Surveillance Valley
The Secret Military History of the Internet
By Yasha Levine
Chapter 7
Internet Privacy, Funded by Spies
This so-called Internet Freedom, is in nature, freedom under US control.
—China’s Global Times newspaper, 2010
December 2015. A few days after Christmas in Hamburg. The mercury hovers just above freezing. A
gray fog hangs over the city.
In the town’s historic core, several thousand people have gathered inside a modernist cube of steel and
glass known as Congress Center. The attendees, mostly geeky men, are here for the thirty-second annual
meeting of the Chaos Computer Club, better known as 32c3. The conference atmosphere is loud and
cheery, a counterpoint to the head-down foot traffic and dreary weather outside the center’s high glass
walls.
32c3 is the Hacktivist Davos, an extravaganza put on by the oldest and most prestigious hacker
collective in the world. Everyone who is anyone is here: cryptographers, Internet security experts, script
kiddies, techno-libertarians, cypherpunks and cyberpunks, Bitcoin entrepreneurs, military contractors,
open source enthusiasts, and privacy activists of all nationalities, genders, age groups, and intel
classification levels. They descend on the event to network, code, dance to techno, smoke e-cigarettes,
catch the latest crypto trends, and consume oceans of Club-Mate, Germany’s official hacker beverage.
Look this way and see Ryan Lackey, cofounder of HavenCo, the world’s first extralegal offshore
hosting company, run out of an abandoned World War II cannon platform in the North Sea off England’s
coast. Look that way and find Sarah Harrison, WikiLeaks member and Julian Assange confidante who
helped Edward Snowden escape arrest in Hong Kong and find safety in Moscow. She’s laughing and
having a good time. I wave as I pass her on an escalator. But not everyone here is so friendly. Indeed, my
reputation as a Tor critic has preceded me. In the days leading up to the conference, social media had
again lit up with threats.
1 There was talk of assault and of spiking my drink with Rohypnol if I had the
nerve to show my face at the event.
2 Given my previous run-in with the privacy community, I can’t say I
expected a particularly warm reception.
The Tor Project occupies a hallowed place in the mythology and social galaxy of the Chaos Computer
Club. Every year, Tor’s annual presentation—“The State of the Onion”—is the most well-attended event
in the program. An audience of several thousand packs a massive auditorium to watch Tor developers and
celebrity supporters talk about their fights against Internet surveillance. Last year, the stage featured Laura
Poitras, the Academy Award–winning director of the Edward Snowden documentary, Citizen Four. In her
speech, she held up Tor as a powerful antidote to America’s surveillance state. “When I was
communicating with Snowden for several months before I met him in Hong Kong, we talked often about
the Tor network, and it is something that actually he feels is vital for online privacy and to defeat
surveillance. It is our only tool to be able to do that,” she said to wild applause, Snowden’s face
projected onto a giant screen behind her.
3
This year, the presentation is a bit more formal. Tor has just hired a new executive director, Shari
Steele, the former head of the Electronic Frontier Foundation. She takes the stage to introduce herself to
the privacy activists assembled in the hall and pledges her allegiance to Tor’s core mission: to make the
Internet safe from surveillance. Up there, emceeing the event, stands Jacob Appelbaum, “Jake,” as
everyone calls him. He is the true star of the show, and he lavishes praise on the new director. “We found
someone who will keep the Tor Project going long after all of us are dead and buried, hopefully not in
shallow graves,” he says to cheers and applause.
4
I catch a glimpse of him walking the halls after the event. He’s dressed in jeans and a black T-shirt, a
tattoo peeking out from under one of the sleeves. His jet-black hair and thick-rimmed glasses frame a
rectangular, fleshy face. He is a familiar sight to people at 32c3. Indeed, he carries himself like a
celebrity, glad-handing attendees while his fans cluster nearby to listen to him boast of daring exploits
against oppressive governments all around the world.
He ducks into an auditorium where a speaker is talking about human rights in Ecuador and
immediately hijacks the discussion. “I am of the eliminate-the-state crypto world. I want to get rid of the
state. The state is dangerous, you know,” he says into a microphone. Then he cracks a devious grin,
leading a few people in the audience to hoot and cheer. He transitions into a wild story that puts him at the
center of a failed coup attempt hatched by Ecuador’s secret police against their president, Rafael Correa.
Naturally, Appelbaum is the hero of the tale. President Correa is widely respected in the international
hacker community for granting Julian Assange political asylum and for giving him refuge at the
Ecuadorian embassy in London. Like a modern Smedley Butler, Appelbaum explains how he refused to go
along. He did not want to use his righteous hacker skills to take down a good, honest man, so he helped
foil the plot and saved the president instead. “They asked me to build a mass surveillance system to tap
the entire country of Ecuador,” he said. “I told them to go fuck themselves, and I reported them to the
presidency. I think you are proposing a coup. I have your names—you’re fucked.”
A few people on stage look embarrassed, not believing a word. But the audience laps it up. They love
Jacob Appelbaum. Everyone at 32c3 loves Jacob Appelbaum.
Appelbaum is the most storied member of the Tor Project. After Edward Snowden and Julian
Assange, he is arguably the most famous personality in the Internet privacy movement. He is also the most
outrageous. For five years he’s played the role of a self-facilitating media node and counterculture Ethan
Hunt, a celebrity hacker who constantly changes his appearance, travels the world to speak at conferences
and conduct teach-ins, and fights injustice and censorship wherever they rear their ugly government heads.
Appelbaum wields cultural power and influence. While Assange was stuck in a London embassy and
Snowden was stranded in Moscow, Appelbaum was the face of the anti-surveillance movement. He spoke
for its heroes. He was their friend and collaborator. Like them, he lived on the edge, an inspiration to
countless people—hundreds, if not thousands became privacy activists because of him. You’d hear it over
and over: “Jake’s the reason I’m here.”
But that year’s Chaos Computer Club party represented the peak of his career. For years, rumors had
spread inside the cliquish Internet privacy community about his history of sexual harassment, abuse, and
bullying. Six months after the conference, the New York Times ran a story that brought these allegations to
light, revealing a scandal that saw Appelbaum ejected from the Tor Project and that threatened to tear the
organization apart from the inside.
5
But all that was in the future. That evening in Hamburg, Appelbaum was still enjoying his fame and
celebrity, feeling comfortable and secure. Yet he was carrying another dark secret. He was more than just
a world-renowned Internet freedom fighter and confidant of Assange and Snowden. He was also an
employee of a military contractor, earning $100,000 a year plus benefits working on one of the most
disorienting government projects of the Internet Era: the weaponization of privacy.
6
The Box
A few weeks after I glimpsed Jacob Appelbaum at 32c3, I arrived home in the United States to find a
heavy brown box waiting for me on my doorstep. It was postmarked from the Broadcasting Board of
Governors, a large federal agency that oversees America’s foreign broadcasting operations and one of the
Tor Project’s main government funders.
7 The box contained several thousand pages of internal documents
on the agency’s dealings with Tor that I had obtained through the Freedom of Information Act. I had been
impatiently waiting for months for it to arrive.
By then I had spent almost two years investigating the Tor Project. I knew that the organization had
come out of Pentagon research. I also knew that even after it became a private nonprofit in 2004, it relied
almost entirely on federal and Pentagon contracts. In the course of my reporting, representatives of Tor
grudgingly conceded that they accepted government funding, but they remained adamant that they ran an
independent organization that took orders from no one, especially not the dreaded federal government,
which their anonymity tool was supposed to oppose.
8 They repeatedly stressed that they would never put
backdoors in the Tor network and told stories of how the US government had tried but failed to get Tor to
tap its own network.
9 They pointed to Tor’s open source code; if I was really worried about a backdoor, I
was free to inspect the code for myself.
The open source argument appeared to nullify concerns in the privacy community. But backdoors or
not, my reporting kept butting up against the same question: If Tor was truly the heart of the modern
privacy movement and a real threat to the surveillance power of agencies like the NSA, why would the
federal government—including the Pentagon, the parent of the NSA—continue to fund the organization?
Why would the Pentagon support a technology that subverted its own power? It did not make any sense.
The documents in the box waiting on my doorstep contained the answer. Combined with other
information unearthed during my investigation, they showed that Tor, as well as the larger app-obsessed
privacy movement that rallied around it after Snowden’s NSA leaks, does not thwart the power of the US
government. It enhances it.
The disclosures about Tor’s inner workings I obtained from the Broadcasting Board of Governors
have never been made public before now. The story they tell is vital to our understanding of the Internet;
they reveal that American military and intelligence interests are so deeply embedded in the fabric of the
network that they dominate the very encryption tools and privacy organizations that are supposed to stand
in opposition to them. There is no escape.
Spies Need Anonymity
The story of how a military contractor wound up at the heart of the privacy movement starts in 1995 at
the Naval Research Laboratory inside the Anacostia-Bolling military base on the Potomac in southeast
Washington, DC.
10 There, Paul Syverson, an affable military mathematician with big hair and an interest
in secure communication systems, set out to solve an unexpected problem brought on by the explosive
success of the Internet.
Everything was being hooked up to the Internet: banks, phones, power plants, universities, military
bases, corporations, and foreign governments, both hostile and friendly. In the 1990s, hackers, who some
believed to be tied to Russia and China, were already using the Internet to probe America’s defense
network and steal secrets.
11 The United States was beginning to do the same to its adversaries: collecting
intelligence, bugging and hacking targets, and intercepting communications. It was also using commercial
Internet infrastructure for covert communication.
The problem was anonymity. The open nature of the Internet, where the origin of a traffic request and
its destination were open to anyone monitoring the connection, made cloak-and-dagger work tricky
business. Imagine a CIA agent in Lebanon under deep cover as a businessman trying to check his
operative email. He couldn’t just type “mail.cia.gov” into his web browser from his suite in the Beirut
Hilton. Simple traffic analysis would immediately blow his cover. Nor could a US Army officer infiltrate
an Al-Qaeda recruiting forum without revealing the army base’s IP address. And what if the NSA needed
to hack a Russian diplomat’s computer without leaving a trail that led right back to Fort Meade,
Maryland? Forget about it. “As military grade communication devices increasingly depend on the public
communications infrastructure, it is important to use that infrastructure in ways that are resistant to traffic
analysis. It may also be useful to communicate anonymously, for example when gathering intelligence
from public databases,” Syverson and colleagues explained in the pages of an in-house magazine put out
by his research lab.
12
American spies and soldiers needed a way to use the Internet while hiding their tracks and cloaking
their identity. It was a problem that researchers at the US Navy, which has historically been at the
forefront of communications technology research and signals intelligence, were determined to solve.
Syverson assembled a small team of military mathematicians and computer systems researchers. They
came up with a solution: called “the onion router” or Tor. It was a clever system: the navy set up a bunch
of servers and linked them together in a parallel network that sat atop the normal Internet. All covert
traffic was redirected through this parallel network; once inside it was bounced around and scrambled in
such a way as to obfuscate where it was going and from where it came. It used the same principle as
money laundering: shifting information packets from one shell Tor node to another until it is impossible to
figure out where the data came from. With onion routing, the only thing an Internet provider—or anyone
else watching a connection—saw was that the user connected to a computer running Tor. No indication of
where the communications were actually going was apparent. And when the data popped out of the
parallel network and back onto the public Internet on the other side, no one there could see where the
information had come from either.
