Dec 10 2012

Print this Post

tor and the UK data communications bill

As a Tor node operator, I have an interest in how the draft UK Data Communications Bill would affect me should it be passed into law. In particular, I would be worried if Tor ended up being treated as a “telecommunications operator” within the terms of the Act (should it become an Act).

Fortunately, Steven Murdoch, Tor’s Chief Research Officer believes that on the evidence to date, that is not likely because the nodes which carry data are not run by the Tor Project itself, rather they are run by volunteers (i.e. people like me). He records in a blog entry the evidence he submitted on the Tor project’s behalf to the Joint Parliamentary Select Committee (JPSC) on the Draft Data Communications Bill. In that blog post, Steven also points to the transcript of the session (PDF file) at which he gave oral evidence to that committee. It makes for interesting reading (and not just for Steven’s comments. I was intrigued by some of the evidence offered by representatives from Facebook, Twitter and Skype/Microsoft).

When asked specifically by committee member Dr Julian Huppert what the consequences of the Bill would be for Tor, Steven said:

In some sense that is difficult to say, because the Bill does not go into very much detail. The Tor Project or architecture is very different from these other systems. We do not process the communications of the users. People who use the Tor network download the software from us, but their communications go over servers that are operated by volunteers to which we do not have access. Because we have designed the system to have privacy from the start, we would not technically be able to hand over any communications data, regardless of whether we were ordered to do so. Whether we fall under the legislation at all is an open question, and we have not had any guidance as to what they believe. If we did, we would have to substantially change the architecture of Tor, and basically rewrite it from scratch, (my emphasis) before we could do anything useful to provide communications data. Long before that happened, our funders would pull out and the users would pull out and the project would effectively cease.

Moreover, when questioned later by another member, Lord Strasburger, for clarification about Tor’s capability to pass meaningful information to UK LEAs following a request, he went on to say:

under the current design we do not have access to those data. We would have to build something different from the beginning before we could be in a position to collect any of them.

Steven clearly believes that the JPSC understands some of the difficulties inherent in the Bill as currently drafted. He concludes in his blog article:

Based on the discussions which have taken place, it appears that the committee has serious reservations about the bill but we will not know for sure until the committee publishes their report.

According to the Parliamentary website, the Committee has agreed its report and it is currently being prepared for publication.

Permanent link to this article: http://baldric.net/2012/12/10/tor-and-the-uk-data-communications-bill/