“The FBI has derivatively classified portions of the tool, the exploits used in connection with the tool, and some of the operational aspects of the tool in accordance with the FBI’s National Security Information Classification Guide,” the government’s attorneys wrote in a filing made in response to one of the defendants earlier this month. As Motherboard points out, the FBI originally wanted to classify their reasons for not handing over the exploit, rather than the exploit itself. That filing has been amended and is simply waiting on a signature from the FBI Original Classification Authority to confirm it will be hidden from public view. While experts believe the national security excuse is tenuous, the Department of Justice does have a recorded history of classifying inappropriate information. A 2013 report from the DOJ’s own office of the Inspector General revealed several documents in which “unclassified information was inappropriately identified as being classified.”
If the FBI is successful in classifying their exploit tool, it would make it difficult to verify that their evidence, which affects over 1,500 related cases, was obtained through legal means. On the other hand, a legal loophole set in place by the Classified Information Procedures Act could allow the defense teams in these cases to review certain classified materials, although that’s not guaranteed.
As for the Tor Project, the problems here are clear: how can an open, yet unknown, security flaw endanger the lives or human rights of those around the world who legitimately rely on a browser built for privacy and security?