Library Suspends Tor Node After DHS Intimidation (EFF DeepLinks)
The Electronic Frontier Foundation (EFF) is running a story
on its DeepLinks blog that the Kilton Public Library in Lebanon, New
Hampshire has suspended its Tor node deployment—at least
temporarily—due to criticism by the local police department (we
covered the launch of the Kilton
library's Tor node in August). The EFF post says that the criticism
originated when "a regional
Department of Homeland Security office contacted the local police
to spread fear, uncertainty, and doubt about Tor. The police got in
touch with the library board, who suspended the program until they
could vote on it on September 15.
" The EFF has set up a page
at which interested parties can sign a petition showing support for
the library, and has written its own letter of support to the Lebanon
library board. The Library Freedom Project, which is handling the
details of running Kilton's Tor node, has also written
about the incident and promises further updates after the library
board meeting.
Posted Sep 12, 2015 19:50 UTC (Sat)
by Garak (guest, #99377)
[Link] (37 responses)
Posted Sep 12, 2015 21:57 UTC (Sat)
by ianmcc (subscriber, #88379)
[Link] (31 responses)
Posted Sep 13, 2015 1:13 UTC (Sun)
by Garak (guest, #99377)
[Link] (1 responses)
Posted Sep 14, 2015 16:41 UTC (Mon)
by smckay (guest, #103253)
[Link]
Posted Sep 13, 2015 15:13 UTC (Sun)
by scientes (guest, #83068)
[Link] (28 responses)
Posted Sep 14, 2015 15:11 UTC (Mon)
by drag (guest, #31333)
[Link] (27 responses)
The idea that this will somehow translate having the Federal government work to undermine it's own efforts to monitor and control the internet does not seem logically consistent.
Posted Sep 14, 2015 17:16 UTC (Mon)
by davidstrauss (guest, #85867)
[Link]
Posted Sep 15, 2015 19:13 UTC (Tue)
by Garak (guest, #99377)
[Link] (25 responses)
> (ARS) “The Supreme Court has repeatedly cautioned that common carriers do not share the free speech rights of broadcasters, newspapers, or others engaged in First Amendment activity,” the FCC said in its filing yesterday.
[1] http://arstechnica.com/tech-policy/2015/09/isps-dont-have...
This is literally about a court case of whether or not ISPs are allowed to willy nilly edit/spoof your traffic to their hearts desire. This is literally about the heart of the internet - Free Speech.
Posted Sep 15, 2015 20:36 UTC (Tue)
by Wol (subscriber, #4433)
[Link]
Or about the ability of the internet to actually function as designed !!!
Some router manufacturer designed their system to insert ads into web pages. They were found out, not least because a customer was running some system over http, and the inserted ads were corrupting the data going between sites ...
Cheers,
Posted Sep 15, 2015 22:26 UTC (Tue)
by dlang (guest, #313)
[Link] (23 responses)
If they are a common carrier, they cannot tamper with the data in transit, but they are not liable for it either.
If they are not a common carrier, they can tamper with 'their' data, but that also means that they are liable for 'their' data.
I don't think it would take more than a few private lawsuits for them to decide that they preferred to be common carriers :-)
Posted Sep 15, 2015 23:24 UTC (Tue)
by nybble41 (subscriber, #55106)
[Link] (22 responses)
Under what legal theory would you consider ISPs liable for data which they did not originate and which they have no knowledge of? Regardless of common carrier status, it is not reasonable to expect ISPs to know about all the data being carried over their network, or to expect them to exercise editorial control over it. Modifying data in transit according to some automated rules is far simpler than actively monitoring all the traffic to detect "bad" communications. ISPs should not be forced to agree to common carrier restrictions merely to avoid liability which isn't properly theirs to begin with.
Posted Sep 16, 2015 0:07 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (14 responses)
If they want to be able to exercise their First Amendment rights, then they most definitely should get all the _obligations_ that come with it.
Posted Sep 16, 2015 1:35 UTC (Wed)
by Garak (guest, #99377)
[Link] (12 responses)
I would hope that doesn't extend to the case of some person taking criminal measures to get that content on your computer. Certainly the stereotype of the corrupt cop planting a bag of cocaine on a suspect has a clear parallel with a corrupt nsa deconfliction officer planting child porn on your computer using some zero day exploit.
