Tor Project Should Be Suspended, and Congress — and the FBI — Should Investigate It CatherineFitzpatrick Follow Dec 17, 2014 · 8 min read

Photo by Hallie Shatravka

The series of “exposes” by Yasha Levine in Pando about Tor and Quinn Nortion’s self-serving “peace-making” distract from the much more profound issues of Tor, which I was among the first to blog about as far back as 2011. I wrote a book about Snowden, Privacy for Me and Not for Thee: The Movement for Invincible Personal Encryption, Radical State Transparency, and the Snowden Hack with many chapters on Tor, never referenced by Levine. The reason is that to really look at the whole picture, you would have to question the hackers’ and anarchist movements benefiting from Tor and exploiting US government support, and not just demonize the US government and invoke guilt by association.

There is a very real ethical reason to question Tor, which isn’t merely that it is smeared by association with the Department of Defense and State Department. And that’s because it institutionalizes the use of human shields by the military on the Internet. By that I mean that the whole philosophical premise for Tor is to create a variety of camouflaging “stripes” so that the “zebras” of Naval intelligence activity and other military and law-enforcement activity online is cloaked — with the zig-zags of numerous people using the same system for a wide variety of purposes — seeing blocked sites in China; documenting human rights violations in Iran or Russia; finding protection as a domestic violence victim from abusive, stalking ex-partners; securing safety as a trans-gendered person or a minority — or just anyone who wants trail-free surfing and as an add-on, encrypted communications.

But to hear Tor promoters tell it, if we question Tor, we harm Iranian freedom fighters or women beaten by their spouses. That’s just silly, because these “use cases” don’t really make up the center of gravity of Tor — and even if they did, wouldn’t cancel out profound ethical concerns about its other use.

Tor promoters love to use the analogy of the road, and imply their secretive software society is merely about moving packets of information about on the road of the Internet so people can have privacy. But on real-life roads, we have drivers’ licenses and license plates on our cars and highway patrols. Cops can stop us if we are speeding or driving while intoxicated and we can be brought to justice and not harm other people precisely because of this identification and licensing.

Not so on the “highway” of Tor, where there isn’t any ID or license plate — and many would argue properly that there shouldn’t be on the Internet at large. But then what’s the plan for law-enforcement? How will the community even police itself — which is something expected of many other Internet communities?

Furthermore, the urgency for preserving Tor against all criticism isn’t warranted. Tor isn’t the only circumvention software and other competing commercial options exist and are used by other communities and projects. Encryption can also be achieved without tandem use of Tor with other programs. Tor is slow and not user-friendly and has had many scandals and problems —t he FBI essentially pouring purple dye on users as it went about the legitimate task of finding perpetrators of crimes scared many people off.

Even more disturbing is that Tor — and the community of hackers around it starting with Jacob Appelbaum, the evangelist of Tor, has been used to devastate our national security — first by Chelsea Manning then Edward Snowden and others abetting them. Not all of Snowden’s documents have been published by Glenn Greenwald and other approved adversarial journalists; some documents Appelbaum has published come from “another NSA source” or who knows where.

Appelbaum has said by his own admission that he is not returning to the United States from his self-imposed exile in Germany because of the curious coincidences that place him in Hawaii at the same time as Snowden.

We were all accused of “lying” for asking hard questions about these very coincidences, and yet in May, after Glenn Greenwald published his book on Snowden, the nickname for Snowden, “Cincinnatus” was leaked to the Oahu CryptoParty — and Runa Sandvik, a Tor Project employee at the time, was discovered to have met Snowden even before the journalists in December 2012. Sandvik left Tor and moved from the US to Europe — and won’t answer questions about her trip to Moscow before Greenwald’s book was published (did she meet Snowden then?). Appelbaum swore that he never heard of Snowden before May 2013 and didn’t cross paths with him on his own trips to Hawaii. Are we really to believe that Sandvik didn’t tell her close comrade at Tor about the man named Snowden whom she met in Oahu — a man who ran a Tor node? Does he still run nodes from Moscow?

And the December 2012 CryptoParty in Oahu wasn’t the only one — there were at least two more as I have discovered and questions posed to Electronic Frontier Foundation staffer Parker Higgins about his relationship to the Oahu CryptoParty have gone unanswered, as have questions to Trevor Trimm, now of the Foundation for Freedom of the Press (FFP). FFP finances Snowden and the publishing of his hacked secret documents by its own admission, yet has never been investigated by critical journalists (no Yasha Levine there), let alone law-enforcement.

Add to all this the fact that Tor has been used for massive crimes involving drugs (Silk Road) and child pornography (cases in Ireland and elsewhere). In these cases, the FBI was forced to use other methods besides decryption because ostensibly Tor is “strongly encrypted.”