Syverson’s team of Naval scientists worked on several iterations of this system. A few years later,
they hired two fresh-faced programmers, Roger Dingledine and Nick Mathewson, from the Massachusetts
Institute of Technology to help build a version of the router that could be used in the real world.
13
Dingledine, who received his master’s in electrical engineering and computer science and who was
interested in cryptography and secure communications, had interned at the National Security Agency.
Mathewson had similar interests and had developed a truly anonymous email system that hid a sender’s
identity and source. Mathewson and Dingledine had met as freshman at MIT and became fast friends,
spending most of their days in their rooms reading Lord of the Rings and hacking away at stacks of
computers. They, too, believed in the cypherpunk vision. “Network protocols are the unacknowledged
legislators of cyberspace,” Mathewson bragged to journalist Andy Greenberg. “We believed that if we
were going to change the world, it would be through code.” In college, the two saw themselves in
romantic terms, hacker rebels taking on the system, using computer code to fight government
authoritarianism. They were out there to fight The Man. But that did not stop them from going to work for
the Pentagon after graduation. Like too many hacker rebels, they had a very limited conception of who
“The Man” was and what it would mean in real political terms to fight “him.”
In 2002, the pair went to work for the Naval Research Laboratory under a DARPA contract.
14 For two
years, Dingledine and Mathewson worked with Syverson to upgrade the onion router network’s
underlying routing protocols, improve security, and run a small test network that allowed the military to
experiment with onion routing in the field. One military team tested it for gathering open source
intelligence, which required them to visit websites and interact with people online without giving away
their identity. Another team used it to communicate while deployed on a mission in the Middle East.
15 By
2004, Tor, the resultant network, was finally ready for deployment.
16 Well, except for one little detail.
Everyone working on the project understood that a system that merely anonymized traffic was not
enough—not if it was used exclusively by military and intelligence agencies. “The United States
government can’t simply run an anonymity system for everybody and then use it themselves only,”
Dingledine explained at a 2004 computer conference in Berlin. “Because then every time a connection
came from it people would say, ‘Oh, it’s another CIA agent.’ If those are the only people using the
network.”
17
To truly hide spies and soldiers, Tor needed to distance itself from its Pentagon roots and include as
many different users as possible. Activists, students, corporate researchers, soccer moms, journalists,
drug dealers, hackers, child pornographers, agents of foreign intelligence services, terrorists. Tor was
like a public square—the bigger and more diverse the group assembled there, the better spies could hide
in the crowd.
In 2004, Dingledine struck out on his own, spinning the military onion routing project into a nonprofit
corporation called the Tor Project and, while still funded by DARPA and the navy, began scratching
around for private funding.
18 He got help from an unexpected ally: the Electronic Frontier Foundation
(EFF), which gave Tor almost a quarter million dollars to keep it going while Dingledine looked for other
private sponsors.
19 The EFF even hosted Tor’s website. To download the app, users had to browse to
tor.eff.org, where they’d see a reassuring message from the EFF: “Your traffic is safer when you use
Tor.”
20
Announcing its support, the EFF sang Tor’s praises. “The Tor project is a perfect fit for EFF, because
one of our primary goals is to protect the privacy and anonymity of Internet users. Tor can help people
exercise their First Amendment right to free, anonymous speech online,” EFF’s technology manager Chris
Palmer explained in a 2004 press release, which curiously failed to mention that Tor was developed
primarily for military and intelligence use and was still actively funded by the Pentagon.
21
Why would the EFF, a Silicon Valley advocacy group that positioned itself as a staunch critic of
government surveillance programs, help sell a military intelligence communications tool to unsuspecting
Internet users? Well, it wasn’t as strange as it seems.
EFF was only a decade old at the time, but it already had developed a history of working with law
enforcement agencies and aiding the military. In 1994, EFF worked with the FBI to pass the
Communications Assistance for Law Enforcement Act, which required all telecommunications companies
to build their equipment so that it could be wiretapped by the FBI.
22
In 1999, EFF worked to support
NATO’s bombing campaign in Kosovo with something called the “Kosovo Privacy Project,” which aimed
to keep the region’s Internet access open during military action.
23 Selling a Pentagon intelligence project
as a grassroots privacy tool—it didn’t seem all that wild. Indeed, in 2002, a few years before it funded
Tor, EFF cofounder Perry Barlow casually admitted that he had been consulting for intelligence agencies
for a decade.
24
It seemed that the worlds of soldiers, spies, and privacy weren’t as far apart as they
appeared.
EFF’s support for Tor was a big deal. The organization commanded respect in Silicon Valley and was
widely seen as the ACLU of the Internet Age. The fact that it backed Tor meant that no hard questions
would be asked about the anonymity tool’s military origins as it transitioned to the civilian world. And
that’s exactly what happened.
25
Freedom Isn’t Free
It was Wednesday morning, February 8, 2006, when Roger Dingledine got the email he had been badly
waiting for. The Broadcasting Board of Governors had finally agreed to back the Tor Project.
“OK—we want to move forward on this, Roger. We would like to offer some funding,” wrote Ken
Berman, director of the Broadcasting Board of Governors’ Internet Technology unit. “For this first effort,
we were going to offer $80,000 to you, with more possibly depending on how things evolve. Give us the
particulars for how to establish a contractual relationship with you, name business contact information.”
26
It had been two years since Dingledine had made Tor independent, and his time in the wild world of
private donors and civilian nonprofits hadn’t been very successful.
27 Other than the initial funding from
the Electronic Frontier Foundation, Dingledine didn’t raise money from the private sector, at least not
enough to fund the operation.
The Broadcasting Board of Governors, or BBG, seemed to offer a compromise. A large federal
agency with close ties to the State Department, the BBG ran America’s foreign broadcasting operations:
Voice of America, Radio Free Europe/Radio Liberty, and Radio Free Asia. It was a government agency,
so that wasn’t ideal. But at least it had an altruistic-sounding mission: “to inform, engage and connect
people around the world in support of freedom and democracy.” Anyway, government or not, Dingledine
didn’t have much choice. Money was tight and this seemed to be the best he could line up. So he said yes.
It was a smart move. The initial $80,000 was just the beginning. Within a year, the agency increased
Tor’s contract to a quarter million dollars and then bumped it up again to almost a million just a few years
later. The relationship also led to major contracts with other federal agencies, boosting Tor’s meager
operating budget to several million dollars a year.
28
Dingledine should have been celebrating, but something nagged at his conscience.
Immediately after signing the contract, he emailed Ken Berman, his contact at the BBG, to tell him he
was worried about the optics of the deal.
29 Dingledine wanted to do everything he could to maintain Tor’s
independent image, but as head of a tax-exempt nonprofit that received funding from the federal
government, he was required by law to publicly disclose his funding sources and publish financial audits.
He knew that whether he liked it or not, Tor’s relationship with the federal government would come out
sooner or later. “We also need to think about a strategy for how to spin this move in terms of Tor’s overall
direction. I would guess that we don’t want to loudly declare war on China, since this only harms our
goals?” he wrote. “But we also don’t want to hide the existence of funding from [the BBG], since ‘they’re
getting paid off by the feds and they didn’t tell anyone’ sounds like a bad Slashdot title for a security
project. Is it sufficient just to always talk about Iran, or is that not subtle enough?”
30
In college Dingledine had dreamed of using technology to create a better world. Now he was suddenly
talking about whether or not they should declare war on China and Iran and worrying about being labeled
a federal agent? What was going on?
Berman emailed back, reassuring Dingledine that he and his agency were ready to do anything it took
to protect Tor’s independent image. “Roger—we will do any spin you want to do to help preserve the
independence of TOR,” he wrote. “We can’t (nor should we) hide it for the reasons you have outlined
below, but we also don’t want to shout if from the rafters, either.”
Berman was an old hand at this. He had spent years funding anti-censorship technology at the agency,
and he offered a simple solution. He recommended that Dingledine be transparent about Tor’s government
funding but also downplay the significance of this relationship and instead focus on the fact that it was all
for a good cause: Tor helped guarantee free speech on the Internet. It was sage advice. Saying this would
head off any potential criticism, and admitting that Tor got a bit of money from the US government would
only serve as proof that Tor had nothing to hide. After all, what could be nefarious about the government
funding freedom of speech on the Internet?
Others chimed in with advice, as well. One BBG contractor replied to the email thread to tell
Dingledine not to worry. No one will care. There will be no backlash. He explained that, in his
experience, if people knew about the BBG at all, they considered it totally harmless. “I think most people,
especially the smart people who count, understand that government can be good or bad, and government
offices, like puppies, should be encouraged when they do the right thing,” he wrote.
31
Despite their reassurances, Dingledine was right to be concerned.
To be truly effective, Tor couldn’t be perceived as a government system. That meant he needed to put
as much distance as possible between Tor and the military intelligence structures that created it. But with
funding from the BBG, Dingledine brought Tor right back into the heart of the beast. The BBG might have
had a bland name and professed a noble mission to inform the world and spread democracy. In truth, the
organization was an outgrowth of the Central Intelligence Agency.
Covert Operations
The story of the Broadcasting Board of Governors begins in Eastern Europe in 1948.
World War II was over, but the United States was already busy gearing up for battle with its main
ideological enemy, the Soviet Union. Many generals believed that nuclear war was imminent and that the
final confrontation between capitalism and communism was at hand. They drew up elaborate plans for
nuclear conquest. America would take out major Soviet cities with nukes and send anticommunist
commandos who had been recruited from local populations to take charge and set up provisional
governments. The Central Intelligence Agency, along with clandestine military services, trained Eastern
Europeans, many of whom had been Nazi collaborators, for the fateful day when they would be
parachuted into their homelands to take charge.
32
Though the more hawkish US generals seemed eager for nuclear conflict, many believed that open war
with the Soviet Union was too dangerous and cooler heads prevailed. They counseled instead for a more
measured approach. George Kennan—the architect of the post–World War II policy of “containment”—
pushed for expanding the role of covert programs to fight the Soviet Union. The plan was to use sabotage,
assassinations, propaganda, and covert financing of political parties and movements to halt the spread of
communism in postwar Europe, and then to use these same covert tools to defeat the Soviet Union itself.
Kennan believed that closed authoritarian societies were inherently unstable in comparison with open
democratic ones like the United States. To him, traditional war with the Soviet Union was not necessary.
Given enough external pressure, he believed, the country would eventually collapse from the weight of its
own “internal contradictions.”
33
In 1948, George Kennan helped craft National Security Council Directive 10/2, which officially
authorized the CIA—with consultation and oversight from the State Department—to engage in “covert
operations” against the communist influence, including everything from economic warfare to sabotage,
subversion, and support for armed guerrillas. The directive gave the CIA carte blanche to do whatever
was required to fight communism wherever it reared its head.
34 Naturally, propaganda emerged as a key
part of the agency’s covert operations arsenal. The CIA established and funded radio stations,
newspapers, magazines, historical societies, émigré research institutes, and cultural programs all over
Europe.
35 “These were very broad programs designed to influence world public opinion at virtually
every level, from illiterate peasants in the fields to the most sophisticated scholars in prestigious
universities,” wrote historian Christopher Simpson in Blowback, a book about the CIA’s use of Nazis and
collaborators after World War II. “They drew on a wide range of resources: labor unions, advertising
agencies, college professors, journalists, and student leaders.”
