[tor-project] Teaching lawmakers about Tor for rule 41 amendment
Paul Syverson
paul.syverson at nrl.navy.mil
Thu May 5 02:50:17 UTC 2016
On Wed, May 04, 2016 at 09:55:38PM -0400, Paul Syverson wrote:
> On Wed, May 04, 2016 at 05:32:24AM -0400, Roger Dingledine wrote:
> > Hi Alison, Kate,
> >
> > Check out
> > https://theintercept.com/2016/04/28/supreme-court-gives-fbi-more-hacking-power/
> >
> > I think this is a really important outreach topic.
> >
> > A) We should reach out to the senators who are planning to fight
> > the changes, to offer to teach them more about Tor and more about the
> > Internet, see if they have any questions or concerns, etc. I bet there
> > are some staffers somewhere who are working on exactly this topic, and
> > everything they know about Tor they learned from one scary video about
> > the dark web. We should teach them how Tor works, why people need it,
> > and why a diversity of types of users is key to its security.
> >
> > B) At the same time, we should learn what their talking points are, so
> > we can be better at educating people about the issue. In particular, one
> > of the quotes in the article says it's "possibly the broadest expansion
> > of extraterritorial surveillance power since the FBI's inception",
> > but at the same time, I can totally picture people saying "Oh come on,
> > it's just Tor, how can that be such a big change?" We would be smart
> > to have concrete non-Tor examples of what these new powers would allow,
> > so everybody can understand that these changes aren't just about Tor.
> >
>
> I am so totally not a lawyer, but
>
> Suppose I post a comment somewhere, say a news site or blog that
> accepts comments, and I don't identify my location (district) in that
> comment. Suppose the site allows unauthenticated comments
> (alternatively, the site has a posted privacy policy to protect my
> facebook/gmail/ whatever-they-use login credentials except for that
> use and permits me to choose any available username, ---alternatively
> alternatively, I use my regular longstanding gmail address overtly as
> identifier for the post, but don't announce my district in any way and
> I have never authorized Google to use or reveal my location to others.)
>
> If I say anything in that comment that any magistrate judge anywhere
> in the country can be convinced indicates there is on my computer
> evidence of any crime whatsoever in his district (or a crime
> such that activites related to it have occurred in his district),
> then is it the case that that judge can issue a warrant to seize my
> computer? (And in the alternative scenarios above, could they
> then issue a warrant (subpoena?) for Google to turn over
> records of where I logged into my gmail from?)
>
For some other examples, see
https://www.accessnow.org/cms/assets/uploads/archive/docs/Rule41botnettestimony.pdf
There it is noted that probably any victim of a widescale botnet could
have their computer seized under Rule 41 changes. Also examples are
given of people merely sharing servers or service providers being so
affected. Also how seizure has included and could include in that case
interception and re-routing of traffic besides the potential for
hardware seizure.
aloha,
Paul
More information about the tor-project
mailing list