> > Under what legal theory would you consider ISPs liable for data which they did not originate and which they have no knowledge of?
I would personally liken it to the hypothetical situation of a talk show radio guest screaming about a fire in a particular theatre they knew used the station as muzak, and thus fraudulently start a possibly fatal panic/stampede. One can imagine the police an hour later knocking on the door of the radio station owner who was asleep during those hours and had no knowledge of that communication (data). Then I would hope that legally it mattered an aweful lot weather or not this was the first time this sort of undesired death/damage happened in that sort of way, or weather this was the 10th such instance in the state this month. This is why I find a recent article[1] on theintercept.com about criminal statistics related to encryption so critically relevent to this debate.
> (TheIntercept) “I will be the first person to tell you that we’ve done a really bad job collecting empirical data. We need to do a much better job of that,” said Amy Hess, the FBI’s assistant executive director of science and technology, at an encryption debate hosted by Passcode, a new security and privacy blog from the Christian Science Monitor.
[1] https://theintercept.com/2015/09/15/fbi-keeps-telling-pur...
My bottom line is that statistics matter. A truly informed polity(?/democracy) matters. And it is inexusable that in the 2015th year since Jesus, the FBI can get away with saying shit like that and not fear losing their jobs instantaneously. But yeah, Snowden...
Posted Sep 16, 2015 2:05 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (11 responses)
Posted Sep 16, 2015 2:49 UTC (Wed)
by Garak (guest, #99377)
[Link] (6 responses)
Posted Sep 16, 2015 4:06 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (5 responses)
A non-computer analogy - if somebody stores an obviously stolen goods (or drugs) on your property, you HAVE to notify police when you find them. Simply removing them from your property will make you an accomplice to the crime. And the burden of proof will be on _you_ to prove that you didn't know about the provenance or nature of the questionable goods.
Posted Sep 16, 2015 4:52 UTC (Wed)
by Garak (guest, #99377)
[Link] (4 responses)
I'm pretty sure the burden of proof is the other way. Innocent until _proven_ guilty and all that. And the analogy you used should have perhaps involved drugs hidden in a false rock on your property. Sort of like the hundreds of .zip attachments from unknown email senders I have lying around my digital yard that I've never bothered to pick up and look underneath or inside. Sure, if I saw child porn sent to me, I'd contact the police. I actually am pretty sure I have contacted the police about several similar crimes (at least a persistent unexplained deluge of thousands of spam emails forged with one of my several domains). The FBI never got back to me about it. I figure they have any issues with my internet traffic well under their control.
Posted Sep 16, 2015 6:07 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (3 responses)
> And the analogy you used should have perhaps involved drugs hidden in a false rock on your property. Sort of like the hundreds of .zip attachments from unknown email senders I have lying around my digital yard that I've never bothered to pick up and look underneath or inside.
Posted Sep 16, 2015 16:42 UTC (Wed)
by Garak (guest, #99377)
[Link] (2 responses)
Sorry to burst your philosophical bubble, but it doesn't take any action to make anyone's land easy to be used as a hiding place for drugged rocks. What you are really failing to admit to the debate is how overreaching laws have been used to persecute large numbers of people for a very long time.
Though the debate is worthwhile. In fact here, it is important to consider the size of the false rocks. Now if boulders have been randomly appearing and disappearing from your yard regularly for years with forklift tracks in the mud nearby...
However what is more interesting to the internet case, is perhaps omega particles being smuggled in 3d-printed false grains of sand, placed by mosquito sized drones in the dead of night. Surely the property owner isn't liable for not inspecting every speck of dirt on their land, even though one of the specks ... did whatever horrible thing omega particles do.
Yes, I'm being fecetious. Statistics matter FBI. I'm begging you to credibly scare me. Every last bit of your bullshit lies, half-truths (1% truths), exagerations, have not led to a situation prone to the best sorts of outcomes.
Posted Sep 16, 2015 17:46 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (1 responses)
A better case might be a car shop making hidden compartments in cars.
Posted Sep 16, 2015 18:09 UTC (Wed)
by Garak (guest, #99377)
[Link]
Posted Sep 16, 2015 19:47 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (3 responses)
> Even 'possession' crimes still require a 'guilty mind' ("mens rea" in legalspeak). However, the bar for that is set _very_ low. I.e. knowingly making it possible and easy to store illegal content on your computer is enough.
