Whatever happened to 'live free or die'?
posted by grounded at 10:12 AM on September 10, 2015 [10 favorites]

So, in short, library sets up TOR node, gets informed of the seedier aspects of the darkweb, and decides that they need to consider whether or not that aspect outweighs the good.

I really wish TOR defenders would be more honest about that aspect of the service.
posted by NoxAeternum at 10:12 AM on September 10, 2015 [19 favorites]

I see their copy of How to shoot : a complete guide to the use of sporting firearms, rifles, shotguns, and handguns : on the range and in the field is still available though.
posted by gwint at 10:13 AM on September 10, 2015 [10 favorites]

"A power so great, that it can only be used for good or evil!" - Firesign Theatre
posted by Devoidoid at 10:15 AM on September 10, 2015 [18 favorites]

It's totally fine that a library might not want to cater to a service that might enable criminal behavior.

It's totally disturbing that DHS decided it was their job to send the library a letter.
posted by selfnoise at 10:21 AM on September 10, 2015 [13 favorites]

.
posted by nzero at 10:22 AM on September 10, 2015 [2 favorites]

I'm...ok with the idea that we can communicate with each other without Law Enforcement finding out about it. Sure, criminals use it too, but I think it's a decent bargain.
posted by Salvor Hardin at 10:25 AM on September 10, 2015 [34 favorites]

It's totally disturbing that DHS decided it was their job to send the library a letter.

It's disturbing that the department of the government tasked, in part, with combating criminal activity would send a letter espousing their concerns?
posted by NoxAeternum at 10:26 AM on September 10, 2015 [3 favorites]

They have open wifi. They are already a conduit for "seedy internet use," but you have to be close enough to get a signal. I guess Tor broadens this sort of open access too widely.
posted by filthy light thief at 10:27 AM on September 10, 2015 [3 favorites]

“The use of a Tor browser is not, in [or] of itself, illegal and there are legitimate purposes for its use,” Neudauer said, “However, the protections that Tor offers can be attractive to criminal enterprises or actors and HSI [Homeland Security Investigations] will continue to pursue those individuals who seek to use the anonymizing technology to further their illicit activity.”

DOJ and DHS have a history of scaremongering about Tor - e.g. the former's recent, false claim that 80% of traffic was related to child porn (which isn't to say that some pretty horrific stuff isn't happening via hidden services).

National Security Agency documents made public by Snowden have revealed the agency’s frustration that it could only identify a “very small fraction” of Tor users.

This no longer appears to be the case - there have been a number of successful deanonymization attacks against Tor in the the last year or so, and one of the largest dark markets, Agora, just shut down as a result.
posted by ryanshepard at 10:28 AM on September 10, 2015 [11 favorites]

To counter fearmongering: three ways Tor browser is making the world a better place: Internet Security Research, Child Protection (making it safer for children to use the internet by being anonymous), and Freedom of Expression (noting some national limitations on internet access).
posted by filthy light thief at 10:37 AM on September 10, 2015 [6 favorites]

"Live Free or Die"

Who makes the license plates that say that?

The old "This _____ thing could be used to _____!" argument is still going around?

::rolls eyes::
posted by CrowGoat at 10:40 AM on September 10, 2015

The DHS connection in this story is comically weak.

A special agent in a Boston DHS office forwarded the [ArsTechnica] article to the New Hampshire police, who forwarded it to a sergeant at the Lebanon Police Department.

Maybe there was some scary scaremongering in forwarding an article, who knows.
posted by kiltedtaco at 10:40 AM on September 10, 2015

"Fleming said that he is now realizing the downside of being the first test site for the Tor initiative."

Really? Just now? He may be a good guy and excellent librarian, but his library was a really poor choice for pilot site.
posted by klarck at 10:41 AM on September 10, 2015 [1 favorite]

Really? Just now? He may be a good guy and excellent librarian, but his library was a really poor choice for pilot site.

The Tor Project, who worked with them to set it up, didn't think so.
posted by ryanshepard at 10:46 AM on September 10, 2015 [4 favorites]

This no longer appears to be the case - there have been a number of successful deanonymization attacks against Tor in the the last year or so, and one of the largest dark markets, Agora, just shut down as a result.

