Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Tor: Technology on Trial

No description

Kevin Fields

on 26 March 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Tor: Technology on Trial

Technology on Trial
Privacy in the Digital Age

Law Office 11

Tor Relay Process
Online Privacy and Anonymity is Important
Surveillance law and consequences to privacy
Academic research and implications for Tor
Constitutionality of anti-harassment laws
Tor's immunity under the Communications Decency Act (1998)
Images of Tor

Third Party Doctrine
"More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks."

Justice Sotomayor concurring in
United States v. Jones
, 132 S.Ct. 945
Argued November 8, 2011
Decided January 23, 2012
Jeremy Hammond
Operation Torpedo
Rule 41
Current Rule 41 b
Proposed Amendment 41 b
The Importance of Academic Research
Academic Research
Identify Misuse of Tor
Protect Tor Network
Actual Use of Tor vs. Perceived Use of Tor
Academic Research Under the Wiretap Act
University of Colorado Study
Shining Light in Dark Places: Understanding the Tor Network
- Recorded first 150 kb of data
- URLs and IP addresses
Wiretap Act
“A person who... intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral or electronic communication... shall be punished..."
18 U.S.C. Section 2511(1)
Interception: “Aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.”
18 U.S.C. Section 2510(4)
Contents: "When used with respect to any wire, oral, or electronic communication, includes any information concerning the substance, purport, or meaning of that communication"
18 U.S.C. Section 2510(8)
Content vs. Non-Content
URLs and IP addresses have consistently been considered
data under the Wiretap Act.

They are automatically generated without user intent.
Other Researchers
May not be as cautious
Greater risk of recording content data including emails, instant messages, VoIP conversations

Wiretap Act: Exemptions
Implied Consent
Consent must be shown "convincingly"
Knowledge of the node operator's ability to record the data traffic is not enough to establish consent
Party to the Communication
"Unseen auditors" may not use this exemption
Unsure if there has even been a communication
"a provider of wire or electronic communication service... [may] intercept, disclose, or use... communication[s] in the normal course of [business] while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks."

Tor is not a provider under the definition.
The Common Rule
Surveillance & Privacy
Northeastern Operation of a Relay
IRB Approval
Exemption can be invoked if "the information is recorded by the investigator in such a manner that subjects cannot be identified, directly or through identifiers linked to the subjects."
Information Security Department Approval
Content Data
Legality of Running a Relay via Northeastern's Network
Legal but Uncertain
Relay Operation is not Illegal
Exit relay's IP address is associated with the Tor user's request, while non-exit relay operators are more removed
Constitutionality of Anti-Harassment Laws
Online Harassment and Cyberstalking
Fake profiles
Computer monitoring software
Constantly Evolving Threats
Domestic Violence Advocates
Free Speech Advocates
The Violence Against Women Act (VAWA)
Whoever "with the intent to
kill injure, harass, intimidate
, or place under surveillance with intent to kill, injure, harass, or intimidate another person, uses... any interactive computer service or electronic communications service...
As Applied Challenge
Potential Solutions to Conflict
‘words, conduct, or action (usu. repeated or persistent) that, being directed at a specific person, annoys, alarms, or causes substantial emotional distress in that person and serves no legitimate purpose . . .’
BackPage and PinkMeth
What is the CDA?
PinkMeth (2014, Texas) and Backpage lawsuits (most recently: 2014, Washington)
Effect of closing Backpage
Tor's immunity status under the CDA
Communications Decency Act
What is an Interactive Computer Service?
Purposes of the CDA
Promote the continued development of the Internet
Encourage self-policing
Encourage the development of technologies which maximize user control
PinkMeth and Backpage
Backpage Lawsuit
PinkMeth Lawsuit
Involuntary Pornography Website
Tor was sued because PinkMeth was hosted on the .onion network
Website shut down in Operation Onymous
Online Classifieds by Locality
Sued due to advertisements for prostitution of underage woman being hosted on their website
Effect of Closing Backpage
No significant impact on child sexual exploitation when closing Backpage
Constitutional Issues
Hindering Law Enforcement Efforts
Traffic Migrating Elsewhere
Tor's Immunity under the CDA
Tor fulfills the governmental goals of the CDA more than Backpage
Tor has less control over illegal 3rd party content than Backpage does
Tor was dismissed from PinkMeth lawsuit
State Approaches to Cyberharassment
New Mexico
"The conduct, act or threats described in this subsection shall include, but not be limited to, conduct, acts or threats conducted by... electronic communication device including, but not limited to, any device that transfers... data... including, but not limited to, electronic mail, internet communications, instant messages or facsimile communications."
Mass. Gen. Laws ch. 265, Section 43A.
"Harassment consists of knowingly pursuing a pattern of conduct that is intended to annoy, seriously alarm or terrorize another person and that serves no lawful purpose. The conduct must be such that it would cause a reasonable person to suffer substantial emotional distress."
N.M. Stat. Ann. Section 30-3A-2.
Sentencing Enhancements
Tor Use
Hate crimes
Aggravating factors - weapon use
School zone crimes
Using Tor in the commission of a crime would not lead to a sentencing enhancement nor is using Tor a crime in of itself.
Thank You!
Malte Spitz Geo Location Tracking
Cycles of Violence
Facial Challenge
United States v. Cassidy (2011)

Ruled unconstitutional as applied, Court does not address the facial challenge.
United States v. Petrovic (2012)
United States v. Sayer (2014)
United States v. Osinger (2014)
Facial challenges were unsuccessful

Court upheld the VAWA
Definition such as the one from Black's Law Dictionary could be incorporated into statutes to reduce ambiguity
May want to conduct deep packet analysis.
Tor Would Definitely be Found Immune to Liability
to Illegal 3rd Party Content Under the CDA:
Tor is an interactive computer service
Backpage is covered under the CDA
"Any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including specifically a service or system that provides access to the Internet." 47 U.S.C. Section 230 (f)(2).
ECPA Mechanisms
Stored Communications Act: stored content & non-content
Wiretap Act: content in transit
Pen Register Act: non-content in transit
Need a probable cause warrant to access.
Interception of the non-content information of a communication in transit. Need a "relevant" court order to access.
Need a "relevant and material" administrative subpoena to access customer records.
Need a "relevant and material" Section 2703(d), a.k.a.
d order, for transactional information.
Did the researchers at the University of Colorado violate the Wiretap Act?
Human Research Exemption
ECPA (1986)
Stored Communications Act
Wiretap Act
Pen Register Act
Interception of the content of communications in transit.
Interception of the non-content information of a communication in transit.
Interception of both content and non-content data of stored communications.

Lucia Curiel, Joshua Demers, Kevin Fields, Jacob Miller, William Rainsford, Matt Schwartz, Molly Shea, Tiffany Tsang, Jamie Upham, Lee VanderLinden, Morgan Wilson, Jacob Wolk, and Esther Zolotova
Thank You!
Overview of Surveillance Law
Common Law: Third Party Doctrine
Investigative methods used against hacktivist Jeremy Hammond
The case of Operation Torpedo and applicability to Tor
Rule 41: Search and Seizure

University of Colorado Study
Wiretap Act
Important provisions
Content vs. Non-content
Northeastern Potentially Operating a Tor Relay
Human Research
Harassment generally
Legislative response to harassment
Full transcript