RAPTOR: Routing Attacks on Privacy in Tor

The Tor network is a widely used system for anonymous communication. However, Tor is known to be vulnerable to attackers who can observe traffic at both ends of the communication path. In this paper, we show that prior attacks are just the tip of the iceberg. We present a suite of new attacks, called Raptor, that can be launched by Autonomous Systems (ASes) to compromise user anonymity. First, AS-level adversaries can exploit the asymmetric nature of Internet routing to increase the chance of observing at least one direction of user traffic at both ends of the communication. Second, AS-level adversaries can exploit natural churn in Internet routing to lie on the BGP paths for more users over time. Third, strategic adversaries can manipulate Internet routing via BGP hijacks (to discover the users using specific Tor guard nodes) and interceptions (to perform traffic analysis). We demonstrate the feasibility of Raptor attacks by analyzing historical BGP data and Traceroute data as well as performing real-world attacks on the live Tor network, while ensuring that we do not harm real users. In addition, we outline the design of two monitoring frameworks to counter these attacks: BGP monitoring to detect control-plane attacks, and Traceroute monitoring to detect data-plane anomalies. Overall, our work motivates the design of anonymity systems that are aware of the dynamics of Internet routing

Protecting Information Privacy

This report for the Equality and Human Rights Commission (the Commission) examines the threats to information privacy that have emerged in recent years, focusing on the activities of the state. It argues that current privacy laws and regulation do not adequately uphold human rights, and that fundamental reform is required. It identifies two principal areas of concern: the state’s handling of personal data, and the use of surveillance by public bodies. The central finding of this report is that the existing approach to the protection of information privacy in the UK is fundamentally flawed, and that there is a pressing need for widespread legislative reform in order to ensure that the rights contained in Article 8 are respected. The report argues for the establishment of a number of key ‘privacy principles’ that can be used to guide future legal reforms and the development of sector-specific regulation. The right to privacy is at risk of being eroded by the growing demand for information by government and the private sector. Unless we start to reform the law and build a regulatory system capable of protecting information privacy, we may soon find that it is a thing of the past

Understanding digital intelligence and the norms that might govern it

Abstract: This paper describes the nature of digital intelligence and provides context for the material published as a result of the actions of National Security Agency contractor Edward Snowden. It looks at the dynamic interaction between demands from government and law enforcement for digital intelligence, and at the new possibilities that digital technology has opened up for meeting such demands. The adequacy of previous regimes of legal powers and governance arrangements is seriously challenged just at a time when the objective need for intelligence on the serious threats facing civil society is apparent. This paper suggests areas where it might be possible to derive international norms, regarded as promoting standards of accepted behaviour that might gain widespread, if not universal, international acceptance, for the safe practice of digital intelligence

Workplace Violence and Security: Are there Lessons for Peacemaking?

Workplace violence has captured the attention of commentators, employers, and the public at large. Although statistically the incidents of workplace homicide and assault are decreasing, public awareness of the problem has heightened, largely through media reports of violent incidents. Employers are exhorted to address the problem of workplace violence and are offered a variety of programs and processes to prevent its occurrence. Many techniques, however, conflict with values that are critical to achieving sustainable peace. We focus on types of workplace violence that are triggered by organizational factors. From among the plethora of recommendations, we identify those responses that are most and least consistent with positive peace. We find that processes that promote privacy, transparency, and employee rights hold the most promise for peacemaking. We submit that such structures and processes can be transportable beyond the workplace to promote peace locally, nationally, and globally.http://deepblue.lib.umich.edu/bitstream/2027.42/39920/3/wp535.pd

The challenge to privacy from ever increasing state surveillance: a comparative perspective

This article explores how internet surveillance in the name of counterterrorism challenges privacy. Introduction International terrorism poses serious threats to the societies it affects. The counter-terrorism measures adopted since 2001 have sought to limit the advance of terrorism but, in the process, also created enormous challenges for (transnational) constitutionalism. Long-held and cherished principles relating to democracy, the rule of law and the protection of a wide range of human rights have come under increasing strain. Legislative authority to shoot down hijacked aircrafts or to use lethal drones against suspected terrorists affect the right to life; waterboarding of prisoners and other inhumane practices contravene the prohibition of torture; extraordinary renditions and black sites circumvent constitutionally protected rights and processes, including the right to freedom and security, the right to a fair trial and due process for suspected terrorists; ill-defined terrorism offences undermine the rule of law and personal freedom; blanket suspicion of Muslims as terror sympathisers impacts on freedom of religion and leads to unfair discrimination; and mass surveillance of communication sweeps away the right to privacy. This article explores how internet surveillance in the name of counterterrorism challenges privacy. In Part II, the article analyses the international dimension of counter-terrorism measures and the conceptualisation of data protection and privacy in the European Union (‘EU’), the United States of America (‘US’) and Australia. Part III compares the different concepts of data protection and privacy, and explores the prospects of an international legal framework for the protection of privacy. Part IV concludes that work on international data protection and privacy standards, while urgently needed, remains a long-term vision with particularly uncertain prospects as far as antiterrorism and national security measures are concerned