Did Carnegie Mellon Help FBI With 'Dark Web' Bust?

November 12, 2015

Is Carnegie Mellon University's Software Engineering Institute the source that led the Federal Bureau of Investigation to identify and arrest suspects behind crimes committed on the "dark web"? Legal proceedings in a case against a Seattle man charged with conspiracy to distribute drugs last month revealed that a "university-based research institute" helped the agency identify people who were using Tor, software that complicates online surveillance by hiding its users among one another. In an article published on Wednesday, Motherboard, Vice Media's technology channel, suggested that Carnegie Mellon is the unnamed university.

Beyond relying on educated guesses from experts who have been following the case, Motherboard points to the fact that Alexander Volynkin and Michael McCord, two Carnegie Mellon researchers, previously said they had found a way to identify people using Tor. Volynkin planned to demonstrate how during a talk at a conference in early August 2014, but the talk was canceled about two weeks in advance. Then in late July, the Tor Project announced it had found and removed relays, which help anonymize users, "that we assume were trying to deanonymize users." The relays had first joined the network that January, a timeline that lines up with when federal law enforcement agents say they received information that helped them identify a staff member of an online drug marketplace.

The Tor Project on Wednesday also pointed the finger at Carnegie Mellon, saying in a blog post that the university received “at least $1 million” from the FBI for its involvement.

"This attack also sets a troubling precedent: civil liberties are under attack if law enforcement believes it can circumvent the rules of evidence by outsourcing police work to universities," the post reads. "If academia uses 'research' as a stalking horse for privacy invasion, the entire enterprise of security research will fall into disrepute. Legitimate privacy researchers study many online systems, including social networks. If this kind of FBI attack by university proxy is accepted, no one will have meaningful Fourth Amendment protections online and everyone is at risk."

A spokesperson for Carnegie Mellon declined to comment.

+ -

Expand commentsHide comments  —   Join the conversation!

Opinions on Inside Higher Ed

Inside Higher Ed’s Blog U

Back to Top