The Kilton Public Library in Lebanon, N.H., just became an outpost in the global struggle for Internet freedom — and perhaps part of an international criminal conspiracy. All because one of the library’s computers is linked to a controversial service called Tor.
Invented by the US Naval Research Laboratory, Tor uses a network of digital back roads and blind alleys to throw off pursuers tracking your movements on the World Wide Web. It’s a powerful tool to protect the online privacy of political dissidents in repressive countries, but it’s just as useful for terrorists, drug dealers and child pornographers.
“Tor obviously was created with good intentions, but it’s a huge problem for law enforcement,” said assistant US Attorney General Leslie Caldwell at a conference in January.
So when the library fired up a Tor server as part of an intellectual freedom campaign, agitated local police and politicians met with library director Sean Fleming and persuaded him to pull the plug. “The potential was that we could be providing cover for criminals,” Fleming said.
But on Tuesday night, about 50 citizens showed up at a library board meeting to call for restoration of the Tor service. “There was no opposition at all,” said Fleming. The board unanimously agreed to switch the server back on.
Americans fear terrorism and kiddie porn. But people also fear an Internet devoid of privacy, where all of our actions can be tracked by swindlers, corporations, or cops. Tor is far from a perfect defense. But it’s one of the best yet devised.
The computers that the library provides to the public are not using Tor; at least not yet. The library installed the server so that others can use this privacy-enhancing technology.
Tor relies on a network of server computers like the one at the Lebanon library, each of them run by volunteers worldwide. These servers encrypt and re-route Tor Internet messages to ensure they can’t be traced back to the sender.
Say you’re in China and you want to visit a website that’s blocked by that country’s “Great Firewall” censorship system. You just install a free Tor-compatible Web browser, which encrypts your request and sends it to a Tor server not blocked by the Chinese firewall. This server relays the request through still more Tor servers, which conceal your location and bypass the censors. Now you can read about forbidden subjects like the Tiananmen Square incident without getting a visit from the Internet police.
Since Tor routes all data through a worldwide network of about 6,000 servers, Web pages often take much longer to download. But adding more servers would make it faster, and more secure. That’s why former Watertown librarian Alison Macrina launched the Library Freedom Project, a campaign funded by the Knight Foundation that aims to put Tor relays in libraries throughout the US. The Lebanon library was the first to sign up, but thanks to the resulting controversy, “many other libraries have gotten in touch with us,” Macrina said. “This is a public referendum about privacy and our right to practice free speech online.”
But what about the bad guys? Tor protects them too. But all the Tor servers in the world didn’t prevent the federal government from shutting down Silk Road, a notorious online purveyor of vice. Silk Road’s website could be accessed only through Tor. But its customers, who bought everything from heroin to kiddie porn, were flesh-and-blood humans living in the material world. By tracking the people, the products, and the payoffs, federal cops brought Silk Road down, Tor or no Tor. Silk Road is now dead, and its founder is doing a life sentence for drug dealing, computer hacking, and money laundering.
“Tor doesn’t make it difficult to catch bad guys. That’s just rhetoric you hear from the FBI,” said computer security expert Bruce Schneier, author of a recent book on privacy called “Data and Goliath.”
Still, federal officials say that as tech-savvy crooks log onto Tor, their job is becoming a lot harder. “We have made some advances in our ability to penetrate the Tor network,” said assistant attorney general Caldwell, “but it’s still a real challenge.”
That’s just fine with supporters of the Lebanon Tor server. “Some people were expressing pride that Lebanon was the first public library to participate in the project,” said Fleming. “In the last 10 or 15 years, there’s been a perceived government overreach, especially federal government overreach. I think the vast majority of people are really very concerned about that.”
Will criminals use the library’s Tor server? Very likely. So will political dissidents, undercover cops, and ordinary citizens with a fondness for privacy. Between us, I’m pretty sure we’ve got the bad guys outnumbered.