TOR was never intended, and can't be, a safe channel immune from a persistent global adversary (eg, the NSA). Local police, sure (for now). But the NSA has direct control of the internet backbones through most (all?) major western ISPs, which means they can see the entrance and exit flow of packets across a substantial number of TOR nodes. The TOR protocol is at its core security through obfuscation, not end-to-end encryption. That doesn't work when a global adversary can cross correlate packets in and out and reconstruct the content.

It's probably still difficult and resource intensive even for the NSA, so I highly doubt that they can deanonymize traffic in real-time (yet). Or at least not all of it. But they can almost certainly find something they're looking for, given the motivation to dedicate to finding it, although such an ability would still be kept VERY quiet. TOR is a broken system that will only become more broken as the costs of breaking it come down, and the NSA likely shares more of its capabilities with other agencies (and eventually your local street cops) over time.
posted by T.D. Strange at 10:47 AM on September 10, 2015 [11 favorites]

"I really wish TOR defenders would be more honest about that aspect of the service."

Without TOR will drug cartels and pedophile rings and whatever other criminal elements be able to use the net anonymously and maliciously?

Yes. In fact quite easily. They can hack somebody else's wifi, etc.

Without TOR would researchers, activists, and persecuted people have a way to legally use the net anonymously?

No, not really.
posted by I-baLL at 10:54 AM on September 10, 2015 [37 favorites]

.
posted by oceanjesse at 11:02 AM on September 10, 2015

Sounds like everyone is doing their jobs here. The DHS didn't forbid the library from hosting a Tor node, they just alerted them to the "criminal enterprises or actors" that also use Tor. And the library hasn't been intimidated into taking it down, but they are going to "find out what the community thinks." It makes sense for a public library to get feedback from its public on what they're doing. I do hope they continue to provide Tor service, but it's ultimately the town's decision.
posted by Rangi at 11:21 AM on September 10, 2015 [1 favorite]

Criminal enterprises or actors also use cellphone, email, roads, and just about everything else that normal people use.

For anyone, non anonymity is strictly worse than anonymity. The only reason one would not be anonymous is if there was pressure in some way. Sure, criminals have greater pressure to be anonymous, but that just means that greater percentage of criminal use is the direct result of larger entities putting pressure on people to not be anonymous.
posted by Zalzidrax at 11:35 AM on September 10, 2015 [3 favorites]

Yeah, from the piece it sounds like the librarians hit the pause button here because they are worried about controversy and PR. Not because they realized the error of their ways and Tor is for Bad Guys. When the police and your municipal funders both come to you and make a suggestion, sometimes you go along with the suggestion even if you're not completely convinced by the arguments.

But this thread is good as an invitation for people to come in and defend surveillance as a good in itself.
posted by grobstein at 12:01 PM on September 10, 2015 [2 favorites]

I think I-baLL's point is germane. Bad actors have plenty of options to carry on acting badly, with or without Tor. Good people in bad places have extremely few. The good Tor does is disproportionately important, compared to the bad stuff (however you define it) it enables.

There is lots of bad stuff, as anyone who gets going with Tor will find out extremely quickly, but that's not necessarily a bad thing. Although you can't stop it or find out who's doing it by waving a magic techwand, you can see it happening - and some law enforcement finds that very useful. Some communities on Tor are also self-policing and set viable standards for members.

I'm often worried that stuff I'm interested in - because I'm a curious chap with a grasshopper mind - will flag me up as in some way worthy of suspicion by our tireless guardians. By using Tor, I can guarantee that I've got their attention, so that's one less thing to worry about...
posted by Devonian at 12:05 PM on September 10, 2015 [2 favorites]

No one concealed what Tor is or does, no one misrepresented anything why the kneejerk strawman "wish TOR defenders would be more honest about that aspect of the service."

