You are correct about most people not falling under CALEA. That also means that they do not have the "safe harbor" provisions provided to facilities based providers (however an open wireless hotspot MIGHT just make you a wireless facilities based provider). You are not under an obligation to provide data under CALEA but a court can order you collect that data going forward, allow LE to tap a device, or just seize the server to study it anytime they feel you may have evidence of a crime. A court can seize almost anything from anyone as long as a judge thinks it is a reasonable search and seizure. If you provide someone with any kind of tools or services (free or not) you are opening yourself up to a liability. If you are in physical possession of a server that contains kiddie porn you are likely to go to jail. I am not saying this Tor server has data like that onboard (but I suppose there could be caches, temp files, and such) but they are going to look until they understand it. You may very well be able to defend your right to a Tor server but it is certainly going to cost you a lot of money and I am sure it is going to be uncomfortable to explain why you want to have one to a judge when LE explains all the evil uses for one. When it comes to running an open access point, I think the legal issue would be negligence. Is it negligence for the 90 year old grandma to have an open AP (probably not, just didn't know better)? Is it negligence for me to have an open AP (probably, I am a network professional and know how to secure a network). As a long time service provider I can tell you that a lot of CALEA enforcement has to do with good faith more than the letter of the law. If your policy is to delete logs after 30 days and the cops show up on day 31, no big deal. If they show up at day 5 and you say you dump your logs at day 4, expect to get grilled. They can tell real quick if you are cooperating to the best of your ability. In the early Internet days, before the CALEA applied to ISPs I had to try to work with LE to comply with court orders and often we explained the technology and limitations of it to the FBI. We were even involved in expert testimony to explain how this "Internet Stuff" worked. Often we did not have the data they wanted but there were ways to get it for an ongoing investigation. Our policy was to not provide specific data without a court order but we would begin collecting it as soon as a LE agent told us they were going to try to obtain it. It was just a professional courtesy to them. I know there is a big counter-culture, no big brother, no regulation attitude toward a lot of Internet issues but I have seen some sick cases involving emailed threats (later carried out) and kids that made me give the law the benefit of the doubt in a lot of cases. There are lots of evil people out there and the Internet is a big tool for them. I have no statistics to back this up (and no one probably does) but with my many years of experience in engineering ARPANET, MILNET, and the Internet I would have to guess that most Tor servers are used for no good much more than they are protecting anyone's privacy. I am guessing that a ton of the Tor traffic is likely to be BitTorrent that is just as likely copyrighted material. That does not mean that Tor or BitTorrent is evil but as network professionals we all know (wink, wink) what that kind of stuff is really mainly used for. That probably does not affect your legal rights to have a Tor server but certainly affects my decision to donate to your defense if you get in a legal case. This is certainly an interesting discussion and I think there are not a lot of concrete answers since this is on the edge of technology law. I do think history shows us that while the government lags behind, they will eventually find a way to control this if it suits them and becomes a source of pain for them. Done with this subject, sorry for the long windedness Steven Naslund -----Original Message----- From: George Herbert [mailto:george.herbert@gmail.com] Sent: Thursday, November 29, 2012 2:53 PM To: Naslund, Steve Cc: NANOG Subject: Re: William was raided for running a Tor exit node. Please help if you can. On Thu, Nov 29, 2012 at 12:42 PM, Naslund, Steve <SNaslund@medline.com> wrote:
The entire point of Tor is to be untraceable back to the source. Egress filters can prevent future abuse but do not provide for tracing
back to the original source of offending conduct. They are not trying to stop the flow of the data in this case, they want the source in jail. If law enforcement comes to you and asks you to show them the source or destination on a case like the one in question, you cannot comply and if law enforcement asks you to trap this data in the future
you will also have a problem complying because I think you cannot identify the original source.
If you run an open wireless access point and don't log MACs / MAC to IP DHCP assignments, you are in similar straights. If they come to you 31 days after the data flow and you retain logs for 30, you are in similar straights. If someone faked their wireless MAC and the data in your log is not definitive, everyone's stymied. If someone went into a Library and used an open access computer, there's often no log of who / when. The assertion being made here, that it's somehow illegal (or immoral, or scary) for there to be not-completely-traceable internet access in the US, is absurd. CALEA doesn't say what you're asserting. From the First Report and Order: "24. In this section, we find that facilities-based providers of any type of broadband Internet access service, including but not limited to wireline, cable modem, satellite, wireless, fixed wireless, and broadband access via powerline are subject to CALEA" ( http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-05-153A1.pdf ) If you're not a facilities-based provider, you aren't covered. -- -george william herbert george.herbert@gmail.com