot of countries' intelligence and military services would have an interest in engaging in criminal activities using U.S. tor exit nodes to reduce the available pool of tor exit nodes.
The IP address presumably actually belongs to the exit node operator's ISP. By this logic they should be raiding them instead.
> There's no way for law enforcement to know he didn't make those connections until they investigate
There's no way for law enforcement to know that you didn't make those connections until they investigate. That shouldn't be justification for raiding you, should it?
> If you're going to run a TOR exit node, which you are absolutely free to do, you have to expect this to happen from time to time and be prepared to explain why you are not responsible for the traffic you appear to have originated.
They already knew it was an exit node.
> If standing on principle was free, it would be unremarkable.
That is a very poor justification for unnecessarily making it more expensive.
Tor is more like you operating as a volunteer delivery guy who is willing to pick up a locked box anywhere in the city for free and drop it off anywhere else that is requested. You have no idea what's in the box nor who you are picking it up from or dropping it off to.
This doesn't stop police from raiding them.
Not much, admittedly, but it's something.
Running a Tor exit node in itself isn't a problem. The problem arises when the exit node operator knowingly is giving up control over the traffic going through his connection.
If you run a tor exit node you need to accept the fact there is a chance something illegal is passing through and that when it happens (as it did here) you are going to get investigated.
It would be irresponsible and neglectful for law enforcement not to raid this man's home.
I have no issue with the intent, and such things are - in a restricted manner - allowed for, see prostitution stings.
But the fact that they -do- distribute CP is verifiable fact.
I'm not even concerned that they hold it. Sometimes it's evidence. Sometimes it can be used to identify and rescue victims. Sometimes it just goes in a database and isn't ever accessed again. Meh.
The continued distribution is concerning, though I understand its purpose, and I presume there are reasonable safeguards in place such that the value in catching new suspects is higher than the harm done to the victims.
At that, one has to assume that they "planted" the image in question because they've proven their willingness to play dirty.
Common sense doesn't dictate a "RAID" here. A simple knock and a 2 minute conversation would suffice. No need to kick down a door at 6am for something simple. People get shot that way.
they raided his house because of child pornography.
that he had a Tor node and that fact got him off the hook is the part that needs more analysis. How do we know he doesn't operate the node for the very purpose of watching kiddy porn go by? Shouldn't everybody interested in child pornography operate their own exit node just for this purpose? Keep the kiddy porn collection in RAM for viewing whenever, then give the police the in-RAM-kiddy-porn-deleter password...
I understand that ghkbrew (and MANY other people here, not picking on you) subscribe to the idea that there should be untraceable currency, perfect privacy delivery mechanisms, etc.
But there are other people who live in the same democratic country that like the idea that somebody who bombthreats can be found.
I understand the issues on both sides, and I don't mind there is a spectrum of beliefs and a discussion. But it's so annoying when people write posts slanted like yours that they don't acknowledge the obvious "other side".
I read/heard something that David Mamet said, that he learned from the study of Jewish law (but it would apply everywhere) that in order for you to have the basis to discuss an argument with the other side, you need to be able to state the other side's argument in a way that the other side would not disagree with, then you get to make your point.
I thought that was a nice idea.
To support a warrant, the question has to be the other way around. As with any activity the could be in proximity to illegal activity, it's not, by itself, evidence of anything.
Alternatively they could have just been bunch of dicks out to intimidate someone.
You only need to be able to understand a valid argument. The problem is that everyone will evaluate "valid" by their own beliefs and worldview.
But there are some it doesn't catch. This is a valid argument:
This is what you meant to say:
This argument passes the type-checking test, and is indeed valid.> That is not a valid argument, because all animals do not live on mars
It would be more accurate to say that it is not a sound argument because all animals do not live on mars. Validity relates to whether the conclusions follow from the premises, not whether the premises are true. (There are more constraints than that, but that's the basic version.)
Our strict types are Fact, Hypothetical, and Implication. It is only valid to use possibly unsound premises if you admit their type as Hypothetical and not Fact. If our argument includes premises of type Hypothetical then it is only valid to make conclusions of type Implication, which have the form "If <Hypotheticals are True> then <Fact>."
