top | item 8575454

(no title)

xnull | 11 years ago

Some here may know me as a critic of overreaching and aggressive cyber enforcement (and related surveillance).

First, I'm quite happy that this activity does not appear to be the result of wide scale infrastructure sabotage.

And I am quite happy that the FBI is doing its job to combat crime that is facilitated using (abusing) the technologies that are bastions for free speech, privacy and whistleblowing.

Of course the flipside is that this means that there are capabilities in place to disrupt anonymizing technologies - the technologies make investigation more expensive but ultimately are merely an inconvenience to the powers that be. So when it comes down to it, anonymizing services and Tor can't be trusted to secure you if you have something to say where your life is in danger.

The FBI (/others) wants the court system to replace technology as the gatekeeper to investigation. The court system, however, is brittle. It takes time, it fails, and it responds to external pressure - there are repeated studies that show that the length of time persons in US court systems are convicted to serve is highly correlated with how long it has been since the precising judge has eaten his last meal. There are also extralegal rights that law enforcement are given by legislature and evolving interpretations of what both these legal and extralegal rights entail.

But law enforcement also is justified from their perspective. They don't want there to be criminals that get away with crimes simply because criminals load up some software that obfuscate their identities, locations and accounts. If you look at this published list there are criminal organizations that you and I as taxpayers do want taken down. (I recognize that the sale and consumption of drugs is a greyer area of morality as drug use is sometimes victimless).

I think that for the most part law enforcement is capable of taking down these services and organizations other ways - ordering assault rifles and monitoring the drops - and that this provides opportunities for the government to enforce the law without sabotaging communications infrastructure. Taking down some .onion addresses doesn't do too much besides annoy the services for a time anyway unless the services operationally are not capable of standing up a new address and communicating with customers anonymously.

All in all it's a blurry line but I feel safer with places that are anonymous and secure than I do by trusting a court system and legal process that can only see, process, and be accountable for so much.

discuss

sliverstorm|11 years ago

On the bright side it leaves us in the same position as man has always been- rather charted territory.

I've been skeptical of Tor et-al from day one. I didn't have provable reasons why, but the court has always served as the gatekeeper to investigation, and the Tors of the world seemed like the sort of hubris we techies are so prone to- "Age-old social justice problems man has struggled with for thousands of years can be trivially fixed with my technology!"

It is my opinion that we (techies) overestimate ourselves. Tor is useful, but it would have to be perfect (which no technology can be) to protect you from the flawed judicial system. Which is why I think we are destined for heartbreak, and the longer we forestall that realization the worse off we will be, for we will ignore the judicial system and allow it to become ever more broken.

As a sidenote I find it bitter satire; people who cannot accept the will of others seeking tools to forcefully impose their own morality on the world instead

xnull2guest|11 years ago

I'm rather partial to your comment. Though as a cipherpunk of my own generation, fully knowledgeable of rubberhose cryptanalysis and the rest, I do hold out hope that some of these technologies balance power and push them into the hands of the benign individual more than they magnify the power of a select or chosen few.

If all technology provides more power to everyone, but unevenly to where more is added at the top than the bottom, then the only thing that is left to defend against power inequality are court systems and forms of mass unrest. I distrust the completeness of the former (we've seen them go bad) and rather dislike the latter.

The pendulum could of course swing too far the other direction into anarchy. This, too, leaves my mouth bitter.

Ultimately I think technologies like Tor aren't so bad. Certainly it is nothing compared to nuclear weapons or personal firearms. Information and communication, while they can aid criminal behavior, are not criminal in themselves. Like has always been the case - long before it was possible to monitor and store information and communication for later introspection - criminal acts are acts in the physical world and they can be investigated there.

https://www.schneier.com/news/archives/2014/04/bruce_schneie...

etherael|11 years ago

> As a sidenote I find it bitter satire; people who cannot accept the will of others seeking tools to forcefully impose their own morality on the world instead

By this do you mean those that can't accept the will of others comprise the judicial system or those not prepared to submit to it and pursuing alternate avenues? Your comment works either way, but if you're talking about those attempting to place themselves outside the judicial system that's less them imposing their own morality on the world and simply not allowing the world to impose its morality on them.

threeseed|11 years ago

>It is my opinion that we (techies) overestimate ourselves.

What everyone is forgetting is this:

The FBI, NSA, CIA etc all have techies. And since they would be extremely well paid it is logical to assume that they are very good at what they do. So anything that we can do they can do only (a) arguably better and (b) with the constraint of having to comply with the law.

aaron42net|11 years ago

That depends on how you define "wide scale infrastructure sabotage". I believe that this is resulting from: https://blog.torproject.org/blog/tor-security-advisory-relay...

January 30 to July 4, 2014 someone set up 115 tor nodes on fdcservers.net (total cost maybe ~$200k?), which was 6.4% of entry guard capacity. Clients talk to 3 guard nodes for an average of 45 days each, which means they probably picked a guard ~12 times during this period. Each guard-picking attempt had a ~6.4% chance of landing one of these bad guards, or a 55% chance across all attempts.

"We know the attack looked for users who fetched hidden service descriptors... The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service."

xnull2guest|11 years ago

I didn't know about those attacks. Very interesting. $200k is chump change for a Tor attack from large organizations. It's interesting to compare that number to the $100k prize offered by Russia. A neat speculation is that better attacks require a few digits more to be extremely effective and that six-digit attacks are at the cost-effectiveness threshold for most national purposes.

By "wide scale infrastructure sabotage" I was trying to refer to QUANTUMINSERT, TEMPORA and other internet-scale mass read and write capabilities. It doesn't look like the FBI had to use those sorts of technologies to interrupt the .onion addresses - I'm really happy about that. First because it shows that law enforcement can fight cybercrime without those tools and second because if they were used proponents/supporters would have championed them as 'necessary' or 'inevitable'.