Disclaimer: I’m not an expert on the Tor network, although I do know enough to be a somewhat-informed user. I believe that the technical assertions I make here are fully accurate, but I encourage feedback on those points.
This morning, I read a ProPublica article about the implementation of a Tor network relay at the Kilton Public Library in Lebanon, New Hampshire. According to the article, Kilton is the first public library in the United States to bring a Tor relay online, allowing “Tor users around the world to bounce their Internet traffic through the library, thus masking users’ locations” (Angwin, 2015).
Based on this article from the Library Freedom Project, I am led to believe that Kilton’s Tor relay was implemented as an exit relay[0]. Essentially, this would allow Internet users from around the world to have their Internet traffic appear to be originating from the Kilton Public Library. No matter that the user might be in Paris, Stockholm, Pittsburgh, or Sri Lanka, the traffic would exit the Tor network at the Kilton Public Library, which would then appear to be the source of the traffic. (See this EFF article about the parts of Tor networks, including browsers, entry guards, middle relays, exit relays, and bridges for a better understanding of what an exit relay does.)
A little context and background about me: I would like to see Tor browsers installed on every computer in every public library. A public library and its professional staff have, I believe, an ethical responsibility to protect the privacy of patron data, including a patron’s online activity. Facilitating obfuscated or hard-to-track browsing for its patrons is appropriate, and falls within the purview of a library’s service to its patrons. [1]
However, I think exit relays are an exceptionally bad idea for public libraries, and I would not support a Tor exit relay at my public library. There are several not-so-compelling reasons that I hold personally, but the one that I find most problematic is the use (and potentially high-volume use) of library resources (such as bandwidth) that have great potential to restrict the access to services for Kilton’s own patrons. While a library is, importantly, a hub of impartial, free information, a library’s first obligation is to its patrons. And while some librarians would like to think of every individual in the world as a potential patron, public libraries have a duty to their communities first. If a decision made by the library prioritizes the needs of non-patrons over the needs of patrons, then I believe it is a poor decision.
Traffic involving illegal activity that exits at Kilton’s relay has a high likelihood of exposing the library to government surveillance — even though that traffic had nothing to do with activities originating at Kilton. In fact, the Library Freedom Project capitulates: “exit operators might face the occasional DMCA notice or law enforcement officer inquiring about traffic on the node” (Macrina and Fatemi, 2015). If the FBI/NSA/insert-government-agency-here has evidence of criminal activity coming from a Kilton IP address, the first order of business is to investigate Kilton, its librarians, its patrons, and as much of the internet traffic originating from Kilton as it cares to. It puts the library on the government’s radar. It is also likely to result in other online services blacklisting or blocking traffic from Kilton, thereby unnecessarily restricting the activities of Kilton’s local patrons.
I do feel compelled to make another point. Nowhere in the articles I’ve seen about this issue have I read that Kilton is using Tor to support its own patrons’ privacy. (I may have missed this somewhere, and would appreciate clarification.) The Library Freedom Project does assert that Kilton’s IT infrastructure and patron-facing workstations are running Linux, rather than Windows or MacOS, which is great. But in a snapshot of one of the patron-facing workstations, it appears that use of a Tor browser is not available (at least not obviously).
A public library’s mission is first to support its patrons, as guided by its oversight body — whether that body comprises elected officials, a foundation, a private board, or something/someone else. I would delight in an initiative to provide Tor browsers to patrons, and perhaps even run bridges or middle relays through library network infrastructure, if the volume of traffic doesn’t come at significant expense to the library patrons and community (in terms of either performance cost, or dollars). Running a Tor exit node, on the other hand, does nothing to directly support Kilton’s patrons. Instead, it puts them at greater risk for government intervention.
Footnotes
[0] It remains unclear to me whether or not this node was actually an exit node before it was shut down. According to a July 2015 article in Ars Technica, the node rolled out as a relay node during the summer, but was slated to be converted to an exit node by September. Ultimately, I remain comfortable with my position on this point, as the Library Freedom Project’s stated goal is to bring Tor exit relays into libraries.
[1] Who a library’s patrons are is, perhaps, an important part of this conversation. In my opinion, the patrons of a public library are the people who are eligible, by geographic or associative relationship, to use the services of that library. So, a person who walks in off the street into the library building? Patron. Taxpayer in town with a library card? Patron. Person trying to route internet traffic through a random server to ensure privacy? Not a patron. Your opinion may vary.
Citations
Angwin, Julia. “First Library to Support Tor Anonymous Internet Browsing Effort Stops After DHS Email.” ProPublica: Journalism in the Public Interest. ProPublica, 10 Sept. 2015, 11:20 a.m. <https://www.propublica.org/article/library-support-anonymous-internet-browsing-effort-stops-after-dhs-email>.
Macrina, Alison, and Nima Fatemi. “Tor Exit Relays in Libraries: A New LFP Project.” Library Freedom Project. Library Freedom Project, 30 July 2015. Retrieved 10 Sept. 2015. <https://libraryfreedomproject.org/torexitpilotphase1/>.