Statement from the Tor Project re: the Court's February 23 Order in U.S. v. Farrell

by arma | February 24, 2016

Journalists have been asking us for our thoughts about a recent pdf about a judge deciding that a defendant shouldn't get any more details about how the prosecutors decided to prosecute him. Here is the statement we wrote for them:

"We read with dismay the Western Washington District Court's Order on Defendant's Motion to Compel issued on February 23, 2016, in U.S. v. Farrell. The Court held "Tor users clearly lack a reasonable expectation of privacy in their IP addresses while using the Tor network." It is clear that the court does not understand how the Tor network works. The entire purpose of the network is to enable users to communicate privately and securely. While it is true that users "disclose information, including their IP addresses, to unknown individuals running Tor nodes," that information gets stripped from messages as they pass through Tor's private network pathways.

This separation of identity from routing is key to why the court needs to consider how exactly the attackers got this person's IP address. The problem is not simply that the attackers learned the user's IP address. The problem is that they appear to have also intercepted and tampered with the user's traffic elsewhere in the network, at a point where the traffic does not identify the user. They needed to attack both places in order to link the user to his destination. This separation is how Tor provides anonymity, and it is why the previous cases about IP addresses do not apply here.

The Tor network is secure and has only rarely been compromised. The Software Engineering Institute ("SEI") of Carnegie Mellon University (CMU) compromised the network in early 2014 by operating relays and tampering with user traffic. That vulnerability, like all other vulnerabilities, was patched as soon as we learned about it. The Tor network remains the best way for users to protect their privacy and security when communicating online."

Comments

Please note that the comment area below has been archived.

sjmurdoch

February 24, 2016

Permalink

IANAL but this reminds me of Kyllo v. United States, where the Supreme Court ruled that thermal imaging of a home was a search that, if performed without a warrant, was unreasonable and hence unconstitutional. The reasoning was that there is an expectation of privacy in a home, and a thermal imaging camera is not commonly available to the public.

The discovery of IP addresses of Tor users can't be done with publicly available equipment either. The attack carried out by CMU SEI was performed with software they designed specifically to conduct surveillance on the Tor network. Also, Tor is designed to prevent identifiable information from leaving a person's home, through its use of encryption. It seems therefore at least some of the reasoning from Kyllo v. US could be applied to this and similar cases.

February 25, 2016

In reply to sjmurdoch

Permalink

"a thermal imaging camera is not commonly available to the public".

SCOTUS could hardly say that today, unfortunately.

1. Some smart phone makers are already offering thermal cameras in their consumer products.

2. At least one Chinese maker of consumer drones is offering a drone equipped with a thermal camera (cost: less than 2000 USD).

Speaking of China, one model of phone unlocking copware device which is becoming very popular with US cops (because it is a kind of "Swiss Army knife" which can unlock most any device, in contrast to better known devices which can often only unlock Apple phones, or only unlock particular models) is made by a Chinese company. And when the cops boot it up, it contacts servers back in China and even shares data found in the unlocked devices with the Chinese manufacturers. So when FBI or another US LEA unlocks your phone, they may be sharing your data, not only with American and British spooks (CIA, NSA/GCHQ), but with Chinese spooks.

MI5 is being granted to trawl directly through NSA's database for information on US persons communications, by the way.

With little fanfare, hidden cameras and microphones are quickly becoming ubiquitous in US homes. Although consumers are not being informed that their consumer devices may contain hidden spies you didn't ask for and probably don't want in your home. Examples include Samsung Smart TVs. Other items have microphones which listen and transmit your in-home utterances (often via unencrypted WiFi connections) to corporate servers, such as Google Nest "Smart Home" devices. Companies which make IoT devices are all agog about LED lightbulbs which will contain microphones and other bugs to enable "targeted adverts" and "cross platform tracking" (identifying particular WiFi devices such as phones and laptops with particular known individuals who can be bombarded with instant messages or worse).

I could say much more along these lines. To mention just two:

1. some people affiliated with CSAIL (MIT's once respected Computer Science and Artificial Intelligence Lab) are selling to the general public a $300 consumer device which nosy neighbors can use to image people right through the walls of an apartment.

2. some US researchers are touting a bundle of microscopic fibers which can be pushed through microscopic pores in just about anything (fiberboard, say), and which can be attached to an inexpensive small device which can form a sharp optical image without any need for lenses. This is nothing like a "camera" as the public understands that word, but LEAs are already rushing to exploit it for inhome covert surveillance of "suspicious" persons.

For CSAIL, links were given in comments to another blog post on this website.

For the microscopic fibers with free ends which can be used to form sharp images without any need for lenses or focusing by using software to compensate for light travel time differences to/from bits of objects to be imaged and the ends of the various freely moving microscopic fibers, look at phys.org.

If you can't find them, please ask again and I'll dig out the links for you.

> At least one Chinese maker of consumer drones is offering a drone equipped with a thermal camera (cost: less than 2000 USD).

See

slate.com
And Now Drones Can Take Pictures At Night
Justin Peters
11 Dec 2015

The company is DJI, maker of the most common consumer drones in the US (according to FAA registry, at least, and also according to tech writers who write about consumer device exhibitions). The particular model is the Zenmuse XT.

If you look at the FAA drone register, you will see that private investigators, insurance companies, construction companies, and "urban mapping companies" are among those rushing to exploit the latest in on-drone surveillance technologies, such as multispectral imaging, thermal imagining, electro-optical cameras, low light cameras, IR laser designators/taggers, i.e. air-to-ground laser pointers which pose unknown health risks to people on the ground since no-one is bothering to check the manufacturers's assurances that these lasers are harmless to human eyesight under all conditions, FLIR, sideband radars, etc.

As these companies ramp up their expertise in supposedly non-abusive activities (for example, a utility might want to identify private houses with poor roof insulation using a thermal camera in order to attempt carrot/stick inducements to homeowners to buy better insulation, in order to use less energy), they will be tempted by incessant demand from darker forces to "diversify" to sell their data to people who may not have beneficent intentions toward a particular homeowner, for example. Further, just as FBI subpoenaed the "research" data collected by CMU/SEI on Tor use, so to we must expect that FBI and other US federal agencies will demand access to such data sets.

> some people affiliated with CSAIL (MIT's once respected Computer Science and Artificial Intelligence Lab) are selling to the general public a $300 consumer device which nosy neighbors can use to image people right through the walls of an apartment.

phys.org
X-ray vision? New Technology Making It A Reality
Scott Eisen
22 Dec 2015

phys.org
MIT team shows system that tracks people through walls
Nancy Owano
15 Oct 2013

phys.org
Low-power Wi-Fi signal tracks movement--even behind walls
28 Jan 2013

> some US researchers are touting a bundle of microscopic fibers which can be pushed through microscopic pores in just about anything (fiberboard, say), and which can be attached to an inexpensive small device which can form a sharp optical image without any need for lenses. This is nothing like a "camera" as the public understands that word, but LEAs are already rushing to exploit it for inhome covert surveillance of "suspicious" persons.

phys.org
New imaging system uses an open-ended bundle of optical fibers-- no lenses, protective housings needed
Larry Hardesty
12 Feb 2016

This is from another group of MIT researchers. They anticipate using their device for medical imaging, pushing about 1000 optical fibers (with free ends) right through the abdominal wall. Since the fibers are microscopic, this is feasible. But people interested in growing an in-home surveillance industry have already taken note that inquisitive people can easily push such fibers through a pinhole noiselessly made in fiberboard (for example with a pin).

Another example of a kind of search which has long been exploited by US cops, is very creepy and is rapidly becoming ubiquitous in US/UK as local governments place more and more requirements on garbage disposal (so they want to check that citizens are complying with their rules):

firstlook.org
Local Governments Increasingly Looking Through Your Garbage
Jenna McLaughlin
28 Jul 2015

Technological innovations are already being exploited in this area, including IP cameras inside dumpsters, RF readers near dumpsters, and WiFi mesh devices which inventory nearby electronic devices (using central databases, raw data showing that a specific phone was within a few metres of a specific geolocation can later be correlated with IRL identities by local governments and indeed by private companies).

> one model of phone unlocking copware device which is becoming very popular with US cops (because it is a kind of "Swiss Army knife" which can unlock most any device, in contrast to better known devices which can often only unlock Apple phones, or only unlock particular models) is made by a Chinese company.

You can verify this yourself. You'll need a phone and other devices to attack, a packet sniffer and a so-called "iP-BOX", the Chinese made copware cited in the quoted text, which can can be ordered here:

gsm112.net

You'll need to obtain an account on gsmforum in order to download the software needed to use the iP-BOX device.

You'll find that the device frequently receives "firmware updates" (a very good idea of course if that's really all they are) from a server in China, presumably operated by the maker of the device, but presumably vulnerable to the kind of "legal terror" by the Chinese government which would be encouraged by an FBI victory in FBI-v-Apple.

(Again, FBI's demands go far beyond anything the RU or CN government have yet made upon US/EU based hardware/software vendors such as Apple or Google.)

Further, at least sometimes when you attack a device, the IP-BOX contacts additional servers in China and appears to possibly share some recovered data.

The makers of IP-BOX claim it can unlock almost any iPhone or other device running IOS6 and related operating systems, by exploiting unpatched zero-day exploits.

For more on the general issue, see

techdirt.com
Another reasons Adopting 'Collect It All' Was a Bad Idea: Chine May Now Be Applying It To US Citizens Personal Data
Glyn Moody
17 Jul 2015

bloomberg.com
Hacked in the USA: China's Not So Hidden Infiltration Op
Chris Stone, Michael Riley, Jordan Robertson
12 Jul 2015

Please, participate in making Tor better!

https://blog.torproject.org/blog/hidden-services-need-some-love

https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-…

(That said, the 1024-bit identity keys for onion services are only used for identity, not for actual interaction like encryption of traffic. So a bad person would need to do a multi-step active attack to be bad. Still, yes, please help implement the new design.)

February 27, 2016

In reply to arma

Permalink

Tor use 1024 bit RSA 'truncated' SHA1 hash as the onion address, it is very bad, and makes it very easy to impersonate the user. The 'truncated' SHA1 name is NOT even up SHA1 hash collision strength...

this is the SOLE reason why facebook can generate facebookcore.onion far easier than true bruteforce, and pretty sure 3-letter agencies are impersonating onion services RIGHT NOW

Plz. somehow ditch 1024bit RSA ASOP

I think you misunderstand collision attacks. A collision attack is not the ability to brute-force an existing hash, but rather to generate two identical hashes *yourself* from random input. What you are thinking of is a preimage attack, which unlike collision attacks, is not accelerated by the birthday paradox. We are still far away from that being feasible with SHA-1, even a truncated version.

Furthermore, even though it is truncated, it still provides 80 bits of security. Yes, that means 40 bits of collision resistance, but still a full 80 bits of preimage resistance. While this is not ideal, it is certainly not trivial to crack. As for what facebook was able to do, it had nothing to do with cryptographic attacks against the hash function. They used the same methods which we can use to generate vanity addresses. They just had more processing power available. And they didn't think "hey, let's brute force facebookcorewwwi.onion", they thought "hey, let's look for facebook.onion". They generated a massive list, and manually looked through for the best. They probably also got facebookcpu444ai.onion or something similar as well (with "cpu" and "444" and "ai" being memorable chunks), but decided with facebookcorewwwi.onion instead.

I think you're overreacting. Yes, it's not great that it's using 1024-bit RSA. Yes, it's not great that it's using SHA-1. But no, it's not the end of the world. It's just suboptimal.

Just an added note. There use to be a search engine on Tor with the url xycpusearchon2mc.onion. xy cpu search on2mc . onion. Apparently some guy with a little hardware was able to generate that. Now facebook with a big server cluster could easily get something that sounds easy to memorize like what they got.

I think you are entirely missing the point: mathematical law trumps human law, but lawfare trumps cryptographic defenses. If FBI gets its way, Tor Project and any other provider of "secure" software/firmware/hardware could be coerced (despite arma's slogan "no backdoors ever") to cryptographically sign malicious "updates" prepared by the government or their contractors, disguised as a legitimate "security upgrade", and accepted as such by you and your devices because the upgrades are signed with the genuine signing key.

Take a close look the Tor Browser Bundle download page in this website. I'm talking about the detached signatures you use to verify (if you are wise) the tarball before you unpack it in your laptop or PC.

It's open source. Where would they hide the backdoor? It would not be easy to hide a featureful backdoor at all. They might be able to hide a bug, but even that would be hard and would not last. And before you say "but who reads the source?", a lot of people do. Even I go through and read parts of it.

There was recently some discussion in the comments to another post in this blog of "post-quantum cryptography". If I recall correctly, it was pointed out that currently the cryptographic algorithms believed to be endangered by state of the art advances in cryptanalysis are public/private-key cryptosystems (such as RSA), which are used to guarantee that messages ("data in motion") are authentic, not maliciously modified, and private. Block ciphers such as AES used to encrypt disks and other "data at rest" are said to be less immediately endangered.

That said, all the security experts (see the recent whitepaper "Don't Panic" coauthored by Bruce Schneier and Susan Landau, among others) agree with Snowden that most of us are much more vulnerable to malicious interference with our devices (cyberattack) than to cryptanalysis.

The thesis of "Don't Panic" is that rather than mandated backdoors in encryption products (attacking "data in motion"), FBI and NSA would be wiser to focus on the technically far easier (if legally no less objectionable) strategy of cyberattacking their "targets", no doubt including some (or all?) Tor users.

And what is your conclusion? Because it is more likely that they use cyberattacks than cryptoanalysis we should not strive for maximium security in crypto?

In my opinion it is not a "cyberattack or cryptoanalysis" question. In every aspect we should aim for maximium security.
That beeing said, when we are talking about crypto, we should use the strongest crypto out there, even if it is unlikely that "medium strong" crypto can be broken any time soon.

WE JUST DONT KNOW

Prepare for the worst, hope for the best.

> And what is your conclusion? Because it is more likely that they use cyberattacks than cryptoanalysis we should not strive for maximium security in crypto?

It seems that I did not make myself clear, so let me try again:

o my impression is that Tor developers are actively exploring incorporating the latest and bestest cryptology into future editions of Tor,

o all other things being equal, stronger cryptography is obviously desirable,

o all other things are not equal, even if one focuses purely on technology (for example, introducing a new protocol here might break something there, so developers need to be cautious),

o FBI is demanding the "authority" [sic] to perform "rubber hose cryptanalysis" on Apple, and Tor developers will no doubt be next (assuming they have not already been served with NSLs or otherwise threatened by USG agencies),

o all other things being equal, "rubber hose cryptanalysis" trumps even the best cryptographic protocols.

It follows that currently, Tor Project is facing a dire existential threat, which is not technological but political.

I am begging the Project to urgently prepare and test defenses, such as dispersing key people and key pieces of cryptographic signing keys to diverse geolocations. At present it seems our only hope (unless we are willing to go underground) is to disperse key people and data in jurisdictions (EU, China, Russia) which we hope will not all collaborate with each other in some act of simultaneous arrest and torture until developers give up their share of a signing key.

Yes, in terms of "post-quantum cryptography" you are right. AES is fine as long as it is used with 256bit!

General question: Was there any discussion on increasing the amounts of Tor relays, through which the traffic is routed?
Currently the traffic of any Tor user is routed through 3 relays.

How much would the security/anonymity (in terms of correlation attacks etc) be increased when the amount of relays through which the traffic gets routed is 4 instead of only 3?

Would it be possible to make Tor users choose the amount of relays by themselves? So paranoid users could get their traffic routed through e.g. 5 relays?

Was this ever discussed by the developers?

Hidden services are already accessed through 6 hops (3 yours and 3 theirs). I've sometimes noticed 4 to 5 hops in regular (exit) circuits under Orbot in its default configuration. The number is chosen by the client, so it could be adjusted by modifying the source, or perhaps the right tool pointed at Tor's control port. Relays are able to detect one-hop circuits though, and recently a default-disabled option was added to allow them, so it is hard to build one-hop circuits in practice. Not sure if there is any maximum outside the client itself.

Would it help? I don't think so. The CMU attack used a large number of guard-eligible exit nodes combined with the RELAY_EARLY flag to uniquely identify circuits which happened to be both entering and exiting CMU-controlled nodes at the same time. Thus the source and destination of a particular circuit were known to CMU. The number of middle nodes would have been irrelevant. But I would also be interested in hearing about this from a developer.

For multiple reasons. A few reasons I can think of:
1) It's unnecessary. 256 bits is plenty. 512 does not make you meaningfully less likely to be deanonymized.
2) It's very slow. Unlike AES (where it can be accelerated with AES-NI) or ChaCha20 (which is very fast in software), Threefish is practically a snail. It's fine for data-at-rest security, but when the main bottleneck for many relays is CPU speed, switching to something slower is a bad idea.
3) It's not supported by openssl, which Tor uses for encryption. Supporting it would as a result require using additional libraries and increasing complexity of the code.
4) It's not as well analyzed as AES, or even ChaCha20 (which at least benefits from prior analysis of the Salsa family of ciphers).
5) They key exchange algorithms used by Tor cannot fit a 512-bit key. Tor would need to switch to a much more bloated and slow key exchange algorithm to actually give 512-bits worth of security to this cipher.

So in general, the solution is not just to increase bit size. That's a very small aspect of a cipher's security. A *very* small aspect. Just go with >=128 bits (if avoiding classical attacks) or >=256 bits (if avoiding quantum attacks).

Not the OP, but thanks for replying, I find this sort of summary helpful in understanding design decisions (the *what* as well as the *why*).

I recognize that this would be an enormous task and best done as an academic paper, but I think it would be very useful for someone at Tor Project to help outside experts write a critical review of

o how specific encryption protocols/algorithms are used in *current* Tor for various purposes

o strengths and weaknesses of particular protocols as used in current Tor

o what design considerations led to particular choices

o pros and cons of possible future changes in how Tor uses encryption protocols

o how to maximize "future proofing" and resistance to quantum cryptanalysis

Then Roger or Nick could carefully write and post in this blog a layperson's summary (hopefully Ars Technica would offer their own summary too).

thank you for this. Are you basically saying, the advice by the aformentioned experts is that to stay encrypted is a very safe and reliable measure - so use it - and infiltration is much easier - so be careful of that?

> Are you basically saying, the advice by the aformentioned experts is that to stay encrypted is a very safe and reliable measure - so use it - and infiltration is much easier - so be careful of that?

Sorry for the confusion. Let me try again:

I think it is fair to say that there is a general consensus among cryptographers that:

o properly implemented end-to-end encryption works (math trumps Comey's "wishing it were so should make it happen"),

o properly implementing strong encryption can be very tricky, so wise developers will stick to already used and well-tested implementations (but this tends to reduce the chance they will use the latest and bestest),

o endpoint insecurity (putting WiFi in every device, backdoored routers, insecure BIOS, vendor provided insecure firmware which is never updated, unfixable hard wired flaws in chips, well hidden severe software vulnerabilities lurking in complex software such as a modern web-browser, insecure peripherals) generally makes it practical, even easy, for criminals, spooks, and other bad guys to break into devices and evade encryption intended to protect both "data in motion" and "data at rest",

o it is impossible to provide USG (or another government) with a "NOBUS" (nobody but us) "backdoor",

o deliberately weakening cybersecurity in any way inevitably increases the already dire risk posed to the US economy, critical infrastructure, and national security (not to mention individual security and privacy against identity theft, stalkers, doctor-patient confidentiality violators, lawyer-client confidentiality violators, babycam pervs, etc) by pervasive cyber insecurity,

o the already dire state of global cyber insecurity is rapidly growing worse with the USIC-encouraged growth of IoT, ipv6, "cloud computing", ever wider sharing and Big Data analysis of everyone's "data exhaust",

o thanks to Director Comey, "rubber hose cryptanalysis", which until recently was something only a few privacy advocates tried to warn open source software projects such as Debian and Tor to urgently protect against, is now very much a reality, not only in Syria or Uzbekistan but also in the so-called "Western world".

For a far more authoritative study of these issues, see "Don't Panic", the recent whitepaper from the Berkeman Center, which was coauthored by Bruce Schneier and Susan Landau, among others. The title references Director Comey's current state of Torschlusspanik.

"Block ciphers such as AES used to encrypt disks and other "data at rest" are said to be less immediately endangered."

Yes, BUT:
Quantum computer will be able to reduce the strenght of symetric ciphers by 50%.
So AES256 will be as strong as AES128 and AES128 as strong as AES64.

So why would anybody today want to use AES with 128bit? Would you trust AES with 64 bit today? No, I certainly would not.

So why would you trust it in max. 20-30 years, when quantum computers will become reality?!
So people please always use AES and Twofish with 256bit!
Do not forget that the NSA records as much encrypted stuff as they have the capacity for, to decrypt it later when they are able to.
The Future is near.

You raise a number of valid points, such as future proofing against quantum crypto, which as you say may be much nearer than defenders would like to believe.

It would be very helpful to have an authoritative and readable review of

o how various kinds of cryptography are used in Tor,

o what level of danger each is currently believed to pose,

o what future Tor versions might do instead.

This would probably require an academic paper from someone like Nick, followed by a "laypersons summary" in post in this blog.

However, it seems clear that Tor is currently facing a dire existential threat (Apple-v-FBI and related cases) which is not technological but political.

Put another way, it appears that "rubber hose cryptography" may be the most serious threat currently facing Tor Project. There exist currently practical technological defenses (such as Shamir's secret sharing system), but these require the Project to make possibly painful and political astute decisions to disperse key people and data in various national jurisdictions, not all of which may be particularly nice places to live if you are a privacy advocate.

Basically, USG has grabbed us where it hurts, and they are twisting hard.

It's a lot more than 50%. AES128 reduced by 50% is "AES127". For the same reason, AES256 is not twice as strong as AES128. Its key space is 2^128 times stronger.

The quantum grover's algorithm is able to reduce a cipher's keyspace to 2^(n/2). Now, shor's algorithm on the other hand... that's something to worry about. It can break almost all modern public key crypto almost instantly. No need to break AES128 when you can just break ECDHE!

As you probably know, in general, keysize alone is not what makes a cipher strong.

In a recent tortalk post, arma cited a link to the (publicly readable) "internal discussions" of Tor developers, which shows that they are thinking very hard about adopting alternative cryptographic algorithms, such as NTRU, or particular curves for elliptic curve cryptography. So I don't think there is any grounds for suggesting (yes?) that they are not considering other cryptographic mechanisms for possible incorporation into future editions of tor client/server software.

"in general, keysize alone is not what makes a cipher strong."

agreed, but in this case with all other factors equal it is exactly like that:

using Curve41417 is more secure than Curve25519

I agree, the strongest encryption possible should always be utilized. I'd be happy to wait longer for a web request to be received to ensure it is utilizing the strongest possible encryption! Hell, the Blackphone already utilizes Cutve41417!!!!

yes, totally agree! people's life depend on Tor! it should always use the strongest possible encryption! maxiumum security should be the standard!

yes, SilentCircle already uses the great Curve41417. and they also switched from AES to Twofish! i think Tor should consider that too.

