TKTK
Why didn't police include relevant information about Tor, a network that uses randomized encryption, in their request to search a local home? Mclek/Shutterstock

One week after Seattle police searched the home of two well-known privacy activists for child porn and found nothing, critics are questioning why the department failed to include a key piece of information in its application for a warrant—the fact that the activists operated a Tor node out of their apartment, in order to help internet users all over the world surf the web anonymously.

Sponsored
Sail into the new year in style On the HIYU. We'll bring the bubbly. Get your NYE tickets here!

"You knew about the Tor node," said Eric Rachner, a cybersecurity counsultant and co-founder of Seattle's Center for Open Policing, addressing the police department on Twitter, "but didn't mention it in warrant application. Y'all pulled a fast one on the judge... you knew the uploader could have been literally anyone in the world."

At 6 a.m. on March 30, Seattle police showed up at the Queen Anne apartment of Jan Bultmann and David Robinson with a search warrant to look for child porn, based on a tip that traced an illicit video to their IP address. Six officers arrived with two vans and spent over an hour doing forensic searches on the computers in the home. One officer stood in the bedroom and watched as Robinson got dressed.

They didn't find anything. Bultmann and Robinson, both board members of the Seattle Privacy Coalition, were released after being detained in a van, but they were left shaken and upset.

"They wasted their time, they frightened us, they cost us money, and they violated our constitutional rights," said Robinson. "And it was all needless... This kind of pointless intimidation of Tor operators just hurts the Tor network."

The Seattle Privacy Coalition's website has been down for the past week while Robinson bought new equipment and built a new server because, he said, police compromised the site's security.

Bultmann and Robinson had publicly advertised that they operated a Tor exit relay node—a node in the global Tor network, whose purpose is to give users the ability to browse the web anonymously. They said they operated the node as a service to dissidents in repressive countries, knowing full well that criminals might use it as well, much like any other communication tool. Tor stands for "the onion router," a mechanism by which information is encrypted in layers as it passes through multiple, randomized nodes in the network.

In the aftermath of the search, the question was whether Seattle police had done their technical due diligence: Did they recognize that Bultmann and David were operating a Tor node? If so, did they realize that a tip about child porn coming from that IP address, absent any other evidence, likely meant someone else in another part of the world had uploaded the material and it had been randomly routed through their node?

What's more, Tor uses encryption to prevent whoever operates the node from viewing what passes through it. The warrant says the child porn was uploaded to an encrypted web address on 4chan—the destination for the material after it passed through a Tor exit relay. Therefore, Bultmann and Robinson wouldn't have been able to give the police any leads about the source of the illicit material even if they wanted to. Still, Robinson said he would have been happy to answer any questions if an investigator had merely asked.

"It's like raiding the mailman's house for delivering an illegal letter with no return address," said one commenter on the tech website YCombinator. "Sure, it could have been sent by the mailman, but it could have been sent by anyone. There isn't any more reason to suspect the exit node operators than anyone else in the whole world who could also have used the exit node."

The warrant application (PDF), signed by King County Superior Court Judge Bill Bowman, makes no mention of the Tor node, much less Bultmann and Robinson's public roles as privacy activists. Nor does a warrant application dated February 24 to obtain subscriber records related to the address from Wave G, the Internet service provider. Both documents suggest that Bultmann and Robinson are ordinary web users with a private home connection.

"I believe one or more person(s) and/or computer(s) located at [their address]" violated laws against child pornography, Detective Daljit Gill wrote.

SPD spokesperson Sean Whitcomb said the department understands how Tor works and that before executing the search, officers knew that Bultmann and Robinson operated the Tor node out of their apartment. "Knowing that, moving in, it doesn't automatically preclude the idea that the people running Tor are not also involved in child porn," Whitcomb told NPR. "It does offer a plausible alibi, but it's still something that we need to check out."

But in a statement today, the department said its detectives didn't know about the Tor node when they filed the warrant application on March 28. If true, this means detectives took notice of the Tor node after the judge approved the warrant, then carried out the exhaustive early-morning search two days later anyway.

Robinson questions whether police deliberately delayed checking the IP address against the public list of Tor nodes in order to avoid sharing exculpatory information with the judge. He believes a sound investigation would have checked the IP address as soon as the tip came in. "Why spoil a perfectly good warrant with facts?" he asked.

ACLU of Washington Legislative Director Shankar Narayan said there should be a high bar for suspicion in cases like this one. SPD should have included relevant information about the Tor node in its warrant request for the judge, he said, and sending in six officers to run forensics on the computers was excessive.

"As was the case with the Stingrays," he said, "law enforcement didn’t adequately describe the nature of the search in the request... This is a good opportunity for them to use a smarter approach... and position themselves as a leader in understanding how this technology works and protecting privacy, while doing their jobs."

Judge Bowman, who authorized the warrant, said he could not talk about the case and referred me to his colleague Judge William Downing, who spoke about some of the underlying issues. "When we get into things like this," he said, "anonymizing stuff, that’s well over my head technologically, then it becomes very murky and hazy."

This post has been updated since its original publication.