Another one.

November 15, 2007

TOR logoWell. I was expecting this. You know, there are people taking civil responsibility, running a Tor-node and all they get is nastygrams, kicked-down doors and ultimately, lawsuits.

So, what happened: There’s this German guy, a Tor-operator. In June the police send him a letter telling him that he’s accused of computer fraud combined with unlawful modification of evidences. He’s a law-abiding citizen nothing guilty of, just using his civil rights and quite fed up with all those silly accusations, so he followed Udo’s golden rule #1: “You have the right to remain silent“.

Months later he got a letter from a court order about a penalty order, telling him that he’s guilty on all counts.

He describes it in his own words:

In early September I received a penalty order ("Strafbefehl") - from the
court. A judge found me guilty of having ordered a gift voucher (value: 51
EUR) on amazon.de, providing address details of a living person (but not
myself obviously), and using a Web.de email address registered specifically
for this purpose. I was sentenced to pay a fine of 500 EUR.

He appealed and the whole case finally went to court, having the hearing today. What happened then is beyond all reason:

[...] the penalty order listed four witnesses (the person whose address
details had been used, a police officer in a cow town near that person's
home hometown, a local police officer, and an employee of amazon.de)

However, the trial listed no witnesses at all. That guy was a laymen-judge (lay assessor) himself, so he though that this trial is based on a very weak basis and didn’t bother about it to much. Then all hell broke lose.

The judge and the lawyer of the state realized quite quick that he was not the one who committed the fraud, but instead of dismissing the case entirely they started to construct accusations like “supporting a crime” – which is utter bullshit. The accusation of “supporting a crime” in Germany definitively states that you need to support actively a certain crime – and only especially that you’re accused of. There ain’t nothing like a “general support crime”, as the judge thought. This is just another stunt!

The judge really thought “someone needs to be punished, but we can’t accept you to help anyone else to comit a crime”:

The judge as well as the public prosecutor
refused to accept that I didn't do anything criminal, that I didn't and
still don't want to help anyone committing a crime.

Oh Lord. Where have we gone!?

Even worse. The whole lawsuit was so frightening and cumbersome to the Tor-guy that he decided to dismiss the lawsuit according to §153 StPO. That means that the accusations are dismissed because there’s no public interest in the case. But yet, that doesn’t mean that he wasn’t found NOT GUILTY!

Why did he do this? Because he didn’t want to pay for a lawyer, as I do – but I can afford it:

They offered me to dismiss the actual court trial according to paragraph 153
StPO which is not the same as an acquittal (no "Freispruch") which I
eventually accepted. It means, however, that I won't have to pay for the
trial. They also repeatedly said that this time I got off with just a slap
on the wrist - next time it wouldn't be that cheap.

It’s all a big mess. Judges and lawyers have no bloody clue what Tor is about. They ignore the fact that Tor is a legal tool in a civil society and that Tor-operators aren’t responsible for the actions of their users. Heck, no one ever sued Pan Am to let the Lockerbie-bombers on board, and no one ever sued the German Postal Service for transporting letter-bombs: Yet German courts think that operators of anomymizing services are responsible for the actions of the users.

Brave new new world. Where have we gone? Our elected leaders ratify laws which are stupid. The judiciary is as dumb as a piece of stale bread. Take me out of here.


nemo tenetur seipsum accusare^2

November 14, 2007

It didn’t even take a month.

The Registers reports about an animal rights activist who’s now asked to hand over her crypto-keys.

El Reg sums up the details:

An animal rights activist has been ordered to hand over her encryption keys to the authorities.

Section Three of the Regulation of Investigatory Powers Act (RIPA) came into force at the start in October 2007, seven years after the original legislation passed through parliament. Intended primarily to deal with terror suspects, it allows police to demand encryption keys or provide a clear text transcript of encrypted text.
[...] she has been given 12 days to hand over a pass-phrase to unlock encrypted data held on the drive – or face the consequences. [Failure to comply can result in up to two years imprisonment for cases not involving national security, or five years for terrorism offences and the like.]

So what do we have here?

A dodgy law which is meant for serious crimes and terrorists.
A women engaged in animals rights.

I can see the plot!

Evil trrrsts meetin animal-rights activists to blow up Downing Street.

Oh, you’ve got nothing to hide? Sure mate.

Some people pointed out that this silly law could be circumvented by technology based on plausible deniability and hard crypto – but still I say, it’s the law that’s flawed!


nemo tenetur seipsum accusare

October 11, 2007

Well, not in the UK anymore.

Nowadays you got to hand over your encryption keys to the authorities if they ask you. Non-compliancy can be punished with up to two years for ordinary “crimes” and up to five for trrrsts.


