FBI’s Attack On Tor Shows The Threat Of Subpoenas To Security Researchers

Security companies and institutes have a hard time doing their research nowadays. A lawsuit could be filed against them by the “victim” firm or even worse, they could be even criminally indicted if their white-hat hacking violates the Computer Fraud and Abuse Act. However, the biggest threat to researchers are subpoenas, which could be filed against them by law enforcement authorities.

Subpoenas could be used by authorities against security researchers to obtain the data of a research (that is usually in the works) and use it for criminal investigation purposes.

In the recent case of Brian Farrell, an alleged staff member of the now defunct Silk Road 2 marketplace, it was confirmed that the FBI was able to bypass the security of the Tor Network and acquire the IP addresses of around 1000 individuals around the world (including Farrell’s). The alleged Silk Road 2 staff member’s IP address was obtained through a subpoena, which forced Carnegie Mellon University (CMU) to give out all the information of their research of the Tor Network to the law enforcement authorities.

The CMU case should serve as a warning sign to security researchers: federal agencies can easily force firms to provide them all data of their research. Normally, researchers, such as CMU, would inform the community or the researched company of their security flaws so they can fix it in time, however, if a government agency abuses the researcher company, just the opposite could happen. Matt Blaze, a computer scientist at the University of Pennsylvania, made this statement about subpoenas:

“When you do experiments on a live network and keep the data, that data is a record that can be subpoenaed. As academics, we’re not used to thinking about that. But it can happen, and it did happen.”

According to Tor Ekeland, a computer-security focused defense lawyer, subpoenas could create a “chilling effect” that could limit researchers behavior because of fear. He said these:

“If there’s a criminal investigation, yes, the FBI or the SEC or the DEA can issue an administrative subpoena for your data. If you’re a researcher, you need to think: Am I going to get subpoenaed here? Should I be gathering this information and risking putting it into the wild?”

“It seems like they’re trying to subpoena surveillance techniques. They’re trying to acquire intel gathering methods under the pretext of an individual criminal investigation.”

Share and Enjoy

  • FacebookFacebook
  • TwitterTwitter
  • DeliciousDelicious
  • LinkedInLinkedIn
  • StumbleUponStumbleUpon
  • Add to favoritesAdd to favorites
  • EmailEmail

TheBitcoinNews.com – leading Bitcoin News source since 2012

Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. The information does not constitute investment advice or an offer to invest.