Slashdot Mirror
Mozilla Fights FBI In Court For Details On Tor Browser Hack (helpnetsecurity.com)
An anonymous reader writes from a report on Help Net Security: Mozilla has asked a Washington State District Court to compel FBI investigators to provide details about a vulnerability in the Tor Browser hack with them, before they share it with the defendant in a lawsuit, so that they could fix it before the knowledge becomes public. The lawsuit in question is against Jay Michaud, a Vancouver (Wa.) teacher that stands accused of accessing and downloading child pornography from a website on the Dark Web. The FBI used a "network investigative technique" (NIT) to discover the IP address and identity of the defendant, which was only possible from a vulnerability in the Tor Browser. Why does Mozilla care to learn about the vulnerability? "The Tor Browser is partially based on our Firefox browser code. Some have speculated, including members of the defense team, that the vulnerability might exist in the portion of the Firefox browser code relied on by the Tor Browser," Denelle Dixon-Thayer, Chief Legal and Business Officer at Mozilla Corporation, explained.
We don't need the FBI. Their only apparent functions are to reduce privacy and falsely accuse people of terrorism. Abolish the FBI and other three letter federal agencies like the CIA and NSA.
There is a delicious irony in the fact that the US Government developed Tor to safeguard their intelligence traffic but is now busy trying to crack Tor in an effort to monitory the activities on it's own citizens.
The FBI is saying they actively exploit a flaw in Firefox but won't say what that flaw is. This course of action actively deters people from using firefox. Mozilla can't dispute the FBIs claim since there is no evidence given. If the FBI won't disclose the vulnerability I sure hope they can sued for libel since that's exactly what is left.
Here's the difference: At least in theory, the government is supposed to be transparent; that's where the term "public official" comes from. Part of that is transparency about how they conduct their investigations. On the other hand, no such rules apply to corporations ("private company"). If we can't know the FBI's secrets, we can't trust that they're acting in the best interest of the general population; but there's no reason the FBI needs to know secrets about companies, since companies are by definition not in the best interests of the people; they are only in the interests of themselves.
The FBI is indeed needed. While they do regularly exceed the scope of their mission, there is a great need for a law enforcement program that exceeds each individual state and can facilitate interstate investigations. Without them large criminal organizations, AKA the Mafia would operate with impunity crossing state lines, and avoiding prosecution by fleeing state jurisdictions. We could never rely on the states individual laws to stop kidnappings, mail fraud, gambling and other such violations that spanned several jurisdictions.
errr....umm...*whooosh* *whoosh* Is this thing on ?
It's Fedspeak for "malware" or "exploit." But you can't call it that because it won't sound good in front of a judge. They're not trying to play it up as something super-awesome-hackerish. They're trying to play it down as something normal and official and businesslike. It's nothing special, it's just a technique. For investigating. Over a network. We're not into malware or cracking, those are things that cyber-criminals do. I mean, there's a crime, there's a network, and we're in the business of investigation. What did you expect us to do, Your Honor?
Just like enhanced interrogation procedures aren't torture; torture is bad. What we're doing are just enhancements of existing techniques. They're better ways to use the interrogation techniques - just techniques, mind you, not torture - that we've always done.
Recommended reading from 1946 :Politics and the English Language