Day of Action: Stop the Changes to Rule 41

Today and tomorrow, the Electronic Frontier Foundation is partnering with the Tor Project and a broad coalition of groups for a Worldwide Day of Action protesting changes to Rule 41 of the US Federal Rules of Criminal Procedure. These changes will allow federal magistrate judges to grant search warrants to the Department of Justice (including the FBI) to legally hack into computing devices that use Tor or a VPN—-wherever the devices are--starting on December 1, 2016. EFF has organized a coalition of organizations and companies—from Fight for the Future to PayPal—to oppose these rules—but this is an uphill climb, and we need your help.

The broad search warrants allowable under these new rules will apply to people using Tor in any country—even if they are journalists, members of a legislature, or human rights activists. They will allow the FBI to hack into a person’s computer or phone remotely and search through and remove their data.

There are already examples of the FBI using one warrant to gain access to thousands of computers, and US Senator Ron Wyden has said that "Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once."

This pattern of abuse will only be exacerbated by more judges issuing these hacking warrants. The warrants must still be part of a criminal investigation and issued by a judge, but we're deeply concerned about the dramatic rise in government hacking this rule change is likely to cause.

The purpose of tomorrow’s Worldwide Day of Action is to educate people and mobilize them to act--either by signing a petition or emailing US Congress (depending on where they live). Then, members of US Congress will use this public pressure to try to pass the “Stop Mass Hacking Act” (#SMHAct), draft legislation that would block these rule changes.

Senator Wyden (D-OR) and a bipartisan group of members of Congress
are sponsoring this bill. They are deeply troubled that such sweeping infringement on personal privacy is happening through a seemingly trivial rule change.

Already, many Tor users can view the campaign banner on the Tor website and click through to sign the petition or contact US Congress. A special campaign website ( will launch starting at about 9:30 am UTC Tuesday. If the banner isn’t working for you, go directly to after that time.

Please sign the petition or contact Congress, and then tweet and retweet about this situation--all day if you can. Email your lists. Tell your friends. Tweet photos of yourself (or your cat) with a handwritten sign.

Do whatever you think will help get people to act.

What the hell is America thinking?

You probably wrote in haste, but just be make sure, let me offer an important correction:

The bad guys are the worst element of the American government (FBI, CIA, NSA, NCTC, the military planners eying "mega-cities" such as Rio for future invasion), not the American people, who are almost entirely ignorant about what their government is thinking, because the bad guys control the "mainstream" media and make darn sure the word is not getting out.

Among the few exceptions are a small number of journalists such as Glenn Greenwald, Julia Angwin, Kim Zetter, and David Kravets, who have consistently continued to write about things the USG doesn't want anyone to know about, such as NSA/GCHQ social media "effects" operations, state-sponsored hacking, the questionable ethics of "signature" drone strikes, the fact that several US Attorneys General have pointedly refused to rule out USG drone strikes on US citizens inside the USA, the fact that FBI's precrime programs will ultimately explicitly target preschoolers aged 2-7 years old... and I could, unfortunately, go on and on and on. But at least some journalists are still courageous enough to try to tell their readers what the USG is thinking, what they are planning, in darkest secrecy, to do to the rest of us.

In my view, the American people are bewildered and frustrated by the way the USG consistently ignores their needs and desires, too overwhelmed and depressed to find the energy to use tools like Tor to do some on-line reading of articles by journalists like those named above. Too aware that every time some mass shooting occurs, "mainstream" journalists at ABC, CBS, NBC, NYT, WaPo start screaming that the killer was a "loner" who "spent too much time on-line"... Yes, in 21st century America, simply reading the news (on-line of course) makes you a terror suspect. Simply being a "troubled" citizen makes you suspect. A candidate for watch-listing, and perpetual re-examination (automated of course) by agencies such as NCTC, FBI, CIA, NSA... agencies which are falling over each other in their eagerness to wreak devastation upon the lives of people all over the globe, beginning (of course) with the most defenseless persons: the very poor, the homeless, the mentally ill, and (most outrageous of all) very young children unfortunate enough to be born into poor or "troubled" households.

If you are talking about legal ownership of computing devices and copies of software, that is surely not true.