Disguising Hypothetical-type premises as Fact-type, and using that to draw conclusions of type Fact instead of type Implication is how people create strawman arguments in bad faith, and can be prevented at the validity-checking phase by enforcing strict typing.
>I thought that was a nice idea.
Its a truly terrible idea, and not surprising that it stems from someone who found religion worth studying. There is no need to delve into the depths of minutia to dismiss baseless arguments. If you argue that Spiderman is real, and he lives at the Justice League, I don't need to study canon of Marvel comics in order to deal with your argument.
> someone who found religion worth studying
Like it or not, religion has been a cornerstone of history and civilization for about as long as there has been history or civilization. Secularism is a relatively recent invention, and secularism's influence has only been really felt in the last 50 years or so.
Religion is history, and history is definitely worthwhile to study.
That's a dangerous statement to make. Yes, religion has been hugely influential across societies. But religion has been equally succesful in rewriting history to suit its narrative.
I suspect religion has destroyed as much history as it has informed.
Related: you want to face the other person's central viewpoint in its strongest form ("strongest" in the sense of being the best or most compelling variant, not necessarily the variant which has the most supporters or the most vocal supporters.) This is in both sides' best interest, provided both are honest in their motivations.
If someone believes something that's not true, but you only "take down" a misrepresentation of their false belief, you haven't actually helped them, because they know you didn't answer their actual position. It may even strengthen their false belief, because they now have the experience of someone claiming to be able to criticize their position but failing to do so, which they may generalize to "critics of this position have no real argument".
And if someone believes something that is true, but you are able to show a misrepresentation or a weaker formulation of it is false, you haven't done yourself any good. You've missed an opportunity to learn something true, by distracting yourself with a superficially similar position that you can dismiss.
That meant it either proceeded elsewhere on the TOR network or stayed on his machine, and they had no external way of knowing without checking his hard drives.
If they knew he was running an exit node it smells a bit like a fishing trip, but since they didn't send the SWAT team in through the windows and hold his computers for 4 years out of spite (the Steve Jackson treatment) I have trouble faulting the cops too badly.
They did know. Martin Kaste of National Public Radio [reported](http://www.npr.org/sections/alltechconsidered/2016/04/04/472...), "Seattle police spokesman Sean Whitcomb says the department understands how Tor relays work, and they knew Robinson was a Tor host."
This a great way of phrasing what I'd been thinking about as "arguing from someone else's shoes".
Why would anyone do that? If he knows how to install Tor, why wouldn't he download it through somebody IP instead of his own? I can't see any technical advantage to downloading it using your own IP when you could use somebody elses...
Download from somebody elses IP = Probably not at all associated with himself.
Download from his own IP = Definitely associated with himself.
Again. What would be the advantage of doing this? There isn't one...
I particularly like a version of this termed the "Ideological Turing Test". The idea is to anonymously write both your position and an opposing position, and to see if an audience consisting of people from both sides (and, potentially, those who are neutral or are on some other side) can identify which side you actually support. If you can state both arguments convincingly enough that it's difficult to determine which one you really believe, then (according to adherents of this concept) you've earned the right to be critical. If, on the other hand, one side easily identifies you as an outsider, then you require further listening/study before you'll be capable of criticizing that side on a reasonable level.
While I think the process is more cumbersome than necessary, I agree with the underlying concept -- if you can't state someone else's argument in a way that they think is fair, then you either don't understand it well enough, or you understand but you're being intentionally disrespectful by choosing unfair characterizations.
This is brilliant, I love it.
Given his early morning wake-up call last week and the fact that he may now have to get rid of his computers because he can't be sure what the police did to them while he was being questioned outside his apartment, Robinson says he may have to reassess whether it's practical for him to stand on that principle.
I guess in truth it might be "do your backups actually work", but if that's false then you're already in trouble.
I can afford another machine right now, but will that put a monetary strain on other areas of my life that are important to me?
I can afford another machine, and I have backups, but the restoration of the backups is painful enough that I would prefer to avoid it.
I would prefer this episode be over with as quickly as possible as I'm not guilty, so should I comply to speed this process along? (note that I think this isn't necessarily guaranteed to be a good strategy).
