Roger Dingledine Becomes Interim Executive Director of the Tor Project

by ailanthus | May 1, 2015

Tor Project co-founder Roger Dingledine has been appointed Interim Executive Director of the organization by Tor's Board of Directors. He replaces Andrew Lewman, who is leaving the Tor Project to take a position at an Internet services company. Roger will continue in this role until a permanent replacement has been found. During this period, Tor Project co-founder Nick Mathewson will take on the role of Interim Deputy Executive Director.

Comments

Please note that the comment area below has been archived.

May 03, 2015

Permalink

Can someone please explain the roles Executive Director vs Deputy Executive Director. They both sound pretty important.

Nick wanted to have a title mainly so that at some point in the future he could give back the title, and it would be clear he was giving back the responsibility. Otherwise these things have a way of slowly turning into the job everybody assumes you will do forever.

May 04, 2015

Permalink

Good luck with your new (interim) position, make the best of it. I actually didn't even know Tor had an Executive Director, oh well.

May 05, 2015

Permalink

I'v got two public keys and they are different with each other (by viwing the txt contents first half are same and second half are different), I thought coudn't but both of them can be verified by gpg --fingerprint 0x4E2C6E8793298290, and are able to sign the same [tor].asc.

I remember one public key I downloaded from a website and then imported to gpg, another I put in terminal: gpg --keyserver x-hkp://pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290 and export.

Did I download the correct package? Why the public keys are not the same?

Sounds like you have one version of the public key with some signatures on it, and another version of the public key with some more signatures on it.

So the two text files you're looking at are different, yet they both contain the same key.

If the above sentence still confuses you, I suggest you find a cryptoparty in your city and learn more about how keys work!

May 06, 2015

Permalink

Best wishes to Roger and Nick in their new roles.

I too would be interested to learn a bit about the job descriptions. By the way, aren't Roger and Nick already full time in some other role at Tor or MIT or something? I hope we aren't being stretched too thin.

We're both full-time in several other roles in Tor. So indeed, it is totally the case that Tor has not enough people and far too much to do. That's part of why it's a good idea to start the search for the next executive director real soon now. :)

May 06, 2015

Permalink

Would also like to thank Mike Perry and the other TBB developers, and also a big thanks to Moritz Bartl for the Tor Diversity Project, which I think is an important step towards addressing a longstanding concern. Documentation is really critical because some of us have never set up any server and are only interested in doing that because we'd like to give back to the Project somehow (and possibly improve our own opsec).

But please be on the alert for any evidence that our enemy is "shaping" Linux (especially kernel.org and debian.org) or the BSDs to enable their global spying.

Also, I request that reader comments on priorities for Tor Project under the next Director be solicited in a new post in this blog. I have some ideas, and others probably do also. Thanks.

Well, for now my priorities are to help make sure that we can accomplish all the things we've already committed to doing.

We do indeed need to think about the future too, and that's complicated by the fact that we need to think about sustainability as well -- for example, how to fund the things that we'd like to have as priorities.

So for your suggested priorities, they'll need to come with plausible ways to make them actually be able to come true. We are indeed planning to continue exploring crowdfunding and small donor community growth, but those two examples are easier said than done well.

May 06, 2015

Permalink

> Tor has not enough people and far too much to do.

I have been thinking about how the Project can possibly address this in a Five Year Plan.

I repeat my request for clarification from a certain academic you (arma) know who works on stylometry for DARPA MEMEX about the nature of her intentions toward Tor users. Basically: whose side is she on?

Wait, what? I think you are deeply confused. I can't answer your request for clarification because you seem to have some facts wrong and I don't know which ones.

Are you talking about Rachel? If so, a) she's not part of Memex, and b) you should look at all of their CCC talks, and the fact that CCC keeps inviting them back for more talks, because they're part of the CCC community. And if that's not enough for you, I'll try to be clearer: she's on the side of understanding security so we can build safer systems.

May 06, 2015

Permalink

One thing I'd like to suggest for the future: more emphasis on lobbying politicians in the US/Europe who may become "Tor-friendly" if someone credible can explain to them why Tor is so important for participatory democracy around the world-- and how their staffers can use Tor to improve their own cybersecurity while researching issues on-line.

