On Thu, Sep 18, 2014, at 05:18 PM, Ted Smith wrote:
The talk was almost certainly canceled because it contained admissions of violating federal wiretapping laws, which is what happens if you de-anonymize Tor users in the wild.
This is a legally gray area in theory, but I think in practice it would never be judged in favor of the defendant, and so the CMU legal team pulled the talk to avoid exposing themselves to liability.
Thanks Ted.. I fully agree that this is almost certainly the reason for the cancellation of the talk and for good reason. Many of us are aware of how these cases typically go for the defendants and it is not unusual for the prosecution to push for extreme sentences in these types of cases. That said, while I do understand the reasoning for cancelling the talk, I've still be extremely disappointed in the lack of cooperation with the Tor project on addressing the concerns. Especially given the relationship between CMU and CERT. It seems there would have to be some middle ground between a public speech at a convention and being almost completely silent when it comes to working with the developers on understanding the issue and implementing a fix. As for Patrick's question, unfortunately I am not aware of any side doors to collect additional information and I am not overly optimistic given the developer's issues with obtaining the information they requested on the attack.