> It is clear that the court does not understand how the Tor network works. The entire purpose of the network is to enable users to communicate privately and securely.
Tor does not actually hide your IP address from the public Internet. Someone technically ignorant might believe that (in which case, his expectation of privacy is based on a false assumption and is thus objectively unreasonable), but that's not the guarantee Tor provides. What onion routing does is ensure that someone sitting in the middle cannot identify both the source and destination of a packet.
But the legally relevant technical question is not whether someone can track the packet from the source to the destination. It's whether the user's IP address has been revealed to the public. That's necessarily the case even when communicating over Tor; that's just how the Internet works.
> But the legally relevant technical question is not whether someone can track the packet from the source to the destination. It's whether the user's IP address has been revealed to the public. That's necessarily the case even when communicating over Tor; that's just how the Internet works.
But you're only getting there with some kind of unusual globally omniscient consolidated definition of "the user's IP address" where because one member of the public knows the user but not the IP address (exit node) and a different member of the public knows the IP address but not the user (entry node) then "the public" knows the user's IP address, even though under expected operation there is no member of the public that actually knows the user's IP address.
By this logic "the public" knows the identity of every pseudonymous author because some members of the public know the pseudonymous work and different members of the public know the author in person, even if not one member of the public actually knows who writes under that pseudonym.
> I think you'd be hard pressed to argue that you have a 4th amendment right not to have the government link your pseudonym to your real name.
I would argue that it shouldn't be content-based. It isn't a matter of whether the information they want is the human corresponding to that pseudonym, it's a matter of whether you had a reasonable expectation of privacy in that information, which depends not on what the information is but on what you did to protect your privacy.
If you make a public statement under your pseudonym that identifies you then you don't have a reasonable expectation of privacy in that information. But if you take reasonable steps not to link yourself to your pseudonym, why should the government be completely unrestricted in how it obtains that information without a warrant, no matter how underhandedly or unexpectedly they behave?
The alternative is essentially an unwarranted expansion of the third party doctrine: Instead of saying that if a third party does know something the government can get it, it's saying the government can get anything a third party could know even if they wouldn't normally be expected to observe or record it -- or even if they implicitly or explicitly agreed that they wouldn't.
What does implementation details have to do with expectations? You can't just say the general public's expectations don't matter because they don't understand the implications of network routing.
Do Tor users expect their communications to be private? I think the answer is obviously yes.
Then why bother setting up any encryption at all? Why not just call the Internet an "anonymous network" and be done with it?
It's clear there is some difference between "expectation" and "informed expectation." If there were no distinction, then claiming you expected privacy in any situation would be legally sufficient to eliminate evidence collected while "violating" your expectation.
Because the law's notion of expectation of privacy is based off of the concrete reality of the tool, not of the abstract wish.
If you're a well informed Tor user, you would not expect coverage from the classes of attacks described. The Tor project itself specifically said that Tor does not defend against things like state actors.
This statement is pretty confusing to me. It seems that they're attempting to use the _legal_ phrase "reasonable expectation of privacy" in a decidedly non-legal sense. The term is in fact a legal one (see here [1] for a definition, or just google the term), and after reading through the definition, I find it hard for anyone to argue that they _should_ have a "reasonable expectation of privacy" when using _any_ public network. Sure, Tor users are using the network because it provides anonymity, but anonymity and "expectation of privacy" are two very distinct concepts. Tor allows them to PUBLICLY communicate ANONYMOUSLY. You can have an anonymous communication without any expectation of privacy, the same way you can have privacy without anonymity.
Note that I am not a lawyer and am making assumptions and inferences about legal matters based on internet searches. YMMV.
The discussion in your link specifically says it does not apply to "searches by persons acting on behalf of a city, state, or federal government.". It links to this discussion of Fourth Amendment rights which seems more applicable to the case here:
>The Supreme Court has explained that what "a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection ... " But what he seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected (see Katz v. United States, 389 U.S. 347 [1967]).
> anonymity and "expectation of privacy" are two very distinct concepts
Can you elaborate on that? I don't think I understand the point you're trying to make. One can construct a semantic distinction, but it doesn't seem relevant here.
Clearly, Tor users are using Tor because they believe the copious online content describing it as either or both of "private" and "anonymous". To argue that their "expectation of {privacy|anonymity}" is "unreasonable" seems to strain logic by any definition, be it "legal" or not.
The distinction is that one has a clear legal definition in a court of law and one does not. The judge in this case has examined the case and found that Tor users do not have the legal right to having any expectation of privacy. The fact that we use the term anonymous as a synonym for privacy in some cases has no bearing on the judges ruling.
It's important to note that the expectation of privacy discussed here means something different than when it's used in connection with searches by persons acting on behalf of a city, state, or federal government.
So how is it relevant? They clearly say the definition discussed is between private individuals, not the state and individuals.
A few years ago this kinda bugged me. Now I am beginning to seriously wonder how judges can still get away with this. If you have no clue what you are judging, how can you do your very important job at all? Your vital role in society? When is some high ranking dude in the government going to recognize it and think of something to get them the hell out of making incorrect judgements?
"No reasonable expectation of privacy in the Tor network"? That's like saying warrantless searches are legal because your house has windows, thus giving you no privacy either.
While I agree with you on principle, legally, the boundaries of the 4th amendment's "Reasonable expectation of privacy" end the moment you give your data to a third party. In Tor's case, you give your data to the Tor nodes (third parties). The 4th amendment unfortunately doesn't apply, the precedent here is rock-solid.
If you put a safe in a storage locker, the police could gain access to the safe and crack it by serving a search warrant on the storage facility, without ever notifying you -- and in fact they could get a companion gag order to prevent the storage facility from telling you or anyone else that they had done so.
If the service were willing, the police could even gain access by just asking. In that case, you might have a legal claim against the service, but not against the cops.
That's probably the best analogy to data in cloud services.
Courts have the ability to appoint a special master to help with things like this. And interested parties -- such as Tor -- can usually file briefs with the court to introduce legally relevant information. But I'm not sure that's enough.
Often the law is not intuitive. Just because a ruling may seem wrong based on a blog post, doesn't mean the judge is inept as his job (although that's certainly a possibility)
The order demonstrates a perfectly adequate understanding of the technology: https://motherboard.vice.com/read/carnegie-mellon-university....
Tor does not actually hide your IP address from the public Internet. Someone technically ignorant might believe that (in which case, his expectation of privacy is based on a false assumption and is thus objectively unreasonable), but that's not the guarantee Tor provides. What onion routing does is ensure that someone sitting in the middle cannot identify both the source and destination of a packet.
But the legally relevant technical question is not whether someone can track the packet from the source to the destination. It's whether the user's IP address has been revealed to the public. That's necessarily the case even when communicating over Tor; that's just how the Internet works.