Court documents released last week reveal that the FBI "incidentally" seized all emails from service TorMail in an investigation of a company with a reputation for facilitating child pornography. Before closing down in August 2013, TorMail had a reputation for privacy. It shielded a motley of journalists, activists, dissidents—and a fair share of criminals. Former TorMail users had some pressing reason for using the email service they believed to be untappable and secure. They should be either outraged at the potential breach of privacy or shaking in their seats over potential criminal busts.
The FBI's acquisition came to light during a Florida court case, demonstrating that its new stash of emails has been used in at least one investigation unrelated to Freedom Hosting. The FBI used a man's emails to gather evidence of his execution of credit card fraud. The email linked to the man's credit card forgery scheme had a "tormail.net" suffix. Once they obtained a warrant they needed only turn to their vast trove of TorMail emails.
TorMail is a Tor Hidden Service that is used in conjunction with the Tor anonymity network. The Guardian explains in its Tor Beginner's Guide:
[Tor] offers a technology that bounces internet users' and websites' traffic through "relays" run by thousands of volunteers around the world, making it extremely hard for anyone to identify the source of the information or the location of the user.
TorMail's fall in August 2013 was tied to Freedom Hosting's, a company that hosted untraceable .onion websites only available over the Tor anonymity network. Eric Eoin Marques, Freedom Hosting's founder, was arrested in July 2013 with charges of facilitating child pornography. TorMail shut down shortly after.
Just because TorMail was seized doesn't mean journalists, dissidents, and privacy-conscious people should give up on email privacy. But they should be careful. Email security is tricky. When using an intermediary like TorMail there is always the risk that it will broken in from the top, but there are other, slightly trickier, ways to secure emails. According to The Daily Dot, the only foolproof way is to use software like PGP, which is "virtually unbreakable" and only takes a 15 minutes to master.
When it comes to online anonymity tools, the government is understandably concerned about the strains of criminal activity: the pedophiles, the drug dealers, the fraudsters, etc. But journalists, whistleblowers, and human rights groups with nobler motivations for seeking privacy are now caught in the FBI's net too.
The FBI's activities re-enforces a question that emerged in parallel with Edward Snowden's leaks: What the heck have government agencies been up to behind our backs? It looks like the National Security Agency isn't the only agency opaquely collecting bulk data.