Tor Isn't A Child Porn Enthusiast's Best Friend, No Matter What The DOJ Claims

from the willful-distortion-of-facts dept

At the State of the Net conference in Washington on Tuesday, US assistant attorney general Leslie Caldwell discussed what she described as the dangers of encryption and cryptographic anonymity tools like Tor, and how those tools can hamper law enforcement…



“Tor obviously was created with good intentions, but it’s a huge problem for law enforcement,” Caldwell said in comments reported by Motherboard and confirmed to me by others who attended the conference. “We understand 80 percent of traffic on the Tor network involves child pornography.”

[A] Department of Justice flack said Caldwell was citing a University of Portsmouth study WIRED covered in December. He included a link to our story. But I made clear at the time that the study claimed 80 percent of traffic to Tor hidden services related to child pornography, not 80 percent of all Tor traffic.

A Tor client makes a hidden service directory request the first time it visits a hidden service that it has not been to in a while. (If you spend hours at one hidden service, you make about 1 hidden service directory request. But if you spend 1 second each at 100 hidden services, you make about 100 requests.) Therefore, obsessive users who visit many sites in a session account for many more of the requests that this study measures than users who visit a smaller number of sites with equal frequency...

The greater the number of distinct hidden services a person visits, and the less reliable those sites are, the more hidden service directory requests they will trigger.

Users who use it for obsessive behavior that spans multiple unreliable hidden services will be far overrepresented in the count of hidden service directory requests than users who use it for activities done less frequently and across fewer services. So any comparison of hidden service directory request counts will say more about the behavioral differences of different types of users than about their relative numbers, or the amount of traffic they generated.

Also, a very large number of hidden service directory requests are probably not made by humans! See bug 13287: We don't know what's up with that. Could this be caused by some kind of anti-abuse organization running an automated scanning tool?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Anything that makes law enforcement's job slightly more difficult is swiftly turned into a pariah. And usually the worst kind of pariah: a child molestor.Apple and Google both announced encryption-by-default going forward on their mobile phone operating systems. Law enforcement officials swiftly gathered to talk loudly about all of the dead and molested children that would result from this decision.The same goes for Tor. The use of Tor can obscure criminal activity -- by hiding the perpetrator and the activity itself. There are plenty of legitimate reasons to use Tor (like many internet services and platforms hoovering up tons of data themselves), but because it makes chasing "bad guys" a little harder, it too must go.The best way for government agencies to get rid of something they don't like is legislation. When a law enforcement official says something like the following , they're not hoping to sway the intelligent and informed members of the public. They're saying it to sway those who can actually do something about it: tech-clueless legislators and those who vote for them.That's a scary number. And it's not even close to accurate.Wired's Andy Greenberg explains how Caldwell took a statistic from Tor research and twisted it to further the government's agenda.Which is a big difference. "Hidden services" is not just another term for "Tor traffic." Caldwell conflated the two to further the DOJ's push for the end of anything that presents an obstacle to easy access.The real number is much lower. Greenberg says that most Tor traffic doesn't route to darknet sites. Only about 1.5% of Tor traffic accesses hidden services, and 80% of 1.5% is a number that wouldn't even trouble the most tech-addled Congressperson or the retirement community that repeatedly votes him or her back into office.At, a little over 1% of Tor traffic is related to child pornography. That very low number would seem resistant to improvement. How much money and effort should be thrown at 1% of a service in limited use? The answer would appear to be "not very much," but that doesn't tear down Tor's walls or approve budget requests. So, "80% ofTor traffic" it is, according to the DOJ.And that 1.2% may even be overstating it. NickM at the Tor Project Blog points out how some hidden service traffic may over-represent the number of people actually searching for certain illicit goods He breaks this down later with a hypothetical situation. 1000 people use Tor to access chat rooms while 10 conspiracy theorists use it to dig for information. Chat users may only log in once or twice a day and hang out at the same handful of venues. The ten conspiracy theorists may visit dozens of sites looking for more crazy, while entering and exiting multiple times. To an outside observer, this activity would appear to indicate that 10 conspiracy theorists make up a larger portion of Tor traffic than 1000 chat room users.Child porn, like regular porn, is generally not one-stop shopping, unlike a favorite chatroom. Multiple site visits and multiple entrances/exits would inflate the percentage of child porn-related traffic relative to the (observable) whole.In addition, law enforcement and anti-child porn agencies' own investigative efforts could very well be adding to this 1.2% figure.So, there's a good chance that the non-scary 1.2% number is too high. Sure, the ideal would be 0.0% but law enforcement agencies should actually be pleasantly surprised the number is so, rather than misquoting stats to make it appear as though anonymization services are child porn enthusiasts' playgrounds.It isn't just child porn the government is after. There's a whole host of darkweb activities it wants to indict people for. But child porn "sells" better than drugs or prostitution or even the US's latest public enemy no. 1: terrorism. The number the DOJ is using to sell its attack on Tor is blatantly false, as anyone with a minimal amount of Google skills would quickly discover. But the DOJ doesn't care whetherorbelieve it. It only needs enough people in Washington DC to believe it. The DOJ doesn't speak to the citizens. It only speaks to those who can assist it in stripping away what minimal personal data-shielding options we have left.

Filed Under: doj, encryption, leslie caldwell, privacy, surveillance, tor