Senate Funding Bill For State Dept. Asks It To Figure Out Ways To Stop Bad People From Using Tor
from the good-luck-with-that dept
It would appear that Congress is not so happy that the State Department is a major funding source for the Tor project. Tor, of course, is the internet anonymyzing system that was originally developed with support from the US government as a way to promote free and safe access to the internet for people around the globe (mostly focusing on those under threat in authoritarian countries). Of course, other parts of our government aren’t huge fans of Tor, because it doesn’t just help activists and dissidents in other countries avoid detection, but also, well, just about anyone (except on days when the FBI decides to hack their way in).
There has, of course, always been some tension there. There are always the conspiracy theorists who believe that because Tor receives US government funding it is by default compromised. Those tend to be tinfoil hat wearing types, though. The folks who work on Tor are not exactly recognized for being particularly friendly to intrusive government surveillance. They tend to be the exact opposite of that. And, of course, part of the Snowden revelations revealed that Tor was one tool that still stymied the NSA in most cases.
But it appears that Congress may be quietly trying to undermine this. On Friday, Politico had a tiny blurb in passing about how the latest State Department appropriations bill making its way through Congress includes some references to stopping “circumvention technologies” from being used by bad people. The Politico report suggests this is designed to apply more broadly to encryption, but reading the specifics it appears to be targeted straight at Tor. Here’s the Senate report on the appropriations, where it discusses funding related to “internet freedom.”
That, of course, was the reasoning behind Tor in the first place, but here Congress is now trying to put some limitations on what the State Dept. can do with its funds, including demanding that it seek out ways to stop bad guys from using technology like Tor. In the report, it’s described this way:
…the Committee requires that spend plans submitted by the Department of State and BBG pursuant to section 7078(c) of the act include a description of safeguards to ensure that circumvention technologies are not used for illicit purposes, such as coordinating terrorist activities or online sexual exploitation of children.
In the full bill, the key section notes that the funding shall only be available for internet freedom after efforts are made to stop bad people from using the tools.
… made available for the research and development of new tools or techniques authorized in paragraph (A) only after the BBG CEO, in consultation with the Secretary of State and other relevant United States Government departments and agencies, evaluates the risks and benefits of such new tools or techniques, and establishes safeguards to minimize the use of such new tools or techniques for illicit purposes.
In case you’re wondering, the “BBG CEO” is the CEO of the Broadcasting Board of Governors, the US government agency that manages media efforts around the globe, such as the Voice of America.
Make no mistake, this appears to be an attempt to sneak in an attack on Tor via Congress into the State Dept. Tor has been developed to provide the best absolute anonymity/privacy tools for people using the internet — with the acknowledgement that it can be misused, because the people developing it recognize that the best way to protect the vast majority of its users is to build a system that is truly secure — not one that artificially tries to limit its uses. Hopefully, this provision is changed, or else it may be eventually leveraged as a way to attack Tor, to attack Tor’s funding and try to get the State Department to stop supporting such useful projects.
Filed Under: congress, funding, state department, tor
Comments on “Senate Funding Bill For State Dept. Asks It To Figure Out Ways To Stop Bad People From Using Tor”
Gee, wonder how we’ll sort the good Tor users from the bad Tor users? Who’ll step forward to decide?
Re: Re:
Actually this is really simple, from their point of view. If you are not one of us, your bad. We can f̶i̶n̶d̶ create multiple excuses that will absolutely prove, beyond a shadow of any doubt, that your behavior is terrorist type 1 behavior. Just ask us.
Re: Re: Re:
Gotta stop them torrorists.
Re: Re:
Once Trump is elected, it will be easy to sort out good Tor users from bad Tor users.
A new government test will be created that analyzes the color of one’s skin.
(Sarcasm tag goes here. But I’m temporarily out due to frequent use.)
Re: Re:
Log into Tor and a questionnaire will pop up:
Are you a good person or a bad person? Press 1 for good and 2 for bad. Thank you for being part of this survey.
Re: Re:
Whoever does lets hope they can then sort out the good senators from the bad ones who take bribes.
Dear Senate
Dear Senate,
The State Department is pleased to announce that we have figured out a couple of ways to stop bad people from using Tor.
First, we can ask them. Hey bad people, please stop using Tor.
Second, we can TELL them in an authoritative voice. Attention bad people. The US State Department orders you to stop using Tor immediately.
After evaluating these two approaches, our evaluation has determined that Good People ™ would be unaffected.
Sincerely,
The State Dept.
Why pick on the State Department?
Maybe the Senate should be asking a different government branch to stop Tor users who happen to be bad people?
(_) FBI?
(_) DOD?
(_) CIA?
