Categories
Berkman Digital Culture Privacy Technology

Anonymous Communication on the Web

I wasn’t sure how my previous post would go over, but after some back-and-forth emailing with the reporter on the piece, WTVC asked me to come in for an interview on anonymity and the “deep web”. So I did!

We talked for almost an hour, and for some stupid reason I didn’t think to record the interview myself (will not make that mistake again). They did a fine job representing my views, although clearly edited the piece for a specific audience. I’ll admit that I probably got too heavy into the weeds of the details of Tor. They were particularly touchy about my correcting the use of “Deep Web” and “Dark Web” as useful categories. I just kept using anonymity, security, privacy and tried very hard not to fall into using their very fuzzy language to describe something with lots of complexity.

My talking points revolved around how anonymity is a requirement for the freedom of speech in a free society, and that fear-based reports like their last one are actually damaging to how people should react to the world (my example, that they didn’t use, was that instead of worrying about the incredibly rare possibility of child-abduction due to predators on Tor, perhaps parents should be more worried about driving their child to school in the morning, since it was orders of magnitude more dangerous). I suppose we’ll see if there’s any feedback that comes from this as a positive concept.

I’m glad they gave me the chance to come in and talk, and I do hope it’s useful for someone out there in Chattanooga to see that wanting anonymity and privacy online isn’t just something to abet criminal activity. Privacy issues online are something that increasingly everyone should be aware of, because the risks are going to be omnipresent as we continue to move our lives into the digital space.

Categories
Berkman Legal Issues Library Issues

Tor, Libraries, and the Department of Homeland Security

During an appearance on the LITA Top Technology Trends panel in 2014, I was discussing privacy of patron data, and mentioned that I thought it was a good idea for libraries to run Tor nodes on library servers. So when the Library Freedom Project launched their Tor in Libraries project, I was totally behind them…I even did a Tor workshop for Librarians for their workshop at ALA Annual in San Francisco.

If you aren’t familiar with Tor, I recommend reading the Wikipedia article. The TL:DR version is that Tor is a protocol and a network that is currently the best mechanism that we have for accessing information on the Internet anonymously. There are a few ways that one can use Tor, ranging from using an operating system that routes all your Internet traffic over the Tor network to just using the Tor browser, which just anonymizes your web traffic.

The way that Tor anonymizes your traffic is through a combination of encryption and blind routing,  When you initially connect to the Tor network, the connection is encrypted in much the same way that the connection to your bank would be, via a public key encryption system. When you make a request for a website through the network, the Tor protocol bounces the request from one network node to the next, encrypting the traffic at every hop. Once the traffic gets a couple of hops away from the originating computer, it’s impossible to know where the request came from. Eventually the traffic exits the Tor network, back onto the regular old Internet, and gathers what you asked for, then reverses the process to get back to you.

The result is that, under ideal conditions, it is completely impossible to track or trace what’s being transmitted via Tor. For Tor to continue to operate, it needs two sorts of nodes….relay nodes that act as the “bouncing” nodes for inside the network, and exit nodes that are the places where the traffic goes out of the encrypted Tor network and back onto the regular Internet. You need both, although a ratio of more relay nodes to fewer exit nodes is fine. The traffic that goes across relay nodes is completely anonymous…from the perspective of both the network and the individual server, it is just a random string of binary code. Only at the exit nodes does the traffic decrypt, and thus exit nodes bear the brunt of all of the requests going across the network. The traffic for the broader network all has to squeeze itself through exit nodes, and the fewer exit nodes there are, the easier it is for them to be monitored…although you can’t tell where the requests for the information came from without advanced knowledge.

So why am I talking about Tor? Because I wanted to set up the story that broke last week about the first library in the US to publicly go live with a Tor relay (a middle relay) getting pressured by their local police to turn it off. The police were, in turn, pressured by the US Department of Homeland Security. From the original article on the event:

In July, the Kilton Public Library in Lebanon, New Hampshire, was the first library in the country to become part of the anonymous Web surfing service Tor. The library allowed Tor users around the world to bounce their Internet traffic through the library, thus masking users’ locations.

Soon after state authorities received an email about it from an agent at the Department of Homeland Security.

“The Department of Homeland Security got in touch with our Police Department,” said Sean Fleming, the library director of the Lebanon Public Libraries.

After a meeting at which local police and city officials discussed how Tor could be exploited by criminals, the library pulled the plug on the project.

“Right now we’re on pause,” said Fleming. “We really weren’t anticipating that there would be any controversy at all.”

He said that the library board of trustees will vote on whether to turn the service back on at its meeting on Sept. 15.