Maybe in the US. Certainly not elsewhere. If you send me an encrypted email (and "forget" to make sure I have the key) about a crime, I could go to jail for it!
Failure to provide an encryption key to the Police on demand is an offence. Lack of knowledge of the key is no defence.
We never had laws like this during the height of the IRA campaign, when people were killed fairly regularly. Why on earth have we got them now, when the "War On Terror" isn't even our own war! (and, don't forget, the IRA were funded/supplied in large measure with American money and arms :-(
Cheers,
Posted Sep 17, 2015 0:19 UTC (Thu)
by zlynx (guest, #2285)
[Link] (2 responses)
For best results fake the From headers and if the target does not have a PGP key create one and upload it to the keyservers for him.
For even better results get some freedom minded individual in the government's email IT department to do it and make sure all of the emails go into the permanent record. Assuming your government has a rule that public official's email can't be deleted.
See if you can get a media person convinced that the legislators are exchanging encrypted underage pornography or something so they can demand a police investigation.
See how long the law lasts on the books without revision.
Posted Sep 18, 2015 7:08 UTC (Fri)
by tao (subscriber, #17563)
[Link] (1 responses)
Posted Sep 18, 2015 8:01 UTC (Fri)
by jezuch (subscriber, #52988)
[Link]
Members of the government already have immunities, designed to prevent just the scenarios described by the GP.
Posted Sep 16, 2015 6:53 UTC (Wed)
by nybble41 (subscriber, #55106)
[Link]
ISPs shouldn't be any different. However, two wrongs don't make a right—neither should you be held liable for data you don't know about on your computer. While consistency is generally a good thing, especially in the application of the law, let's not achieve it by reducing everything to the worst common denominator.
Posted Sep 16, 2015 4:41 UTC (Wed)
by dlang (guest, #313)
[Link] (6 responses)
Reemmber that the ISPs are advancing the theory that they have the right to control this data (restricting it or changing it as they will) because it is "their" data.
Under the theory the ISPs are advancing, it's "their" data (they have inspected it and decided to allow it, modified or not), so why shouldn't they be liable for it's contents?
This is just like a website exercising control over the content of posts, once you are the owner of the articles, you are liable for what's in them.
Posted Sep 16, 2015 5:18 UTC (Wed)
by Garak (guest, #99377)
[Link] (5 responses)
But, but, but, what about the Fine Print you've seen on every Slashdot.org comment for the last couple decade-
"The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way."
Oh wait, I forgot, they stopped accepting AC comments submitted via Tor some time ago... (heads explode throughout the debate)
Posted Sep 16, 2015 5:35 UTC (Wed)
by dlang (guest, #313)
[Link] (1 responses)
If they want to claim that sort of ownership, I say let them, but hold them accountable for what they claim to own!
Posted Sep 16, 2015 6:06 UTC (Wed)
by Garak (guest, #99377)
[Link]
> Regardless of common carrier status, it is not reasonable to expect ISPs to know about all the data being carried over their network, or to expect them to exercise editorial control over it
we could have reminded them that in fact the legal concept of common carrier status was inextricably legally related to the concept of whether or not it is reasonable to expect ISPs to (... etc). And common carrier is also importantly about fair access to critical social infrastructure. I.e. same price for the same train shipment regardless of whether you are chronies/friends with the rail operator or not.
I'm not real optimistic about the law itself being reasonable here in the near future. We've got Snowden, Hillary's email server, and a pretty insignificant number of people who understand this stuff well enough to make good laws. I think there is going to be a certain amount of probably unavoidable cyber disasters, stupid government overreactions, eventual pendulum swings back and forth. And I'll be dust long before the law every makes any decent sense. I chose the wrong pursuit in life (server software development).
Posted Sep 17, 2015 15:17 UTC (Thu)
by spaetz (guest, #32870)
[Link] (2 responses)
> "The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way."
The fine print doesn't matter. Court rules have decided in Germany that forum hosters are responsible for conent posted and have to act in reasonable time on inappropriate content. Fine print does not get you out of this. Once ISPs start inspecting data, it is not unreasonable to demand zhe same, following the same twisted logic.