If you mean that NSA has pwned all the world's computing devices, that is almost certainly also not true. But not for lack of trying.

Tor can perhaps help keep them out of our personal lives.

Remember: they have a huge budget and lots of supercomputers and technical expertise, but they have problems of their own. A small nimble organization like TP can actually be fairly effective, under some conditions, in frustrating some of their evil plans to "collect it all".

Because they can. If you can, why not? The sole two things why you won't hack into Pentagon or NSA is that you cannot and if you could, they would find and capture you anywhere, except the territory of USA enemies, but this only means you would be captured by the USA enemies, as Snowden is captured by Russia and have to hide even from Russians (because there can be USA spies among Russians).


June 22, 2016


Apparently "national sovereignty" and "human rights" are an alien concept to *some* people in Congress/the USG now (unless, of course, it only applies to US, and NOBUS)...
Why, because people in other countries are "lesser beings" now? Or have you forgotten that US != the world?

Petition signed, spreading the word.
Keep up the good fight @Tor Project/EFF/everyone else signing this petition and doing whatever they can to stop this evil!

i doubt that an eu world (latin or arab) be better than a german one ...
i doubt that an asian world be involved in the ambition to become an us state.
i doubt that an hispanic world be worst than a uk one.
i doubt that an african world be happy with a us flag.
i doubt that the usa world (black or white) be intelligent.
i doubt that US ! =the world.
i doubt that the devil be the money that us spent for their standing.
The u.s.a. intends on using its own resources without your agreement for its own interest _ they do not like sharing _ this egoism, egotism,cupidity is the heritage of their short & lost history ; it is not an argument for judge them as "the devil" ; they are not !
i am certain that they think they are right doing bad thing in a bad manner for bad reasons as deviant do every where with or without weapon, laws, authority ...
i doubt they realize that the others countries are not their friends and more than the half of the us citizens are hating America.


June 22, 2016


Useful links for the Rule 41 campaign can be found at this EFF page:…
We Made the Message Loud and Clear: Stop the Rule 41 Updates
It's Not Too Late to Write to Congress About the Disastrous Rule Change
Elliot Harmon
21 Jun 2016

> What happens when you try to push a dangerous policy through without the Internet noticing? The Internet fights back.

In the Guardian, Trevor Timm reminds us that FBI has been pushing hard for multiple abusive powers:

o the changes to Rule 41b (likely to become law on 1 Dec 2016),

o encryption backdoors (repeatedly shot down, but FBI keeps trying),

o expansion of NSL powers (secret subpoenas for anything, no judge needed),

o Shared Responsibility Committees targeting vulnerable populations (Muslim-Americans, "trouble" schoolchildren, the poor, the mentally ill, the homeless, victims of sexual/physical abuse),

o Privacy Act exemptions to NEXTGEN and FACE facial id programs,

o further extending secret counter-terror watchlists, making them even harder to challenge,

o making the "Lone Wolf" provision in the Patriot Act permanent,

o whatever I've forgotten.

And that is just in the arena of formaly policy initiatives. In the realm of informal secret actions, FBI has been busily

o helping militarize local US police forces with such paraphernalia as military grade Stingray type devices, night vision equipment, armored vehicles, grenades, assault rifles (to be sure, local crooks have those last items too because they are so easy to purchase with really no questions asked),

o coaching local police agencies on how to fool judges, juries, and even prosecutors with "parallel construction" and other tricks,

o bugging American courthouses all over the US, in order to listen in on lawyer-client privileges,

o listening in on lawyer-client conversations involving prisoners (right there that is more than one in a hundred Americans, every day),

o flying spyplanes and spy copters every day over a hundred US cities (these aircraft cost three to nine hundred dollars per hour to operate, are generally crewed by at least two full time FBI agents plus, sometimes, officials from other agencies, and are equipped with optical and thermal cameras, and sometimes with a particularly dangerous airborne version of the Stingray),

o secretly emplacing hidden cameras on utility poles in cities around the US, in order to spy on BLM activists, anti-nuclear activists, anyone who knew Pete Seeger, anyone who thinks James Comey should be fired along with the entire workforce of his horrid three letter agency, etc.,

o whatever I've forgotten.

