I may have mentioned this before, but: You know that when folding money gets old, it is sent to an official location for disposal, right? Well, do you know how the aged bills get where they need to go?
You probably thought that armored cars might come into the picture, but they don't. An armored car tells crooks where the money is. A long time ago, the government discovered that old money travels safer when "hidden in plain sight" within the postal system.
Computers are like that. If you try to hide your IP address by using TOR or some other proxy system, you are telling Uncle: "Hey, Uncle -- looky here! Secret stuff! I'm doing secret stuff that I don't want you to know about!" Using TOR is, in this sense, like driving an armored car.
The fiends who dote on kiddie porn have long relied on TOR. Some of them recently learned all about the principle described above. The folks at the FBI (and SAIC, it seems) have come up with a spyware called CIPAV
which is designed to crack the anonymity provided by TOR.
Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor.
The code has been used sparingly in the past, which kept it from leaking out and being analyzed or added to anti-virus databases.
The broad Freedom Hosting deployment of the malware coincides with the arrest of Eric Eoin Marques in Ireland on Thursday on an U.S. extradition request. The Irish Independent reports that Marques is wanted for distributing child pornography in a federal case filed in Maryland, and quotes an FBI special agent describing Marques as “the largest facilitator of child porn on the planet.”
I put the words "and others" in boldface for a reason.
The problem with CIPAV and cognate technologies should be obvious: If we allow the feds to use spyware against people we hate -- like child pornographers -- we inevitably allow its use against...others
. If you read the Wired article at the other end of the link above, you'll come across a comment from a right-wing reader which deserves to be noted here:
Terrorists, drug dealers, child porn scum & Tea Party members are the current "enemies" of the FBI, etc. How easy would it be to expand that list to "anyone who gives $ to the political opponents of the current (liberal or conservative) administration"?
I may not agree with this guy's conservative political stance, and I hardly believe that the Tea Party has been treated as an "enemy." (The baggers certainly are having an easier time of it than did members of the Communist Party in the old days.) Nevertheless, the principle expressed here is sound.
Child pornographers are scum. But software designed to end privacy for scum may also be used against non-scum. And if you think you have nothing to hide -- well, one day you may live a more interesting life. One day you may decide that the government has gone too far, has changed too much, has strayed from our founding principles -- has ceased to be a true democracy. You may decide that the time has come to restore what was lost.
But you won't be able to do so. Uncle will always be one step ahead of you, watching everything you do.
And remember: If Uncle can access your system, then he can also plant things on it -- after all, he knows your passwords. Uncle can even insert items into your twitter feed or use your email account to send contraband.
Contraband like child porn.