36
In Munich, the CIA set up Radio Free Europe and Radio Liberation From Bolshevism (later renamed
Radio Liberty), which beamed propaganda in several languages via powerful antennas in Spain into the
Soviet Union and Soviet satellite states of Eastern Europe. These stations had a combined annual CIA
budget of $35 million—an enormous sum in the 1950s—but the agency’s involvement was hidden by
running everything through private front groups.
37 They broadcast a range of materials, from straight news
and cultural programming to purposeful disinformation and smears aimed at spreading panic and
delegitimizing the Soviet government. In some cases, the stations, especially those targeting Ukraine,
Germany, and the Baltic States, were staffed by known Nazi collaborators and broadcast anti-Semitic
propaganda.
38 Although slanted and politicized, these stations provided the only source of unsanctioned
outside information to the people of the Soviet bloc. They became highly effective at communicating
American ideals and influencing cultural and intellectual trends.
These projects were not restricted to Europe. As America’s fight against communism shifted and
spread around the world, new destabilization and propaganda initiatives were added. The People’s
Republic of China was targeted in 1951, when the agency launched Radio Free Asia, which broadcast
into mainland China from an office in San Francisco via a radio transmitter in Manila.
39
In the 1960s, the
CIA launched projects targeting leftist movements in Central and South America. Broadcasts targeting
Vietnam and North Korea came online as well.
40
In the words of the CIA, these stations were leading a fight for the “minds and loyalties” of people
living in communist countries. The agency later boasted that these early “psychological warfare” radio
projects were “one of the longest running and successful covert action campaigns ever mounted by the
United States.”
41
It was all part of a larger push that Princeton professor Stephen Kotkin refers to as a
proactive sphere of cultural and economic influence. “It was a strategy, and that is how the Cold War was
won.”
42
This anti-communist global radio network was exposed in a spectacular 1967 CBS program hosted by
Mike Wallace, “In the Pay of the CIA.”
43 Subsequent congressional investigations brought the agency’s
role under further scrutiny, but exposure did not stop the projects; it simply led to a management shakeup:
Congress agreed to take over funding of this propaganda project and to run it out in the open.
Over the next several decades, these radio stations were shuffled, reorganized, and steadily expanded.
By the early 2000s, they had grown into the Broadcasting Board of Governors, a federal agency apparatus
that functioned like a holding company for rehabilitated CIA propaganda properties. Today it is a big
operation that broadcasts in sixty-one languages and blankets the globe: Cuba, China, Iraq, Lebanon,
Libya, Morocco, Sudan, Iran, Afghanistan, Russia, Ukraine, Serbia, Azerbaijan, Belarus, Georgia, North
Korea, Laos, and Vietnam.
44
The bulk of the BBG is no longer funded from the CIA’s black budget, but the agency’s original Cold
War goal and purpose—subversion and psychological operations directed against countries deemed
hostile to US interests—remain the same.
45 The only thing that did change about the BBG is that today
more and more of its broadcasts are taking place online.
The agency’s relationship with the Tor Project started with China.
Internet Freedom
The CIA had been targeting the People’s Republic of China with covert broadcasting since at least 1951,
when the agency launched Radio Free Asia. Over the decades, the agency shut down and relaunched
Radio Free Asia under different guises and, ultimately, handed it off to the Broadcasting Board of
Governors.
46
When the commercial Internet began to penetrate China in the early 2000s, BBG and Radio Free Asia
channeled their efforts into web-based programming. But this expansion didn’t go very smoothly. For
years, China had been jamming Voice of America and Radio Free Asia programs by playing loud noises
or looping Chinese opera music over the same frequencies with a more powerful radio signal, which
bumped American broadcasts off the air.
47 When these broadcasts switched to the Internet, Chinese
censors hit back, blocking access to BBG websites as well as sporadically cutting access to private
Internet services like Google.
48 There was nothing surprising about this. Chinese officials saw the Internet
as just another communication medium being used by America to undermine their government. Jamming
this kind of activity was standard practice in China long before the Internet arrived.
49
Expected or not, the US government did not let the matter drop. Attempts by China to control its own
domestic Internet space and block access to material and information were seen as belligerent acts—
something like a modern trade embargo that limited US businesses’ and government agencies’ ability to
operate freely. Under President George W. Bush, American foreign policy planners formulated policies
that would become known over the next decade as “Internet Freedom.”
50 While couched in lofty language
about fighting censorship, promoting democracy, and safeguarding “freedom of expression,” these
policies were rooted in big power politics: the fight to open markets to American companies and expand
America’s dominance in the age of the Internet.
51
Internet Freedom was enthusiastically backed by
American businesses, especially budding Internet giants like Yahoo!, Amazon, eBay, Google, and later
Facebook and Twitter. They saw foreign control of the Internet, first in China but also in Iran and later
Vietnam, Russia, and Myanmar, as an illegitimate check on their ability to expand into new global
markets, and ultimately as a threat to their businesses.
Internet Freedom required a new set of “soft-power” weapons: digital crowbars that could be used to
wrench holes in a country’s telecommunications infrastructure. In the early 2000s, the US government
began funding projects that would allow people inside China to tunnel through their country’s government
firewall.
52 The BBG’s Internet Anti-Censorship Division led the pack, sinking millions into all sorts of
early “censorship circumvention” technologies. It backed SafeWeb, an Internet proxy funded by the CIA’s
venture capital firm In-Q-Tel. It also funded several small outfits run by practitioners of Falun Gong, a
controversial Chinese anticommunist cult banned in China whose leader believes that humans are being
corrupted by aliens from other dimensions and that people of mixed blood are subhumans and unfit for
salvation.
53
The Chinese government saw these anti-censorship tools as weapons in an upgraded version of an old
war. “The Internet has become a new battlefield between China and the U.S.” declared a 2010 editorial of
the Xinhua News Agency, China’s official press agency. “The U.S. State Department is collaborating with
Google, Twitter and other IT giants to jointly launch software that ‘will enable everyone to use the
Internet freely,’ using a kind of U.S. government provided anti-blocking software, in an attempt to spread
ideology and values in line with the United States’ demands.”
54
China saw Internet Freedom as a threat, an illegitimate attempt to undermine the country’s sovereignty
through “network warfare,” and began building a sophisticated system of Internet censorship and control,
which grew into the infamous Great Firewall of China. Iran soon followed in China’s footsteps.
It was the start of a censorship arms race. But there was a problem: the early anti-censorship tools
backed by the BBG didn’t work very well. They had few users and were easily blocked. If Internet
Freedom was going to triumph, America needed bigger and stronger weapons. Luckily, the US Navy had
just developed a powerful anonymity technology to hide its spies, a technology that could easily be
adapted to America’s Internet Freedom war.
Russia Deployment Plan
When Tor joined the Broadcasting Board of Governors in early 2006, Roger Dingledine was aware of
America’s escalating Internet Freedom conflict and accepted Tor’s role as a weapon in this fight. China
and Iran were throwing up ever more sophisticated censorship techniques to block US programming, and
Dingledine talked up Tor’s ability to meet this challenge. “We already have tens of thousands of users in
Iran and China and similar countries, but once we get more popular, we’re going to need to be prepared to
start the arms race,” he wrote to the BBG in 2006, laying out a plan to progressively add features to the
Tor network that would make it harder and harder to block.
55
The Tor Project was the BBG’s most sophisticated Internet Freedom weapon, and the agency pushed
Dingledine to reach out to foreign political activists and get them to use the tool. But as Dingledine
quickly discovered, his organization’s ties to the US government aroused suspicion and hampered his
ability to attract users.
One of those lessons came in 2008. Early that year, the BBG instructed Dingledine to carry out what
he dubbed the “Russian Deployment Plan,” which involved adding a Russian language option to Tor’s
interface and working to train Russian activists in how to properly use the service.
56
In February 2008, weeks before Russia’s presidential elections, Dingledine sent an email request to a
Russian privacy activist named Vlad. “One of our funders… [the Broadcasting Board of Governors]
wants us to start reaching out to real users who might need these tools at some point,” Dingledine
explained. “So we settled on Russia, which is increasingly on their radar as a country that may have a
serious censorship problem in the next few years.… So: please don’t advertise this anywhere yet. But if
you’d like to be involved in some way, or you have advice, please do let me know.”
57
Vlad was glad to hear from Dingledine. He knew about Tor and was a fan of the technology, but he had
doubts about the plan. He explained that censorship was not currently an issue in Russia. “The main
problem in Russia at this time is not a government censorship (in the sense of the Great Firewall of China
or some Arab states), but a self-censorship of many websites, especially of regional organizations.
Unfortunately, this is not what Tor can entirely solve by itself,” he replied. In other words: Why fix a
problem that did not exist?
But a bigger question hung over Dingledine’s request, one concerning Tor’s ties to the US government.
Vlad explained that he and others in Russia’s privacy community were concerned about what he
described as Tor’s “dependence on ‘Uncle Sam’s’ money” and that “some sponsors of the Tor Project are
associated with the US State Department.” He continued: “I understand this is an ambiguous and quite
vague question, but do such sponsorship brings up any unusual issues to the Tor Project and Tor
development process?”
Given the deteriorating political relations between Russia and the United States, the subtext of the
question was obvious: How close was Tor to the US government? And, in this strained geopolitical
climate, will these ties cause problems for Russian activists like him back home? These were honest
questions, and relevant ones. The emails I obtained through the Freedom of Information Act do not show
whether Dingledine ever replied. How could he? What would he say?
The Tor Project had positioned itself as an “independent nonprofit,” but when Dingledine reached out
to Vlad in early 2008, it was operating as a de facto arm of the US government.
The correspondence left little room for doubt. The Tor Project was not a radical indie organization
fighting The Man. For all intents and purposes, it was The Man. Or, at least, The Man’s right hand.
Intermixed with updates on new hires, status reports, chatty suggestions for hikes and vacation spots, and
the usual office banter, internal correspondence reveals Tor’s close collaboration with the BBG and
multiple other wings of the US government, in particular those that dealt with foreign policy and soft power projection. Messages describe meetings, trainings, and conferences with the NSA, CIA, FBI, and
State Department.
58 There are strategy sessions and discussions about the need to influence news
coverage and control bad press.
59 The correspondence also shows Tor employees taking orders from
their handlers in the federal government, including plans to deploy their anonymity tool in countries
deemed hostile to US interests: China, Iran, Vietnam, and, of course, Russia. Despite Tor’s public
insistence it would never put in any backdoors that gave the US government secret privileged access to
Tor’s network, the correspondence shows that in at least one instance in 2007, Tor revealed a security
vulnerability to its federal backer before alerting the public, potentially giving the government an
opportunity to exploit the weakness to unmask Tor users before it was fixed.
60
The funding record tells the story even more precisely. Aside from Google paying a handful of college
students to work at Tor via the company’s Summer of Code program, Tor was subsisting almost
exclusively on government contracts. By 2008, that included contracts with DARPA, the navy, the BBG,
and the State Department as well as Stanford Research Institute’s Cyber-Threat Analytics program.
61 Run
by the US Army, this initiative had come out of the NSA’s Advanced Research and Development Activity
division—a “sort of national laboratory for eavesdropping and other spycraft” is how James Bamford
describes it in The Shadow Factory.
