Senate Funding Bill For State Dept. Asks It To Figure Out Ways To Stop Bad People From Using Tor
from the good-luck-with-that dept
It would appear that Congress is not so happy that the State Department is a major funding source for the Tor project. Tor, of course, is the internet anonymyzing system that was originally developed with support from the US government as a way to promote free and safe access to the internet for people around the globe (mostly focusing on those under threat in authoritarian countries). Of course, other parts of our government aren't huge fans of Tor, because it doesn't just help activists and dissidents in other countries avoid detection, but also, well, just about anyone (except on days when the FBI decides to hack their way in).There has, of course, always been some tension there. There are always the conspiracy theorists who believe that because Tor receives US government funding it is by default compromised. Those tend to be tinfoil hat wearing types, though. The folks who work on Tor are not exactly recognized for being particularly friendly to intrusive government surveillance. They tend to be the exact opposite of that. And, of course, part of the Snowden revelations revealed that Tor was one tool that still stymied the NSA in most cases.
But it appears that Congress may be quietly trying to undermine this. On Friday, Politico had a tiny blurb in passing about how the latest State Department appropriations bill making its way through Congress includes some references to stopping "circumvention technologies" from being used by bad people. The Politico report suggests this is designed to apply more broadly to encryption, but reading the specifics it appears to be targeted straight at Tor. Here's the Senate report on the appropriations, where it discusses funding related to "internet freedom."
That, of course, was the reasoning behind Tor in the first place, but here Congress is now trying to put some limitations on what the State Dept. can do with its funds, including demanding that it seek out ways to stop bad guys from using technology like Tor. In the report, it's described this way:
...the Committee requires that spend plans submitted by the Department of State and BBG pursuant to section 7078(c) of the act include a description of safeguards to ensure that circumvention technologies are not used for illicit purposes, such as coordinating terrorist activities or online sexual exploitation of children.In the full bill, the key section notes that the funding shall only be available for internet freedom after efforts are made to stop bad people from using the tools.
... made available for the research and development of new tools or techniques authorized in paragraph (A) only after the BBG CEO, in consultation with the Secretary of State and other relevant United States Government departments and agencies, evaluates the risks and benefits of such new tools or techniques, and establishes safeguards to minimize the use of such new tools or techniques for illicit purposes.In case you're wondering, the "BBG CEO" is the CEO of the Broadcasting Board of Governors, the US government agency that manages media efforts around the globe, such as the Voice of America.
Make no mistake, this appears to be an attempt to sneak in an attack on Tor via Congress into the State Dept. Tor has been developed to provide the best absolute anonymity/privacy tools for people using the internet -- with the acknowledgement that it can be misused, because the people developing it recognize that the best way to protect the vast majority of its users is to build a system that is truly secure -- not one that artificially tries to limit its uses. Hopefully, this provision is changed, or else it may be eventually leveraged as a way to attack Tor, to attack Tor's funding and try to get the State Department to stop supporting such useful projects.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: congress, funding, state department, tor
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Dear Senate
The State Department is pleased to announce that we have figured out a couple of ways to stop bad people from using Tor.
First, we can ask them. Hey bad people, please stop using Tor.
Second, we can TELL them in an authoritative voice. Attention bad people. The US State Department orders you to stop using Tor immediately.
After evaluating these two approaches, our evaluation has determined that Good People (tm) would be unaffected.
Sincerely,
The State Dept.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
A new government test will be created that analyzes the color of one's skin.
(Sarcasm tag goes here. But I'm temporarily out due to frequent use.)
[ link to this | view in thread ]
Why pick on the State Department?
(_) FBI?
(_) DOD?
(_) CIA?
(*) NSA?
(_) All of the above
(_) None of the above
(_) Two of the above get into a jurisdiction pissing match
(_) Call up the Internet (listed in the phone book under "google")
[ link to this | view in thread ]
Re: Why pick on the State Department?
[ link to this | view in thread ]
Re: Why pick on the State Department?
You still on dial-up?
[ link to this | view in thread ]
"Senate Funding Bill For State Dept. Asks It To Figure Out Ways To Encourage The Public To Develop Its Own Open Source Tor Clone"
In other news, the State Dept. will also be looking into ways to stop bad people from using hammers to hit people.
[ link to this | view in thread ]
Re: "There are always the conspiracy theorists"
Hardy fucking har har.
Yep there are a LOT of people who believe the hype, including quite a few people who are employed to administrate parts of the Tor network. Tor is, and always has been a dissident aggregator.
IMHO Freenet is architecturally superior to Tor, though I don't use it either because it is java based, which makes subversion by autoupdating the JRE a practical institutional attack vector.
There are several burgeoning technologies that eventually will converge into a servicable reliable secure distributed comm framework. But no. Tor isn't it. Suggesting that it is, is delaying the eventual adoption of the technologies that will replace it.
