In some parts of the world, running a Tor node—a computer that makes up part of the dark web’s backbone—can make you a target for law enforcement. This is because traffic routed through a node could just as easily come from journalists, activists, or drug-slinging criminals, and there’s often no way to trace illegal activity beyond an exit node.
In Canada, however, running a Tor exit node out of your own home is essentially uncharted water, legally speaking. Should Canadian Tor node operators be worried about getting a knock on the door from the police?
“It’s not well understood or well defined,” said David Fraser, a lawyer specializing in internet law and partner at law firm McInnes Cooper, told me over the phone. “But if someone were to come to me and say, ‘I want to run an industrial-scale exit node,’ or if a library came to me and said the same thing, among the things I would tell them is that it’s not going to be smooth sailing.”
The problem is that the dark web isn’t just for humanitarians, of course, and child pornography and drugs are trafficked on the Tor network as well. In the US, the FBI has raided the homes of people operating exit nodes—computers through which encrypted, anonymous Tor traffic is finally routed back into the wider web—and the Department of Homeland Security isn’t above bullying libraries into shutting down their own nodes.
Nevertheless, although still a potentially risky proposition, civil rights groups such as the Electronic Frontier Foundation insist that running a Tor exit node in the US is totally legal.
Kate Kraus, a Tor Project spokesperson, told me that people have been running nodes in Canada for years, and a search on the Tor Project’s compass web service reveals that there are 29 exit nodes currently running in Canada. One of those nodes is operated out of the University of Waterloo by Ian Goldberg, a cryptography researcher and lead developer of the OTR protocol for encrypted messaging.
Goldberg says he configures his node so that it doesn’t connect to certain ports that might be used for shady business like executing DDoS attacks. Even so, he occasionally receives letters of complaint, often having to do with intrusion detection systems that have picked up some suspicious traffic passing through his node, but never from the cops.
“What I do is just explain what the purpose of Tor is,” Goldberg said. “I say, yes, people do bad things with Tor, but generally the people who do bad things on the internet have lots of ways to do them, What Tor does is allow the people who do not want to do bad things—who are not going to use a botnet or compromise others’ computers—it allows them to have privacy online.”
Goldberg told me he’s not worried about facing legal repercussions, but Toronto police spokesperson Allyson Douglas-Cook told me, after consulting with the cyber crime division, that the Toronto police have investigated Tor exit node operators in the past. Although she would not share specific details of the cases, Douglas-Cook said the police are chiefly interested in cases involving child pornography and ransom.
While the EFF and ACLU in the US are vocal in their support for Tor operators, there aren’t as many groups in Canada taking it up as an issue, and certainly not at the same scale. Tor is not openly discussed by law enforcement or civil liberties organizations north of the border, and when I emailed the Canadian Civil Liberties Association for comment, I was told they had “nothing” to add.
Without a strong human rights body to support the people who may be risking jail to operate a node on the Tor network, small internet service providers have picked up the slack. Ontario-based independent company Teksavvy, for example, is decidedly Tor-friendly.
“It’s not illegal to run a Tor exit node,” said Bram Abramson, chief legal and regulatory officer at Teksavvy. “It’s not illegal to allow people to do things anonymously as a general principle. A lot of it has to do with how you’re using it and positioning it, and how much you know about who’s using it.”
Service providers like Teksavvy in Canada are important for operators to keep running their nodes without interruption; when an ISP doesn’t quite understand what Tor is or what it’s used for besides illegal activity, providers may shut down a node automatically. The Tor Project recommends that node operators tell their ISP they are running a node so they can have some support.
“The majority of our exits that have been shut down are not in Canada,” Jeremy Hiebert, a member of privacy advocacy group Coldhak, which operates several Tor nodes, wrote me in an email. “In Canada we have been able to position ourselves with small ISPs who understand what Tor is and what it does for humanity.”
For now, at least, it seems like being a Tor exit node operator in Canada is all clear skies and smooth seas, save for the occasional letter of complaint. At least, that’s how the node operators I spoke to saw it.
But without clear protections for node operators when it comes to things like copyright—there’s no Canadian equivalent for the “safe harbor” provision in the US’s Digital Millennium Copyright Act, Fraser said, although a 2004 supreme court decision could be interpreted as such—and considering that the cops are keeping a close eye on Tor, it may only be a matter of time before Canadian node operators face scrutiny similar to those abroad.