Twofish was also an AES finalist and in terms of security is superior to AES(Rijndael).

was a change to Twofish discussed by the Tor developers? any reason against it??

Curve review by Bernstein:

http://safecurves.cr.yp.to/

Like Tor Project, Silent Circle is under imminent threat from FBI. From a document (not classified, but marked "LEO sensitive") which was recently published by Public Intelligence:

https://publicintelligence.net/fbi-cyber-attacks-isil/

> Open source reporting in India has noted the existence of several “hacking groups” within India.

IOW, some FBI contractor reads cybernews from India.

> Thus far, such reporting has identified group names like “Indian Cyber Army” or “Shakti Campaign” and referenced such groups as having worked on behalf of the Indian government against Pakistan. To date, we have yet to see any validated reporting as to the capabilities of such groups or been able to confirm their existence. It does stand to reason; however, criminal hacking activity, whether by individuals or from organized groups exists in India and could potentially target US companies both for financial gain and for general acclaim.

> Technical Details
>
> The FBI assesses most pro-ISIL hacktivist groups use relatively unsophisticated methods and tools to scan for and exploit well-known Web site vulnerabilities.

So presumably, it would follow that they can be assumed to be cryptographically unsophisticated, eh?

> Structured Query Language (SQL) injection, Cross Site Scripting (XSS), and social engineering tactics to obtain account credentials are assessed to be in the capability range of pro-ISIL cyber actors.
>
> The recruited Indian hackers are reportedly communicating on Internet based services like Skype, Silent Circle, Telegram, and WhatsApp. Pro-ISIL hackers use social media platforms like Twitter to make public announcements and release PII. Larger PII releases have been uploaded to online text sharing sites such as Pastebin.com and Justpaste.it.

It cannot be emphasized too strongly that the US Military-Industrial Complex (principle architect of the global Surveillance State) and IS are effectively partners in fear-mongering, if occasionally opponents in terms of small scale "kinetic actions" (to use the USG euphemism for firing a gun in the general direction of a targeted person). They need each other to exist. Without USG orchestrating invasions and occupations of Muslim majority countries, without USG conducting incessant bombings and cyberstrikes targeting people it dislikes, IS would be unable to easily recruit a steady influx of new fighters to replace battlefield losses. Without IS constantly orchestrating/encouraging people to carry out acts of small scale low level violence in the homeland of the "Western aggressors", the US Military-Industrial Complex would have to look hard to find new enemies whose very existence supposedly poses an "existential threat" [sic] to the US heartland.

Interestingly enough, US President Obama recently echoed a sensible statement recently made in this blog, presumably by someone else, that IS does not pose an existential threat to the US. Which some of us might take as a virtual admission that the US is killing people in other countries mostly in order to keep the DOD/USIC and their contractor horde gainfully employed.

It is also interesting that both Tor and Silent Circle are products of people associated with the US Navy. The very organization which has recently been so busy converting the "rebellious" West Coast into an active fire training zone (in terms of cyberwar). Kind of makes you wonder just what the US military is prepared to do to Cupertino should Apple remain intransigent:

http://www.theregister.co.uk/2016/03/04/west_coast_law_beats_the_fbi/
How the FBI will lose its iPhone fight, thanks to 'West Coast Law'
Uncle Sam can't argue against science
Dana Blankenhorn
4 Mar 2016

> ...
> there is a higher law beyond what FBI director James Comey sought to enforce on Apple last month.
>
> It was described by Harvard professor Larry Lessig almost 20 years ago, when he was then unknown, in a book called Code and Other Laws of Cyberspace, since updated as Code v2. Lessig called law as defined in computer code "West Coast Law." This is as opposed to "East Coast Law," which is defined by statute.
>
> Encryption is one such West Coast Law. It was defined by Whitfield Diffie and Martin Hellman 40 years ago in a paper called "New Directions in Cryptography." Their Diffie-Hellman protocol brought us the concept of public key cryptography, messages encrypted first with a key everyone knows, then decrypted with a private key controlled by the recipient. Or vice versa.
>
> East Coast Law is analog. It changes and it has exceptions. Arguments can be made – on either side of a question – that define or change East Coast Law or that shift its interpretation, as happens in courts. West Coast Law, like encryption, is binary. It's science. It uses facts that can't be denied or altered through the relative strength or weakness of an argument. So we have learned from that day to this.

Well, here's the thing: the US political/financial elite has suddenly become very concerned about rebellions from both the "socialist left" (e.g. Bernie Sanders) and "radical right" (e.g. Donald Trump and Ted Cruz), both of which threaten the ancien regime, albeit in very different ways. So suddenly they are taking very seriously longstanding warnings about the unrestrained growth of "algorithmic governance".

Algorithmic governance is exemplified most famously by NSA/CIA using predictive analysis to algorithmically compile profiles of people to be named in this week's Death List. But arguably the most worrisome application is far more mundane: governments have to constantly make decisions about what to do, or not to do, to various specific citizens. Hire? Fire? Sponsor? Evict? Charge? Parole? And algorithms, not low level human bureaucrats, now play a dominant role in determining how the USG treats any given US citizen. Indeed, regardless of the identity of the next US President, USG may soon radically downsize its nonmilitary personnel, because the most burdensome work of the Dpts of Agriculture, Education, etc, is now done by computers.

This won't be a surprise to anyone who follows the tech news. Nor that AI is posing a very real imminent threat to tens of millions of US jobs.

And the political leadership has also suddenly woken up to the fact that AI is not just threatening the low-paying jobs of lowly janitors, Uber drivers, and nursing home attendants, but also the obscenely high paying jobs of middle and upper level executives. But of course they should have known that the quants would enthusiastically (and rather foolishly) rush to replace themselves with AI bots. It's not like they were not warned.

Which brings me back to the question of why the USN is acting exactly like a military service preparing itself for war on the West Coast. Perhaps they are not only planning for a coup toppling The Donald (because it seems the admirals don't think "the football" would be safe in his insufficiently sizable hands), but also for a coup toppling "West Coast Law".

>the strongest encryption possible should always be utilized

That's a very naive statement. In Tor's case, one of the biggest bottlenecks is CPU power. My own Tor relay has a fast 100/100 internet connection, but can only contribute a tiny fraction of that to the network because the CPU is always maxed out doing the crypto. If Tor switched to stronger but slower algorithms, you would notice a rather large decrease in the Tor network's capacity, and subsequent decrease in anonymity.

Because size of the elliptic curve does matter! Look into quantum computing and how they work. There is not 1 type of quantum computer that breaks crypto with all bit lenght.
The first quantum computer might just break crypto with 128 bit lenght. a further development might break 256 etc.
All other things beeing equal we can say: elliptic curves with higher bit sizes are stronger and stay secure longer even if quantum computers appear.

February 25, 2016

Permalink

When I saw the reviews of this judgment I thought: This judge does not have the slightest idea of how Tor works!

The much older half brother of Judge Richard Jones is the well known composer Quincy Jones, who attended Garfield High School in Seattle, Washington, USA.

Social media accounts belonging to teenaged students at that school were apparently cyberattacked some years ago by the CEO of HB Gary Federal, according to documents published by Wikileaks, who obtained them from hacktivists. The authenticity of these documents were admitted by the CEO of the parent company, HB Gary.

The reason why the HB Gary Federal cyberattacked the students was to find sufficient information to impersonate them while attempting to phish former classmates who were working at a US Army intelligence unit in Texas. The goal was not to spy on the US Army but to provide a demonstration which the CEO hoped would convince a well connected law firm (involved in the campaigns of at least two current US Presidential candidates) to hire HB Gary Federal for such actions as cyberattacks on Wikileaks. Because one of the clients of that firm was a huge US bank which believed that Wikileaks was about to publish damning documents which could have led to criminal charges against the executives of the bank. Another person whom HBGary Federal wannted to cyberattack was the journalist Glenn Greenwald. Another was Jacob Appelbaum, Tor Project's "asset" in Berlin.

This is exactly the kind of abuse (against children, even!) which civil libertarians are fighting against, using legal means such as speaking out anonymously in blogs such as this. We don't condone "hacktivism", but it is undeniable that two of the most valuable sources of information about how our enemies are behaving have been the publication of documents from HB Gary and from Hacking Team.

(Hacking Team SRL, the very company which is cited in the case at hand, maker of "RCS Gallileo".)

A common tactic used by "the authorities" in the former Soviet Union and also in post-communist China, is incarcerating people who oppose some governmental policy in "special psychiatric hospitals", on the grounds that "anyone who opposes the State must be insane" [sic]. In this context, another interesting tidbit from Wikipedia:

> When the boys were young, their mother suffered from a schizophrenic breakdown and was committed to a mental institution.

As I understand it, Richard and Quincy share a father, not a mother, but the more I read about the case, the more I wonder how Judge Jones could possibly have arrived at the factually mistaken and horrendously anti-American beliefs he espouses in his decision.

FBI wants to deny all citizens the right to define themselves, to protect some reserve of private life, even from the Government. FBI/NSA/etc are seeking to obtain the 21st century version of the Writs of Assistance. To write the detailed second by second narrative of all our lives, even inside our own homes. This ongoing concerted effort to establish oppression as the law of the land parallels moves which would give the government the power to monitor and control over all financial transactions made by US citizens.

What people are not permitted to write the narrative of their own lives? To enjoy some private relationships (for example between husband and wife) which not even the government can break? To own their own money?

History calls these people "slaves".

> A common tactic used by "the authorities" in the former Soviet Union and also in post-communist China, is incarcerating people who oppose some governmental policy in "special psychiatric hospitals
no, you are wrong , it is not a communist or a Chinese idea ; but certainly an European archaism coming from Freud/Jews few centuries ago and it does not come from "the authorities" : every one can ask and obtain even worst ...

> A common tactic
no, it is a perversity used by a mafia group.

you should drink less and think better.

regard.

February 25, 2016

Permalink

If the FBI had subpoena'd the exit, middle, and guard nodes to get IP addresses at a very specific time, would you object in the same way?

Interesting question. You'll want to nail down the scenario a bit more.

Do you mean if they had sent subpoenas to honest and correctly behaving Tor relays? In that case the answer would have been "Sorry, we do not have any logs that are helpful to you. Can I take this opportunity to teach you more about Tor?" (See this question and its answer on https://www.torproject.org/eff/tor-legal-faq )

Do you mean if they had asked some cooperative attacker to run some misbehaving relays that log traffic, and then asked for a copy of the logged traffic? Then yes, I think exactly the reasoning above still holds -- it is inaccurate to conclude that the user did not want privacy because he gave his IP address to the entry node.

February 28, 2016

In reply to arma

Permalink

@arma
Isnt it in someway legally possible to forbid certain actions of Tor relay providers?
Like a legally binding code of conduct.
e.g. no logging, no saving or extracting data, no tampering with data etc etc.

If a provider would breach these rules (like CMU did) they could be sued?!

When I remeber correctly, Phil Zimmerman talked about ZRTP and its safety provision:

The ZRTP protocol can be licensed free of charge, but they have a provision in the license that nobody is allowed to put a backdoor in it. This would breach the license agreement.
They could be sued.
So everbody can use it for free, but no backdoor is allowed.

A breach of EULA would let them be sued, but would not be illegal per se. It is not illegal to break such a contract, but it is likewise not illegal to sue for it. In that case, you'd pit Tor Project against an entity like the FBI with nearly bottomless pockets. The only solution would be to make it illegal for them to do what they did, in which case the evidence they gather could be thrown out of court. But there's no such law. And CFAA doesn't seem to apply to them...

February 28, 2016

In reply to arma

Permalink

How about launching a lot of nodes belonged to FBI? It costs affordable for such a large organization. And they can do it stealthy if they launch them in different time and on different hostings.

Yes, the FBI could do that. But luckily as the CMU attack showed, it seems to have been impractical for an adversary who controls both a guard and exit to deanonymize people effectively without an extra covert communication channel beyond simple timing information (in that case, a bug which caused RELAY_EARLY to be passed along too far). If the FBI created a lot of nodes now, they'd be forced to do complex statistical analysis which may or may not yield meaningful results.

February 25, 2016

Permalink

I'm a little disappointed this statement didn't mention the difference between "who I am" and "who I'm talking to". Sure, the entrance node always knows who I am, but the whole premise that Tor is based on is that no single node or family of nodes knows **both** at the same time. In particular this could have addressed (from the court order):

"From the record, it appears the only information passed on to law enforcement about the defendant was his IP address. There is nothing presented by the defense, other than rank speculation, that anything more was obtained by SEI and provided to law enforcement to identify the defendant."

An IP address is a 32 bit number. Since when is a **number**, by itself, incriminating? It must have been associated with something else already known (like the HS address), which is really what's being requested here.

Secondly, from what I understand from previous posts, CMU created a great many relays that qualified as entrance nodes, and collectively were able to be selected as the first and last hops of some 6-node circuits. Instead of using a passive timing attack, they modified the RELAY_EARLY flag of the Tor packet, which is not protected by a client signature. This allowed them to uniquely identify packets of the same circuit at both the entrance and exit nodes.

How the hell does this not constitute wiretapping, or some kind of forgery?

February 27, 2016

In reply to arma

Permalink

My bad, I didn't fully comprehend the statement the first time I read it, but it does address that exact point. I really hope the judge takes the time to understand it.

On the other hand, I have a feeling she is being wilfully ignorant because she doesn't wantbto potentially defend the operator of a global drug network, even at the expense of knowledge and research, and by extension, the identities and lives of legitimate Tor users around the world.

> she is being wilfully ignorant
^^^^^^^

You may be confusing Judge Sheri Pym, a magistrate judge in Riverside, CA, who is hearing "the Apple-v-FBI case" (actually just one of more than a dozen, soon to be tens of thousands of cases across the USA, pitting Apple against FBI) with Judge Richard A. Jones, a district court judge in Seattle, WA, who is hearing the case referred to in arma's post above, which directly involves onion services and the CMU/SEI "research" on human subjects which was paid for by ARL (Army Research Labs) and subpoenaed by FBI.

Wikipedia appears to be of no use in sorting out this confusion.

@ arma:

I repeat, the statement needs to be rewritten for clarity. Don't assume readers are already familiar with the legal issues, or even that Judge Pym and Judge Jones are two different jurists hearing two different cases (both with far reaching implications for Tor, Debian, and other projects).

@ shari:

Does Tor Project have a General Counsel? If not, I think this is a position Tor Project needs to create and fill.

I was referring to judge Joans in the CMU case, although I did use the wrong pronoun, so thanks for prompting me to clear that up. As I understand it, the Farrell "Silk Road 2.0" case is the actual case where the CMU research project is in question. That's why I implied that by finding the results of the CMU project inadmissable (or requiring details to be disclosed), he would be -- in the common man's eyes -- defending Farrell.

February 28, 2016

In reply to arma

Permalink

"Instead of using a passive timing attack, they modified the RELAY_EARLY flag of the Tor packet, which is not protected by a client signature. "

@arma

why is it possible to modify Tor packets without someone noticing it?!
Is there not a technical solution for that? a detection method that Tor packets have been modified?

February 25, 2016

Permalink

@ arma:

For more than a year, some Tor users have been urging the Project to prepare legally, politically, cryptographically, electronically, and geolocationally for the possibility that USG will server Tor or Debian with an explicit order demanding that you (plural) put their APT malware or whatever in your torbrowser tarball, Tails ISO, Debian software update, or whatever, and sign these with your genuine signing key. Either as a dragnet assault on all users, or as a targeted assault in which some users's downloads are surreptitiously replaced "on the fly" with the correctly signed illegitimate "update".

Could you please explain whether the court order you are talking about in your post is the same one as the order which FBI obtained demanding that Apple

* create a PIN bruteforcing machine/software, in particular by disabling two critical security features:

+ phone limits rate at which PINs can be entered (brute force guessing)
+ after ten failures phone wipes itself

* create a modified version of the phone operating system with the malware incorporated

* sign the trojaned "OS update" with their signing key, encrypted for the unique key of the phone in question

(At least, that is my understanding of what the judge in the FBI-vi-Apple case is demanding Apple do for FBI. Someone please correct me if I got anything wrong!)

Regardless, could TP please issue a statement supporting Apple in that fight? If you cannot, please explain why you cannot. Is TP currently in receipt of an NSL or other court order including a gag order? Yes, you could tell us but then you'd die in clink. But one of you should still tell us, or at least shut down the project, in which case we will all know approximately what probably happened.

Most vendors posted a statement of support for Apple within a day or two, but Tor Project has not yet posted such a statement. Is the reason that Shari is trying to get all the key Tor people to agree to the exact wording? I think it is very important that Tor issue an unambiguous statement that Tor Project

* will never put a backdoor into Tor, Tor Browser, Tor Messenger, or other TP products,

* will never knowingly sign with its genuine signing keys anything which *another party* has modified by putting in a backdoor, malware, APT spyware, etc.

* will always make every effort to avoid somehow signing something which has been modified without your knowledge.

Such a statement should be accompanied with a declaration that TP will shut down or try to escape to a less oppressive jurisdiction (Norway? Iceland? Sweden? An international Antarctic research station? An earth orbiting satellite?) if such a backdoor order is served and if you have exhausted all your legal remedies in the US.

If you are talking about a different court order, are you saying that Tor Project has already received a specific demand to put in a back door? If so, what do you plan to do if your court battle fails? Options appear to include:

o craven compliance, to the incalculable harm to your users

o shut down TP

o relocate TP and key people (and all data holding key resources such as signing keys) to another venue

o "break bad" (flee the US and become an organization which USG considers illegal).

All of these matters are very serious, so it is terribly important that you make every effort to issue clear and unambiguous statements to your user base. Likewise, I have tried to make this post clear and unambiguous, but please speak up if I said anything you didn't understand.

This blog post wasn't even about Apple, it was about CMU. And if anything, it speaks to the idea that three letter agencies are better off not backdooring Tor. Sure, RELAY_EARLY was removed, the number of guard nodes was reduced to one, and the criteria for guard eligibility was made more strict, but these are all band-aid solutions. None of them involve any fundamental design changes. They'll buy us a little more time for that particular attack, but how long will it be before a new attack is developed? There could be one out there now, just waiting to be outed when they the right agency finds the right guy to use it on.

A backdoor would introduce a much greater risk of it being found and the Tor Project practically coming to an end, once users lose all trust. At that point, people will move on to something else, or become law-abiding citizens, which the three letter agencies don't want. They know the in's and out's of Tor, and they've got it good with the vulnerabilities and traffic analysis techniques they already have.

This statement implies that there are better designs out there that users could move to -- ones that are practical to build, scalable, usable, and more secure. If you've got one, the world would love to hear about it. I recommend looking at the PETS symposium and submitting your designs there:
https://petsymposium.org/2016/

February 27, 2016

In reply to arma

Permalink

Actually, my statement doesn't imply that there is something better, it merely implies that Tor is not perfect, or perhaps even as good as many users (I.e. Farrel) once thought. When I said about moving on to something else, I meant something better than the would-be backdoored Tor, not something better than today's Tor.

Alas -- and I didn't think of putting this in my post until after the fact -- Tor is the best thing we have in the real world. My original statement does withstand, however, and I commend your response for not actually attacking any of the key points I made (unless any of them are indeed wrong).

But the predomininant message I was trying to convey was not a criticism of Tor's design, nor the fixes implemented in response to the attack, but rather the idea that adversaries would take a greater risk by backdooring Tor than by attacking it as it is. It's far easier for me to accept that Tor had unforeseen weaknesses that were exploited by CMU, and continue to use it as the best tool at my disposal, than to continue using it after seeing any credible evidence to suggest that the Tor Project was malicious or even complicit in an attack, be it on the network or at the endpoint (backdoor).

February 27, 2016

In reply to arma

Permalink

@ arma:

> This statement implies

I cannot parse your reply, irrespective of whether you were replying to
"For more than a year..." or "This blog post wasn't even about Apple..."

I don't think either poster was suggesting that there is a credible alternative to Tor right now. The first poster (myself) was asking Tor Project to give the user base some idea of what you plan to do when FBI comes breaking down *your* door to serve you with a court order directing TP to use its genuine signing keys to sign updated versions of Tor Browser, Tor Messenger, etc. which were not made by Tor Project but by FBI, DARPA, NSA, or a USIC contractor such as Hacking Team SRL or SRI. In other words, a court order coercing you to assist the government in forgery.

If that happens--- and ACLU, EFF, Apple, Bruce Schneier, etc. all seem to agree it is more or less inevitable if FBI wins its fight with Apple (maybe even if it loses to Apple)--- what is your plan?

I'd rather see you shut down the project entirely if you are not willing to move somewhere beyond the reach of the USG (and no, of course I cannot suggest a Hellfire-proof or rendition-proof or Putin-proof alternative location, because the USA was always understood as the last refuge from tyranny, not a place from which people who value privacy, freedom, and the rule of law must flee), or to go underground.

@ arma: you seem to imply that something like Shamir's secret sharing system will prevent FBI from forcing TP to sign malware disguised as the latest tarball, but I am not so sure.

> I'd rather see you shut down the project entirely if you are not willing to move somewhere beyond the reach of the USG

A crucial point: MI5 is working closely with FBI to push through the latest version of the "Snooper's Charter" in the UK, which contains the analog of the USA's NSL (National Security Letter) gag order: someone served with an order to use their genuine cryptographic signing key to sign state-sponsored malware disguised as a beneficial security upgrade would be prohibited from telling anyone--- even their wife, priest, or lawyer--- about the demand, and can be jailed incommunicado if they refuse the demand.

Further, GCHQ has quite explicitly given itself the authority to engage in "equipment interferrence" (the latest euphemism for surreptitious intrusion into an electronic device owned by someone else, covert implanatation of malicious APT spyware, malicious destruction of data/devices/networks, etc) *anywhere in the world*. (NSA says it exempts mainland USA from the worst of its cyberespionage/cyberware activities, but this means little since the US military appears to have quietly granted itself the authority to conduct cyberespionage and cyberwar against US citizens inside the USA.)

> This blog post wasn't even about Apple, it was about CMU. And if anything, it speaks to the idea that three letter agencies are better off not backdooring Tor
> ...
> how long will it be before a new attack is developed? There could be one out there now, just waiting to be outed when they the right agency finds the right guy to use it on.
> ...
> A backdoor would introduce a much greater risk of it being found

I think you may have missed at least four crucially significant points:

1. The most dangerous aspect of what FBI demands is that FBI is trying to coerce Apple into using its genuine cryptographic signing key to sign malware disguised as an OS "security upgrade", so that the iPhone accepts the new OS as legitimate software from a trusted vendor, Apple. The exact same mechanism could be used to coerce developers or Debian Project into signing malware disguised as "security upgrades" to packages or Debian ISO installation images. To coerce Tor Project developers into signing malware disguised as a "security upgrade" to Tor Browser Bundle or Tor Messenger. To coerce Tails Project into signing malware disguised as the next edition of the Tails ISO image. To coerce any trusted vendor into signing state-sponsored malware disguised as a security patch, upgraded firmware, antivirus software, or anything else you might want to purchase or download to decrease your chances of falling victim to ransomware, criminal scams, state-sponsored attacks from other governments (Syria, China, Russia, Hacking Team acting for Nigeria, and who knows who else?).

