TOR: ‘Lasciate ogne speranza, voi ch’intrate’

July 7, 2013

1. Introduction

A perpetual dilemma exists: choosing between the right to anonymity and effective measures to halt the pervasion of illicit and immoral behaviour. The Supreme Court of the United States has ruled repeatedly that the right to anonymous free speech is protected by the First Amendment. A much-cited 1995 Supreme Court ruling in McIntyre v Ohio Elections Commission reads:

‘Protections for anonymous speech are vital to democratic discourse. Allowing dissenters to shield their identities frees them to express critical minority views … Anonymity is a shield from the tyranny of the majority… It thus exemplifies the purpose behind the Bill of Rights and of the First Amendment in particular: to protect unpopular individuals from retaliation… at the hand of an intolerant society.

The right to Internet anonymity is also covered by European legislation that recognizes the fundamental right to data protection, freedom of expression, and freedom of impression. The European Union Charter of Fundamental Rights recognizes in Article 8   the right of everyone to protection of personal data concerning them.

Anonymity and freedom of expression and impression is one thing; the need to restrict the exploitation and purveying of illicit and heinous acts on the Internet are another. It involves a difficult balance, but it is a balance that should be close to all our hearts.

2. The How

Tor (short for The Onion Router) is a system intended to enable online anonymity. Tor client software directs Internet traffic through a worldwide volunteer network of servers to conceal a user’s location or usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity back to the user, including ‘visits to Web sites, online posts, instant messages and other communication forms’, and is intended to protect users’ personal freedom, privacy, and ability to conduct confidential business by keeping Internet activities from being monitored.

The declared intent of the Tor project is offer anonymity to web users that wish for it.

This is plausible but the result is that those engaged in illegal activities immediately seized the advantage and started selling their wares online, also anonymously. For example, Silk Road is an easily reachable site once on the Tor Network which makes  no attempt to disguise or hide  ‘crime’.

Silk Road is a web site working under the Tor hidden services which offers a variety of illegal and contraband goods. Silk Road can be accessed via the TorDIR which is a directory service provided by Tor. Other hidden services promoted by Tor hidden services are child pornography, gun and ammunition sales and the provision of class A drugs.

There are no warning signs and in some cases no registration is needed. With a few simple clicks the user can stray inadvertently into the dark net world.

The majority of products available to purchase on Silk Road qualify as contraband in most jurisdictions.  Most sellers are based in the UK and the United States, and offer products such as heroin, LSD, cannabis, and other drugs. However, the site’s operators prohibit goods or services intended to harm others, such as stolen credit card numbers, counterfeit currency, firearms, personal information, assassinations, weapons of mass destruction, and materials used to make such weapons. There are also a range of legitimate products for sale, such as art, apparel, books, jewellery, pornography, and writing services.

While the intent of the Tor network may be to offer anonymity to web users that wish for it, it provides the linking and ability to access these illegal sites. Australia has taken action on Silk Road and it has also become a declared target in the USA. Senator Charles Schumar, in June, 2011 stated:

‘Literally, it allows buyers and users to sell illegal drugs online, including heroin, cocaine, and meth, and users do sell by hiding their identities through a program that makes them virtually untraceable,’ Schumer said at a news conference Sunday. ‘It’s a certifiable one-stop shop for illegal drugs that represents the most brazen attempt to peddle drugs online that we have ever seen. It’s more brazen than anything else by lightyears.’

However subsequently, Silk Road’s administrators posted on the Silk Road forums the following statement:

The die have been cast [sic] and now we will see how they land. We will be diverting even more effort into countering their attacks and making the site as resilient as possible, which means we may not be as responsive to messages for a while. I’m sure this news will scare some off, but should we win the fight, a new era will be born. Even if we lose, the genie is out of the bottle and they are fighting a losing War already.’


3. The Argument for Anonymity

There are many legitimate reasons for the existence of anonymity on the internet. It is unfortunate that in the present environment anyone who wants to advocate Internet anonymity is immediately labelled as a scammer, spammer or shill. We assume that all the people who are taking advantage of online anonymity are up to some notorious, tawdry activity. This assumption is specious; the fact is we do not know who they are.

Identity Theft. The incidence of reports of identity theft is increasing. The Javelin Strategy and Research report 2012 stated that identity fraud increased by 13% in the USA while more than 11.6 million adults became victims of identity fraud there. .  

Online anonymity is an important tool in the prevention of online threats, malicious attacks, and identity thefts. Each time the Internet is browsed multiple agencies track and record. These logs are often either purposely sold to online marketers or hacked by online identity thieves, resulting in our personal data being exposed to unscrupulous elements.

Military communications require maximum security. Military personnel require anonymous communications to protect themselves and their strategies from terrorist attacks.

Freedom of expression: Journalists are increasingly required to communicate with prisoners or people under surveillance in countries that have repressive regimes. Unless the journalists and the persons with whom they contact have the protection of anonymity, the contacted persons could face serious consequences from such repressive regimes. Online anonymity can assist in providing some protection and to avoid retaliation for those trying to communicate the true situation on the ground.

