German police does not understand Tor
Alexander Janssen, a German operator of a Tor exit server, has recently
revealed in his blog that, at the end of July 2007, the German police
arrested him, checked out his entire house and seized his equipment during
an investigation of bomb threats considered to have passed through an
Internet protocol address that was under his control.
Janssen, who operated a Tor server carrying more than 40GB of random
strangers’ Internet traffic data per day, was interrogated for hours for an
alleged threat to place a bomb in the German Federal Employment Services
Agency offices and kill an employee. The police wrongly assumed the Tor
server operator was responsible for placing the threat as the IP address
related to the posting had been anonymized with the help of the network,
thus pointing to the Tor exit node. Janssen was released by a federal German
official who admitted the police had made a mistake. Ironically or as it was
seen by Janssen, incompetently, the police did not confiscate or even shut
down the server in cause, located 500km away in a data centre.
Although earlier Janssen was determined to continue operating the Tor server
at any cost, the events related to his arrest made him give it up. “I’m
at the end of my civil courage. I’ll keep engaged in the Tor-project but I
won’t run a server any more. Sorry. No” he stated on his blog. His case
shows the risks that are caused by law enforcement officials not knowing too
much about the Internet.
Tor, endorsed by the Electronic Frontier Foundation and other civil
liberties groups, is a an anonymity network, a tool designed to increase the
privacy of Internet users allowing them to communicate and search
anonymously on the Internet.
Germany is not at the first action of the kind. In 2006, German authorities
seized 10 Tor servers in a child pornography investigation and in 2003, a
German court ordered the developers of Jap, an anonymity system, to build in
a back door that the authorities could access for national security
investigations. In May 2007, Germany passed a severe anti-hacker law that
“renders the creation and distribution of software illegal that could be
used by someone to break into a computer system or could be used to prepare
a break in. This includes port scanners like nmap, security scanners like
nessus (as well as) proof of concept exploits.”
Tor madness reloaded (16.09.2007)
Tor anonymity server admin arrested (16.09.2007)
http://www.cnet.com/surveillance-state/8301-13739_1-9779225-46.html?
German police raid home of man who operated Tor server (16.09.2007)
http://www.theregister.co.uk/2007/09/16/bomb_threat_leads_police_to_raid_tor_operator/
Tor server operator shuts down anonymizing server after police raid
(17.09.2007)
http://www.heise.de/english/newsticker/news/96107/
EDRI-gram: TOR servers seized in Germany (13.09.2006)
http://www.edri.org/edrigram/number4.17/tor