As the Tor Project controversy continues to brew over whether the FBI gave researchers at Carnegie Mellon University (CMU) $1 million to help hack Tor, the university has come forward and silenced the claims as being inaccurate.
On Wednesday, Nov. 18, the university revealed in a statement that, as alleged, its Software Engineering Institute did not get any payment from the security service or from other government agencies in lieu of its Tor research.
However, the university hinted that the law enforcement may have gained access to the Tor research via a subpoena.
"In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed. The university abides by the rule of law, complies with lawfully issued subpoenas and receives no funding for its compliance," read the statement.
CMU's assertion contradicts claims by Roger Dingledine, Tor's Director, who said that CMU researchers accepted over $1 million from the FBI to aid the latter locate Tor users. Dingledine alleged that identities of users of the anonymizing network were revealed in H1 2014 thanks to the technique CMU provided to the FBI. He also added that his information was through "friends in the security community."
CMU's denial is in line with FBI's assertion that allegations of the $1 million payment were "inaccurate." However, the FBI spokesperson did not commit to whether any payment was made.
Speculations have been rife since late 2014 that CMU's Tor exploit had been deployed by the FBI to pull down several hidden services that were Tor protected. The rumors were given some credence when publication Motherboard located a filing for a lawsuit pertaining to Brian Farrell, the supposed drug dealer, which divulged that a "university-based research institute" was instrumental in aiding the FBI to locate Farrell, even though he used Tor.
Now even though Carnegie Mellon has denied receiving direct payment and aiding the FBI, Tor Project's spokeswoman Kate Krauss notes that they have a lot to ask about CMU's new statement, including how the FBI may have had the knowledge of what data to subpoena from CMU, as well as whether its Tor research was approved by CMU's Institutional Review Board.