FBI Is Classifying Its Tor Browser Exploit Because 'National Security'

Joseph Cox, reporting for Motherboard:Defense teams across the US have been trying to get access to a piece of malware the FBI used to hack visitors of a child pornography site. None have been successful at obtaining all of the malware's code, and the government appears to have no intention of handing it over. Now, the FBI is classifying the Tor Browser exploit for reasons of national security, despite the exploit already being used in normal criminal investigations well over a year ago. Experts say it indicates a lack of organization or technical capabilities within the FBI. "The FBI has derivatively classified portions of the tool, the exploits used in connection with the tool, and some of the operational aspects of the tool in accordance with the FBI's National Security Information Classification Guide," government attorneys wrote in a filing earlier this month. It came in response to the defense of Gerald Andrew Darby, who is charged with child pornography offenses.

A possible compromise

I was LinuxFest Northwest earlier this year and had in interesting conversation with a lawyer from ACLU of Washington who gave a talk on cryptography and fearmongering. It was interesting because he advocated a position that the law should compel the government to publicly reveal any exploit gained or utilized by the government. I pointed out that this would be difficult to support for many people who believe in strong national defense (and foreign intelligence as a key aspect of that). The suggestion I made was to moderate his position as follows: if an exploit is developed (or purchased) by the US government for foreign intelligence purposes, then the government can decide to withhold the exploit on national security grounds, but as soon as it is employed for any domestic law enforcement purpose (surveillance, intelligence gathering, criminal investigation/prosecution) then the release would be compelled.

I think the idea has possibilities, but after the slew of stories I've seen here on /. and in other media about our rights constantly and quickly being eroded in more fundamental ways, I'm wondering if efforts are best focused elsewhere.