Today, Tor is a common tool for national law enforcement. The Tor project summarises three main activities for law enforcement’s use:
- ‘Online surveillance: Tor allows officials to surf questionable websites and services without leaving tell-tale tracks. If the system administrator of an illegal gambling site, for example, were to see multiple connections from government or law enforcement IP addresses in usage logs, investigations may be hampered.
- Sting operations: Similarly, anonymity allows law officers to engage in online “undercover” operations. Regardless of how good an undercover officer’s “street cred” may be, if the communications include IP ranges from police addresses, the cover is blown.
- Truly anonymous tip lines: While online anonymous tip lines are popular, they are far less useful without anonymity software. Sophisticated sources understand that although a name or email address is not attached to information, server logs can quickly identify them. As a result, tip line websites that do not encourage anonymity are limiting the sources of their tips.’
In addition, Tor is used as an environment for general investigation, intelligence collection, and infiltration, such as can be seen in the recent takedown of Silk Road 2.0 that operated on the Tor network.
National law enforcement and their use of Tor raises several interesting legal issues such as whether there are any limitations for law enforcement for using Tor for collecting evidence, and, if we consider the information available via Tor or within Tor as publicly available data, whether there are any restrictions for law enforcement in processing them.
The legal boundaries for law enforcement are generally being set in national law can differ greatly from one country to another. This is especially true in collecting digital evidence that raises challenges for domestic procedural law. The use of Tor for collecting evidence may touch upon many of these challenges. For example, in some legal systems, the fact that the agency using Tor for collecting evidence is anonymized may raise concerns regarding ‘deception’ in criminal procedure or otherwise hinder the use of such evidence in court.
Since Tor is to be viewed in the context of criminal procedure as any other source for Open Source Intelligence (OSINT), it must also be verified whether there are concerns related to the possible processing of personal data. Even though Tor is used to anonymize its users, their IP addresses are veiled behind the known addresses of exit nodes. Therefore the users’ personal data should not be available at all, and this does not preclude the presence of personal data in the databases exhibited as part of Tor’s hidden services such as names, addresses, phone numbers, credit card data, personal security numbers, such that are exhibited in a Tor hidden service called Doxbin.