Most of us tend to despise elected politicians-- not without reason-- but the fact remains that anything we can do to encourage them not to pass further oppressive and anti-democratic dragnet-surveillance-enabling laws, such as the recent Vomit Law in Spain (which targets a critically important partner of the Tails Project, Riseup Networks) would be helpful. And it is important to always bear in mind that Tor or citizen cryptography need not be made *explicitly* illegal in order for these necessities to be made *effectively* illegal.

I suggest that you consider hiring a professional lobbyist to track Tor-related legislation in the USA. I know... ugh. And this might not be cheap. But we need to counter the relentless anti-Tor propaganda from FBI/NSA infesting the American mass media. When asking US Tor users to contact their representatives, stating bill numbers can be very useful in helping harried staffers to figure out which pro-surveillance bill we are complaining about, and this information can be tracked by a lobbyist, who may also be able to arrange meetings between you (arms), Nick, and politicians or key staffers.

In the near future, please watch these very closely:

o CISA (too late, you say?)
o Fast Track Authority for Trans-Pacific Partnership trade treaty (too late, you say?)
o the Atlantic trade treaty which is even worse and may affect Tor even more severely
o proposed changes to Rule 41(b) of the US Federal Code of Criminal Procedure, which will apparently become law in January 2016 if the US Federal Congress fails to intervene.

The last of these appears to *explicitly* authorize FBI to use malware to illicitly intrude into, exfiltrate private data from, and even to destroy *any computer anywhere in the world*, without obtaining a search warrant from any court whose opinions are issued to the public. This "authorization" is merely implicit in CISA and TPP.

We know from the example set by the Dutch National Police, as previously discussed in this blog, that FBI is likely to target Tor routers with destructive malware, even without (manifestly unconstitutional) legal "authority", but it is important to oppose their efforts to place a veneer of "legality" over state-sponsored criminality.

One reason why trade treaties are potentially dangerous for Tor is that these set up super-national tribunals, whose judges would very likely include surveillance-military-industrial-complex lobbyists, which can override national legislatures, for example by voiding health information privacy laws, mandating encryption back doors, and so on. The reason why FTA (Fast Track Authority) is important is that if the US Congress passes this, it will have explicitly abandoned the role laid out for the Senate in the US Constitution with respect to reviewing, debating and ratifying (or not ratifying) international treaties, to such an extent that even a minor typo in the language of the Treaty will be unfixable.

One reason why US bills are particularly important for the Tor community is that the Project is based in the USA and therefore directly subject to US law, as are many key developers. Further, USA, Russia and China, are all playing major roles in driving the global "race to the bottom" in enacting oppressive dragnet surveillance legislation. Any success in stopping even one dangerous US law makes it just a bit harder for countries like Spain, France, or Netherlands to pass similar legislation. (And conversely.)

Another important long term goal involves reaching out more effectively to serious tech journalists (i.e. not the usual US militarist-media whores). Hiring a media director is an obvious step toward the latter goal, so thanks for that!

Along the same lines, I hope the Project will work to develop closer ties to organizations like Human Rights Watch and Reporters without Borders, which (unlike some USG Tor sponsors we could name) do not automatically conform to current USG foreign policy or cyberwar doctrine. Signing open letters also signed by organizations like HRW, Access, EFF, ACLU can send a useful signal that the Tor Project is serious about distancing itself from potential undercover USG influence through murky public-private partnerships like NED.

Lastly, I hope you will make it a priority to reject funding from any organization or company (SRI is a Tor sponsor, really?) which prevents the Project from openly disclosing the identity of such sponsors. Many Tor users around the world are likely to be rightly suspicious of the motivations of DARPA, SRI (yes?) etc in funding Tor.

Actually, we had a friend from ACLU suggest a lobbyist to us a few years ago. But we decided that the $100k or whatever that they wanted would be better spent on developing better privacy software. It's all a tradeoff, but we decided at the time that we should stick to the things that only we can do well, and hopefully the variety of other privacy advocacy orgs out there will help with the broader fight.

As for your last paragraph, most of our funders are fine with being named. And strangely, the ones you find most sketchy are the ones that are most fine being named. It's the ones where you'd say "That's weird, they're actually a normal non-profit, why would they want to be anonymous" that have asked us not to name them. The reason we don't provide a "sponsor letter to sponsor name" map for the rest is because we study anonymity, so we know that publishing all of the mappings except the ones that wanted to stay anonymous doesn't work.

