the thrust of this article is difficult to grasp… what exactly happened? CMU found criminals and reported to the FBI? Or the FBI detected an “attack” and pursued CMU?
CMU found criminals and reported to the FBI? Or the FBI detected an “attack” and pursued CMU?
Neither. The FBI said to CMU, “We need you to hack Tor for us please.”
CMU said, “OK!”
Do you have any support for that order of events? I know the Tor Project alleged the FBI had paid them a million dollars, but I haven’t seen any evidence. Even in this article I don’t see support for the idea that the FBI directed CMU’s research.
What I’ve read on this story has the big open question of how the FBI learned of the unpublished research to subpoena it. There’s a bunch of possibilities here: the FBI requested CMU do this work (even paying for it) and then subpoena’d it to mask that fact; CMU told the FBI it has this information; the NSA told the FBI the CMU had this information; etc. I’d be very interested in support for any of the possible scenarios.
But if that was the case why would the FBI send CMU a subpoena? Wouldn’t they be “partners in crime” at that point?
Putting on my tinfoil hat because I haven’t yet seen evidence of anything…
The FBI might fear that the deanonymization work wouldn’t pass judicial review and any evidence would be thrown out as fruit of the poisonous tree. Keeping CMU at arm’s length would mean the FBI didn’t take any improper action, they just used perfectly legal means to get information out of someone who had it.