62 And a few months after reaching out to Vlad, Dingledine was in the
middle of closing another $600,000 contract with the State Department,
63
this time from its Democracy,
Human Rights, and Labor division, which had been created during President Bill Clinton’s first term and
which was tasked with doling out grants for “democracy assistance.”
64
What would someone like Vlad think of all this? Obviously, nothing good. And that was an issue.
The Tor Project needed users to trust its technology and show enthusiasm. Credibility was key. But
Dingledine’s outreach to Russian privacy activists was a rude reminder that Tor couldn’t shake its
government affiliation and all the negative connotations that came with it. It was a problem that
Dingledine had guessed would haunt Tor when he accepted BBG’s first contract back in 2006.
Clearly, Tor needed to do something to change public perception, something that could help distance
Tor from its government sponsors once and for all. As luck would have it, Dingledine found the perfect
man for the job: a young, ambitious Tor developer who could help rebrand the Tor Project as a group of
rebels that made Uncle Sam tremble in his jackboots.
A Hero Is Born
Jacob Appelbaum was born in 1983 on April Fools’ Day. He grew up in Santa Rosa, a city just north of
San Francisco, in a bohemian family. He liked to talk up his rough upbringing: a schizophrenic mother, a
musician-turned-junkie dad, and a domestic situation that got so bad he had to fish used needles out of the
couch as a kid. But he was also a smart middle-class Jewish kid with a knack for programming and
hacking. He attended Santa Rosa Junior College and took classes in computer science.
65 He dressed in
goth black and dabbled in steampunk photography, taking retro-futuristic pictures of young women decked
out in Victorian-era dresses in front of steam engines and locomotives. Politically, he identified as a
libertarian.
Like most young libertarians, he was enchanted by Ayn Rand’s The Fountainhead, which he described
as one of his favorite books. “I took up this book while I was traveling around Europe last year. Most of
my super left wing friends really dislike Ayn Rand for some reason or another. I cannot even begin to
fathom why, but hey, to each their own,” he wrote in his blog diary. “While reading The Fountainhead I
felt like I was reading a story about people that I knew in my everyday life. The characters were simple.
The story was simple. What I found compelling was the moral behind the story. I suppose it may be
summed up in one line… Those that seek to gather you together for selfless actions, wish to enslave
you for their own gain.”
66
He moved to San Francisco and worked low-level computer jobs with an emphasis in network
management, but he chafed at regular tech jobs and pined for something meaningful.
67 He took time off to
volunteer in New Orleans after Hurricane Katrina and somehow wound up in Iraq hanging out with a
military contractor buddy who was installing satellite service in the war-torn country. He returned to the
Bay Area more determined than ever to live an exciting life. “Life is too short to waste it on jobs that I do
not enjoy,” he said in a 2005 interview.
68 One day he’d join a porn start-up company, dress in black, dye
his hair red, and pose with a power tool dildo for Wired magazine.
69 The next day he’d travel halfway
around the world to use his skills for the greater good. “I’m a freelance hacker. I work helping groups that
I feel really need my help. They come to me and ask me for my services,” he said. “More often than not,
I’m simply setting up their networks and systems around the world. It depends on how I feel about the
work they’re doing. It has to be both an interesting job and for an interesting result.”
Appelbaum also began to develop a bad reputation in the Bay Area hacker scene for his aggressive,
unwanted sexual advances. San Francisco journalist Violet Blue recounted how he spent months trying to
coerce and bully women into having sex with him, attempted to forcefully isolate his victims in rooms or
stairwells at parties, and resorted to public shaming if his advances were rebuffed.
70 This pattern of
behavior would trigger his downfall almost a decade later. But for now, his star was ascendant. And in
2008, Appelbaum finally got his dream job—a position that could expand with his giant ego and ambition.
In April of that year, Dingledine hired him as a full-time Tor contractor.
71 He had a starting salary of
$96,000 plus benefits and was put to work making Tor more user-friendly. He was a good coder, but he
didn’t stay focused on the technical side for long. As Dingledine discovered, Appelbaum proved better
and much more useful at something else: branding and public relations.
Tor employees were computer engineers, mathematicians, and encryption junkies. Most of them were
introverts, and socially awkward. Even worse: some, like Roger Dingledine, had spent time at US
intelligence agencies and proudly displayed this fact on their online CVs—a not-so-subtle sign of a lack
of radicalness.
72 Appelbaum added a different element to the organization. He had flair, a taste for drama
and hyperbole. He was full of tall tales and vanity, and he had a burning desire for the spotlight.
Within months of getting the job, he assumed the role of official Tor Project spokesman and began
promoting Tor as a powerful weapon against government oppression.
While Dingledine focused on running the business, Jacob Appelbaum jet-setted to exotic locations
around the world to evangelize and spread the word. He’d hit ten countries in a month and not bat an eye:
Argentina, India, Poland, South Korea, Belgium, Switzerland, Canada, Tunisia, Brazil, and even Google’s
campus in Mountain View, California.
73 He gave talks at technology conferences and hacker events, powwowed with Silicon Valley executives, visited Hong Kong, trained foreign political activists in the
Middle East, and showed former sex workers in Southeast Asia how to protect themselves online. He
also met with Swedish law enforcement agencies, but that was done out of the public eye.
74
Over the next several years, Dingledine’s reports back to the BBG were filled with descriptions of
Appelbaum’s successful outreach. “Lots of Tor advocacy,” wrote Dingledine. “Another box of Tor
stickers applied to many many laptops. Lots of people were interested in Tor and many many people
installed Tor on both laptops and servers. This advocacy resulted in at least two new high bandwidth
nodes that he helped the administrators configure.”
75
Internal documents show that the proposed budget
for Dingledine and Appelbaum’s global publicity program was $20,000 a year, which included a public
relations strategy.
76 “Crafting a message that the media can understand is a critical piece of this,”
Dingledine explained in a 2008 proposal. “This isn’t so much about getting good press about Tor as it is
about preparing journalists so if they see bad press and consider spreading it further, they’ll stop and
think.…”
77
Appelbaum was energetic and did his best to promote Tor among privacy activists, cryptographers,
and, most important of all, the radical cypherpunk movement that dreamed of using encryption to take on
the power of governments and liberate the world from centralized control. In 2010, he snagged the
support of Julian Assange, a silver-haired hacker who wanted to free the world of secrets.
Tor Gets Radical
Appelbaum and Julian Assange had met in Berlin sometime in 2005, just as the mysterious Australian hacker was getting ready to set WikiLeaks in motion. Assange’s idea for WikiLeaks was simple: government tyranny can only survive in an ecosystem of secrecy. Take away the ability of the powerful to keep secrets, and the whole facade will come crashing down around them. “We are going to fuck them all,” wrote Assange giddily on a secret listserv, after announcing his goal of raising $5 million for the WikiLeaks effort. “We’re going to crack the world open and let it flower into something new. If fleecing the CIA will assist us, then fleece we will.” 78
Appelbaum watched as Assange slowly erected WikiLeaks from nothing, building up a dedicated
following by trawling hacker conferences for would-be leakers. The two became good friends, and
Appelbaum would later brag to journalist Andy Greenberg that they were so close, they’d fuck chicks
together. One New Year’s morning the two woke up in an apartment in Berlin in one bed with two
women. “That was how we rolled in 2010,” he said.
Soon after that supposedly wild night, Appelbaum decided to attach himself to the WikiLeaks cause.
He spent a few weeks with Assange and the original WikiLeaks crew in Iceland as they prepared their
first major release and helped secure the site’s anonymous submissions system using Tor’s hidden service
feature, which hid the physical location of WikiLeaks servers and in theory made them much less
susceptible to surveillance and attack. From then on, the WikiLeaks site proudly advertised Tor: “secure,
anonymous, distributed network for maximum security.”
Appelbaum’s timing couldn’t have been better. Late that summer WikiLeaks caused an international
sensation by publishing a huge cache of classified government documents stolen and leaked by Chelsea
(née Bradley) Manning, a young US Army private who was stationed in Iraq. First came the war logs
from Afghanistan, showing how the United States had systematically underreported civilian casualties and
operated an elite assassination unit. Next came the Iraq War logs, providing irrefutable evidence that
America had armed and trained death squads in a brutal counterinsurgency campaign against Iraq’s Sunni
minority, which helped fuel the Shia-Sunni sectarian war that led to hundreds of thousands of deaths and
ethnic cleansing in parts of Baghdad.
79 Then came the US diplomatic cables, offering an unprecedented
window into the inner workings of American diplomacy: regime change, backroom deals with dictators,
corruption of foreign leaders brushed under the table in the name of stability.
80
Assange was suddenly one of the most famous people in the world—a fearless radical taking on the
awesome power of the United States. Appelbaum did his best to be Assange’s right-hand man. He served
as the organization’s official American representative and bailed the founder of WikiLeaks out of tough
spots when the heat from US authorities got too hot.
81 Appelbaum became so intertwined with WikiLeaks
that apparently some staffers talked about him leading the organization if something were to happen to
Assange.
82 But Assange kept firm control of WikiLeaks, even after he was forced to go into hiding at the
Ecuadorian embassy in London to escape extradition back to Sweden to face an investigation of rape
allegations.
It’s not clear whether Assange knew that Appelbaum’s salary was being paid by the same government
he was trying to destroy. What is clear is that Assange gave Appelbaum and Tor wide credit for helping
WikiLeaks. “Jake has been a tireless promoter behind the scenes of our cause,” he told a reporter. “Tor’s
importance to WikiLeaks cannot be understated.”
83
With those words, Appelbaum and the Tor Project became central heroes in the WikiLeaks saga, right
behind Assange. Appelbaum leveraged his new rebel status for all it was worth. He regaled reporters
with wild stories of how his association with WikiLeaks made him a wanted man. He talked about being
pursued, interrogated, and threatened by shadowy government forces. He described in chilling detail how
he and everyone he knew were thrown into a nightmare world of Big Brother harassment and
surveillance. He claimed his mother was targeted. His girlfriend received nightly visits by men clad in
black. “I was in Iceland working with a friend about their constitution’s reform. And she saw two men
outside of her house on the ground floor in her backyard, meaning that they were on her property inside of
a fence. And they—one of them was wearing night vision goggles and watching her sleep,” he recounted
in a radio interview. “So she just laid in bed in pure terror for the period of time in which they stood there
and watched her. And presumably, this is because there was a third person in the house placing a bug or
doing something else, and they were keeping watch on her to make sure that if she were to hear something
or to get up, they would be able to alert this other person.”
84
He was a great performer and had a knack for giving journalists what they wanted. He spun fantastic
stories, and Tor was at the center of them all. Reporters lapped it up. The more exaggerated and heroic
his performance, the more attention flowed his way. News articles, radio shows, television appearances,
and magazine spreads. The media couldn’t get enough.
