Kirk Klasson

The Apple of Sauron’s Eye

Rethinking Anonymity… Not just 4 the lulz of it all

As someone who has lost sleep chasing bad guys through the briar patch of the onion router (TOR) only to lose them at the doorstep to China or Azerbaijan, you wouldn’t expect me to be anything less than a fan of full transparency when it comes to the use of the Internet. The idea that you can randomly encrypt your transmissions and spread spectrum your routing in such a way as to disguise the origin of your Internet activity for purposes of defeating detection, seems like the best skunk works idea that has ever sprang from the labs of Ali Baba; only thing is, it was originally sponsored by the US Naval Research Labs.

Winner of the Free Software Foundation’s 2010 Award for Projects of Social Benefit, TOR technology and the volunteer nodes that provide the network that is its life blood are credited with being perhaps the last lamp of freedom in societies that seek to imprison their people and end even the merest whisper of dissent. Which is why you would expect to find the greatest concentration of TOR routers in one of two places, freedom loving democracies and authoritarian regimes. What isn’t as easily explained is why the highest concentration of TOR traffic seems to be BitTorrent-based. The use of BitTorrent, the preferred peer to peer of the “we don’t need no stinking badges” crowd, over TOR would seem to suggest that transmission of Free Tibet pamphlets is somewhere well below boot-legged copies of Mission Impossible – Ghost Protocol in the over-all scheme of things.

In addition, TOR and its community based peers such as the Invisible Internet Project (I2P) and the Java Anon Proxy, are by no means fool proof, anonymous conveyors of Internet traffic. Since its introduction, several academic and government entities have proposed ways to compromise TOR security, not the least of which are based on the volunteer structure of the network itself. Insert enough of your own nodes into the mix and you can begin to successfully correlate who is saying what between the nodes. At this point, attempts to crack TOR anonymity have been met by other techniques such as packet fragmentation and camouflage which for the moment have continued to cloak its users.

But the use of TOR presents an interesting dilemma. If the bad guys, those who steal and defame, obtain some small advantage along with the good guys, those who guard the lamp of liberty, in playing hide and seek over the Internet, why would anyone necessarily like to see that change? Especially if disadvantaging one necessitates disadvantaging the other.

That depends largely upon whose ox might get gored.

Big Hat, Bigger Cows

Up until now, the espionage, defamation, theft, compromise or public disfigurement of private and public real or Internet assets by either lone wolves of or loosely affiliated collectives has been more or less tolerated as the price of a potentially free society. Loot Grannie’s bank account and get caught and you will be locked up. But, lets face it, Grannie’s ox just ain’t that big.

So if you wanted to figure out just what’s at stake, or exactly how big the ox might be, the first thing you might do is imagine the size of the device that it would take to guard the ox. Fortunately, or perhaps disconcertingly, at least in the US, we now know exactly how large that device is.

Over the past couple of weeks, in large part thanks to an article in Wired by James Bamford, http://www.wired.com/magazine/ , the scale and scope of the NSA’s latest project, the Utah Data Center, has bought into sharp focus a pretty big hat that is meant to watch over what must be some pretty big cows. Bamford’s article provided detail into the program dubbed Stellar Wind that is the driving force behind the build out of the Utah Data Center. And what is Stellar Wind? Nothing less than the capture, de-cryption and analysis of every interceptable bit on the planet. Bamford estimates that the Utah Data Center has been provisioned to handle up to a yottabyte (or a septillion bytes) of information. Coupled with super computers designed solely for the purpose of cracking complex encryption and eavesdropping taps at every major Internet junction and pretty soon even the most mundane information, even yours, will be the purview of the US intelligence community.

Small wonder then that there is a small but emerging market for commercial anonymizer networks, firm’s that provide fee based Internet traffic relay on private servers usually over VPN tunnels. Two of these firms, Anonymizer and GoTrusted, have been around for a while and have largely catered to commercial enterprises. However, another one recently showed up looking for funding on Kickstarter called Priv.ly and it seems that its value proposition is clearly targeted at the anonymous personal use of the Internet and social networks.

It will be interesting to see if this small but emerging segment captures the imagination of the general population. But even if it does it will likely go through several iterations of not only technology but also geographic sovereignty. Since Stellar Wind already operates outside of the bounds of the constitution, there is little chance that these shops can maintaining their fidelity unless they can operate outside the bounds of warrantless search and seizure which means beyond the reach of the US intelligence community. So getting there may take both technological and geographic sovereignty.

No mean feat.

The Apple of Sauron’s Eye

J.R.R. Tolkien in his Middle Earth and Lord of the Rings mythology conceived of an evil called Morgoth and his servant Sauron who was thought to be able to see everything. Go back far enough in Tolkien’s mythology and you would discover that both of these characters started out in a rather benign, almost positive fashion and became corrupt in the pursuit of power and control. William Binney, an ex-NSA crypto expert, interviewed by James Bamford on the subject of the Stellar Wind program for the Wired article at one point held his thumb and forefinger close together and said, “We are that far from a turnkey totalitarian state”.

In a society that increasingly divulges private information to the point where we unwittingly post the answers to security questions openly on social web sites, you’d imagine that the NSA’s Utah Data Center wouldn’t be a concern. After all, if you haven’t done any thing wrong then you don’t have anything to hide. However, in the context of public discourse and private descent, wrong becomes a slippery slope often defined by what amounts to little more than what is fashionable and politically correct.

And what is fashionable and politically correct can be little more than a whim for those who see the world through Sauron’s eye.

Graphic courtesy of NASA’s Hubble telescope; “The eye of god”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Insights on Technology and Strategy