“Tor Stinks” … because It Requires Manual (Digital) Tails

Screen shot 2013-10-04 at 11.31.05 AM“Tor stinks,” the Guardian reports one NSA document asserting, in a new story on NSA’s efforts to break that encryption system.

And while Bruce Schneier explains how the NSA uses similar techniques to those the Chinese government uses to spy on its users — something called Egotistical Giraffe — to break Tor, and the NSA has been able to crack other users’ communications via their poor hygiene outside of Tor (as with this week’s bust of Silk Road), the NSA has thus far been unable to systematically break the system.

At base, though, NSA believes that Tor stinks because,

We will never be able to de-anonymize all Tor users all the time.

With manual analysis we can de-anonymize a very small fraction of Tor users, however no success at de-anonymizing a user in response to a TOPI request/on demand.

Another complaint the NSA has is their methods for cracking Tor right now are “difficult to combine meaningfully with passive Sigint.” That is, they can’t just feed everything into a system and get potential targets to pop out.

To me, this boils down to a complaint that if the NSA wants to track users — the ones they can identify — they have to work as hard as cops used to in physically tracking suspects. That means (as NSA’s recent success busting 2 Tor users makes clear) they can track people. They just have to work at it.

We’ll hear a lot about how breaking Tor is a noble cause and NSA (and GCHQ) have to do it to keep us safe from the “very naughty people” who use Tor. But ultimately, it seems, one question is whether the NSA should get to break the law to make it as easy to track encrypted users as using GPS to track physical location has become.

NSA wants its targets to — effectively — come to it. It doesn’t want to have to identify targets and then crack their communications. But Tor, at least thus far, has made it as hard to do so as it used to be to physical track suspects.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

8 replies
  1. What Constitution? says:

    But, but, but … they’re all bad! Well, they might be bad. And how we gonna know if we can’t check? The thought process has been seen before — it was the victorious rebel leader explaining the new “clean underwear rules” in Bananas (and for added emphasis, this clip has Greek subtitles): http://www.youtube.com/watch?v=EV4N2dk0cMk

  2. Nigel says:

    “We will never be able to de-anonymize all Tor users all the time”

    Isn’t that a good thing ?

    If not, they are saying they should have the right to surveil everyone, all the time.
    Which is distinctly unAmerican.

  3. Nigel says:

    Regarding Silk Road, Friedersdorf makes an interesting point:

    http://www.theatlantic.com/technology/archive/2013/10/did-shutting-down-silk-road-make-the-world-a-more-dangerous-place/280270/
    On many thousands of occasions, drug dealers in foreign countries decided that, rather than using armed truck drivers, bribed customs agents, desperate drug mules, thuggish regional distributors, and street level drug dealers who used guns to defend their territory, they’d just mail drugs directly to their far away customers. Of course, folks at the beginning of the supply chain were still often violent drug cartels who(m) one hates to see profit. But from the perspective of the many innocents who suffer from the black market supply chains involved in traditional drug sales, narcotics via mail order would seem to be a vast improvement…

  4. Phil says:

    I was under the impression that .Gov could and had broken TOR as they had helped set it up in the first place. Dammif I can remember where I saw that though.

    After they busted that whole network I quit using it because I thought that if they could bust one, they could break them all.

    It seems with this post that once again I am misinformed.
    Nothing unusual there though. ;)

    See Marcy, ya just did me a favor.

    Thank you.

    I mean, with several years of running my mouth on the internet,ranting, blogging, FDL, etc, I’m sure they are well aware of who I am. Just for fun try Googling Bustednuckles sometime……..
    I know for a fact that .Gov knows all about me because I have seen them all over my Stat counter for years now.
    Blogging is one thing though, I would still like to keep some things somewhat private and TOR seemed to be about the easiest way as I am about as dumb as a box of rusty hammers when it comes to computers and their mysterious ways.

    I guess I will have to try and download it again after all.

    Thanks for this post.

  5. orionATL says:

    take this article:

    http://www.nytimes.com/2013/10/03/us/snowdens-e-mail-provider-discusses-pressure-from-fbi-to-disclose-data.html?pagewanted=all&_r=0

    add it to this article:

    http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption?CMP=twt_gu

    what do you get?

    a solid legal and technological foundation for tyranny.

    “tyranny” you ask? such an extreme term, and so old-fashioned!

    this is the future that six u.s. congresses and multiple anti-constitution decisions by the u.s. federal juciary, beginning in 2002, has bequeathed to us citizens.

    in a benign-thru-inexperience-negligence-and-weakness presidency like that of prez obama, only a few really-bad-things will happen,

    but in a presidency like that of richard nixon, ronald reagan, or dick cheney, any number desired are guaranteed.

    and all rules enabling tyranny were enacted and adjudicated for the sole purpose of making us more secure (well, only incidentally to ensure that the political and judicial actors retained their privileged staus).

    how is your “personal comfort” now?

Comments are closed.