In December 2010, Rolling Stone published a profile of Appelbaum as “the Most Dangerous Man in
Cyberspace.” The article portrayed him as a fearless techno-anarchist warrior who had dedicated his life
to taking down America’s evil military-surveillance apparatus, no matter the cost to his own life. It was
full of high drama, chronicling Appelbaum’s life on the post-WikiLeaks run. Descriptions of barren
hideout apartments, Ziploc bags filled with cash from exotic locations, and photos of scantily clad punk
girls—presumably Appelbaum’s many love interests. “Appelbaum has been off the grid ever since—
avoiding airports, friends, strangers and unsecure locations, traveling through the country by car. He’s
spent the past five years of his life working to protect activists around the world from repressive
governments. Now he is on the run from his own,” wrote Rolling Stone reporter Nathaniel Rich.
85
His association with WikiLeaks and Assange boosted the Tor Project’s public profile and radical
credentials. Support and accolades poured in from journalists, privacy organizations, and government
watchdogs. The American Civil Liberties Union partnered with Appelbaum on an Internet privacy
project, and New York’s Whitney Museum—one of the leading modern art museums in the world—
invited him for a “Surveillance Teach-In.”
86 The Electronic Frontier Foundation gave Tor its Pioneer
Award, and Roger Dingledine made it on Foreign Policy magazine’s list of Top 100 Global Thinkers for
protecting “anyone and everyone from the dangers of Big Brother.”
87
As for Tor’s deep, ongoing ties to the US government? Well, what of them? To any doubters, Jacob
Appelbaum was held up as living, breathing proof of the radical independence of the Tor Project. “If the
users or developers he meets worry that Tor’s government funding compromises its ideals, there’s no one
better than Appelbaum to show the group doesn’t take orders from the feds,” wrote journalist Andy
Greenberg in This Machine Kills Secrets, a book about WikiLeaks. “Appelbaum’s best evidence of Tor’s
purity from Big Brother’s interference, perhaps, is his very public association with WikiLeaks, the
American government’s least favorite website.”
With Julian Assange endorsing Tor, reporters assumed that the US government saw the anonymity
nonprofit as a threat. But internal documents obtained through FOIA from the Broadcasting Board of
Governors, as well as an analysis of Tor’s government contracts, paint a different picture. They reveal
that Appelbaum and Dingledine worked with Assange on securing WikiLeaks with Tor since late 2008
and that they kept their handlers at the BBG informed about their relationship and even provided
information about the inner workings of WikiLeaks secure submissions system.
“Talked to the WikiLeaks people (Daniel and Julian) about their use of Tor hidden services, and how
we can make things better for them,” Dingledine wrote in a progress report he sent to the BBG in January
2008. “It turns out they use the hidden service entirely as a way to keep users from screwing up—either it
works and they know they’re safe or it fails, but either way they don’t reveal what they’re trying to leak
locally. So I’d like to add a new ‘secure service’ feature that’s just like a hidden service but it only makes
one hop from the server side rather than three. A more radical design would be for the ‘intro point’ to be
the service itself, so it really would be like an exit enclave.”
88
In another progress report sent to the BBG
two years later, in February 2010, Dingledine wrote, “Jacob and WikiLeaks people met with
policymakers in Iceland to discuss freedom of speech, freedom of press, and that online privacy should be
a fundamental right.”
No one at the BBG raised any objections. To the contrary, they appeared to be supportive. We do not
know if anyone at the BBG forwarded this information to some other government body, but it would not
be hard to imagine that information about WikiLeaks’ security infrastructure and submission system was
of great interest to US intelligence agencies.
Perhaps most telling was that support from the BBG continued even after WikiLeaks began publishing
classified government information and Appelbaum became the target of a larger Department of Justice
investigation into WikiLeaks. For example, on July 31, 2010, CNET reported that Appelbaum had been
detained at the Las Vegas airport and questioned about his relationship with WikiLeaks.
89 News of the
detention made headlines around the world, once again highlighting Appelbaum’s close ties to Julian
Assange. And a week later, Tor’s executive director Andrew Lewman, clearly worried that this might
affect Tor’s funding, emailed Ken Berman at the BBG in the hopes of smoothing things over and
answering “any questions you may have about the recent press regarding Jake and WikiLeaks.” But
Lewman was in for a pleasant surprise: Roger Dingledine had been keeping the folks at the BBG in the
loop, and everything seemed to be okay. “Great stuff, thx. Roger answered a number of questions when he
met us this week in DC,” Berman replied.
90
Unfortunately, Berman didn’t explain in the email what he and Dingledine discussed about Appelbaum
and WikiLeaks during their meeting. What we do know is that Tor’s association with WikiLeaks produced
no real negative impact on Tor’s government contracts.
91
Its 2011 contracts came in without a hitch—$150,000 from the Broadcasting Board of Governors and
$227,118 from the State Department.
92 Tor was even able to snag a big chunk of money from the
Pentagon: a new $503,706 annual contract from the Space and Naval Warfare Systems Command, an elite
information and intelligence unit that houses a top-secret cyber-warfare division.
93 The navy contract was
passed through SRI, the old Stanford military contractor that had done counterinsurgency, networking, and
chemical weapons work for ARPA back in the 1960s and 1970s. The funds were part of a larger navy
“Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance”
program to improve military operations. A year later, Tor would see its government contracts more than
double to $2.2 million: $353,000 from the State Department, $876,099 from the US Navy, and $937,800
from the Broadcasting Board of Governors.
94
When I crunched the numbers, I couldn’t help but do a double take. It was incredible. WikiLeaks had
scored a direct hit on Tor’s government backers, including the Pentagon and State Department. Yet
Appelbaum’s close partnership with Assange produced no discernable downside.
I guess it makes sense, in a way. WikiLeaks might have embarrassed some parts of the US government,
but it also gave America’s premier Internet Freedom weapon a major injection of credibility, enhancing
its effectiveness and usefulness. It was an opportunity.
Social Media as a Weapon
In 2011, less than a year after WikiLeaks broke onto the world stage, the Middle East and North Africa
exploded like a powder keg. Seemingly out of nowhere, huge demonstrations and protests swept through
the region. It started in Tunisia, where a poor fruit seller lit himself on fire to protest humiliating
harassment and extortion at the hands of the local police. He died from his burns on January 4, triggering a
national protest movement against Tunisia’s dictatorial president, Zine El Abidine Ben Ali, who had ruled
the country for twenty-three years. Within weeks, massive anti-government protests spread to Egypt,
Algeria, Oman, Jordan, Libya, and Syria.
The Arab Spring had arrived.
In Tunisia and Egypt, these protest movements toppled longstanding dictatorships from within. In
Libya, opposition forces deposed and savagely killed Muammar Gaddafi, knifing him in the anus, after an
extensive bombing campaign from NATO forces. In Syria, protests were met with a brutal crackdown
from Bashar Assad’s government, and led to a protracted war that would claim hundreds of thousands of
lives and trigger the worst refugee crisis in recent history, pulling in Saudi Arabia, Turkey, Israel, the
CIA, the Russian Air Force and special operations teams, Al-Qaeda, and ISIL. Arab Spring turned into a
long, bloody winter.
The underlying causes of these opposition movements were deep, complex, and varied from country to
country. Youth unemployment, corruption, drought and related high food prices, political repression,
economic stagnation, and longstanding geopolitical aspirations were just a few of the factors. To a young
and digitally savvy crop of State Department officials and foreign policy planners, these political
movements had one thing in common: they arose because of the democratizing power of the Internet. They
saw social media sites like Facebook, Twitter, and YouTube as democratic multipliers that allowed
people to get around official state-controlled information sources and organize political movements
quickly and efficiently.
“The Che Guevara of the 21st Century is the network,” Alec Ross, a State Department official in
charge of digital policy under Secretary of State Hillary Clinton, gushed in the NATO Review, the official
magazine of the North Atlantic Treaty Organization.
95 His Che reference smacks of hypocrisy or perhaps
ignorance; Che, after all, was executed by Bolivian forces backed by the United States, in particular, by
the CIA.[effin clown dc]
The idea that social media could be weaponized against countries and governments deemed hostile to
US interests wasn’t a surprise. For years the State Department, in partnership with the Broadcasting
Board of Governors and companies like Facebook and Google, had worked to train activists from around
the world on how to use Internet tools and social media to organize opposition political movements.
Countries in Asia, the Middle East, and Latin America as well as former Soviet states like the Ukraine
and Belarus were all on the list. Indeed, the New York Times reported that many of the activists who
played leading roles in the Arab Spring—from Egypt to Syria to Yemen—had taken part in these training
sessions.
96
“The money spent on these programs was minute compared with efforts led by the Pentagon,” reported
the New York Times in April 2011. “But as American officials and others look back at the uprisings of the
Arab Spring, they are seeing that the United States’ democracy-building campaigns played a bigger role in
fomenting protests than was previously known, with key leaders of the movements having been trained by
the Americans in campaigning, organizing through new media tools and monitoring elections.” The
trainings were politically charged and were seen as a threat by Egypt, Yemen, and Bahrain—all of which
lodged complaints with the State Department to stop meddling in their domestic affairs, and even barred
US officials from entering their countries.
97
An Egyptian youth political leader who attended State Department training sessions and then went on
to lead protests in Cairo told the New York Times, “We learned how to organize and build coalitions. This
certainly helped during the revolution.” A different youth activist, who had participated in Yemen’s
uprising, was equally enthusiastic about the State Department social media training: “It helped me very
much because I used to think that change only takes place by force and by weapons.”
Staff from the Tor Project played a role in some of these trainings, taking part in a series of Arab
Blogger sessions in Yemen, Tunisia, Jordan, Lebanon, and Bahrain, where Jacob Appelbaum taught
opposition activists how to use Tor to get around government censorship.
98 “Today was fantastic… really
a fantastic meeting of minds in the Arab world! It’s enlightening and humbling to have been invited. I
really have to recommend visiting Beirut. Lebanon is an amazing place. Friendly people, good food,
intense music, insane taxis,” Appelbaum tweeted after an Arab Bloggers training event in 2009, adding:
“If you’d like to help Tor please sign up and help translate Tor software into Arabic.”
99
Activists later put the skills taught at these training sessions to use during the Arab Spring, routing
around Internet blocks that their governments threw up to prevent them from using social media to
organize protests. “There would be no access to Twitter or Facebook in some of these places if you didn’t
have Tor. All of the sudden, you had all these dissidents exploding under their noses, and then down the
road you had a revolution,” Nasser Weddady, a prominent Arab Spring activist from Mauritania, later told
Rolling Stone. Weddady, who had taken part in the Tor Project’s training sessions and who had translated
a widely circulated guide on how to use the tool into Arabic, credited it with helping keep the Arab
Spring uprisings alive. “Tor rendered the government’s efforts completely futile. They simply didn’t have
the know-how to counter that move.”
100
From a higher vantage point, the Tor Project was a wild success. It had matured into a powerful
foreign policy tool—a soft-power cyber weapon with multiple uses and benefits. It hid spies and military
agents on the Internet, enabling them to carry out their missions without leaving a trace. It was used by the
US government as a persuasive regime-change weapon, a digital crowbar that prevented countries from
exercising sovereign control over their own Internet infrastructure. Counterintuitively, Tor also emerged
as a focal point for anti-government privacy activists and organizations, a huge cultural success that made
Tor that much more effective for its government backers by drawing fans and helping shield the project
from scrutiny.
And Tor was just the beginning.
The Arab Spring provided the US government with the confirmation it was looking for. Social media,
combined with technologies like Tor, could be tapped to bring huge masses of people onto the streets and
could even trigger revolutions. Diplomats in Washington called it “democracy promotion.” Critics called
it regime change.