The Tor project is very upfront with risks and have a clear and defensible position on abuses.
posted by Matt Oneiros at 12:05 PM on September 10, 2015 [11 favorites]

said Fleming. “We really weren’t anticipating that there would be any controversy at all.” Really? Have you ever been on the internet?
posted by Pipedreamergrey at 12:32 PM on September 10, 2015 [2 favorites]

"It's disturbing that the department of the government tasked, in part, with combating criminal activity would send a letter espousing their concerns?"

It seems like in this case they didn't send a letter at all, but rather forwarded an article. Aside from that, yes, the federal government sending a letter to local law enforcement about a legal form of communication can be disturbing intimidation. This is something that activist organizations, especially environmental and anti-capitalist organizations but also including civil rights and anti-racist organizations, have been subject to for a long time and is generally a tactic of dubious legitimacy from the federal government. This isn't COINTELPRO, but incredulity that the implicit pressure of the federal government against a legal communication method could be disturbing enables the federal government to restrict free speech and constitutional political organization.
posted by klangklangston at 12:42 PM on September 10, 2015 [10 favorites]

The Tor project is very upfront with risks and have a clear and defensible position on abuses.

Which basically boils down to "Are you being harassed online? Not our problem. You should be anonymous too."

It's interesting that Tor's technical solution to harassment is basically a "walled garden" approach. But when the consequence of that policy is brought up- an internet consisting of walled gardens- TOR supporters react with horror. But that's going to be the general future, because TOR is completely unable to consider the results of anonymity without consequences.

I know too many women and men who are unable to have public lives online-to run businesses or have a social life- because of anonymous TOR supported harassment. And TOR simply doesn't care. So the only solution is to cut TOR out.
posted by happyroach at 1:28 PM on September 10, 2015 [2 favorites]

"Which basically boils down to "Are you being harassed online? Not our problem. You should be anonymous too.""

That seems like a really disingenuous and dishonest way to frame their position, especially since the only time they use the word "harassment" is in reference to law enforcement harassment of Tor users.

And it's one that can be applied to any use of technological anonymity: There is no way to both be anonymous and impossible to monitor without also enabling anti-social uses of that technology. If there is a legitimate reason why people might need to anonymously communicate without being monitored by other parties — including government and law enforcement — there is no way to prevent illegitimate uses of the same technology.

"And TOR simply doesn't care. So the only solution is to cut TOR out."

Right, no useful anonymity for anyone (since Tor isn't unique in its designed inability to monitor communication)! I'm sure in this bargain, we'll get all of our governments and corporations to agree to not abuse their ability to intercept and monitor communication.

It sucks that your friends are being harassed, but there has to be another solution beyond just destroying Tor.
posted by klangklangston at 1:41 PM on September 10, 2015 [6 favorites]

Having read and familiarized myself with both documents I linked I would say their position actually boils down to "the benefits for the abused to access anonymity are outweighed by the cost of also allowing of abusers to access anonymity."

Tor is a interim solution for an abusively centralized and controlling, surveillance-baked-in internet with lots of privatized and highly centralized control. If we could abandon the internet and the surveillance cost of engaging it, I would endorse that, but the cost of that abandonment for marginalized and specialized communities is too high. There are efforts like IPFS and CJDNS to build a better future, but for now mitigations on the costs of using the internet as we know it are important.

Real names and real identities are really unsafe for so many people. My use and advocacy of Tor began when dealing with a well-funded stalker. I don't mean the US government, I'm talking about a "friend" who went batshit when I kicked him from a community for being a creep.

It is so much more complicated than "abuse: for or against."
posted by Matt Oneiros at 1:48 PM on September 10, 2015 [5 favorites]

So, in short, library sets up TOR node, gets informed of the seedier aspects of the darkweb, and decides that they need to consider whether or not that aspect outweighs the good.

I really wish TOR defenders would be more honest about that aspect of the service.

I do not understand why people will not acknowledge that the dark net is being used for illegal activity right now. A couple weeks back a big dark net child porn ring was broken up by Australian police. The dark net child porn ring had 45,000 members.

Advances in technology are neither universally good nor bad. There is a knee jerk reaction amongst tech people that every advance is to be celebrated because it is a new development. Not so. Each new development, from the dark web to cryptography needs to be analyzed.

