[tor-project] A Statement from The Tor Project on Software Integrity and Apple

[Allen Gunn]

Represent!

I am really proud to be part of a community making this statement.
Thanks to all who have pulled this together.

peace,
gunner

On 03/21/2016 09:04 AM, Kate Krauss wrote:
> 
>   A Statement from The Tor Project on Software Integrity and Apple
> 
> The Tor Project exists to provide privacy and anonymity for millions of
> people, including human rights defenders across the globe whose lives
> depend on it. The strong encryption built into our software is essential
> for their safety.
> 
> In an age when people have so little control over the information
> recorded about their lives, we believe that privacy is worth fighting for.
> 
> We therefore stand with Apple to defend strong encryption and to oppose
> government pressure to weaken it. We will never backdoor our software.
> 
> Our users face very serious threats. These users include bloggers
> reporting on drug violence in Latin America; dissidents in China,
> Russia, and the Middle East; police and military officers who use our
> software to keep themselves safe on the job; and LGBTI individuals who
> face persecution nearly everywhere. Even in Western societies, studies
> demonstrate that intelligence agencies such as the NSA are chilling
> dissent and silencing political discourse
> <http://m.jmq.sagepub.com/content/early/2016/02/25/1077699016630255.full.pdf?ijkey=1jxrYu4cQPtA6&keytype=ref&siteid=spjmq>
> merely through the threat of pervasive surveillance.
> 
> For all of our users, their privacy is their security. And for all of
> them, that privacy depends upon the integrity of our software, and on
> strong cryptography. Any weakness introduced to help a particular
> government would inevitably be discovered and could be used against all
> of our users.
> 
> The Tor Project employs several mechanisms to ensure the security and
> integrity of our software. Our primary product, the Tor Browser, is
> fully open source. Moreover, anyone can obtain our source code and
> produce bit-for-bit identical copies of the programs we distribute using
> Reproducible Builds
> <https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise>,
> eliminating the possibility of single points of compromise or coercion
> in our software build process. The Tor Browser downloads its software
> updates anonymously using the Tor network, and update requests contain
> no identifying information that could be used to deliver targeted
> malicious updates
> <http://arstechnica.com/security/2016/02/most-software-already-has-a-golden-key-backdoor-its-called-auto-update/>
> to specific users. These requests also use HTTPS encryption
> <https://www.eff.org/pages/tor-and-https> and pinned HTTPS certificates
> (a security mechanism that allows HTTPS websites to resist being
> impersonated by an attacker by specifying exact cryptographic keys for
> sites). Finally, the updates themselves are also protected by strong
> cryptography, in the form of package-level cryptographic signatures (the
> Tor Project signs the update files themselves). This use of multiple
> independent cryptographic mechanisms and independent keys reduces the
> risk of single points of failure.
> 
> The Tor Project has never received a legal demand to place a backdoor in
> its programs or source code, nor have we received any requests to hand
> over cryptographic signing material. This isn't surprising: we've been
> public about our "no backdoors, ever
> <https://www.torproject.org/docs/faq#Backdoor>" stance, we've had clear
> public support from our friends at EFF and ACLU, and it's well-known
> that our open source engineering processes and distributed architecture
> make it hard to add a backdoor quietly.
> 
>>From an engineering perspective, our code review and open source
> development processes make it likely that such a backdoor would be
> quickly discovered. We are also currently accelerating the development
> of a vulnerability-reporting reward program to encourage external
> software developers to look for and report any vulnerabilities that
> affect our primary software products.
> 
> The threats that Apple faces to hand over its cryptographic signing keys
> <http://fortune.com/2016/03/11/apple-fbi-source-code-signature/> to the
> US government (or to sign alternate versions of its software for the US
> government) are no different than threats of force or compromise that
> any of our developers or our volunteer network operators may face from
> any actor, governmental or not. For this reason, regardless of the
> outcome of the Apple decision, we are exploring further ways to
> eliminate single points of failure, so that even if a government or a
> criminal obtains our cryptographic keys, our distributed network and its
> users would be able to detect this fact and report it to us as a
> security issue.
> 
> Like those at Apple
> <http://www.nytimes.com/2016/03/18/technology/apple-encryption-engineers-if-ordered-to-unlock-iphone-might-resist.html>,
> several of our developers have already stated that they would rather
> resign than honor any request to introduce a backdoor or vulnerability
> into our software that could be used to harm our users. We look forward
> to making an official public statement on this commitment as the
> situation unfolds. However, since requests for backdoors or
> cryptographic key material so closely resemble many other forms of
> security failure, we remain committed to researching and developing
> engineering solutions to further mitigate these risks, regardless of
> their origin.
> 
> We congratulate Apple on their commitment to the privacy and security of
> their users, and we admire their efforts to advance the debate over the
> right to privacy and security for all.
> 

-- 

Allen Gunn
Executive Director, Aspiration
+1.415.216.7252
www.aspirationtech.org

Aspiration: "Better Tools for a Better World"

Read our Manifesto: http://aspirationtech.org/publications/manifesto

Follow us:
Facebook: www.facebook.com/aspirationtech
Twitter:  www.twitter.com/aspirationtech

--

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20160321/63fa750a/attachment.sig>