How Do You Solve a Problem Like Tor?

Written by

A journalist seeking to expose corruption or criminal activity uses Tor to protect their sources and to ensure they are not being monitored. The refugee or activist turns to the dark web to fight against oppression and tyranny, knowing they have a degree of protection from their oppressors.

But so does the drug dealer, the people trafficker, the pedophile, the money launderer and the terrorist seeking to hide their activities. And it seems there isn’t much we can do about it.

An encrypted and closed network like Tor has become a challenging conundrum. Set up with good intentions, it has become a haven for those criminals, hackers and terrorists.

Yet any talk of regulating Tor and the dark web undermines two of the founding principles of the World Wide Web: freedom and privacy. Granted those principles seem far removed from the highly commercial web that has evolved, but they still exist and they remain important.

Post-Snowden World

Voices opposed to such regulation have sharpened in the light of the Edward Snowden affair as we discover that even our own governments used security agencies to monitor citizens. Then there is increased concern about the levels of private data being accumulated by Google, Facebook, Amazon and others that form the commercial web.

But are we apportioning too much credence to Tor’s contribution to freedom and the fight against tyranny; perhaps more than it deserves?

Just recently, 17 law enforcement agencies from across the US and Europe shut down 400 illegal web sites hiding on the Tor network.

These ranged from gun running and drugs to illegal gambling. No doubt this was just a small sample of those operating on the dark web. And depressingly, according to reports, most of these sites had proxies up and running within days.

An irony is that these law enforcement agencies also used the anonymity of Tor to monitor these sites and the people running them.

The same intelligence services that Snowden has made us wary of also use Tor to monitor groups like ISIL that most definitely threaten us. And western governments like the fact that Tor allows people in countries like China, Iran or other totalitarian states access to western sites that their governments have banned. In short Tor and the dark web comprise one big paradox.

Getting the Balance Right

Should we just accept that the good outweighs the bad? Perhaps, but the very nature of the dark web means we can’t quantify either the good or bad aspects. We simply can't tell just how effective Tor is in protecting the dissidents and journalists for whom it provides a haven.

Law enforcement takedowns give us a taste of the level of crime active on the dark web, but again, we can only guess the true extent of the activity. It might be that it is, quite literally, out of control.

Take a look at Tor’s own website and you will find no mention of criminal use, which is to be expected. But it’s doubtful the organization believes that it’s only used for good, or that the dark activities simply don't exist.

Andrew Lewman, the executive director of the Tor Project, spoke about this in an interview with The Guardian. While admitting Tor co-operates with law enforcement he also said the following: “The criminals already have all the privacy they could ever need, because they're willing to break the laws: they're willing to steal identities, they're willing to hack into machines, they're willing to run botnets.”

This is disingenuous. If it were true then criminals would not need Tor; they would not need to hide. They use Tor because they know it’s effective. It’s an effective final wrapper on top of all that obfuscation.

In the end, none of this may matter, as the National Security Agency is continually looking at ways to crack Tor’s encryption. That seems like a lot of unnecessary work.

Wouldn't it be more efficient and simply better all round if Tor, the NSA and other agencies could work together to weed out the bad guys, and allow the network to continue to protect the innocent?

If the NSA could crack Tor, would it be long before hostile agencies do the same?

Keeping the lights on in the part of the dark web that remains a force for good has got to be worth fighting for. But it will not happen if we do nothing, if we let the bad guys win and rule the dark web. For now, co-operation, openness and commitment are good starting points.

About the Author

Colin Tankard is managing director of data security company Digital Pathways, a specialist in the design, implementation and management of systems that ensure the security of data, whether at rest within the network, mobile device, in storage or data in transit across platforms.

What’s hot on Infosecurity Magazine?