As quietly as possible, the government is renewing its assault on your privacy
Trevor Timm
22 Jun 2016

> With their dangerous crusade for an anti-encryption bill in Congress all but dead (for now), the FBI and US justice department are now engaged in a multi-pronged attack on all sorts of other privacy rights – this time, with much less public scrutiny.

Some of the details can be found at these links:…
Congress Seeks to Expand Warrantless Surveillance Under the Patriot Act
Karin Johanson, National Political Director
& Adam Brandon, President and Chief Executive Officer, Freedom Works
22 Jun 2016

> How would you feel if the Federal Bureau of Investigation could get information about websites you visited or emails you sent – without ever getting permission from a judge? Would you begin to self-censor the websites you visited — maybe avoiding revealing sites? Or, avoid emailing your pastor, therapist, or lawyer? These scenarios may soon no longer be hypothetical.
> Some senators are looking for a way to expand Patriot Act provisions that allow warrantless surveillance of Americans. This morning, the Senate will vote on a proposal to expand the ability of the FBI to gather sensitive information about Americans’ online communications — potentially including browsing history, location information from IP addresses, and the to/from lines of an email — without a court order.
> While the FBI has labeled this merely a “typo” fix, it is anything but. To fully understand the disingenuousness of this characterization, a bit of history is helpful.…
EFF Urges Senate Not to Expand FBI’s Controversial National Security Letter Authority

> The controversial National Security Letter (NSL) statute could be significantly expanded under two separate bills currently being debated by the Senate. Every year, the FBI issues thousands of NSLs to telephone and Internet companies, demanding records about their customers and gagging the companies from informing the public about these requests. NSLs are inherently dangerous to civil liberties because their use is rarely subject to judicial review. But NSLs are not magic, and they don’t require recipients to do whatever the FBI says. Above all, the type of information available to the FBI with an NSL is quite limited, reflecting the need to tightly control the extrajudicial nature of this controversial power.
> The Senate’s proposed changes would allow the FBI to get a much larger range of Internet records, such as email to/from headers, Internet browsing history, and more, all of which it could not previously get with an NSL. Particularly given the FBI’s well-documented history of abusing NSLs, EFF opposes expanding the scope of this unconstitutional surveillance power to include even more revealing records. Yesterday we joined with a broad coalition of organizations and companies to urge the Senate not to pass these proposals.
Does Congress Need an NSL Autocorrect?…
FBI Wants to Exempt Its Biometric Data From Privacy Rules
Thor Benson
21 Jun 2016

> The FBI maintains a large database of biometric information called the Next Generation Identification (NGI) system, which includes fingerprints, iris patterns, photos for facial recognition and other data about millions of Americans. The agency recently sought to have this database exempted from rules laid out by the Privacy Act of 1974, rules intended to protect citizens from privacy violations and give them tools for finding out whether their records are included in the NGI system. This exclusionary bid by the intelligence agency has many civil rights groups concerned.
> In May, the American Civil Liberties Union, the Electronic Frontier Foundation, the Center for Democracy and Technology and other organizations wrote a letter to the FBI explaining potential problems this rule change could present. The letter explains that, while many of the records in the NGI system are from criminal cases, it also includes millions of records from people who were subject to background checks for matters such as naturalization documents or job applications. With such a large array of data in this system, advocacy organizations worry that personal information could be used for investigations for which it was never intended.
> “The biggest issue here is that the database will contain an enormous amount of biometric data about individuals who are not even suspected of wrongdoing, which will be searched hundreds or thousands of times a day by law enforcement looking for leads,” Gabe Rottman, deputy director of the Freedom, Security and Technology Project at the Center for Democracy and Technology, told Truthdig. “Even a small number of false positives would be an extreme threat to civil liberties.”…
Obama Should Demand FBI Director James Comey’s Resignation Today
John Kiriakou
13 Jun 2016

> [The Orlando massacre] will, of course, lead to the predictable arguments about gun control, Islam, mental health and immigration. Congress will offer “thoughts and prayers,” and nothing will change. But something ought to change, and quickly: that is the consistent failure of the FBI to do its job, to infiltrate domestic and foreign terrorist groups, and to prevent attacks on U.S. soil. This is not something new. The FBI has been incompetent for a very long time.

