[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: What will happen to Tor after the new German data retention law takes effect?

Ringo Kamens wrote:
> If it's a 500,000 OR Jail time, then we could organize a defense fund

On Thu, Jun 14, 2007 at 07:51:11AM -0500, Arrakis wrote:
> Expect crickets. The fines will be 500,000 Euro + 2 years prison for

Actually it is a up to 500k EURO fine for the company/organisation and
additionally up to 1 year in prison for the directors/managers of the

On 6/14/07, Eugen Leitl <eugen@xxxxxxxxx> wrote:
> For providers failing to comply, I would think. Not for small-time
> amateurs like us. But, I don't want to find this out the hard way,
> in person.

The law says "anyone providing telecommunication services to the public".
There is no mention of organisational form, number of users, profit
motive or anything else.
From the current law proposal standpoint every Tor node operator will
have to comply to the law or face charges.

On Thu, Jun 14, 2007 at 01:23:30AM -0700, JT wrote:
> Just connection data, not routed data. Rather useless, unless you have
> all logs from all nodes in the mix cascade, and captured the
> terminating
> stream from an exit server in cleartext.

Law says any change of connection data (replacing IP/Port) has to be
logged in conjunction with the old connection. So you would have a list
of IP/port (original) and IP/Port (new). Depending on the multiplexing
of the Tor connections that _could_ lead to a connection being
traceable. Furthermore it does not does not fully specify what
"connection data" is. I am pretty sure that they will claim that streams
have to be identified. In that case even the multiplexing wont help us
anymore. An additional problem could be when they define Tor as being
_one_ service and not something provided by many service_s_. In that
case there would be some end-to-end logging that they require.
The bureaucrats comments of the law proposal are pretty telling and it
seems like they want all the tools for total oppression.

One thing however that could help us is that the logging requirements
don't seem to affect every kind of traffic but only certain types
(Web,Mail,Voip). If they forget to put Tor in the list specifically it
could create a loophole for us.