2. Such attacks could be highly targeted and would by no means be limited to people whom USG suspects of "having done something wrong"; rather, they could secretly order developers or companies to "sign this malware intended for Glenn Greenwald's laptop" or "sign this malware intended for a Belgian telecom engineer" or "sign this malware intended for the phone used by a high school student we need to hack in order to phish a reactor engineer in another state whom we want to spy on for national security purposes". Or they could be dragnet attacks on everyone who uses a particular technology, such as TBB or TM.

3. We are not discussing "backdoors" of the kind which capable coders might be able to spot as suspiciously obfuscated code in source code tarballs. These are ISO images and so forth which have been properly signed with a genuine signing key, but which are not what they claim to be, a security upgrade.

4. Consider the likely consequences if people become concerned that "security upgrades" even if properly signed with a genuine signing key might actually be state-sponsored malware (or criminal malware, because if FBI gets its way, smart cybercrime gangs will no doubt be able to exploit LEA coercion systems to trick companies into signing criminal malware). An analogy may help:

Suppose I go to a medical clinic to obtain a flu shot. I trust the clinic to inject into my body a beneficial vaccine which will protect me against a serious illness. Even more important, it will help provide "herd immunity" to those individuals in my community who cannot themselves receive flu shots, for medical reasons, such as very young infants who are likely to die if they contract a deadly strain of flu. But unknown to me, the government has coerced my doctor into clandestinely substituting for the beneficial vaccine a deadly live flu virus, or a deadly neurotoxin, or a deadly radioactive substance. Then I'll die, and never know that my doctor was forced to assist the government in killing me.

But as the government uses this capability against more and more people, survivors begin to notice a pattern: people who go to a medical clinic for a vaccine against the latest variety of flu are dying horrible suspicious deaths.

What happens then? More and more people will refuse to get yearly flu shots. Destroying the herd immunity. Eventual result: a global pandemic caused by some deadly flu strain.

In just the same way, when people realize they can no longer trust that security upgrades are genuine and beneficial to their electronic health, they will stop accepting security patches. To the enormous benefit, of course, to cybercriminals trying to steal your money or your identity, to state sponsored hackers seeking to take down the US or UA power grid, etc.

No backdoors, ever.

You can watch us make this declaration, with many more details, in the 31c3 talk:
https://media.ccc.de/v/31c3_-_6251_-_en_-_saal_1_-_201412301400_-_state…
(See slide 7 in particular.)

See also https://www.torproject.org/docs/faq#Backdoor for the same statement in the faq.

The Apple thing is indeed a very important precedent. We could imagine having the part of Tor that signs things being in a better jurisdiction -- but that is not a great solution, since western countries sure think of themselves as having long arms. And we can imagine Tor people going to jail rather than implementing something evil -- but that is not a long term scalable solution. To be clear, they have not tried to compel us to implement any evil thing, and in any case we would refuse to implement it. But does that mean they have a mechanism to cause us to quit working on Tor? We need to make sure it never comes to that point, by making sure Apple wins this round of the fight, and also by strengthening our reputation so a broad enough cross-section of the world is outraged along with us if they ever try it.

(The main reason we haven't put out any statement about Apple is that the small number of us are busy and it hasn't floated to the top of the stack. That's the main reason we don't do most things. It sure would be nice to have more people funded to do these important things. :)

What about multiply auditing and signing commits/releases in multiple juristictions, rather than moving it. I.e. require signatures from maintainers in the U.S., Germany, wherever, and such that all signatures must be present in order for the release to be considered safe (by users, package maintainers).

This will of course multiply the already high workload on developers, but depending upon the outcome of the Apple case, something like multi-signing may become more important than the work done by each of the individual developers during the time they would be auditing and signing each other's work.

Sounds like you are suggesting something like Shamir's Secret Sharing Scheme, which splits up essential secrets like secret keys into pieces, each of which can be kept by a different developer in a different location. SSSS not only can split a secret into many "shares", it can reconstruct the secret from some number of shares less than the total. This means that if one developer is arrested, say by Chinese or US government, under a "stay in clink until you decrypt" ruling from a court (analogous to "stay or pay" rulings which are already becoming common in US courts), the survivors can continue to sign software, to add new shares kept by replacement developers, etc.

Obviously it is crucially required that the project developers avoid allowing the minimal number of developers to be rounded up simultaneously. Given the pressure which USG can bring to bear on almost any government, this is clearly going to be a tremendous challenge. One needs to set the minimal number of shares needed to reconstruct the secret large enough that governments will not be tempted to try massive roundups of all software developers, yet small enough that the project can sign software.

To add to my post about multiply signing, even without auditing, multiply signing could still potentially make Tor more backdoor-resistant if each signer requires a "I have not been coerced" statement from the developer after the commit but before signing. Afaik, the three letter agencies even in the U.S. cannot yet legally compel someone to make that statement (yet and legally both being operative words). But I wouldn't rely too heavily on that.

Even so, it might help prevent a compromised developer's machine from causing a malicious commit to be made surrupticiously.

> Afaik, the three letter agencies even in the U.S. cannot yet legally compel someone to make that statement (yet and legally both being operative words).

I've seen a legal analysis of this very point (sorry cannot find link right now). The lawyer concluded DOJ could argue on basis of existing "authorities" that it *can* compel someone to falsely sign a statement "I have not received an NSL" or "I have not been pressured to cooperate with the US government to backdoor our product", using similar arguments to the FBI-v-Apple argument, that DOJ can compel Apple to sign a false cryptographic statement that some supposed "security upgrade" is legitimate, not state-sponsored malware, when in the case of FBI unlocking a phone or disk drive or other device, the "upgrade" would be such malware. If the false claim is signed with the genuine vendor key, the device will be tricked into accepting malicious malware as a legitimate security upgrade.

However, the lawyer also concluded that in all such arguments, DOJ is on very tenuous ground, because compelled speech would clearly violate the First Amendment to the US Constitution, which *protect* free speech and *prohibits* compelled speech. The legal issue is whether compelling someone (a company, a nonprofit group, a developer) to misuse a legitimate cryptographic signing key to assist someone (a government, an employer) to harm someone (a citizen, an employee) constitutes "speech" under the First Amendment.

@ arma:

Thanks for replying, but you completely ducked the key part of the question!

I know that TP has stated "no backdoors ever", and thanks for that, and please keep saying that. But I asked TP to specifically renounce ever using your genuine signing keys to sign a "update" which has been modified by *some other party* (such as Hacking Team), even if you have received an NSL or other court order accompanied with a gag order.

This concern is hardly hypothetical:

https://www.eff.org/deeplinks/2016/02/investigatory-powers-bill-and-app…
The UK's Proposed Spy Law Would Force Apple to Secretly Hack its Phones Too
Danny O'Brien
25 Feb 2016

> The newly proposed British spying law, the Investigatory Powers Bill (IPB), already includes methods that would permit the British government to order companies like Apple to re-engineer their own technology, just as the FBI is demanding. Worse, if the law passes, each of these methods would be accompanied by a gag order. Not only would Apple be expected to comply, but the IPB would insist that Tim Cook could not tell the public what was going on without breaking UK law. At least in the current fight between Apple and the US government, we're having the debate out loud and in public.

http://arstechnica.co.uk/tech-policy/2015/11/snoopers-charter-uk-govt-c…
Snooper’s Charter: UK gov’t can demand backdoors, give prison sentences for disclosing them
The new law would prevent any discussion of government surveillance, even in court.
Glyn Moody
6 Nov 2015

> Buried in the 300 pages of the draft Investigatory Powers Bill (aka the Snooper's Charter), published on Wednesday, is something called a "technical capability notice" (Section 189). Despite its neutral-sounding name, this gives the UK's home secretary almost unlimited power to impose "an obligation on any relevant operators"—any obligation—subject to the requirement that "the Secretary of State considers it is reasonable to do so."
>
> There is also the proviso that "it is (and remains) practicable for those relevant operators to comply with those requirements," which probably rules out breaking end-to-end encryption, but would still allow the home secretary to demand that companies add backdoors to their software and equipment.

FBI is pointing the way: force software/firmware/hardware vendors to use their genuine signing keys to sign maliciously modified "updates". Smart phones, laptops, everything which can be receive a "security upgrade" is vulnerable. And of course everything which cannot is vulnerable to an every growing variety of endpoint cyberattacks.

>Thanks for replying, but you completely ducked the key part of the question!

>To be clear, they have not tried to compel us to implement any evil thing, and in any case we would refuse to implement it.

I'm not sure what else you want him to say. If you want proof, you'll have to audit the source code yourself.

We would all like a gaurantee, but unless someone comes up with a way to make that feasible, we'll have to settle for trust. I'm just not sure what exactly you're asking for in that post.

> I'm not sure what else you want him to say. If you want proof, you'll have to audit the source code yourself.

You misunderstood: the source code is completely irrelevant to the concern stated by several users including myself.

Let me try again:

FBI is attempting to obtain the "legal authority" to compel companies such as Apple, open source projects like Debian and Tor, and individual developers of privacy/anonymity/cybersecurity enhancing software, to cryptographically sign with their authentic signing key state-sponsored malware (or a "LEA version" of the operating system used by iPhone which the vendors/developers are forced to create for FBI) which would be disguised as a "security upgrade".

This is tantamount to "rubber hose cryptography", a practice formerly limited to the most abusive governments, such as the al Assad regime in Syria.

In the medical analogy, it is just like going to your doctor for a medically beneficial flu vaccine. You trust your doctor to inject you with a safe and effective vaccine, not with a live deadly viral infusion, a deadly neurotoxin, a psychodelic hallucinogen, or metastatic cancer cells. But what if the government forces your doctor to secretly subsitute such a malicious injection for the beneficial medicine? What if your doctor is prohibited by law from telling anyone ever about the substitution?

If the government attempts to poison huge numbers of people in this way, soon everyone would refuse vaccinations because they would have noticed that large numbers of people are dying horrible deaths right after receiving a flu shot.

But what if the government decides to poison only a small and carefully selected subpopulation, such as union organizers, Mexican social justice activists, or Muslim civil libertarians? In such a scenario, the government might well be able to prevent mass media from covering a mysterious concentration of sudden deaths among Mexican-American activists or dissident computer scientists.

On the basis of public statements by current frontrunners in the US Presidential race, it seems that both are eager to exploit rubber hose cryptanalysis against Tor users, and at least one candidate appears eager to literally poison Muslims or Mexicans as a means of encouraging survivors to flee the USA.

> You can watch us make this declaration

Actually, no. Some of us avoid videos because of the security hazards they pose.

If you believe Tor Browser is immune to any current or reasonably anticipated future vulnerabilities related to watching videos while using Tor Browser, please explain.

What I personally do, while a bit overkill, is generally quite effective. I sandbox the browser using grsecurity's RBAC implementation, configured such that it can only append to logs but not read them, and can only write to a downloads directory but not read from it, then run it in a Xephyr nested X server, so it cannot keylog or access the rest of the desktop. I also use a custom seccomp profile to restirct syscall access so it cannot hijack the kernel. In the future I plan to find a way to detect side-channel attacks such as prime+probe, flush+reload, and aggressive types of flush+flush which use clflush/clflushopt and rdtsc (and related tsc instructions).

Or... You could just download the video, burn it to a DVD, then watch it on an old fashioned DVD player (the kind with no network or "smart" anything).

@arma
Dear Tor developers,

The attack was going on for 6 month!
I have read that Tor developers found after 1-2 month into the attack that something was not normal. But they did not step in. WHY?

Security and privacy must always be the top priorities. If something is fishy, shut it down!
The life of people depend on it.

Be more paranoid! Even if that hinders scientific research.

I hope the Tor developers learnt a lesson!

Thanks for this. There's that statement you can use - it has a particular name? Write at the top of the page ' we have not been subpoenaed to provide backdoor access to three letter acronyms'
and if that statement is removed you have not broken any law

> Is it really as simple as that ?

Maybe not (under US law, which is the most important since Tor Project is a US nonprofit and most of the key people are easily accessible to FBI for imprisonment/torture or similar coercion.)

I've seen a legal analysis (can't find the link, sorry) which argues that DOJ can easily extend their argument in Apple-v-FBI that the government has the power to force Apple to collaborate in constructing malware and --crucially--- using their genuine signing key to sign the FBiOS so that the phone is tricked into accepting it as a legitimate security upgrade, to argue that the government has the power to force people to bear false witness in other ways, for example by falsely stating "I have not been pressured by FBI to betray our users" and then signing the false statement.

The lawyer added that this line of argument is very questionable, as is the original argument in Apple-v-FBI, and likely unconstitutional, since the First Amendment has been held to say not only that you cannot be prohibited from saying what you believe, you cannot be forced to say something you know to be false. Which is exactly what FBI is trying to do in FBI-v-Apple.

FBI will try hard to obtain maximal expansion of their powers by keeping their most outrageous abuses in secret courts like the FISA court, and by obtaining more secret EO orders, and to the extent possible, working out secret agreements with NSA &c to give more and more FBI/DEA/NCTC/US-Dept-of-Anything agents free access to NSA databases of information about all USPERS.

Silicon Valley is in revolt. Why isn't Tor Project part of this movement?

http://www.theguardian.com/technology/2016/mar/14/facebook-google-whats…
Facebook, Google and WhatsApp plan to increase encryption of user data
Spurred on by Apple’s battles against the FBI, some of tech’s biggest names are to expand encryption of user data in their services, the Guardian can reveal
Danny Yadron in San Francisco
14 Mar 2016

> Silicon Valley’s leading companies – including Facebook, Google and Snapchat – are working on their own increased privacy technology as Apple fights the US government over encryption, the Guardian has learned.
>
> The projects could antagonize authorities just as much as Apple’s more secure iPhones, which are currently at the center of the San Bernardino shooting investigation. They also indicate the industry may be willing to back up their public support for Apple with concrete action.
>
> Within weeks, Facebook’s messaging service WhatsApp plans to expand its secure messaging service so that voice calls are also encrypted, in addition to its existing privacy features. The service has some one billion monthly users. Facebook is also considering beefing up security of its own Messenger tool.

http://thehill.com/policy/cybersecurity/272874-whatsapp-encryption-said…
WhatsApp encryption said to thwart wiretap order: report
Katie Bo Williams
14 Mar 2016

> The Justice Department is discussing how to proceed with a criminal investigation i>n which investigators have been stymied by the encryption of the popular instant messaging service WhatsApp, The New York Times reports.
>
> The case is unfolding against the backdrop of the Justice Department’s public feud with Apple over the locked iPhone of one of the San Bernardino shooters.
>
> Details of the WhatsApp case are unclear, but officials told the Times that it was not a terrorism case. They said that a federal judge approved a wiretap, but that investigators have been unable to move forward. No decisions have been made about how to proceed.

techdirt.com
DOJ Officials Hint Whatsapp Likely Next In Line For The Apple Treatment
from the the-rest-of-the-dominoes-should-fall-like-a-house-of-cards...-checkmate dept
Mike Masnick
14 Mar 2016

> The New York Times is reporting -- based on the comments of several unnamed officials -- that Whatsapp may be headed for the same sort of courtroom dustup Apple is currently involved in.

> No backdoors, ever.

The following should serve as a wakeup call regarding what you can expect if you are ordered to put in a backdoor, and true to your promise, refuse to cooperate:

http://arstechnica.com/tech-policy/2016/03/florida-sheriff-pledges-to-a…
Florida sheriff pledges to arrest CEO Tim Cook if Apple resists crypto cooperation
If Apple wouldn't comply with a court order, sheriff vows: "I'll lock the rascal up."
Cyrus Farivar
12 Mar 2016

> A Florida sheriff has threatened to arrest Apple CEO Tim Cook, were a situation similar to Apple's resistance to government pressure in the ongoing San Bernardino terrorism investigation ever to arise in his jurisdiction.

I get the impression (from your curious refusal to prioritize responses to the FBI threat) that you assume that the next US President will be Hillary Clinton. I believe you should assume rather that it will be Donald Trump. Don't ask what Clinton might do with FBI or NSA to harm Tor users. Ask what Trump might do with all that lethal power. He has promised to kill the family of "terrorists", and from his behavior at his rallies ("in the good old days, protestors were carried out on stretchers"), he seems to classify his domestic political opponents as "terrorists". Just like Roussef, Erdogan, Putin, and other leaders facing significant opposition at home.

i'm enjoying these comments and the critical, intelligent discussion. thank you to you and everyone.
little bit off topic but
I read some helpful synopsis of the apple vs feds situation in wired magazine online (search ''wired hacking news" that should do it)

it was explaining that the situation is not as black and white as it appears. and that having a strong password will basically prevent any brute force attack - so 6 or more characters everyone, use proper opsec for your phone password, and secondly stay away from
that blasted apple cloud server!!!! some 3rd party encryption would also help

This might help:

http://phys.org/news/2016-02-lockdown-apple-tougher-hack.html
Lockdown: Apple could make it even tougher to hack Phones
Michael Liedtke
24 Feb 2014

> Turns out there's a fair bit both individuals and Apple could do to FBI-proof their phones and shield private information from investigators and cybercriminals alike. Those measures include multiple passcodes and longer, more complex ones.

The author offers specific steps iPhone users can and should take immediately to help keep out the bad guys.

Yes, at all costs avoid using "the cloud" for storage or backup.

This may help you to understand the risks of using a phone:

http://phys.org/news/2016-03-fbi-hack-iphone-apple.html
How the FBI might hack into an iPhone without Apple's help
Bree Fowler And Brandon Bailey
22 Mar 2016

> For more than a month, federal investigators have insisted they have no alternative but to force Apple to help them open up a phone used by one of the San Bernardino shooters. That changed Monday when the Justice Department said an "outside party" recently showed the FBI a different way to access the data on the phone used by Syed Farook, who with his wife killed 14 people in the Dec. 2 attack. The magistrate judge in the case postponed a hearing scheduled for Tuesday and gave the government two weeks to test its method. But federal officials have been mum about who came forward and what method they've proposed. Here are some of the leading options outside experts think the FBI might be exploring.

February 25, 2016

Permalink

How can someone receive a fair trial if the judge has 0 clue about the workings of TOR and might over-dramatize things that could have minimal meaning, like the "IP address" in the blog post.

February 25, 2016

Permalink

@ Judge Jones:

Of course Tor users have a reasonable expectation of privacy while using Tor!

Seeking privacy is the reason why we use Tor!!

Please excuse me for being blunt, but: doh!

Really now, judge, I don't see how could any reasonable person possibly think that a typical Tor user (the SEI is not the typical Tor user because SEI was *abusing Tor* to harm others) would not be seeking privacy. Providing privacy is the *stated purpose* of Tor!

"Why we use tor": for perfectly legal purposes such as posting to this blog, by the way.

Judge, I don't wish to be rude, but did you even bother to look at Tor's home page before writing your opinion? Do you really want to argue that anyone visiting that home page and downloading a Tor product would be seeking something other than a little privacy?

If so, maybe you should explain precisely what you think this other thing might be.

Again, I don't wish to lecture a sitting judge, but it impossible not to notice that you appear to have forgotten the well known historical fact that many of the eloquent and inspiring political documents on which the US government is founded were published *anonymously*, including the first versions of Mr. Paine's essays and the so-called "Federalist papers" (and almost all written counterarguments to those essays arguing for ratification of the US Constitution, the very document some politicians have publicly sworn to uphold.)

On this basis, it seems to me that what you wrote about Tor could be fairly characterized by an adjective which acquired ugly connotations during the McCarthy era: "unamerican".

Please reconsider and issue an amended ruling.

February 25, 2016

Permalink

@ Judge Jones:

On 21 Mar 1778, someone signing himself or herself "Common Sense" published in Lancaster, PA, an open letter addressed to General Sir William Howe, who was then in command of the enormous British army which was attempting to subdue by armed might the rebellious American colonies. The author wrote:

"To argue with a man who has renounced the use and authority of reason, and whose philosophy consists in holding humanity in contempt, is like administering medicine to the dead, or endeavouring to convert an atheist by scripture. Enjoy, sir, your insensibility of feeling and reflecting. It is the perogative of animals. And no man will envy you those honors, in which a savage only can be your rival and a bear your master".

As a privacy advocate, when attempting to dissaude Mssrs. Comey and his kind from their worst and most anti-democratic unconstitutional excesses, I often feel much the same way.

The author continued:

"Judas is as much known as John, yet history ascribes their fame to very different actions".

Ah, betrayal. Forcing a company or open source nonprofit such as Tor Project to sign with their genuine cryptographic key a maliciously modified (trojaned) version of their product(s), is no less a betrayal than the most infamous act of betrayal recounted in the New Testament.

The author continued:

"Mankind are not universally agreed in their determination of right and wrong; but there are certain actions which the consent of all nations and individuals hath branded with the name of MEANNESS.... The particular act of meanness which I allude to in this description, is forgery".

American judges should take care, less they too be remembered, not for their prior service to Jesus or the state, or their charity, but for a single infamous act of betrayal of a formerly free people.

February 25, 2016

Permalink

@ Judge Jones:

In countries such as Thailand, criticizing the institution of monarchy is a crime. In countries such as Bahrain and Vietnam, voicing opposition to an official government policy is a crime:

https://theintercept.com/2016/02/24/bahrain-finds-opposition-leader-gui…
Bahrain Finds Opposition Leader Guilty of Opposition
Robert Mackey
24 Feb 2016

> Sharif [the opposition leader in question] began his remarks, last July 10, by explaining that although he was in prison in 2012 — along with a dozen other leaders of Bahrain’s political opposition jailed the year before as the monarchy tried to suppress a movement for democracy inspired by the Arab Spring — he had heard about the killing of a young protester, Hussam al-Haddad. After his release, just a few weeks before the memorial, Sharif said that he had been horrified to see disturbing, graphic images of young Hussam’s body, “punctured by bullets.”
>
> He went on to quote statements from Victor Hugo, Spinoza, and José Rizal, a hero of resistance to Spanish colonization in the Philippines, on the need for steadfastness in any struggle for freedom. Rizal, he noted, had explained that “the tyranny of some is made possible only by the cowardice of others.”
>
> “In our case,” Sharif said, “there is no going back to building a wall of fear. The government is only strong when we are cowards and is weak when we are courageous.”
>
> Later in the speech, he said that he understood that people were tired of protesting after more than four years of repression, but “let nobody fool you and say that the fire was extinguished, the revolution died, the people’s determination has softened.”

Do you believe that such language bears no similarities whatever to the strongly expressed anonymously published essays by "Common Sense"?