That said, please do check out our sponsors page and our public financial documents:
https://www.torproject.org/about/sponsors
https://www.torproject.org/about/financials
https://blog.torproject.org/blog/transparency-openness-and-our-2013-fin…

(We'll have the 2014 financials up once our 2014 audit is complete.)

We aren't actually hiding any of it very well -- just enough to keep the superficial journalists from writing more sensational articles and wasting more of our time.

May 06, 2015

Permalink

> We're both full-time in several other roles in Tor. So indeed, it is totally the case that Tor has not enough people and far too much to do. That's part of why it's a good idea to start the search for the next executive director real soon now. :)

Agreed. I suggest that the ideal candidates would be:

o known personally to at least some core Tor developers,

o known by reputation to many Tor users,

o possess an impeccable record of pro-democracy, pro-human rights, pro-privacy advocacy,

o possess proven executive skills, because growth is unavoidable but must be carefully controlled to avoid fragmentation (something our enemies will seek to promote, so watch out),

o a strong technical background, especially in software development, would very desirable but possibly not as important as the above desiderata; however, I think that candidates must clearly appreciate that in the end the people who are truly *essential* for the success of the Project are the developers, not the executives, media reps, or lobbyists (if any),

o lack of "baggage" which could be used by our enemies to harm the Project, such as substantial previous employment for USG, especially USIC agencies or contractors,

o lack of visible inclination to move on to another job after only a few years.

A suggested interview question for candidates: suppose that

o Waltham boldly declares itself an Open City and ratifies a Constitution strongly protective of civil rights,

o the USG, busy warring with Iran, fails to react with military force to Waltham's Declaration of Independence,

o Iceland quickly opens an embassy in Waltham,

o Putin, busy warring with Finland, is persuaded to look away while Edward Snowden is smuggled into Waltham inside the Icelandic diplomatic pouch (for those who don't know, this term can cover a livable shipping container).

What position at the Tor Project would you, as Exec Dir, offer to Snowden? Explain.

May 09, 2015

Permalink

> Are you talking about Rachel?

Yes.

I tried and failed numerous times to ask you in private to rely my concern to her (rephrased using your own words of course).

[...]

Ok. Sorry, but I removed the rest of your lengthy comment here -- I have no interest in getting into a discussion of my wife's character on the Tor blog.

I believe you that you failed to ask me, or her, in other contexts. But that's still the right thing to do.

In the mean time, I encourage you to learn more about the academic security field. Attending some academic security conferences (e.g. Usenix Security, coming up in August) might be a great opportunity for that. And to talk to many people in the field.

May 12, 2015

Permalink

> What is the exact reason why Andrew Lewman cut ties from The Tor Project?

I am mystified also, and I hope he will tell us himself, when he has a chance, why he moved to his new job and what it is.

However, there's no reason to make too much of his sudden departure. Sometimes people are offered an unexpected time limited opportunity and start a new job suddenly. That's usually a rather busy time, so it is not very surprising that he's not spoken up yet. But I hope he'll explain everything when he gets a chance.

I would be very astonished and dismayed if the unnamed IT services company turned out to be Leidos (SAIC) or BAH, but I optimistically assume we'll all be happy when we find out where he is working now.

May 12, 2015

Permalink

> I removed the rest of your lengthy comment here

Did a link go missing?

My concern is the same one which has been repeatedly mentioned by many Tor users: if the Project depends mostly on USIC connected funding, it will be difficult to avoid having our growth controlled by our enemies, or even being "captured" by NSA.

You mentioned ties to CCC (good), but then I see the name of Robert Morris, whom I presume is *that* Robert Morris.

(If anyone doesn't understand the apparent contradiction, read The Cuckoo's Egg from a CCC perspective instead of the author's perspective.)

We must recall how NSA "shaped" key cryptographic protocols, for example by ensuring the adoption by NIST of a weak PRNG. Where did the NIST people go wrong? By developing personal relationships with NSA people whom over time they grew to trust.

Trusting spooks, that was their mistake, and it was a very big one, with enormous consequences for the entire Internet.

I am not one of those who feels that privacy advocates have to cut all their personal ties to spooks, but I do feel that spooks can never be trusted. Everyone who deals with them in any capacity should always assume that every interaction represents an attempt to manipulate and deceive. Because that is not simply their job, it is their entire ethos.

