Talking to German police in Stuttgart
In early January after 24C3, I travelled to Stuttgart to meet with the police there. I spoke to about 30 or 40 investigators. My goal wasn't to advocate for any particular laws or policies (that's up to them, after all), but rather to help give them background so they can make more informed decisions: explain who uses Tor and how it works, and try to answer any questions that come up. In particular, my goals were to open a discussion about the data retention laws, and also brainstorm how German Tor operators and German law enforcement can get along better.
It turns out that the fellow who did the September 2006 seizures was part of this group, and he was very interested to talk to me and learn more about Tor.
They explained that the data retention laws *they'd* asked for were basically that large ISPs should be required to answer them when they ask who had a given IP address at a given time (data the ISPs already keep for the most part), and as a bonus, it would be nice if they paid somebody to answer the requests on weekends too. The law that they got was way more than that, and they don't need or want most of it.
I tried to get them to be more public about the fact that they don't need most of the law they got, but they explained that there was a process, and their role was to tell the authorities what new powers they need. Now it's up to other folks (like the CCC) to make sure that the final version of the law isn't too bad.
And I can understand why they're reluctant to speak against it. First, there are probably political problems with publically disagreeing with the folks in charge. And second, they really do want the powers they asked for, and they worry that if they speak up then the whole thing might be killed.
Overall, they were nice and reasonable people. We left with three takeaway plans:
1) Tor should expand its exitlist.torproject.org system so there's an interface for asking "was this IP address a Tor exit relay in the past few months?" The goal is to give them an easy way to answer the question "is it not worth breaking down another door?" which will save them time and save Tor operators hassle.
2) They thought it was quite clear that Tor relays weren't included as "server providers" in the upcoming data retention laws. They offered to talk to a state prosecutor in their area to try to get a public statement to that effect. I'm not optimistic (it's hard to ever get the government to publically say anything), but that's a fine start.
3) They will tell other German police groups about me, and maybe I'll visit others at some point.