Another interesting issue related to Tor is using its exit nodes for collecting evidence. There have been reports claiming that some governments have control over and are running the exit nodes themselves. While there is no concrete evidence to support the claim, the legal basis for such hypothetical surveillance should nevertheless be analyzed.
Despite the differences between legal systems in different countries, surveillance can be broadly divided into two categories: targeted surveillance (usually ‘interception’ or similar in national law) that is carried out by or under the authority of law enforcement and is subject to a distinct regulatory regime, and non-targeted surveillance (‘monitoring’ or ‘filtering’) that is carried out by the law enforcement or private entities as a more general security measure and is not governed ed by such clear set of rules. In both cases, the legal basis and specific conditions for authorizing interceptions must be outlined in domestic law and need to conform with Article 8 of the European Convention on Human Rights. Without authorization, statutory defense, or immunity from prosecution, these activities may be illegal, and the evidence gained inadmissible in court.
From the perspective of law enforcement, it would be difficult to determine that the data that needs to be intercepted would be going through a particular exit node because Tor changes its path on average every 10 minutes. It would, therefore, be challenging to determine the scope and details of the warrant needed for accessing such data. Therefore targeted surveillance would be difficult to carry out in practical implementation when running the Tor exit node. Should law enforcement monitor the data going through the exit nodes, or in any other way carrying out surveillance over Tor traffic, legal limits to surveillance need to be taken into account?
Unlike interception, traffic monitoring does not target specific individuals or data but rather more general types of undesirable content for overall ‘security purposes and may be effective only in certain environments. If such monitoring occurs, it needs to have a legal foundation and follow human rights law, especially because such monitoring would equally target users and their personal data whose activities are not illegal and do not threaten the ‘security in question. In the context of Tor, such monitoring may be useful for tracking down illegal content but tracing the initiator of the traffic or taking firm action against the source of the traffic is challenging if not impossible.
Besides the activities described above, law enforcement agencies may also be interested in Tor exit nodes when assuming that their IP addresses may be connected with malicious content or activities. Hence, Tor exit node operators may receive subpoenas or other information requests from law enforcement or any other entity that may not be aware that Tor exit node operators do not bear responsibility for the content running without having a legal precedent claiming otherwise through their node. The Tor project suggests ignoring such requests or making use of the pre-prepared response templates.