Security Research
Showing results for 
Search instead for 
Do you mean 

I Want the Government to Try to Spy on Me

frankhsueh on ‎08-06-2013 03:59 PM

After spending the weekend at DEFCON, Monday morning I saw an article written by The Verge, Child porn bust takes half of Tor's hidden sites offline.  (TOR is a network that tries to anonymize who is trying to gain access to what; the article has a lengthier and better description of what it is.)  It’s safe to say that child porn is universally agreed to be bad thing.   So, what happened was the operators of child porn websites used TOR to hide their activities.  And the government used a software vulnerability to figure out who they are and bust them.

This left me thinking about the tension between privacy rights and the need for the government to enforce laws.  Imagine this story was told to you as "Thought-crime bust takes half of Tor's hidden sites offline". That sounds like a different conversation, but the same tools could have been used.

This was a tension that was obvious at this weekend’s conference.  I went to two privacy talks -- The Growing Irrelevance of US Government Cybersecurity Intelligence Information and Backdoors, Government Hacking, and The Next Crypto Wars.  A couple things I took away:

  • The US Government is not nearly as good as private industry at gathering intelligence.  This is because private industry has a Darwinian effect that produce companies that are really good at gathering intelligence and finding vulnerabilities that can act as side-channels.  Not so with the Government.
  • Private computer companies gather lots of data.  Think Facebook, Twitter, Google, Yahoo, etc.  Think private security research firms that find and sell exploits.  And this is to the point that private companies may have better cybersecurity intelligence information than the government.
  • The US Government is slow.  To act on any intelligence it has, they need to get a warrant, obey this and that regulation, sue for classified information held by some other department, etc.  There is friction everywhere.
  • The US Government is trying technique after technique to win the privacy war.  It has tried restricting the export of encryption, peeking into communication channels via wire taps, and gaining back doors into internet companies where good intelligence lives.  Now they are gaining capabilities to hack into various systems; they compete with other interested buyers for vulnerabilities.

Put the points of these two talks together and you get the picture that everybody -- government, public companies, private individuals -- is striving to have the upper hand in cybersecurity and intelligence capabilities.  And as the times and technologies changes, the advantage moves from one party to another.

So, is the TOR bust a good story or bad story?  Perhaps a bit of both.  Good in that child porn is taken down and those who profit from this ugly business are answering for it.  But bad in that what was a way to remain private isn't really all that private. This is a problem if you’re a protester against an oppressive government regime.

The tension between public and private interests will always exist.  And it needs to be there because either extremes are undesirable.  If one side wins, we all lose.

0 Kudos
About the Author


Nov 29 - Dec 1
Discover 2016 London
Learn how to thrive in a world of digital transformation at our biggest event of the year, Discover 2016 London, November 29 - December 1.
Read more
Each Month in 2016
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all