must read Windows 10 1809's new rollout: Mapped drives broken, AMD issues, Trend Micro clash

German police raid homes of Tor-linked group's board members

One board member described the police's justification for the raids as a "tenuous" link between the privacy group, a blog, and its email address.

Undated file photo of Staatsschutz on a raid in Germany. (Image: file photo)

In the early morning on June 20, German security services raided the homes of several board members of Zwiebelfreunde, a non-profit group that helps to support privacy and anonymity projects.

Moritz Bartl in Augsburg, Jens Kubieziel in Jena, and Juris Vetra in Berlin were raided, as was the home of a former board member who still had access to the board's bank accounts.

The former board member arrived home from a business trip to find his locks had been changed, and was told to collect his new keys from the police department.

The coordinated raids took place after Krawalltouristen, a left-wing blog which translates to "riot tourists," had called for protest action around the annual convention of the right-wing Alternative for Germany (AfD) party, the largest opposition party in the German parliament.

Law enforcement believed that the protest could be violent, according to Bartl.

The raids were the latest in a series of intrusions by law enforcement into a community built around protecting its privacy, which is not only likely to drive a greater wedge between the privacy conscious and the authorities, but may result in a chilling effect on those whose identities were compromised.

Police obtained a warrant to seize communications from Zwiebelfreunde relating to the blog and the email address hosted by Riseup, a privacy-focused email service.

Zwiebelfreunde, an organization under Torservers.net -- a network of organizations that run high bandwidth services for the Tor anonymity network -- handles European bank donations for Riseup, which the collective uses to pay for Tor exit infrastructure and software development, but not email infrastructure.

Police did not comment to Der Spiegel, which was first with the news.

Bartl said the police justified the raids over a tenuous link between Zwiebelfreunde, Riseup, and the blog. He says that the only other "connection" is that he lives in the city where the convention took place.

"We have nothing to do with the blog they were after," said Bartl. "We don't have anything to do with Riseup's email infrastructure."

The material seized includes bank statements, donor information from Zwiebelfreunde's inception in 2011 that it painstakingly documented on paper receipts, and the identities of people active in partner projects like Tor, and Tails, the privacy-focused operating system.

Because the Tails project tries hard to protect the identities of its members, Zwiebelfreunde kept information out of any electronic documentation. But, under pressure from tax authorities, the organization had compiled paper receipts with names and passport numbers of those the project had reimbursed.

Bartl said those records have been compromised, putting the identities of those involved at risk.

"There's a long history of police using that kind of data to investigate social structures; who's working where, who's involved in which projects, so we have to assume that they are looking into the social networks of people," said Bartl.

The board members published a statement Wednesday explaining what data was seized.

Based on his interaction with the police officers who raided his home, Bartl believed that the police knew that Zweibelfreunde was not affiliated with Riseup's infrastructure, and that Riseup had nothing to do with the blog. The police did not ask the Seattle-based Riseup for information or attempt to seize its equipment, he said.

Bartl said that no Tor infrastructure was compromised, because electronic storage equipment seized was encrypted, and because it's highly unlikely that police will be able to crack the smartcards.

"We consider our email infrastructure, our web infrastructure, and the Tor relays that we run still safe," said Bartl. Out of an abundance of caution, the organization revoked its PGP key and will be replacing keys and passphrases over time.

That said, the coordinated raids had other repercussions. In addition to searching people's homes, the police spent eight hours collecting information from Zweibelfreunde's registered address -- a lawyer's office -- seizing all of Zwiebelfreunde's electronic communications. Police had another warrant to search the law office itself, even though it only handled Zweibelfreunde's postal mail and did not represent the organization.

"They just had a slim folder and a bunch of emails," Bartl said, unclear as to why police spent eight hours there.

Because this affected their reputation, the law office told Bartl's lawyer that it'd like the organization to find a new registered office to partner with. If Zwiebelfreunde can't find a different registered office and mail forwarding location in Dresden, it may have to switch to a different tax authority, although they have a good relationship with the tax authority in Dresden.

"We're trying to find a similar arrangement, but it's possible nobody will want us," Bartl said.

Some documents police requested were held in a safe in other locations rather than in board members' homes.

Vetra led police to pick up documents at a hackerspace in Berlin, and Bartl took them to OpenLab, a hackerspace in Augsburg, to collect information he did not have in his home. This led to another raid.

"At the beginning, they agreed that I can show them my box of stuff, and that they will take stuff from my box only and not really dig deeper and look around in the space, but then they saw this chemical formula on the whiteboard, and this triggered a more thorough investigation into the hackerspace," Bartl said.

The police arrested Bartl and two others also at the OpenLab under suspicion of planning an assassination after misinterpreting the contents on a whiteboard, said Bartl. Police searched their belongings, confiscated their devices, and held them in cells for four hours while officers searched the hackerspace.

They were later released without charge.

Bartl said the police seized electronic equipment and paperwork far beyond the scope of the original warrants.

"It basically states that [the police] have authority to seize all communications that relates to Riseup or the Krawalltouristen, and bank statements from that account starting January," he explained.

"It's also very likely that some of our projects will decide to move away, similar to the lawyer's office, since they got caught in an unrelated activity from an unrelated project," he said. "They will have to think hard about whether they want to continue this relationship with us."

Bartl said police also seized unrelated equipment from his wife, including an unencrypted Android tablet with personal photographs and emails, and an external hard drive storing photographs. He said that police also took data relating to his unrelated work as board president of the Renewable Freedom Foundation, and the executive director of its subsidiary company, Center for the Cultivation of Technology.

"I told them very explicitly that this phone belongs to the company, that this USB stick belongs to the company, and they still took it," he said.

After the raids, Bartl was forced to take a break from work. He said that he assumes, given his work on digital rights issues, that he may be under surveillance. Bartl also expressed concern that future donors may also face scrutiny, financially hurting the group's projects.

"I fear that people will be very reluctant to donate," he said.

In the meantime, Zwiebelfreunde and its board members -- Jens, Juris, and Bartl -- said they are looking to launch legal action against the police for exceeding its authority in the raids, and will seek to have their confiscated equipment returned.

"They overreached quite a bit in our eyes because the warrant specifically states that they can take any communication that is in relationship to either Riseup or this blog, and it also states that they can only take stuff [from] this year, but in fact they did since the inception of the association," said Bartl.

"This is something that we will fight legally," he said.

Visit ZDNET