101 But it didn’t matter what you called it. The US government saw that it could leverage
the Internet to sow discord and inflame political instability in countries it considered hostile to US
interests. Good or bad, it could weaponize social media and use it for insurgency. And it wanted more.
102
In the wake of the Arab Spring, the US government directed even more resources to Internet Freedom
technologies. The plan was to go beyond the Tor Project and launch all sorts of crypto tools to leverage
the power of social media to help foreign activists build political movements and organize protests:
encrypted chat apps and ultra secure operating systems designed to prevent governments from spying on
activists, anonymous whistle-blowing platforms that could help expose government corruption, and
wireless networks that could be deployed instantaneously anywhere in the world to keep activists
connected even if their government turned off the Internet.
103
Strangely enough, these efforts were about to get a major credibility boost from an unlikely source: an
NSA contractor by the name of Edward Snowden.
Strange Alliances
The post-WikiLeaks years were good for the Tor Project. With the government contracts flowing, Roger
Dingledine expanded the payroll, adding a dedicated crew of developers and managers who saw their job
in messianic terms: to free the Internet of government surveillance.
104
Jacob Appelbaum, too, was doing well. Claiming that harassment from the US government was too
much to bear, he spent most of his time in Berlin in a sort of self-imposed exile. There, he continued to do
the job Dingledine had hired him to do. He traveled the world training political activists and persuading
techies and hackers to join up as Tor volunteers. He also did various side projects, some of which blurred
the line between activism and intelligence gathering. In 2012, he made a trip to Burma, a longtime target
of US government regime-change efforts.
105 The purpose of the trip was to probe the country’s Internet
system from within and collect information on its telecommunications infrastructure, information that was
then used to compile a government report for policymakers and “international investors” interested in
penetrating Burma’s recently deregulated telecom market.
106
Appelbaum continued to draw a high five-figure salary from Tor, a government contractor funded
almost exclusively by military and intelligence grants. But, to the public, he was a real-life superhero on
the run from the US surveillance state—now hiding out in Berlin, the nerve center of the global hacker
scene known for its nerdy mix of machismo, all-night hackathons, drug use, and partner swapping. He was
a member of the Internet Freedom elite, championed by the American Civil Liberties Union and the
Electronic Frontier Foundation, given a board seat on eBay founder Pierre Omidyar’s Freedom of the
Press Foundation, and occupied an advisory role for London’s Centre for Investigative Journalism. His
fame and rebel status only made his job as Tor’s pitchman more effective.
In Berlin, Appelbaum caught another lucky break for the Tor Project. In 2013, his good friend and
sometimes-lover Laura Poitras, an American documentary filmmaker who also lived in the German
capital in self-imposed exile, was contacted by a mysterious source who told her he had access to the
crown jewels of the National Security Agency: documents that would blow America’s surveillance
apparatus wide open.
107 Poitras tapped Appelbaum’s knowledge of Internet systems to come up with a list
of questions to vet the possible leaker and to make sure he really was the NSA technician he claimed to
be. This source turned out to be Edward Snowden.
108
From the start, the Tor Project stood at the center of Snowden’s story. The leaker’s endorsement and
promotion introduced the project to a global audience, boosting Tor’s worldwide user base from one
million to six million almost overnight and injecting it into the heart of a burgeoning privacy movement. In
Russia, where the BBG and Dingledine had tried but failed to recruit activists for their Tor deployment
plan, use of the software increased from twenty thousand daily connections to somewhere around two
hundred thousand.
109
During a promotional campaign for the Tor Project, Snowden said:
Without Tor, the streets of the Internet become like the streets of a very heavily surveilled city. There are surveillance cameras
everywhere, and if the adversary simply takes enough time, they can follow the tapes back and see everything you’ve done. With Tor,
we have private spaces and private lives, where we can choose who we want to associate with and how, without the fear of what
that is going to look like if it is abused. The design of the Tor system is structured in such a way that even if the US Government
wanted to subvert it, it couldn’t.
110
Snowden didn’t talk about Tor’s continued government funding, nor did he address an apparent
contradiction: why the US government would fund a program that supposedly limited its own power.
111
Whatever Snowden’s private thoughts on the matter, his endorsement gave Tor the highest possible
seal of approval. It was like a Hacker’s Medal of Valor. With Snowden’s backing, no one even thought to
question Tor’s radical anti-government bona fides. [so what this all means is that Tor, Wikileaks, Assange, Snowden all part of a con by Washington DC dc]
To some, Edward Snowden was a hero. To others, he was a traitor who deserved to be executed.
Officials at the NSA claimed that he had caused irreparable harm to the security of the country, and every
intelligence agency and contractor went on to invest in costly “insider threat” programs designed to spy
on employees and make sure that another Edward Snowden would never pop up again. Some called for
bringing him back in a black-ops kidnapping; others, like Donald Trump, called for him to be
assassinated.
112 Anatoly Kucherena, Snowden’s Russian lawyer, claimed that the leaker’s life was in
danger. “There are real threats to his life out there that actually do exist,” he told one reporter.
Indeed, a lot of hate and malice was pointed in Snowden’s direction, but to those running the Internet
Freedom wing of the US military intelligence apparatus, his embrace of Tor and crypto culture could not
have come at a better moment.
In early January 2014, six months after Snowden’s leaks, Congress passed the Consolidated
Appropriations Act, an omnibus federal spending bill. Tucked into the bill’s roughly fifteen hundred pages
was a short provision that dedicated $50.5 million to the expansion of the US government’s Internet
Freedom arsenal. The funds were to be split evenly between the State Department and the Broadcasting
Board of Governors.
113
Although Congress had been providing funds for various anti censorship programs for years, this was
the first time that it budgeted money specifically for Internet Freedom. The motivation for this expansion
came out of the Arab Spring. The idea was to make sure the US government would maintain its
technological advantage in the censorship arms race that began in the early 2000s, but the funds were also
going into developing a new generation of tools aimed at leveraging the power of the Internet to help
foreign opposition activists organize into cohesive political movements.
114
The BBG’s $25.25 million cut of the cash more than doubled the agency’s anti-censorship technology
budget from the previous year, and the BBG funneled the money into the Open Technology Fund,
115 a new
organization it had created within Radio Free Asia to fund Internet Freedom technologies in the wake of
the Arab Spring.
116
Initially launched by the Central Intelligence Agency in 1951 to target China with anticommunist radio
broadcasts, Radio Free Asia had been shuttered and relaunched several times over the course of its
history.
117
In 1994, after the fall of the Soviet Union, it reappeared Terminator-like as a private nonprofit
corporation wholly controlled and funded by the Broadcasting Board of Governors.
118 Focused on
whipping up anticommunist sentiment in North Korea, Vietnam, Laos, Cambodia, Burma, and China,
Radio Free Asia played a central role in the US government’s anti-censorship arms race that had been
brewing ever since the BBG began pushing its China broadcasts through the Internet. Radio Free Asia had
trouble shedding its covert Cold War tactics.
119
In North Korea, it smuggled in tiny radios and buried
cellphones just inside the country’s border with China so that its network of informants could report back
on conditions inside the country. Following the death of Kim Jong Il in 2011, the radio “kicked into 24/7
emergency mode” to beam nonstop coverage of the death into North Korea in the hopes of triggering a
mass uprising. Radio Free Asia executives hoped that, bit by bit, the stream of anticommunist propaganda
directed at the country would bring about the collapse of the government.
120
Now, with the Open Technology Fund (OTF), Radio Free Asia oversaw the funding of America’s
Internet Freedom programs. To run OTF’s day-to-day operations, Radio Free Asia hired Dan Meredith, a
young techie who worked at Al-Jazeera in Qatar and who had been involved in the State Department’s
anti-censorship initiatives going back to 2011.
121 With a scruffy beard and messy blond surfer hair,
Meredith wasn’t a typical stuffy State Department suit. He was fluent in cypherpunk-hacktivist lingo and
was very much a part of the grassroots privacy community he sought to woo. In short, he wasn’t the kind
of person you’d expect to run a government project with major foreign policy implications.
With him at the helm, OTF put a lot of effort on branding. Outwardly, it looked like a grassroots
privacy activist organization, not a government agency. It produced hip 8-bit YouTube videos about its
mission to use “public funds to support Internet freedom projects” and promote “human rights and open
societies.” Its web layout constantly changed to reflect the trendiest design standards.
But if OTF appeared scrappy, it was also extremely well connected. The organization was supported
by a star-studded team—from best-selling science fiction authors to Silicon Valley executives and
celebrated cryptography experts. Its advisory board included big names from the Columbia Journalism
School, the Electronic Frontier Foundation, the Ford Foundation, Open Society Foundations, Google,
Slack, and Mozilla. Andrew McLaughlin, the former head of Google’s public relations team who had
brought in Al Gore to talk a California state senator into canceling legislation that would regulate Gmail’s
email scanning program, was part of the OTF team. So was Cory Doctorow, a best-selling young adult
science fiction author whose books about a totalitarian government’s surveillance were read and admired
by Laura Poitras, Jacob Appelbaum, Roger Dingledine, and Edward Snowden.
122 Doctorow was a huge
personality in the crypto movement who could fill giant conference halls at privacy conferences. He
publicly endorsed OTF’s Internet Freedom mission. “I’m proud to be a volunteer OTF advisor,” he
tweeted.
From behind this hip and connected exterior, BBG and Radio Free Asia built a vertically integrated
incubator for Internet Freedom technologies, pouring millions into projects big and small, including
everything from evading censorship to helping political organizing, protests, and movement building. With
its deep pockets and its recruitment of big-name privacy activists, the Open Technology Fund didn’t just
thrust itself into the privacy movement. In many ways, it was the privacy movement.
It set up lucrative academic programs and fellowships, paying out $55,000 a year to graduate students,
privacy activists, technologists, cryptographers, security researchers, and political scientists to study “the
Internet censorship climate in former Soviet states,” probe the “technical capacity” of the Great Firewall
of China, and track the “use of oppressive spyware command and control servers by repressive
governments.”
123
It expanded the reach and speed of the Tor Project network and directed several million dollars to
setting up high-bandwidth Tor exit nodes in the Middle East and Southeast Asia, both high-priority
regions for US foreign policy.
124
It bankrolled encrypted chat apps, ultrasecure operating systems
supposedly impervious to hacking, and next-generation secure email initiatives designed to make it hard
for governments to spy on activists’ communications. It backed anonymous WikiLeaks-like tools for
leakers and whistle-blowers who wanted to expose their government’s corruption. It co-invested with the
State Department in several “mesh networking” and “Internet-in-a-box” projects designed to keep
activists connected even if their government tried turning off local Internet connections.
125
It provided a
“secure cloud” infrastructure with server nodes all around the world to host Internet Freedom projects,
operated a “legal lab” that offered grantees legal protection in case something came up, and even ran a
“Rapid Response Fund” to provide emergency support to Internet Freedom projects that were deemed
vital and that required immediate deployment.
126
The Tor Project remained the best-known privacy app funded by the Open Technology Fund, but it
was quickly joined by another: Signal, an encrypted mobile phone messaging app for the iPhone and
Android.