Very true. FBI's century of repugnant secret history is a long and sordid tale of evil minded repression of political dissent, but FBI is and always has been only only evil, but stupid, because that long and sordid history of oppression (the Palmer raids, mailing an anonymous letter to Martin Luther King urging him to commit suicide, decades of utterly unwarranted secret surveillance of folksinger and environmentalist Pete Seeger prompted by Pfc Seeger's letter to his congressperson protesting the unconstitutional internment of Japanese Americans during World War II, etc, etc) is also a century long history of abysmal failure to accomplish every "national security" mission it ever took on.

The fact is, the US Federal government would be wise to simply abolish FBI, which is and always has been an agency which is simultaneously dangerous and enormously wasteful. The same author (Tim Weiner) makes a strong case for a similar conclusion about CIA in his book about that other rogue agency. Former signals intercept operators James Bamford and Matthew Aid have made a strong case, in four books, for abolishing NSA too. And TSA? Abolish it! USSS? Abolish it! USMS? Abolish it!

Alas, these civilian paramilitary agencies are not the only rogue actors rampaging through the global internet. An old story worth reviving:…
Revealed: US spy operation that manipulates social media
Military's 'sock puppet' software creates fake online identities to spread pro-American propaganda
Nick Fielding and Ian Cobain
17 Mar 2011

> The US military is developing software that will let it secretly manipulate social media sites by using fake online personas to influence internet conversations and spread pro-American propaganda. A Californian corporation has been awarded a contract with United States Central Command (Centcom), which oversees US armed operations in the Middle East and Central Asia, to develop what is described as an "online persona management service" that will allow one US serviceman or woman to control up to 10 separate identities based all over the world. The project has been likened by web experts to China's attempts to control and restrict free speech on the internet. Critics are likely to complain that it will allow the US military to create a false consensus in online conversations, crowd out unwelcome opinions and smother commentaries or reports that do not correspond with its own objectives.

It follows that Tor Project needs to get the heck away from anything reeking of DARPA style criminality.


June 22, 2016


but ... have most of u.s enterprises yet implemented a backdoor allowing the control of the computers before the vote because they are working for us since a long time ?
but ... will we less exposed if the nationality was 'blank' , 'chosen', 'left' ,'abandoned', or who will be "a human being stamped civilized by the usa" after the presidential election ?
voting yes for Rule 41 is a step allowing us to be more on the side of hilary blingston than donald trump ... a world in the hands of a female as president will bring us the power to control everyone outside our country.


June 22, 2016


I believe that the concern is not with "Tor itself" (the core onion routing software) but with Tor Browser, a complicated piece of software with an unfortunately large attack surface. All the evidence from Snowden leaked documents (now about five years out of date) is that our enemies don't attack Tor itself or encryption itself--- that, they say, would be hopless--- but rather look for vulnerabilties in the other bits of code which make up the Tor Browser.

From time to time, over at tor-talk, someone whom I sometimes suspect is a USG operative gets the goat of Paul Syverson, coinventor of Tor (the onion router), and he dashes off a summary of how Tor was born in the bowels of a US Navy institution which performs basic research. From time to time, if the moderators in this blog will allow, it bears repeating that the USG, even the US military, is an enoormous institution, and not everyone who works there is completely evil all of the time.

John Brennan and James Comey are bad men doing evil things, who should be arrested and extradicted to The Hague to stand trial for war crimes, and to be subjected to extensive psychological testing by ICCT in order to determine how such awful persons come to commit such abhorrent criminal acts.

But Paul Syverson seems to be a pretty decent guy, and as an antidote to some of the "Tor was always backdoored" FUD, I quote his most recent account of the Birth of Tor:

>From: Paul Syverson
>21 Jun 2016
>> What tor designers knew from day zero is that a 'global passive
>> adversary' - that is their boss the US gov't - can simply ignore
>> the routing inside the network and look at the network's edges.