Posted Sep 18, 2015 19:08 UTC (Fri)
by lsl (subscriber, #86508)
[Link] (1 responses)
But only if they're made aware of it, right?
Posted Sep 19, 2015 0:17 UTC (Sat)
by anselm (subscriber, #2796)
[Link]
Yes, you're not required to proactively vet the stuff other people post on your site. There is still some uncertainty about the time span within which you're supposed to remove offending stuff, but the law says you only need to remove it when somebody points it out to you (or presumably if you happen across it by chance).
Posted Sep 14, 2015 14:48 UTC (Mon)
by drag (guest, #31333)
[Link] (4 responses)
The DHS and the FCC are part of the same organization.
Why would Federal communications folks fight to undermine the security apparatus of the Federal government?
It's like trying to claim that if the Microsoft Office developers would just stand up for themselves then Microsoft Windows would be free software. It doesn't make any sense.
Posted Sep 14, 2015 15:04 UTC (Mon)
by pizza (subscriber, #46)
[Link] (2 responses)
Except this particular organization is usually at odds with itself. Not just in the constitutional "checks and balances" sense; even within the executive branch there are directly conflicting (and legally-mandated) interests to juggle, often in the same department if it's large enough.
Posted Sep 14, 2015 17:30 UTC (Mon)
by drag (guest, #31333)
[Link] (1 responses)
I don't think so. In any large organization there is always a element of infighting, but that does not mean that they are not working towards the same ends.
For example, the FCC has consistently regulated the radio spectrum to protect and the interests of military and defense to the detriment of the general public's access to the airwaves.. even though protecting the interest of the public was supposed to be their reason for existence.
> Not just in the constitutional "checks and balances" sense;
The 'checks and balances' of the 3 different branches was never intended as a mechanism to have the federal government self-regulate (which is essentially what you are saying), but only to create intentional slow downs to regulations. The self-regulation built into the constitution was really that the individual states were intended to retain a great deal of their sovereignty and thus provide a political limit to the power the Federal government could wield.
The failure of these 'checks and balances' is evidenced in the existence of things like the 'Patriot Act'.
> even within the executive branch there are directly conflicting (and legally-mandated) interests to juggle, often in the same department if it's large enough.
You could have all sorts of bureaucratic processes in place, but who is going to enforcement against their own best interest and against the interests of the their own bosses? Remember that hundreds of new laws are passed every month. Many of them very poorly written and they can actually conflict with one another considerably. How the USA government is able to survive under these conditions by very simply changing how laws are interpreted and also selectively choosing which laws to enforce. All this is 'regulated' by simple political pressure. If the Federal government was required to enforce all these rules in a strict sense then it would immediately go into bureaucratic meltdown.
Regardless.. even if you interpret 'Telecommunications act of 1934' to mean that the FCC has the ability AND obligation to undermine the rest of Executive branch (a HUGE stretch; and in case anybody is curious: DHS and FCC are the same branch of government) it only protects lawful content. This is done very much on purpose to make absolutely certain that the common carrier rules can't impact the ability of the USA to regulate. So the only thing that the DHS to do is make a case that it is unlawful for libraries to provide mechanisms for members of the public to use public resources to hide their illicit activities from law enforcement and the FCC can't do jack squat. But I doubt that it will get that far.
(Unlawful doesn't mean that doing something is illegal in a general sense, but is illegal to do depending on the circumstance. Smoking cigarettes, for example, is not illegal. However it is unlawful to do it on airplane.)
Posted Sep 15, 2015 0:29 UTC (Tue)
by linuxrocks123 (subscriber, #34648)
[Link]
http://scholarship.law.wm.edu/cgi/viewcontent.cgi?article...
Posted Sep 15, 2015 1:22 UTC (Tue)
by Garak (guest, #99377)
[Link]
> The DHS and the FCC are part of the same organization.
On the ars article for this story, there is a great +200/-*0* comment that is just "DOD spends tax dollars to build Tor, DHS spends tax dollars to shut down Tor". Now, I understand the nuance of this situation being (not so) clearly brought about in these comments. But somehow my inner child still speaks to me with a naive wish for public policy that is basically comprehensible to citizens.....
> Why would Federal communications folks fight to undermine the security apparatus of the Federal government?
