We're Welcoming Two New Members to Our Board of Directors
Today, we're welcoming two new members to our Board of Directors: Julius Mittenzwei and Ramy Raoof.
“Julius and Ramy bring a wealth of diverse experience in internet activism and organizational leadership to Tor’s Board,” said Shari Steele, Executive Director of the Tor Project.
About Julius Mittenzwei
Julius Mittenzwei is a lawyer and internet activist with 19 years of leadership experience as an Executive Director and entrepreneur in the publishing industry. He is a longtime Tor advocate with a background in the Free Software movement and member of the Chaos Computer Club (CCC), one of the oldest hacker collectives in the world. Along with CCC, he has been running Tor nodes since 2005. As a lawyer, he has represented several Tor exit node operators accused of abuse. He holds a PhD in Copyright Law from LMU Munich.
About Ramy Raoof
Ramy Raoof is a technologist and privacy and security researcher with a passion for free/open culture. He has provided and developed digital security plans and strategies for NGOs and members of the media, emergency response in cases of physical threats, support on publishing sensitive materials, secure systems for managing sensitive information, and operational plans for human rights emergency response teams, in Egypt and the MENA region. Most recently, Ramy has been volunteering with different NGOs and civil liberty groups in Central & South America, to enhance their privacy and security through means of behavioral change based on understanding surveillance and threat models in their own contexts and environments. Among different hats, Ramy is Senior Research Technologist at the Egyptian Initiative for Personal Rights (EIPR), Research Fellow with Citizen Lab, and currently a volunteer visitor with Fundación Acceso assisting collectives and networks in Central America around infosec and activism. He is also an Internet Freedom Festival Fellow on security and privacy best practices. Ramy has received multiple international awards for his important work. Most recently, Ramy received the 2017 Heroes of Human Rights and Communications Surveillance from Access Now earlier this month.
About the Tor Project
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding. For more information, contact Stephanie A. Whited at email@example.com.
Great news! And welcome to the newcomers.
I want to make sure the Board is aware that FBI and DOJ continue to press Congress to outlaw unbackdoored citizen cryptography. In particular, Rod Rosenberg has mentioned "OS updates" as something LEAs "must" [sic] be able to mess with in order to insert malware into the downloaded patches. This appears to target the wonderful and invaluable initiative by Tor Project and Debian Project to provide onion mirrors for the Debian repo. And as recent reports about Python show, this program should be expanded to CPAN (Perl), CRAN (R), SciPy repo, and other crucial tools often used by FOSS coders. (CRAN isn't even cryptographically signed, an appalling circumstance.)
GOP rep on responsible encryption: 'You can call it whatever you want'
12 Oct 2017
> On Tuesday, during a talk about encryption at the Naval Academy, Deputy Attorney General Rod Rosenstein gave his most thorough remarks on the subject. “Responsible encryption is achievable. Responsible encryption can involve effective, secure encryption that allows access only with judicial authorization. Such encryption already exists," he said. Rosenstein pointed to the systems used to update software as one example of "responsible" encryption. A vulnerability in that update process led to one of the largest cybersecurity incidents in the last year, when attackers attached the NotPetya malware to an update in Ukrainian accounting software. NotPetya ultimately crippled the global shipping industry and major unrelated firms.
In other words, Rod Rosenstein is calling for cryptographically protected software updates, *provided* that a backdoor is provided for USG (and anyone else who can figure out how to exploit the backdoor, of course). Cybersecurity experts uniformly oppose software backdoors, of course, because these are built-in security vulnerabilities. The physical analogy: RR is calling for all homeowners to install shiny new locks, and demanding that they all place a copy of the key under the doormat. If such legislation were enacted, it would not take GRU or criminals very long to discover that they only need lift the doormat to access every US citizen's private information.
Also, Tor users in the US can join EFF members in asking their Congressional representatives to vote against the 702 reauth, particularly the "backdoor searches" by FBI and other agencies, which might actually succeed if we can ramp up grass-roots opposition:
Opposition mounts against bill to renew surveillance program
By Katie Bo Williams
12 Oct 2017
Goodlatte’s proposal would place modest limits on the NSA by requiring officials investigating ordinary crimes to obtain a court order before viewing the content of any communications collected under that program, including those sent by Americans. The legislation does not place the same limits on national security investigators, who are believed to use the database far more frequently. “The bill’s primary reform creates a loophole where backdoor searches of U.S. persons can continue ostensibly for ‘foreign intelligence purposes,’” civil liberties advocacy group Demand Progress wrote in a release commenting on the measure. “This makes it likely that the exception would swallow the rule.”
Both Republican and Democratic members oppose Goodlatte's reauth bill.
More evidence has recently surfaced which confirms that NSA and FBI are exploiting backdoor searches to obtain the medical and banking records of many--- perhaps all--- US citizens, for example by snagging data in transit during improperly secured backups.