Allegations that in 2014 CMU’s Software Engineering Institute had helped American law enforcement breach the technology— in order to recover information on people committing illicit acts shielded by Tor’s anonymity— circulated last year. However, so far no clear confirmation has been given by either the University or the FBI, as the agency believed to be behind the case.
Now, a federal judge hearing the case against Brian Farrell — an American citizen charged with being one the masterminds of Tor-based drug marketplace Silk Road 2:0 — has acknowledged what happened.
"The record demonstrates that the defendant's IP address was identified by the Software Engineering Institute ("SEI") of Carnegie Mellon University ("CMU") when SEI was conducting research on the Tor network, which was funded by the Department of Defense ("DOD")," a court order filed last Tuesday in Seattle reads.
The document seems to confirm previous reports, although it suggests that the research had been independently commissioned by the Department of Defense, rather than by the FBI.
The document also says that Farrell’s IP information, which led to his identification and arrest, "was obtained by law enforcement pursuant to a subpoena served on SEI-CMU". This comes with CMU’s previous comments, which strongly denied they had been paid one million dollars by FBI, as it had been reported by some outlets.
In other words, it appears that CMU had collected some users’ information in the framework of a research on Tor vulnerabilities in 2014— and that they had not planned to disclose such information until the feds requested it.
War on Encryption
The news is far from surprising. US authorities have been waging a fierce war on encryption and anonymity since 2013’s Edward Snowden revelations, which triggered a mass use of these technologies.
As more and more people adopt encryption, law enforcement agencies in the US and elsewhere are increasingly at odds with technology companies that make a point of protecting their users' privacy.
The latest instance of this struggle is Apple’s decision to oppose FBI’s order to create a "backdoor" to an iPhone of one of San Bernardino’s shooters.
If anything, the Tor’s penetration case is bad news for thousands of activists — and, to be sure, criminals— that use its "relay technology" to avoid being spied on and located by people monitoring online traffic.
Funnily enough, Tor was first spawned as a US military’s project — its foundations were laid by the US Naval Research Lab and then perfected by Defense Advanced Research Projects Agency in the 1990s. Now US authorities are hiring experts to undo their own doings.