Anonymity in File Sharing Networks – Protection for criminals and human right workers alike

(IPRinfo 2/2009)

Herkko Hietanen
Researcher, Helsinki Institute for Information Technology HIIT

While rights owners are hitting file sharers hard with law suits, the file sharing technology is evolving. One example is the Tor project.

Project Tor has been developing free software that helps provide anonymity for Internet users. The Tor software routes user traffic to an indirect route through a set of server nodes positioned around the world.

The Tor nodes are maintained by volunteers to provide anonymous P2P routing. Each node is only aware of the next node in the routing chain and has no knowledge of whose or what traffic they relay as the packages are encrypted. Tor architecture makes traffic analyzing extremely hard as the relay nodes do not store traffic logs.

Targeting the relay operators
There are two sorts of Tor nodes. Relay nodes relay encrypted traffic from one node to another. Exit nodes make the requests to the servers to get files.

If the law enforcement authorities are monitoring the server traffic, it may look as if the exit node was the user requesting the illegal files. This could make the node operator a target of criminal investigation if the requested material is for example child pornography or copyrighted work.

While anonymity services provide a way for criminals to hide their trails they also enable the citizens of repressive regimes, human right workers, journalists and regular people a way to communicate securely without the risk of being monitored. So there is a relevant legal reason to run the relay nodes.

It is, however, impossible to sort illegal traffic from legal. An operator of Tor relay typically has no knowledge of illegal activity done through the node. Criminal liability usually requires either negligence or criminal intent.

Finnish and German police have confiscated the computers of exit node operators. The confiscations have been part of child pornography and terrorism investigations. None of the node operators have been prosecuted and the computers have been eventually returned and no charges have been pressed.

Online enforcement will become harder
Also, technology on file sharing networks is developing group sharing features that resemble of the Tor network. Users may choose to participate into a group that downloads anonymously from other groups.

The new architectures provide faster downloads and anonymity. Finding the person who has initiated download will be even harder in the future. For now, courts have seen that blaming the man in the middle is not the solution.

It looks that file sharing enforcement might become even harder. There is also a question of who is liable for the damages for criminal investigation. One morning a policeman might kick a door in and confiscate a computer of a user who has been part of a knitting club file sharing ring. It remains to be seen who will pay for the damages.

See also:
Alexander Janssen’s blog site, September 16, 2007 ”Tor madness reloaded”

MUTE File Sharing and OneSwarm are examples of an anonymous peer-to-peer network that provides search-and-download functionality while also protecting the user’s privacy by avoiding direct connections betweeen sharing partners in the network.