/ Cory Doctorow / 10 am Tue, Aug 4 2015
  • Submit
  • About Us
  • Contact Us
  • Advertise here
  • Forums
  • What happened when we got subpoenaed over our Tor exit node

    What happened when we got subpoenaed over our Tor exit node

    We've run a Tor exit-node for years. In June, we got the nightmare Tor operator scenario: a federal subpoena (don't worry, it ended surprisingly well!)

    Tor, The Onion Router, is a privacy and anonymity network that bounces traffic around the Internet in nested cryptographic wrappers that make it much harder to tell who its users are and what they're doing. It's especially hated by the NSA and GCHQ.

    Many people run Tor nodes, but only a few run "exit nodes" through which traffic exits the Tor network and goes out to the public, normal Internet. Having a lot of exit nodes, with high-speed connections, is critical to keeping Tor users safe and secure. We wanted to do our bit for allowing, for example, Bahranian and Chinese dissidents to communicate out of view of their domestic spy agencies, so we turned some of our resources over to Tor in 2012, including access to our blazing-fast Internet connection.

    The nightmare scenario for Tor exit-node operators is that you'll get blamed for the stuff that people do using your node. In Germany and Austria, prosecutors have actually brought criminal action against Tor exit-node operators.

    So we were a little freaked out in June when an FBI agent sent us a subpoena ordering us to testify before a federal grand jury in New Jersey, with all our logs for our Tor exit node.

    We contacted our lawyer, the hard-fightin' cyber-lawyer Lauren Gelman, and she cooled us out. She sent the agent this note:

    Special Agent XXXXXX.

    I represent Boing Boing. I just received a Grand Jury Subpoena to Boing Boing dated June 12, 2015 (see attached).

    The Subpoena requests subscriber records and user information related to an IP address. The IP address you cite is a TOR exit node hosted by Boing Boing (please see: http://tor-exit.boingboing.net/). As such, Boing Boing does not have any subscriber records, user information, or any records at all related to the use of that IP address at that time, and thus cannot produce any responsive records.

    I would be happy to discuss this further with you if you have any questions.

    And that was it.

    The FBI agent did his homework, realized we had no logs to give him, and no one had to go to New Jersey. Case closed. For us, anyway. Not sure what went down with the grand jury.

    I'm not saying that everyone who gets a federal subpoena for running a Tor exit node will have this outcome, but the only Tor legal stories that rise to the public's attention are the horrific ones. Here's a counterexample: Fed asks us for our records, we say we don't have any, fed goes away.

    Only you can decide whether running a Tor exit-node fits within your risk-tolerance. But as you decide whether to contribute to the global network of civic-minded volunteers who provide bandwidth and computation to help keep Internet users free and safe, keep our story in mind along with all the scare stories you've heard.

    / / 31 COMMENTS

    / / / / / / / /