Signal was developed by Open Whisper Systems, a for-profit corporation run by Moxie Marlinspike,
a tall, lanky cryptographer with a head full of dreadlocks. Marlinspike was an old friend of Jacob
Appelbaum, and he played a similar radical game. He remained cryptic about his real name and identity,
told stories of being targeted by the FBI, and spent his free time sailing and surfing in Hawaii. He had
made a good chunk of money selling his encryption start-up to Twitter and had worked with the State
Department on Internet Freedom projects since 2011, but he posed as a feisty anarchist fighting the
system. His personal website was called thoughtcrime.org—a reference to George Orwell’s 1984, which
seemed a bit tongue-in-cheek given that he was taking big money—nearly $3 million—from Big Brother
to develop his privacy app.
127
Signal was a huge success. Journalists, privacy activists, and cryptographers hailed Signal as an
indispensable Internet privacy tool. It was a complement to Tor in the age of mobile phones. While Tor
anonymized browsing, Signal encrypted voice calls and text, making it impossible for governments to
monitor communication. Laura Poitras gave it two secure thumbs up as a powerful people’s encryption
tool and told everyone to use it every day. People at the ACLU claimed that Signal made federal agents
weep.
128 The Electronic Frontier Foundation added Signal alongside Tor to its Surveillance Self-Defense
guide. Fight for the Future, a Silicon Valley–funded privacy activist organization, described Signal and
Tor as “NSA-proof” and urged people to use them.
Edward Snowden was the combo’s biggest and most famous booster and repeatedly took to Twitter to
tell his three million followers that he used Signal and Tor every day, and that they should do the same to
protect themselves from government surveillance. “Use Tor. Use Signal,” he tweeted out.
129
With endorsements like these, Signal quickly became the go-to app for political activists around the
world. Egypt, Russia, Syria, and even the United States—millions downloaded Signal, and it became the
communication app of choice for those who hoped to avoid police surveillance. Feminist collectives,
anti–President Donald Trump protesters, communists, anarchists, radical animal rights organizations,
Black Lives Matter activists—all flocked to Signal. Many were heeding Snowden’s advice: “Organize.
Compartmentalize to limit compromise. Encrypt everything, from calls to texts (use Signal as a first
step).”
130
Silicon Valley cashed in on OTF’s Internet Freedom spending as well. Facebook incorporated
Signal’s underlying encryption protocol into WhatsApp, the most popular messaging app in the world.
Google followed suit, building Signal encryption into its Allo and Duo text and video messaging apps.
131
It was a smart move because the praise flowed in. “Allo and Duo’s new security features, in other words,
are Google’s baby steps towards a fully-encrypted future, not the sort of bold moves to elevate privacy
above profit or politics that some of its competitors have already taken,” wrote Wired’s Andy Greenberg.
“But for a company built on a data collection model that’s often fundamentally opposed to privacy, baby
steps are better than none at all.”
If you stepped back to survey the scene, the entire landscape of this new Internet Freedom privacy
movement looked absurd. Cold War–era organizations spun off from the CIA now funding the global
movement against government surveillance? Google and Facebook, companies that ran private
surveillance networks and worked hand in hand with the NSA, deploying government-funded privacy tech
to protect their users from government surveillance? Privacy activists working with Silicon Valley and the
US government to fight government surveillance—and with the support of Edward Snowden himself?
It is very hard to imagine that back in the 1960s student radicals at Harvard and MIT would have ever
thought to partner with IBM and the State Department to protest against Pentagon surveillance. If they did,
they probably would have been mocked and chased off campus, branded fools or—worse—as some kind
of feds. Back then, the lines were clear, but today all these connections are obscured. Most people
involved in privacy activism do not know about the US government’s ongoing efforts to weaponize the
privacy movement, nor do they appreciate Silicon Valley’s motives in this fight. Without that knowledge,
it is impossible to makes sense of it all. So, talk of government involvement in the privacy space sounds
like something cooked up by a paranoiac.
In any event, with support from someone as celebrated as Edward Snowden, few had any reason to
question why apps like Signal and Tor existed, or what larger purpose they served. It was easier and
simpler to put your trust in app, and to believe in the idea that America still had a healthy civil society,
where people could come together to fund tools that countervailed the surveillance power of the state.
That suited the sponsors of Internet Freedom just fine.
After Edward Snowden, OTF was triumphant. It didn’t mention the leaker by name in its promotional
materials, but it profited from the crypto culture he promoted and benefited from his direct endorsement of
the crypto tools it financed. It boasted that its partnership with both Silicon Valley and respected privacy
activists meant that hundreds of millions of people could use the privacy tools the US government had
brought to market. And OTF promised that this was just a start: “By leveraging social network effects, we
expect to expand to a billion regular users taking advantage of OTF-supported tools and Internet Freedom
technologies by 2015.”
132
False Sense of Security
While accolades for the Tor Project, Signal, and other crypto apps funded by the US government rolled
in, a deeper look showed that they were not as secure or as impervious to government penetration as their
proponents claimed. Perhaps no story better exemplifies the flaws in impenetrable crypto security than
that of Ross Ulbricht, otherwise known as Dread Pirate Roberts, the architect of Silk Road.
After its founding in 2012, Silk Road grew rapidly and appeared to be a place where organized
criminals could hide in plain sight—until it wasn’t. In October 2013, four months after Edward Snowden
came out of hiding and endorsed Tor, a twenty-nine-year-old native Texan by the name of Ross Ulbricht
was arrested in a public library in San Francisco. He was accused of being Dread Pirate Roberts and was
charged with multiple counts of money laundering, narcotics trafficking, hacking, and, on top of it all,
murder.
When his case went to trial a year later, the story of the Tor Project took on a different shade,
demonstrating the power of marketing and ideology over reality.
The internal communications and diaries recovered by investigators from Ulbricht’s encrypted laptop
showed that he believed he was fully protected by Tor. He believed in Tor’s claims that were backed up
by Edward Snowden and promoted by Jacob Appelbaum. He believed that everything he did in the
murkiness of the dark web would have no bearing on him in the real world—he believed it so much that
he not only built a massively illegal drug business on top of it but also ordered hits on anyone who
threatened his business. His belief in the power of the Tor Project to create a cybernetic island
completely impervious to the law persisted even in the face of strong countervailing evidence.
Starting in March 2013, Silk Road was hit with multiple attacks that crashed the Tor hidden server
software that enabled it to be on the dark web. Over and over the site’s real IP address leaked to the
public, a mission-critical failure that could have made it trivial for law enforcement to track down the
real identity of Dread Pirate Roberts.
133
Indeed, the attackers not only seemed to know the IP address of
the Silk Road servers but also claimed to have hacked the site’s user data and demanded that he pay them
to keep quiet.
It seemed the party was over. Tor had failed. If it couldn’t protect his identity from a group of
extortionists, how would it fare against the nearly unlimited resources of federal law enforcement? But
Ulbricht still believed. Instead of shutting down Silk Road, he put out a contract with the Hells Angels to
whack the extortionists, ultimately paying the motorcycle gang $730,000 to kill six people.
“Commissioned hit on blackmailer with angels,” he wrote in his diary on March 29, 2013. Three days
later, he followed it up with another note: “got word that blackmailer was executed [sic] / created file
upload script.”
134 His nonchalance was born out of routine. Earlier that year, he had already paid $80,000
to have a former Silk Road administrator, who he suspected of stealing over $300,000, killed.
135
Amazingly, just a month before his arrest, Ulbricht was contacted by the creators of Atlantis, one of the
many copycat dark web drug stores inspired by Silk Road’s success. It was a friendly sort of outreach.
They told him that Atlantis was permanently closing up shop because they got word of a major hole in
Tor’s security, and they implied that he do the same. “I was messaged by one of their team who said they
shut down because of an FBI doc leaked to them detailing vulnerabilities in Tor,” Ulbricht wrote in his
diary. Yet, amazingly, he continued to run his site, confident that it would turn out fine in the end. “Had
revelation about the need to eat well, get good sleep, and meditate so I can stay positive and productive,”
he wrote on September 30. A day later, he was in federal custody.
During his trial, it came out that the FBI and DHS had infiltrated Silk Road almost from the very
beginning. A DHS agent had even taken over a senior Silk Road administrator account, which gave
federal agents access to the back end of Silk Road’s system, a job for which Ulbricht paid the DHS agent
$1,000 a week in Bitcoins.
136 Meaning, one of Ulbricht’s top lieutenants was a fed, and he had no idea.
But it was Silk Road’s leaked IP address that ultimately led DHS agents to track Ulbricht’s connection to
a cafe in San Francisco, and ultimately to him.
137
Ulbricht confessed to being Dread Pirate Roberts and to setting up Silk Road. After being found guilty
of seven felonies, including money laundering, drug trafficking, running a criminal enterprise, and identity
fraud, he went from calling for revolution to begging the judge for leniency. “Even now I understand what
a terrible mistake I made. I’ve had my youth, and I know you must take away my middle years, but please
leave me my old age. Please leave a small light at the end of the tunnel, an excuse to stay healthy, an
excuse to dream of better days ahead, and a chance to redeem myself in the free world before I meet my
maker,” he said to the court. The judge had no pity. She hit him with a double life sentence without the
possibility of parole. And more years may be added to the clock if he is convicted for any of his murders
for hire.
The fall of Silk Road pricked Tor’s invincibility. Even as Edward Snowden and organizations like the
Electronic Frontier Foundation promoted Tor as a powerful tool against the US surveillance state, that
very surveillance state was poking Tor full of holes.
138
In 2014, the FBI along with the DHS and European law enforcement agencies went on the hunt for Silk
Road copycat stores, taking down fifty marketplaces hawking everything from drugs to weapons to credit
cards to child abuse pornography in an international sweep codenamed Operation Omynous. In 2015,
international law enforcement in conjunction with the FBI arrested more than five hundred people linked
with Playpen, a notorious child pornography network that ran on the Tor cloud. Seventy-six people were
prosecuted in the United States, and nearly three hundred child victims from around the world were
rescued from their abusers.
139 These raids were targeted and extremely effective. It seemed that cops
knew exactly where to hit and how to do it.
What was going on? How did law enforcement penetrate what was supposed to be ironclad anonymity
strong enough to withstand an onslaught by the NSA?
Confirmation was hard to come by, but Tor’s Roger Dingledine was convinced that at least some of
these stings were using an exploit developed by a group at Carnegie Mellon University in Pennsylvania.
Working under a Pentagon contract, researchers had figured out a cheap and easy way to crack Tor’s
super-secure network with just $3,000 worth of computer equipment.
140 Dingledine accused the
researchers of selling this method to the FBI.
“The Tor Project has learned more about last year’s attack by Carnegie Mellon researchers on the
hidden service subsystem. Apparently these researchers were paid by the FBI to attack hidden services
users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes,”
he lashed out in a blog post in November 2015, saying that he had been told the FBI paid at least $1
million for these services.
141
It was strange to see Dingledine getting angry about researchers taking money from law enforcement
when his own salary was paid almost entirely by military and intelligence-linked contracts. But
Dingledine did something that was even stranger. He accused Carnegie Mellon researchers of violating
academic standards for ethical research by working with law enforcement. He then announced that the Tor
Project would publish guidelines for people who might want to hack or crack Tor for “academic” and
“independent research” purposes in the future but do so in an ethical manner by first obtaining consent of
the people who were being hacked.