(*) NSA?
(_) All of the above
(_) None of the above
(_) Two of the above get into a jurisdiction pissing match
(_) Call up the Internet (listed in the phone book under “google”)
Re: Why pick on the State Department?
googles not in the phone book.
Re: Re: Why pick on the State Department?
Shhhhh! That is because: terrorists!
Re: Why pick on the State Department?
call up the internet?
You still on dial-up?
Re: Re: Why pick on the State Department?
I’ll call up the internet as soon as a I get a longer coiled cord for my handset.
Alternate headline:
“Senate Funding Bill For State Dept. Asks It To Figure Out Ways To Encourage The Public To Develop Its Own Open Source Tor Clone”
In other news, the State Dept. will also be looking into ways to stop bad people from using hammers to hit people.
"There are always the conspiracy theorists"
“Tor has been developed to provide the best absolute anonymity/privacy tools for people using the internet”
Hardy fucking har har.
Yep there are a LOT of people who believe the hype, including quite a few people who are employed to administrate parts of the Tor network. Tor is, and always has been a dissident aggregator.
IMHO Freenet is architecturally superior to Tor, though I don’t use it either because it is java based, which makes subversion by autoupdating the JRE a practical institutional attack vector.
There are several burgeoning technologies that eventually will converge into a servicable reliable secure distributed comm framework. But no. Tor isn’t it. Suggesting that it is, is delaying the eventual adoption of the technologies that will replace it.
I came to this conclusion after reading the Tor administrators mailing list archive a few years back. Yes I understand how it works. But I also understand what an overlay network is, and what flow switching is. And I also understand how bad an idea it is to use Firefox as a framework for a security application, even if it is just a client.
It is better to have a known problem, than a planted solution.
The problem that Tor presumes to fix dates back to when the OSI model was first conceived. They failed to consider that traffic would eventually be universally transmitted over connections that were managed by organizations that are antagonistic to civil rights. (which includes quite a few Tor nodes BTW) If they had, there would have been a specifically designated privacy layer between 3 and 4, or perhaps even lower.
It is unclear whether Tor was actually intended to do what it is sold as doing, or whether it was a red herring from the beginning. But no, IMHO it isn’t anything near what the hype would suggest. You don’t have to take my word on it. Read the mailing list archives and see how it is ACTUALLY being used.
Yeah, there are a lot of Tor people saying “we’re winning”. There were a lot of guys who said the same thing in German about the enigma machine. Oops.
Re: Enigma
The ENIGMA was a damn good mechanical encryption system, and the allies would have been SOL if it weren’t for a couple of Pollacks who had obtained a copy of the pre-war enigma machine, and determined how keys were being sent about two weeks before Fall Weiß. In the meantime, Pollack jokes were all the rage.
Later messages involved differently wired rotors and no readily apparent key (specifying which rotors and which starting letter configuration). Each of the countless enigma machines captured by the Allies were useful in that they gave current configurations which allowed for the use of giant ticking machines (called bomba, possibly for sounding like time bombs, or because once they were started it was time to go get ice cream.) The objective was to crack enigma messages within a day, so the intel was current.
We still cracked messages if they took longer, since that would tell us which rotors were valid. But unlike PURPLE which US Navy Intelligence was able to crack without a machine, we would have been really lost on ENIGMA if it weren’t for some really smart Pollacks getting proactive about it. We got really lucky.
Like the Enigma, TOR has many uses, by Nazis or by Allies. But yeah, left on its own without being kept current or improved (preferably as an open source project) malevolent intelligence centers are going to crack it and expose people, and that doesn’t matter if it’s pervert trading illegal porn or bloggers within scary regimes revealing human atrocity.
I’m pretty sure we want to know about the gulags and death camps more than we want to betray and catch the pervs. But that’s just me.
Re: Re: Enigma
Clarification, it was the meeting with the allies (in July 1939) that happened shortly before Fall Weiß (September 1939), including much of the Wehrmacht order of battle (so they knew they were going to be invaded soon).
Apparently in 1928 some radio equipment destined to Poland accidentally included an early ENIGMA machine, which they got to examine before returning it to its German shippers. Then they located the American inventor of the prototype and ordered one, themselves. Because history.
Re: Re: Re: Enigma
Good stuff…
I may be wrong, but I always thought the German weather code and the phrase ‘Heil Hitler” played a part in providing a crib to crack Enigma.
That said, it’s hard to offer up the true historiographic record without offending the Poles…
Re: "There are always the conspiracy theorists"
When you are under an oppressive regime, Steganography is your friend, as not allowing the government to look at what you are doing means you are a dissident.
