DPerkins (a friend I knew from my CMU times) and I had a long discussion on Tor on twitter. Twitter's an interesting medium for an argument; the character limit encourages one to be really brief, which:
- Has the effect of leading to really short sentences in discussion, which can be positive or negative
- Leads to underexpression of supporting points, which is probably more negative
- Leads to very rapid back-and-forth without interruption (like IRC), which is positive
- For me, the discussion illustrates the tensions between rule-of-law and civil liberties. I am committed to both, and I see tor as meeting some strong social goods but doing so in a way that permanently and excessively damages rule-of-law. I believe that in order for civil liberties to mean anything, they must happen in a context where there is an effective public order that involves reasonably-functioning police and judiciary
- For DPerkins, the discussion is the defense of a powerful tool for civil liberties against a call for state power. In the United States, and particularly in other countries, repressive laws are being circumvented through technologies that support free speech, and that makes Tor a net plus for good.
- DPerkins' position, which I identify as Technolibertarian, leads to a variety of crimes being very difficult to investigate; without the theoretical ability to trace or tap communications, police cannot trace communications tied to kidnappings, bribery, libel/slander, harassment, threats, money laundering, and the like. We are familiar with these harms (and could enumerate them further) by looking at all the things wiretaps and tracing enable police to investigate now
- DPerkins identifies with my position the stifling of speech, enabling foreign oppressive regimes to prevent political criticism, making travel to foreign countries more dangerous for geeks, and enabling police states
- I claim no, because I see the existing ability of the state to tap phones, bug locations, and the like as extending smoothly into the digital realm. I want the state to need a warrant for such activities (online and off) and am concerned that recently exceptions to executive power have allowed for warrantless tapping of various sorts, but I think in general our laws should smoothly extend, as much as possible, into new means of communication, just as our legal protections/traditions (such as the First Amendment) do.
- DPerkins claims yes, believing that new realms should be by default free and that extending regulations into them requires sufficient adaptation to amount to a new restriction and more state power.
My preferred means for dealing with Tor is to impose liability on those who knowingly run a Tor node for any actions that can be shown to pass through their systems, on the theory that Tor nodes are like safehouses that offer sanctuary to anyone, whether they're running from police, gangs, or are just privacy freaks. I would not ban the technology outright (although personally I would shame those who use it as being socially irresponsible). There was a digression in the discussion where DPerkins and I expressed agreement that having devices "secured" against their users with locked bootloaders and the like would be a bad development.
DPerkins challenged me to get some hard data on criminal use of tor. I held that it is sufficient to show that tor is designed to prevent some kinds of LE activity, and that the decades of hard data that the ability to trace/tap communications is occasionally very important to LE is sufficient data to support my claims. We remain in disagreement on this; I am comfortable with my stance in that new technologies with predictable uses can lead to predictable results. There may actually *be* hard data on criminal use of tor, but I don't think it's necessary/useful for me to dig at it, particularly as I expect it to be used increasingly as tor will probably catch on in the criminal community.
DPerkins objected to my blurring tapping and tracing as activities of LE. This is fair; I spoke of them using the same term because they both pose a systemic damage to LE, they both are enabled by tor, and they both might reasonably be used in the same investigation. I am willing to talk of them separately though.
We traced a few scenarios for potential crime; registering and using gmail through tor provides a disposable "identity" not easily traced back to a human, not easily tapped to find out what other activities are in play.
I agree with DPerkins that if tapping is too easy that's a damage to the public good; I am baseline-comfortable with a warrant being sufficient, but am happier with there being some (but not stifling) trouble or difficulty in the process itself so it is not done too lightly. I hold that it's better for it to be easy than impossible though. DPerkins disagrees.
DPerkins also is uncomfortable with libel/slander laws and thinks they have been effectively obsoleted by the internet (or perhaps were never valid to begin with). I am comfortable with libel/slander as being illegal.
As a general matter of philosophy, I trust (or feel I have to effectively trust; not quite the same thing) government much more than DPerkins does. I accept there will be irregularities and unacceptable things, but see us much better off with an effective state that screws up sometimes (or even a lot) than with one that is so weak as to be ineffective. DPerkins distrusts the government significantly more than I do, and sees technology as an independent way to seek the good from legal reform. I believe his perspective neglects the damage done by severely weakening law enforcement, and he believes my perspective neglects the potential for autonomy made possible by tor.