I came to this conclusion after reading the Tor administrators mailing list archive a few years back. Yes I understand how it works. But I also understand what an overlay network is, and what flow switching is. And I also understand how bad an idea it is to use Firefox as a framework for a security application, even if it is just a client.
It is better to have a known problem, than a planted solution.
The problem that Tor presumes to fix dates back to when the OSI model was first conceived. They failed to consider that traffic would eventually be universally transmitted over connections that were managed by organizations that are antagonistic to civil rights. (which includes quite a few Tor nodes BTW) If they had, there would have been a specifically designated privacy layer between 3 and 4, or perhaps even lower.
It is unclear whether Tor was actually intended to do what it is sold as doing, or whether it was a red herring from the beginning. But no, IMHO it isn't anything near what the hype would suggest. You don't have to take my word on it. Read the mailing list archives and see how it is ACTUALLY being used.
Yeah, there are a lot of Tor people saying "we're winning". There were a lot of guys who said the same thing in German about the enigma machine. Oops.
[ link to this | view in thread ]
TOR is a tool to allow dissenters within oppressive regimes to report anonymously.
[ link to this | view in thread ]
Sadly they can't use the solution regarding police bullets.
They're still looking for crypto that can only encrypt good data. Or backdoors that can only be opened by well-meaning law enforcement.
[ link to this | view in thread ]
Enigma
Later messages involved differently wired rotors and no readily apparent key (specifying which rotors and which starting letter configuration). Each of the countless enigma machines captured by the Allies were useful in that they gave current configurations which allowed for the use of giant ticking machines (called bomba, possibly for sounding like time bombs, or because once they were started it was time to go get ice cream.) The objective was to crack enigma messages within a day, so the intel was current.
We still cracked messages if they took longer, since that would tell us which rotors were valid. But unlike PURPLE which US Navy Intelligence was able to crack without a machine, we would have been really lost on ENIGMA if it weren't for some really smart Pollacks getting proactive about it. We got really lucky.
Like the Enigma, TOR has many uses, by Nazis or by Allies. But yeah, left on its own without being kept current or improved (preferably as an open source project) malevolent intelligence centers are going to crack it and expose people, and that doesn't matter if it's pervert trading illegal porn or bloggers within scary regimes revealing human atrocity.
I'm pretty sure we want to know about the gulags and death camps more than we want to betray and catch the pervs. But that's just me.
[ link to this | view in thread ]
Re: Enigma
Apparently in 1928 some radio equipment destined to Poland accidentally included an early ENIGMA machine, which they got to examine before returning it to its German shippers. Then they located the American inventor of the prototype and ordered one, themselves. Because history.
[ link to this | view in thread ]
https://www.youtube.com/watch?v=5d2-WlG16v0
[ link to this | view in thread ]
Re: Re: "There are always the conspiracy theorists"
[ link to this | view in thread ]
...Good, now target our arms industry with that next. Don't want badguys using weapons made in the USA.
[ link to this | view in thread ]
...the act include a description of safeguards to ensure that lever technologies are not used for illicit purposes, such as damage of property or physical harm to individuals.
...and agencies, evaluates the risks and benefits of such tools or techniques, and establishes safeguards to minimize the use of such tools or techniques for illicit purposes.
Must preempt people from using things for bad purposes because that is so obviously doable.
[ link to this | view in thread ]
Re: Re: Enigma
I may be wrong, but I always thought the German weather code and the phrase 'Heil Hitler" played a part in providing a crib to crack Enigma.
That said, it's hard to offer up the true historiographic record without offending the Poles...
[ link to this | view in thread ]
Since we're mentioning ToR...
Declaration: I’m not “Out of the Blue”, or “Whatever”. Honest. I generally post under “Klaus” because it’s more honest for me. I access the Internet exclusively via VPS's and Tor. I've noticed that any access via ToR faces a hurdle with not just Techdirt but a lot of sites insisting on Captcha after Captcha and this includes Techdirt. Captcha is a “time-thief” swallowing valuable minutes, and it sucks. It’s also broken. And when I eventually access the Techdirt site, I can't help but notice that 50% of my comments are held back for "moderation”, which due to the time differences between Europe and West Coast USA crushes any conversation.
It’s a ball-crusher - I implore Techdirt to address this.
[ link to this | view in thread ]
Sailor Moon Transformation
[ link to this | view in thread ]
Re: Since we're mentioning ToR...
[ link to this | view in thread ]
Re: Re: "There are always the conspiracy theorists"
A replacement for Tor would have to let people use existing stuff (this is why Tor Browser enables Javascript by default, for example, even though the developers know it adds a huge amount of risk and would have preferred not to have it). Or maybe we'd install Tor but use something better whenever possible. The IETF did publish RFC 7258 in 2014, titled "Pervasive Monitoring Is an Attack". So they're thinking of it at least, and maybe we'll see some serious progress. ("Interplanetary Internet" is also under development. An system that allows high latency would allow much more secure cryptographic mixing as a side effect.)
[ link to this | view in thread ]
Re: Since we're mentioning ToR...