Law enforcement officers use online anonymity when investigating questionable or illegal websites, to conduct online undercover operations, and receive anonymous tips from informers about criminals or terrorists. Law enforcement authorities and their contacts should have online anonymity for successful completion of investigation.

National intelligence agencies collect huge volumes of data on persons suspected of corruption, bribery, tax evasion, illegal activities, and exchange of information and documents of national interest.

These are but a few examples. There are many others reasons such as anonymous bloggers, sock puppetry, whistle-blowers and some commercial interests why anonymity is used legitimately without the need for any stigma being attached to the concept.

In addition to the important reasons for anonymity outlined above, there are many ‘softer’ legitimate reasons why someone would wish to remain anonymous online:

  • your employer or school has strict Web surfing policies and filters your access to the Internet;
  • you are a staunch free speech advocate and do not want the government or anyone else to censor your activities;
  • you believe that the Internet is the perfect forum in which to express your opinions freely without fear of being harassed by people who do not agree;
  • you do not like the idea that search engines are collecting information about your queries;
  • you do not want online advertisers to know where you live or what products you buy;
  • you want to participate anonymously in Internet forums, perhaps to speak to other people about a private medical condition.

Andy Smith, a senior security official at the Cabinet Office, caused quite a stir at the Parliament and Internet Conference in October 2012, when he suggested that people should use false names and provide false information on the internet – and in particular, when using social networking sites.

Do not use your real name, your real date of birth. If you’re putting information on social networking sites don’t put real combinations of information. Obviously if you’re dealing with government or other organisations you know are going to protect your information then use the right stuff.

Read in context Andy Smith was really making the point that factually correct information about you (your Personally Identifiable Information) should be given only to those organisations that you trust to look after it and then only when you believe there is a need for them to hold that information. Rather than inciting anyone to break the law he is advocating the case for anonymity, suggesting that rather than using one’s real name the social networking user should use a pseudonym to remain anonymous.

The reaction was explosive in both directions: Labour MP Helen Goodman called his comments ‘totally outrageous’, while security expert Alec Muffett, in a wonderfully strident blog, expressed strong support, calling Smith an ‘epic hero’. This demonstrates the watershed between the two sides of the argument. It reflects an issue that seems to have particular interest for the future of privacy: when, how, and where do we have the right to anonymity – and in what circumstances do people have the right to demand from us our real names and details.

From a government perspective, to enforce the law, real names are needed or the ability to be able to recognise a user via a correct and accurate IP address, which is why Helen Goodman found Andy Smith’s comments so outrageous.

The sharpest intakes of breath when Andy Smith made his remarks at the Parliament and Internet Conference were from the Facebook delegation. Facebook’s policy is that we should all only use our real names on Facebook. Anonymity and pseudonymity are not only frowned upon but actually against their terms and conditions. Without real names, Facebook’s data – what they gather from us – would be far less valuable, and hence Facebook itself would be far less valuable. Yet Facebook do not dictate the law, thankfully.


4. The Argument against Anonymity

4.1 Nothing to Hide

A frequently made argument is that no privacy problem exists if a person has nothing to hide. Thus, if an individual engages only in legal activity, he or she has nothing to worry about. The ‘nothing to hide’ argument is one of the primary arguments made when balancing privacy against security. In popular discourse, the ‘nothing to hide’ argument’s superficial incantations can readily be refuted. But when the argument is put in its strongest form, it is far more formidable.

In response to the simple form of the argument a question such as ‘would you mind if I take a photo of you naked and show it to your neighbours’ or ‘can I see your credit card statements for the last year’ makes the simple ‘nothing to hide’ argument unravel. However, in a more compelling form, the argument proceeds as follows: government surveillance, data mining, or other government information-gathering programs will result in the disclosure of particular pieces of information to a few government officials, or perhaps only to government computers. This very limited disclosure of the particular information involved is not likely to be threatening to the privacy of law-abiding citizens. Only those who are engaged in illegal activities have a reason to hide this information. Although there may be some cases in which the information might be sensitive or embarrassing to law-abiding citizens, the limited disclosure lessens the threat to privacy. Moreover, the security interest in detecting, investigating, and preventing terrorist attacks is very high and outweighs whatever minimal or moderate privacy interests law-abiding citizens may have in these particular pieces of information. 

Cast in this manner, the ‘nothing to hide’ argument is a formidable one. It balances the degree to which an individual’s privacy is compromised by the limited disclosure of certain information against potent national security interests. Under such a balancing scheme, it is quite difficult for privacy to prevail.

Moving on from the ‘nothing to hide’ argument, we find  the corollary: if you have anonymity then you can hide whatever you choose.

Without Onion routers, sites such as Silk Road would become far more readily detectable and their creators could be prosecuted.

If you host a web site upon which a user posts some defamatory material and the posting of this defamatory material is brought to your attention then you are obliged to take down the offensive material within a reasonable time.  If you do not act and have the offensive material taken down then you are liable. Should the same not apply to the Tor network?

