The FBI has been after Apple to unencrypt an IPhone 5c belonging to a terrorist. Apples decision not to go along with the FBI has sparked Tor developers to side with Apple, releasing a statement on the Tor website saying that the Tor Project developers would rather quit their jobs than allow the FBI to backdoor Tor.
Tor users face serious threats in this day and age. From bloggers reporting on the drug violence in Latin American streets, Russian, Chinese and Middle East dissidents, as well as police and military officials using Tor to stay safe on the job, Tor helps all its users remain a little safer. Even in Western societies, studies show intelligence agencies such as the NSA are chilling dissent and silencing political discourse merely through the threat of pervasive surveillance.
The statement went on to say, “For all of our users, their privacy is their security. And for all of them, that privacy depends upon the integrity of our software, and on strong cryptography. Any weakness introduced to help a particular government would inevitably be discovered and could be used against all of our users.
The Tor Project uses several mechanisms to ensure the security and integrity of its software. They’re primary product, the Tor Browser, is fully open source. Anyone can obtain its source code and can reproduce identical copies of the programs they distribute using Reproducible Builds. This eliminates the possibility of single points of compromise or coercion in the software build process. The Tor browser downloads its software updates anonymously using the Tor network, and update requests contain no identifying information that could be used to deliver targeted malicious updates to specific users. These requests also use HTTPS encryption and pinned HTTPS certificates, which is a security mechanism that allows HTTPS websites to resist being impersonated by an attacker by specifying exact cryptographic keys for sites. Lastly, the updates themselves are so protected by strong cryptography in the form of package-level cryptographic signatures (Tor signs the update files themselves). Using multiple independent cryptographic mechanisms and independent keys reduces the risk of single points of failure.
Tor has never received a legal demand to place a backdoor in its programs or source code, they have also never had any requests to hand over cryptographic signing material. Tor is all to public about its no backdoors, ever stance, and there is clear public support from EFF and ACLU, and its well-known that its open source engineering processes and distributed architecture make it hard to add a backdoor quietly.
“From an engineering perspective, our code review and open source development processes make it likely that such a backdoor would be quickly discovered. We are also currently accelerating the development of the vulnerability-reporting reward program to encourage external software developers to look for and report any vulnerabilities that affect our primary software products,” the Tor developers said in they’re statement.
The faces behind Tor feel that the threats that Apple faces to hand over its cryptographic signing keys to the US government, or to sign alternate versions of its software for the US government, are no different than threats of force of compromise that any of its developers or our volunteer network operators may face from any actor, governmental or not. Tor representatives say that no matter the outcome of Apples decision, they are exploring further ways to eliminate single points of failure, so even if a government or a criminal obtains Tors cryptographic keys, it’s distributed network and its users would be able to detect this fact and report it as a security issue.
The statement also says, “Like those at Apple, several of our developers have already stated that they would rather resign than honor any request to introduce a backdoor or vulnerability into our software that could be used to harm our users.”