And if NSA has too much influence over the Project's purse strings, is it really unreasonable to fear that they will do whatever they can to ensure that rate at which they can develop new attacks on Tor always outpaces the rate at which the Project can develop improved defenses?

In his book Black Code, Ron Deibert discusses a very similar issue: potentially "tainted" funding from Google:

> a full disclosure is in order: like many other Internet research groups, the Citizen Lab has benefited from Google donations, and, particularly, it is a host organization in the annual Google Policy Fellow Program, which funds a visiting researcher placed in Citizen Lab each summer. This support is fully transparent and comes with no strings attached. Should that change, the Citizen Lab would not accept financial support from Google.

Compare the entirely inappropriate secrecy surrounding major funders for the Tor Project, which I understand include such entities as NED, DARPA, and SRI, none of which are independent of the USG. SRI and DARPA in particular have always had very close ties to USIC, in fact, have always been virtually part of USIC.

The extent to which USIC has infiltrated every part of US society, even to the extent of "former" spooks winning elected office without revealing the full extent of their USIC ties, is terribly corrupting and does much to explain the strange absence of real debate on crucially important policy issues such as renewing (or not) the NSL provisions of the PATRIOT Act.

One of the most important things you could do as Interim Director is to insist upon complete transparency. If your mystery Funders say, "Well, we can't revise a Federal law just for you", well, USG has been ignoring the law for many years, so you should say "In that case, you're plainly not serious about funding Tor, so take a walk".

All other things being equal, it is not good to have Tor and Citizen Lab (for example) competing for the same funds from the same sources (for example, Google), but the Project simply cannot continue to accept murky sources of funding with undisclosed USG ties. Please discuss this with Ron Deibert if you are not yet ready to concede this point.

> Attending some academic security conferences (e.g. Usenix Security, coming up in August) might be a great opportunity for that.

We should attend not to teach them but to turn them.

We require leakers to bring out documents from China, Russia, Israel, and we must redouble our efforts to recruit more inside leaks from the US surveillance-state too, particularly regarding predictive analysis applied on a national scale to all US persons, not just to presumed ISIS operatives in Syria.

Our funding really isn't murky. I'll try pasting those URLs again here:

https://www.torproject.org/about/sponsors
https://www.torproject.org/about/financials
https://blog.torproject.org/blog/transparency-openness-and-our-2013-fin…

I have indeed talked to Ron Diebert about funding topics. And as for funding for academic research (mostly not related to Tor, but I know a lot of researchers because I try to help them do good things for Tor), I again encourage you to actually attend academic research conferences, because you really sound out of touch with how university funding works.

May 14, 2015

Permalink

> What is the exact reason why Andrew Lewman cut ties from The Tor Project?

It is not clear to me that "cut ties" is accurate, but as more time goes by without sufficient explanation, my concern is also growing.

All we have been told so far is that Lewman suddenly left to take another job at an "IT services company". When he has time I hope he will explain (somewhere, in public) what he is doing now and what he thinks about future directions for the Tor Project.

I certainly hope

o he was given an exciting opportunity and jumped at the chance,

o he departed on good terms,

o his new employer and job will turn out not to be concerning,

o he will continue to play some positive role in Tor.

But in an information vacuum, with

o nasty "social disruption" strategies used by GCHQ's JTRIG unit against NGOs perceived as "security threats" to HMG, as enumerated in their own OCEAN briefing as published by The Intercept,

o Gamergate (Tor edition) in the recent past (but not present, I hope?),

o unwilling "human research subjects" (aka random Tor users) under continual threat from murky and apparently highly unethical "academic research projects", often funded by DARPA (whose intentions toward us would not appear to be friendly),

o Tor apparently currently under threat from various agencies operated on behalf of various governments,

users will be understandably concerned by his sudden (and at present somewhat mysterious) departure.

We must bear in mind the fact that "Executive Director of Tor Project" is not just any job. We are talking about the leadership of one of the most needed, most sensitive, and most threatened NGOs in existence. Tor is directly targeted by powerful and lethal governmental organizations, and we know this with certainty thanks to Edward Snowden's courage and determination.

