FBI "Incidentally" Seized Entire TorMail Email Server


Tor Project / Wikimedia

Court documents released last week reveal that the FBI "incidentally" seized all emails from service TorMail in an investigation of a company with a reputation for facilitating child pornography. Before closing down in August 2013, TorMail had a reputation for privacy. It shielded a motley of journalists, activists, dissidents—and a fair share of criminals. Former TorMail users had some pressing reason for using the email service they believed to be untappable and secure.  They should be either outraged at the potential breach of privacy or shaking in their seats over potential criminal busts.

The FBI's acquisition came to light during a Florida court case, demonstrating that its new stash of emails has been used in at least one investigation unrelated to Freedom Hosting. The FBI used a man's emails to gather evidence of his execution of credit card fraud. The email linked to the man's credit card forgery scheme had a "tormail.net" suffix. Once they obtained a warrant they needed only turn to their vast trove of TorMail emails.

TorMail is a Tor Hidden Service that is used in conjunction with the Tor anonymity network. The Guardian explains in its Tor Beginner's Guide:

[Tor] offers a technology that bounces internet users' and websites' traffic through "relays" run by thousands of volunteers around the world, making it extremely hard for anyone to identify the source of the information or the location of the user.

TorMail's fall in August 2013 was tied to Freedom Hosting's, a company that hosted untraceable .onion websites only available over the Tor anonymity network. Eric Eoin Marques, Freedom Hosting's founder, was arrested in July 2013 with charges of facilitating child pornography. TorMail shut down shortly after.

Just because TorMail was seized doesn't mean journalists, dissidents, and privacy-conscious people should give up on email privacy. But they should be careful. Email security is tricky. When using an intermediary like TorMail there is always the risk that it will broken in from the top, but there are other, slightly trickier, ways to secure emails. According to The Daily Dot, the only foolproof way is to use software like PGP, which is "virtually unbreakable" and only takes a 15 minutes to master.

When it comes to online anonymity tools, the government is understandably concerned about the strains of criminal activity: the pedophiles, the drug dealers, the fraudsters, etc. But journalists, whistleblowers, and human rights groups with nobler motivations for seeking privacy are now caught in the FBI's net too.

The FBI's activities re-enforces a question that emerged in parallel with Edward Snowden's leaks: What the heck have government agencies been up to behind our backs? It looks like the National Security Agency isn't the only agency opaquely collecting bulk data. 

NEXT: Amid Falling Supply of Lethal Injection Drugs Some States Consider Older Execution Methods

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. When it comes to the FBI, you can pretty much assume that they are doubling down on all of the bad shit that their peers have been up to.

    1. Here’s what we need: an FBI Snowden, a CIA Snowden, an ATF Snowden…

      You get the picture.

  2. Yes, they will use the information to bust a few criminals to show people “Well, see, we’re busting bad guys over here. That’s all.”

    But that’s not all. They are just the tip of the iceburg. Like J. Edgar used his spies to dig up dirt on political enemies, so to do the NSA, FBI, CIA and every other such agency. They trot out a few cases to make people think they are doing their job to “protect” the American people. But really, they are all about gathering dirt to keep people from getting too uppity and questioning the powers that be.

  3. Are you loonytarians and teathuglicans trying to whip up yet another phony scandal? The top men will ensure that this remains within proper bounds. If you don’t look at child pornography, you have nothing to fear.

    1. My God, please tell me you forgot a sarc tag.

      1. If you want to read the real thing, Neil Stevens has been writing barftastic pieces to this effect over at RedState. He’s never seen a boot he doesn’t want to lick.

  4. Incidentally

    “Oops! Our bad.”

  5. We may as well give up on email privacy. Unlike other encryptable commo, too much is left exposed even when using encryption.

    1. There is an alliance called Dark Mail that aims to fix it with a new protocol that has security designed in, unlike SMTP

  6. …the government is understandably concerned about the strains of criminal activity: the pedophiles, the drug dealers, the fraudsters, etc.

    One of those things isn’t like the others.

  7. It is difficult to report on a story for which there is now an overwhelming amount of documentation.

    “It looks like the National Security Agency isn’t the only agency opaquely collecting bulk data.”

    The fact that the FBI and CIA also present minimization and targeting guidelines for approval by the FISA judges, and therefore have access to the databases, was known both from the leaks and from the released decisions. The news item is how they have admitted using domestic surveillance to prosecute a crime other than terrorism.

  8. Wow, thats pretty impressive. Always mask that real IP address and encrypt EVERYTHING! ALL of the time.


  9. AH! This is so crazy. vegas real estate

Please to post comments

Comments are closed.