> Writing on Instagram, Bahrain’s public prosecutor expressed disappointment that the veteran political activist, Ibrahim Sharif, was not also convicted of plotting to overthrow the island nation’s government by calling for democracy and full civil rights for all citizens in a speech last year.

People who live in countries such as Bahrain, and who possess a moral compass, often turn to encrypted communication apps and to anonymity software such as Tor to discuss their views safely.

Are you saying that Ibrahim Sharif would have no expectation of privacy (from say, the government of Bahrain) while using Tor?

What is the current American government so terribly afraid of, were you and your fellow judges to follow the Constitution and protect political speech, even anonymous speech?

Another writer making the same point:

https://www.truthdig.com/report/item/the_human_rights_risks_of_encrypti…
The Human Rights Risks of Encryption ‘Back Doors’
Carey Shenkman
26 Feb 2016

> One fact that has received little attention in the current encryption debate is that many categories of individuals rely on strong encryption for their own security. These include sexual and gender-based rights activists, domestic violence victims, journalists and their sources, and human rights defenders. Strong encryption is necessary to protect fundamental human rights; as one technologist puts it, encryption saves lives.
>
> Encryption, a process of scrambling communications to make them private, is frequently discussed simply as a privacy issue. But the same process that keeps banks’ communications secure is also, for many, a safeguard of many human rights including the right to life. For those who rely on secure communications in sensitive situations, the issue goes far beyond privacy.
>
> Experts agree that “secure back doors”—which would give law enforcement secret access to digital storage or communications—are scientifically impossible. That explains the uproar over a federal magistrate judge’s recent decision ordering Apple to create a backdoor to an iPhone. On Feb. 25, Apple moved to vacate that decision and warned that the FBI is seeking a “dangerous power” in the case.
>
> Back doors are wholly unnecessary for security. Law enforcement agencies already use hacking tools to track electronic communications and circumvent encryption. Information-sharing programs reportedly exist with intelligence agencies, which use keyloggers to record encrypted messages before they are sent. National Security Agency (NSA) supercomputers can even number-crunch to break some encoded messages. And encryption does not shield the “to” and “from” lines of messages—also known as metadata. The problem is not a lack of tools, but intelligence failures in analyzing existing information—perhaps one reason former NSA head Michael Hayden rejects the FBI’s position on back doors.
>
> What is not being emphasized enough is how back doors will not only fail to solve this problem, but will also undermine the rights of several categories of people:
> ...

February 25, 2016

Permalink

http://www.slate.com/articles/news_and_politics/jurisprudence/2016/02/t…
The Case of the Century
The FBI’s fight with Apple will have far-reaching implications beyond the government’s ability to snoop through an iPhone.
Jordan Orlando
25 Feb 2016

> If the government’s efforts to force Apple to write custom software that will break the encryption protecting mass-murderer Syed Rizwan Farook’s iPhone succeed, it will be an epochal case in Fourth Amendment jurisprudence and privacy law.
> ...
> Whatever the outcome, the case will mark a fundamental—and inevitable—evolution of American law: It will be the moment that constitutional originalism was laid to rest as an outdated judicial philosophy that is unworkable in the 21st century.
> ...
> There’s obviously a great deal at stake from a real-world standpoint as well. Those drawing the battle lines in court and in the press are making increasingly dramatic claims in both directions, warning of the dangers of capitulation.... Despite the agency’s “one-and-done” assurances, Apple insists this would open the door to similar requests being made and enforced in the future, which would mean, potentially, that nobody’s iPhone—or any other digital device—would be private ever again.

A number of other well respected writers are framing the legal battle in similarly apocalyptic terms.

Tor Project must speak up on this issue. I endorse Slate's characterization: this is the "Case of the Century". If FBI wins, untrojaned Tor will become unimaginable. And what will become of us then?

February 25, 2016

Permalink

"arma: The Tor network is secure."

FALSE.

The IP addresses of Hidden Services Onions are trivially located by Law Enforcement and others with modest resources and time. There are whitepapers on this. Stop lying, and stop craftily declining to talk about this while cheering other subjects.

All usage modes of Tor are also massively vulnerable to timing / correlation attacks. Stop trying to disclaim and not talk about this issue by claiming it is not Tor's design, scope, or hard to impact / solve.

Unless your talk, and every talk, firstly mentions these issues, you guys are guilty of trying to bury it and claim you're something for everything, when you're not.

>>The IP addresses of Hidden Services Onions are trivially located by Law Enforcement and others with modest resources and time. There are whitepapers on this.

Orly? Where is your evidence for this statement?

If "the IP addresses of Hidden Services Onions are trivially located by Law Enforcement and others with modest resources and time" as you say, why have all the pedophiles, drug dealers, and other criminals setting up these services not all been arrested?

*facepalm*

If "the IP addresses of Hidden Services Onions are trivially located by Law Enforcement and others with modest resources and time" as you say, why have all the pedophiles, drug dealers, and other criminals setting up these services

Because Tor is falsely meant to be secure and because they have no choice. All they can do is to trust Tor, because they have no skills to check if it is really secure and even if it isn't they have no skills, resources and possibilities to create a more secure fork of Tor. All what can they can do is to use it and pry.

not all been arrested?
Because it will break the public opinion that Tor is secure. It will distract crime because the criminals (including the proponents of civil liberties in oppressive regimes like USA or UK) would know they have no protection, and the agencies metrics would be less fascinating which means less funding. They are not interested in reducing crime, they are interested in putting people into prisons to raise their metrics.

> If "the IP addresses of Hidden Services Onions are trivially located by Law Enforcement and others with modest resources and time" as you say, why have all the pedophiles, drug dealers, and other criminals setting up these services not all been arrested?
it is not the devil against an angel
we do not want the same world and the opponent have a better strategy ( outrageous ? ).
they do it blindly because they do not pay their errors.
more tor users there will have , more safer you will be.

Tor is indeed not perfect. For a good overview of design and architecture issues, I recommend the 25c3 talk, "Security and anonymity vulnerabilities in Tor":
https://media.torproject.org/video/2008-12-29-25c3-2977-en-security_and…

I'll dispute your "trivially" statement above though. The particular attack that worked in the CMU case was identified and fixed in 2014. They *didn't* use timing, and in fact the Snowden archive includes some analysis by an NSA person who tried to use timing for an attack and couldn't make it work reliably. I'm not saying it can't be done, but I think "trivially" is not the right word. Or to say it another way, nobody in the world knows how to build a secure one of these things, but Tor is still the best we've got.

What complicates it here is that the judge has clearly been twisting this word 'secure' to give it a legal implication -- if Tor says it's not perfectly secure, then you don't need a warrant to attack the user because they didn't want security. It is outrageous and ridiculous that telling people about the state of the art in security is being interpreted by governments as permission to strip away their rights.

February 26, 2016

In reply to arma

Permalink

See, this is an example of spinning away from the real issue someone mentions.

There have been real whitepapers posted to the Tor lists about locating hidden services. They mention using a farm of computers and a number of months of time. That IS trivial to even moderately motivated central entities.

As to why the FHOTI onions are not ALL being killed, maybe LEA doesn't yet have the person behind the hosting account... for which there's no real prize at trial. Maybe they're playing some kind of discover and entrapment and learning game.

As far as timing goes, that's pretty much NSA territory there. It is IN FACT entirely possible given maybe $10M thrown at network analysis over their system of cable taps and 'lawful' 'partnerships' with carriers. But you don't see their wins there because it's all TOP SECRET and PARALLEL CONSTRUCTION.

What matters in these things is that they CAN be done, and are likely to BE being done, and that Tor Project doesn't seem to really like to talk about them. Admittedly, probably because they're not easy problems, but also because they and others haven't focused research on them, thus it's embarassing to be pants down to them.

We expect more free and open and frequent and prominant disclosure of these vulnerabilities.

Mostly agree with what you wrote, just want to point out that only

o a much larger budget

o user-base funding (rather than USG funding)

can solve these problems.

>There have been real whitepapers posted to Tor lists about locating hidden services.

You do realize that such academia rarely scales to the real world, right? They often involve extremely precise prerequisites, such as an "isolated" Tor network which does not share any resources with the rest of the internet, or they involve an assumption that you already can monitor every AS in the world, etc. One good example is the website fingerprinting paper. It shows that it's quite trivial to identify a large amount of websites just by sniffing the timing and patterns of your connections at your local ISP. However when you read the whole thing, you realize that it not only works exclusively with the front page of the websites, require that you do not visit anything *but* the front page of the website, and that the attacker has a real-time update of all these websites' sizes. In the real world, it simply does not scale. Is it a good attack? Yes. Is it something which we should keep a watchful eye on? Yes. Does it mean Tor is broken? Not in the slightest.

So before you keep spouting that Tor is lying about security and blah blah, actually read the papers you are talking about. Until then, you're spreading FUD. The *fact* is, Tor stumps law enforcement, hackers, vigilantes, and many other of our real-life adversaries. It is extremely effective, and highly resistant to many attacks.

February 28, 2016

In reply to arma

Permalink

@arma

design changes to mitigate correlation attacks:

now: Tor routes the traffic through one route containing 3 relays

change: why not use many different routes containing each 3 relays for the same user.
so the traffic produced by one user is spread over, let us say, 3 routes (9 relays).
so every user uses 3 different entry nodes at the same time (and of course 3 different middle and exit nodes)

think of how IP packets wander through the internet. every packet takes a different route.

Because only one circuit would have to be compromised in order to identify the user. So basically you would multiply your attack surface by three.

This is the same basic reason that the number of guards was reduced from three to one in response to the CMU attack.

March 22, 2016

In reply to arma

Permalink

>in fact the Snowden archive includes some analysis by an NSA person who tried to use timing for an attack and couldn't make it work reliably.

I haven't heard of this. Can you (or someone else) link to the leaks in question? The only leaks specific to Tor that I know of are the QUICKANT thing (which we know nothing about) and the Tor Stinks presentation.

True!

timing / correlation attacks are big issues. So what is the solution?

Why not just create random traffic/noise by the Tor relays to make correlation attacks harder??

By the way: If you do multi-tab browsing, correlation attacks are much harder to do ;)

>timing / correlation attacks are big issues. So what is the solution?

If the solution was easy, everyone would have done it already. The problem is that low-latency anonymity networks will always be succeptible to various types of correlation attacks. I remeber reading in a research paper that nodes would have to delay TCP traffic by around 6 *hours* in order to effectively mess up correlation attacks. TCP doesn't even work on that timeframe, so that's of course imposible.

>Why not just create random traffic/noise by the Tor relays to make correlation attacks harder??

Because it is fairly trivial to distinguish algorithmically generated traffic patterns from human traffic patterns. The only similar solution is dummy traffic, effectively making Tor circuits send data at a constant bitrate, regardless of the actual contents. This would be utterly impractical, if not impossible with the current state of the Tor network. We would need orders of magnitude more usable bandwidth.

>By the way: If you do multi-tab browsing, correlation attacks are much harder to do ;)

[citation needed]
It's actually quite trivial to demultiplex such traffic. Perhaps if you had thousands of tabs or more all open, with a significant fraction using the network at any given time, then it may make it "much harder". But until then, the idea that multi-tabbed browsing makes correlation attacks harder is snakeoil advice.

February 25, 2016

Permalink

In an article which also quotes (in an update) the very statement posted above by arma, Motherboard says they have gained very reluctant confirmation from CMU and FBI officials (speaking separately) that:

1. A DOD grant supported the CMU SEI "research" on real people's data (no IRB anywhere in sight, blechch)

2. FBI knew of the research and secretly subpoenaed the data as soon as SEI acquired it.

https://motherboard.vice.com/read/carnegie-mellon-university-attacked-t…
Confirmed: Carnegie Mellon University Attacked Tor, Was Subpoenaed By Feds
Joseph Cox
24 Feb 2016

> In November, Motherboard reported that a “university-based research institute” provided information to the Federal Bureau of Investigation that led to the identification of criminal suspects on the so-called dark web. Circumstantial evidence pointed to that body being the Software Engineering Institute (SEI) of Carnegie Mellon University (CMU). After a media-storm, CMU published a very carefully worded press release, implying that it had been subpoenaed for the IP addresses it obtained during its research.

> Now, both the name of the university and the existence of a subpoena have been confirmed in a recent filing in one of the affected criminal cases.
> ...
> “The record demonstrates that the defendant's IP address was identified by the Software Engineering Institute (“SEI”) of Carnegie Mellon University (CMU”) [sic] when SEI was conducting research on the Tor network which was funded by the Department of Defense (“DOD”),” an order filed on Tuesday in the case of Brian Farrell reads. Farrell is charged with conspiracy to distribute cocaine, heroin, and methamphetamine due to his alleged role as a staff member of the Silk Road 2.0 dark web marketplace.

By the way, arma's post failed to clarify the crucially important fact that the order from Judge Jones which is the subject of his post is part of the flagship case which arose from the illegal and unconstitutional attack on the Tor by SEI (Software Enterprise Institute) of CMU (Carnegie Mellon University) last summer.

> “Farrell's IP address was observed when SEI was operating its computers on the Tor network. This information was obtained by law enforcement pursuant to a subpoena served on SEI-CMU,” the filing continues.

February 26, 2016

Permalink

Forthcoming OpenSSL releases

The OpenSSL project team would like to announce the forthcoming release of
OpenSSL versions 1.0.2g, 1.0.1s.

These releases will be made available on 1st March 2016 between approximately
1300-1700 UTC. They will fix several security defects with maximum severity
"high".

https://mta.openssl.org/pipermail/openssl-announce/2016-February/000063…

https://www.openssl.org/policies/secpolicy.html

Yes, yes, sure, and those no doubt badly needed urgent security upgrades are properly signed with the genuine openssl signing key so that users can verify their authenticity before installing the new version.

But what if the American government (or the Russian or Chinese or Vietnamese or Iranian or Bahrain government) can compel openssl to abuse their own cryptographic key by signing maliciously modified software disguised as "security upgrades"?

What if the supposed vaccine is really a deadly virus disguised as a health-preserving vaccine inoculation?

What then?

I personally compile everything from source, which allows me to look at the actual changes between each release and not just blindly trust a binary executable.

February 26, 2016

Permalink

I'm not familiar with the US law system, therefore I would like to know whether Tor is not comparable with a witness protection program: Due to the nature of thing the witness has to give his/her real name before getting an new one / alias.

I also wonder whether there is a right to a fair trial and if this right encloses a judge with necessary and sufficient intellectual skills.

I might try an analogy with three witness protection programs, and each of them gets to learn what name you used when you arrived (but they promise not to tell anybody of course). So you go to each of them in turn, and by the time you're enrolled in the third witness protection program, hopefully you're doing pretty well.

That analogy starts to break down, but I think of "one layer" of witness protection as being similar to a single-hop proxy:
https://svn.torproject.org/svn/projects/articles/circumvention-features…

As for whether judges should all come with up-to-date educations about what the Internet is, I will leave that question to the lawyers.

February 27, 2016

In reply to arma

Permalink

In a bit more detail, you could perhaps say: it works just a bit like this, but not really like this:

Richard Jones logs onto his ISP and gets the IP address 123.45.67.89. Which law enforcement can easily identify with Richard Jones using existing legal mechanisms unrelated to Tor.

123.45.67.89, the client, goes cap in hand to tor entry node "Vigoh", the server (performing a valuable public service), and is given alias "Tania Smirnov" (in an encrypted message).

"Vigoh" goes to tor relay node "Nezie" which gives "Tania Smirnov" the new alias "Tom Burgess" (in an encrypted message, using a second and unrelated key known only to "Vigoh" and "Nezzie").

"Nezie" goes to tor exit node "NSAjkNotReally", which gives "Tom Burgess" the new alias "Lenny Samuels" (in an encrypted message, using a third and unrelated key which is unknown to "Vigoh").

"NSAjkNotReally" goes to the website blog.torproject.org, which Richard Jones is trying to visit anonymously in order to see what people are saying about him.

If all works as intended, "NSAjkNotReally" knows that "Lenny Samuels" was previously known as "Tom Burgess", but does not know that "Tom Burgess" was previously known as "Tania Smirnov". And "Vigoh" knows that someone using 123.45.67.89 is also known as "Tania Smirnov", but not that this individual is known to "NSAjkNotReally" as "Lenny Samuels".

And torproject.org (and NSA) know that "NSAjkNotReally" is a Tor exit node, as would salon.com or fbi.gov, but torproject.org and NSA and salon.com and fbi.gov should have no idea that "Lenny Samuels" using Tor exit node "NSAjkNotReally" to read a webpage at blog.torproject.org is really someone using 123.45.67.89, much less that this person is Judge Richard Jones.

In a bit more detail, modify the analogy again to try to explain the role played by DNS servers which are not under the control of Tor Project or any party to the transactions so far described.

Then try to explain better the role of cryptography. Then try to explain the role of the Directory Authorities and how NSA monitors all connections to them. (Since this means NSA already knows the IP addresses of anyone entering the Tor network, this seems relevant to the case, yes? So explain onion services and why FBI thought it needed more than the IP address of everyone in the world using the Tor network at a given point in time.)

Then try to explain packet timing deanonymization attacks, circuit "staining", traffic analysis, semantic analysis, writeprints, browser insecurities, and so on.

Clearly, not an easy task at all.

Not the best idea if you want the judge to actually read the statement. The very basics of onion routing are not hard to understand and could be sought in many places, even YouTube, if the judge wanted to. But this case isn't really meant to be an all-out deliberation on whether Tor "is secure" or not, it's meant to decide if Farrell had a reasonable expectation of privacy under the law in the real world.

I think the statement does a good job of that; perhaps it could have been more detailled, but how much detail is too much really depends on whom you're talking to. I can't really expect the judge to become a security expert and cryptanalyst anytime soon.

"Richard Jones logs onto his ISP and gets the IP address 123.45.67.89."
and do not forget that any tcp connection may be forged on the way from the source to the destination without user's knowlege.

> any tcp connection may be forged on the way from the source to the destination

Yes, but one of the crucial details which was suppressed from the suggested laypersons description is the fact that Directory Authority IPs are hardcoded in the TBB tarball, which (wise) Tor users verify using the detached signature against the signing key before unpacking on their device, and cryptography and fingerprints are used in other ways to try to ensure authenticity.

The problem is that "rubber hose cryptanalysis" can potentially be employed to coerce key Tor Project people into using the genuine signing key to cryptographically sign state-sponsored malware disguised as the latest TBB tarball. This is what the Apple-v-FBI fight is all about, insofar as it immediately and directly impacts all Tor users irrespective of whether or not they use an iPhone.

trial = fair = constitutional every where
necessary and sufficient intellectual skills = reserved for premium
lowest minimum level = civil usage (free try_you pay the bug)

> I also wonder whether there is a right to a fair trial and if this right encloses a judge with necessary and sufficient intellectual skills.

Jones was nominated to his seat by President G.W. Bush in 2007, but he seems to be well regarded by lawyers in Washington state. From:

https://en.wikipedia.org/wiki/Richard_A._Jones

> In 2003, Jones was among the most-highly rated King County Superior Court judges in a survey of lawyers by the King County Bar Association.
> In 2004, he was named "judge of the year" by the King County and Washington State bar associations.

The real problem here is that jurists know a lot about the law, but rarely know any more about STEM (science, technology, engineering, math/statistics) that any randomly chosen "educated person". Given the fact that just about any issue in Western civilization is likely to rest upon at least one STEM discipline, the fact that jurists (and legislators, and reporters) are generally almost entirely ignorant about STEM disciplines is is a terrible and seemingly intractable problem.

Unfortunately, whenever jurists (or legislators, or lazy journalists) confront an issue resting upon something about which they know nothing (in this case Tor software and the Tor community), they tend to place undue weight upon what government experts (in this case the prosecution team) tell them, rather than upon briefs filed in the public interest by groups such as ACLU or EFF whose staff includes people who actually know something about the subject matter which forms the core of the legal issue at hand.

That said, Judge Jones presumed intelligence and common sense only makes his ignorance even more reprehensible, since he is obviously smart enough to appreciate the problem I just described and to seek technical advice from competent experts who can be trusted to provide unbiased assistance in understanding complex technical issues, such as how Tor software and onion services (also called hidden services) work, and complex social issues such as who uses onion services and why.

Not just narcos and purveyors of pron, Judge, but also human rights activists, medical aid workers and vaccination workers living in dangerous war zones, investigative reporters communicating with whisteblowers acting in the public interest, and many more. Apparently you wish to endanger all of these people by encouraging SEI and other FBI catspaws to cyberattack the Tor network. That represents neither justice nor wisdom.

Oh, by the way: besides Tor users, who else wants to be anonymous? US cops frightened by Black Lives Matter activists videotaping their professional activity in public places:

https://www.aclu.org/blog/speak-freely/virginia-wisely-rejects-secret-p…
Virginia Wisely Rejects Secret Police
Bill Farrar, Director of Public Policy and Communications, ACLU of Virginia
26 Feb 2016

> Imagine a future in which the government keeps secret the identity of every member of state and local law enforcement.
>
> It’s a frightening, Orwellian scenario that some legislators in Virginia thought was a good idea. Fortunately, a state House of Delegates subcommittee blocked the bill on Thursday, which would have allowed even more government information to be hidden away under the state’s F-rated open government laws.

The government demands total transparency for the citizens, and total opacity for itself.

That doesn't sound to me like government of the People, by the People, for the People, but government by the obedient servants of the ruling elite, for the benefit of the ruling elite.

February 26, 2016

Permalink

"Tor users clearly lack a reasonable expectation of privacy in their IP addresses while using the Tor network." It is clear that the court does not understand how the Tor network works.

They fully understand it purpose. In more clear words they stated "We will be breaking Tor, and this is legal to as to break Tor. We have f***ed you and we will f***k you constantly till the end of the world."

Not just Tor. They intend to f**k every user who ever downloads a properly signed update to the software used by their devices, unto the end of the World.

In particular, if you use Debian OS on a laptop, or a proprietary OS on a smart phone, those things must be updated regularly to fix security flaws. You (or rather your laptop, your phone) trust that the updates are genuine because they are cryptographically signed by the people who provide Debian, your smart phone, whatever. FBI is demanding the freedom to force any such provider to use their genuine signing key to sign maliciously modified versions of the software ("trojaned" "backdoored"). In other words: they demand to do to force providers to collaborate in state-sponsored criminality.

Hi I have a question. You have probably heard it many times:

Is it a good idea to use a (good) VPN and on top the Tor browser instead of only using Tor?

Prepresident Trump promises to "do much worse than waterboarding". I believe he can only be referring to naked genocide, and I am not the only one.

Trump has specifically mentioned his intention to kill the families of people disliked by his government, and to order the mass deportations of ethnic minorities, even of people likely to be executed by the governments of the countries which receive them. This is very close to state-sponsored genocide.

