Tech

Academics ‘Livid,’ ‘Concerned’ Over Allegations that CMU Helped FBI Attack Tor

On Wednesday, Motherboard reported that a “university-based academic research institute” had been providing information to the FBI, leading to the identification of criminal suspects on the dark web.

Circumstantial evidence pointed to Carnegie Mellon University’s (CMU) Software Engineering Institute and an attack carried out against Tor last year. After the publication of Motherboard’s report, the Tor Project said it had learned that CMU was paid at least $1 million for the project.

Videos by VICE

On Thursday, other academics who focus on the dark web and criminal marketplaces expressed anger and concern at CMU’s alleged behavior, feeling that the research broke ethical guidelines, and may have a knock-on effect on other research looking into this space.

“These revelations are likely to have a chilling effect on research. It can be much harder to gain people’s trust when they can point to examples of researchers who have actively helped law enforcement operations,” Monica Barratt, a research fellow from the National Drug & Alcohol Research Centre in Australia who has researched the use of Silk Road in various countries, told Motherboard in an email.

“I’m concerned about the effects that these revelations may have on the ability of researchers to carry out their research.”

Indeed, some researchers’ work involves interacting and talking with people on the dark web. Now that an institution has clearly used information to help law enforcement, other netizens may be less willing to talk.

“I’m concerned about the effects that these revelations may have on the ability of researchers to carry out their research, particularly where this involves gaining the trust of those to whom the most important ethical obligation is: do no harm,” added Judith Aldridge, senior lecturer from Manchester University.

This echoes a statement provided by Nick Mathewson, co-founder of the Tor Project, to Motherboard on Wednesday. “If you’re doing an experiment without the knowledge or consent of the people you’re experimenting on, you might be doing something questionable—and if you’re doing it without their informed consent because you know they wouldn’t give it to you, then you’re almost certainly doing something wrong. Whatever you’re doing, it isn’t science.”

The assistance of the “university-based research institute” is key to the case against Brian Farrell, who is charged with conspiracy to distribute heroin, methamphetamine and cocaine over the dark web marketplace Silk Road 2.0, as well as that of Gabriel Peterson-Siler, who is charged with possessing child pornography. The institute provided the FBI with IP addresses that led to both of these individuals, as well as the servers of several dark web sites, including Silk Road 2.0.

Nicolas Christin, an assistant research professor from CMU, who has published extensive research into the economics of dark web markets, pointed out that the researchers at CMU’s Software Engineering Institute “are not academics.”

“They are with CERT/SEI a semi autonomous entity at CMU. It is an FFRDC, not a traditional academic department. There is a big difference,” he told Motherboard in a Twitter direct message.

Federally Funded Research and Development Centers (FFRDCs) are nonprofit entities that are sponsored by the US government. In July of this year, CMU’s Software Engineering Institute’s contract with the Department of Defense was renewed for $1.73 billion.

CMU did not respond to a request for comment.

Regardless, “I’m livid,” Tim Bingham, an independent drugs researcher told Motherboard in a phone interview. Tim said that the dark web plays an important role when it comes to monitoring emerging drugs or trends.

“Anything that hinders this work would create more harm than reduce it.”