> I know I'm feeding the troll, but this is just crap. I invented onion
routing (with David and Michael) and designed Tor (with Roger and
Nick). We did not design it so that an adversary can just watch the
edges. We designed it to separate identification from routing. Nobody
told or requested us to make anything weak or less secure. The three
of us came up with the motivations and idea for onion routing ourselves
and argued for the usefulness of pursuing it further. And we designed
it to be as secure as we could and still functional. And, as many have
argued, usability and performance are security properties for traffic
and routing security systems. Indeed perceived usability and
performance are important, as are network and operator
incentives. David, Michael and I designed the thing to be secure. We
also explained that it needed to carry traffic for others, let others
run part of the infrastructure, and be open source for it to provide
security to any distinct enterprise or general class wanting to use it
to protect their communications. This is part of the security design
regardless of who builds, deploys, or uses it. There were onion
routing networks, e.g., the Freedom network from Zero Knowledge
Systems Inc., that, to the best of my knowledge, had nobody from the
U.S. govt. involved in its deployment or design (other than that it
was an instance of onion routing). It was designed and built by other
people who are wicked smart (smarter than me) and free to create and
build whatever they wanted. Somehow, this is what they chose to make.
> Some people early on when we were first publicizing and announcing
onion routing (e.g. I remember getting such a question at FC'97) asked
us why we weren't building pipenet. Such a network is theoretically
way more secure for some properties in idealized environments, but
even a single user can shut down the network by simply not sending.
That's not secure. In fact the first onion routing design in 95-96
was not subject to ready observation at the edges. (although somebody
watching all the links from every onion router to every other could
still learn much). The default configuration assumed onion routers
running on enclave firewalls with no separate clients. We explored
various padding and similar schemes to complicate observation of
traffic patterns, but I have yet to this day to see one that is adequately
practical to deploy and effective. These were things to try to add to
make the basic design more secure, but we could not find anything to
appreciably help here so did not incorporate it into the Tor design.
> If you ever find such a design, describe it. No credible researcher in
any scientific venue has ever claimed to have a system to be more
secure that essentially covers the general use case and userbase of
Tor. Mix systems, DC nets, buses, PIR, etc. are all very cool. And
subject to some strong environment and other assumptions can be more
secure than Tor against some classes of adversaries. I have worked on
and designed some of these cool systems myself. But compared to Tor,
each one of these has limitations that, as explored and designed so
far, would restrict to a small (hence more easily targeted) anonymity
set, or has untenable usability or performance problems, or generally
all of the above. It's funny that there's supposed to be this
intentional built in design weakness, and yet no scientist, engineer,
or mathematician in any country seems to have published a stronger
fundamental design. Hmm, perhaps you mean to imply that we who created
onion routing not only intentionally designed our systems to be weaker
than we could have but that we also have controlled all of the
scientific research and publication on secure system design by every
researcher in every country everywhere on the planet for the last
twenty years.
> Onion routing design has evolved. Tor has forward secrecy, which the
two main onion routing designs we introduced before it did not. (Nor
did the Freedom network.) But we did not come up with including
forward secrecy, that was first introduced in Zack Brown's
Cebolla. And we adopted it when we designed Tor. Tor added a directory
system after its first design, then evolved and improved design,
robustness, and trust diffusion of the directory system over time. Tor
added deterministic builds to further reduce the trust in Tor-built
binaries, and work to improve continues through this day.
> We have been completely forthcoming about our designs and any
limitations found by ourselves or others, including everything we can
empirically discern about end-to-end correlation risks from ASes,
IXPs, MLATs, etc. And we have always designed to be as secure as we
practically could. I'm not going to engage further. I do invite those
who might so engage to find any valid technical, empirically justified
stronger design that does not make significant compromises to
performance, cut off large chunks of the existing userbase, etc. I'm
dubious you will find any. But if you do, I'd be happy to pursue its

Hmm... lest anyone try to suggest that I must be dissing the heroic efforts of Mike Perry and the rest of the Tor Browser team to make it safer, let me say that I think that no-one has worked harder or more valiantly to protect Tor users from the world's most awful governments.

OK, my fellow Geeks, there is your daily dose of tech talk, courtesy of Paul Syverson.