Glenn Greenwald has written a number of articles for The Intercept recently, in which he points out that insiders as well as external critics (notably including Greenwald himself) long warned the proponents of US drone strikes that such terror methods would soon escape the control of the political leaders who promised they would be never be used in a careless or unrestrained manner. Greenwald argues that it is absurd for people like Hayden to now express horror at the intentions of someone like Trump to turn the US into an explicitly authoritarian nation which routinely engages in fascistic abuses domestically and overseas, which promotes state-sponsored terrorism, including compelled betrayal of family, customers, users, both domestically and overseas, which engages in cyberwar against "hostile" civil liberties groups domestically and overseas, which freely uses nuclear weapons as an instrument of terror, etc.

February 27, 2016

Permalink

Could it be possible to allow tor to somehow put a anti tampering software into the coding of tor to prevent these sort of correlation attacks? like a robot to monitor ONLY for tampering signs & false and bad traffic? and make the software automatically
ether block the IP from the network or close the circuit of the person who is tampering with the traffic? i know this should be possible...making a self responsive robot to monitor only certain problems and react to those problems a certain way. this would be a great way to stop FBI and NSA doing these sort of attacks and making Tor officially close to unbeatable as it can be.

Patches welcome, as they say. The anti-tampering part is enforced by a digital signature, which the RELAY_EARLY flag was not protected by due to the protocol's design. With that now gone, there doesn't appear to be a lot of unsigned data left to be tampered with, but who knows how it could be abused. You can't just sign everything because the relays of a circuit need to be able to communicate independently of the client in order for the protocol to work efficiently.

If you're talking about exit nodes, that's completely different, but some projects do exist for detecting exit nodes that tamper with data. One example is InspecTor.

February 27, 2016

Permalink

In the last few years there has been a major push by governments to track everyone on the planet. This is why TOR pisses them off.

We have a massive marketing push for everyone to have smart phones (user trackable)

Many of the major net sites cannot be used without javascript (trackable)

As soon as the EX NSA person took over at Yahoo you cannot use their services unless you provide them with a mobile phone number (trackable)

It seems that using android devices you are trackable even if your messages are encoded.

Even users of PCs made in China were equipped with spyware.
There are I am sure many other tracking abilities we don't know about. It all smacks of a big brother attitude becoming common among political and police services around the world. It is almost like now you do not have a right to privacy if they decide otherwise.
All very sinister when "they" want to control the whole worlds population.

> Even users of PCs made in China were equipped with spyware.

Yes, the Lenovo "superfish" scandal, which also involved a Western spyware-as-a-service company.

You may be interested to know that US/UK/EU law enforcement "forensics" people are well aware that unlike US/UK/EU made devices, "no name" Chinese devices usually cannot be broken by exploiting legal terrorism to coerce "unlocking" by the device maker. But they are also well aware that these devices usually lack *any* security (unlike Apple iPhone), so this is not a problem for them.

(Of course FBI lies and claim it *is* a problem, because they are pushing so hard for criminalizing any security features which are difficult to break or evade.)

> There are I am sure many other tracking abilities we don't know about.

This is a very important point, and privacy advocates have indeed recently begun discussing the question of what other technologies may be widely used, of which the general public knows nothing.

These concerns have been impelled in part by recent revelations concerning:

o the secretive but ubiquitous use of ALPRs (automatic license plate readers), sometimes disguised by "privatizing" ALPR collection, or describing it as beneficial "traffic engineering" technology (ironically, the well publicized failure of "toll lane" technologies has demonstrated the inaccuracy of dragnet ALPR systems),

o the secretive abuse of "wireless mesh" emergency services networks to collect the unique machine identifiers of all WiFi enabled electronic devices in urban areas,

o the extensive use of "parallel construction" to hide role of NSA intercepts in ordinary criminal arrests,

o the long-suppressed but extensive use of spyplanes by FBI, DEA, corporations, sometimes registered to front companies (or disguised as "tourist flights" or "urban mapping" or "CAP patrols"),

o the long-suppressed but extensively used secret agreements intended to prevent judges, juries or the public from learning of the use by local police of "cell-site simulators" such as Harris Stingray devices, especially when used by "intelligence units" to collect the identities of everyone attending public events such as sporting events, political rallies, or protest marches, with the goal of feeding this data into Big Data analytics to help FBI/NCTC refine its "profiles" of people who might be sympathetic to Black Lives Matter or BDM movements,

o the rapidly growing role of US military in hi-tech domestic surveillance of "radicals", disguised as "training missions" of special forces in US cities, or of USN/USCG cyberwarriors in overflights by special cyberwar/cyberspy planes,

o profiling drawing on social media postings which is specifically designed to enable highway patrols to seize cash from travelers who don't trust banks, essentially abusing asset forfeiture laws to enrich themselves in a kind of state-sponsored expropriation which overwhelmingly targets poor people who cannot afford a lawyer (since the seizures can usually be recovered if one hires a lawyer, although this may result in spending more money than was seized in a given traffic stop),

o individual police using COTS drones and wardriving equipment in "creative" and highly abusive ways (who sometimes forming their own companies to sell their copware),

o growing concern among technologists about the atrocious state of cybersecurity of IoT devices and the US power grid and traffic signaling circuits (both controlled via unencrypted and easily intercepted/modified communications),

o concern about the fact that most consumer drones, IP security cameras, and a growing list of popular copware cyberespionage and "cyberforensics" devices, are made in China and send possibly sensitive data about US citizens and companies back to Chinese servers,

o an exponentially growing list of new technologies such as radars, WiFi receivers, microscopic unbundled fiber optic cables which can form images of people as they move about inside their own homes,

o published documents from the Snowden trove confirming a long list of abusive practices by FVEY, such as

+ numerous huge and highly abusive dragnet surveillance programs (PRISM, "upstream", collecting content of all phone calls made to/from/in entire nations, etc.),

+ "effects" campaigns targeting people just because they have an "interesting" job such as telecom engineer or climate scientist, or happen to be an acquaintance or family member of such a person,

+ policy of keeping cybersecurity of consumer devices (phones, routers, PCs, laptops, fax machines, printers, IoT devices) weak in order to spy on everyone, even though FVEY is well aware that this exposes everyone to enormous risks from criminals, "adversary nation" cyberespionage/cyberwar, stalkers, etc. (with children being particularly vulnerable, which puts the lie to FBI screaming "save the children!"),

+ extensive use of specialized espionage hardware with works with state-sponsored APT malware to read information off laptop/PC screens, or reads data being printed on laser printers by intercepting unintentional electronic emanations (countermeasures to this kind of thing are sometimes called "TEMPEST"; FVEY is determined to prevent citizens from easily obtaining such useful defensive devices as "Faraday bags" even though stalkers and criminals can make their own espionage hardware using COTS equipment),

+ extensive cooperation with "academic researchers" who perform
"academic research" using vast amounts of "data exhaust" emitted by unwitting consumers, including poorly secured personal medical records; this amounts to illegal human experimentation which can have devastating effects on the personal well-being of the victims when FVEY uses it to develop, for example, lists of targets for "signature drone strikes", or less drastically, US citizens who become unwitting victims of state-sponsored algorithmic discrimination (a consequence of "algorithmic government" which, by design, treats each citizen differently according to profiles developed using Big Data; for example, police agencies are developing databases which offer to beat cops a "threat score" rating everyone they encounter, so that the police are more likely to shoot people with high scores, when they stop them for a frisk and when, in unconscious agitation, they move their hands rapidly or adjust their clothing, because such motions are interpreted as someone reaching for a gun.)

That's just off the top of the head of one privacy advocate. And I can see that even a very incomplete list of current major concerns may appear daunting! So let me try to narrow the focus slightly:

Two of the largest and most rapidly increasing sources of danger to the hapless ordinary citizen may be:

o exploitation of ubiquitous WiFi "security systems", thermostats, coffeepots for real-time dragnet style in-home surveillance,

o exploitation of atrocious IoT insecurity to track and spy on everyone in real time, both in and out of their homes.

In order to ensure they can pursue these methods, FVEY, FBI/NCTC have been trying to "shape the environment" by quietly funding or influencing the commercial development of:

o unsecured or poorly secured IoT devices which are easily abused for dragnet style geolocation and real time tracking and bugging of every person in the world,

o moving everything to the cloud, where poor encryption enables FVEY to spy unto the end of the world, which may come sooner than they think since this also enables identity theft, cyberespionage, cyberwar, etc. by criminals, "adversary nations" like North Korea, etc.

So for example, Google is pressured to keep IoT security weak (raising the specter of anti-trust actions or tax-evasion prosecutions tends to be rather persuasive), defense contractors like Northrup-Grumman, Amazon, and Level-3, which depend upon the good will of USG for survival, also sell all manner of "security devices" for US industry, US consumers, and US public transit agencies, and are pressured to ensure FVEY can easily exploit these devices for dragnet surveillance. Of course, this means China and Russia can also exploit them, but this is deemed an acceptable trade off by NSA and its friends.

As another example of "shaping the environment" to prepare the way for future and even more intrusive dragnet surveillance of all their citizens, FVEY has been enthusiastically "incubating" commercial technological innovations, nominally intended for real time geolocation and cross-device tracking of all consumers by marketeers, which relies on two types of technology:

o unpowered passive chips which may soon be quietly embedded in all consumer items of footwear and outerwear,

o low power devices, which may soon be ubiquitous everywhere in all cities, which will continually interrogate footwear/clothing and transmit real time data (unencrypted or poorly encrypted, of course) to central servers.

This will mean that by spying on these commercial data spy networks, FVEY will be able to easily track in real time everyone who is wearing clothing as they go about their lives, even if they do not carry smart phones out of concern about real time tracking and "hot-miking". There are already prototype outerwear items which can transmit the wearer's speech to a nearby low-power interrogation device, so FVEY expects to soon be able to "hot mike" everyone who is wearing shoes or a jacket. And of course anyone who doesn't wear shoes or clothing will be easily identified and arrested, just as currently anyone who doesn't carry a smart phone is easily identified as "suspicious" by dragnet style wireless mesh tracking, Stingray dragnets, etc.

Similarly, FVEY encourages NIH, CDC, and AMA to lobby for nominally beneficial health initiatives which would mandate that poor people wear fitwear devices to encourage them to walk more, manage their moods, blood sugar level, etc. But these devices are unsecured or poorly secured, so easily exploitable to spy in real time on geolocation and bodily functions. As a hapless Presidential candidate recently discovered, such devices may also transmit your conversations to some commercial server. All this means FVEY can easily grow even more dragnet surveillance systems to keep tabs on what their citizens are saying, feeling, and doing.

As you probably know, some magistrates have become very unhappy to learn (from privacy advocates) of how extensively they have been misled by LEAs about such matters as Stingrays and "parallel construction", and have issued decisions denying some motions by FBI demanding approval for further abuses of this nature. But the higher courts almost always reverse these magistrates upon appeal, often by ruling that someone did not after enjoy a "reasonable expectation of privacy" in some everyday activity.

But given the above considerations, one wonders if there is *anything* left which a federal appeals court (or SCOTUS) would uphold as a "reasonable expectation of privacy".

Indeed, FBI has been successfully arguing in US court that thanks to Snowden, no no citizen has any "reasonable expectation" of privacy anywhere at any time. To a privacy advocate, this seems to be just one more aspect of how the government abuses everyone, then uses revelations of that very abuse to enable even *more* abuse.

February 27, 2016

Permalink

@ arma:

IMO you need to rewrite the statement posted above for clarity.

You were supposedly addressing journalists, but your statement above confused even me, and I have been a loyal Tor user for more than a decade! Few journalists are likely to come to write a story about Tor with that much background.

I suggest a second blog post with a completely new statement explaining

* who uses Tor and why

* what Tor does (the simple version, for reporters and jurists who don't have a clue)

* the background of the CMU/SEI scandal

* context of the Apple-v-FBI iPhone unlocking battle

* key point: FBI wants to force Apple (and Google? Debian Project? Tor Project?) to use their genuine cryptographic signing keys to sign maliciously modifed versions of software disguised as a "software update" or even "security upgrade"

* context of CryptoWars II

* mandatory backdoors sought by other governments, including Snooper's Charter in the UK

These people know nothing and are under deadline, so your post will be the ONE THING they read from TP about what Tor does and why.

About the coerced misuse of cryptographic signing keys: here is an article which clearly explains the point:

http://arstechnica.com/security/2016/02/most-software-already-has-a-gol…
Most software already has a “golden key” backdoor: the system update
Software updates are just another term for cryptographic single-points-of-failure.
Leif Ryge
27 Feb 2016

> Q: What does almost every piece of software with an update mechanism, including every popular operating system, have in common?
>
> A: Secure golden keys, cryptographic single-points-of-failure which can be used to enable total system compromise via targeted malicious software updates.
>
> I'll define those terms: By "malicious software update," I mean that someone tricks your computer into installing an inauthentic version of some software which causes your computer to do things you don't want it to do. A "targeted malicious software update" means that only the attacker's intended target(s) will receive the update, which greatly decreases the likelihood of anyone ever noticing it. To perform a targeted malicious software update, an attacker needs two things: (1) to be in a position to supply the update and (2) to be able to convince the victim's existing software that the malicious update is authentic. Finally, by "total system compromise" I mean that the attacker obtains all of the authority held by the program they're impersonating an update to. In the case of an operating system, this means that the attacker can subvert any application on that computer and obtain any encryption keys or other unencrypted data that the application has access to.
>
> A backdoored encryption system which allows attackers to decrypt arbitrary data that their targets have encrypted is a significantly different kind of capability than a backdoor which allows attackers to run arbitrary software on their targets' computers. I think many informed people discussing The Washington Post's request for a "secure golden key" assumed they were talking about the former type of backdoor, though it isn't clear to me if the editorial's authors actually understand the difference.

As Debian Security Team knows, some of us have been warning about this danger for more than a decade. In my experience, only Weasel seemed to understand what we were trying to say.

I'd much rather have been proven correct about a less horrifying prediction, but this is what it is: we have in America arrived at a time and place where the government is demanding that private individuals, nonprofit organizations, and companies assist them in state-sponsored criminality, in the name of "national security".

The analogies with the demands of Herr Hitler in post-Weimar Germany are too obvious to require any explanation from me.

February 27, 2016

Permalink

The Apple-v-FBI story just keeps getting scarier.

I am hearing rumors that our enemies are plotting a new strategy in which they will attempt to persuade the US Congress under pressure of Torschlusspanik to enact legislation providing for companies, even entire industries, which are determined (by the government) to be "vital to national security", to be *nationalized* in the event a "national emergency", such as another mass shooting incident.

Human rights advocates have tried to warn for years about the dangers of nationalizing mass communication media, pointing to abuses in countries such as Iran (where telecoms are not quite literally government agencies but are under firm governmental control) and North Korea (where the Linux of the land is a government made forgery).

(Torschlusspanik: the fear of missing an enormous time limited unique opportunity. Historically used in the context of an opportunity to enslave vulnerable people in order to enrich oneself by exploiting them. Secondary meaning: panic at watching doors cryptographically slamming in the leering face of the sovereign and the slave master.)

http://arstechnica.com/tech-policy/2016/02/german-police-can-now-use-sp…
German police can now use spyware to monitor suspects
Spyware can only be installed when lives are at risk or nation is threatened.
Glyn Moody
25 Feb 2016

> German police are now permitted to infect a suspect's computers, and mobile devices with special trojan software to monitor communications made with the systems, the country's interior ministry has confirmed.
>
> The malware can only be deployed when lives are at risk, or the state is threatened, and will require a court order to allow police officers to infect the machines of alleged criminals.
>
> However, the government-developed malware must not be used to monitor other activities on the system, or to change data or programs. It follows a decision by Germany's Constitutional Court in 2008, which ruled that the an individual's private life should have absolute protection, and that eavesdropping must be limited to a person's communications with the outside world.

February 27, 2016

Permalink

Stay tuned for this crucial hearing in the US House of Reps next week:

http://www.theguardian.com/technology/2016/feb/27/apple-fbi-congression…
Crunch time for Apple as it prepares for face-off with FBI
What might happens at this week’s congressional hearing as the iPhone maker continues to defy last month’s court order over phone encryption?
Sam Thielman New York and Danny Yadron
27 Feb 2016

> On Tuesday, Apple will face one of the biggest corporate challenges in its history, when it tells a US House of Representatives committee why it has refused to help law enforcement officers break into the iPhone of Syed Farook – one of the gunmen in the San Bernardino shooting in December that left 14 dead and 22 wounded. The technology giant will be represented by its top lawyer, Bruce Sewell; making the case against it will be FBI boss James Comey.
>
> Apple, the world’s most valuable private company, has come under fire from many in politics and law enforcement after refusing to comply with the 16 February court order.
>
> Described by Apple chief executive Tim Cook as “chilling”, the order would require the company to disable some of the phone’s security measures so the government can find [no, guess by brute forcing] Farook’s passcode. Normally an iPhone’s operating system slows it down every time a wrong passcode is used, so that it is effectively impossible to break in by systematically trying all combinations.

I hope ACLU and EFF may also be allowed to offer their comments during this hearing.

And where Shari Steele stand in what Slate and other publications are calling the "case of the century"?

Most commentators seem to agree that the judiciary cannot be left to decide this issue; rather the Congress should debate on the floor clearly written proposed legislation, such a sweeping Privacy Law. Or failing that, either bills forbidding backdoors or bills mandating them. (Rep Ted Lieu and some others are cosponsoring a House bill which would prevent individual US state legislatures from mandating back doors, but that bill doesn't prevent the federal congress from mandating back doors.)

February 27, 2016

Permalink

https://www.aclu.org/blog/speak-freely/7-reasons-government-backdoor-ip…
7 Reasons a Government Backdoor to the iPhone Would Be Catastrophic
Noa Yachot, Communications Strategist, ACLU
25 Feb 2016

Reason the first:

> The precedent would undermine some of the most important developments in digital security over the last few decades.
>
> To bypass the iOS security features that are preventing the FBI from accessing the contents of the phone, Apple would need to cryptographically “sign” a new version of iOS before pushing it out to the phone (in the same manner it does whenever iPhone users update the iOS on their phones). The signing step essentially confirms that Apple vouches for the update.
>
> If Apple is forced to sign the new, security-broken GovOS, it would undermine one of the most important developments in digital security in recent years. These days, all tech companies build automatic updates into their products. This is an excellent way to ensure that security flaws are patched up as quickly as companies can discover them and that all of us continue to use secure devices immune from malicious attackers.
>
> But once the government secures a precedent to force a company to vouch for an update that it knows is actually insecure malware, users will stop trusting automatic updates. After all, how would anyone be able to trust an update from Apple when the public knows that the government might be directing the insertion of vulnerabilities into new software, even when it’s signed by Apple? Vulnerabilities will go unfixed, creating an optimal environment for hackers and spies. At a time when even President Obama has recognized cybersecurity to be one of the most significant economic and national security threats we face today, it makes no sense to undermine one of the best online security mechanisms out there.

Which part, judges, did you not understand?

February 27, 2016

Permalink

Shari Steele's former EFF colleague Cindy Cohn offered a statement of support for Apple at the recent shareholders meeting, where Tim Cook got a huge standing ovation (not often that a progressive wants to huge shareholders in a huge tax-evading company, but, thank you Apple shareholders for supporting Tim Cook!):

https://www.eff.org/deeplinks/2016/02/eff-apples-shareholders-meeting-s…
EFF to Apple Shareholders: Your Company Is Fighting for All of Us
Rebecca Jeschke
26 Feb 2016

Shouldn't Shari break her rule of working behind the scenes to make a strong statement of support for Apple in defying FBI's horrifically anti-democratic demands?

February 27, 2016

Permalink

Since the judges still don't seem to understand our point, let's try another analogy:

Suppose I go to my doctor's office to receive a flu shot, because I've seen CDC public service announcements explaining that not only will the shot reduce the chances that I myself will come down with this season's variety of the flu, but more importantly, I will help to create a communal resistance to the flu which will greatly benefit people, such as infants and older people with compromised immune systems, who are at great risk of dying if they catch a nasty flu bug, but who cannot themselves be given the vaccine, for medical reasons.

Now suppose that a few days after I get the shot, I come down with a serious case of the flu. Even worse, my brother's infant son comes down with the flu and dies. And my boss fires me because I got very sick and couldn't work for several days. Then I read in Wikileaks that newly leaked documents, the authenticity of which the government cannot deny, show that the government itself compelled my doctor to secretly substitute for the flu *vaccine*, in the shot he injected into my body, a deadly strain of live flu virus.

Now judges, how do you think I will react to this revelation?

With increased trust in the US government? Really?

What do you think I will do next flu season, if I am still alive?

Return to the clinic for another "flu shot"? Really, you think that's what I would do?

Now what do you think will happen to the health of the population of the USA if everyone refuses flu shots?

Freenet is not a proxy, and it cannot be used as such. It is a censorship-resistant distributed datastore, with an emphasis on anonymity. Freenet can only access Freenet resources, not generic internet resources, meaning it cannot be used as a proxy.

March 01, 2016

Permalink

https://www.theguardian.com/science/2016/mar/01/turing-award-whitfield-…
Turing Award goes to the men who made online commerce possible
1 Mar 2016

> The honor comes amid a pitched battle between the FBI and Apple, which is resisting government pressure to help the government hack into a terrorist’s iPhone.
> ...
> Hellman said that giving the FBI what it wanted would unleash “huge” consequences that could not be contained.
>
> “The problem isn’t so much with this first request, it’s the precedent that it would set and the avalanche of requests that would follow,” Hellman said, adding that many would likely come from less democratic governments such as China, Russia and Saudi Arabia.
>
> Hellman said he would sign on to one of the many friend-of-the-court briefs backing Apple in the case. Tech giants such as Google, Microsoft, Facebook and Twitter have pledged to participate as well.
>
> Diffie also has advocated against giving “back doors” to law enforcement, coauthoring a paper with other prominent cryptographers last year that urged the US government to carefully consider the risks.
>
> Hellman, now 70, said the encryption technologies he and Diffie invented in the 1970s did not make them popular with the government. Before their research, encryption had mainly been the realm of government entities such as the NSA. Their work allowed it to spread to the private sector.

Which enabled on-line banking and e-commerce.

Think how different our world would be if NSA had been successful in preventing the spread of strong cryptography!

Some, including this writer, are skeptical whether ecommerce has really made the world a better place. But if NSA had gotten its way, the decision whether or not to grow ecommerce would have been made by this most secretive of all secret USG agencies.

The founders of Facebook, Amazon, and all the rest would have been sternly told to shut up and go hide under a rock, because NSA's unofficial motto has always been "never say anything". Most especially applied to anyone who might dare to speak out against some USG policy.

Permitting the continued existence of NSA is worse than wrong, it's stupid.