Yet even Tor’s developer Paul Syverson who is still with the Navy and still part of Tor Project has explained how eventually the majority of users can be exposed, and we’ve seen scandal after scandal of not only users exposed as they commit individual crimes (such as the Harvard student who tried to make an anonymous bomb threat) but we’ve had scholarly research showing how the Russian state has compromised Tor by hijacking nodes.

When we criticize Tor and point out that it has been massively used by criminals to do really bad things, from harming national security to children, we’re told that’s like accusing “the weather” or “the Internet” of having malevolent agency.

But that obfuscates the fact that Tor is a human artifact — we do not yet have “code as law,” thank God — and it is run by a community of people who have not been ethical in their work and who have distracted from the fact of the serious ethical problems at their root by invoking “math” and “science.” We’re told that the theory behind Tor’s functioning — the “zebra” concept and “math” — exonerate the program from responsibility for how the program is used — and make it the FBI’s problem.

Yet any software development project is a community of users with a certain public stewardship. They could be monitoring “Tor hidden services” and seeing curiosities like poisoned Moscow nodes and even key-word searching to spot trouble. They could accept abuse reports as any community like G+ or Twitter or Facebook does. This could be done without harming user privacy and could ensure the concept has some future.

But the radical sacralization of math and their own hubris prevents that. This is why Congress and the law has to step in. We are entering a period of crypto wars as we have seen in the past when small groups of anarchist coders are demanding to arrogate for themselves the right of invincibility to achieve by force and weapons — uncrackable code — what they can’t achieve through the political process. This is wrong. This must be stopped.

All along the way, we’ve had critics of Tor savaged. I’ve experienced this myself for years from the Tor coders, starting with Appelbaum, and have been threatened with libel suits for legitimate concerns about the casual criminality of Tor promoters — giving tips to Silk Road on better tradecraft, for example.

The case of the Twitter user known as JBJabroni10 (Geronimo) is even more disturbing. If this user was as abusive as claimed by Andrea Shepherd of the Tor Project, he could have been blocked, and abuse-reported to Twitter managers. Even law-enforcement could have been contacted if these remedies failed — but they weren’t tried.

Yet Geronimo’s “harassment of women” in fact amounted to a few ironical tweets — it’s hysterical exaggeration to claim otherwise. His critique of the Tor hubris was legitimate and even necessary. It doesn’t matter if his particular set of conspiracy theories were right or wrong; they are allowed in a free society under the rule of law and the First Amendment. Nothing in his online speech constituted anything remotely like a crime of “incitement to imminent violence” or systematic stalking that would meet the test of judicial action. Nothing.

Yet in an appalling act of online vigilantism, Andrea Shepherd of Tor Project (@puellavulnerata) outed Geronimo’s privacy, using coder Jedi tricks to extract information from photos he posted, and triangulating other information about him available — but not readily, and only surfaced through methodical stalking. He was hounded to his place of employment, complaints were sent to his employer smearing him, and he was forced off Twitter. That people who claim to be helping Iranian dissidents and domestic violence victims gain privacy and protection would strip this away from a man on Twitter and harm him — even take away his livelihood! — just because they didn’t like his criticism of him is hugely disturbing.

That this is done with Department of Defense and State Department funding for the lion’s share of Shepherd’s and other employees’ salaries; that this is done as a philosophy of our military that claims this is required to cloak its own counter-intelligence activity make it all the more appalling. This cannot stand.

Tor has circled the wagons, lined up sympathetic press, and made false claims of harassment and tried to portray itself as a victim. But the Tor community itself is victimizing its critics and worst of all, helping damage national security and endanger citizens to criminal activities. Jacob Appelbaum calls openly and repeatedly on systems administrators to steal classified files and publish them — “get the ball and bring it out” — and to sabotage machines. Why has this person been getting DoD funding?!

To be sure, the International Board of Broadcasters withdrew funding of Tor in October 2013 — and with good reason, due to ethical concerns about WikiLeaks, Snowden, and Appelbaum. But other departments of the US government need to follow suit.

We’ve been getting only a very one-sided portrayal of the Tor Project from Tor itself, press sympathetic to hackers, and a community of crypto anarchists dominating Twitter. Even when a powerful publication funded by Silicon Valley tycoons — Pando Daily — takes on Tor, it’s curiously limited and soon dismissed by other Silicon Valley powers-that-be.

That’s why there has to be a Congressional hearing about Tor, to enable suppressed critics to tell what they know, and for members to take an interest in the theory of circumvention from our armed forces. Law-enforcement should also examine Tor project the way they investigated Lavabits, Edward Snowden’s email service, and the way the grand jury successfully requested the Twitter and other communications of Jacob Appelbaum and other WikiLeaks operatives despite vigorous legal defense. Freedom of the Internet doesn’t mean freedom to overturn a nation and subject it to crime and anarchy in the name of privacy.