A deluge of information about the NSA's work to undermine the anonymity of Tor users hit the Internet on Friday thanks to documents from former NSA contractor Edward Snowden. The revelations highlight the government's internal struggle over how to react to anonymity online. While the NSA is working around the clock to undermine Tor's anonymity, other branches of the federal government are helping fund that same service.
Tor is a service that lets people surf the Internet anonymously. My colleague Tim explains the basics here, but using names like MOTHMONSTER, EGOTISTICALGOAT and, most recently, EGOTISTICALGIRAFFE, the NSA has been reportedly waging an ever-evolving stealth campaign against the service for years. The campaign included searching for zero-day vulnerabilities, weaknesses the developers haven't discovered or patched yet, in new versions of the Firefox browser when old defensive cracks were fixed. But the 2007 documents released Friday suggest that the agency's efforts only allow them to unmask individual users. Mass surveillance isn't possible.
That the agency was looking for ways to break Tor encryption isn't particularly surprising. While Tor is used by activists and journalists, it also allowed users to visit a seedy underbelly of the Internet where online drug markets like the recently shuttered Silk Road and child pornography sites are hosted. Director of National Intelligence James Clapper issued a statement responding to the Tor reports, saying "the Intelligence Community’s interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies."
But their interest in cracking privacy tools is in direct conflict with efforts in other parts of the U.S. government — especially the State Department, which supports the aforementioned activist and journalist Tor users. In 2013, the State Department and USAID awarded $25 million to groups working on Internet freedom issues, like "supporting counter-censorship and secure communications technology, digital safety training and policy and research programs for people facing Internet repression."
During the Arab Spring, that meant training people to use tools like Tor to escape censorship and retaliation. In 2012, Time magazine reported that American-backed instructors were teaching bloggers covering the Syrian civil war how to use Tor and other counter-surveillance measures.
The State Department is helping fund Tor. In fact, government funding through the Naval Research Laboratory helped privacy advocates develop Tor more than a decade ago, and federal sources pick up around 60 percent of the development tab today.
During a talk at a Washington, D.C., church last month, former NSA and CIA chief Michael Hayden said the issue of anonymity was about our government's approach to the Internet.
"Is our vision of the World Wide Web the global digital commons — at this point you should see butterflies flying here and soft background meadow-like music — or a global free fire zone?" he asked. And Hayden, who helped build the intelligence agency's response to the digital age, was pretty clear about how he viewed it, saying "the problem I have with the Internet is that it’s anonymous."