It really hurts the Army’s NSA to come up against the Navy’s Tor encryption, says former naval officer Wayne Rash
There’s a saying about the left hand not knowing what the right had is doing. Nothing illustrates this more clearly than the federal government’s dysfunctional relationship with the Tor browser and the Onion router.
By now, you’re heard that the National Security Agency is having a tough time unraveling Tor. This bundle of software based on the Firefox browser enables a process in which Internet traffic is sent among a series of routers, each of which adds a layer of encryption and anonymity. The Tor browser is freely available to anyone who wants to use it, including dissidents in nations with oppressive governments and even child abusers.
Tor works too well for the NSA’s liking
The problem with Tor from the NSA’s viewpoint is that it works too well. Actually nailing down who’s using it, decrypting what they’re doing, and doing all of that in a timely fashion is driving the NSA crazy. So, naturally, you have to ask yourself what band of privacy advocates dreamed up this nearly uncrackable communications pathway? The answer may surprise you.
Tor is the brainchild of the US government. In fact, Tor was invented with the support of the US Naval Research Laboratory, located near Washington, DC, in suburban Maryland, just inside the Beltway. And yes, this is pretty close to the NSA, which is also located in suburban Maryland, although it’s outside the Beltway.
Now, I know what you’re thinking. The US Navy is part of the same Department of Defense that also operates the NSA, which is theoretically part of the US Army and is run by an Army general, Keith Alexander. The Naval Research Laboratory has continued to fund the development of Tor. But the Navy has help.
An even larger supporter of Tor is the Broadcasting Board of Governors (BBG), which is the propaganda arm of the US government. The BBG runs the Voice of America, Radio Free Europe, Radio Martí and other similar services around the world. Tor is also supported by the National Science Foundation. According to The Washington Post, Tor also receives substantial funding from the US Department of State. In other words, one part of the US military is arguing with sister federal agencies about the creation of a secure browser that it says could be used to hide the nefarious activities of criminals and terrorists.
If this were some long-ago creation that somehow went rogue, you might understand the frustration of the NSA, but it’s not. The Army-run intelligence service is stymied by encryption technology created and run by the Navy. And you thought the Army-Navy football game was the height of inter-service rivalries?
Now, I have to admit that as a retired Navy officer, it gives me a certain amount of satisfaction to see my service create something that works so well. It gives me even greater pleasure to see the Navy driving an Army general nuts.
But in reality, there’s a good reason that the US government has created a sophisticated encrypted communications network without a back door that would let it be exploited by others in the same executive department.
In the long run, it’s more important to give the forces of democracy the means to communicate, even at the cost of providing a pathway to terrorists and child exploiters. As agencies ranging from the NSA to the FBI have demonstrated, you really don’t need to reliably decrypt the communications of everyone just to catch the bad guys. Yes, it’s convenient for the NSA and other agencies to have some kind of magic access, but other methods are available to organisations as capable and well-funded as the NSA.
The Federal Bureau of Investigation (FBI), for example, took over a child exploitation network called Freedom Hosting and used it to plant malware on the computers of anyone who accessed the sites it contained. The feds then used that malware to identify anyone who had used one of the sites, exposing them to further scrutiny by the FBI and the NSA.
The NSA, meanwhile, has created its own servers that it places on what the Guardian called the “Internet Backbone,” which impersonates the sites criminals or terrorists might use, and then injects malware of its own. This allows the NSA to track those people, and in the process to know which people visited which site, and what they tried to look at.
Good news: you can mostly trust Tor
So the obvious question is whether you should trust Tor. The answer depends greatly on what you’re trying to accomplish. If you’re trying to communicate with others fighting an oppressive government, chances are that it will work well for you since most of those governments likely lack the sophistication to crack or track Tor. But all bets are off if one of those governments happens to be Russia or China which may have the ability to do some tracking.
If what you’re trying to accomplish is keep your business secrets private, then you’re probably safe as well since your competitors almost certainly don’t have the capability to do anything about Tor. But if you’re trying to do something that a major government doesn’t like and has the resources to investigate, then you might want to think twice because they might be able to track you.
But that doesn’t mean that tracking and decrypting your communications will be easy. The feds have to really want you badly enough to spend the money and take the time to defeat your specific use of Tor, and if they want you that badly, you’re probably already in trouble anyway.
Whistleblowers and leakers – don’t tell anyone you’ve done our quiz!
Originally published on eWeek.