Slashdot Mirror
FBI Is Classifying Its Tor Browser Exploit Because 'National Security' (vice.com)
Joseph Cox, reporting for Motherboard:Defense teams across the US have been trying to get access to a piece of malware the FBI used to hack visitors of a child pornography site. None have been successful at obtaining all of the malware's code, and the government appears to have no intention of handing it over. Now, the FBI is classifying the Tor Browser exploit for reasons of national security, despite the exploit already being used in normal criminal investigations well over a year ago. Experts say it indicates a lack of organization or technical capabilities within the FBI. "The FBI has derivatively classified portions of the tool, the exploits used in connection with the tool, and some of the operational aspects of the tool in accordance with the FBI's National Security Information Classification Guide," government attorneys wrote in a filing earlier this month. It came in response to the defense of Gerald Andrew Darby, who is charged with child pornography offenses.
This a JS exploit, not a Tor problem. It really doesn't matter what this exploit does or how it works. If you have JS enabled in Tor, you're already pwn3d.
....It's a laughably silly exploit that anyone can do and they paid 10 million dollars to get.
I was LinuxFest Northwest earlier this year and had in interesting conversation with a lawyer from ACLU of Washington who gave a talk on cryptography and fearmongering. It was interesting because he advocated a position that the law should compel the government to publicly reveal any exploit gained or utilized by the government. I pointed out that this would be difficult to support for many people who believe in strong national defense (and foreign intelligence as a key aspect of that). The suggestion I made was to moderate his position as follows: if an exploit is developed (or purchased) by the US government for foreign intelligence purposes, then the government can decide to withhold the exploit on national security grounds, but as soon as it is employed for any domestic law enforcement purpose (surveillance, intelligence gathering, criminal investigation/prosecution) then the release would be compelled.
I think the idea has possibilities, but after the slew of stories I've seen here on /. and in other media about our rights constantly and quickly being eroded in more fundamental ways, I'm wondering if efforts are best focused elsewhere.
Not my fault that the postal service left classified information in everyone's mailbox.
The best bit is he's definitely guilty, and trying to get off on a technicality. The argument is the entire body of evidence collected since this whole thing started is tainted, and they have no valid reason to search him (knowing that his house is still full of child pornography because they already did an *illegal* search isn't a justifiable cause), so he gets away scot free because the authorities fucked up.
This is *exactly* what we want. We want the authorities to follow the rules, and we want people who can hide in the rules to get away with it. We don't need the FBI searching you because they feel like it, finding evidence for an unpredicted crime, then charging you for it based on an illegal search. That leads to all kinds of vindictive political control, turning political opponents and other undesirables into targets to be ground away at by government overreach.
The biggest danger is the public realizing what just happened and crying out against a child porn hoarder getting off free, and then demanding the repeal of the fourth and fifth amendments immediately. The second biggest danger is the FBI succeeding with their bluff, either having no evidence to present ("we used a thing that got us information, but we won't show you that thing, so just trust us about the evidence chain") or being forced to present and being called on performing an illegal search (hacked your computer) and then *not* penalized for it ("this is all technically inadmissible, but we'll allow it anyway").
The neutral state is the FBI being forced to present and arguing (successfully and correctly) the defendant was *not* subject to an illegal search because the FBI had ample reason to believe the target site *was* doing illegal things and that its visitors were engaging in illegal activities (similar to a sting on a whore house). The outcome of being forced to present is the public can examine the code used to break Tor, then counteract it (technical arms race); Darby goes to jail; and the case sets no legal precedents weakening constitutional law.
Support my political activism on Patreon.
18 U.S. Code  798 - Disclosure of classified information: ...
(a) Whoever knowingly and willfully communicates
prejudicial to the safety or interest of the United States or for the benefit of any foreign government to the detriment of the United States any classified informationâ"
(1) concerning the nature, preparation, or use of any code, cipher, or cryptographic system of the United States or any foreign government;
You would have to know that it is a government secret.
Note nothing it in the statute says that removing the classification label makes it okay. If you know it is secret and you willfully communicate it to an authorized person, that's a felony.
There's plenty of evidence? I just can't wait for the day I am labeled a "child predator" because my neighbors heard me playing pornhub while my wife was on the rag. How many Traci Lords videos have I watched and who the fuck knows if one of them she was 17 in? So basically the fact that I have never remotely been interested in teenagers for sex, I am all of sudden the horrible child molestor the Feds and cunt of a prosecutor want me to be? Guess what? How many people have seen the Vanessa Hudgens leaked nude photo? Let me guess. All of them are hard core sexual predators? I have seen worse in company emails. Oh what's that you say? World War II veteran who raised a healthy honest hardworking society value adding family is a fucking monster because he dated Grandma who was 16? I'm sorry, daddy has to go to jail because we though him looking at a Tracy Lords video was "predatory" and have his career taken from him because you see, the prosecutor who let officer Johnson bang away on high school seniors, needed a career boost and news grabbing headline generated. No one here is saying that the guy wasn't guilty. But make not one fucking mistake, what constitutes as real predators and child molestor scum are grouped today with people who are not. Just for the simple fact that they can bullshit their way through court and nab a nice toasty conviction win to their record. They are just waiting to throw your ass in jail. Remember people, the law isn't applied equally to everyone. And prosecutors can be just as much a predator to certain people as predators are to prey. Who gives a fuck. They'll do what they want, whenever they want. I think the law actually gets in their way. On top of all this shit? I appreciate hard work. But fucking really?
As a practical matter, I just assume that any encryption, cloaking, etc. has already been broken and that you can be seen if certain people at the NSA, CIA. etc. can read your communication if they're interested enough.
It's not a big deal to me personally. I'm not political, which is the real criteria for whether you're monitored or not (not the drugs or kiddy porn smokescreen reason). Political folks know better. They use old fashioned ciphers, red herrings, paper and face-to-face.
Please do not read this sig. Thank you.