Depending on what the police believe about the situation may greatly affect what is the path of least resistance and problems, but you unfortunately have very little insight into exactly what that is. In some cases, talking to and cooperating with the police is the easiest way to extricate yourself from the situation, and in other cases it's the easiest way that they can twist the situation to implicate you in some way. The safest way is to always have a lawyer present and never voluntarily give up information, but not everyone is in a situation that makes the safest choice easy to take.
All things considered, this dude dodged a bullet. I don't know if he was acting under the advice of counsel, but he came out relatively unscathed. This time.
This might be a shot across the bow designed to frighten those without the deep pockets of Apple. Just a reminder that The Man still has teeth when it comes to the 99%.
"We can seize all this money and put you in jail, or you can decide to talk to use without a lawyer and we'll let it all stay."
Coercing rights away is never a good situation to allow. Not that he was wrong in accepting it, but that the police were wrong in being able to offer the option.
If you take anything but a ridiculously short term view, the expectations of how police will treat people today are far higher than they have been in the history of the US.
We still have to recognize and confront the remaining problems, but national media attention and prosecution of police who commit murders is a step up from police committing murders with no consequences.
Would they raid a Starbucks if someone used Starbucks wifi to distribute CP? No, they would need more evidence that someone at that Starbucks was doing it and not just someone who bought a cup of coffee there that day.
Tor is open wifi, the IP of the exit node doesn't provide evidence that the person running the exit node has anything to do with the traffic.
That's why they raided his house.
> Would they raid a Starbucks if someone used Starbucks wifi to distribute CP?
Of course they would. Obviously aiming to try and catch the perpetrator in the act, but also at least to get a good look at the network configuration.
"CP came from this IP endpoint" means crime is being committed using this network. It's perfectly reasonable for them to go and investigate. And as others point out, them knowing how Tor works makes no difference - otherwise people making/distributing CP would host their own exit nodes with the sole purpose of being able to point them out to police and tell that CP it's not their traffic.
They didn't jailed him, they checked if he is in fact involved - and finding no additional evidence, left him in peace.
What they (Seattle Police Department) claim to have was a tip, from 4chan, filtered through a national clearinghouse, that about seven weeks prior someone had allegedly transferred to 4chan a video of an unidentified woman abusing an unidentified child in an unknown location at an unknown time, allegedly from an IP address that they discovered was assigned by an ISP to David and that they learned prior to the search was the exit point from an anonymizing proxy network.
SPD staff involved were familiar with Tor and thus knew that there was no more reason to suspect David--an outspoken critic of their public surveillance programs and other privacy-invading programs--of uploading the evidence of some woman's crime to 4chan than to suspect any of the many thousands of users of the Tor network of such. This was pure harassment.
Although my view won't be popular, running an exit mode and having to deal with this is not a smart thing to do. What is the upside vs. having to deal with this type of raid and perhaps police who are not so accommodating at some point? Why draw attention to yourself in this way? Also assumes that some rogue cop won't plant something on your device if it does get hauled away. Seems dangerous the way I see it.
IANAL but I sincerely hope one would not be compelled to unlock their device only in the presence of a police officer and prohibited from having a camera, lawyer, witness, judge, internal affairs officer, etc. present.
They don't need to have SWAT no-knock the place. They don't need to seize and confiscate everything and make it very hard to recover. They don't need to handcuff anyone. They don't need to act like smug assholes. Etc.
Not exactly a best case.
Basically a small tool that runs hidden and allows remote keylogging, upload and download of files, screen capture, etc.
https://en.wikipedia.org/wiki/DarkComet is a good example of a free one.
It'd probably be safer still setup a nonprofit group to own and run the exit node(s).
Wouldn't it be more effective to simply use Tor as intended with somebody else hosting the exit node?
But that's just my guess. Perhaps somebody should ask @snowden.
Allowing any random person to forward mail through your address may not end up well for you either, but I think people are more willing to accept that they've opened themselves up to the liability in that case.