One cannot say this enough: thanks to Snowden, many knowledgeable people who once dismissed all "FVEY conspiracy theories" as "paranoia" now admit that if anything the paranoids were not paranoid enough. At the same time, we must all struggle not to become so paranoid that we enable the very disruption tactics which before Snowden were employed against us (mostly) without our knowledge.

Andrew had been drifting apart from the Tor community for something like a year now. This is why Kate and Wendy phrased their blog post as 'a new era'. There is no conspiracy.

We're going to continue turning things around and be more interactive and more supportive: we're starting that inside the Tor developer community, and once we've got that working well, hopefully you'll see the effects outside the Tor developer community as well. The additions of Kate and Isabela, and the collaboration with Sue, are examples of the new direction.

That said, if you could tone down your rants a bit, you would sound less like JTRIG, and we might find it more fun to answer you.

May 17, 2015

Permalink

(Some claiming to be) Nick mentioned a contentious conference call you and he and others were on which put him in a "very bad mood". This tends to heighten my concern that you and he are overworked, and I hope the search committee is aware that they need to move quickly to reduce the strain on key staffers. I can see that you are dealing with problems technical, financial, organizational, political, and it is good that you appear to recognize that all of these are unavoidable in project like this, so none of them can be ignored. The only solution is to spread the load.

Yep. But at the same time, we need to be aware that hiring one new person, and dumping all of the load on that person, is really not going to work by itself either.

Years ago, when we were a bit smaller, we could afford to have very little "structure" and overhead in Tor the organization, since we were a free software project writing free software. Now, with the world talking about surveillance, and the attention of large governments and millions of users, there are many other topics we must address in parallel.

That means growing the organization to be able to handle them, which also ties into the funding angle because few funders care to fund things like "operations" and "management" (compared to more traditional funding like adding some shiny new feature to the software we write). It all has to happen at once. We're getting there!

May 17, 2015

Permalink

Thanks for clarifying.

> That said, if you could tone down your rants a bit, you would sound less like JTRIG, and we might find it more fun to answer you.

Could you be more specific? Is the problem that Comey is threatening to shut down Tor if you permit "rants" criticizing oppressive internet policies of US, Russia, China, UAE...? Or is the problem that you want to promote in this blog academic research on real Tor users by US academics who accept funding from DARPA? If the latter, please don't confuse raising the funding issue with some kind of personal attack. I stress again that the funding issue (which has been raised by many Tor users for many years) is not about any specific researcher's character or good intentions, but about the status quo in the stem, network security and on-line social academic research communities, which some critics fear underestimates the risk that accepting USG funding (especially DARPA, NSA etc but also CDC, NSF etc) enables the enemies of privacy not only to "shape" what research is published but possibly also to misuse raw data such as survey data concerning threatened groups.

May 17, 2015

Permalink

> (We'll have the 2014 financials up once our 2014 audit is complete.)

Good. I have been worrying about not finding the FY 2014 statement.

> Actually, we had a friend from ACLU suggest a lobbyist to us a few years ago. But we decided that the $100k or whatever that they wanted would be better spent on developing better privacy software. It's all a tradeoff, but we decided at the time that we should stick to the things that only we can do well, and hopefully the variety of other privacy advocacy orgs out there will help with the broader fight.

Makes sense, and I certainly don't want to try to second guess you on such hard decisions. We agree that the Project faces many threats including the problem of maintaining financial viability while addressing political threats from people like Comey, all while somehow keeping technical development moving forward and obtaining adequate feedback from the user community.

I think there may be something analogous to a "steep learning curve" here: the threats which the Project currently confronts are very complex and they all seem to be urgent, but I hope and believe that if you all can somehow persevere, at some point you should notice dramatic and rapid improvement in the Project's ability to withstand financial, political, and technical threat. Then using and developing Tor should be less stressful and more fun for everyone.

> We aren't actually hiding any of it very well -- just enough to keep the superficial journalists from writing more sensational articles and wasting more of our time.

I certainly hope that your press team (of one?) will be able to handle "the Pando issue" proactively, by fostering good lines of communication with journalists and ultimately changing attitudes of those who are teachable. One journalist who has done a really good job of rendering privacy issues comprehensible to baffled newbies is Julia Angwin, and I suggest her book Dragnet Nation as a model of how to explain why Tor matters. (I have no financial connection to her or the book.)

