First Library To Offer Anonymous Web Browsing Stops Under DHS Pressure

First Library to Offer Anonymous Web Browsing Stops Under DHS Pressure

A library in a small New Hampshire town started to help Internet users around the world surf anonymously using Tor. Until the US' Department of Homeland Security raised a red flag.

Since Edward Snowden exposed the extent of online surveillance by the U.S. government, there has been a surge of initiatives to protect users' privacy.

But it hasn't taken long for one of these efforts -- a project to equip local libraries with technology supporting anonymous Internet surfing -- to run up against opposition from law enforcement.

In July, the Kilton Public Library in Lebanon, New Hampshire, was the first library in the country to become part of the anonymous Web surfing service Tor. The library allowed Tor users around the world to bounce their Internet traffic through the library, thus masking users' locations.

Soon after state authorities received an email about it from an agent at the Department of Homeland Security.

"The Department of Homeland Security got in touch with our Police Department," said Sean Fleming, the library director of the Lebanon Public Libraries.

After a meeting at which local police and city officials discussed how Tor could be exploited by criminals, the library pulled the plug on the project.

"Right now we're on pause," said Fleming. "We really weren't anticipating that there would be any controversy at all."

He said that the library board of trustees will vote on whether to turn the service back on at its meeting on Sept. 15.

Used in repressive regimes by dissidents and journalists, Tor is considered a crucial tool for freedom of expression and counts the State Department among its top donors. But Tor has been a thorn in the side of law enforcement; National Security Agency documents made public by Snowden have revealed the agency's frustration that it could only identify a "very small fraction" of Tor users.

The idea to install Tor services in libraries emerged from Boston librarian Alison Macrina's Library Freedom Project, which aims to teach libraries how to "protect patrons' rights to explore new ideas, no matter how controversial or subversive, unfettered by the pernicious effects of online surveillance." (The Library Freedom Project is funded by Knight Foundation, which also provides funding to ProPublica.)

After Macrina conducted a privacy training session at the Kilton library in May, she talked to the librarian about also setting up a Tor relay, the mechanism by which users across the Internet can hide their identity.

The library board of trustees unanimously approved the plan at its meeting in June, and the relay was set up in July. But after ArsTechnica wrote about the pilot project and Macrina's plan to install Tor relays in libraries across the nation, law enforcement got involved.

A special agent in a Boston DHS office forwarded the article to the New Hampshire police, who forwarded it to a sergeant at the Lebanon Police Department.

DHS spokesman Shawn Neudauer said the agent was simply providing "visibility/situational awareness," and did not have any direct contact with the Lebanon police or library. "The use of a Tor browser is not, in [or] of itself, illegal and there are legitimate purposes for its use," Neudauer said, "However, the protections that Tor offers can be attractive to criminal enterprises or actors and HSI [Homeland Security Investigations] will continue to pursue those individuals who seek to use the anonymizing technology to further their illicit activity."

When the DHS inquiry was brought to his attention, Lt. Matthew Isham of the Lebanon Police Department was concerned. "For all the good that a Tor may allow as far as speech, there is also the criminal side that would take advantage of that as well," Isham said. "We felt we needed to make the city aware of it."

Deputy City Manager Paula Maville said that when she learned about Tor at the meeting with the police and the librarians, she was concerned about the service's association with criminal activities such as pornography and drug trafficking. "That is a concern from a public relations perspective and we wanted to get those concerns on the table," she said.

Faced with police and city concerns, library director Fleming agreed to turn off the Tor relay temporarily until the board could reconsider. "We need to find out what the community thinks," he said. "The only groups that have been represented so far are the Police Department and City Hall."

Fleming said that he is now realising the downside of being the first test site for the Tor initiative.

"There are other libraries that I've heard that are interested in participating but nobody else wanted to be first," he said. "We're lonesome right now."

This article first appeared on ProPublica and is republished here under Creative Commons licence.

