The Tor Project, which maintains the open source secure browser and networking software, published a blog March 21 saying it supported Apple’s resistance to demands from the Federal Bureau of Investigation and the U.S. Department of Justice for encryption back doors to its mobile devices and data services.
Kate Kraus, director of communications and public policy for the Tor Project, told eWEEK that the Tor Project has strong incentive to support Apple’s position. “Without encryption, there’s no privacy,” Krauss said, “without privacy, there’s no safety online.”
Apple’s situation hits close to home for the Tor Project, which supports activities such as blogging by human rights activists in countries with oppressive governments.
The Tor Project’s main responsibility is to maintain the software for the Tor anonymity network, which supports strong encryption and routes traffic in a way that hides users’ locations to discourage network surveillance and message interception.
But despite its concern about message encryption and the network’s anonymity, the U.S. government is actively supporting the Tor Project as a way to provide secure communications to foreign activists and others who further U.S. interests in countries that might not be particularly friendly to the U.S.
But here’s the real eye-opener—Tor started out as a government project. Specifically, Tor was first developed at the Naval Research Laboratory located in Washington D.C.’s Maryland suburbs. The Navy is still involved in supporting Tor and a significant amount of the Tor Project’s funding comes from the government.
Krauss noted that the German government also provides funding and support to Tor, as do a number of companies who allow their employees to contribute to the Tor Project. Other funding comes from websites such as Reddit.
So while the U.S. Justice Department actively fights against strong encryption the government is also support strong encryption at the Tor Project.
The fact that the U.S. government is actively opposing a program that was originally its brainchild and it still continues to support is nothing new. This is another case of the left hand not knowing what the right hand is doing.
But this dichotomy is doing a lot to undermine the government’s credibility. Suppose the Justice Department succeeds in convincing Congress to outlaw strong encryption? What happens to the Tor Project? Will the Department of Justice issue a cease and desist order to the Department of Defense? Will we see teams of DoJ lawyers aimlessly wandering the Pentagon searching for someone to sue?
Perhaps, but perhaps not. One of the reasons why the Department of State uses the Tor software is because it allows their informants to pass along information securely. It’s also used by State Department personnel to securely communicate with department staff working outside of the embassy and its secure communications suite.
According to Krauss, Tor was recently used by U.S. forces in the Middle East and in Iraq for secure communications when personnel couldn’t take the chance of revealing their presence.
Government-Backed Tor Project Supports the Strong Encryption DOJ Hates
The name Tor is based on the project’s original name, “The Onion Router.” Tor uses a secure routing method, which the developers call “Onion Routing” to make it impossible to determine where communications originated. Tor makes it possible to cloak both the content of messages and the location of the person using it.
This shows why the Tor Project had a strong incentive to release a statement supporting Apple’s position against helping the government circumvent strong encryption for its mobile data services.
“The Tor Project exists to provide privacy and anonymity for millions of people, including human rights defenders across the globe whose lives depend on it. The strong encryption built into our software is essential for their safety,” the Tor Project’s official statement in support of Apple said.
“In an age when people have so little control over the information recorded about their lives, we believe that their privacy is worth fighting for,” the statement continued. “We therefore stand with Apple to defend strong encryption and to oppose government pressure to weaken it. We will never backdoor our software.”
Krauss noted that Tor is a lifeline for its users as they report on violence by drug cartels in Latin America or dissidents in China, Russia and the Middle East. She said that Tor is vital for their safety and their ability to report on conditions wherever they may be in the world.
Krauss said that some people think that the Tor software and routing algorithms are full of back doors and that the government can readily break its encryption. She said that this is a common misconception because the Tor Project does use government funding and was created with the help of government agencies.
But she noted that the Tor software is entirely open source and that anyone who wishes can download the source code and create their own version of Tor.
“There are thousands of people picking at the software every day,” Krauss said. She said that if there were a back door, it would be discovered immediately. Furthermore the Tor browser is being used on a daily basis by companies in the U.S. and elsewhere to protect their intellectual property and by media organizations to protect their sources, she said.
The obvious question then is whether DoJ is aware that it’s in the process of shooting its own government in the foot when it rails against encryption. The best answer I can think of is that it must be aware, but it doesn’t care.
Remember, this is the same agency that decided to violate existing international treaties and the law of the land in search of its own convenience when it challenged Microsoft.
It appears that endangering the lives of thousands of dissidents and human rights activists around the world is not a serious concern compared to the convenience of a few DoJ lawyers.