Tor madness reloaded

September 16, 2007

TOR logoUpdate^4: If you comment doesn’t show up immediately, it probably ended up in the spamfilter (Akismet). As long as the the people keep posting I’ll continue to check the spam-folder regulary and will manually publish the posting. So don’t post twice or even more often. — alex.
Update^2: I want to point out one thing: The investigations about “computer fraud” are not related to the other case. It’s not that they try to find some other accusation to sue me in any case. Lots of people were raising that rumour: It’s not true. — alex.

As you, my regular reader, might now, I run a Tor-server in Germany. I already had some experience with the german Feds, the BKA, regarding the childporn-crackdown earlier this year. I blogged about it and even erlier I wrote a sentence – which was merley a superstition – from which I thought “this can’t possibly happen in Germany”:

“[...] the last thing I want to experience is the police kicking down my door, seizing my computer.”

I also wrote, in another posting:

“My TOR-server is still running, pushing 40GB/day around. I’m not going to shut it down for whatever reason.”

However, I have to retreat from my arguments.

On Sunday morning, 00:15 AM, July the 29th, someone knocked on my door very hard. I just came back from a pub-crawl with a friend from the UK, was quite drunk, opened the door and just heard “Police!”. They entered my appartment, cuffed me and started to search my flat. My wife was scared to death. I was held in my own kitchen for almost 30 minutes asking “WTF is that about?” when they just said “Calm down, we’ll explain everything later”.

Minutes later they explained me that I’m suspected of placing a bomb-threat at a german copper-forum called copzone.de – a forum I never heard about. They accused me of posting shit like “I’ll plant a bomb in the department of work” and that I was about to cut-throat (or something like that, I can’t remember, I was drunk) a worker from that department. (Edit: The posting at copzone.de doesn’t seem to be accessible. Since my lawyer doesn’t have the files yet, I don’t know what exactly was posted. The german police doesn’t hand over the files to the suspect, he has to hire a layer to see the files.)

I explained them that I was a Tor-operator and what Tor is about. I showed them the letters from the Feds from the earlier incident to proove that I’m not bullshitting them. However, the coppers weren’t not so much into Tech-stuff and told me that a forensic unit will care about all my equippment. They searched everything: My attic, my office, my car, they digged through my wifes underwear, they found my old chmistry books very interesting, the flak-vest I own which I use when I go to strange countries, they found the fertilizer which I use for my chilli-plants, my microcontroller-experiments looked like an IED to them: Basically, EVERYTHING was suspicious.

They installed a new lock on my office’s door, although I eplained them that my Tor-server was running in a totally different city, like 500 km away! Funny enough, that server wasn’t confiscated. Ah, and I’m supposed to pay for the new lock. WE’LL SEE ABOUT THAT.

Eventually – after 30 minutes maybe – they took off the cuffs and brought me to the police-barracks for interrogation. I explained there for hours what the hell I’m doing, what Tor is and all the crap. I spare you the details. I was drunk and the interrogation-protocol might be a bit embarrassing for me.

However. Hours later, on the same sunday, someone from the “Staatsschutz” (something like the DHS) of the city of Düsseldorf came to unlock my door, telling me something like “uh, we screwed up, sort of”. That’s not what he said, but that’s the bottomline.

So much for the incident.

The consequences: I’ve shut down my Tor-server. I can’t do this any more, my wife and I were scared to death. I’m at the end of my civil courage. I’ll keep engaged in the Tor-project but I won’t run a server any more. Sorry. No.

So, so much for my arrest. Now the same storyline continued.

I was at the Linuxbierwanderung 2007 in Crete last week. I held a talk about Tor and the legal implications running a server (slides here).

Thursday I was still sitting in the car driving through Austria back to Germany when my wife called me up “we have another letter”. This time the accusation is “computer fraud”. I don’t know any details yet, but I’m supposed to show up for interrogation next thursday. My lawyer is informed. Details when I can tell them.

So, so sum up everything: I was arrested. They scared my wife. They consfiscated all my equippment. They stopped the investigation. I’m sitting on a pile of bills from my lawyer no one except me has to pay. I’ll sue for compensation, but I don’t think that this will lead anywhere. I’m now accused of something else. Horray! Bloody hell. I still love my country, but it’s bitching around.

From my point of view the german police is even more than incompetent++. They aren’t able to do the most simple investigations. Pre-checks for plausibilty don’t exist. This is so stupid.

Ah, and on a sidenote: My lawyer is still waiting for the files of the bomb-threat incident. Although the investigations against me were stopped. Wonderful!

Düsseldorf, September the 16th,
Alex “Yalla” Janßen.

Edit^3: On a sidenote – some people accused me of not knowing what I’m talking about when I said that the police was incompent when it came to this incident. Let me get this straight: I’m qualfied to comment on this, I’m working in the computer security business and I know how to do real investigations. The first thing to check is if the server in question is an open relay or some anonymisation service. So stop this stupid bullshit. Just check the hostname “wormhole.ynfonatic.de” in your favourite search-engine and on the first hits it’s reveiled that this is a Tor-server. You don’t need to be a computer-expert to check on this. Incompetence++.