Now let's get back to the question of how to make the likes of Comey and Brennan pay for their crimes, within the parameters set by the international legal system set up precisely for such miserable cases.

".....can simply ignore the routing inside the network and look at the network's edges...."

Not entirely sure what it means, but here in Europe it's swamped with CDN networks, and the fact it's possible to trigger a Tor browser changing at least the middle and exit relay SEVERAL times between many countries/IP numbers within 2-3 seconds, hence I believe by the "look at the network's edges" they may very well be able to TRIANGULATE your location.

Don't believe it? Check out here...
...and keep an eye on your Tor Button (click the TB to open it) and see how the circuits are changing very quickly while the web page is loading.
As far as I have noticed it has something to do with the DNS look-up that causes the triggering of the tor circuit changes, the Tor project team really have to look in to this ASAP!

I for one would always be happy to hear a clear summary of the technical details (with citations to the technical literature), if you care to provide one.


July 06, 2016


More reasons to urge the US Congress to block the changes to Rule 41, which come into effect in 1 Dec 2016 if Congress does nothing:…
Making Sense of a Troubling Decision: New Court Ruling Underscores the Need to Stop the Changes to Rule 41
Mark Rumold
30 Jun 2016

> We wrote about a case last week that was deeply disturbing: a federal court in the Eastern District of Virginia held that individuals have no reasonable expectation of privacy in a personal computer located inside their home. In this court’s view, the FBI is free to hack into networked devices (aka, pretty much everything) without a warrant.
> Fortunately, this is only the opinion of a single district court judge, so it’s not controlling precedent throughout the country. But the decision makes one thing clear: we need to stop the changes to Rule 41, amendments that will make it easier for the government to get a warrant to remotely search computers.
> First, the changes to Rule 41 are going to result in a lot more government hacking. And, as the decision in the Eastern District of Virginia illustrates, that dramatic increase in government hacking is going to occur in a legal environment where judges are struggling to understand the technology and the implications their decisions will have for people’s security and privacy. If law enforcement is going to be allowed to stockpile and exploit vulnerabilities to investigate domestic crimes, there need to be stringent safeguards on the circumstances when they can do this. And it’s up to Congress, not the courts, to create those rules. If Congress allows the changes to Rule 41 to go through, they’re effectively saying: “Courts, you figure it out.” As the recent court decision shows, that is a perilous path.


August 03, 2016


The FBI has no such authority as described here, even with the permission of congress. The U.S. constitution purposely did not create a general purpose federal police jurisdiction. The founders were well aware that this kind of power would be abused, and repeatedly said so on many occasions. But when it actually happened, nobody tried to stop it. There are countless examples like COINTELPRO and the warrantless wiretaps of civil rights activists where federal police were used as a tool of political repression.

Like every federal agency the FBI is subject to mission creep: the CIA illegally operates within the country and the FBI likewise expanded to foreign countries, instigating every terror plot which it claims to have foiled to justify its budget. According to various whistleblowers, this cooperation was again secured by illegal methods. Even if states could argue that the FBI has no Article I jurisdiction beyond the District of Columbia, supreme court justices could be bribed or blackmailed to rule in the federal government's favor... and this appears to have already occurred. When alcohol was prohibited, a constitutional amendment was required. But now they just do whatever they please through some regulation:

The commerce clause was intended to prevent states from engaging in domestic trade wars by taxing imports from other states. It also provided a neutral forum in the federal courts for the resolution of interstate trade disputes. But the gangsters in Washington seized upon this as a way to gain control over absolutely everything through a non-democratic process. They declared that everything in existence can be vaguely related to interstate commerce and thus subjected to federal regulation or prohibition without the ratification implied by the tenth amendment. The supreme court inexplicably accepted this nonsense, and now we live under the tyranny which the founders warned us about.

Our political system is like a flawed computer program which does not anticipate all of the ways the system could be hacked. There are no meaningful checks and balances against a corrupt congress and a supreme court which has been covertly compromised. Outside a literal or figurative secession, there is no long term fix unless you amend the constitution to provide more explicit and robust protections for liberty and due process. It might be a productive exercise to create a forum where patches can be proposed, so candidates for public office who truly want to represent the people will have a specific platform which they can endorse.