The entire point of Tor is to be untraceable back to the source. Egress filters can prevent future abuse but do not provide for tracing back to the original source of offending conduct. They are not trying to stop the flow of the data in this case, they want the source in jail. If law enforcement comes to you and asks you to show them the source or destination on a case like the one in question, you cannot comply and if law enforcement asks you to trap this data in the future you will also have a problem complying because I think you cannot identify the original source. You ARE providing a network if you are running a Tor exit node just the same as someone who builds a MPLS VPN would be responsible for responding to law enforcement requests for data inside the secure network. A licensed LEC and CLEC has very specific requirements in terms of CALEA and DCMA. It is not something they optionally comply with. An ISP that does not respond to CALEA and DCMA can become liable for events that happen after their non-response. Their "safe harbor" protection ends the moment they do not act in good faith to comply with the law. Even a small ISP that does not own their own network can be subpoenaed to provide logs, sniffer traces, and file dumps from any system they own. I know this for a fact and have provided this data under court orders. CALEA applies just as well to servers and data as it does to the communication circuits themselves. If you have a server on the network, it has a communications circuit into it and you can be required to provide access to that circuit. You can also be required to tap email accounts or data directories as well. This data may not fall strictly under CALEA but a court order can compel you to provide any data you are in possession of. That is why law enforcement can grab a server or PC. ISPs and carriers are often given the benefit of the doubt and law enforcement accepts copies of data they want. If they view you as an adversary or have any inclination of hiding data, they will seize the machine. If they view a Tor exit node owner as an accessory, they are not going to be nicey nice about it. The main problem with Tor is that it purposefully attempts to make this data obscure which could be construed as obstruction. As far as US law enforcement attitudes on Tor, those can and will change as the government sees fit. It is all a matter of the "greater good" in their eyes and whether they think the fight is worthwhile. You better believe that as soon as it becomes a "national security threat" it is coming down. Steven Naslund -----Original Message----- From: George Herbert [mailto:george.herbert@gmail.com] Sent: Thursday, November 29, 2012 2:14 PM To: Naslund, Steve Cc: NANOG Subject: Re: William was raided for running a Tor exit node. Please help if you can. On Thu, Nov 29, 2012 at 12:00 PM, Naslund, Steve <SNaslund@medline.com> wrote:
ISPs also do not "allow strangers to do whatever they want" ISPs have
responsibilities to act on DCMA notices and CALEA requests from law enforcement. These are things that Tor exit nodes are not capable of doing. If you were an ISP and could not respond to CALEA requests, you will find yourself out of business in a big hurry.
Sure, Tor exit nodes are 'capable of doing' those things if a report is generated that someone's using it to source child porn or terrorist communications or DMCA violations. At the most extreme the owner can shut down a node; they might also put egress filters in place pursuant to notifications. Plenty of small ISPs in one sense or another don't comply with CALEA because they own systems not networks (open access sites, etc). CALEA goes to the network providers in those cases, as I understand it. The Tor owner also might chose to fight it and leave it completely open, but an ISP might chose to do that in response to certain notices as well. This presumes that law enforcement deems them the right place to go investigating an incident, and notifies them. But if they seem to be aware of what Tor is in the US and be generally reasonable in responding to issues with it, that I know of. -- -george william herbert george.herbert@gmail.com