4.2 Child Pornography

The Commission proposal for a new directive on combating sexual abuse, sexual exploitation of children and child pornography (2010/0064 (COD)) was intended to repeal the Framework Decision 2004/68/JHA. The proposal contains provisions aimed at extending the criminalisation of child sexual abuse and exploitation and child pornography. Article 21 provides as follows:

1. Member States shall take the necessary measures to obtain the blocking of access by Internet users in their territory to Internet pages containing or disseminating child pornography. The blocking of access shall be subject to adequate safeguards, in particular to ensure that the blocking is limited to what is necessary, that users are informed of the reason for the blocking and that content providers, as far as possible, are informed of the possibility of challenging it.

2. Without prejudice to the above, Member States shall take the necessary measures to obtain the removal of internet pages containing or disseminating child pornography. 

The aim of restricting such access is to reduce the circulation of child pornography by making it more difficult to use the publicly-accessible web. It is not a substitute for action to remove the content at the source or to prosecute offenders. The blocking of access is subject to adequate safeguards, in particular to ensure that the blocking is limited to what is necessary, that users are informed of the reason for blocking and that the content providers, as far as possible, are informed of the possibility of challenging it. Member States must take the necessary measures to obtain the removal of internet pages containing or disseminating child pornography (Art 21). 

The Directive prohibits the dissemination of material advertising the opportunity to commit any of the offences and the organisation of sex tourism (Art 19).

On 14 February  2011, the Committee on Civil Liberties, Justice and Home Affairs approved the Commission proposal with several amendments, including the provision that child pornography or child abuse material on the web must be removed at source in all EU countries. The measure would make the UK’s system for blocking and removing child pornography without informing the publisher illegal.

Moreover, Article 7 of the Directive prohibits instigation, aiding and abetting, attempt and preparatory offences, including specifically the dissemination of material advertising the opportunity to commit any of the offences.  

The laws in each country that the Internet reaches are different. Every country may proclaim their opposition to Class A drugs, or child pornography but in practice each country has different legislation to control these activities, and different cultural attitudes too. As Sylvia Kierkegaard pointed out in her article in Computer Law and Security Review, Japan continues to be an international hub for the production and trafficking of child pornography. Child pornography is widely available at Japanese sex shops and borderline materials are sold at supermarkets and convenience stores. The ruling Democratic Party of Japan has refused to support legislation that would outlaw the possession of child pornography on the grounds that it would infringe individuals’ freedom of expression.

To change this type of culture and attitude in countries outside of the EU is especially difficult, but the problem is also embedded in some EU countries. Germany has a long liberal tradition with powerful German lobby groups and parliamentary members claiming that it would be difficult to implement EU-wide blocking due to differing sensitivities and traditions. As Sylvia Kierkegaard writes, the German Health Education Centre actively encourages parents to sexually massage their children as young as 1 to 3 years of age in two 40-page booklets entitled ‘Love, Body and Playing Doctor’

5. Conclusion

In my opinion, while the law prevaricates about freedom of expression and the right to anonymity we continue to provide the vehicle for child pornography of the most heinous kind, drug dealing, illegal weapons and terrorism activities. The damage that is being done out there is untold. I am not suggesting that this damage would not be there if anonymity was miraculously unavailable on the Internet but it would make these activities harder.  Bruce Schneier points out thatUniversal identification is portrayed by some as the holy grail of Internet security. Anonymity is bad, the argument goes; and if we abolish it, we can ensure only the proper people have access to their own information. We’ll know who is sending us spam and who is trying to hack into corporate networks. And when there are massive denial-of-service attacks, such as those against Estonia or Georgia or South Korea, we’ll know who was responsible and take action accordingly.’ But he continues ‘[t]he problem is that thatwon’t work.’

To implement an Internet with Universal identification is not possible and it will cause other problems. Real-world organizations would need to implement a global identification infrastructure based on other identification systems: passports, national identity cards, driver’s licenses. As has been seen the world does not have one set of laws or morals that comes anywhere near this type of infrastructure yet.

Bruce Schneier states that ‘attempts to banish anonymity from the Internet won’t affect those savvy enough to bypass it, would cost billions, and would have only a negligible effect on security. What such attempts would do is affect the average user’s access to free speech, including those who use the Internet’s anonymity to survive: dissidents in Iran, China, and elsewhere.’ As discussed there are good ‘life-saving’ cases for extant anonymity on the Internet and dissidents in repressed countries rely on it for their survival.

There is always going to be anonymity on the Internet but there needs to be some way of minimising the harm and removing these heinous sites from vehicles such as T.O.R. We can’t just let it continue because it is there.

The argument and proposal for blocking sites which display or advertise child pornography could be used for all these illicit sites such as Silk Road. ISPs could be forced to police their subscribers and block access to these Onion Routers. This is happening more and more with peer-to-peer copying sites, such as The Pirate Bay. Admittedly new versions and alternate names keep emerging make it difficult to eradicate and extinguish these providers but that is no argument to stop the practice of blocking them.

Simon Worthy is an IT Consultant, currently working at Centrica (British Gas) and has delivered many innovative computer applications throughout his career. Simon can be contacted at