It is so much more complicated than "abuse: for or against."

It is also a lot more complicated than "all government bad" and "all tech good." We need to analyze how these things are being used. The key is this. There must be a way, after a search warrant or subpoena has been issued by the judge for prosecutors and police to be able to read the communications of criminal suspects and determine their identities.
posted by Ironmouth at 2:19 PM on September 10, 2015 [2 favorites]

My use and advocacy of Tor began when dealing with a well-funded stalker. I don't mean the US government, I'm talking about a "friend" who went batshit when I kicked him from a community for being a creep.

Could not encryption and the dark net be used by well-funded stalkers to hide their identity from police?
posted by Ironmouth at 2:20 PM on September 10, 2015

Could not encryption and the dark net be used by well-funded stalkers to hide their identity from police?

That anecdote was actually a response to someone expressing concern about this use.

But when the consequence of that policy is brought up- an internet consisting of walled gardens- TOR supporters react with horror.

I don't think most of us ("Tor supporters" i.e. Internet privacy/anonymity advocates) are concerned by the existence of walled gardens online but by the possibility of there being nothing else. That a community can be better for its members' decision to forgo absolute freedom and anonymity of speech is manifest - that's why I'm here on MeFi. But MeFi seems to be co-existing just fine with more anonymous channels, and the value of those seems pretty clear to me too.
posted by atoxyl at 2:38 PM on September 10, 2015 [4 favorites]

It is also a lot more complicated than "all government bad" and "all tech good."

Right. I don't take any such position. I was responding to folks who might think access to anonymity is intrinsically a support of abuse.

There must be a way, after a search warrant or subpoena has been issued by the judge for prosecutors and police to be able to read the communications of criminal suspects and determine their identities.

Based on the story you linked it seems law enforcement has adapted well in the 5-10 years of Tor popularity.

Could not encryption and the dark net be used by well-funded stalkers to hide their identity from police?

You did read the comment you're responding to, ya? I needed to conceal my identity from someone who could gain access to my route to the internet. I knew his identity, I knew him IRL. Whatever point you're aiming for... I think you're going to need to take another shot with a steadier hand if you want to make it.

Anything you can do with Tor you can do more discreetly with stolen cellphones and stolen web hosting. You can buy these if you don't want to do the stealing and laundering yourself.
posted by Matt Oneiros at 2:41 PM on September 10, 2015 [1 favorite]

Anything you can do with Tor you can do more discreetly with stolen cellphones and stolen web hosting. You can buy these if you don't want to do the stealing and laundering yourself.

And yet, as people have pointed out, there is significant illegal activity taking place on the darkweb. Pointing out that "well, criminals have access to all these other tools as well" doesn't change that they are using your tool.
posted by NoxAeternum at 2:50 PM on September 10, 2015

How can people be so stridently, pseudo-patriotically anti-Tor (because it's so convenient for criminal activity) and yet be equally pro-gun?

I just can't make that fit in my head.
posted by rokusan at 2:50 PM on September 10, 2015 [2 favorites]

Anonymity is an extension of privacy, and privacy is a well-known tool of crime. Think of how many crimes we don't know about because of privacy! That number might dwarf the number of crimes we do know about.
posted by rhizome at 2:51 PM on September 10, 2015 [4 favorites]

Wasn't this library only running tor in bridge mode? I've never heard of authorities coming after a tor bridge before, as opposed to tor exit nodes.
posted by joeyh at 2:52 PM on September 10, 2015 [1 favorite]

Pointing out that "well, criminals have access to all these other tools as well" doesn't change that they are using your tool.

There's truth in that but maybe not relevance. If it's your intention to condemn the tool for a use how would you recommend evaluating tools generally?
posted by Matt Oneiros at 2:54 PM on September 10, 2015

Yeah, don't get me started on screwdrivers.
posted by rhizome at 3:11 PM on September 10, 2015 [5 favorites]

If IP-anonymized harassment specifically is your concern, that would seem to occur primarily - certainly at least to do the most harm - along the border between anonymous and non-anonymous Internet. Tor provides assistance if you want to guard this border, in the form of a list of exit node addresses.
posted by atoxyl at 3:21 PM on September 10, 2015

"Could not encryption and the dark net be used by well-funded stalkers to hide their identity from police?"