In my case, that 'ISP host name' got tossed into the blacklist. When I contacted Techdirt, they were able to trace it and took care of my situation.
You are using TOR. I wonder what IP address or Web Host is reported, and if some other TOR users may have behaved badly and are causing various websites to block them, not necessarily you, for cause?
It is not TOR or VPN's that are at issue, but how TOR and VPN's are reported and how other users of such services behave online.
I have never seen a captcha here.
[ link to this | view in thread ]
Re: Re: Since we're mentioning ToR...
Sites and CDNs can, by the way, detect that a certain IP is a Tor exit node. That's public information and easy to detect via DNS.
[ link to this | view in thread ]
[ link to this | view in thread ]
Tinfoil Hats Do Not Exist
The entire debate around encryption has never struck me as being anything other than so much smoke and mirrors: a carefully stage-managed, multi-national effort to focus public attention on something trivial and away from the things that actually matter.
It wouldn't be the first time, either: the entire Clipper Chip thing was apparently much the same kind of bullshit.
We know from Snowden that the Five Eyes and their friends have hacked into every last corner of modern communications infrastructure. Between them, they have the ability to syphon and store copies of every last bit of data transmitted by virtually anyone, virtually anywhere.
Since any person making a communication that's encrypted or relates to encryption - and especially TOR - is automatically considered suspicious by every government, there's surely no reasonable doubt that the agencies involved share all their data on such persons with each other, freely and quite legally.
If all those agencies have recorded and shared every encryption key created by every party in the chain as soon as it was sent, how is TOR supposed to be in any way secure?
At all?
Perhaps someone can explain this to me.
[ link to this | view in thread ]
A: ...
That's what I thought.
[ link to this | view in thread ]
Re: Tinfoil Hats Do Not Exist
Because the keys you need to decrypt the traffic are never transmitted and so they can't be so easily obtained.
[ link to this | view in thread ]
Re:
Are you a good person or a bad person? Press 1 for good and 2 for bad. Thank you for being part of this survey.
[ link to this | view in thread ]
by definition, TOR is primarily used by bad people. People under authoritarian regimes are going against their government, that is inherently bad, people should follow the laws of their countries and all.
Reporters use it to keep sources confidential. That too, is bad, there are laws (at least in the US) that protect anonymous sources going to the press. Again, you need to follow the laws to be a good citizen.
It *can* be used to obtain cheap life saving medicines. Again, you need to follow the laws, life saving medicines are already cheap (at least in the US). So you are being a *bad* guy by breaking the laws.
/s
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Tinfoil Hats Do Not Exist
Thank you for your reply. Umm... perhaps you could explain it in a little more detail than that? I don't understand how two or more parties can communicate with each other, via encryption, unless one of those parties - at some point - supplies enough information to the other(s) to allow messages to be decrypted.
[ link to this | view in thread ]
Re: Since we're mentioning ToR...
[ link to this | view in thread ]
Re: Re: Since we're mentioning ToR...
[ link to this | view in thread ]
Re: Since we're mentioning ToR...
I've never seen a captcha here, even when not logged in from a new device. Out of curiosity, I opened a new incognito window and submitted an anonymous comment. I then submitted a second, this time without an email address in case that was affecting things, still no captcha.
Where are you seeing a captcha?
"And when I eventually access the Techdirt site, I can't help but notice that 50% of my comments are held back for "moderation”"
Well, there's several reasons that tends to happen from what I've seen. These include:
- Submitting several anonymous comments from the same IP in quick succession
- Posting multiple messages with URLs or multiple URLs in the same comment
- Posting from IPs that have been flagged multiple times by users
Generally speaking, the best way around this is to create a login and use that, but if you don't wish to do so, I'm not sure what to tell you. The behaviour described above is consistent with spam messages, so it's not surprising that messages get flagged for moderation if they fit several criteria. The only guaranteed way around it would be to allow all messages and manually delete the spam, which nobody wants to do on a popular site.
[ link to this | view in thread ]
Considering the mess America has become and most of what has happened is stuff the "tin foil hatters" have been warning about for a while now.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re: Tinfoil Hats Do Not Exist
Anyone encrypting something for you to read does so with your public key. Once done, the only way to decrypt it is with your private key, which only you have.
You cannot decrypt the message with the public key, and you cannot (without herculean effort) figure out the private key from the public key.
[ link to this | view in thread ]
Re: Re: Why pick on the State Department?
[ link to this | view in thread ]
Re: Re: Why pick on the State Department?
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re: "There are always the conspiracy theorists"
We're under attack by or own government.
[ link to this | view in thread ]
Re: Re: Re: Re: Tinfoil Hats Do Not Exist
Much obliged, Mr Fenderson. :)
[ link to this | view in thread ]
Re: Sadly they can't use the solution regarding police bullets.
So, yeah, anyone killed by a cop must be a bad guy because cops only kill bad guys. I mean, what more evidence do you need?
[ link to this | view in thread ]