Home » Articles » FBI’s Attack On Tor Shows The Threat Of Subpoenas To Security Researchers
Click Here To Hide Tor

FBI’s Attack On Tor Shows The Threat Of Subpoenas To Security Researchers

Security companies and institutes have a hard time doing their research nowadays. A lawsuit could be filed against them by the “victim” firm or even worse, they could be even criminally indicted if their white-hat hacking violates the Computer Fraud and Abuse Act. However, the biggest threat to researchers are subpoenas, which could be filed against them by law enforcement authorities.

Subpoenas could be used by authorities against security researchers to obtain the data of a research (that is usually in the works) and use it for criminal investigation purposes.

In the recent case of Brian Farrell, an alleged staff member of the now defunct Silk Road 2 marketplace, it was confirmed that the FBI was able to bypass the security of the Tor Network and acquire the IP addresses of around 1000 individuals around the world (including Farrell’s). The alleged Silk Road 2 staff member’s IP address was obtained through a subpoena, which forced Carnegie Mellon University (CMU) to give out all the information of their research of the Tor Network to the law enforcement authorities.

The CMU case should serve as a warning sign to security researchers: federal agencies can easily force firms to provide them all data of their research. Normally, researchers, such as CMU, would inform the community or the researched company of their security flaws so they can fix it in time, however, if a government agency abuses the researcher company, just the opposite could happen. Matt Blaze, a computer scientist at the University of Pennsylvania, made this statement about subpoenas:

“When you do experiments on a live network and keep the data, that data is a record that can be subpoenaed. As academics, we’re not used to thinking about that. But it can happen, and it did happen.”

According to Tor Ekeland, a computer-security focused defense lawyer, subpoenas could create a “chilling effect” that could limit researchers behavior because of fear. He said these:

“If there’s a criminal investigation, yes, the FBI or the SEC or the DEA can issue an administrative subpoena for your data. If you’re a researcher, you need to think: Am I going to get subpoenaed here? Should I be gathering this information and risking putting it into the wild?”

“It seems like they’re trying to subpoena surveillance techniques. They’re trying to acquire intel gathering methods under the pretext of an individual criminal investigation.”

5 comments

  1. Could’t white- hackers provide their findings to the company / group before a subpeona is issued ?

  2. @fuknfeded The developer won’t be able to analyze and fix data/vulns from research in time.

  3. It seems to me they are incompetent in many areas and demand others do the work for the FBI, and they accumulate all the access points ect and run the Rat Races……..

    The FBI is also fearful if they are not aware of a “sophisticated Actor” who they do not control uses methods they are not aware of and uncover their own methods, but the FBI uses encryption that will not be broken to do their backroom deals. They focus on defenseive viruses and DEA and NSA focus on Offensive. The FBI tools are simple to uncover these people it is not hard at all once a computer pings a website if under control of FBI they can get all they need and then attack your router or modems backdoor either physically inside the modem or inside its drivers.

  4. In fact that is their claim that encryption is not needed because to those who are looking over them that look how much access to all these resources in the FBI computer accounts and they let all these “Citizens” keep it they only stole what was “needed” and only destroyed those who needed destroyed for FBI numbers.

    But in the future they wish to not have anyone who is impartial to judge their work.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *