This is the third in a series of blog articles relating to the topics to be discussed at the 30th Annual Media and the Law Seminar in Kansas City, Missouri on May 4-5, 2017. Blaine C. Kimrey and Bryan K. Clark of Vedder Price are on the planning committee for the conference. In this article, we discuss the Tor Browser and its relationship to privacy laws. Tor’s impact on anonymous speech and the tension between First Amendment rights and online threats to reputation, privacy and public safety will be among the topics discussed at the 2017 seminar.
Even among somewhat sophisticated privacy professionals and lawyers, the Tor Browser is sometimes a bit of a mystery. What is Tor, is it even legal, and, if so, what are the pros and cons associated with Tor? At a fundamental level, Tor is actually quite simple—Tor protects the privacy of its users by spreading communications across of a series of servers around the world to make it difficult to determine who or where the individual user is. Tor is a volunteer operation and it is available to anyone willing and able to download the free software from Tor’s Web site.
In some circles, using Tor has taken on a negative connotation because (not surprisingly) individuals engaged in nefarious activities online have turned to Tor as a way to mask their identities. But there is nothing per se illegal about using Tor, and it can be a legitimate way to avoid unwanted digital tracking from corporations and circumvent censorship in countries under the thumb of oppressive regimes. In fact, the U.S. State Department has contributed millions of dollars over the years to help with the development of Tor in the interest of encouraging free speech in other countries.
Of course, the U.S. government also has a strong desire to be able to pierce through the anonymity of Tor when it suits the government’s objectives — the NSA has been battling with Tor developers for years to gain the upper hand in cracking anonymity, and information originally revealed by Edward Snowden allegedly shows that an NSA surveillance program may track anyone who has ever used Tor.
So what happens when law enforcement officials with legitimate motives — for example, pursuing child pornographers — are stymied by this sort of technology? According to a report earlier this week in the ABA Journal, innocent people may be caught in the crossfire of a digital war, often with no idea what is going on. The ABA Journal article provides examples of police executing search warrants and attempting to make arrests based on IP address information that turned out to be inaccurate. In an effort to prevent these sorts of situations, Tor has created ExoneraTor, which can be used to see if an IP address on a certain day was used as an exit relay. According to Tor, “if you see traffic from a Tor relay, this traffic usually originates from someone using Tor, rather than from the relay operator.” But for this to be effective, law enforcement has to realize that lead is a dead end — and as the ABA Journal article correctly observes, it is unreasonable to expect police officers nationwide to have this level of technical knowledge, particularly when some in the privacy community are still behind the curve.
Tor can lead to a spirited debate on many different fronts, but the one thing that seems beyond dispute is that Tor and other tools like it are not going anywhere. It is therefore critical that privacy lawyers and other privacy professionals develop a strong working understanding of Tor so that they can properly advise their clients.