One specific general privacy/security/civil-rights/human-rights issue where I'd like to see more press outreach is in publicizing Tor's role in combating the rise of mostly Western based companies offering to governments and corporations:

* OSI monitoring of "hostile" blogs as service

* national level dragnet surveillance systems

* cyberespionage as a service

* cyberwar as a service

Perhaps torproject.org website should offer some links to Bloomberg's series "Wired for Repression", WAPO's series "Top Secret America", Wikileaks's "Spy Files", Citizen Lab's technical malware analyses, country reviews from HRW and RSF (the best of which offer extensive information on internet policies), etc. Perhaps the Project can even endorse or at least help to publicize appeals from The Intercept and other journalism outfits for more leakers, including leakers with documents from some of the bad actors other than the FVEY nasties. To mention just one example: someone in China knows a great deal about the Great Firecannon, and there is a clear global public interest in getting that person to leak documents. That person would be no less endangered that "the second leaker" in the US. But Tor can potentially help journalists protect their sources, and that is something in which the Project should take great pride.

October 02, 2015

Permalink

arma explained:

> Andrew had been drifting apart from the Tor community for something like a year now.

http://www.businesswire.com/news/home/20150803005345/en/Norse-Appoints-…
Norse Appoints Andrew Lewman as First VP of Data Development
Technology Executive to Lead New Live Threat Intelligence Initiative
3 Aug 2015

> FOSTER CITY, Calif.--(BUSINESS WIRE)--Norse, the leader in live attack intelligence, today announced the appointment of Andrew Lewman to the newly created position of vice president of data development. In this position, Lewman will combine his vast technology expertise in a variety of fields — including information security, systems administration and data management— with his executive management experience at the Tor Project, TechTarget and other organizations to extend Norse’s lead in gathering, processing and applying live threat intelligence for the next generation of enterprise security solutions.

> “My work directing and managing the Tor Project over the past six plus years has provided me with a unique perspective on the darker recesses of the Internet. My close proximity to the variety and changing nature of the cyber threats being perpetrated there by individuals, criminal and state-sponsored organizations and governments has given me an appreciation for the kinds of challenges enterprises and security organizations like Norse must confront,” said Andrew Lewman, vice president of data development at Norse. “At Norse, I will be able to apply my diverse background and work with the amazing group of security professionals to develop new ways to improve the quality, depth and breadth of the live threat intelligence data to counter the ‘perfect storm’ of cyber threats we see today.”

> Most recently, Lewman was executive director and CEO at the Tor Project, a non-profit technology organization that provides online anonymity software tools used by over 2 million Internet users daily in more than 200 countries. In this position, he grew Tor from a three-person non-profit to a 50+ person company in eight countries with a pool of over 5000 volunteers in 89 countries. As the public face of Tor, Lewman provided dozens of press interviews and participated in speaking engagements weekly in addition to managing relationships with the U.S. Department of State and Department of Defense, DARPA, and numerous international organizations.

...

> Norse is the global leader in live attack intelligence, helping companies block the threats that other systems miss. Serving the world’s largest financial, government and technology organizations, Norse intelligence dramatically improves the performance, catch-rate and return-on-investment of the entire security infrastructure. The Norse Intelligence Network, a globally distributed distant early warning grid of millions of sensors, honeypots, crawlers, and agents, delivers unmatched visibility into difficult-to-penetrate geographies and darknets, where bad actors operate. Norse processes hundreds of terabytes daily against a 7-petabyte attack history database, and weighs over 1,500 variables to compute real-time risk scores for millions of IP addresses and URLs every day. For more information, visit www.norsecorp.com.

Statements which jumped off the page include:

"compute real-time risk scores for millions of IP addresses and URLs every day"

"Norse Intelligence Network, a globally distributed distant early warning grid of millions of sensors, honeypots, crawlers, and agents,"

"As the public face of Tor, Lewman ...[managed] relationships with the U.S. Department of State and Department of Defense, DARPA, and numerous international organizations."

"Lewman will combine... technical expertise ... [with] his executive management experience at the Tor Project ...to... gather, process and apply live threat intelligence"

Sounds like Andrew might be using his insider knowledge to help Norse deploy large numbers of snooping exit nodes, or something of that nature. Would this have a detrimental effect on user anonymity?

Comments?