US head of intelligence: NSA wants to break Tor to get at the bad guys

library
crime | hacking | security

The US National Security Agency (NSA) really, really hates Tor, the anonymising service.

If we had any doubts on that point, the issue was clarified by a top-secret NSA presentation leaked by Edward Snowden and titled, plainly enough, “Tor Stinks”, published by The Guardian on Friday.

Also on Friday, the US Director of National Intelligence, James Clapper, posted a statement explaining just why, exactly, the NSA loathes Tor so much.

It’s simply because that’s where the bad guys are, Clapper wrote:

The Intelligence Community’s interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies.

The Guardian also reported on Friday that the NSA has for at least the past two years teamed up with the United Kingdom’s electronic eavesdropping and security agency, Government Communications Headquarters (GCHQ), to analyse Tor, figure out where they can crack its anonymity, and even attack, with some degree of success, users’ computers.

At the time of the presentation, dated June 2012, the agencies apparently were fairly frustrated at how difficult the job of peeling apart Tor’s layers had proved.

Here’s how the presentation put it:

We will never be able to de-anonymize all Tor users all of the time.

The presentation outlines a gamut of attack methods, including using what it called “manual analysis” to “de-anonymise” a small fraction of Tor users, operating a network of Tor-enabled relay servers in order to get access to other relay servers, and poisoning the Tor network itself by degrading the network’s stability.

In spite of such revelations, Clapper insists in his statement that the intelligence community has pure motives and that they’re all working strictly within a legal framework:

The Intelligence Community is only interested in communication related to valid foreign intelligence and counterintelligence purposes and that we operate within a strict legal framework that prohibits accessing information related to the innocent online activities of US citizens.

As AllThings3D’s Arik Hesseldahl pointed out, Tor is like any anonymising technology: it can be used for both good and bad, by both terrorists and political activists struggling against repressive regimes.

Any Tor user will likely feel a sense of relief that the NSA hasn’t cracked the network – at least, not yet, as far as we can tell from the documents that have been released thus far.

It would be wonderful if we could take solace in Mr. Clapper’s reassurances that all this surveillance is happening in a “strict legal framework” that protects the online activities of innocent US citizens (it would be better still, of course, if that strict legal framework protected all innocent citizens of all countries).

But news like that of last week, when NSA inspector general Dr. George Ellard detailed 12 investigations into “intentional and and willful misuse” of spying tools by civilian and military NSA employees, undercut such claims.

If the NSA can’t stop one employee from, for example, serial snoopery on the telephones of nine foreign women over the course of five years, then it’s difficult to swallow Clapper’s claims that this supposedly strict legal framework within which the NSA operates isn’t actually mottled with flab.