Mon October 7, 2013
Funding For Software To Cloak Web Activity Provokes Concern
Originally published on Tue October 8, 2013 2:18 pm
ROBERT SIEGEL, HOST:
Lavabit isn't the only company affected by the fallout form the Edward Snowden leaks. An anonymity tool known as Tor is also in the National Security Agency's sightlines. Tor is widely is used by dissident groups, journalists, even police as a way to surf the Internet and communicate online without revealing anyone's identity.
NPR's Larry Abramson reports that while the NSA has been trying to hack into Tor, other branches of the U.S. government provide a large amount of Tor's funding.
LARRY ABRAMSON, BYLINE: The name Tor stands for The Onion Router. It's a strategy developed by the U.S. Naval Research Laboratory. And the original idea was to help cloak government communications. Today, Tor is run by a non-profit organization. Tor's Karen Reilly says when you request a Web page, the onion routing system sends your information request across a maze of randomly chosen computer relays.
KAREN REILLY: The end result is that no one relay has the full picture of what you're doing online.
ABRAMSON: And the path your request follows keeps changing randomly. So unlike traditional Web surfing which leaves lots of footprints, with Tor there are no traces left behind. Tor relies on thousands of volunteers who donate their computer bandwidth. And the system also relies on the power of open source software. Unlike many commercial security products, which are tightly guarded, Tor's computer code is open for the world to see. So thousands of hackers out there can test the security of the system and help patch any holes.
The goal, says Karen Reilly, is to provide dependable online anonymity for anyone.
REILLY: You might want to use Tor because you're searching for the side effects of a medication that you're taking, and you don't want your Internet service provider to know that.
ABRAMSON: Or, you might want to use Tor because you're a dissident in Iran or another country that polices online speech. That's one reason why the U.S. government provides about 60 percent of Tor's funding.
Danilo Bakovic is with Freedom House, which has been supporting free speech since World War II.
DANILO BAKOVIC: It is a very essential tool to bypass the Internet censorship and to protect user anonymity online.
ABRAMSON: But government support for Tor has long raised questions about the program's promise of total anonymity. Those doubts have been underscored by recent revelations that the NSA has cajoled or forced companies to give the government access to encrypted messages. Tor says it has never done that.
In fact, Karen Reilly says, the system is designed to provide the ultimate answer to anyone who asks the identity of a Tor user.
REILLY: We don't have information. If you don't gather information, you can't be hacked into; you can't be bribed or threatened to give up this information.
ABRAMSON: But that doesn't mean the government hasn't tried. Leaks from Edward Snowden to the Guardian newspaper and The Washington Post show the National Security Agency has struggled for years to crack Tor open. Those documents pay tribute to Tor's security, saying that from the perspective of government eavesdropping, quote, "Tor stinks." The leaks indicate the agency was simply unable to come up with a reliable way to undermine Tor's anonymity strategy.
But the documents say the NSA can exploit other mistakes that Tor users make. Christopher Soghoian works on security issues for the American Civil Liberties Union. He says these documents show that no single defense can keep out an agency with NSA's resources.
CHRISTOPHER SOGHOIAN: They will try and get your data through the network. They will try and get your data by hacking into your device. They have many tools at their disposal. And, you know, whichever one works they'll use.
ABRAMSON: In response to news reports that the NSA has tried to break into Tor, director of National Intelligence James Clapper said in a statement, quote, "The articles fail to make clear that the intelligence community's interest in online anonymity services is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies."
Larry Abramson, NPR News. Transcript provided by NPR, Copyright NPR.