Yeah. Not sure why they have to be well funded. Also not sure what stalkers would use the dark net for since using tor for anonymity implies that you're using it to surf the real web. You can also go on public wifi and stalk all you want and it'll be even more anonymous.

" A couple weeks back a big dark net child porn ring was broken up by Australian police. The dark net child porn ring had 45,000 members."

As opposed to a child porn ring on the normal web? The only benefits to running something like that on the dark web is that you don't need to commit credit card fraud or something else to obfuscate your identity if you're the person running the site. There's a lot of hoopla about criminal activity on the dark web as if there has never been any criminal activity of the exact same kind on the normal web.
posted by I-baLL at 3:39 PM on September 10, 2015 [1 favorite]

Perhaps the Tor Project could explain better how to protect yourself or your userbase from abuse but they say right there that you have the right to ban Tor users from your service. Of all the problems related to online anonymity, harassment is one where I think there are a lot of good local solutions that are not at all incompatible with the existence of online anonymity so let's not throw that baby out just yet.

It's stuff like child porn trading on hidden services that raises more fundamental questions about the value versus the harm of truly anonymous communication. Anonymity proponents are hardly unaware or afraid of these questions - we are just inclined toward the favorable answer.
posted by atoxyl at 3:50 PM on September 10, 2015

Heroin trafficking and sexual exploitation of children are horrific crimes that we must fight. However, monitoring everyone's communications at all times is neither an effective nor an ethical way to combat these crimes.

Giving Big Brother that much power might be worth if it would actually eliminate heroin and child porn. But all it would do is inconvenience the criminals a little bit.
posted by foobaz at 4:14 PM on September 10, 2015 [1 favorite]

It is also a lot more complicated than "all government bad" and "all tech good." We need to analyze how these things are being used. The key is this. There must be a way, after a search warrant or subpoena has been issued by the judge for prosecutors and police to be able to read the communications of criminal suspects and determine their identities.

So, in short, you think cryptography shouldn't work, and that political dissidents in various countries should be denied anonymous communication?
posted by jaduncan at 4:28 PM on September 10, 2015 [1 favorite]

There is no absolute freedom of speech. You are not free to make criminal speech like child porn, orders to hit men, or securities fraud. Like other areas of life, the computer has vastly made criminal activity easier. On a dark net, you may be free of criminal samction for engaging in that sort of speech.

The idea that there should be protections to prevent the current, real, above-documemted activities should be given all support while attenpts to prevent such abuses should be stopped because of its so far completely undocumented chilling effect makes no sense.

These technologies are not potential areas of misuse, they are actively being misused. And the alleged privacy demanded is greater than has ever existed, the ability to instantly communicate any criminal information without fear of arrest.

Put me down as saying this is like guns. The fact that only a few bad apples go on shooting sprees is not an excuse for allowimg assault rifles into the general public.
posted by Ironmouth at 4:50 PM on September 10, 2015 [1 favorite]

So, in short, no. You do not believe that private speech should be possible.
posted by jaduncan at 5:04 PM on September 10, 2015 [2 favorites]

Once upon a time, cars made it easier to rob banks, and before that horses to rob trains. Yet here we are, with legal cars and horses-not-extinct. The sky is not falling because Tor was invented.
posted by rhizome at 5:05 PM on September 10, 2015 [1 favorite]

It is a straw man for you to say I am not for dissents in countries other than the US to communicate anonymously. I want US law enforcement to get in there with a lawfully authorized warrant. This story is about the United States. But I also point out that military coupsters or criminal heads of state could use such technology too.

Let's break this down. Let us imagine that a whole bunch of libraries install Tor. Now imagine I am a family, or a group of families and Tor is shown to have been used to access pictures within your library by a plea deal with the person who did it. I am gonna bankrupt the fuck out of that library with a law suit that will involve a 5 minute jury deliberation and a maximum jury award. If you are any public accomodation and you decide that you are going to install Tor, you are opening the door to use of a network that is incredibly useful for criminals because it is beyond the reach of legal process.

