Delivery-Date: Sat, 02 Jan 2016 12:46:20 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id CF5E51E030D;
	Sat,  2 Jan 2016 12:46:18 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 432D43803A;
	Sat,  2 Jan 2016 17:46:14 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 202E937EDD
 for <tor-talk@lists.torproject.org>; Sat,  2 Jan 2016 17:46:11 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id VYNf76OgBAXe for <tor-talk@lists.torproject.org>;
 Sat,  2 Jan 2016 17:46:11 +0000 (UTC)
Received: from mail-lf0-f98.google.com (mail-lf0-f98.google.com
 [209.85.215.98])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id BEAA3242C4
 for <tor-talk@lists.torproject.org>; Sat,  2 Jan 2016 17:46:10 +0000 (UTC)
Received: by mail-lf0-f98.google.com with SMTP id z124so18864721lfa.3
 for <tor-talk@lists.torproject.org>; Sat, 02 Jan 2016 09:46:10 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:to:from:subject:message-id:date:user-agent
 :content-type:content-transfer-encoding;
 bh=UH2KWhd7aDxrZOnCYzZgt74mbgPHN6DlAt7iuFM3g2U=;
 b=BJV+fRglrpoE7IFr68EFzgxhIBLTlwzDzsYCOFYxb2+obkIjYkFZvebbHPQ+hSVr5q
 edBizZxpcB1AzUJQ8yVUVWMw+om6oo/O58ibMkebp52KlgBRDxAnAGLEEcliUpBDgEcF
 7P1sA01wFFjxzmfdXJYzOwTHOZyjqOtONN562FpH6UmoHW2DIH1oJ/+fOgCdTlRiX9DM
 0ZVYNVPyAWIkBH93Pk7atSkx010ebE6HM7zYEaWeDtj83q5gkcYwf0jyftJnBPO80jOv
 7oed2xlRErQ4ljeHEyY46v8p6hcBFpTOR4HAispFaTMrNz4Ds/pdkPDNKQNAsCMS5cHw
 s77g==
X-Gm-Message-State: ALoCoQnP1+rYOG7qRkf8crg8S638jzvdheiZI4A3DGYYk0VO8UIxxhyidYb4ZUuJGUhG3BWhx8ETRd4MlRtc9L6EAtzYNF0vWztG2MSFTHhVPMKCInwxjlk=
X-Received: by 10.28.222.86 with SMTP id v83mr54891975wmg.17.1451756766871;
 Sat, 02 Jan 2016 09:46:06 -0800 (PST)
Received: from apps.globaleaks.org (demo.globaleaks.org. [194.150.168.64])
 by smtp-relay.gmail.com with ESMTPS id 189sm4764637wmh.2.2016.01.02.09.46.06
 for <tor-talk@lists.torproject.org>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sat, 02 Jan 2016 09:46:06 -0800 (PST)
X-Relaying-Domain: apps.globaleaks.org
To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org>
From: "Fabio Pietrosanti (naif) - lists" <lists@infosecurity.ch>
X-Enigmail-Draft-Status: N1110
Message-ID: <56880CDB.9070305@infosecurity.ch>
Date: Sat, 2 Jan 2016 19:46:03 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
 Gecko/20100101 Thunderbird/38.4.0
Subject: [tor-talk] On further minimizing harassment for Tor Exit Nodes
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hello,

this email is to share a consideration on how to further minimizing
harassment for Exit Nodes.

The worst risks is usually considered "being waked up at 6.00am in the
morning by authorities" but there's no specific provision on reducing
that risks.

The guidelines "Tips for Running an Exit Node with Minimal Harassment"
https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment
does not cover specifically this kind of risk.

Now, we can assess that this risks come from local/national uninformed
law enforcement agents and/or prosecutors on how Tor works and how
non-useful is that kind of search and seizure activity.

Those uninformed law enforcement agents and/or prosecutors are usually
"local", not usually handling cyber-crime, with reduced digital
forensics skills.

The ideas is that we could fix or drastically reduce that risks if any
requests of search and seizure of a Tor Relay, is going to be reviewed
by multiple eyes from within the law enforcement agencies.

Hopefully having those multiple eyes to look at a search and seizure
decree in the authorization process, it's much likely that one will of
those will understand that we're speaking of a Tor Relay, denying the
authorization because "Hey, let's not waste time and tax-payers money,
it's a Tor Relay, we're not going to get anything related to case X there" .

We could trigger that if a Tor Exit operator would be able to have an
ExitPolicy that deny traffic going to the destination IPs of the country
where it's located, leading any kind of abuses to be originated because
of Tor Exit traffic flowing to a foreign country.

It's likely that such "foreign IPs" being the source of an abuse that
would trigger a law enforcement inquiry/investigation abroad, in another
country (not the country where the Tor Exit is installed).

This should trigger a requests to goes trough multiple eyes, likely
trough mutual legal assistance treaty (MLAT) channels.

To make an example, assume those scenarios:

a) A Tor Exit is running in Italy and that from that Tor Exit there's a
connection part of an abuse considered a criminal act in Italy, by a
Italian company.

In that case the routing of the search and seizure requests would be:
Italian Company ->
 Italian Police (local) ->
   Italian Prosecutor (local) ->
    Italian Preliminary Judgement authorization (local) ->
      Italian Police (local) doing Search and Seizure.

b) A Tor Exit is running in Italy and that from that Tor Exit there's a
connection part of an abuse considered a criminal act in France, by a
French company.

In that case the routing of the search and seizure would be longer and
will pass trough central agencies, in charge of the cooperation for
what's related to cyber-crimes:

French Company ->
  French Police (local) ->
    French Prosecutor -> (local) ->
     French Preliminary Judgment Authorization (local)
       French authority in charge of cross-border CyberCrime (central)
         Italian authority in charge of cross-border Cybercrime (central) ->
           Italian Police (local) doing Search and Seizure

So, the routing going trough an cross-border search and seizure
requests, will have much more eyes looking at it, will likely goes
trough central/national cybercrime units for cross-border cooperation,
and thus will much likely will get denied because "Hey, it's a Tor
Relay, it's highly unlikely that's who you are looking for" .

That could be accomplished by having a directive for ExitPolicy {it}
being applied on the Tor Exit node running in Italy.

The feature #1 of ticket #993
(https://trac.torproject.org/projects/tor/ticket/993) is the feature
that could provide such kind of additional protection/benefit for Tor
Relay operators, to reduce the risks of being waked up at 6.00am by law
enforcement agents because of an uninformed search and seizure order.

What do you think?

p.s. I've not re-read this email, so it may contain some grammar
mistake, sorry!

-- 
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org -
https://ahmia.fi
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