Re: "There are always the conspiracy theorists"
Freenet is interesting, but doesn’t allow you to use any of the stuff that exists on the public internet. That’s a pretty major problem. I can’t browse Techdirt via Freenet, and unlike many sites they care somewhat about privacy.
A replacement for Tor would have to let people use existing stuff (this is why Tor Browser enables Javascript by default, for example, even though the developers know it adds a huge amount of risk and would have preferred not to have it). Or maybe we’d install Tor but use something better whenever possible. The IETF did publish RFC 7258 in 2014, titled “Pervasive Monitoring Is an Attack”. So they’re thinking of it at least, and maybe we’ll see some serious progress. (“Interplanetary Internet” is also under development. An system that allows high latency would allow much more secure cryptographic mixing as a side effect.)
Re: Re: "There are always the conspiracy theorists"
“Pervasive Monitoring Is an Attack”
We’re under attack by or own government.
TOR is a tool to allow dissenters within oppressive regimes to report anonymously.
When you are running an oppressive regime, TOR ceases to be your friend.
Sadly they can't use the solution regarding police bullets.
Police bullets kill bad people because only bad people get in the way of police bullets, like that thug Michael Brown and that known terrorist Tamir Rice.
They’re still looking for crypto that can only encrypt good data. Or backdoors that can only be opened by well-meaning law enforcement.
Re: Sadly they can't use the solution regarding police bullets.
I remember one of the the US military generals once being asked if the US had killed any non-terrorists in the the middle east, even by accident. He replied that the US had not. When asked how he knew that to be so, he replied that because the US only kills terrorists anyone killed by the US was automatically a terrorist by virtue of having been killed.
So, yeah, anyone killed by a cop must be a bad guy because cops only kill bad guys. I mean, what more evidence do you need?
Here, I got the solution:
https://www.youtube.com/watch?v=5d2-WlG16v0
Re: Sailor Moon Transformation
Is that like Captain EO zapping ugly evil people into beautiful good people?
… made available for the research and development of new tools or techniques authorized in paragraph (A) only after the BBG CEO, in consultation with the Secretary of State and other relevant United States Government departments and agencies, evaluates the risks and benefits of such new tools or techniques, and establishes safeguards to minimize the use of such new tools or techniques for illicit purposes.
…Good, now target our arms industry with that next. Don’t want badguys using weapons made in the USA.
Next up on the agenda Baseball Bats:
…the act include a description of safeguards to ensure that lever technologies are not used for illicit purposes, such as damage of property or physical harm to individuals.
…and agencies, evaluates the risks and benefits of such tools or techniques, and establishes safeguards to minimize the use of such tools or techniques for illicit purposes.
Must preempt people from using things for bad purposes because that is so obviously doable.
Since we're mentioning ToR...
Whilst we’re talking about ToR – a brief whinge…
Declaration: I’m not “Out of the Blue”, or “Whatever”. Honest. I generally post under “Klaus” because it’s more honest for me. I access the Internet exclusively via VPS’s and Tor. I’ve noticed that any access via ToR faces a hurdle with not just Techdirt but a lot of sites insisting on Captcha after Captcha and this includes Techdirt. Captcha is a “time-thief” swallowing valuable minutes, and it sucks. It’s also broken. And when I eventually access the Techdirt site, I can’t help but notice that 50% of my comments are held back for “moderation”, which due to the time differences between Europe and West Coast USA crushes any conversation.
It’s a ball-crusher – I implore Techdirt to address this.
Re: Since we're mentioning ToR...
I see “held for moderation” all the time, but didn’t Techdirt fix the Cloudflare captcha problem a few months ago? It was hard to browse TD for a while but not lately.
Re: Since we're mentioning ToR...
I recently had an issue with my comments being “moderated”. I use a VPN and it turns out that VPN IP addresses are used by not very polite people. So some websites, Craigslist for example (I have to turn the VPN off to use Craigslist), blacklist those VPN IP’s, or the reported Web Host. It appears as your ISP’s host name.
In my case, that ‘ISP host name’ got tossed into the blacklist. When I contacted Techdirt, they were able to trace it and took care of my situation.
You are using TOR. I wonder what IP address or Web Host is reported, and if some other TOR users may have behaved badly and are causing various websites to block them, not necessarily you, for cause?
It is not TOR or VPN’s that are at issue, but how TOR and VPN’s are reported and how other users of such services behave online.
I have never seen a captcha here.
Re: Re: Since we're mentioning ToR...
That’s generally what happens, except that it’s often a CDN blocking Tor users—because the IP was used for something bad on any of the sites they host. And some of them block users from even viewing their sites. I think that’s much harder to justify. Even if people have to be blocked from posting to avoid spam, why would you block them from reading?
