Just when you thought it was safe to surf the Silk
Road-replacement sites… Wired’s Kevin Poulsen
reported
this week on the FBI using hacker-like techniques to track
Tor users, in an effort the agency calls “Operation Torpedo.” So
far the agency says it has only tracked computers accessing
underground child pornography sites. But some privacy advocates
worry that the FBI’s antics could easily be expanded—or already
have.
Tor is the
software and open network that allows for anonymous web browsing
and accessing the so-called
“dark net” or “deep web”. It works by bouncing your
communications around a distributed network to effectively keep
your IP address from being linked to your web activity.
In 2012, the FBI busted a Nebraska man, Aaron McGrath, who was
hosting three dark-net child porn sites via three separate servers.
A federal magistrate
gave the FBI permission to modify the code on these servers to
deliver a malware program to any computers accessing those sites.
The “network investigative technique” (NIT), as the FBI calls it,
allowed the agency to identify IP addresses for these computers and
eventually led to 14 arrests.
While it’s hard to disagree with busting kiddie-porn proponents,
American Civil Liberties Union (ACLU) technologist Chris Soghoian
said there needs to be “a public debate about the use of this
technology … and whether the criminal statutes that the
government relies on” even permits it.
It’s one thing to say we’re going to search a particular
computer. It’s another thing to say we’re going to search every
computer that visits this website.
Soghoian noted that “the mere act of looking at
child pornography is a crime,” but “you could easily imagine (the
FBI) using this same technology on everyone who visits a jihadi
forum, for example. And there are lots of legitimate reasons for
someone to visit a jihadi forum: research, journalism, lawyers
defending a case.”
Let’s note that these “legitimate reasons” could all apply to
child porn sites, too, even if it may be less likely. In terms of
Jihadi sites: why should anyone need a ‘legitimate reason’ to
visit? Maybe you’re just curious. Maybe you’re thinking of joining
al Qaeda. Until you start engaging in criminal activity or the
planning of it, then the FBI has no right to just up and install
secret spyware on your computer.
Soghoian’s worries over the FBI spying on non-criminal Tor users
may have sounded paranoid until not too long ago. Post Edward
Snowden, they seem not just plausible but likely.
The National Security Agency (NSA) is admittedly monitoring
servers running TOR—though this week a Department of Defense (DOD)
spokeswoman
said neither the NSA or the DOD had received personal data on
Tor users during this monitoring. “This particular project was
focused on identifying vulnerabilities in Tor, not to collect data
that would reveal personal identities of users,” she told
Reuters. This particular project…
Reuters also notes that “she did not rule out the FBI or other
agencies obtaining the data.” The FBI declined to comment to the
news agency. The U.S. State
Department, meanwhile, has been funding Tor, while the
Russian govenrment
is offering a prize for cracking the Tor code.
from Hit & Run http://ift.tt/1tYayQM
via IFTTT