March 01, 2016

Permalink

Tech writer and outspoken Tor supporter Cory Doctorow has just published the wittiest and most incisive critique of backdoors which I have yet seen anywhere. His argument ties in very nicely with the arguments some Tor users have been trying to present in the comments in this blog that Tor Project needs to take a public position in Apples legal battle against FBI:

http://www.theguardian.com/technology/2016/feb/24/the-fbi-wants-a-backd…
The FBI wants a backdoor only it can use – but wanting it doesn’t make it possible
Much like climate change denialists, politicians continue to debate encryption – ignoring the consensus of experts that it must not be compromised
Cory Doctorow
24 Feb 2016

> The FBI’s demand that Apple create a defeat device for decrypting a phone that belonged to a mass murderer has all the ingredients for a disastrous public conversation.
> ...
> This is the title sequence for Crypto Wars II, not the closing credits.
>
> The first Crypto War was fought in the 1990s when the NSA insisted on a ban on strong crypto in civilian hands, and the US classed the underlying mathematics as munitions.
>
> The Clinton administration lobbied for mandatory backdoors, insisting that it was possible to make a backdoor that only the good guys could walk through – precisely the same argument raised by the Obama administration in 2016 (see also: 2015, 2014, 2013, 2012, etc).
>
>The thing about this controversy is that it isn’t one. Independent cryptographers are virtually unanimous in their view that you can’t properly secure a system while simultaneously ensuring that it ships with a pre-broken mode that police can exploit.
>
> The fact that this would be useful doesn’t make it possible: as security experts Meredith Whittaker and Ben Laurie recently wrote: “Wanting it badly isn’t enough.”
>
> Law enforcement would also be assisted by anti-gravity devices, time machines, psychic powers, and the ability to selectively reverse entropy, but that doesn’t make them possible. Likewise uncontroversial is the gravity of the cybersecurity question. Cybersecurity isn’t just about protecting your location data and your private emails: it’s about making sure randos aren’t spying on your children through your baby monitor, or driving your car off the road, or killing you where you stand by wirelessly hacking your insulin pump – or stealing entire hospitals.
>
> If you’re not worried about this stuff, you’re not paying close enough attention.

Exactly! Tor users everywhere, in the name of all that is just, tell your friends, tell your political representatives.

Doctorow continues by exploring a very apt analogy:

> There’s precedent for this kind of contradiction, where something urgent is considered a settled matter in expert circles, but is still a political football in policy circles: climate change. Denialism is a deadly feature of 21st-century life.
>
> The people who deny climate change have a range of motivations, from good-faith (but ill-founded) scientific disagreements to self-delusion to self-interest (and self-delusion driven by self-interest, of course). Many tactics have been tried in the denialism battles, but there have been few successes.
> ...
> As a parent in a California school district, I can tell you that it’s working: the bus-shelter outside our local pharmacy may sport a nutty anti-flu-jab ad, and I still hear parents fretting about canards like mercury and “too many vaccinations in one shot”, but all the kids in our local school are vaccinated, full stop.
>
> When we missed a doctor’s appointment for a Hep B shot, we got a note from the school nurse with a firm deadline to make it up, after which our daughter would no longer be welcomed on the premises. Measles, whooping cough and other preventable diseases are receding into the background. We hear stories about home-schooled, unvaccinated friends being disinvited from birthday parties because it’s simply ceased to be socially acceptable for someone to let their unfounded beliefs endanger their neighbors and their kids.

To repeat: FBI is seeking (on at least five fronts) the "legal authority" to coerce any provider of cryptographically signed security patches to use their genuine signing key to sign malware disguised as a "software update", which will then be accepted by the victim device as authentic, because it is signed with the genuine signing key from a reputable company (Apple), nonprofit (Tor Project, Debian Project), or developer (Jacob Appelbaum, say).

This is analogous to the seeking the authority to coerce physicians to secretly substitute live deadly virus or a deadly neurotoxin for a medically beneficial flu vaccine, either targeting specific individuals (such as anti-nuclear-weapons campaigners) or entire communities (American Muslims and Mexican-Americans, perhaps, if "torture is the least of what I'll do" Trump is elected US President).

If such deadly tactics are adopted on a wide scale--- and from the hundreds of US LEAs which are already clamoring to use the anticipated "legal authority" to coerce improper cryptographic signatures, this seems inevitable, with or without FBI support--- the citizenry will notice a pattern in which large numbers of people die horrible deaths soon after receiving a flu shot, and will therefor refuse vaccinations, which would be a public health disaster.

In just the same way, if FBI gets its way, everyone will refuse to update their software, which would seem to be the final nail in the coffin of public cryptosecurity.

Doctorow's article is well worth reading in full.

March 02, 2016

Permalink

First time using Tor in a long time. About 80% of the websites
Were completely inaccessible and appear to intentionally block
Traffic coming from Tor. Tor is essentially worthless as an
Anonymizer if the majority of sites can identify all Tor traffic and
Simply block it all

Tor doesn't attempt to hide traffic coming from it; it tries to hide which user of tor is going to which website. The website knows you're a tor user but not which tor user, so you're either anonymous or pseudonymous depending on your usage style.

March 03, 2016

Permalink

One of the key points which privacy advocates make in Apple-v-FBI is that there is no such thing as a backdoor which can be exploited only by one agency in one government.

Four examples of how "NOBUS" backdoors mandated by USG decades ago are having a terrible detrimental effect on global cybersecurity today: four of the most devastatingly effective (practical) contemporary cyberattack schemes on ordinary citizens and government employees (FREAK, POODLE, LOGJAM, DROWN) exploit ancient "backdoors"-- or more precisely, deliberate weakening of "export" protocols to enable NSA to break the crypto when used outside the USA:

http://www.theguardian.com/technology/2016/mar/02/secure-https-connecti…
Drown attack: how weakened encryption jeopardizes 'secure' sites
Researchers warn sites such as Yahoo, BuzzFeed and Flickr would be susceptible to attack, and credit card info, passwords and other data could be compromised
Nathaniel Mott
2 Mar 2016

Implicit in the above: "no backdoors ever" is meaningless unless the definition of backdoors is clearly stated, and unless the issue of "future proofing" is discussed.

March 03, 2016

Permalink

The following ought to help bolster support in the US Congress for Apple in Apple-v-FBI: the ex-husband of a Tor supporter and his coauthor have just been honored with the most prestigious prize in computer science (long overdue), named for (the ironies just keep coming) GCHQ's hero cryptographer, who was later forced to commit suicide because as a "deviant" [sic] who knew where HMG had buried the bodies, he allegedly posed a risk to "national security":

http://arstechnica.com/security/2016/03/men-behind-diffie-hellman-key-e…
Men behind Diffie-Hellman key exchange receive top computer science prize
Pioneering work 40 years ago lead to PGP, TLS, and all your fav crypto protocols.
Cyrus Farivar
1 Mar 2016

> On Tuesday, the Association for Computing Machinery, the nation’s leading organization for computer science, awarded its annual top prize of $1 million to two men whose name will forever be immortalized in cryptography: Whitfield Diffie and Martin Hellman.
> ...
> "Today, the subject of encryption dominates the media, is viewed as a matter of national security, impacts government-private sector relations, and attracts billions of dollars in research and development," Alexander L. Wolf, ACM's president, said in a statement. "In 1976, Diffie and Hellman imagined a future where people would regularly communicate through electronic networks and be vulnerable to having their communications stolen or altered. Now, after nearly 40 years, we see that their forecasts were remarkably prescient."

https://www.theguardian.com/science/2016/mar/01/turing-award-whitfield-…
Turing Award goes to the men who made online commerce possible
1 Mar 2016

> This year’s $1m AM Turing Award goes to a pair of cryptographers whose ideas helped make internet commerce possible, and who now argue that giving governments a “back door” into encrypted communications puts everyone at risk.
> ...
> Hellman said that giving the FBI what it wanted would unleash “huge” consequences that could not be contained. “The problem isn’t so much with this first request, it’s the precedent that it would set and the avalanche of requests that would follow,” Hellman said, adding that many would likely come from less democratic governments such as China, Russia and Saudi Arabia. Hellman said he would sign on to one of the many friend-of-the-court briefs backing Apple in the case. Tech giants such as Google, Microsoft, Facebook and Twitter have pledged to participate as well.
>
> Diffie also has advocated against giving “back doors” to law enforcement, coauthoring a paper with other prominent cryptographers last year that urged the US government to carefully consider the risks.
>
> Hellman, now 70, said the encryption technologies he and Diffie invented in the 1970s did not make them popular with the government. Before their research, encryption had mainly been the realm of government entities such as the NSA. Their work allowed it to spread to the private sector.

March 03, 2016

Permalink

I've reviewed dozens of articles on Apple-v-FBI and I believe the three most important for worried Tor users (and if you are not worried, you should be!) are these:

http://arstechnica.com/security/2016/02/most-software-already-has-a-gol…
Most software already has a “golden key” backdoor: the system update
Software updates are just another term for cryptographic single-points-of-failure.
Leif Ryge
27 Feb 2016

> Q: What does almost every piece of software with an update mechanism, including every popular operating system, have in common?
>
> A: Secure golden keys, cryptographic single-points-of-failure which can be used to enable total system compromise via targeted malicious software updates.
>
> I'll define those terms:

Everyone who mentions "backdoor" needs to do likewise, because it matters very much what one means by terms too often left undefined.

> By "malicious software update," I mean that someone tricks your computer into installing an inauthentic version of some software which causes your computer to do things you don't want it to do. A "targeted malicious software update" means that only the attacker's intended target(s) will receive the update, which greatly decreases the likelihood of anyone ever noticing it. To perform a targeted malicious software update, an attacker needs two things: (1) to be in a position to supply the update and (2) to be able to convince the victim's existing software that the malicious update is authentic. Finally, by "total system compromise" I mean that the attacker obtains all of the authority held by the program they're impersonating an update to. In the case of an operating system, this means that the attacker can subvert any application on that computer and obtain any encryption keys or other unencrypted data that the application has access to.
>
> A backdoored encryption system which allows attackers to decrypt arbitrary data that their targets have encrypted is a significantly different kind of capability than a backdoor which allows attackers to run arbitrary software on their targets' computers.

So for example: if you use Debian, when you download the latest security upgrades from an official Debian repository, your computer accepts them as legitimate because they are signed with authentic debian signing keys. When you download the latest TBB tarball, you check that it has not been tampered with by verifying the detached signature using the authentic public key half of the signing key keypair. If FBI can obtain the secret half of the signing key keypair--- or force a TP staffer to abuse the key by signing malware disguised as a security upgrade, and never after tell a living soul about the incident--- then they can maliciously impersonate TP in an undetectable manner.

This is very much like going to your doctor to obtain an annual flu shot. You trust your doctor to inject you with a beneficial health-preserving medicine. But what if the government has forced her to secretly substitute a deadly poison, or metastatic cancer cells, for the legitimate vaccine? This is exactly what FBI is demanding Apple do, in at least a dozen cases (soon to be tens of thousands).

If the USG commits legal terrorism against the medical profession in this way, eventually most people will notice the pattern of people dying horrid deaths soon after receiving a "flu vaccine", and will refuse future vaccinations, to the enormous detriment of public health. In just the same way, if the USG commits legal terrorism against software/device makers, eventually most people will notice the pattern and start refusing system upgrades, to the enormous detriment of global cybersecurity of all peoples and all governments.

http://www.theguardian.com/technology/2016/feb/24/the-fbi-wants-a-backd…
The FBI wants a backdoor only it can use – but wanting it doesn’t make it possible
Much like climate change denialists, politicians continue to debate encryption – ignoring the consensus of experts that it must not be compromised
Cory Doctorow
24 Feb 2016

> The first Crypto War was fought in the 1990s when the NSA insisted on a ban on strong crypto in civilian hands, and the US classed the underlying mathematics as munitions.
>
> The Clinton administration lobbied for mandatory backdoors, insisting that it was possible to make a backdoor that only the good guys could walk through – precisely the same argument raised by the Obama administration in 2016 (see also: 2015, 2014, 2013, 2012, etc).
>
> The thing about this controversy is that it isn’t one. Independent cryptographers are virtually unanimous in their view that you can’t properly secure a system while simultaneously ensuring that it ships with a pre-broken mode that police can exploit.
>
> The fact that this would be useful doesn’t make it possible: as security experts Meredith Whittaker and Ben Laurie recently wrote: “Wanting it badly isn’t enough.”
>
> Law enforcement would also be assisted by anti-gravity devices, time machines, psychic powers, and the ability to selectively reverse entropy, but that doesn’t make them possible. Likewise uncontroversial is the gravity of the cybersecurity question. Cybersecurity isn’t just about protecting your location data and your private emails: it’s about making sure randos aren’t spying on your children through your baby monitor, or driving your car off the road, or killing you where you stand by wirelessly hacking your insulin pump – or stealing entire hospitals.

> If you’re not worried about this stuff, you’re not paying close enough attention.

Doctorow continues by exploring the close analogy between climate change denialism by US politicians (which is now widely acknowledged to have led to a global climate disaster--- the latest predictions now seem to show that Earth may gradually lose its water over coming millenia, rendering Earth uninhabitable by humanoid life forms) and math denialism by FBI.

Neither author quite makes explicit an additional crucial point: math trumps FBI's attempts to conjure a unicorn, and physics trumps those who would attempt to evade the laws of thermodynamics, but legal terrorism trumps cryptographic protocols.

What we are talking about is "rubber hose cryptanalysis": beat the key out of someone, and you can in effect force them to help you hurt vast numbers of additional victims of state brutality.

A third crucial point: if FBI establishes the precedent of rubber hose cryptanalysis as acceptable for governments everywhere, what groups will suffer the worst abuses?.

https://www.truthdig.com
The Human Rights Risks of Encryption ‘Back Doors’
Carey Shenkman
26 Feb 2016

> One fact that has received little attention in the current encryption debate is that many categories of individuals rely on strong encryption for their own security. These include sexual and gender-based rights activists, domestic violence victims, journalists and their sources, and human rights defenders. Strong encryption is necessary to protect fundamental human rights; as one technologist puts it, encryption saves lives.
> ...
> Experts agree that “secure back doors”—which would give law enforcement secret access to digital storage or communications—are scientifically impossible.

Shenkman discusses why the following groups of people require cryptography (and anonymity protecting software such as Tor Browser and Tor Messenger):

o Sexual and Gender-Based Rights Activists
o Targets of Domestic Violence
o Journalists and Their Sources
o Human Rights Defenders and Their Lawyers

Or even any client of any lawyer:

> Some U.S. state bar associations, motivated by the increasing risks their clients face worldwide, are advising lawyers to encrypt their communications. That ethical guidance has been offered by bar committees in New York and, earlier this year, in Texas. That caution does little good if it is undermined by technical means.

One category Shenkman forgot to mention: atheists. At least one Russian was apparently imprisoned in a psychiatric prison on the grounds that "atheists must be insane" [sic] (or maybe even "non-Orthodox believers must be insane"). After a year of "treatment" he was released, but apparently the Putin government isn't done with him yet:

http://www.theguardian.com/world/2016/mar/03/russian-atheist-faces-year…
Russian atheist faces year in jail for denying existence of God during webchat
Viktor Krasnov being prosecuted under a controversial law after being accused of ‘offending the sentiments of Orthodox believers’
3 Mar 2016

> A man in southern Russia faces a potential jail sentence after he was charged with insulting the feelings of religious believers over an internet exchange in which he wrote that “there is no God”. Viktor Krasnov, 38, who appeared in court Wednesday, is being prosecuted under a controversial 2013 law that was introduced after punk art group Pussy Riots was jailed for a performance in Moscow’s main cathedral, his lawyer Andrei Sabinin told AFP.

March 03, 2016

Permalink

TOR is practically useless unless you want to be identified as a user of TOR, and receive all the benefits of that affiliation.

I believe that to the contrary, there is good reason to think that Tor remains effective for at least some purposes. If that were not true, Comey would not be so terribly embarrassing his country by suggesting fascistic countermeasures in an atmosphere of Torschlusspanik.

That said, it seems clear that Tor Project currently faces an ever growing variety of threats, both technological and political. I believe that the discussion here shows that the political threat (from FBI's attempt to obtain the "legal authority" to engage in "rubber hose cryptanalysis" against Apple, Google, Debian Project, Tor Project, etc.) is by far the most urgent and dire.

This presents a challenge, because during the first decade of its existence, the Project moseyed quietly along, focusing on technological threats, operating under a false sense of security that it would never confront being criminalized by the USG, that its employees would never be threatened with rubber hose cryptanalysis. Unfortunately, the fears of those who attempted to change this attitude years ago have been fully realized by the insatiable fascistic demands of Director Comey.

I supported the Syrian revolutionaries who attempted to oust the loathsome dictatorship of Bashir al Assad. That effort appears to have ended very badly. But at least they tried.

I supported the pro-democracy revolutionaries in the Ukraine who offered up their bodies to the troops who fired into their ranks with automatic weapons. Their sacrifice may yet fail. But at least they tried.

I applaud the courage of those Negro slaves in America, hardly more than a century ago, who attempted to escape enslavement despite knowing very well that their chances of escape were poor. Most of them were recaptured, and many were hanged on the spot. But at least they tried.

Even if we were to accept your dismal characterization of Tor users as hopelessly delusional regarding their chance of successfully resisting the fascistic excesses of the Surveillance State, how would you rather die?

As the person who stands up for democracy and human rights, for truth and justice, who fights back even against hopeless odds, like Rosa Luxemburg, or the person who bends her head and submits to the axe swung by the hooded executioner without uttering a single word of protest?

March 04, 2016

Permalink

EFF just announced a momentary respite for human rights activists seeking to expose abuses in Kazakhstan.

This story suggests how FBI is virtually inviting the most repressive governments in the world to ride its coattails in abusing the US courts to coerce website owners, software providers, journalists, and other potential "intelligence sources" to cooperate in the governments attempts to harrass, arrest, maybe even to execute its political opposition (whom it regards, naturally, as "terrorists"):

https://www.eff.org/deeplinks/2015/08/how-kazakhstan-trying-use-us-cour…
How Kazakhstan is Trying to Use the US Courts to Censor the Net
Danny O'Brien
4 Aug 2015

> The government of Kazakhstan has pursued one of its fiercest critics, the newspaper Respublika, with lawsuits and threats for fifteen years. By 2012, it seemed it had finally achieved its aim: after repeated prosecutions for "inciting social discord" and "spreading extremism," the paper's founder was in exile, and its staff forced to cease printing and distributing its print edition within the country. But despite blocks, bans, and overwhelming distributed denial-of-service (DDoS) attacks, Respublika's reporting lives on through its websites, which continue to critically report on the country's affairs and provide a forum for discussion from the relative safety of servers hosted in the United States.
>
> Now the Kazakhstan government is taking its fight with Respublika into the U.S. court system. Its representatives are attempting to use American law to threaten Respublika's web host and to extract information on the organization from Facebook's logs. EFF—with the help of co-counsel James Rosenfeld of Davis Wright Tremaine—is representing Respublika in its battle to report freely online.

https://www.eff.org/deeplinks/2016/03/another-ruling-against-kazakhstan…
Judge Rules Kazakhstan Can't Force Facebook to Turn Over Respublika's IP Addresses in Another Win for Free Speech
Jamie Williams
4 Mar 2016

> The Kazakhstan government had a third major setback in its attempt to use the U.S. legal system to attack one of its fiercest critics, the independent newspaper Respublika. A federal judge in California rejected Kazakhstan's demand that Facebook turn over information about users associated with Respublika’s account on the social media site. The judge found that Kazakhstan lacked the appropriate judicial authorization to pursue such discovery, rejecting Kazakhstan’s claims that its ongoing Computer Fraud and Abuse Act (CFAA) lawsuit essentially gave it free rein to obtain information about its critics.

@ Juidge Jones: the world is watching.

March 05, 2016

Permalink

I suggest diversifying the geographical locations of the relays. It should be hard coded into the system that the entry guard and the exit node are not from the same country and are not both from five eye states. Furthermore, it should be recommended that the exit and entry nodes be from unfriendly countries that are less likely to cooperate. For example, US and Russia, India and Pakistan.

I think that the CMU hack was based on the fact that Tor allows for most relays to originate in the US. I think that legally, and diplomatically, it would have been much harder to implement it if hacking of foreign servers was part of it. It might have been considered a cyber attack against foreign country sanctioned by USG.

March 05, 2016

Permalink

The Software Engineering Institute ("SEI") of Carnegie Mellon University (CMU), Another extension of the "Long arm of the Law"...

March 07, 2016

Permalink

The Tor community must clearly recognize that

o willing or not, we are all combatants in CryptoWarII

o CryptoWarII is not being fought with technology but with PR:

http://www.theguardian.com/technology/2016/feb/23/fbi-apple-pr-war-encr…
Is the FBI v Apple PR war even about encryption?
Alex Hern
23 Feb 2016

> The war between Apple and the FBI is a PR war. And it’s one that the FBI has fought well, from its initial selection of the battleground (a fight over access to a dead murderer’s government-owned iPhone) to the choreographed intervention of the relatives of the victims of the San Bernadino shootings – who were contacted by the FBI for support before the dispute even became public, according to Reuters.

Indeed, from its very beginnings (as the "Bureau of Investigation", under Acting Director J. Edgar Hoover), FBI has stressed the paramount role of PR, and generally it has proven fairly effective at spinning its own public image, despite being remarkably ineffective at every "mission" it has adopted over the years. So it is not surprising that it has enjoyed considerable initial success in CWII.

But FBI's all out assault on the notion of strong civilian encryption may turn out to be the CWII analogue of the Battle of the Bulge: initially, things went swimmingly for the hard-pressed Wermacht, but after a few weeks, everything began to fall apart.

To begin with, there is the matter of FBI's ever changing story. As any investigator will tell you, this is often an indication that a criminal senses that the noose tightening.

FBI is demanding that Apple construct a malicious "FBiOS" which would disable crucial security features and facilitate attempts to "brute force" the passkey. And crucially, FBI is demanding that Apple then sign the FBiOS malware with their genuine signing key. Because otherwise the phone will refuse to accept the FBiOS malware as a legitimate "security upgrade". But FBI loudly insisted they want to coerce Apple's betrayal *for only one phone*.

However, journalists quickly pointed out that FBI has at least 12 very similar cases in progress. And Manhattan DA Cy Vance Jr. (a man who too obviously hopes to succeed Mr. Trump as the US President) just couldn't stop talking about nearly 200 phones he wants to force Apple to unlock, and that is only iPhones in one American megacity. And then a number of LEA lobbying groups, including the National Sheriff's Association, filed amicus briefs with the Riverside court hearing Apple-v-FBI:

https://www.techdirt.com
Law Enforcement Groups File Amicus Brief In Favor Of FBI... But Which Undermines DOJ's Claim That This Is Just About One Phone
from the about-that... dept
Tim Cushing
4 Mar 2016

> this amicus brief... may serve to undermine [FBI's] case. After all, a key part of the DOJ's argument is that this case is just about this one phone. However, as we've discussed, tons of law enforcement folks are salivating over using this ruling as a precedent elsewhere. And this brief makes that quite clear, which might help the judge realize that the Justice Department is being misleading in arguing otherwise.

