I Want the Government to Try to Spy on Me

After spending the weekend at DEFCON, Monday morning I saw an article written by The Verge, Child porn bust takes half of Tor's hidden sites offline.  (TOR is a network that tries to anonymize who is trying to gain access to what; the article has a lengthier and better description of what it is.)  It’s safe to say that child porn is universally agreed to be bad thing.   So, what happened was the operators of child porn websites used TOR to hide their activities.  And the government used a software vulnerability to figure out who they are and bust them.

This left me thinking about the tension between privacy rights and the need for the government to enforce laws.  Imagine this story was told to you as "Thought-crime bust takes half of Tor's hidden sites offline". That sounds like a different conversation, but the same tools could have been used.

This was a tension that was obvious at this weekend’s conference.  I went to two privacy talks -- The Growing Irrelevance of US Government Cybersecurity Intelligence Information and Backdoors, Government Hacking, and The Next Crypto Wars.  A couple things I took away:

  • The US Government is not nearly as good as private industry at gathering intelligence.  This is because private industry has a Darwinian effect that produce companies that are really good at gathering intelligence and finding vulnerabilities that can act as side-channels.  Not so with the Government.
  • Private computer companies gather lots of data.  Think Facebook, Twitter, Google, Yahoo, etc.  Think private security research firms that find and sell exploits.  And this is to the point that private companies may have better cybersecurity intelligence information than the government.
  • The US Government is slow.  To act on any intelligence it has, they need to get a warrant, obey this and that regulation, sue for classified information held by some other department, etc.  There is friction everywhere.
  • The US Government is trying technique after technique to win the privacy war.  It has tried restricting the export of encryption, peeking into communication channels via wire taps, and gaining back doors into internet companies where good intelligence lives.  Now they are gaining capabilities to hack into various systems; they compete with other interested buyers for vulnerabilities.

Put the points of these two talks together and you get the picture that everybody -- government, public companies, private individuals -- is striving to have the upper hand in cybersecurity and intelligence capabilities.  And as the times and technologies changes, the advantage moves from one party to another.


So, is the TOR bust a good story or bad story?  Perhaps a bit of both.  Good in that child porn is taken down and those who profit from this ugly business are answering for it.  But bad in that what was a way to remain private isn't really all that private. This is a problem if you’re a protester against an oppressive government regime.

The tension between public and private interests will always exist.  And it needs to be there because either extremes are undesirable.  If one side wins, we all lose.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.