William was raided for running a Tor exit node. Please help if

Owen DeLong owen at delong.com
Wed Dec 5 09:22:16 UTC 2012


On Dec 5, 2012, at 12:38 AM, Jimmy Hess <mysidia at gmail.com> wrote:

> On 12/5/12, Jutta Zalud <ju at netzwerklabor.at> wrote:
>> Technically you are right. But then: what is the difference to ISPs?
>> They offer routing- and DNS- and mail- and other services on
>> various infrastructure.
> 
> ISPs typically have a customer.    They know their customer, they
> retain  sufficient information to identify  their customer,  such as
> name, billing address, physical location,  telephone number,  and have
> a signed agreement to provide the service.
> They collect consideration from their customer; usually in the form of cash.
> 

What if it's a free open wireless ISP where all you have to do is click
an assent to a basic TOS agreement?

What if it's a free open wireless ISP (such as any Apple store) where
all you have to do is get within range and connect? No contract or
click-thru at all?

> The customer of an ISP is normally expected to adhere to some sort of
> AUP or TOU,  providing terms of their use of the service.   Typically
> including some provisions,  such as  'customer is responsible for
> activities that are performed while dialed into their account', 'no
> illegal activities',   '  no sending spam',  conducting other network
> abuses.
> 

In many cases, but not all. However I do have to wonder what makes you
think a civil contract would be a deterrent to someone willing to
commit a criminal act?

> For consumer ISPs,  sometimes activities such as running internet
> servers, reselling,  or  providing ISP access to 3rd parties,  might
> be restricted
> (restrictions incompatible with running a TOR exit node on that service).
> 

But such restrictions are not all that common and aren't particularly
relevant to this discussion.

> An end user operating a TOR exit node, or  wide open Wireless AP,
> intentionally allows other people to connect  to their infrastructure
> and the internet  whom  they have no relationship with or prior
> dealings with, in spite of the possibility of network abuse or illegal
> activities,    they choose to allow connectivity  without  first
> gathering  information  required to hold the 3rd party responsible for
> their activity.

I find it amusing that you feel the need to continuously repeat "an
end user operating a TOR exit node." Is there some reason that it makes
a difference whether the entity operating the TOR exit node or open
Wireless AP is an end user or an ISP? Of course, I would argue that
operating an open Wireless AP or a TOR node makes you a form of ISP
whether you recognize the fact or not.

> An intentional "anonymizer" which is in contrast to what an ISP does.
> The operator of an ordinary anonymizer service is subject to the
> possibility of court-ordered intercept  upon future use.

So is the operator of a TOR node. The primary difference being that
TOR is specifically engineered to make such an intercept virtually
useless. So it seems your real criticism here is simply that TOR
is a more effective anonymizer.

> If the operator of the Tor node believes that criminal intent is the
> most likely use of the TOR exit node.    the degree of intentional
> ignorance might be considered so severe,   that it becomes a situation
> in which they are considered culpable.

This assumes a whole lot of facts not in evidence. If I were to put
up a TOR exit node, I would assume that the most likely intent would
be free speech which is not illegal in my jurisdiction. I don't
consider that I am responsible for the myriad jurisdictions that
may exist at the entry and/or transit points prior to reaching
said exit node.

Do you have any data to support your conclusion that criminal intent is
the most likely use of TOR exit nodes?

> E.g.  the Tor exit node operator might possibly be considered an
> accessory, to the activity occuring on their node,  that they are
> harboring / allowing to occur anonymously.

Very hard to prove that intent beyond a reasonable doubt in my opinion.

> Not to say  whether Tor node operators are possibly guilty of anything or not.
> But they are definitely different from ISPs  in  a number of important ways.

You have yet to show one yet. You've shown how they're different from some
ISPs, but there are many ISPs operating today which don't fit your model
of what constitutes an ISP, so I remain unconvinced.

I'm further unconvinced that your proposed distinctions are actually
meaningful from a legal perspective. Perhaps the lawyer that chimed
in earlier will come back and address this question.

> Any similarity between Open AP/Tor Exit node operator and ISP   are
> highly superficial.

I guess this depends almost entirely on what properties it is that
you believe define an ISP.

Given the number of ISPs that don't have customers, don't collect
data on their customers, and operate free open public access networks,
I don't think that the properties you suggest above can be used in
said definition.

As I said, given that Apple Computer operates such networks quite
intentionally in all of their stores as well as within range of the
Apple campus in Cupertino, I think you'd be hard pressed to claim
that these are strictly some small fringe exceptions.

To me, an ISP is defined by the fact that they provide packet forwarding
service(s) to some group of external parties.

By that definition, I cannot make any legitimate claim that any of
the following are not ISPs:
	TOR Exit nodes
	Tunnel Brokers
	6to4 gateways/servers
	Teredo gateways/servers
	Access networks
	Datacenters
	Universities (in most cases)
	etc.

So… You claim that those similarities are superficial…What are the deeply
meaningful differences that apply across the board to all ISPs?

Owen




More information about the NANOG mailing list