The LEA briefs offered predictable and easily countered arguments (see Techdirt), but the prize for self-inflicted-foot-injury must go to the San Bernardino County DA, who filed an amicus making the bizarre claim that FBI must unlock the phone because it might possibly contain a hypothetical "lying-dormant cyber pathogen". No-one knows what that might be, including DA Michael Ramos, but observers were quick to point out that something stinks:

http://arstechnica.com/tech-policy/2016/03/what-is-a-lying-dormant-cybe…
What is a “lying-dormant cyber pathogen?” San Bernardino DA says it’s made up [Updated]
He now says there's no evidence of cyber doom, wants iPhone unlocked to be sure.
David Kravets
5 Mar 2016

> One day after the San Bernardino County district attorney said that an iPhone used by one of the San Bernardino shooters might contain a "lying-dormant cyber pathogen," the county's top prosecutor went on the offense again. DA Michael Ramos said Apple must assist the FBI in unlocking the phone because an alleged security threat might have been "introduced by its product and concealed by its operating system."
>
> Ramos' office said the "Companies that introduce dangerous products, and it can be argued that the iPhone with its current encryption is dangerous to victims, are required to fix them. Companies that create environmental damage are required to clean it up," the prosecutor said in a filing Friday afternoon.
>
> The fact no one has heard of a pathogen that might carry devastating qualities has us and others wanting to know exactly what is a "lying-dormant cyber pathogen?"

Faced with these embarrassments, FBI has changed its tune, quietly admitting that it does indeed hope to set a precedent for forcing everyone to unlock everything, but insisting that this is OK because (supposedly) Apple doesn't actually care about citizen privacy. This argument certainly has not impressed privacy advocates--- we'll see, I suppose, whether it impresses many judges.

Then there is the matter of a rather impressive array of people with--- to say the least--- diverse political viewpoints, who have expressed support for Apple, including several former NSA, NCTC, and CIA Directors, and now Secretary of Defense Ashton Carter, who is worried that Comey's manic pursuit of backdoors to the exclusion of any other consideration is seriously hampering the Pentagon's already almost impossible task of recruiting bright young bulbs from Silicon Valley to help DOD better secure their vulnerable networks:

http://thehill.com/policy/cybersecurity/271895-military-hits-snag-in-si…
Military hits snag in Silicon Valley recruitment
Cory Bennett
6 Mar 2016

> The fight between the FBI and Apple over a locked iPhone is threatening to undermine the Pentagon’s attempt to recruit talent from Silicon Valley. Defense Secretary Ash Carter spent this week out West, meeting with tech executives and launching new cybersecurity initiatives that will rely on help from the Bay Area. But under the looming shadow of the FBI’s request that Apple help bypass the iPhone’s security measures, Carter also made a noticeable effort to send a signal to techies: We get you. “We need our data security and encryption to be as strong as possible,” he said, later adding, “I’m not a believer in backdoors,” echoing the arguments Apple has used to rebuff the FBI’s appeal.

Then there is the matter of the impressive array of tech companies, leading cryptologists and cybersecurity experts, not to mention civil liberties organization such as EFF, which have filed their own amicus briefs with the court. And a growing number of Congresspeople have expressed bipartisan support for Apple.

For a summary of the most impressive arguments put forward by tech companies and civil libertarians in support of Apple, see:

https://www.techdirt.com/articles/20160303/23482933802/we-read-all-20-f…
We Read All 20 Filings In Support Of Apple Against The FBI; Here Are The Most Interesting Points

Of course, Tor users knew from the beginning that the Apple-v-FBI controversy is not about evidence-based rational choices, that FBI is not interested in the technological facts of life. Rather, CWII is all about fear-mongering and attempts to distract public attention from what the government really wants: complete control over every aspect of what previous generations of Americans regarded as their private lives.

In an embarrassing confirmation that CWII is essentially a PR fight, journalists have discovered that FBI approached survivors and families of victims of the San Bernardino mass shooting before filing its demand in Apple-v-FBI, and coached them on providing vocal support for "backdoors". Not surprisingly, many agreed to help the agency in Crypto Wars II. But despite FBI pressure, at least one family is supporting Apple:

http://phys.org/news/2016-03-encryption-allies-tech-companies-apple.html
The fight for encryption gets new allies as tech companies join Apple against the FBI
David Glance, The Conversation
7 Mar 2016

> In the area of public opinion, Apple has published a letter to the court from the husband of one of the victims in the San Bernadino shootings. The letter said what many believe that the FBI already had a great deal of information about the killers and that he and his wife valued privacy and security. He wrote: "Neither I, nor my wife, want to raise our children in a world where privacy is the tradeoff for security. "

And the smartest commentators are pointing out (in widely-read venues, even) the ugly corollaries of Keith Alexander's strategy of keeping cybersecurity weak, the better to spy on the world in order to "collect it all".

Remember that infamous NSA presentation which mocked Apple's famous Superbowl advertisement for the first McIntosh as the moment when Americans decided (according to NSA's interpretation) that they would be happy [sic] to be spied upon in return for consumer devices as social lubricants? Apple's Tim Cook obviously didn't like NSA's mockery one bit, and it may have played a role in his decision to tilt towards privacy as something which--- contrary to the NSA/FBI position--- Americans and indeed citizens everywhere regard very highly indeed. Cook believes in this so deeply that he has bet the company--- the most valuable company in the world, we are told--- on his vision.

Tor supporter Cory Doctorow explains here what this means for Apple-v-FBI (and by extension, for the Tor community):

http://www.theguardian.com/technology/2016/mar/04/privacy-apple-fbi-enc…
Forget Apple's fight with the FBI – our privacy catastrophe has only just begun
Cory Doctorow in Los Angeles
4 Mar 2016

> But a funny thing happened on the way to the 21st century: we disclosed more and more of our information, or it was taken from us.
>
> As that data could be used in ever-greater frauds, the giant databases storing our personal details became irresistible targets. Pranksters, criminals and spies broke the databases wide open and dumped them: the IRS, the Office of Personnel Management, Target and, of course, Ashley Madison. Then the full impact of the Snowden revelations set in, and people started to feel funny when they texted something intimate to a lover or typed a potentially embarrassing query into a search box.
> ...
> Companies started to sell the idea of privacy. Apple and Microsoft sought to differentiate themselves from Facebook and Google by touting the importance of not data-mining to their bottom lines. Google started warning users when it looked like governments were trying to hack into their emails. Facebook set up a hidden service on Tor’s darknet. Everybody jumped on the two-factor authentication bandwagon, then the SSL bandwagon, then the full-disk encryption bandwagon.

So as I said, things are not going so well for FBI just now. Nonetheless, the Tor community cannot rest easy.

One crucial concern which was expressed quite early in CWII is the likelihood that FBI never expected to actually win the debate over compelled abuse of cryptographic signing keys, or mandatory backdoors, and that the whole enormously embarrassing spectacle is intended to distract privacy advocates from even more dangerous assaults on the civil rights of citizens, which are so far receiving much less attention in the mainstream press.

A leading candidate for the Biggest Threat Ever to the American Way of Life is FBI's massive CVE (Countering Violent Extremism) campaign, which seeks to focus a giant Big Data dragnet on a highly vulnerable population: American children, with a particular focus on preschoolers aged 3-7, the age range in which FBI considers humans are most vulnerable to political indoctrination. Aware of the possible backlash from worried parents, FBI has been very careful to phase in their CVE assessments in the high schools, but make no mistake, the large and growing body of "academic research" in the field of CVE continually stresses that the target age is 3-7.

For some hint of what kind of dragnet surveillance of American schoolchildren FBI is busily constructing while the attention of the public is focused on Apple-v-FBI, see

https://www.salon.com/2016/03/06/the_fbi_has_a_new_plan_to_spy_on_high_…
The FBI has a new plan to spy on high school kids across the country
New surveillance program urges teachers to report students critical of government policies and "Western corruption"
Sarah Lazare, AlterNet
6 Mar 2016

> Under new guidelines, the FBI is instructing high schools across the country to report students who criticize government policies and “western corruption” as potential future terrorists, warning that “anarchist extremists” are in the same category as ISIS and young people who are poor, immigrants or travel to “suspicious” countries are more likely to commit horrific violence.

FBI is desperate to prevent youngsters from coming into contact with dangerous ideas, or from learning to use dangerous technologies--- encrypted social media applications being specifically cited as a very dangerous technology in the wrong hands, such as some rebellious schoolboy's mischeiveous mitts. So it intends to coerce welfare agents, social workers, pediatricians, teachers, guidance counselors, and others (notably including other students) who come into contact with American families and schoolchildren to report kids who exhibit "danger signs". Those youngsters to be reported to FBI include students who

o earn poor grades
o may suffer from learning disabilities, ADHD, or some mental illness
o play on-line games
o use social-media apps, especially encrypted apps
o may have trouble at home
o express doubt about their future
o express curiosity about BLM, BDM, Occupy, or other "dangerous" social movements
o wear the "wrong kind" of political buttons
o dress "inappropriately"

No great wonder, perhaps, that blacks, Hispanics, and Muslims feel they are being targeted. But developmentally disabled children, really? Apparently FBI has been so impressed with its own "success" in recruiting mentally disabled adults for "terror plots" (which are really FBI invented sting operations) that agency leadership truly believes that children with Down's Syndrome pose an existential threat.

(You know who else said that? The original Nazis. Truly, madness stalks the halls of power in Washington, DC.)

The rapidly growing CVE industry is founded upon the unfounded assumption that by intervening in the lives of very young children (aged 3-7), the government can indoctrinate kids in order to ensure that, a few generations hence, the population will be dominated by voters who do not question authority (employers, banks, food and drug makers, government officials) and who exhibit "resilience" in the fact of economic hardships, meaning that instead of unionizing or joining the Socialist Party--- or even worse, protesting in the streets--- they will simply grit their teeth and work even harder for even less.

As many commentators have noted, one of the most sickening aspects of FBI's CVE programs is that they intentionally seek to mark young children who have experienced some violent event, such as witnessing a shooting (which is not an uncommon childhood experience in American inner cities), as supposedly being more susceptible to recruitment by "America's enemies". This amounts to re-victimizing victims of childhood trauma throughout their entire adult lives, by burdening them with the stigma of "prototerrorist".

Another aspect of FBI's CVE programs is even more troubling: the government intends to penalize citizens, starting from a very young age, not for any actual misdeeds they have been convicted of having committed in the past, or even for any misdeeds they are reasonably suspected of *possibly* having committed in the past, but for some virtual misdeed which some computer algorithm "concludes" they might *possibly* be "more likely than others" to commit at some point *in the future*.

This is, literally, precrime, and it is literally, intended to tag children aged 3-7 with the label "precriminal", and to subsequently treat the unlucky bearers of the government imprinted Mark of Cain differently throughout their entire adult lives.

Welcome to FBI's vision of what the agency wants America to become:

> The FBI’s instructions to surveil and report young people not for wrong they have committed, but for violence they supposedly might enact in the future, is likely to promote an intensification of this draconian practice. Using a program initiated to spy on Muslim-American communities, the government is calling for sanctuaries of learning to be transformed into panopticons, in which students and educators are the informers and all young people are suspect.

@ Shari:

I urge you to draw upon all your media contacts to make the case to the public that what American parents and schoolchildren need is not more surveillance, political "assessments" by teachers (ask FBI: aren't they busy enough trying to, you know, *teach*?), but more Tor.

Let's put a Tor node in every elementary school library!

Let's make "privacy hygiene" (Tor, cryptology, cybersecurity best practices, potential dangers of over-sharing) part of the curriculum in every high school!

Some might wish to dismiss this proposal as a privacy fanatic's hopeless pipedream. But I suggest that you may find supporters lurking in a surprising location: the junior half of NSA, the much maligned half which was long ago exiled (literally and figuratively) to FANX (a location off the main NSA campus). The half whose stated mission is increasing USG cybersecurity, which experts have long agreed is impossible to conceive without increasing cybersecurity generally.

I see former NSA Director Michael Haydens recent tilt against backdoors as an admission that privacy advocates were right all along about the self-destructive nature of TIA (Total Information Awareness), which was actually born as FBI's brain child, a precrime program which they claimed could eliminate all crime, effectively transforming FBI from an LEA into the ugly American nanny.

http://thehill.com/policy/cybersecurity/272290-comeys-fbi-makes-waves
Comey’s FBI makes waves
Cory Bennett and Julian Hattem
9 Mar 2016

> The aggressive posture of the FBI under Director James Comey is becoming a political problem for the White House. The FBI’s demand that Apple help unlock an iPhone used by one of the San Bernardino killers has outraged Silicon Valley, a significant source of political support for President Obama and Democrats. Comey, meanwhile, has stirred tensions by linking rising violent crime rates to the Black Lives Matter movement’s focus on police violence and by warning about “gaps” in the screening process for Syrian refugees. Then there’s the biggest issue of all: the FBI’s investigation into the private email server used by Hillary Clinton, Obama’s former secretary of State and the leading contender to win the Democratic presidential nomination. A decision by the FBI to charge Clinton or her top aides for mishandling classified information would be a shock to the political system.

Comey has stated that he is personally heading the investigation of Hillary Clinton, and the former aide who set up the email server has become an FBI snitch in order to avoid prosecution, so it appears likely that she will be indicted in the middle of her presidential campaign.

Things are not going well for Comey, but this is unfortunately not inconsistent with the fear that FBI will get everything it wants and more. It just means that Comey may soon lose his job.

According to the NY Times:

> [FBI] officials had hoped the Apple case involving a terrorist’s iPhone would rally the public behind what they see as the need to have some access to information on smartphones. But many in the administration have begun to suspect that the F.B.I. and the Justice Department may have made a major strategic error by pushing the case into the public consciousness.
>
> Many senior [non-FBI] officials say an open conflict between Silicon Valley and Washington is exactly what they have been trying to avoid, especially when the Pentagon and intelligence agencies are trying to woo technology companies to come back into the government’s fold, and join the fight against the Islamic State. But it appears it is too late to confine the discussion to the back rooms in Washington or Silicon Valley.

Don't give up the ship! We can win CWII!

FBI/NSA/CIA must be eradicated, for the personal safety of us all, maybe even for the survival of the USG.

Some of us have been raising a hue and cry about "precrime" for more than a decade, and it's good to see that suddenly everyone seems to be talking about the fact that the USA and China are racing each other to see who can most rapidly create a totalitarian "precrime" dragnet surveillance system.

The only major difference between these two gigantic programs is that the US is growing an industry in which three letter agencies contract with private companies to run the precrime dragnet, while China's system is owned and operated by the government:

http://www.bloomberg.com/news/articles/2016-03-03/china-tries-its-hand-…
China Tries Its Hand at Pre-Crime
Beijing wants to identify subversives before they strike.
Shai Oster
3 Mar 2016

> China’s effort to flush out threats to stability is expanding into an area that used to exist only in dystopian sci-fi: pre-crime. The Communist Party has directed one of the country’s largest state-run defense contractors, China Electronics Technology Group, to develop software to collate data on jobs, hobbies, consumption habits, and other behavior of ordinary citizens to predict terrorist acts before they occur. “It’s very crucial to examine the cause after an act of terror,” Wu Manqing, the chief engineer for the military contractor, told reporters at a conference in December. “But what is more important is to predict the upcoming activities.”
>
> The program is unprecedented because there are no safeguards from privacy protection laws and minimal pushback from civil liberty advocates and companies, says Lokman Tsui, an assistant professor at the School of Journalism and Communication at the Chinese University of Hong Kong, who has advised Google on freedom of expression and the Internet. The project also takes advantage of an existing vast network of neighborhood informants assigned by the Communist Party to monitor everything from family planning violations to unorthodox behavior.

http://www.defenseone.com/technology/2016/03/thanks-america-china-aims-…
Thanks America! How China’s Newest Software Could Track, Predict, and Crush Dissent
Armed with data from spying on its citizens, Beijing could turn 'predictive policing’ into an AI tool of repression.
Patrick Tucker
7 Mar 2016

> What if the Communist Party could have predicted Tiananmen Square? The Chinese government is deploying a new tool to keep the population from uprising. Beijing is building software to predict instability before it arises, based on volumes of data mined from Chinese citizens about their jobs, pastimes, and habits...
>
> Wu Manqing, a representative from China Electronics Technology, the company that the Chinese government hired to design the predictive policing software, described the newest version as “a unified information environment,” Bloomberg reported last week. Its applications go well beyond simply sending police to a specific corner. Because Chinese authorities face far fewer privacy limits on the sorts of information that they can gather on citizens, they can target police forces much more precisely. They might be able to target an individual who suddenly received and deposited a large payment to their bank account, or who reads pro-democracy news sites, or who is displaying a change in buying habits — purchasing more expensive luxury items, for instance. The Chinese government’s control over the Internet in that country puts it in a unique position to extend the reach of surveillance and data collection into the lives of citizens. Chinese authorities plan to deploy the system in places where the relations between ethnic minorities and Chinese party are particularly strained, according to Bloomberg.
>
> For all the talk in Washington casting China as a rising regional military threat, the country began spending more on domestic security and stability, sometimes called wei-wen, than on building up its military in 2011. More recent numbers are harder to come by, but many China watchers believe the trend has continued.

http://arstechnica.com/information-technology/2016/03/china-is-building…
China is building a big data platform for “precrime”
Using online profile and movements, government aims to catch "terrorists" in advance.
Sean Gallagher
9 Mar 2016

> It's "precrime" meets "thoughtcrime." China is using its substantial surveillance apparatus as the basis for a "unified information environment" that will allow authorities to profile individual citizens based upon their online behaviors, financial transactions, where they go, and who they see. The authorities are watching for deviations from the norm that might indicate someone is involved in suspicious activity. And they're doing it with a hand from technology pioneered in the US.
>...
> The Chinese government has plenty of data to feed into such systems. China invested heavily in building its surveillance capabilities in major cities over the past five years, with spending on "domestic security and stability" surpassing China's defense budget—and turning the country into the biggest market for security technology. And in December, China's government gained a new tool in surveillance: anti-terrorism laws giving the government even more surveillance powers and requiring any technology companies doing business in China to provide assistance in that surveillance.
>
> The law states that companies “shall provide technical interfaces, decryption and other technical support and assistance to public security and state security agencies when they are following the law to avert and investigate terrorist activities”—in other words, the sort of "golden key" that FBI Director James Comey has lobbied for in the US.

Exactly. The governments of both China and the USA are describing these precrime dragnets as aimed at "intervening" in the lives of suspected "prototerrorists" before they themselves know they are going to start planning some kind of attack. But the real goal is to utterly crush all domestic dissent, in order to cement the grip of the ruling elites on the vast political and economic power which they wield over the helpless citizens.

Welcome to the 21st century, in which every citizen who does not belong to the 0.001 % is inextricably trapped in a state of abject servitude to the state. If the US and Chinese governments get their way.

Patrick Tucker correctly states that the US precrime/CVE dragnet has its origins in the "predictive policing" model which was brought to NYC by former Commissioner Bill Bratton (who has since become a consultant to the UK and other governments in order to bring precime to other nations):

> First, some background. What is predictive policing? Back in 1994, New York City Police Commissioner William Bratton led a pioneering and deeply controversial effort to pre-deploy police units to places where crime was expected to occur on the basis of crime statistics. Bratton, working with Jack Maple, deputy police commissioner, showed that the so-called CompStat decreased crime by 37 percent in just three years. But it also fueled an unconstitutional practice called “stop-and-frisk,” wherein minority youth in the wrong place at the wrong time were frequently targeted and harassed by the police. Lesson: you can deploy police to hotspots before crime occurs but you can cause more problems than you solve.

That is true as far as it goes, but the true genesis is far more loathsome and cynical: since its earliest days, FBI has privately viewed its true mission as suppressing "anarchists" (such as Emma Goldman) and "radicals" (such as Martin Luther King), and for decades, the FBI leadership dreamed about using supercomputers to eliminate all political dissent, all FIS activities, all crime, inside the US. Or rather, to eliminate just enough to ensure its continued relevance and thus to ensure itself eternal life as the evil Godfather of American government. Then, after the fall of the Soviet Union, the national labs recognized that they needed a new mission (no more nukes needed, they feared) and eagerly seized upon the suggestion of a collaboration with FBI to develop the precrime dragnet. FBI was well aware that (before 9/11) this would be politically impossible, but they quite cynically worked hard to develop precrime in secret on the assumption that some terror attack would provide them with political cover to convert their developmental system into a fully operation system. Thus was born, soon after 9/11, TIA (Total Information Awareness). Congress wasn't yet ready, so TIA was shot down, but continued under new names.

One day, perhaps, the full story of how the USG plotted to turn America into a totalitarian state will be told. But only if we citizens band together and somehow manage to foil FBI's evil plans for us.

March 09, 2016

Permalink

@ Shari:

Why have you been silent on the biggest privacy controversy in the history of the USA, one which could devastate the Tor community?

The US Senate is set to vote next week on the Burr-Feinstein bill which would apparently mandate for all what FBI is demanding from Apple. I have been urging Tor Project for months to wake up and smell the coffee, because *FBI has our heads in their sniper scope*.

I did see that in an interview you said you prefer to work behind the scenes, but this threat is much too big for that. You *must* respond to it, right now!

http://thehill.com/policy/cybersecurity/272389-senate-intel-chair-encry…
Senate Intel encryption bill could come next week
Cory Bennett
9 Mar 2016

> The chairman of the Senate Intelligence Committee says a bill to give law enforcement access to encrypted data could come as early as next week. “I’m hopeful,” Sen. Richard Burr (R-N.C.) told The Hill before a Wednesday vote. The long-awaited bill — in the works since last fall’s terror attacks in Paris and San Bernardino, Calif. — is expected to force companies to comply with court orders seeking locked communications.

The text of the bill has not been released, and will not be until just before the vote. But what if it declares language which implies that Tor developers

o must use their authentic encryption keys to sign APT malware masquerading as the latest TBB tarball, for example, either in targeted or dragnet attacks, whenever FBI demands it,

o never tell anyone, not even their priest or their spouse or their boss (Shari) what they did?

The same threat appears to face other key Open Source projects on which Tor Project relies, such as Debian Project and Riseup Labs (Riseup Networks).

And in France, lawmakers have taken the first step toward a similar bill:

http://arstechnica.com/tech-policy/2016/03/france-votes-to-penalise-com…
France votes to penalize companies for refusing to decrypt devices, messages
But UN official warns: "Without encryption tools, lives may be endangered."
Glyn Moody
9 Mar 2016

> French parliamentarians have adopted an amendment to a penal reform bill that would punish companies like Apple that refuse to provide decrypted versions of messages their products have encrypted. The Guardian reports: "The controversial amendment, drafted by the rightwing opposition, stipulates that a private company which refuses to hand over encrypted data to an investigating authority would face up to five years in jail and a €350,000 (£270,000) fine."

It is not clear, at least not to me, whether this directly affects a key partner of Tor Project, Tails Project, but I think we should be very worried.

@ Shari, Roger:

I don't want to become that guy who uses all caps, but this is *really serious* stuff. You *must* speak up and explain how Tor and Tails Projects are responding to these threats.