That’s tomorrow, for those keeping track at home.

Why do I think that libraries should be running Tor nodes? I had a long discussion about this on Twitter recently, but let me use the freedom of more than 140 characters to try and talk through my thinking on this. Tor is, currently, the best option that people have for anonymous speech on the Internet. It is possible to create accounts without using your real name, it’s possible to use wifi at coffeeshops and your local library to prevent your IP from being recorded…but for real anonymity of network traffic, nothing beats using Tor.

Anonymous speech is important because it is a necessary component of the freedom of speech. The US Supreme Court has ruled again and again that the right to anonymous speech is a protected part of the First Amendment, saying in McIntyre v. Ohio Elections Commission:

Anonymity is a shield from the tyranny of the majority…It thus exemplifies the purpose behind the Bill of Rights and of the First Amendment in particular: to protect unpopular individuals from retaliation…at the hand of an intolerant society.

Libraries have been concerned over time with the Freedom to Read, but to doubt the role of the library in the Freedom of Speech in the US is to fundamentally misunderstand the Library (and possibly speech itself). Speech is a necessary precursor to Reading, as creation is a necessary precursor to consumption. Libraries are and should be cornerstones of free expression in the United States, and have worked to provide access to the tools of speech for years and years.

For the Department of Homeland Security to use the boogie-man of “bad things happen on Tor” as a lever to get the relay turned off is the worst sort of fear mongering. Any tool can be a weapon, and any communications mechanism can and probably will be used to enable illegal activity. There is enormously more illegal activity on the open Internet, and yet libraries everywhere provide open and robust access to the Internet via both terminal and wifi. To paint Tor as a haven for thieves and drugs and child pornography is to misunderstand not only the Tor network but to, in my opinion, to mistake the forest for the trees. Yes, tools can be used for immoral and illegal things. But that does not make the tool either immoral nor illegal.

The only rational explanation for the DHS pressuring the library to shut down their Tor relay node is that the DHS doesn’t want individuals, including US citizens, to have more robust mechanisms for anonymous speech. Per the US Supreme Court’s rulings on the links between anonymity and freedom of speech, this indicates to me that the DHS is actively attempting to prevent free and open speech on the Internet.

That is not ok with me, and it absolutely should not be ok with libraries.  

If you have made it this far, please visit the EFF’s Take Action page on this effort and sign.

Categories
Digital Culture Library Issues

ALA Presidential Hopefuls and YouTube

So the ALA is taking a hint from the US Presidential elections and taking questions from YouTube…with some caveats. Here’s the email that went out to ALA members:

Members Invited to Submit Questions to ALA Presidential Candidates via YouTube

Do you have a question you’re dying to ask the candidates for ALA President?  If you can’t attend the Presidential Candidates’ Forum at Midwinter, why not submit a question on YouTube?  It’s fun, it’s easy, it’s the new ALA way!

•       Questions should be submitted as videos and posted to YouTube
•       Maximum running time is 90 seconds
•       ALA members or groups of members may submit questions using your true name(s) (anonymous submissions will not be considered)
•       Video submissions must be tagged as ALAelection09 in order to be identified as questions for the ALA Presidential Candidates
•       Submissions accepted from Dec. 8 through Jan. 16

Six questions will be selected by a jury of past ALA presidents and presented to the candidates.  Candidates’ responses will be posted to YouTube and AL Focus prior to the opening of the ALA Election on Mar. 17.  The candidates for ALA President for the 2009 election are Kent Oliver and Roberta Stevens.  Questions will also be posed to any petition candidates.

For more details, go to http://www.ala.org/ala/aboutala/governance/alaelection/index.cfm

ALA is trying to get social media, but failing in significant ways. Why is it that only ALA Members can submit questions? The ONLY way that ALA is going to pull in the next generation of librarians is to show them that there is a benefit to joining…and withholding participation is so completely the wrong way to do it. The ALA should allow non-members to ask questions, in the same way they should start pushing conference content to non-members in a more robust way. Inviting virtual participation is a huge step…don’t screw up by limiting your audience, ALA. Change this requirement.

I also have a significant personal issue with requiring names to be attached to questions. The questions are being vetted anyway…what’s the harm in allowing anonymous questions? For a profession that holds privacy as high holy writ, to then disallow anonymous speech seems a bit hypocritical. The US Supreme Court has held that the right to free speech and the right to anonymous speech are the same…that “identification requirements burden speech”, as Talley v. California is sometimes expressed. I would love to see the ALA Board reconsider this requirement as well.