And that is the key. You should be protected from having your communications read up to the point that a court issues a lawful search warrant or subpoena. If it was wrongly issued you have a remedy, rhey can't use it against you.

But technologies that completely obscure all communication to lawful investigation have many bad aspects to them, especially restrictive key systems, where even the existence of the plaintext can be hidden.
posted by Ironmouth at 5:07 PM on September 10, 2015

I want US law enforcement to get in there with a lawfully authorized warrant.

Then they can develop investigatory skills that allow them to satisfy evidentiary standards, same as forever.
posted by rhizome at 5:20 PM on September 10, 2015 [2 favorites]

It is a straw man for you to say I am not for dissents in countries other than the US to communicate anonymously. I want US law enforcement to get in there with a lawfully authorized warrant. This story is about the United States. But I also point out that military coupsters or criminal heads of state could use such technology too.

So you are in favor of dissidents in foreign countries being able to communicate anonymously and securely, but you're not in favor for US citizens to have this right?

If you are against technology like TOR, I assume you also think that technology that encrypt phones and PC's should also be disallowed, because criminals will use it.
posted by el io at 6:13 PM on September 10, 2015 [2 favorites]

How can people be so stridently, pseudo-patriotically anti-Tor (because it's so convenient for criminal activity) and yet be equally pro-gun?

I just can't make that fit in my head.

You haven't encountered many cops, I take it.
posted by bile and syntax at 6:15 PM on September 10, 2015

Everyone wringing their hands is aware that the US State Dept. is an active sponsor of tor, right?

If it was wrongly issued you have a remedy, rhey can't use it against you.

Try never issued: Parallel Construction.

I'm continually astounded at how many people truly love Big Brother.
posted by ChurchHatesTucker at 6:25 PM on September 10, 2015 [3 favorites]

I run an exit node. Or at least was running, I think I'm out-of-date and haven't gotten around to sorting out the tech anymore that I've been busy. But it's on my list of things to do. Because my exit node computer is also my (backup) law office server. You want a warrant to go through that on a hunt for criminals? Bring it the fuck on, I will have the law society throwing pro bono counsel at me.

If you've got the privilege, use it!
posted by Lemurrhea at 6:31 PM on September 10, 2015 [6 favorites]

Even if you're the most Rock Flag Eagle kind of person, lots of defense contractors, aid workers, and business folk travel abroad. Their governments think they have the inaliable right to listen in, too. Would be nice if they didn't have to VPN into the HQ blaring "Hi, I work for XYZ!"
posted by RobotVoodooPower at 6:36 PM on September 10, 2015 [1 favorite]

"It is a straw man for you to say I am not for dissents in countries other than the US to communicate anonymously. I want US law enforcement to get in there with a lawfully authorized warrant. This story is about the United States. But I also point out that military coupsters or criminal heads of state could use such technology too."

Kinda, except the problem is that, just like encryption, in order to have the communication be secure and anonymous, it has to be inaccessible for the hosts. Either "authorities" as a category can read the information or they can't. Saying that they should be accessible to the authorities fundamentally contradicts the method of use. Arguing that the authorities should be able to legally access the communication is like arguing that authorities should be able to access single-use encryption pads — if they're usable more than once, they're not single use, and their ability to be effective encryption pads is gone. There is no way to have both accessibility for authorities and meaningful encryption from authorities with a publicly-published method. You have to make an argument based on the balance of cost and benefit.

"If you are any public accomodation and you decide that you are going to install Tor, you are opening the door to use of a network that is incredibly useful for criminals because it is beyond the reach of legal process."

And it's a legal form of communication specifically protected from liability by the DCMA.

"And that is the key. You should be protected from having your communications read up to the point that a court issues a lawful search warrant or subpoena. If it was wrongly issued you have a remedy, rhey can't use it against you."

I'm sure that the legal ambiguity of their position is a great solace to anyone in Gitmo; I'm sure that the inadmissibility of COINTELPRO was of great solace to those harassed and murdered by the FBI; I'm sure that the strict oversight provided by the FISA courts is so adequate that no one would ever feel the need for further privacy protection.

