Monthly Archives: September 2013

Online Anonymity vs. Law Enforcement: the FBI and Freedom Hosting

Recently, it has been confirmed that the FBI took control of Freedom Hosting, a provider of anonymous online hosting services to both legitimate and criminal enterprises, and used their servers to serve malware to all visitors to sites hosted by Freedom Hosting. The malware was specifically designed to provide information about the users of the anonymous Tor network (software allowing for users to anonymize their online activity) to the FBI, and was used to shut down a massive online child porn ring. Eric Eoin Marques, the alleged CEO of Freedom Hosting, has been arrested on charges of the distribution and promotion of child porn on the internet.

The Tor Project originated in the US Naval Research Laboratory, receives financial support from the US government, and is currently operated by volunteers around the world,. It allows for users of all sorts to improve the privacy of their online activity and communication, access sites blocked in their region, and to generally prevent the collection of personal data that might betray their association with particular organizations or types of communication. Obviously, such anonymous communication is appealing both for legitimate purposes and to criminals who perpetuate societally devastating activity such as child porn. Tor is used by the government for intelligence gathering, by journalists seeking to protect the anonymity of their sources, by dissident groups living under oppressive governments to protect themselves, but the software is also used by criminal groups. Freedom Hosting is not associated with the Tor project, but uses the same protocols to host sites that can only be accessed through the Tor anonymous network.

The FBI’s use of malware to de-anonymize both legitimate and illegitimate Tor users has raised questions about the security of the network, but also about Internet surveillance and anonymity generally. Clearly, child porn and other criminal activity conducted through services providing anonymity is an incredibly serious concern that deserves to be relentlessly pursued by law enforcement. However, the use of malware by the FBI to target users regardless of the legitimacy of their use of the network is legally questionable. Though the malware distributed through Freedom Hosting’s servers was designed to be limited in use, it collected information indiscriminately, including that of human rights activists that we presumably want to protect. The promotion of the free exchange of information using the Internet around the world has allowed for people living under all governments to evade oppression, and undermine oppressive governments. Furthermore, the US government has shown increasingly less regard for the protection of journalists and their sources, and the FBI’s use of this security exploit to undermine the security of Tor, which is frequently used by journalists, has caused people to question whether the US government would act similarly in violation of their privacy in the pursuit of less noble causes.

Finally, the right to speak anonymously may be worth protecting in itself, and has been upheld in a number of a cases by US courts as an extension of the right to free speech. Those who are vulnerable to political and social power have historically relied on anonymity to question the legitimacy of that power. We should question the erosion of privacy even when the goal is laudable, because the protection of privacy is one of the only ways that citizens are able to hold governments to account without having to fear for their personal safety.