Library to close down anonymous Tor browsing after DHS pressure

https://sophosnews.files.wordpress.com/2015/09/chopped-onion.jpg?w=150

The Kilton Public Library in the US town of West Lebanon, New Hampshire is only 5 years old, and its modern sensibilities show: for one thing, it brags about sustainable technologies such as ground source heat pumps and radiant floor slabs throughout.

It’s also a cutting-edge library in an entirely different sense: in July, it became the country’s first library to join the Dark Web as a Tor relay.

People who browse the web using the Tor browser route their traffic through collections of Tor relays, know as circuits, to cover their tracks and keep their location secret.

Tor does such a good job of shielding network traffic from prying eyes that it’s become a lifeline for activists and dissidents, and a safe(ish) haven for criminals.

Privacy fans hoped it was the first of many exit nodes – specialist relays where the traffic ‘exits’ Tor and joins the regular unencrypted internet – set up in as many public institutions as possible.

It wasn’t to be.

An Ars Technica writeup of this story caught the Feds’ attention.

Sean Fleming, the library director of the Lebanon Public Libraries, told ProPublica that the Department of Homeland Security (DHS) within a few weeks let it be known to the state and local police that the library’s plan might not be a wise course of action.

Shortly thereafter, local police and city officials had a little chat with the library. In the discussion, they described how Tor could be exploited by criminals.

That was the end of that – at least for now.

The library caved and pulled the plug on the project, not having anticipated how much pressure the first library to set up a Tor relay would attract.

ProPublica quotes Fleming:

There are other libraries that I've heard that are interested in participating but nobody else wanted to be first. We’re lonesome right now.

Where the idea came from

The idea to install exit nodes in libraries was the result of a collaboration between the Tor Project and the Library Freedom Project (LFP).

The LFP itself is the work of Boston librarian Alison Macrina.

Its aim is to teach libraries how to “protect patrons’ rights to explore new ideas, no matter how controversial or subversive, unfettered by the pernicious effects of online surveillance.”

It’s funded by the Knight Foundation, which also provides funding to ProPublica.

Macrina had conducted a privacy training session at the Kilton library in May, at which time she talked to the librarian about also setting up a Tor relay.

And just what exactly is a Tor relay?

Tor (which stands for The Onion Router) uses layers of encryption to protect traffic from snooping. The encrypted traffic is bounced through a circuit of relays and each relay peels off a layer of encryption.

For regular web browsing, traffic enters a circuit through a relay known as an entry guard and leaves through a relay known an exit node.

Because the exit node is the final relay in the circuit, it appears to be the source for all the traffic that passes through it, which sets it up to potentially take the blame in cases of malicious or illegal activity.

That’s actually one of many things the LFP likes about the use of libraries as exit nodes: libraries can afford some of the legal exposure that comes with an exit, given that exit operators might face the occasional copyright takedown notice or inquiry from law enforcement about traffic on the node.

As the LFP says on its site, other things that make libraries attractive are their commitment to intellectual freedom and privacy; the fact that they’re education centers within their communities, offering classes on things including computer use; and that they serve a diverse audience, many of whom need private browsing but don’t know it exists, including domestic violence survivors, racial and ethnic minorities, and LGBTQ communities.

That all sounded good to Kilton Library

This particular library was the perfect pilot.

Chuck McAndrew, the IT librarian, has all the computers running on GNU/Linux distributions, instead of the typical library’s Microsoft Windows environment.

That was appealing, Macrina wrote, because of Microsoft’s participation in the NSA’s PRISM surveillance program.

By choosing GNU/Linux operating systems and installing some privacy-protecting browser extensions too, Chuck’s helping his staff and patrons opt-out of pervasive government and corporate surveillance. Pretty awesome.

After Macrina talked to the librarian about the exit node project in May, the library board of trustees unanimously approved the plan at its June meeting, and the relay was set up (preliminarily as a middle relay) in July.

And just how was that illegal?

It’s not.

DHS spokesman Shawn Neudauer told ProPublica that the agent who reached out to New Hampshire police was simply providing “visibility/situational awareness,” didn’t have any direct contact with the Lebanon police or library, and wasn’t out to charge anybody with anything.

...the protections that Tor offers can be attractive to criminal enterprises or actors and HSI [Homeland Security Investigations] will continue to pursue those individuals who seek to use the anonymizing technology to further their illicit activity.

DHS actions in this case aren’t surprising: we already know that the NSA really, really hates Tor.

It said as much in a top-secret NSA presentation leaked by Edward Snowden and titled “Tor Stinks”.

The fight has just begun

At any rate, this ain’t over yet, the encryption activists have vowed.

Fleming said that the library board of trustees will vote on whether to turn the service back on at its meeting on Tuesday, 15 September.

Macrina is urging supporters to show up at that meeting.

DHS’s actions actually might be “the best thing that could have happened,” Macrina tweeted, triggering an outpouring of support and interest in the library exit nodes project.

As of Monday morning, a letter of support for the library put up by the Electronic Frontier Foundation (EFF) had been signed by over 3,700 people.

LFP trainings have been set up in three Massachusetts towns and one town in Maine.

Nima Fatemi, the Tor Project member who’s working with the LFP, tweeted that librarians’ interest has been aroused:

Some have suggested that DHS’s interference in the Tor library project proves that Tor works.

After all, why else would surveillance agencies be so eager to abort its widespread adoption if it didn’t actually do what it’s designed to do: i.e., keep browsing private?

Image of chopped onion courtesy of Shutterstock.

Leave a Reply

Your email address will not be published.