Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Tor: Technology on Trial
Transcript of Tor: Technology on Trial
Privacy in the Digital Age
Law Office 11
Tor Relay Process
Online Privacy and Anonymity is Important
Surveillance law and consequences to privacy
Academic research and implications for Tor
Constitutionality of anti-harassment laws
Tor's immunity under the Communications Decency Act (1998)
Images of Tor
Third Party Doctrine
"More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks."
Justice Sotomayor concurring in
United States v. Jones
, 132 S.Ct. 945
Argued November 8, 2011
Decided January 23, 2012
Current Rule 41 b
Proposed Amendment 41 b
The Importance of Academic Research
Identify Misuse of Tor
Protect Tor Network
Actual Use of Tor vs. Perceived Use of Tor
Academic Research Under the Wiretap Act
University of Colorado Study
Shining Light in Dark Places: Understanding the Tor Network
- Recorded first 150 kb of data
- URLs and IP addresses
“A person who... intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral or electronic communication... shall be punished..."
18 U.S.C. Section 2511(1)
Interception: “Aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.”
18 U.S.C. Section 2510(4)
Contents: "When used with respect to any wire, oral, or electronic communication, includes any information concerning the substance, purport, or meaning of that communication"
18 U.S.C. Section 2510(8)
Content vs. Non-Content
URLs and IP addresses have consistently been considered
data under the Wiretap Act.
They are automatically generated without user intent.
May not be as cautious
Greater risk of recording content data including emails, instant messages, VoIP conversations
Wiretap Act: Exemptions
Consent must be shown "convincingly"
Knowledge of the node operator's ability to record the data traffic is not enough to establish consent
Party to the Communication
"Unseen auditors" may not use this exemption
Unsure if there has even been a communication
"a provider of wire or electronic communication service... [may] intercept, disclose, or use... communication[s] in the normal course of [business] while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks."
Tor is not a provider under the definition.
The Common Rule
Surveillance & Privacy
Northeastern Operation of a Relay
Exemption can be invoked if "the information is recorded by the investigator in such a manner that subjects cannot be identified, directly or through identifiers linked to the subjects."
Information Security Department Approval
Legality of Running a Relay via Northeastern's Network
Legal but Uncertain
Relay Operation is not Illegal
Exit relay's IP address is associated with the Tor user's request, while non-exit relay operators are more removed
Constitutionality of Anti-Harassment Laws
Online Harassment and Cyberstalking
Computer monitoring software
Constantly Evolving Threats
Domestic Violence Advocates
Free Speech Advocates
The Violence Against Women Act (VAWA)
Whoever "with the intent to
kill injure, harass, intimidate
, or place under surveillance with intent to kill, injure, harass, or intimidate another person, uses... any interactive computer service or electronic communications service...
As Applied Challenge
Potential Solutions to Conflict
‘words, conduct, or action (usu. repeated or persistent) that, being directed at a specific person, annoys, alarms, or causes substantial emotional distress in that person and serves no legitimate purpose . . .’
BackPage and PinkMeth
What is the CDA?
PinkMeth (2014, Texas) and Backpage lawsuits (most recently: 2014, Washington)
Effect of closing Backpage
Tor's immunity status under the CDA
Communications Decency Act
What is an Interactive Computer Service?
Purposes of the CDA
Promote the continued development of the Internet
Encourage the development of technologies which maximize user control
PinkMeth and Backpage
Involuntary Pornography Website
Tor was sued because PinkMeth was hosted on the .onion network
Website shut down in Operation Onymous
Online Classifieds by Locality
Sued due to advertisements for prostitution of underage woman being hosted on their website
Effect of Closing Backpage
No significant impact on child sexual exploitation when closing Backpage
Hindering Law Enforcement Efforts
Traffic Migrating Elsewhere
Tor's Immunity under the CDA
Tor fulfills the governmental goals of the CDA more than Backpage
Tor has less control over illegal 3rd party content than Backpage does
Tor was dismissed from PinkMeth lawsuit
State Approaches to Cyberharassment
"The conduct, act or threats described in this subsection shall include, but not be limited to, conduct, acts or threats conducted by... electronic communication device including, but not limited to, any device that transfers... data... including, but not limited to, electronic mail, internet communications, instant messages or facsimile communications."
Mass. Gen. Laws ch. 265, Section 43A.
"Harassment consists of knowingly pursuing a pattern of conduct that is intended to annoy, seriously alarm or terrorize another person and that serves no lawful purpose. The conduct must be such that it would cause a reasonable person to suffer substantial emotional distress."
N.M. Stat. Ann. Section 30-3A-2.
Aggravating factors - weapon use
School zone crimes
Using Tor in the commission of a crime would not lead to a sentencing enhancement nor is using Tor a crime in of itself.
Malte Spitz Geo Location Tracking
Cycles of Violence
United States v. Cassidy (2011)
Ruled unconstitutional as applied, Court does not address the facial challenge.
United States v. Petrovic (2012)
United States v. Sayer (2014)
United States v. Osinger (2014)
Facial challenges were unsuccessful
Court upheld the VAWA
Definition such as the one from Black's Law Dictionary could be incorporated into statutes to reduce ambiguity
May want to conduct deep packet analysis.
Tor Would Definitely be Found Immune to Liability
to Illegal 3rd Party Content Under the CDA:
Tor is an interactive computer service
Backpage is covered under the CDA
"Any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including specifically a service or system that provides access to the Internet." 47 U.S.C. Section 230 (f)(2).
Stored Communications Act: stored content & non-content
Wiretap Act: content in transit
Pen Register Act: non-content in transit
Need a probable cause warrant to access.
Interception of the non-content information of a communication in transit. Need a "relevant" court order to access.
Need a "relevant and material" administrative subpoena to access customer records.
Need a "relevant and material" Section 2703(d), a.k.a.
d order, for transactional information.
Did the researchers at the University of Colorado violate the Wiretap Act?
Human Research Exemption
Stored Communications Act
Pen Register Act
Interception of the content of communications in transit.
Interception of the non-content information of a communication in transit.
Interception of both content and non-content data of stored communications.
TOR: TECHNOLOGY ON TRIAL
PRIVACY IN THE DIGITAL AGE
LAW OFFICE 11
Lucia Curiel, Joshua Demers, Kevin Fields, Jacob Miller, William Rainsford, Matt Schwartz, Molly Shea, Tiffany Tsang, Jamie Upham, Lee VanderLinden, Morgan Wilson, Jacob Wolk, and Esther Zolotova
Overview of Surveillance Law
Common Law: Third Party Doctrine
Investigative methods used against hacktivist Jeremy Hammond
The case of Operation Torpedo and applicability to Tor
Rule 41: Search and Seizure
University of Colorado Study
Content vs. Non-content
Northeastern Potentially Operating a Tor Relay
Legislative response to harassment