William was raided for running a Tor exit node. Please help if you can.

Thu Nov 29 19:34:33 UTC 2012

Not sure if there is a legal precedent for this, but logically the
difference is that there are no robots that I know of that can automatically
receive and parse postal mail, then re-address and forward it.  For a human
to forward a letter takes a conscious manual action, even if they choose not
to look inside.

Having a Tor node for no specific purpose, having a hacked server/pc that is
then compromised for some nefarious purpose, etc. are not necessarily
purposeful actions that one could be held accountable for without other
proof.  I'd think the LEA would have to establish motive, like in any other
crime, to make that jump.  Perhaps in this case they believe they have, and
that would end up in the courts, where you'd have to hope the Judge and or
Jury sees that difference.

Don't see this as very different either from when an agency confiscates a
whole rack of shared servers because one user was suspected of some bad
action, and we all know that does happen.

-Scott 

-----Original Message-----
From: Naslund, Steve [mailto:SNaslund at medline.com] 
Sent: Thursday, November 29, 2012 2:07 PM
To: nanog at nanog.org
Subject: RE: William was raided for running a Tor exit node. Please help if
you can.

How would this be legally different than receiving the illegal content in an
envelope and anonymously forwarding the envelope via the post office?  I am
pretty sure you are still liable since you were the sender.  I realize that
there are special postal regulations but I think that agreeing to forward
anything for anyone sight unseen is pretty risky and I think you will have a
hard time pulling of the "service provider" defense if you are not selling
services and are not licensed as a carrier.

Steven Naslund

-----Original Message-----
From: Patrick W. Gilmore [mailto:patrick at ianai.net]
Sent: Thursday, November 29, 2012 10:45 AM
To: NANOG list
Subject: Re: William was raided for running a Tor exit node. Please help if
you can.

On Nov 29, 2012, at 11:17 , Barry Shein <bzs at world.std.com> wrote:

> Back in the early days of the public internet we didn't require any 
> id to create an account, just that you found a way to pay us. We had 
> anonymous accts some of whom dropped by personally to pay their bill, 
> some said hello but I usually didn't know their names and that's how 
> they wanted it, I'd answer "hello <ACCOUNT>", whatever their login was

> if I recognized them. Some mailed in something, a mail order, even 
> currency tho that was rare but it did happen, or had someone else drop

> by to pay in cash (that is, no idea if they were local.)
> 
> LEO occasionally served a warrant for information, usually child porn 
> biz (more than just accessing child porn, selling it) tho I don't 
> remember any anonymous accts being involved.

"Mere conduit" defense.  (Please do not anyone mention "common carrier
status" or the like, ISPs are _not_ common carriers.)

> I never expected to be held accountable for anyone's behavior unless I

> was knowingly involved somehow (just the usual caveat.) LEO never 
> showed any particular interest in the fact that we were ok with 
> anonymous accounts. If I was made aware of illegal activities we'd 
> shut them off, didn't really happen much, maybe some credible 
> "hacking" complaint on occasion.

How do you "shut off" a Tor "account"?

> It's funny, it's all illusion like show business. It's not hard to set

> up anonymous service, crap, just drop in at any wi-fi hotspot, many 
> just ask you to click that you accept their T&Cs and you're on. Would 
> they raid them, I was just using one at a major hospital this week 
> that was just like that, if someone used that for child porn etc? But 
> I guess stick your nose out and say you're specifically offering anon 
> accts and watch out I guess.

Do you think if the police found out child pr0n was being served from a
starbux they wouldn't confiscate the equipment from that store?

--
TTFN,
patrick