On 08/02/2016 09:00 PM, jim bell wrote:
“…the committee requires that spend plans submitted by the Department of State and BBG pursuant to section 7078(c) of the act include a description of safeguards to ensure that circumvention technologies are not used for illicit purposes, such as coordinating terrorist activities or online sexual exploitation of children,”
I think that's pretty specific about what they want, and broad about the technology... "circumvention technologies". If I were managing the project I'd be limiting improvements that would allow such things and it wouldn't be secret or underhanded (which is why I never aspired to that sort of position... my underhand toss is lousy), but unless there's something in the full bill in addition to that, it doesn't require deprecation of existing code in the product. Because those things were already paid for and done. It does put the product at a disadvantage against software meant to undo tor's security in the long run however, and government excel at doing things that have their effect in 'the long run'. Rr
*From:* Zenaan Harkness <zen@freedbms.net> On Tue, Aug 02, 2016 at 06:51:03PM -0700, Spencer wrote:
jim bell: the lack of improvements over time
This seems to stem more from a misplaced understanding of what design is, on the developers side, since non-protocol improvements get ignored, too.
They have explicitly stated that certain features, including chaff fill packets at the protocol layer, have been not granted funding.
It occurs to me that this may reflect their misunderstanding of the process. (Misunderstanding by sympathetic employees of the Tor project., or possibly they were misled.) I have no doubt that Congress would be capable of writing a funding bill for Tor that is sufficiently specific and detailed to absolutely prohibit any improvements to Tor. However, I strongly doubt that the funding is limited in that way.
Rather, I suspect that the funding doesn't explicitly state within the grant of funding that cites chaff fill, etc. is covered. If the Executive branch WANTED to do those projects, they would simply direct some of their funding to those projects. Instead, I think the higher-ups may be deliberately misleading the lower-level people about what they could do, if they decided to do it.
I see that quite recently, Congress has asked them to find out ways to prevent "bad people" from using Tor. (Probably without defining the term "bad people" sufficiently. Maybe we are all, automatically, "bad people.")
Notice that the goal is very poorly defined, so the task is inherently vague and the solution will be similarly vague and imprecise, providing much cover for the entire project.
“…the committee requires that spend plans submitted by the Department of State and BBG pursuant to section 7078(c) of the act include a description of safeguards to ensure that circumvention technologies are not used for illicit purposes, such as coordinating terrorist activities or online sexual exploitation of children,”
I think that's pretty specific and If I were managing the project I'd be limiting improvements that would allow such things, but unless there's something in the full bill in addition to that, it doesn't require deprecation of existing code in the product. Because those things were already paid for and done. Rr
Perhaps the solution will be that the Tor project team will study how to insert "anti-bad-people" chaff into the Tor streams, increase the number of hops (more to confuse the "bad people"; they confuse the hell out of me!), etc. Eventually, they will have to sadly announce that they haven't yet fully succeeded in preventing "bad people" from using Tor, but they HAVE greatly improved security in various ways.
Jim Bell