Sites and CDNs can, by the way, detect that a certain IP is a Tor exit node. That’s public information and easy to detect via DNS.
Re: Since we're mentioning ToR...
This is a test, let’s see, Brocket Sprocket
Re: Re: Since we're mentioning ToR...
Test 2 this time without email
Re: Since we're mentioning ToR...
“not just Techdirt but a lot of sites insisting on Captcha after Captcha and this includes Techdirt”
I’ve never seen a captcha here, even when not logged in from a new device. Out of curiosity, I opened a new incognito window and submitted an anonymous comment. I then submitted a second, this time without an email address in case that was affecting things, still no captcha.
Where are you seeing a captcha?
“And when I eventually access the Techdirt site, I can’t help but notice that 50% of my comments are held back for “moderation””
Well, there’s several reasons that tends to happen from what I’ve seen. These include:
– Submitting several anonymous comments from the same IP in quick succession
– Posting multiple messages with URLs or multiple URLs in the same comment
– Posting from IPs that have been flagged multiple times by users
Generally speaking, the best way around this is to create a login and use that, but if you don’t wish to do so, I’m not sure what to tell you. The behaviour described above is consistent with spam messages, so it’s not surprising that messages get flagged for moderation if they fit several criteria. The only guaranteed way around it would be to allow all messages and manually delete the spam, which nobody wants to do on a popular site.
Being able to stop only bad people from using things like Tor has about as much of a chance of success as completely removing corruption from government or stopping the governmental abuses of power.
Tinfoil Hats Do Not Exist
Before Snowden, anyone predicting the revelations that were ultimately exposed as being the truth would have been considered a delusional paranoiac. Today, not so much.
The entire debate around encryption has never struck me as being anything other than so much smoke and mirrors: a carefully stage-managed, multi-national effort to focus public attention on something trivial and away from the things that actually matter.
It wouldn’t be the first time, either: the entire Clipper Chip thing was apparently much the same kind of bullshit.
We know from Snowden that the Five Eyes and their friends have hacked into every last corner of modern communications infrastructure. Between them, they have the ability to syphon and store copies of every last bit of data transmitted by virtually anyone, virtually anywhere.
Since any person making a communication that’s encrypted or relates to encryption – and especially TOR – is automatically considered suspicious by every government, there’s surely no reasonable doubt that the agencies involved share all their data on such persons with each other, freely and quite legally.
If all those agencies have recorded and shared every encryption key created by every party in the chain as soon as it was sent, how is TOR supposed to be in any way secure?
At all?
Perhaps someone can explain this to me.
Re: Tinfoil Hats Do Not Exist
“Perhaps someone can explain this to me.”
Because the keys you need to decrypt the traffic are never transmitted and so they can’t be so easily obtained.
Re: Re: Tinfoil Hats Do Not Exist
Hello, Mr Fenderson. 🙂
Thank you for your reply. Umm… perhaps you could explain it in a little more detail than that? I don’t understand how two or more parties can communicate with each other, via encryption, unless one of those parties – at some point – supplies enough information to the other(s) to allow messages to be decrypted.
Re: Re: Re: Tinfoil Hats Do Not Exist
It’s the essence of public key cryptography. There are two keys: one that encrypts (the public key) and one the decrypts (the private key). The public key is not sensitive and can be widely and freely distributed.
Anyone encrypting something for you to read does so with your public key. Once done, the only way to decrypt it is with your private key, which only you have.
You cannot decrypt the message with the public key, and you cannot (without herculean effort) figure out the private key from the public key.
Re: Re: Re:2 Tinfoil Hats Do Not Exist
Aha! I get it. I’ve heard of public key encryption, but never quite understood how it worked before. Your explanation is most useful.
Much obliged, Mr Fenderson. 🙂
Q: What is a bad person?
A: …
That’s what I thought.
Re: Re:
That’s an easy question to answer: a “bad person” is any person who is not a law enforcement, military, or government agent.
you know….
by definition, TOR is primarily used by bad people. People under authoritarian regimes are going against their government, that is inherently bad, people should follow the laws of their countries and all.
Reporters use it to keep sources confidential. That too, is bad, there are laws (at least in the US) that protect anonymous sources going to the press. Again, you need to follow the laws to be a good citizen.
It *can* be used to obtain cheap life saving medicines. Again, you need to follow the laws, life saving medicines are already cheap (at least in the US). So you are being a *bad* guy by breaking the laws.
/s
Re:
just ban the internet and all phones. problems solved. ban math too. Thx
The term tinfoil hat wearers has kind been shown up by now don’t you think.
Considering the mess America has become and most of what has happened is stuff the “tin foil hatters” have been warning about for a while now.