Log in

No account? Create an account

Argument summary

DPerkins (a friend I knew from my CMU times) and I had a long discussion on Tor on twitter. Twitter's an interesting medium for an argument; the character limit encourages one to be really brief, which:

  • Has the effect of leading to really short sentences in discussion, which can be positive or negative
  • Leads to underexpression of supporting points, which is probably more negative
  • Leads to very rapid back-and-forth without interruption (like IRC), which is positive
In any case, if you'll recall, I don't like Tor, and DPerkins was taking a pro-Tor stance. I'm trying to present the discussion in a way that doesn't try-to favour my side over his so much as act like "perspective tourism", pointing out points of disagreement. This will require me to connect the dots to an extent on his perspective; I'll try to do so sensibly. I will simply assert in the following my conclusions on what DPerkins believes; this is a linguistic convenience, so please be willing to expand my assertions into presumptions.

First, summaries of both of our perspectives. I identify as a far-left liberal, as probably does DPerkins. We do have somewhat different commitments and perspectives.

  • For me, the discussion illustrates the tensions between rule-of-law and civil liberties. I am committed to both, and I see tor as meeting some strong social goods but doing so in a way that permanently and excessively damages rule-of-law. I believe that in order for civil liberties to mean anything, they must happen in a context where there is an effective public order that involves reasonably-functioning police and judiciary
  • For DPerkins, the discussion is the defense of a powerful tool for civil liberties against a call for state power. In the United States, and particularly in other countries, repressive laws are being circumvented through technologies that support free speech, and that makes Tor a net plus for good.
The harms we identify with each other's positions are probably as follows:
  • DPerkins' position, which I identify as Technolibertarian, leads to a variety of crimes being very difficult to investigate; without the theoretical ability to trace or tap communications, police cannot trace communications tied to kidnappings, bribery, libel/slander, harassment, threats, money laundering, and the like. We are familiar with these harms (and could enumerate them further) by looking at all the things wiretaps and tracing enable police to investigate now
  • DPerkins identifies with my position the stifling of speech, enabling foreign oppressive regimes to prevent political criticism, making travel to foreign countries more dangerous for geeks, and enabling police states
One point that came up was whether preventing tor would be an expansion of power of the state or not:
  • I claim no, because I see the existing ability of the state to tap phones, bug locations, and the like as extending smoothly into the digital realm. I want the state to need a warrant for such activities (online and off) and am concerned that recently exceptions to executive power have allowed for warrantless tapping of various sorts, but I think in general our laws should smoothly extend, as much as possible, into new means of communication, just as our legal protections/traditions (such as the First Amendment) do.
  • DPerkins claims yes, believing that new realms should be by default free and that extending regulations into them requires sufficient adaptation to amount to a new restriction and more state power.
DPerkins notes at Tor is not the only tool that might disrupt LE, which is true. I am comfortable targeting all of them, including Tor.

My preferred means for dealing with Tor is to impose liability on those who knowingly run a Tor node for any actions that can be shown to pass through their systems, on the theory that Tor nodes are like safehouses that offer sanctuary to anyone, whether they're running from police, gangs, or are just privacy freaks. I would not ban the technology outright (although personally I would shame those who use it as being socially irresponsible). There was a digression in the discussion where DPerkins and I expressed agreement that having devices "secured" against their users with locked bootloaders and the like would be a bad development.

DPerkins challenged me to get some hard data on criminal use of tor. I held that it is sufficient to show that tor is designed to prevent some kinds of LE activity, and that the decades of hard data that the ability to trace/tap communications is occasionally very important to LE is sufficient data to support my claims. We remain in disagreement on this; I am comfortable with my stance in that new technologies with predictable uses can lead to predictable results. There may actually *be* hard data on criminal use of tor, but I don't think it's necessary/useful for me to dig at it, particularly as I expect it to be used increasingly as tor will probably catch on in the criminal community.

DPerkins objected to my blurring tapping and tracing as activities of LE. This is fair; I spoke of them using the same term because they both pose a systemic damage to LE, they both are enabled by tor, and they both might reasonably be used in the same investigation. I am willing to talk of them separately though.

We traced a few scenarios for potential crime; registering and using gmail through tor provides a disposable "identity" not easily traced back to a human, not easily tapped to find out what other activities are in play.

I agree with DPerkins that if tapping is too easy that's a damage to the public good; I am baseline-comfortable with a warrant being sufficient, but am happier with there being some (but not stifling) trouble or difficulty in the process itself so it is not done too lightly. I hold that it's better for it to be easy than impossible though. DPerkins disagrees.

DPerkins also is uncomfortable with libel/slander laws and thinks they have been effectively obsoleted by the internet (or perhaps were never valid to begin with). I am comfortable with libel/slander as being illegal.

As a general matter of philosophy, I trust (or feel I have to effectively trust; not quite the same thing) government much more than DPerkins does. I accept there will be irregularities and unacceptable things, but see us much better off with an effective state that screws up sometimes (or even a lot) than with one that is so weak as to be ineffective. DPerkins distrusts the government significantly more than I do, and sees technology as an independent way to seek the good from legal reform. I believe his perspective neglects the damage done by severely weakening law enforcement, and he believes my perspective neglects the potential for autonomy made possible by tor.

(originally the discussion included Bitcoin, which I see as much more damaging than tor, but we dropped that topic very early on)


Re: Encryption vs Tor

I believe and hope that there are ways around SSH, HTTPS, and those VPNs that can be managed with a court order; perhaps a sneaky way to root our servers without our knowing? subpoenas for the places we connect? Inbound and outbound monitors on those VPN sites? I want there at least to be a theoretical way to do that that's in the hands of LE and ideally counterbalanced by the need for a court order. As for proxies, I also hope that LE has some methods to break those when they have to. Any technology that amounts to an unbreakable win against LE for the ability to either trace or tap communications is one I hope never sees the light of day; I want us relatively free but protected from crime, but being completely free and completely vulnerable is pretty awful.

In all these cases, people time is going to be expensive. The strongest reason I believe LE isn't keeping an eye on me isn't that I think it's technically difficult; I imagine there's been ample time to root my boxes without my noticing in ways that'd be very difficult to detect, tap my networks, bug my apartment, etc. It's also not that I haven't done anything interesting to LE recently (although that's true). It's that it's expensive to do that to lots of people, particularly when LE needs to pay for someone to actually figure out what to do with the data. Human judgement is always expensive.

I always assume that if the government wanted to snoop on me or make me disappear, they could without too much difficulty. The same goes for sufficiently wealthy/powerful private corporations or organised crime groups, which I'm much more inclined to think of as sinister. I'm generally inclined to think of all governments as being at least somewhat legitimate, and of the US government as doing much better than most in trying to serve the public good. I'd still generally say that LE priorities of governments less principled and more systemically corrupt than ours are really important, and technologies that make it harder for LE to function (untracable, untappable communcations) are not something to celebrate.

But I suspect we're not going to come to an agreement on this; I think we both understand each other's arguments but we're weighing the risks and benefits differently.