NSA targets the privacy-conscious

NSA targets the privacy-conscious

von J. Appelbaum, A. Gibson, J. Goetz, V. Kabisch, L. Kampf, L. Ryge

Tor, also known as The Onion Router, is a network of several thousand volunteer-operated servers, or nodes, that work in concert to conceal Tor users' IP addresses and thus keep them anonymous while online.

Tails is a privacy-focused GNU/Linux-based operating system that runs entirely from an external storage device such as a USB stick or CD. It comes with Tor and other privacy tools pre-installed and configured, and each time it reboots it automatically wipes everything that is not saved on an encrypted persistent storage medium.

Normally a user's online traffic - such as emails, instant messages, searches, or visits to websites - can be attributed to the IP address assigned to them by their internet service provider. When a user goes online over the Tor Network, their connections are relayed through a number of Tor nodes using another layer of encryption between each server such that the first server cannot see where the last server is located and vice-versa.

Tor is used by private individuals who want to conceal their online activity, human rights activists in oppressive regimes such as China and Iran, journalists who want to protect their sources, and even by the U.S. Drug Enforcement Agency in their efforts to infiltrate criminal groups without revealing their identity. The Tor Project is a non-profit charity based in Massachusetts and is primarily funded by government agencies. Thus it is ironic that the Tor Network has become such a high-priority target in the NSA's worldwide surveillance system.

As revealed by the British newspaper The Guardian, there have been repeated efforts to crack the Tor Network and de-anonymize its users. The top secret presentations published in October last year show that Tor is anathema to the NSA. In one presentation, agents refer to the network as "the king of high-secure, low-latency internet anonymity". Another is titled "Tor Stinks". Despite the snide remarks, the agents admit, "We will never be able to de-anonymize all Tor users all the time".

The former NSA director General Keith Alexander stated that all those communicating with encryption will be regarded as terror suspects and will be monitored and stored as a method of prevention, as quoted by the Frankfurter Allgemeine Zeitung in August last year. The top secret source code published here indicates that the NSA is making a concerted effort to combat any and all anonymous spaces that remain on the internet. Merely visiting privacy-related websites is enough for a user's IP address to be logged into an NSA database.

An examination of the XKeyscore rules published here goes beyond the slide presentation and provides a window into the actual instructions given to NSA computers. The code was deployed recently and former NSA employees and experts are convinced that the same code or similar code is still in use today. The XKeyscore rules include elements known as "appids", "fingerprints", and "microplugins".  Each connection a user makes online - to a search engine, for example - can be assigned a single appid and any number of fingerprints.

Appids are unique identifiers for a connection in XKeyscore. Appid rules have weights assigned to them.  When multiple appids match a given connection, the one with the highest weight is chosen. Microplugins may contain software written in general-purpose programming languages, such as C++, which can extract and store specific types of data. The rules specifically target the Tor Project's email and web infrastructure, as well as servers operated by key volunteers in Germany, the United States, Sweden, Austria, and the Netherlands. Beyond being ethically questionable, the attacks on Tor also raise legal concerns.  The IP addresses of Tor servers in the United States are amongst the targets, which could violate the fourth amendment of the US constitution.

The German attorney Thomas Stadler, who specializes in IT law, commented: "The fact that a German citizen is specifically traced by the NSA, in my opinion, justifies the reasonable suspicion of the NSA carrying out secret service activities in Germany. For this reason, the German Federal Public Prosecutor should look into this matter and initiate preliminary proceedings."

Stand: 03.07.14 17:08 Uhr