[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor Project 2008 Tax Return Now Online



Orionjur Tor-admin writes:

> I think so too.
> But I have an asking - were there any court proceedings (successful or
> not) against tor-users based on their deanonimisation in the USA?
> Because I never hear or read about it I very want to know it.
> If there were no such proceedings it seems to me that we must
> acknowledge that efficiency of the Tor has very high level.

I think there are a number of techniques that law enforcement and
intelligence agencies have that don't get introduced in court at a
particular time because the agencies don't want people to know about
their capabilities, even at a potential cost of not being able to
get particular convictions.  One analogy to this is the
unsubstantied claim that the British intentionally avoided making
an effective air defense of Coventry during World War 2 in order
to avoid compromising the Ultra program (the ability to read Enigma
traffic).

https://secure.wikimedia.org/wikipedia/en/wiki/Bombing_of_Coventry#Coventry_and_Ultra

(I wish I had an analogy that was actually based on something we
know really happened...)

I think two contemporary examples could be the ability to decrypt
GSM traffic over the air, as described by many researchers, and
the ability to obtain false certificates from CAs in the global
PKI, as suggested in Soghoian and Stamm's paper.

http://events.ccc.de/congress/2009/Fahrplan/attachments/1519_26C3.Karsten.Nohl.GSM.pdf
http://petsymposium.org/2010/papers/hotpets10-Soghoian.pdf

I don't mean to say that any particular agency has these
capabilities, just that it seems plausible that some do.  People
who can do these things might not want to mention it in court
because that might have the effect of changing a lot of people's
behavior.

One that's actually more alarming to me (because I don't know how
to defend against it) is backdoors in hardware, like those described
in

http://www.usenix.org/event/leet08/tech/full_papers/king/king.pdf

I don't think someone who had incorporated a backdoor like that in
some popular device would want to mention it in any public context.

-- 
Seth Schoen
Senior Staff Technologist                         schoen@xxxxxxx
Electronic Frontier Foundation                    https://www.eff.org/
454 Shotwell Street, San Francisco, CA  94110     +1 415 436 9333 x107
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/