Just like how you can't have meaningful free speech without letting the Nazis march, you can't have meaningful anonymity while compelling access for authorities. If there's a crime, let the authorities use one of their many other avenues for investigation and prosecution.
posted by klangklangston at 7:16 PM on September 10, 2015 [12 favorites]

you are opening the door to use of a network that is incredibly useful for criminals because it is beyond the reach of legal process.

Except ... all of the people that have been taken down while using said network, like Silk Road? Using tried and true techniques like informing? And prosecuted using good old American legal process?
posted by RobotVoodooPower at 7:29 PM on September 10, 2015 [2 favorites]

Just like how you can't have meaningful free speech without letting the Nazis march

Perhaps not the best comparison, given that are a lot of places where people would disagree with this statement - and some of those places have better practical records on civil liberties than the U.S. Crypto is a little different because of the technical obstacles to making it "selectively vulnerable" and if observers can even tell that you're a Nazi it's already not working.
posted by atoxyl at 9:55 PM on September 10, 2015

It is a straw man for you to say I am not for dissents in countries other than the US to communicate anonymously. I want US law enforcement to get in there with a lawfully authorized warrant. This story is about the United States. But I also point out that military coupsters or criminal heads of state could use such technology too.

I salute your understanding of mathematics. Everyone knows that only mathematics authorised by a US court can decrypt things. The best thing is that all other countries and actors are sure to only decrypt things that US authorises, too.

Let's say there's an escrow key, held by the USG. Please explain just how you would limit that key to US agencies and ensure it never leaks though, because if it leaked literally every communication created under that tech would be vulnerable. That seems like it could have unfortunate economic consequences! That said, it would also be a key that would be incredibly long, because otherwise Moore's law might get it. It would also not be vulnerable to quantum computers at any time in the future, because, again, if either of those factors affected it the fact that it would be the single most valuable prize for any intelligence agency, criminal group, or indeed curious hacker might just make it something that people put effort into compromising. Oh, and we'd better be sure that the encryption algorithm has no flaws. Oh, and that it can't be partially attacked based on the fact that we know the both encrypted version and the plain text. But, you know, aside from those and a massive amount of other security issues, we are just *golden*. Attaboy!

We are also doing great because there's no risk that NSA or other agencies would wish to store every single bit of comms sent with that key forever, and because no future government could ever use that datapool for repressive purposes. The government is also sure never to use that to look at legally privileged communications, because that would be unfair. Why, we'd have to invent parallel construction of evidence or something, and that could certainly never happen!

We can also be sure that repressive governments wouldn't use the same tech, or the political cover caused by the US using it to make all encryption escrow keyed for their nationals. In other news, China keeps trying to run exploits on all of their own political dissidents and, indeed, US based Tibetan groups. Lucky they will define "military coupsters" in just the same way as you! Also, if "criminal heads of state" use it, they are sure to not carve themselves an exemption in the law such as might be expected in every single national security related encryption law ever. Because, you know, no criminal or non-criminal intelligence agency, ministry or head of state might see some of the above issues and not wish people beyond a small team to have access to communications, criminal or not. That's why the USG TLAs hand every private key to the NSA and hope it doesn't leak, I'm sure. Also, we could be sure that no US criminal group would use foreign servers that NSA didn't have the keys for. No networks like that might spring up as people avoided US regulated communication networks like the plague.

So, in summary, good work. Aside from the analogue hole of people talking to each other in rooms [should every room be bugged in case criminals use them? They could use rooms too! Maybe a subject for another day - Ed] you've got it all understood and have certainly mentally chased down all the complexities. Your understanding of the issues is top notch. I await your explanation of how the few remaining loose ends can be tied up whilst ensuring that non-US dissidents (and indeed US dissidents) can communicate securely whilst their governments and/or USG hold keys to those communications.

