[LINK] Has the US Govt Compromised TOR?

Roger Clarke Roger.Clarke at xamax.com.au
Wed Sep 18 05:53:35 AEST 2013 

=======================================================================
                          E P I C   A l e r t
=======================================================================
Volume 20.18                                         September 17, 2013
-----------------------------------------------------------------------

 
    <http://www.epic.org/alert/epic_alert_20.18.html>http://www.epic.org/alert/epic_alert_20.18.html

=========================================================================
[3] EPIC Files FOIA Suit to Determine If Tor Is Compromised
=========================================================================

EPIC has filed a Freedom of Information Act lawsuit against the 
Broadcasting Board of Governors, a federal agency that oversees all US 
civilian international media. EPIC seeks information about the federal 
government's interest in the Tor network, a privacy-enhancing network.

EPIC has been interested in the NSA's involvement in the development 
of cryptographic standards since EPIC's inception. In 1993, EPIC (then 
the Computer Professionals for Social Responsibility) initiated FOIA 
litigation over the NSA's use of the "Clipper Chip," an encryption 
protocol that was developed to ensure government access to encrypted 
information. The NSA developed the technical basis for the Clipper 
Chip. Public opposition to the Clipper Chip eventually led to the 
Chip's withdrawal.

The Guardian, The New York Times, and Pro Publica have recently 
reported that the NSA compromised many of the encryption technologies 
available for public use, raising many of the same concerns that drove 
opposition to Clipper. Through covert partnerships with Internet 
providers and software developers, the NSA has built in secret 
"backdoors," or deliberate network vulnerabilities, that allow the 
agency to surveil, decrypt, collect, and even control the flow of user 
data. According to top-secret NSA documents, "For the past decade, 
NSA has lead an aggressive, multi-pronged effort to break widely-used 
Internet encryption technologies . . . Vast amounts of encrypted 
Internet data which have up till now been discarded are now 
exploitable."

Wired reported that the FBI was using Tor to spread malware that could 
identify Tor users. Another story in The Washington Post highlighted 
the likelihood that the malware originated in the federal government 
for the purpose of surveiling encrypted communications. The Post also 
noted that 60 percent of Tor's funding comes from the Federal
government, prompting the paper to ask whether the network suffered 
from similar backdoors and vulnerabilities.

EPIC is pursuing the FOIA case against the Broadcasting Board of 
Governors to determine whether the NSA or the FBI may have compromised 
Tor.

Tor is software currently maintained by The Tor Project. Internet users 
around the world use Tor to maintain anonymity and circumvent Internet 
restrictions. Tor is used by academics, political dissidents, law 
enforcement, journalists, whistleblowers, NGOs, the U.S. Navy, and 
everyday individuals. Tor adheres to a policy of openness and 
transparency in its own management while working to protect the 
anonymity of its users. To that end, Tor publishes its list of 
sponsors, its open-source software, its financial reports, 
documentation, and lists of projects. Tor provides an invaluable 
tool for encrypted web use.


EPIC:  EPIC v. BBG
    <http://epic.org/foia/tor/>http://epic.org/foia/tor/

Wired:  Kevin Poulsen, "FBI Admits It Controlled Tor Servers Behind 
Mass Malware Attack" (Sep. 13, 2013)
    <http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/>http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/

The Washington Post:  Brian Fung, "The feds pay for 60 percent of Tor's 
development. Can users trust it?" (Sep. 6, 2013)
    <http://www.washingtonpost.com/blogs/the-switch/wp/2013/09/06/the->http://www.washingtonpost.com/blogs/the-switch/wp/2013/09/06/the-
    feds-pays-for-60-percent-of-tors-development-can-users-trust-it

The Guardian:  James Ball, Julian Borger, and Glen Greenwald, 
"Revealed: how US and UK spy agencies defeat internet privacy and 
security" (Sep. 5, 2013)
    <http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption->http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-
    codes-security

The New York Times:  Nicole Perlroth, Jeff Larson, and Scott Shane, 
"N.S.A. Able to Foil Basic Safeguards of Privacy on Web" (Sep. 5, 2013)
    <http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet->http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-
    encryption.html?hp&_r=0,

The Washington Post:  Brian Fung, "We've all practically given up on 
internet privacy. Here's how not to" (Sep. 5, 2013)
    <http://www.washingtonpost.com/blogs/the-switch/wp/2013/09/05/weve->http://www.washingtonpost.com/blogs/the-switch/wp/2013/09/05/weve-
    all-practically-given-up-on-internet-privacy-heres-how-not-to/

=========================================================================

-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916                        http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list