Schily, Schily, oy oy oy

February 9, 2007

My “favourite” politician, Mr. Wolfgang Schäuble, Home Secretary of Germany, was interviewed by the newspaper TAZ.

I almost spilled my coffee over my keyboard while reading the interview. I knew that he’s absolutely for Law and Order but I couldn’t imagine that he’s that ignorant about what the citizen think about his plans to introduce a governmental trojan horse, which should infiltrate terrorist’s computers. It’s about security, isn’t it? (And the children. And world peace. Are you against the children or what? Either your’re with us or the terrorist.)

Some examples:

TAZ: Mr. Schäuble, are you Germany’s highest ranked hacker?
Schäuble: No, I don’t get into any computer, and frankly I don’t really know how the police is doing that. I barely know what a trojan horse is.

TAZ: Are you afraid of those so called trojans, means e-spionage software?
Schäuble: No, in general I never open attachments in email, where I’m not sure about it’s origin. And also I’m a decent guy, the BKA [German Federal Police] doesn’t need to send trojans to me.

TAZ: 10,000 citizen are planning to file a constitutional complaint against the mandatory data retention. Don’t you get contemplative about that?
Schäuble: That doesn’t bother me any more.

Once again I’m totally convinced that the politicians don’t give a damn about the citizen’s opinion. They try to justify every surveillance measurement with the terrorism/child-porn/internet pirate argument.

To quote Kurfürst Friedrich Wilhelm v. Brandenburg:

“Es ist dem Untertanen untersagt, den Maßstab seiner beschränkten Einsicht an die Handlungen der Obrigkeit anzulegen.”
(Flaky translation: “It’s forbidden to the subject to apply the standard of his limited views to the acts of the authorities”)

Happy hacking.

Tech Tags:


Saxonian Education

February 8, 2007

A 16-year-old girl from Saxonia, Germany, was convited to two weeks of prison because she didn’t attend school.

Wow. At first I thought the Pisa-study showed that the german school-system needed an overhaul.

Now I know what’s wrong: It’s the pupil’s fault. And only prison helps. For the better good and the german future.

To Judge Andreas Pech: If you thought that prison helps children to learn then you should consider going to jail as well – just to learn the basics of comparativeness.

Irony intended.

I wonder if they’ll subpoena me now.

Tech Tags:


s/GI/FSFE

January 7, 2007

Fellowship of the FSFE logoRecently I quit my membership in the German Computer Science Society (“Gesellschaft für Informatik”), mostly because I think they don’t have a real perspective. For years and years I thought that they start to be a bit more pragmatic, but they kept insisting on the “one and only lore”. I know that they’re more about science and teaching, but they didn’t meet my expectations – especially when it comes to software patents. I was recruted by them when I was still a student so I feel quite sore and sorry to leave them – but we weren’t made for staying together.
So I resigned as a member in December, something I actually didn’t want to, for I believe that people like the Bitkom don’t really present us, the hackers, fiddlers and freelancers, in a true sense.The Bitkom is more about big corporate business, the GI more about science and teaching.
Nonetheless, the GI was to far off for me too. They got me as a student, nowadays we’re not aligned any more and they can’t offer me anything.

I had to find my own way, so I finally decided – after much lobbying from friends who were already active members – to join the European chapter of the Free Software Foundation as a Fellow.

And there I am, a new proud member of the Free Software Foundation Europe.

What do I want to achieve with it? Not sure yet, but I feel that my contribution – means my membership-fee of 120 EUR a year – is better with the FSFE than with the GI.

My goals? I’d like to establish a TOR legal-fund. Maybe the FSFE is the right platform for it, although I’d be better of with the EFF, but they don’t seem to have a well-organised European chapter. Considering my recent experience with the german Feds and my lawyer’s bill – just a mere 150 EUR though – I started to think how other people with no funds could defend themselves against ill accusations. Rabenhorst said that he doesn’t really agree with me that the Feds did the right thing how to prosecute evildoers who abuse TOR. I’m still not with his opinion since running TOR is one thing and prosecuting child-porn dealers is another one, but others pointed out correctly that there are other people running TOR who don’t have the funds to hire a lawyer as I have.

I can’t promise anything by now, I don’t have a real plan yet; but a TOR legal-fund for us German TOR-operators wouldn’t be too bad.

If you feel inclined to help me out with it, drop me a line, I’d be happy to discuss a legal fund as I have a lawyer handy who might be able to consult us.

Cheers, Alex, FSFE member #916.

Tech Tags:


Follow

Get every new post delivered to your Inbox.

Join 120 other followers