Slashdot Mirror

← Back to Stories (view on slashdot.org)

Carnegie Mellon Denies FBI Paid For Tor-Breaking Research (wired.com)

Posted by samzenpus on from the wasn't-us dept.

New submitter webdesignerdudes writes with news that Carnegie Mellon University now implies it may have been subpoenaed to give up its anonymity-stripping technique, and that it was not paid $1 million by the FBI for doing so. Wired reports: "In a terse statement Wednesday, Carnegie Mellon wrote that its Software Engineering Institute hadn’t received any direct payment for its Tor research from the FBI or any other government funder. But it instead implied that the research may have been accessed by law enforcement through the use of a subpoena. 'In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed,' the statement reads. 'The university abides by the rule of law, complies with lawfully issued subpoenas and receives no funding for its compliance.'"

5 of 79 comments (clear)

  1. Weasel Words by Anonymous Coward · · Score: 5, Insightful

    "Carnegie Mellon wrote that its Software Engineering Institute hadn’t received any direct payment for its Tor research from the FBI or any other government funder."

    Now if that word "direct" had not been there I would have a little more faith.

    As well know , there are hundreds of ways to indirectly pay for stuff...... "Hey here's some money for your sports team", "hey here's some money for your building funds", etc etc etc etc etc

    1. Re:Weasel Words by tylerni7 · · Score: 4, Insightful

      The Software Engineering Institute is a Federally Funded Research and Development Center (FFRDC), similar to places like Los Alamos, Sandia, or Lincoln Labs. So yes, they certainly receive funding from the government, and that probably includes funding from the FBI.

      It sounds like what they are saying is that they were doing general research on Tor as part of their normal research activities. Funding for this, like all other research they do as an FFRDC, comes from the federal government in some form. So yes, indirectly I'm sure the government paid for the research, but that does not seem shocking.

      All in all, it's hard to understand what all the fuss is about for this, it seems pretty much in line with the goals of an FFRDC to do this type of research.

  2. Liars by Etherwalk · · Score: 5, Insightful

    "hadn’t received any direct payment for its Tor research from the FBI or any other government funder"...

    So they have received indirect payments or have received direct payments from non-government funders.

    That's like when the Bush administration found "dozens of weapons of mass destruction related program activities" in Iraq, but no actual WMDs.

    1. Re:Liars by Frobnicator · · Score: 4, Informative

      "hadn’t received any direct payment for its Tor research from the FBI or any other government funder"...

      So they have received indirect payments or have received direct payments from non-government funders.

      Yes, that is exactly true. I'm assuming you didn't read the actual statement by the school.

      It begins: "Carnegie Mellon University includes the Software Engineering Institute, which is a federally funded research and development center (FFRDC) established specifically to focus on software-related security and engineering issues."

      So there you go, a blatant admission to an indirect payment. The government did not say "We will pay you to develop this specific technology" which would have been direct. The government told that lab, and many more, "Here is money to research this type of technology generally", and the lab happened to fund that project among many others, yielding an indirect payment. What most people probably didn't expect, the lab included, was that they would get a subpoena demanding the research.

      While the tin-foil hat may be necessary elsewhere, no need for it here. The lab has always openly admitted to the indirect funding from federal grants. In their research papers, and in fact in the vast majority of university research papers, there is a line about the grants funding the lab. That is a non-secret.

      --
      //TODO: Think of witty sig statement
  3. Police State Lapdog by ThatsNotPudding · · Score: 4, Insightful

    All in all, it's hard to understand what all the fuss is about for this, it seems pretty much in line with the goals of an FFRDC to do this type of research.

    Yes, all they did was merely destroy the trustfulness of the CERT process to warn EVERYONE of vulnerabilities in software, instead of delightedly handing it over to the descendants of J Edgar Hoover and not bothering to tell the software maintainers anything. This is the main point; the million pieces of silver were just added insult.