TOR, the feds and me

TOR logoI run a TOR-server. Anonymity is not a crime. There are a million reason why you want to stay anonymous on the interweb. Lately there was quite a hassle about seized TOR-servers in Germany and I was waiting for my server to be seized too. Didn’t happen until now. Something quite unexpected happened instead.

On the 28th of December I got a letter from the BKA (Germany’s Federal Criminal Police Office). The content of the letter was something like that:

“The owner of the IP-Address $my_servers_address is suspected of posession of child pornography. Hereby we order you to tell us the real name of the owner and disclose all relevant logfiles according to §113 TKG in the time of the 26th of October, 7:00 PST. We also demand the names of all your customers which use your service and we inform you that disclosing our request to your customers may be punishable.”

Obviously I was a bit scared about the “the owner of the IP-address part” so I hired a lawyer. The overall text was also a bit far-off for my taste, but whatever. My lawyer sent out a fax yesterday to the BKA asking if I, as his client, am a suspect or a witness. He also stated that I’m running a TOR-server and that no relevant log-files according to §113 TKG exist. In case that I’m a suspect he asked for all the files dealing with the investigation.

That was last night, today, about 20 hours later, we already got an reply. The BKA acknowledged, that they understood my lawyer’s statement that the TOR-server does not create relevant logfiles and claimed that this information is enough for their ongoing investigations. Furthermore they say that they need no further “statements” from my side. (which can be read as thanks, we’re fine, but who knows…)

Hm, they finally seem to have come to their senses. They really scared the shit out of my wife and me, believe me. When I started running a dedicated TOR-server I had a chat with my wife and explained her what I’m up to, what TOR is and what consequences it might have – she never thought that this case would ever occur.

I have only two possible explanations why they wrote the letter in that way. Either they thought that I rented the server to someone else – doing business with that dedicated server – or they just wanted to spread fear among the German TOR-operators. Could be either way. However, they were quite polite, not threatening in a direct way. But enough to make me call a lawyer.

However, this is rather an improvement compared to what happened in the last couple of months, LEAs seizing random server without thinking. This LEA thought before taking action, followed the way of investigation what would be obvious to everyone.

A very warm Thank You very Much to Dr. Michael Stehmann, my lawyer.

TOR-operators in Germany: Don’t let the LEAs scare you. Remember: It’s not you. It’s criminals abusing your service. You’re not the criminals, it’s them. And don’t let the “If you’ve nothing to hide”-argument bother you. It’s us, the citizen, to observe the state, not the state to watch on us. And a hammer doesn’t make the tools-dealer a murder.

Cheers, Alex.

Tech Tags:

18 Responses to TOR, the feds and me

  1. Tonnie says:

    Alexander,

    Du hast völlig recht, ein messer zum Brot schneiden wird erst zu einer Waffe wenn man das möchte.

  2. Whenever a public figure says “if you’ve got nothing to hide you’ve got nothing to fear” I have to wonder why they are wearing any clothes.

  3. Krista says:

    “And a hammer doesn’t make the tools-dealer a murder.”

    This is roughly the sort of argument I recall making when we started GNUnet 5 or 6 years ago (actually, it was the English variant of Tonnie’s comment about knives as bread-cutters or weapons, but no matter); most of the grad student colleagues we approached about working with us on it shied away anyway. They thought the idea was cool, but were afraid to find themselves on some FBI blacklist somewhere (overkill, I admit, but there is a lot of FUD going around) in spite of the fact that the network itself is content-neutral, if censorship-resistant.

    I’ve found myself it’s really easy to fall into fear in spite of knowing better (although here it’s the RIAA sending out random, ill-supported letters) – most of the folks sending out these letters are little better than bullies, yet the response of law-abiding citizens who don’t want to be prosecuted is usually to do whatever it takes to remove the risk of being prosecuted, even if they’ve done nothing wrong. Thanks for reminding folks that running anonymizing and privacy-preserving services like TOR is not a criminal activity, and that as the populace, we do have a right not to be intimidated by the state (or corporations) when we participate in everyone’s right to privacy.

  4. rabenhorst says:

    Weitere Tor Geschichten

    IT, Life an me Blogger und Tor Exit Node Betreiber Alexander berichtet in Tor, the feds and me über seine Erfahrungen mit einem Auskunftsersuchen des BKAs nach § 113 des Telekommunikationsgesetzes wegen des “Verdachts auf Besitz von Kinderpornografi…

  5. Ben says:

    I think there is a long way until the situation here ( in germany ) will change to a better end … :-). We can only hope.

  6. [...] of with the EFF, but they don’t seem to have a well-organised European chapter. Considering my recent experience with the german Feds and my lawyer’s bill – just a mere 150 EUR though – I started to think [...]

  7. Marco says:

    May I translate this article into italian for my blog? I think this is really important!

  8. Marco: Feel free to do so. If you have questions, drop me a line. Alex.

  9. Dominik says:

    Thanks for sharing your experience. Im operating a No-Exit TOR node at the moment because I am quite concerned. Maybe I will think again about allowing Exits from my node…

  10. John El says:

    I would like to find out about the the law and Tor in Britain, Gibraltar and Spain.

    I would like to run an exit node, but am concerned about being on the receiving end of something nasty; I would be rather unhappy if they broke into my flat and confiscated my laptop and demanded the keys for my encrypted partion, which contains all my bank details etc. I have fears that they would say something along the lines of, decrypt your data and prove to us that it was not you, even though you say it wasn’t. This is because my Tor server would be PATed (NAT) behind a firewall, and this would show my laptop and the Tor server with the same IP address. I don’t keep logs for my firewall either (need a syslog server for this…)

  11. [...] some experience with the german Feds, the BKA, regarding the childporn-crackdown earlier this year. I blogged about it and even erlier I wrote a sentence – which was merley a superstition – from which I thought [...]

  12. airdump:net says:

    Big Brother is spreading fear among TOR-operators. It’s the same always the same. Central info (world) server that serv fresh information about worldwide gov’s suspicious thing not exist. For example Czech goverment starts big stick for p2p networks 5 months ago. I think presently any coal-cellar will hold one nark.

  13. Jonathan says:

    Keep up the good work – I think it’s fantastic that you are running a Tor node. I have been trying to figure out how to run a node behind the firewall that I am subjected to (out of my control) without having to have ports open but I don’t think it’s actually possible — I would just want to run a relay node (i.e. no entry or exit connections). Thank you again for having the courage to run a node – as a Tor user, I definitely appreciate it.

  14. Jonathan, thanks for your support. By now I’m running a Tor-node again, but not under my but under the name of an organization. That keeps the coopers out of your living-room… :-)

    Cheers, Alex.

  15. anonofcourse says:

    QUOTE: “…or they just wanted to spread fear among the German TOR-operators.”

    THATS THE POINT!!!!!

    They can’t do anything against TOR servers so they start to try to fear people.

    gl in future to you ;)

    benjamin!

  16. edward says:

    What’s the benefit of being a TOR server? I mean, if you want anonymity, why just don’t use a client and let other operators run the servers?

    My opinion is that being a server will bring you problems because of other non-ethical users..

    • You miss the point. I was running a Tor-server not for my anonymity, but for everyone else.
      Also, I was the “other operators”.
      And you’re right about the non-ethical users… But yet, the operators have to pay the price.

      Cheers!
      Alex.

  17. [...] German government last year during a child pornography investigation. Early this year, Janssen also became a suspect in a child pornography investigation as a result of traffic relayed by his Tor exit node. At the [...]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 120 other followers

%d bloggers like this: