The FBI paid Carnegie Mellon University researchers to hack Tor hidden internet service users and sift through the data to find people who could be accused of criminal offenses.
Tor, commonly known as the Dark Web, makes it possible for users to hide their locations while offering various kinds of services – legal and illegal – online. Tor users can connect to these hidden services, each without knowing the other’s network identity.
Civil rights groups say the researchers received $1 million for their efforts.
There had been rumors in cyber security circles last year of the FBI and Carnegie Mellon connection, and these have now been confirmed by documents leaked to several internet bloggers who write about Tor.
It is not yet certain if the FBI had a warrant to get the data or if there was any knowledge of the operation by Carnegie Mellon’s Institutional Review Board.
Cyber security experts say it is unlikely there was a valid warrant since most warrants have to be narrowly tailored to target criminals or criminal activity rather than indiscriminately targeted for many Tor users at once.
They say the attack sets a troubling precedent for two reasons. Firstly, it circumvents the rules of evidence by outsourcing police work to universities. Secondly, it allows academia to hide behind the illusion of research, to carry out what basically is invasion of privacy and possible breaches of civil liberties, leaving no meaningful 4th Amendment protections online.
The fourth amendment of the U.S. Constitution is the part of the Bill of Rights that outlaws unreasonable searches and seizures, and requires any warrant to be judicially sanctioned and supported by probable cause.
The experts say that law enforcement agencies are taught to use Tor “ethically”, but by the Carnegie Mellon University case it appears some are trying to skirt the ethical issue by paying someone to do it in the name of “legitimate research”.