I have seen no reporting--not even in Detective Daljit Gill's affidavit in support of her application for search warrant (which I've read)--that police observed any violation of law related to the search. They claim to have received a tip, from 4chan, filtered through a national clearinghouse, that about seven weeks prior someone had allegedly transferred to 4chan a video of an unidentified woman abusing an unidentified child in an unknown location at an unknown time, allegedly from an IP address that they discovered was assigned by an ISP to David and that they learned prior to the search was the exit point from an anonymizing proxy network.
The point is not whether he was responsible for the child porn traffic, but whether they have an obligation to investigate, and I think they do. In this case, that means a raid, since it's an individual and not a business (a business would likely have people that would speak out, and individual mean that if he's guilty, there's no reason for him to incriminate himself). Even so, raids on businesses happen as well, when there is a belief a evidence might be destroyed.
That is, I'll amend my earlier statement. If the police have been notified about a law being broken, it's within acceptable behavior to follow up on that tip.
In this case, while inmy eyes the existence of a TOR exit node might reduce the likelihood that the person running it was responsible for the traffic, it also raises the likelihood that the traffic existed in the first place in my opinion. That puts the police in an interesting position, in that depending on how they weight those items, they may decide to investigate further.
In any case, I think my point stands, which is that when you make yourself responsible for delivering other people's traffic without oversight, you are increasing the chance that something problematic may result. Thinking it should have no effect on you is unrealistic.
Sure, the package could have been injected by somebody at the FedEx depot, but there is no evidence of such, and thus no cause for search.
A business with multiple employees is not the same as an individual when investigating a crime, depending on whether you think it's likely that they are colluding.
The traffic of the suspect and TOR was mingled, therefor it is not possible to say whether the offending traffic was from TOR or the suspect. If it was from the suspect, there could have been traces on his systems.
A low probability is not the same as no possibility, and there was a possibility he was trading in child pornography. Your threshold for how high that probability should be compared to the investigating officers, or their superiors, may differ. At this point, it's subjective, which is what I was getting at in my prior comment.
In any case, this is irrelevant to my original point, which I already clarified in my prior comment. But to address what may have been your intent, yes, I believe that a package forwarding service may have some problems with the police from time to time. It may not be to the level you describe, but my point clearly does not require that.
To put it plainly, if you in any way enable illegal activity, even unknowingly, it's not entirely unexpected that at times you may face increased scrutiny, or legal misunderstandings. For the suspect in this case to say he "shouldn't have to" is not realistic. That would allow a de-facto smokescreen for real criminals to hide behind.
Yes, of course, they may. Police act in unethical or even unlawful manners from time to time. At question is not whether judges may warrant searches by police that they should not warrant, it is whether those searches should be warranted.
A fourth-party tip relayed through a third party about someone allegedly transferring via a computer network that provides locational privacy a file that apparently contains evidence of crime committed by an unidentified person in an unknown place at an unknown time is not any indication that the operator of the machine from which the file exited the anonymizing network onto the open Internet is party to any crime, whether that operator performs the service for fee, for free, at a commercial property, or at a residential property, as an individual, or as part of a group.
No they don't. They didn't investigate the ISP, or the ISP's ISP, did they?
https://blog.torproject.org/running-exit-node
Also, how risky would it be to host an exit node that is HTTPS only?
That might not be much in the way of concrete evidence, but if your exit node is hitting carder forums all day long it might be enough for them to still knock on your door.
0: https://theintercept.com/2016/03/30/fbi-honeypot-ensnares-mi...
1: http://www.techworm.net/2016/01/fbi-child-porn-sexually-expl...
(IANAL!)
You never corporate with the police. It doesn't matter if you're innocent. It doesn't matter if you're guilty. The police are not your friends. They are not there to help you. They don't give a shit about you. Never comply with police. Never consent to a search. They had a warrant in this case so it wouldn't have mattered, but he still shouldn't have consented. He should have never given them his passwords. He should have waited for a lawyer. He made so many mistakes that I'm surprised he isn't in jail for incompetence.
https://www.youtube.com/watch?v=6wXkI4t7nuc
I really want to encourage you to read the following: https://www.eff.org/issues/know-your-rights
They need to keep doing what they have been doing with the recent FBI case and bringing these things out into the public's view. There is far too many things happening to subvert our privacy that we know nothing about...
I'd rather not deal with the police at all, in any capacity.