..... and this is precisely the kind of ass backward statement about Tor that is the natural result of the 'nuance' of the situation. This thought has a parallel thought of "Why would USG spend money developing a tool that fights to undermine the security apparatus of the Federal government". Come on. And realize the precise nuance of how I worded my comment you replied to. You haven't considered the other half of the question of why the FCC won't say that Tor is simply of a class of protocols/software that isn't protected by net neutrality, due to their ability to 'undermine the security apparatus of the Federal government' (like in some situations a handgun or simply a well aimed hammer can do). I posit the reason the FCC won't say that, is because things like Tor are actually understood by enough influential enough intellectuals as having value in protecting some of the things this nation still prides itself on valuing (free speech/press/informed democracy/etc). Note, I have read the 400 page net neutrality FCC PDF, and its *positive* discussion of Tor, contrasted with the comments here and elsewhere, truly befuddle me.
I am quite serious in that I will pay $1000USD to anyone who can get me a definitive answer from the FCC about what the 'limits' of net neutrality are in situations like this. For instance, I am fully prepared to limit myself to running Tor on systems with a root ssh account whose key I have given to the FBI. That should eliminate all this Tor is only for terrorists bulls#it. But I need to know as an innovator what the fscking rules of the net neutrality game are. Seriously, $1000USD if you can get the FCC to explain precisely where the line is of what kind of traffic is protected by net neutrality. I.e. a statement as definitive as "yes, everyone is fully entitled to run a goldenkeyed/backdoored Tor exit (or just relay?) node on their broadband access in the U.S.". Or I'll even pay $1000USD to anyone who can get the FCC to say precisely the opposite. I'm not sure I even care anymore, I just need to plan my innovations under that level of clear constraints, or otherwise my psychology just can't deal with competing in that kind of environment. If anyone wants assurances, I can escrow $1000USD in bitcoin with LWN, though it would be my first ever bitcoin transaction, so I'd have to review my LWN to figure that crazy stuff out.
> It's like trying to claim that if the Microsoft Office developers would just stand up for themselves then Microsoft Windows would be free software. It doesn't make any sense.
No, that statement makes no sense. That statement implies an understanding of the motivations of Microsoft Officer developers that neither of us has (nor do I actually think is true).
Posted Sep 16, 2015 2:48 UTC (Wed)
by markh (subscriber, #33984)
[Link]
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
...
> (ARS) If Internet providers wish to distance themselves from speech with which they disagree, they can do so by publicizing their views on their own websites “or by delivering a message on bill inserts accompanying customers’ monthly bills,” the FCC said.
The Government Intimidation Rabbit Hole
Wol
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
You can be held liable for certain types of content on your computers, even if you have no knowledge of it. Why should ISPs be different?
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
Even 'possession' crimes still require a 'guilty mind' ("mens rea" in legalspeak). However, the bar for that is set _very_ low. I.e. knowingly making it possible and easy to store illegal content on your computer is enough.
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
Yeah, sure. You can substitute my statement with: "The fact of knowledge of possession of stolen goods is enough for a jury to find you guilty in the absence of other evidence".
Sure, in this case you won't be liable for it. However, if you make _easy_ for your property to be used as a hiding place for drugged rocks then you still might be found guilty.
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
Certainly, this analogy is not perfect.
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
Wol
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
The Government Intimidation Rabbit Hole
And to sweeten the pot I'll even throw in a matching $1000USD donation to LWN. But if and only if you can get the FCC to - remotely clearly and remotely straightforwardly - dilineate the kinds of traffic that are not protected under net neutrality. I.e. is there such a thing as a class of traffic (e.g. tor exit node style, or tor relay node style, or lavabit/silentcircle server style, clintonemail.com home server style, etc) that is not protected against blocking by the current version of network neutrality that is on the books as a valid and enforced law/order. And if so, how as a (server) software developer, can I reasonably understand how to limit my innovations to fall under that level of legal protection. Note also, that if there are any issues with government access, I would like to know if voluntarily installing a back/front door, or handing over e.g. a golden root ssh account key, would make any difference in any situation to my legal protections. Yes, I am this guy - http://cloudsession.com/dawg/downloads/misc/kag-draft-k12...
And...the relay is back! It's great to see such broad support despite intimidation.
Library Suspends Tor Node After DHS Intimidation (EFF DeepLinks)