Image by telmo32 under Creative Commons licence.



    I hope they alert the DMV that cars can be used as getaway vehicles or in hit and run incidents. I mean, for all the good that comes from car use, there is always going to be that criminal element.

      Faulty comparison. Cars have registration leading to people being able to be identified. If the car is stolen and used by someone else, then that's different but that would be tantamount to someone jumping on anothers laptop or computer while they're in said library.

      As it is, if you're using a network in a place like this, it's good to be identified to some degree, you're in a public space, you want to be able to see who's at least using what and when. There's more than enough precedents these days to give rise to the need to have some sort of marker of identification for people using the internet from a network at least if the law needs to get involved.

        I was comparing the "can be used for good and evil" part which can be applied to just about everything.

        Was it the fact that they were a relay or the fact that they had Tor browsing, it was never made clear. Either way, I can do both of these from home.

          Absolutely but the issue comes that one has an inherently built in identification system that is kinda mandatory while the other is, at this point 'optional'. If they were on an even playing field as such it'd be a far better one, but I do get the comparison. I can see the logic though behind making it all identifiable, if the place sets up an anonymous network and it's proven somehow that bad things happen from there due to their supplying anonymity (threats, DDOS attacks that affect governmental departments etc) then there's every single chance they've just opened themselves up for a world of legal pain.

            If they were able to track it. Which would depend on how it was tracked at the other end (log onto PC or whatever). Also, if the idiot of going on FB at the same time, easy to track. Pretty sure that's how the Dread Pirate Roberts was caught - doing little tell tale things over TOR.

            Wonder if libraries have any sort of protection under law like ISP's.

              I would be very surprised if they do. As they're loaning out their own personal network for use. At least, the part I'd say would be accountable is if they're purposely supplying an anonymous network rather than an open, identifiable one.

              But, we all know they can track it! I saw it on CSI Cyber! LOL! *groan* That show is so goddamn bad... it was like gouging my eyes out.

              Mr Robot on the other hand was stunningly good.

                I haven't even watched CSI Cyber. I heard about it and cringed. I get computer stuff being simplified for the sake of driving the story but if the show is about it....,

                Mr Robot - heard the name once before. Just checked out a trailer and it looks pretty good. Where to you watch that? Torrent?

         was where I last watched it. Fantastic show, was never a hacker or even close to, but I spotted a few things in there that were very familiar with things I've seen in real life having worked in IT. So they're definitely utilising tech experts with actual knowledge rather than people who want to make shit look fancy and utilise GUI's *wank wank wank*.


    Not a huge fan of this turn of events, but at least it's been a polite cough and throat-clear from Big Brother and not a bone-breaking stomp of the jackboots like I'd have expected. Possibly due to it being illegal to actually ban the library's program...? Seems like that freedom of speech thing might be getting in the way, given how they referred to it.

    Either way, I hope the library goes ahead despite the concerns about criminal use. That is and always HAS been the drawback behind privacy: people could be using that privacy to commit crimes.

    You'd certainly catch a lot more crime if surveillance was installed in all our homes - it'd be a surefire way to eliminate domestic violence, for example. But for some reason we have privacy there.

    How we think about the 'reasonable expectation of privacy' is pretty muddy and probably needs some firming up. You can have a conversation in your car on the street (with the windows up) and have an expectation of privacy for that, but you can't jerk off in your car - that's public... right? But my understanding is that the conversation's protected... even if you were having a conversation about something illegal like hiring a hitman. I think something very similar should be in place for internet use in a library.

    A library might be a public space, and the session might be public, but does that make the email you type up public? Your internet banking details? There's a reasonable expectation of privacy there. A screen's a small space, font can be small, windows small, and stalls have partitions for privacy... the realistic 'public' exposure shrinks and shrinks depending on the setting. IP addresses and browsing history... public? Or should the library provide the facility for that to be private too? I think it should.

    Last edited 14/09/15 11:46 am

Join the discussion!