If I ever get the balls to host an exit node myself, I'd likely only allow port 22. Even allowing 443 seems a bit risky after reading this.
https://www.eff.org/pages/what-tor-relay
You could certainly, for example, redirect HTTP traffic through the Internet Watch Foundations child-porn filters, if you had the connections.
At the time, we couldn't find anyone who had even heard of Tor (not to say there weren't lots of people who were familiar, just that we didn't find any of them), let alone thought through the implications of someone running an exit node so I find it interesting that they didn't just seize all of his equipment. Based on my experience, I would not have predicted such an "artful" search, to use words from the article, even just a couple years ago.
In fact, I should probably build a "invalidate every credential I have on all my computers and accounts" checklist. That and a tested backup strategy.
I can't tell if the detective is a moron or just really hoping to induce a pedophile
This guy gave up the password & now doesn't trust what they did to his systems. He has to get rid of them now? This is no different if they took his computers away without knowing his passwords.
What if this guys was working with the police all along. Now some guy decides to give away his password to the police so they can check his computer? Sounds fucking suspicious to me. I guess they are testing the waters to see if other TOR node exit maintainers are going to do the same.
Listen up! Never give your password out. Encrypt your systems & keep them separated if you are running a TOR node. Let them take your systems, because you will have to trash them anyway if you grant them access.
Tor exit nodes in the PNW are a very bad idea.
Running an exit node as an individual is going to be a dicey proposition.
When the police interviewed him and admitted they _knew_ what a Tor exit node was, and that he was unlikely to be responsible for the traffic. But they did want him to know that running a Tor exit node makes their life harder, and would land him in this sort of trouble.
(I can't remember the exact words he reported, but it was outright intimidation).
Would they bring around cocaine or a gun from another scene? I'm assuming the police officer is exempt from distributing child porn as long as he's accusing of something before showing it.
Then they would probably want to compare the image itself if it was detected on the harddrive, instead of relying purely on the file hash.
That was not the case. They were authorized by warrant to search for the following, which I transcribed from a copy of the affidavit in support of application for warrant:
A. Personal computer hardware to include, the computer system case with internal components, motherboard, CPU, memory, etc., internal and peripheral storage devices (such as fixed disks, external hard disks, floppy disk drives and diskettes, tape drives and tapes, zip drives, optical storage devices, transistor-like binary devices, video cameras, digital cameras, cell phones, and any other memory storage devices); peripheral input/output devices (such as keyboards, mouse/track ball/pad, video display monitor); and all related cables, power cords and connections, RAM or ROM units or CD ROM; as well as any devices, mechanisms, or parts that cat be used to restrict access to computer hardware (such as physical keys and locks).
B. Computer software applications used by the computer system and any related components.
C. Computer-related documentation that explains or illustrates how to configure or use the computer hardware, software, or other related items/devices. The documentation consists of written, recorded, printed, or electronically stored material.
D. Computer-related passwords and other data security devices designed to restrict access or hide computer software, documentation, or data.
E. Digital data that may be kept on any computer related storage device listed in 'A' above. The specific data will be (or will contain or incorporate) digital video and/or image files depicting minors engaged in sexually explicit conduct, any digital data related to the trading or exchange of depictions of minors engaged in sexually explicit conduct, and any digital "user attribution" evidence to include, but not limited to, registry information, configuration files, user profiles, e-mail, e-mail address books, "chat," instant messaging logs, photographs, and correspondence (and the data associated with the foregoing, such as file creation and last accessed dates) that may be evidence of who used or controlled hte computer or storage medium at a relevant time.
F. Photographs of the interior and exterior of the listed residence.
G. Papers showing dominion and control.
H. Any other evidence of the crimes of RCW 9.68A.070, to include but not limited to videotapes, books, magazines, catalogs, photographs, film, diaries, or other documents pertaining to the possession or dealing of child pornography, to include printed material documenting any communication with other persons regarding the trading or exchange of depictions of minors engaged in sexually explicit conduct.
How many bytes do I need? In the countries that have laws against cartoons, can I make an illegal favicon? Can I design a neural network which generates illegal favicons?
More seriously, criminalizing data is a terrible, terrible idea, simply because it provides a backdoor into the justice system.