Pages

Friday, March 1, 2013

Federal Judge Alex Kozinski Talks About Using Tor To Surf Silk Road & The Armory For Drugs, Weapons And Hitmen

from the don't-mess-with-alex dept

While I don't always agree with him (who do I always agree with?), like many folks who follow legal issues, Judge Alex Kozinski, the chief judge of the court of appeals for the 9th circuit, is one of my favorite judges. Known almost as much for his ability to entertain as for his clear, well-written (and frequently funny) judicial rulings, one thing that's always been clear is that, unlike some judges, Kozinski is both down to earth and really inquisitive when it comes to understanding how things really work, rather than just accepting common wisdom. Last night, Judge Kozinski gave a lecture at Santa Clara University on "The Two Faces of Anonymity." As I expected, it was entertaining and insightful, with a few Kozinski-esque surprises thrown in.

By far the most entertaining part of the evening was Kozinski sharing (with screenshots) his experience exploring the "hidden web." He claims that when he told his children about the topic of the talk, they told him he needed to explore the hidden web. So, "with some trepidation," he downloaded Tor and dove in, starting out at Silk Road, which still remains the most well known hidden website out there. As we've noted in the past, for all the excitement and press attention Silk Road has received for being a totally anonymous online marketplace used mainly for buying and selling drugs and other illicit goods, it still is a fairly small business. Still, Judge Kozinski detailed his exploration of the market, including checking out various drugs (including many he'd never heard of before). He also looked into the ability to buy forged documents and lots of counterfeit software.
From there, he moved over to Silk Road spin-off, The Armory, to see what weapons they had for sale, including 6lbs of C4 explosives. Of course, this is the point that we realize that Kozinski's claims of just having done this recently are probably a fabrication, given that The Armory shut down last summer. It's possible he didn't actually do any of this, but got screenshots from elsewhere online, but there's just something amusing in thinking about Judge Kozinski sitting at home surfing through these sites. He showed a few sites for hiring hitmen, and joked that two of them had such similar language and pricing that he was tempted to report them to the FTC for likely collusion.

He marveled at how much like regular online stores these sites were -- including things like seller ratings -- and compared it to his experiences with eBay. Of course, he also noted that it's entirely possible the whole thing is a front by the feds to track these kinds of things, but if so, he was impressed with the level of detail.

While much of this was entertaining, the point (I think!) was to highlight all of the kinds of things that anonymity enables -- but it wasn't in a necessarily negative or judgmental way (even if he's suggested his concerns in the past). Instead, it was more of a realist approach to what's happening out there and how there are interesting challenges presented concerning both anonymity and privacy -- which he notes are related but not the same thing. To show the difference, he discussed your neighbors across the way, where they may not be anonymous to you, but what they do in their bedroom is kept private from you. Yet, take a random couple in Times Square on New Years Eve doing the same thing -- and they may be "anonymous," but not private at all.

While he did express some concerns about where all this leads, including a dig at anonymous comments online, his biggest concern appeared to be about government abuse thanks to technology. He spent a fair bit of time on the NSA's infamous spy center in Utah, which is supposedly storing a ridiculous amount of information on us all. He pointed out that having that much information in the hands of government is dangerous, and suggested it's likely to be abused. As an example, he pointed to the story from all the way back in 2001 when he and other federal judges discovered that the feds were monitoring their internet usage, something the judges had never been told about.

He explained that the software had been put on the computers to protect the judiciary intranet from being attacked by hackers from China or whatever, but most of the time they weren't doing anything at all, so it wasn't long before the scope began to creep, and someone realized that, hey, if that monitoring software is on those computers, it could also be used to spy on what sites judges were surfing. The judges only found out about it when a judge was called out for his inappropriate surfing habits.

While he didn't say anything explicitly about it, it seems like this should be a pretty clear warning to folks who are supporting laws like CISPA. When you increase information sharing to the government for one purpose, you can almost guarantee that there will be scope creep over time. Someone will point out that "hey, we're already doing this for security, so why not for spying on people...."

Similarly, Kozinski is worried about how all this number crunching and data collection by governments means that people are going to be "targeted" for heightened scrutiny based on some algorithms, even if their activity is perfectly legal. He even noted that he's assuming that his own decision to download Tor and check out Silk Road and other sites probably means that he set off some alarms and may be in for heightened scrutiny. When asked about that later during the Q&A, he admitted that it might just be his own paranoia, but he wouldn't be surprised if it was true.

When asked about how to push back on all this government surveillance, he said that everyone keeps pointing to the courts, and saying that it's their responsibility to limit the government's powers, but suggested that the courts are limited, because it's not clear that anonymity and privacy are really Constitutional issues. Or, he said, if there is a basis for them in the Constitution, it's fairly weak, and could easily be overcome by "other concerns." Personally, I think that he downplayed both the First Amendment's protection of anonymity as confirmed by the Supreme Court, as well as the 4th Amendment's (too often ignored) protection of privacy. Still, he seemed to think that this was really an issue where it was up to Congress to prevent abuses. That's kind of depressing if you remember Congress' recent "debate" and subsequent rubberstamping of the FISA Amendments Act, giving the NSA much more power to spy on Americans with little oversight.

One other bit of useful info: he seemed fairly convinced by Justice Sotomayor's statements on the 3rd party doctrine in the US v. Jones case about GPS tracking. If you don't recall, the 3rd party doctrine basically says that you don't have privacy rights in information that you've left in the control of a third party. That's obviously quite problematic in an age of cloud computing, where all your data is probably in the hands of third parties. The government has been relying on this fact to access all sorts of data with little oversight for quite some time. It's good to see Kozinski hint at the idea that the 3rd party doctrine just isn't reasonable any more in the information era.

There were plenty of other tidbits, but basically it was an interesting discussion of privacy and anonymity, with a strong focus in how the government is collecting way too much information on us all these days. There was also some brief talk of how much information companies are collecting too -- including his apparent uncomfortableness with things like Google Maps' Street View and Satellite View (he joked about how you can see him sunbathing nude if you can find his house). But, for the most part, he seemed to think that this was an area where the government was doing a better job keeping companies somewhat in check.

Oh yeah, and one other amusing tidbit: in talking about how easy it is to track us all due to our mobile phones, he asked how many people had smartphones (or, more specifically, "phones with email on them") and noted that when he talks to lawyers, they all do. He noted that lawyers always had their email near them to respond to clients quickly, because otherwise you get fired, but this cool tool "given to you by work" just shackles you while also denting your privacy. And then he claimed that when work gives him a smartphone, he gets it without a sim and then sells the device on eBay. Maybe he should try selling it on Silk Road next time...

No comments:

Post a Comment