In July, the Kilton Public Library in New Hampshire partnered with the Library Freedom Project (LFP), to become the first library in the country to run a server connecting to Tor, an online network that allows users to browse the internet anonymously. But in August, the Department of Homeland Security got in touch with local police, who contacted the library about shutting down its relay. The library complied, for a time. Then, on Monday night, groups like the EFF, the American Library Association and local Tor supporters appealed to the library's board of trustees, and got them to reinstate the library's Tor relay node. Now Kilton is planning an even more important — and riskier — role in the Tor network, and other libraries may follow suit.
Kilton will soon connect to the Tor network with what is known as an exit node. Previously it connected as a "middle relay," which only bounces information between different nodes within Tor. Exit relays send traffic from the secure Tor network onto the wider internet, making them significantly more valuable. Every Tor session needs an exit relay, and there are only about 1,000 exit relays currently available, making Kilton's efforts important to Tor users.
Libraries have a history of publicly standing up for privacy
Libraries have a history of publicly standing up for privacy, so ideologically, it makes sense that Kilton is fighting to run Tor. According to Alison Macrina, director of the Library Freedom Project, the fact that so many people spoke up against the notice speaks to a changing climate around privacy, free speech, and surveillance. "It wasn't only a win for global internet freedom, it was an incredible display of community involvement," she says. "People showed up with signs that said ‘Down with big brother.' This is exactly what libraries do, this is our charge."
It's entirely legal to use Tor or run Tor servers, but because traffic from an exit node can be traced back to it, the Tor Project recommends you don't run one from your home, or on your home internet connection. But libraries are protected from legal threats by safe harbor provisions. As the Library Freedom Project explains, libraries already provide internet services to the public, so they cannot necessarily be held responsible for what goes on through their computers. When the story about Kilton first came to light, a DHS spokesperson told ProPublica that "the protections that Tor offers can be attractive to criminal enterprises or actors, and HSI [Homeland Security Investigations] will continue to pursue those individuals who seek to use the anonymizing technology to further their illicit activity."
"This is exactly what libraries do, this is our charge."
To the library's director, Sean Fleming, that the DHS would hold the library responsible for any "illicit activity" was a surprise. The library previously had an incident where someone sent inappropriate emails from its computers, Fleming says. "He was sending inappropriate emails to underage girls, and he was arrested, but nobody said 'you should turn off your internet.'"
After the confrontation with DHS, more libraries may follow Kilton's lead. Macrina says that Kilton wasn't the only library that expressed interest when the Library Freedom first launched the Tor node project, but following the DHS notice, they've heard from about a dozen libraries wanting to implement Tor relays. "The only reason Kilton was alone was that we needed a pilot," she says. "Now we're just waiting for more libraries to pour in and join us."