Points will be taken off if you suggest all the foreign dissidents might all be terrorists anyway, or that legally privileged communications aren't a thing any more.
posted by jaduncan at 12:27 AM on September 11, 2015 [5 favorites]

A couple responses:

• Libraries shouldn’t provide free Internet because it may be used by criminals by Christopher Sheats
• Libraries and Tor by Kerri Hicks

posted by metaquarry at 8:43 AM on September 11, 2015 [2 favorites]

"Perhaps not the best comparison, given that are a lot of places where people would disagree with this statement - and some of those places have better practical records on civil liberties than the U.S."

I'm curious, which places are these?
posted by I-baLL at 9:21 AM on September 11, 2015

Whatever happened to 'live free or die'?

Live Free or Don't


How can people be so stridently, pseudo-patriotically anti-Tor (because it's so convenient for criminal activity) and yet be equally pro-gun?


As far as I'm concerned Tor, et.al., encryption technology, etc. is the modern equivalent of firearms in the hands of citizens instead of exclusively in authority hands. Sort of a hybrid 1st/2nd amendment.

With the printing press about gone and interpersonal oppression relegated to, well, poorer or less sophisticated elements of society, this kind of technology is about all that gives an individual a chance against oppressors and others who look to use forcible influence.


To me the argument that the Kilton Library shouldn’t run a Tor node because it doesn’t support their patrons is perfectly sound (regardless of how I might feel about it), and defensible. I might want more Tor nodes in general principle, but I can’t fault them on that basis for not wanting it.

I’d argue it does a general good. That it supports folks in Kilton’s privacy in general. But I recognize it’s a tough call to justify when the budget rolls around unless people are better educated as to what good it does.

The argument that Kilton shouldn’t run it because criminals might use it is stupid.

That the DHS is doing the Soviet style: “we know YOU’RE not doing anything wrong, but it would be a real shame if you got investigated”* is appalling. As is the library’s changing direction as a result.

(*“The use of a Tor browser is not, in [or] of itself, illegal and there are legitimate purposes for its use,” Neudauer said, “However, the protections that Tor offers can be attractive to criminal enterprises or actors and HSI [Homeland Security Investigations] will continue to pursue those individuals who seek to use the anonymizing technology to further their illicit activity.”)

If my library bizarrely decided to start keeping elephants at immense cost to the community but the DHS decided to lean on them like this I would oppose relocating the pachyderms on general principles.

We can’t suddenly decide we can’t keep elephants because they’re associated with CHILD PORNOGRAPHY *Scare! Scare! Scare!*

Elephants are wrong because we will investigate elephant droppings if you keep them. Not because they are or are not relevant to library services, sez the DHS.

Too expensive? Trample the shelves? Stampede patrons? Sure. I’d advocate getting rid of them on that basis.

But even things that have nothing to do with library services (elephants) can be associated with what libraries are essentially for (information) in the U.S. (freedom of speech) if they’re opposed by what is ultimately arbitrary a priori censorship. And that has to be fought wherever it crops up, otherwise you’re allowing that the DHS does have authority over trunked mammals in libraries.

The (less silly, less elephant related) question there is what duty does the library have to its patrons if the government threatens intervention?

The answer to me is obvious. Do people want the node or not, regardless of what the DHS thinks?
posted by Smedleyman at 10:57 AM on September 11, 2015 [5 favorites]

There was a meeting of the Kilton Public Library board tonight — and per reports on Twitter, they've decided to turn the relay back on.
posted by metaquarry at 5:35 PM on September 15, 2015 [6 favorites]

Neat! Thanks for the followup metaquarry!
posted by Matt Oneiros at 5:59 PM on September 15, 2015

Ars has a story on the decision to turn it back on. They are saying it was just turned off pending library board approval (which I guess gives all the staff involved cover if there's any further flack), and earlier released a statement: "HSI does not make policy determinations for local communities."

As a sidenote, why the hell does HSI exist? It's 6,500 Special Agents, plus staff, stuck within Immigration and Customs Enforcement, yet due to an inevitable bureaucratic desire to have more people with guns in every part of the government, it has essentially turned into a second FBI, investigating all sorts of stuff that has nothing to with immigration or customs, including running SWAT teams and forwarding on articles about Tor.
posted by zachlipton at 10:05 AM on September 16, 2015