Espionage works like this: identify a target who has the info you need. Determine what he wants to cooperate (usually money.) Be sure to appeal to his vanity and/or patriotism. Create a situation where he can never go back to his old life, and give him a path forward where it favors his ongoing cooperation in a new life. Recruit him, because you own him.
The FBI appears to have run a very successful, very classic, textbook recruitment on the guy above, Matt Edman, to use his insider-knowledge to defeat one of the best encryption/privacy software tools available. Aloha, privacy, and f*ck you, Fourth Amendment rights against unwarranted search and seizure.
Edman is a former Tor Project developer who created malware for the FBI that allows agents to unmask users of the anonymity software.
Tor is part of a software project that allows users to browse the web and send messages anonymously. In addition to interfacing with encryption, the basic way Tor works is by bouncing your info packets from server to server around the Internet, such that each server knows only a little bit about where the info originated. If you somehow break the chain, you can only trace it back so far, if at all. Tor uses various front ends, graphic user interfaces that make it very easy for non-tech people to use.
Tor is used by (a small number of) bad guys, but it is also used by journalists to protect sources, democracy advocates in dangerous countries, and simply people choosing to exercise their rights to privacy because they are in fact entitled to do so and don’t need a reason to do so. Freedom and all that. It is up to me if I want to lock the door to my home and close the blinds, not anyone else.
Our boy Edman worked closely with the FBI to customize, configure, test, and deploy malware he called “Cornhusker” to collect identifying information on Tor users. The malware is also known as Torsploit. Cornhusker used a Flash application to deliver a user’s real Internet Protocol (IP) address to an FBI server outside the Tor network. Cornhusker was placed on three servers owned by a Nebraska man who ran multiple child pornography websites.
We all hate child pornographers and we all would like to see them crammed up Satan’s butthole to suffocate in a most terrible way. But at the same time, we should all hate the loss of our precious rights. Malware has a tendency to find its way into places it should not be, including into the hands of really bad dictators and crooks, and even if we fully trusted the FBI to only use its Tor-cracking tools for good, the danger is there.
And of course we cannot trust the FBI to use its Tor-cracking tools only for good. If Tor can be taken away from a few bad actors, then it can be taken away from all of us. Our choice to browse the web privately and responsibly is stripped from us. Encryption and tools like Tor are like any tool, even guns, in that they can be used for good or for evil. You never want to throw the baby out with the bathwater, especially when fundamental Constitutional rights are at stake.
Rough and unpleasant as it is to accept, the broad, society-wide danger of the loss of those fundamental rights in the long run out-shadows the tragedy of child pornography.
Peter Van Buren blew the whistle on State Department waste and mismanagement during Iraqi reconstruction in his first book, We Meant Well: How I Helped Lose the Battle for the Hearts and Minds of the Iraqi People. His latest book is Ghosts of Tom Joad: A Story of the #99 Percent. Reprinted from the his blog with permission.