[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] William was raided for running a Tor exit node. Please help if you can.

I might be reading this the wrong way but it looked to me like the cops
raided his home and the Tor server is hosted off site with an ISP.  That
is what is bugging me so much.  The cops raided his house, not the
location of the server.  If they had tracked the server by its IP it
would have led to the hoster, not his home.  They could have gotten his
address as the account holder but the ISP would have known that the Tor
server was at their site not his home.  The IP would not track to his
residence.  Something is not the full story here or I am misreading his

I have seen some of the warrants due to child porn cases.  They tend to
be very sweeping and usually specify recordable media and data
processing equipment.  That is admittedly broad but the cops usually do
not have forensic computer guys on site so they try to grab it all.  It
is not right but that is how it currently works.  Anything else requires
the expertise on site to search the equipment where it is.  Most cops
don't know a PC from a router, from a switch.  It all goes.

Steven Naslund

-----Original Message-----
From: William Herrin [mailto:bill@xxxxxxxxx] 
Sent: Friday, November 30, 2012 4:21 PM
To: Jimmy Hess
Cc: NANOG list
Subject: Re: William was raided for running a Tor exit node. Please help
if you can.

On Fri, Nov 30, 2012 at 4:46 PM, Jimmy Hess <mysidia@xxxxxxxxx> wrote:
> On 11/29/12, William Herrin <bill@xxxxxxxxx> wrote:
>> If the computer at IP:port:timestamp transmitted child porn, a 
>> warrant for "all computers" is also too broad. "Computers which use 
>> said IP
> As you know, there may always be some uncertainty about which computer

> was using a certain IP address at a certain time --  the computer
> assigned that address might have been off,  with a   deviant

Or more likely behind a NAT device where the address which presents is
the NAT device. But the police won't know that until they search.
Until they search they have no factual basis for the presumptions either
that more than one computer was associated with the activity or that it
isn't possible to readily identify which computer was involved. That Tor
node was probably on a static IP address and was probably  on the same
static IP address at the time of the alleged activity.

"Reasonable suspicion" doesn't mean Bob thinks you did it, it means that
there's a trail of facts which lead *directly* to the evidence you seek
permission to seize. The trail to child porn doesn't include the right
to seize the stack of John Denver music and while it might include the
right to search the shelf of DVDs it doesn't include the right to seize
the ones produced by Disney. The right to search your computer and the
right to seize it are not at all the same thing.

Practically speaking, right now the police are going to seize all your
computers. But keep watching. Some time in the next decade or two
warrants will start to get quashed for failing to specify (by
parameters) *which* computer they were looking for. As computers become
more central to our lives it will probably come out that they have the
right to duplicate your hard drives and other read/write media but don't
have a right to take the originals unless they observe warrant-covered
material *on* the computer while searching.

Bill Herrin

William D. Herrin ................ herrin@xxxxxxxxxxxx  bill@xxxxxxxxx
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

tor-talk mailing list