- The new ‘Hunger Games’ book paints President Snow as a hero—and people are not happy Tuesday 9:03 PM
- Influencer called out for ‘troubling image’ with Kenyan child Tuesday 8:18 PM
- Professor arrested for spending $185K of grant money on iTunes and strippers Tuesday 7:28 PM
- Man cuts his books in half to make them ‘portable,’ spurs online debate Tuesday 6:09 PM
- Fans defend Lana Del Rey after she was mocked for flying commercial Tuesday 5:10 PM
- Lady Gaga fans find alleged new song name in her website’s code Tuesday 4:42 PM
- Barstool Sports deletes anti-union tweets, blog post in settlement Tuesday 3:47 PM
- The ‘can have … as a treat’ meme has come full circle Tuesday 3:09 PM
- Joe Rogan says he’s voting for Bernie Sanders Tuesday 2:54 PM
- Woman spots mole in man’s TikTok video, saves him from cancer Tuesday 2:17 PM
- ‘You’ star confirms his character is queer and ‘never will be’ straight Tuesday 1:08 PM
- This Twitch streamer pooped his pants during a broadcast Tuesday 12:17 PM
- Apple’s iCloud encryption plan halted amid FBI pressure, report Tuesday 10:57 AM
- Glenn Greenwald charged with cybercrimes in Brazil Tuesday 10:48 AM
- BadBunny rips her fans for not sending her enough money Tuesday 10:06 AM
Privacy group demands answers about government’s influence on Tor
EPIC wants to know whether the U.S government has compromized the world’s most famous anonymization software.
A civil liberties group has filed suit against the United States government, demanding access to information that could determine if the government’s financial backing of Tor, a popular online anonymizing software, has led that system to become fundamentally and intentionally compromised.
“[We have] a strong interest in the integrity of the Tor network, as it is a primary tool for Internet users to maintain privacy and anonymity in an increasingly monitored world,” wrote the Electronic Privacy Information Center (EPIC), the group that filed the suit, in a post on its website.
Originally short for “The onion router” and initially developed in conjunction with contracts with the Department of Defense and the National Science Foundation, Tor is a free, universally accessible system maintained by the non-profit Tor Project. Tor users’ Internet activity is routed through a series of “nodes” hosted by volunteers around the world, and then spit out at random—ideally making it impossible for an external observer to determine the information’s origin.
“Tor is part of an ecosystem of software that helps people regain and reclaim their autonomy,” explained computer security researcher and Tor Project member Jacob Appelbaum in an interview with The Verge. “It helps to enable people to have agency of all kinds; it helps others to help each other and it helps you to help yourself. It runs, it is open and it is supported by a large community spread across all walks of life.”
It’s also a doorway into the Dark Web, a term used to describe hidden—and sometimes illegal—services that are only accessible to those who anonymize their browsing with Tor.
A division of the U.S. State Department most notable for producing Voice of America, Radio Free Asia and Radio Free Europe, the Broadcasting Board of Governors has been one of the largest sponsors of The Tor Project in the years since 2006. In conjunction with donations from the Department of Defense and the National Science Foundation, the federal government currently accounts for well over half of the Tor Project’s overall funding.
This close relationship between Tor and the government has given EPIC cause for concern. “Some government agencies, like the Broadcasting Board of Governors, have a strong pro-privacy agenda,” explained EPIC’s Open Government Coordinator Julia Horwitz. “We just wanted to see if the Broadcasting Board of Governors was being undermined by…[other forces within the government like] the NSA or FBI.”
Earlier this month, it was revealed that the National Security Agency had managed to circumvent much of the encryption software employed throughout the Internet by covertly installing backdoors to monitor data in networks users previously thought to be secure. It’s possible that, using its leverage as the project’s primary funding source, government spy agencies could have installed similar backdoors into a program that’s quickly becoming the Internet’s go-to standard for supposedly secure and anonymous communication.
To that end, EPIC filed a Freedom of Information Act request in May asking for the Broadcasting Board of Governors to disclose all written agreements and contracts regarding Tor as well as tech specifications for government-operated computers through which Tor data is routed.
In a lawsuit filed earlier this month, EPIC alleges that the Broadcasting Board of Governors has “failed to comply with its statutory deadline [to produce the documents] and has failed to disclose a single record.”
Broadcasting Board of Governors spokesperson Letitia King countered that the agency is, “confident that we have complied with the requirements of FOIA and our regulations concerning any FOIA request that we may have received from EPIC.”
For its part, Tor insists its system is secure. The FAQ section of Tor’s website asserts, “there is absolutely no backdoor in Tor. Nobody has asked us to put one in,” adding that the organization would fight any attempt to do so in court.
Tor Executive Director Andrew Lewman said in an interview with the Washington Post’s The Switch blog that, because Tor is open-source, anyone can dig into its code and search for backdoors themselves. However, there’s still the possibility that a some agency could have inserted an exploit that’s thus far flown under the radar.
However, even without a custom-built backdoor, some cyber-security experts have cast doubt on Tor users’ ability stay completely anonymous. Ars Technica reports that penetration testing firm Errata Security recently theorized that the NSA could likely break most of the encryption keys employed by Tor. Additionally, the FBI recently admitted to taking control of the servers on which a massive malware attack against the Tor network aimed at identifying users was launched.
“We’re not interested in going after Tor,” explained Horwitz. “We’re generally supportive of Tor and all encryption technologies. We are interested in the government’s undermining of cryptographic standards.”
The government has until early November to respond to EPIC’s lawsuit.
UPDATE: In an email, Tor Project Executive Director Andrew Lewman added, “In general, we’re also interested to see what documents result from a FOIA query.
Photo by Porsche Brosseau/Flickr
Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.