Anonymous browsing: Will it survive lawful access initiatives?
posted by:Carole Lucock // 08:11 PM // October 11, 2005 // ID TRAIL MIX
The use of anonymous browsers and remailers are actively recommended to protect privacy when surfing the Internet. Such advice can be found on the Privacy Commission of Canada website. This advice to the general public suggests that there is reason to be concerned about privacy on the net and that there are means to protect it.
An innovative solution to providing anonymous browsing is TOR, which is “a decentralized network of computers on the Internet that increases privacy in Web browsing, instant messaging, and other applications. TOR estimate there are some 30,000 TOR users currently, routing their traffic through about 200 volunteer TOR servers on five continents. TOR solves three important privacy problems: it prevents websites and other services from learning a users location; it prevents eavesdroppers from learning what information a user is fetching and where it’s fetched from; and it routes a users connection through multiple TOR servers so no single server can learn what a user is up to. TOR also enables hidden services, letting a user run a website without revealing its location to others.” TOR actively seeks volunteer participation to broaden its network of servers and encourages the donation of “time and/or bandwidth to help make the TOR network more diverse and thus more secure.”
Initiatives like those of TOR are at risk as Canada takes measures to curtail the capacity to be anonymous on the Internet. The recent announcement that Canada will introduce lawful access legislation has been criticized on a number of grounds that continue along similar lines to those received by the government in response to its 2002 consultation document. Although legislation has not been tabled, the Privacy Commissioner of Canada has commented on the proposals based on briefings provided by the Department of Justice and other government departments and agencies. The Commissioner notes the failure to demonstrate a serious problem or to provide evidence that enhanced surveillance powers are necessary.
Like others, the Commissioner has raised concerns on a number of grounds. The Commissioner decries the erosion of limits on government to obtain information from the public sector and in consequence the “blurring of the distinction between the public and private sectors and, in effect, deputizing the business community.” She raises concerns about compelling interception capability and access to subscriber data without a warrant, which would include the provision of a subscriber’s dynamic IP address or the subscriber’s name. She also raises numerous concerns about proposals for preservation orders, production orders and the interception of e-mail and notes the lack of judicial oversight in some instances and the lower threshold for using such new powers in others. The Commissioner draws parallels between the proposed measures and the Anti-Terrorism Act, which in her view “gave overly broad surveillance powers to security and intelligence and law enforcement agencies while unduly weakening the constraints on the use of those powers and reducing accountability and transparency.” She asks pointedly, “whether the gain in security justifies the sacrifices of privacy and other rights?”
Initiatives like those of TOR seek to enhance privacy on the Internet and provide a concrete solution to consumers who are advised to make use of anonymous browsers to protect their privacy. As Canada and other countries introduce measures that enhance surveillance capacity it appears that the effectiveness of initiatives like TOR will be diminished. In which case it will be important to be very clear to those who rely on advice concerning how to protect their on-line privacy that the means to protect it are similarly diminished. At a minimum, Canadians should be under no illusion about what can reasonably be expected concerning their Internet use and if the ability to be truly anonymous is unavailable then this should be made patently clear in any advice given concerning the protection of privacy.
As a TOR user I do fully enjoy the privacy that it provides. One technical point I would like to present, a possible downside to TOR is the ease for completely successful DOS attacks. TOR is a great infrastructure with which to launch an Denial of Service attack and get away with it due to the anonymity provided by TOR. On one hand we have the need for privacy, but is someone tears down the infrastructure we are using the need for privacy is nullified.
Posted by: Rob at October 24, 2005 02:20 PM