March 10, 2016

Permalink

The deep packet L and the data leak P with keywords monitoring and filtering/keylog third party input methed app ,could harm tor network , when can we buy tor phone or hardware tor box , tor switch, tor router ?

Various developers not affiliated with Tor Project have started crowd-funded campaigns to develop devices which offer "Tor Browser in a box" or "Tor router in a box". These have been criticized on various grounds, and TP has stated they do not recommend using them.

I think what you are really asking for is affordable hardware which is designed with cybersecurity and privacy, and perhaps anonymity, as a key design goal. Unfortunately, this is not at all true of any currently available laptop, PC, router, or even smart phone (except for Silent Circle, whose user base is much too small to help SC products become affordable or widely available all over the world).

Needless to say, "insecurity by design" is something NSA has managed to ensure, because this makes it easy for them to constantly spy on everyone in the world ("collect it all").

What consumers need, and are asking for, is a privacy industry which offers affordable upgradeable hardware/software designed with security and privacy in mind (and maybe anonymity too, although clearly your initial connection to internet is hard to truly anonymize). A privacy industry which combats the existing zero-day industry (e.g. several companies founded by former NSA TAO APT malware-developers), the surveillance-as-a-service industry (e.g. Hacking Team, Gamma, Amesys, etc) which panders to the most oppressive regimes on planet Earth, and rogue FVEY agencies like NSA/CIA which seek complete world domination by trojaning every last device in the world (and analogous agencies in RU, CN, Israel, FR...)

The only hope, it seems to me, is that so many consumers all over the world, but especially in the USA (which unfortunately sets the tone for the rest of the world), scream so loudly for secure/privacy/anonymity enhancing devices/software that--- despite NSA/FBI's determined, incessant, and well funded attempts to ensure that devices and software used by consumers/companies remains horribly insecure--- huge companies like Apple are compelled to respond, even at the risk of legal confrontations with powerful enemies like FBI.

From a roundtable which took place in Berlin on 12 Mar 2016:

https://logancij.com/session-9-future-os/
> Session 7: The future of OS
> moderator Jacob Appelbaum
> with David Mirza Ahmad, Joanna Rutkowska, Tails
> ...
> In an era of mass surveillance the need for independent, reliable and usable Operating Systems is fundamental. In previous times, political movements needed their own printing press for circumventing propaganda and repression. In the digital age we need independent Operating Systems to protect our freedom of speech and freedom of action. The creation of independent OS is both a technological challenge and a social, political and economic challenge. To protect and encrypt yet offer transparency of control, and make it easy to use for all of us, is a great challenge. Trusting hardware, software and organisational structure is an issue from building all the way to using the OS.

So there is a small but dedicated community trying to help grow secure Open Source operating systems and more.

March 14, 2016

Permalink

FBI's war on encryption just got a lot closer to Tor Project:

http://arstechnica.com/tech-policy/2016/03/encrypted-whatsapp-voice-cal…
Encrypted WhatsApp messages frustrate new court-ordered wiretap
DOJ and Facebook, WhatsApp's parent company, may clash just like in iPhone case.
Cyrus Farivar
12 Mar 2016

> The US Department of Justice has opened another legal front in the ongoing war over easy-to-use strong encryption.
>
> According to a Saturday report in The New York Times, prosecutors have gone head-to-head with WhatsApp, the messaging app owned by Facebook. Citing anonymous sources, the Times reported that "as recently as this past week," federal officials have been "discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but investigators were stymied by WhatsApp’s encryption."
> ...
> The case, which apparently does not involve terrorism, remains under seal.
> ...
> Two years ago, WhatsApp upgraded its security after partnering with Open Whisper Systems, a company founded by well-known security researcher Moxie Marlinspike, the creator of Signal. During fiscal year 2014, Open Whisper Systems received $900,000 from the Open Technology Fund, an umbrella group whose primary funder is the United States government. That funding came primarily through the Broadcasting Board of Governors and the Department of State.

Everyone, please note these similarities:

o WhatsApp offers end-to-end encryption which FBI claims unable to break (except by attempts at endpoint hacking by the likes of Hacking Team SRL, which evidently does not always work out well for our enemies),

o OpenWhisper funded by BBG and US Department of State (past sponsors of Tor Project), via Open Technology Fund,

o OpenWhisper founded by Moxie Marlinspike, an invaluable Tor Project "asset".

http://mobile.nytimes.com/2016/03/13/us/politics/whatsapp-encryption-sa…
WhatsApp Encryption Said to Stymie Wiretap Order
Matt Apuzzo
12 Mar 2016

> “The F.B.I. and the Justice Department are just choosing the exact circumstance to pick the fight that looks the best for them,” said Peter Eckersley, the chief computer scientist at the Electronic Frontier Foundation, a nonprofit group that focuses on digital rights. “They’re waiting for the case that makes the demand look reasonable.”
> ...
> Jan Koum, WhatsApp’s founder, who was born in Ukraine, has talked about his family members’ fears that the government was eavesdropping on their phone calls. In the company’s early years, WhatsApp had the ability to read messages as they passed through its servers. That meant it could comply with government wiretap orders. But in late 2014, the company said that it would begin adding sophisticated encoding, known as end-to-end encryption, to its systems. Only the intended recipients would be able to read the messages.

The RU government has of course been racing FVEY governments (US, UK, AU) for "mastery of the internet"; both have allegedly employed against other nations such charming innovations as cyberattacks on power grids (in UA for example), destructive cyberattacks on data owned by perceived adversaries, state-sponsored malware attacks on human rights organizations such as HRW, and prosecution under broad "anti-terrorism" powers of dissidents who oppose government oppression.

@ Shari, Roger: please, you *must* "kick this issue to the top of the pile" and

o Issue a statement on FBI's crusade to mandate backdoors in everything,

o Explain to readers your legal/physical/cryptographic/geolocational countermeasures against the rapidly increasing possibility that TP will be served in the near future with a court order obtained by FBI which demands that you abuse your genuine cryptographic signing key by signing under duress some "FBI-not-Tor" state-sponsored malware disguised as a "genuine" TB or TM tarball, in either a targeted or dragnet attack on some or all of your users.

o Explain to inquiring reporters that even wary Tor users would accept the malware as a genuine Tor unbackdoored product (TB or TM), because they have no way of knowing the signature was coerced; this would be "rubber hose" breakage of the *authentication* function of strong cryptography, *not* the insertion of what Tor Project has previously denoted a "back door" in the code for genuine Tor products, which in principle could be spotted by a outside expert in the source code for TB or TM.

o Use your media/NGO contacts to make Tor Project's case in the PR wars, because for sure FBI will win CWII if you don't even try to oppose their PR onslaught.

March 15, 2016

Permalink

Glad to see Tor Weekly News (TWN) is back, but shouldn't this be a headline item?

A US State legislature has passed the first civil rights bill (?) which explicitly protects Tor, specifically New Hampshire libraries which operate Tor nodes as per the Library Project. The measure passed by a landslide!

https://www.dailydot.com/politics/tor-libraries-privacy-new-hampshire-h…
New Hampshire lawmakers pass bill saying libraries can use Tor
Patrick Howell O'Neill
10 Mar 2016

> The New Hampshire House of Representatives on Thursday passed a bill giving public libraries explicit permission to run powerful privacy software like Tor, a network that lets people anonymously connect to the Internet. The bill's author, Rep. Keith Ammon (R), told the Daily Dot that the bill passed 268 to 62, despite his preparations for a heated debate. The "large margin" and the lack of a fight on the House floor surprised Ammon.
>
> Ammon's measure, which could be the first explicitly pro-Tor legislation in America, now heads to the state Senate.
>
> The bill is a response to a 2015 controversy over government interference in public libraries centered on anonymity software. The Department of Homeland Security and local police contacted the Kilton Public Library in Lebanon, New Hampshire, last year about a Tor network relay that the library had recently installed. Authorities were worried that the use of Tor would make police work more difficult.

March 15, 2016

Permalink

Tor Project appears to be reluctant to take a public position on Apple-v-FBI, but the US political elite has not hesitated to weigh in.

For those who did not attend SXSW, has-been US President Obama urged attendees not to "fetishize" their iPhones and to support FBI rather than Apple. This did not go down well. And former NSA general counsel compared Apple CEO Tim Cook to actress Doris Day, among other discordant references to "pop culture":

http://www.theguardian.com/technology/2016/mar/15/apple-fbi-debate-sxsw…
Apple is 'arrogant' and encryption is 'oversold', ex-NSA lawyer tells SXSW
Jemima Kiss
15 Mar 2016

Former CIA agent Rep. Hurd (R-TX) is helping Cloudera try to drum up support in the tech community for Big Data trawls and predictive analysis as an alternative to backdoors:

https://theintercept.com/2016/03/15/lawmaker-who-was-cia-agent-wants-bi…
Lawmaker Who Was CIA Agent Wants Big Data, Not Apple’s Encryption
Jenna McLaughlin
15 Mar 2016

And the Senate bill authored by Sens. Burr and Feinstein is expected any day now.

(Too bad the House voted on CISA before DHS released its privacy assessment, which turns out to validate the warnings made by privacy advocates, which were ignored by the House in its rush to enact CISA. Time will tell whether the Senate will actually listen to the universal opinion of tech experts that backdoors are, from the standpoint of the cybersecurity of all American citizens and of all USG agencies, the worst possible thing the Congress could possibly mandate.)

Meanwhile, more prominent public figures are writing strong statements in support of Apple. From

http://arstechnica.com/tech-policy/2016/03/fbi-v-apple-is-a-security-an…
FBI v. Apple is a security and privacy issue. What about civil rights?
Jesse Jackson: "Activities of civil rights organizations and activists" at stake.
David Kravets
15 Mar 2016

Here is part of an open letter from Jesse Jackson:

> Dr. Martin Luther King would often say, "Where we stand in times of controversy is a measure of our character. Some leaders follow opinion polls. Others stand up for their principles, refuse to compromise and mold opinion."

> In these difficult times, the government, courts and private companies must stand up and uphold—however unpopular—our First Amendment rights, our right to privacy and basic individual freedoms guaranteed to us under the US Constitution.

> Other writers will weigh in on the intricacies of technology and privacy rights. What I want to bring to the forefront of this legal debate is the impact and implications this case has on civil rights and our historic civil rights movement.

> This case cuts right to the heart of our right to live free from unwarranted government surveillance. It is a matter of deep personal concern to me—given the past and present illegal and unwarranted spying and surveillance of civil rights organizations, much conducted under the guise of national security.

Exactly. Politics matters, because what is dangerous to society, and even life-threatening to millions of prospective victims of

o ill consequences of ever growing and more variegated NSA dragnet surveillance systems, increasingly tied to US military surveillance of the citizenry (often under guise of "training missions" for Special Forces and various cyberwar units),

o ever more threatening FBI/NCTC programs aimed at crushing all domestic political dissent, and (as per CVE programs) even programs which explicitly aim to eliminate from the population anyone with a predicted "propensity" for dissent (so far, elimination by "preventative detention", but can genocide be far behind?),

o algorithmic government founded not upon constitutionally guaranteed rights, but upon the predictive analysis of Big Data trawls of the personal financial, travel, educational, medical records of every citizen, of their reading habits, dating habits, personal social networks, etc., as gleaned from their "data exhaust",

o lifelong state-sponsored discrimination (e.g. CVE programs) and corporate "red-lining", based upon "citizenship scores" and other government individual "threat assessments", continually updated from age 3-7 unto death,

o so-called "forensic science", or better say pseudoscience because there is no scientific there there,

o further growth of the school-to-prison pipeline, now being enthusiastically extended by US companies like CCA and GEO to embrace a new school-to-private-mental-ward pipeline,

is not technology itself, but the abuse of technology.

Lawyers for Apple quite correctly have stressed that the American Founding Fathers would have been appalled at these developments, which are so much worse than the arrogance and abuses (such as warrantless searches of private homes) committed by agents of the Crown against the American colonies, the very abuses which inevitably led to the American Revolution:

http://thehill.com/policy/cybersecurity/273149-apple-founders-would-be-…
Apple: Founders would be 'appalled' at FBI iPhone request
Katie Bo Williams
15 Mar 2016

And where do the current US Presidential candidates stand on cyber issues? Ars Technica covered a recent "grading" of the candidates.

http://arstechnica.com/tech-policy/2016/03/when-graded-on-tech-issues-2…
When graded on tech issues, 2016 presidential candidates don’t do well
Clinton's best, receiving a B+. One candidate pulls straight F's.
Joe Mullin
16 Mar 2016

The reported grades on the privacy and cybersecurity issues of interest to the Tor community are:

Clinton, Sanders: B+
Cruz: C
Kasich: C-
Trump: F

The reporter noted that Sanders is the only candidate who favors leniency for Snowden, but he failed to mention that the source is a mystery group tied to Bradley Tusk, who served as chairman of Bloomberg's ill fated Presidential Campaign, as a PR flack for Sen Chuck Schumer, and was formerly a SVP for the defunct firm of Lehman Brothers. In other words, these grades may reflect how the Wall Street establishment see the candidates rather than how the tech community does.

An interesting illustration of how isolated the US financial/political elite (FBI, CIA, NSA, Wall Street, Big Banks, GOP and Democratic leadership) has become: members of the US military overwhelmingly support the two "rebel" candidates (Trump and Sanders), according to an unscientific Military Times poll:

http://thehill.com/policy/defense/273032-survey-troops-favor-trump-and-…
Survey: Troops favor Trump and Sanders
Kristina Wong
15 Mar 2016

Trump: 0.27
Sanders: 0.22
Clinton: 0.11

Those who remember the history of the first century A.D. will no doubt be reminded of the troublesome habit the Roman Legions developed of marching on Rome itself.

Michael Hayden, former NSA/CIA director, recently claimed that the US military would refuse to follow orders from the presumed next Commander in Chief, Prepresident Trump, if they violate the Laws of War. However, the Military Times survey suggests that Trump would have no difficulty finding volunteers eager to man internal military checkpoints, to engage in harassment of dissidents and journalists, mass arrests by military authorities of people targeted for deportation or incarceration, or perhaps even to commit genocide overseas or perhaps even inside the US. (These are all policies which, as several nationally prominent commentators have warned, Trump appears to hint he intends to pursue as commander in chief).

Informal surveys suggest that US LEO people heavily favor Trump, again suggesting that the very people the US poltical/financial elite depend upon to preserve the current regime have turned decisively against the elite.

March 18, 2016

Permalink

@ Shari:

1. Former NSA/CIA Director and accused war criminal Michael Hayden issued a statement of support for Apple (as did two or three other former NSA/CIA directors). Endlessly controversial and outspoken former "cybersecurity czar" Richard Clarke issued an even stronger statement of support for Apple:

https://www.techdirt.com
Former Presidential Cybersecurity 'Czar' Slams DOJ/FBI For Its Position On Apple Encryption
14 Mar 2016

But Tor Project can't bring itself to issue a strong statement of support opposing

o backdoors

o coercively mandating cooperation from companies/developers in abusing their own users by creating/installing backdoors,

o by signing state-sponsored malware using their genuine signing key ("rubber hose" breakage of cryptographic authentication of software updates)?

Really? You have no position? Really?

2. Current Apple engineers are actively discussing their alternatives should Apple ultimately lose the legal battle it has vowed to carry to SCOTUS.

http://www.nytimes.com/2016/03/18/technology/apple-encryption-engineers…
Apple Encryption Engineers, if Ordered to Unlock iPhone, Might Resist
John Markoff, Katie Benner, and Brian X. Chen
17 Mar 2016

http://thehill.com/policy/cybersecurity/273548-apple-engineers-may-quit…
Apple engineers may quit if FBI prevails: report
Katie Bo Williams
18 Mar 2016

Among the options discussed if Apple is forced to ultimately order them to assist FBI in abusing Apple's users:

o sabotage of the malicious software or hardware

o endless delays in producing the malicious software or hardware, or

o simply quitting their jobs.

And Apple itself has the nuclear (aka "Lavabit") option:

http://arstechnica.com/tech-policy/2016/03/govt-accidentally-publishes-…
Gov’t accidentally publishes target of Lavabit probe: It’s Snowden
No surprise, "Ed_snowden@lavabit.com" was what investigators were after.
Joe Mullin
17 Mar 2016

Is Tor Project helping its staff to engage safely in similar conversations about their alternatives in case FBI does unto TP as it has done unto Apple?

Ultimately, if the people with the coding skills simply boycott the evil portions of governments everywhere, and their contractors, the global Surveillance Industrial Complex will fall. That would be good for the entire world.

Shouldn't TP join this boycott?

3. Does Tor Project have a General Counsel? If not, do you have any plans to hire one? Does Tor Project work with Access/ACLU/EFF to ensure that staffers/volunteers have the phone number of a lawyer they can call if they are served with an NSL or arrested? (Assuming they are not GTMO'd of course.)

March 19, 2016

Permalink

About moving else where in the face of gvt interference: I find it odd that you would have such a negative bias towards Russia, given that Snowden found asylum there. It could be said that he's a traitor. Perhaps you've been watching too much tv. LOL! What about Switzerland, or Germany? I have recently signed up with Proton Mail, trusting in their statement that the Swiss have passed very stringent data protection laws. Apparently, so has Germany.

You would think that every company on the planet would have a stake in the FBI v Apple case, as a backdoor would allow industrial espionage to occur on a grand scale. A pro FBI judgment could even allow the the corrupt lea's to sell a compromised company's industrial secrets.

> You would think that every company on the planet would have a stake in the FBI v Apple case, as a backdoor would allow industrial espionage to occur on a grand scale.

Actually, Silicon Valley engineers have been very vocal in their defense of strong encryption for all citizens everywhere. While the tech companies (which need to avoid offending the USG for many reasons, for example they are always in danger of being prosecuted under tax evasion or anti-monopoly laws) have been much more cautious than their employees, many US CEOs have made statements of support for Apple's stance.

CWII is by no means over: WhatsApp and Tor Project may well be FBI's next targets. So stay alert.

> A pro FBI judgment could even allow the the corrupt lea's to sell a compromised company's industrial secrets.

Indeed, as shown by numerous cases over the years, in which FBI, NSA, USSS, DEA agents with security clearances were arrested on charges of corruption or espionage, individual agents can and do "break bad".

> About moving else where in the face of gvt interference: I find it odd that you would have such a negative bias towards Russia, given that Snowden found asylum there.

Many US citizens who support Donald Trump's candidacy for US President also favor the authoritarian style of Russian President Putin, so I see quite a lot of support in the US population for Putin.

But check out hrw.org, rsf.org and other sites for reviews of Russia's internet and electronic data laws. Extensive censorship and massively intrusive secret dragnet surveillance, with virtually no protections for journalists or bloggers, or other evidence for any concern for civil liberties or free speech. Then there is the issue of extensive corruption in the Russian government, and the pervasive influence on Russian society of the oligarchs and the mafia.

Moving Tor Project to Russia? Probably not the best possible choice.

That said, once the budget permits this, TP should perhaps employ some people living in Russia, if only because the Russian government may not always fully cooperate with FBI, and to provide TP with an inside track on the privacy/cybersecurity/censorship problems faced by Russian citizens.

> What about Switzerland, or Germany? I have recently signed up with Proton Mail, trusting in their statement that the Swiss have passed very stringent data protection laws. Apparently, so has Germany.

Yes. Their security services cooperate to some extent with NSA and FBI, of course, but the recent revelations of the extraordinary extent of NSA spying on German politicians (and their families) seriously pissed off the German government, which is appropriate and helpful to privacy advocates.

Switzerland had very strong financial privacy protection laws, but some years ago USG finally forced them to start sharing information with USG, so the situation remains complicated.

Iceland, Norway, Sweden, and Finland may also be worthy of consideration. Another plus: natural cooling for data centers.

Holland and Denmark tend to be socially liberal but I have the impression their governments may be give in a bit more easily to USG pressure.

Any country forming part of the "14 eye's" can immediately be dismissed as a viable choice. They will be spying on you irrespective of what any corporate tells you

> About moving else where in the face of gvt interference: I find it odd that you would have such a negative bias towards Russia,

Russia's on-line surveillance of Russian people is arguably even worse than NSA surveillance of US people. And the Russian political elite is arguably even more corrupt than the US political elite.

See

http://www.theguardian.com/news/2016/apr/03/panama-papers-money-hidden-…
Revealed: the $2bn offshore trail that leads to Vladimir Putin
A massive leak of documents shines new light on the fabulous fortunes of the Russian president’s inner circle
Luke Harding
3 Apr 2016

> A network of secret offshore deals and vast loans worth $2bn has laid a trail to Russia’s president, Vladimir Putin. An unprecedented leak of documents shows how this money has made members of Putin’s close circle fabulously wealthy.

April 10, 2016

Permalink

Some Tor users have been warning for months that the Burr-Feinstein bill will attempt to outlaw Tor and any other device/software which does not contain some kind of backdoor. Turns out it's even worse than we feared:

http://www.theregister.co.uk/2016/04/08/draft_of_encryptionborking_bill…
Read America's insane draft crypto-borking law that no one's willing to admit they wrote
Understandable – it's more stupid than expected
Iain Thomson
8 Apr 2016

> A draft copy of a US law to criminalize strong encryption, thought to be authored by Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA), has been leaked online. And the internet is losing its shit.
> ..
> The draft legislation, first leaked to Washington DC insider blog The Hill, is named the Compliance with Court Orders Act of 2016, and would require anyone who makes or programs a communications product in the US to provide law enforcement with any data they request in an "intelligible format," when presented with a court order.
> ...
> Curiously, the leaked copy has no one's name on it, and no one wants to admit they wrote it.
> ...
> The bill stems from Apple's refusal to help the FBI break into the San Bernardino shooter's iPhone, but goes well beyond that case. The bill would require companies to either build a backdoor into their encryption systems or use an encryption method that can be broken by a third party.
> ...
"The absurdity of this bill is beyond words," wrote computer forensics expert and police trainer Jonathan Ździarski. "Due to the technical ineptitude of its authors, combined with a hunger for unconstitutional governmental powers, the end result is a very dangerous document that will weaken the security of America's technology infrastructure."
> ...
> "This legislation says a company can design what they want their back door to look like, but it would definitely require them to build a back door," said Senator Ron Wyden (D-OR). "For the first time in America, companies who want to provide their customers with stronger security would not have that choice – they would be required to decide how to weaken their products to make you less safe."
>
> For one thing, it will kill end-to-end encryption.

Noted cryptographer Matthew Green tweeted:

> Well, the Feinstein-Burr bill is pretty much as clueless and unworkable as I expected it would be.

Julian Sanchez tweeted:

Burr-Feinstein may be the most insane thing I've ever seen seriously offered as a piece of legislation. It is "do magic" in legalese.

Edward Snowden ‏commented:

> Who could have imagined #Congress, famous for technical illiteracy, would fail to understand cryptography.

This bill is worse than wrong--- it's stupid.