H D Moore:
I would love to see this case go to court and set a precedent, although I hope its the University that is targeted and not the actual researchers.The CNET article is just FUD though -- yes, the law is fuzzy in this area, but I highly doubt that any federal prosecutor is going to pick this upunless a specific indivual or company claims damages.
Exactly, FUD was also the first thing that came to my mind while reading it. What about the whole research area, that is doing similar analyses on normal non-anonymous backbone traffic?
I think this is a very interesting work and exactly what is needed. Although, these guys obviously have a lot of sensitive data sitting on some harddisks, which needs a very careful handling. (Still better than if that data came from non-Tor traffic.) Somebody has to watch them, while they work with that data, and to make sure that only data is kept that is really necessary for their work. (Keeping the first 150 bytes of every packet sound like more than necessary.) So I wonder why their university didn't want to care about that.