GCHQ and the NSA have come in for a lot of flack recently, especially in light of the multiple revelations coming from a certain Mr Snowden. But some spooks are not so bad it seems.

According to a report from the BBC, some agents may be intentionally leaking flaws in Tor’s code. Andrew Lewman, executive director of the Tor Project, certainly holds that belief and he reckons it happens on a regular basis too.

By alerting developers, the spies are allowing the project to fix the flaws and so better help users retain their privacy he said.

Lewman’s view that the information comes from the security services is entirely credible but unproven because Tor allows users to send bug reports anonymously. Even so, Lewman said:

“There are plenty of people in both organisations who can anonymously leak data to us to say – maybe you should look here, maybe you should look at this to fix this. And they have.”

Lewman went on to tell the BBC that he believes the Tor project receives security tips from various security agencies on a monthly basis, covering both bugs and design issues that could potentially lead to the service being compromised. He added that:

“You have to think about the type of people who would be able to do this and have the expertise and time to read Tor source code from scratch for hours, for weeks, for months, and find and elucidate these super-subtle bugs or other things that they probably don’t get to see in most commercial software. And the fact that we take a completely anonymous bug report allows them to report to us safely.”

If Lewman is correct, and the security agencies are leaking fixes to Tor, then it makes you wonder why. Whilst there is, and most likely never will be, any official confirmation, it is likely that national agencies would have a high level of interest in any service that allows its users to remain anonymous. Therefore it is not beyond the realms of possibility that some spooks are supplying information about the very bugs they’ve been paid to find as part of their jobs.

Why would they do such a thing?

My own personal opinion here is that there may be some people within GCHQ and the NSA who disagree with the way the organisations have been going recently. Whilst it would be naive to think that the surveillance services don’t hoover up a vast amount of information about everyone, it is quite likely that some personnel may disagree with the blanket approach they are widely believed to have taken – spying on criminals and terrorists is one thing, the mass collection of innocent data is something entirely different.

Alternatively, it may be an ego thing. I could also imagine some spook discovering a flaw and desperately wanting some recognition for it (which, of course, they will never be able to get officially), as well as the challenge of having to work harder and delve deeper to find more of the same in the future. What could be more challenging than helping Tor fix its security issues every time you unearth a new one?

The other option, which is a bit more sinister, is that there may be spies out there who rely on Tor for anonymity for their extra-curricular activities, though I daren’t pause to consider what they may be!