“Research on humans’ data is human research. Over the last century, we have made enormous strides
in what research we consider ethical to perform on people in other domains,” read a draft of this “Ethical
Tor Research” guide. “We should make sure that privacy research is at least as ethical as research in
other fields.” The requirements set forth in this document include sections like: “Only collect data that is
acceptable to publish” and “Only collect as much data as is needed: practice data minimization.”
142
Although demands like this make sense in a research context, they were baffling when applied to Tor.
After all, Tor and its backers, including Edward Snowden, presented the project as a real-world
anonymity tool that could resist the most powerful attackers. If it was so frail that it needed academic
researchers to abide by an ethical honor code to avoid deanonymizing users without their consent, how
could it hold up to the FBI or NSA or the scores of foreign intelligence agencies from Russia to China to
Australia that might want to punch through its anonymity systems?
In 2015, when I first read these statements from the Tor Project, I was shocked. This was nothing less
than a veiled admission that Tor was useless at guaranteeing anonymity and that it required attackers to
behave “ethically” in order for it to remain secure. It must have come as an even greater shock to the
cypherpunk believers like Ross Ulbricht, who trusted Tor to run his highly illegal Internet business and
who is now in jail for the rest of his life.
Tor’s spat with the researchers at Carnegie Mellon University revealed another confusing dynamic.
Whereas one part of the federal government—which included the Pentagon, State Department, and the
Broadcasting Board of Governors—funded the ongoing development of the Tor Project, another wing of
this same federal government—which included the Pentagon, the FBI, and possibly other agencies—was
working just as hard to crack it.
What was going on? Why was the government working at cross-purposes? Did one part simply not
know what the other was doing?
Strangely enough, Edward Snowden’s NSA documents provided the beginnings of an answer. They
showed that multiple NSA programs could punch through Tor’s defenses and possibly even uncloak the
network’s traffic on a “wide scale.” They also showed that the spy agency saw Tor as a useful tool that
concentrated potential “targets” in one convenient location.
143
In a word, the NSA saw Tor as a honeypot.
In October 2013, the Washington Post reported on several of these programs, revealing that the NSA
had been working to crack Tor since at least 2006, the same year that Dingledine signed his first contract
with the BBG.
144 One of these programs, codenamed EGOTISTICALGIRAFFE, was actively used to
trace the identity of Al-Qaeda operatives. “One document provided by Snowden included an internal
exchange among NSA hackers in which one of them said the agency’s Remote Operations Center was
capable of targeting anyone who visited an al-Qaeda Web site using Tor.”
145 Another set of documents,
made public by the Guardian that same month, showed that the agency viewed Tor in a positive light.
“Critical mass of targets use Tor. Scaring them away might be counterproductive. We will never get 100%
but we don’t need to provide true IPs for every target every time they use Tor,” explained a 2012 NSA
presentation.
146
Its point was clear: people with something to hide—whether terrorists, foreign spies, or
drug dealers—believed in Tor’s promise of anonymity and used the network en masse. By doing so, they
proceeded with a false sense of safety, doing things on the network they would never do out in the open,
all while helping to mark themselves for further surveillance.
147
This wasn’t surprising. The bigger lesson of Snowden’s NSA cache was that almost nothing happened
on the Internet without passing through some kind of US government bug. Naturally, popular tools used by
the public that promised to obfuscate and hide people’s communications were targets regardless of who
funded them.
As for the other crypto tools financed by the US government? They suffered similar security and
honeypot pitfalls. Take Signal, the encrypted app Edward Snowden said he used every day. Marketed as a
secure communication tool for political activists, the app had strange features built in from the very
beginning. It required that users link their active mobile phone number and upload their entire address
book into Signal’s servers—both questionable features of a tool designed to protect political activists
from law enforcement in authoritarian countries. In most cases, a person’s phone number was effectively
that person’s identity, tied to a bank account and home address. Meanwhile, a person’s address book
contained that user’s friends, colleagues, fellow political activists, and organizers, virtually the person’s
entire social network.
Then there was the fact that Signal ran on Amazon’s servers, which meant that all its data were
available to a partner in the NSA’s PRISM surveillance program. Equally problematic, Signal needed
Apple and Google to install and run the app on people’s mobile phones. Both companies were, and as far
as we know still are, partners in PRISM as well. “Google usually has root access to the phone, there’s the
issue of integrity,” writes Sander Venema, a respected developer and secure-technology trainer, in a blog
post explaining why he no longer recommends people use Signal for encrypted chat. “Google is still
cooperating with the NSA and other intelligence agencies. PRISM is also still a thing. I’m pretty sure that
Google could serve a specially modified update or version of Signal to specific targets for surveillance,
and they would be none the wiser that they installed malware on their phones.”
148
Equally weird was the way the app was designed to make it easy for anyone monitoring Internet traffic
to flag people using Signal to communicate. All that the FBI or, say, Egyptian or Russian security services
had to do was watch for the mobile phones that pinged a particular Amazon server used by Signal, and it
was trivial to isolate activists from the general smartphone population. So, although the app encrypted the
content of people’s messages, it also marked them with a flashing red sign: “Follow Me. I Have
Something To Hide.” (Indeed, activists protesting at the Democratic National Convention in Philadelphia
in 2016 told me that they were bewildered by the fact that police seemed to know and anticipate their
every move despite their having used Signal to organize.)
149
Debate about Signal’s technical design was moot anyway. Snowden’s leaks showed that the NSA had
developed tools that could grab everything people did on their smartphones, which presumably included
texts sent and received by Signal. In early March 2017, WikiLeaks published a cache of CIA hacking tools
that confirmed the inevitable. The agency worked with the NSA as well as other “cyber arms contractors”
to develop hacking tools that targeted smartphones, allowing it to bypass the encryption of Signal and any
other encrypted chat apps, including Facebook’s WhatsApp.
150 “The CIA’s Mobile Devices Branch
(MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones
can be instructed to send the CIA the user’s geolocation, audio and text communications as well as
covertly activate the phone’s camera and microphone,” explained a WikiLeaks press release. “These
techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and
Cloackman by hacking the ‘smart’ phones that they run on and collecting audio and message traffic before
encryption is applied.”
Disclosure of these hacking tools showed that, in the end, Signal’s encryption didn’t really matter, not
when the CIA and NSA owned the underlying operating system and could grab whatever they wanted
before encryption or obfuscation algorithms were applied. This flaw went beyond Signal and applied to
every type of encryption technology on every type of consumer computer system. Sure, encryption apps
might work against low-level opponents when used by a trained army intelligence analyst like Pvt.
Chelsea Manning, who had used Tor while stationed in Iraq to monitor forums used by Sunni insurgents
without giving away his identity.
151 They also might work for someone with a high degree of technical
savvy—say, a wily hacker like Julian Assange or a spy like Edward Snowden—who can use Signal and
Tor combined with other techniques to effectively cover their tracks from the NSA. But, for the average
user, these tools provided a false sense of security and offered the opposite of privacy.
The old cypherpunk dream, the idea that regular people could use grassroots encryption tools to carve
out cyber islands free of government control, was proving to be just that, a dream.
Crypto War, Who Is It Good For?
Convoluted as the story may be, US government support for Internet Freedom and its underwriting of
crypto culture makes perfect sense. The Internet came out of a 1960s military project to develop an
information weapon. It was born out of a need to quickly communicate, process data, and control a
chaotic world. Today, the network is more than a weapon; it is also a field of battle, a place where vital
military and intelligence operations take place. Geopolitical struggle has moved online, and Internet
Freedom is a weapon in that fight.
If you take a big-picture view, Silicon Valley’s support for Internet Freedom makes sense as well.
Companies like Google and Facebook first supported it as a part of a geopolitical business strategy, a
way of subtly pressuring countries that closed their networks and markets to Western technology
companies. But after Edward Snowden’s revelations exposed the industry’s rampant private surveillance
practices to the public, Internet Freedom offered another powerful benefit.
For years, public opinion has been stacked firmly against Silicon Valley’s underlying business model.
In poll after poll, a majority of Americans have voiced their opposition to corporate surveillance and
have signaled support for increased regulation of the industry.
152 This has always been a deal breaker for
Silicon Valley. For many Internet companies, including Google and Facebook, surveillance is the
business model. It is the base on which their corporate and economic power rests. Disentangle
surveillance and profit, and these companies would collapse. Limit data collection, and the companies
would see investors flee and their stock prices plummet.
Silicon Valley fears a political solution to privacy. Internet Freedom and crypto offer an acceptable
alternative. Tools like Signal and Tor provide a false solution to the privacy problem, focusing people’s
attention on government surveillance and distracting them from the private spying carried out by the
Internet companies they use every day. All the while, crypto tools give people a sense that they’re doing
something to protect themselves, a feeling of personal empowerment and control. And all those crypto
radicals? Well, they just enhance the illusion, heightening the impression of risk and danger. With Signal
or Tor installed, using an iPhone or Android suddenly becomes edgy and radical. So instead of pushing
for political and democratic solutions to surveillance, we outsource our privacy politics to crypto apps—
software made by the very same powerful entities that these apps are supposed to protect us from.
In that sense, Edward Snowden is like the branded face of an Internet consumerism-as-rebellion
lifestyle campaign, like the old Apple ad about shattering Big Brother or the Nike spot set to the Beatles’
“Revolution.” While Internet billionaires like Larry Page, Sergey Brin, and Mark Zuckerberg slam
government surveillance, talk up freedom, and embrace Snowden and crypto privacy culture, their
companies still cut deals with the Pentagon, work with the NSA and CIA, and continue to track and
profile people for profit. It is the same old split-screen marketing trick: the public branding and the
behind-the-scenes reality.
Internet Freedom is a win-win for everyone involved—everyone except regular users, who trust their
privacy to double-dealing military contractors, while powerful Surveillance Valley corporations continue
to build out the old military cybernetic dream of a world where everyone is watched, predicted, and
controlled.
Epilogue
It is a crisp and sunny morning in late December 2015 when I take a right turn off a small country highway
and drive into Mauthausen, a tiny medieval town in northern Austria about thirty-five miles from the
border with the Czech Republic. I pass through a cluster of low-slung apartment buildings and continue
on, driving through spotless green pastures and pretty little farmsteads.
I park on a hill overlooking the town. Below is the wide Danube River. Clusters of rural homes poke
out from the cusp of two soft green hills, smoke lazily wafting out of their chimneys. A small group of
cows is out to pasture, and I can hear the periodic braying of a flock of sheep. Out in the distance, the hills
recede in layers of hazy green upon green, like the scales of a giant sleeping dragon. The whole scene is
framed by the jagged white peaks of the Austrian Alps.
Mauthausen is an idyllic place. Calm, almost magical. Yet I drove here not to enjoy the view but to get
close to something I came to fully understand only while writing this book.
Today, computer technology frequently operates unseen, hidden in gadgets, wires, chips, wireless
signals, operating systems, and software. We are surrounded by computers and networks, yet we barely
notice them. If we think about them at all, we tend to associate them with progress. We rarely stop to think
about the dark side of information technology—all the ways it can be used and abused to control
societies, to inflict pain and suffering. Here, in this quiet country setting, stands a forgotten monument to
that power: the Mauthausen Concentration Camp.
Built on a mound above the town, it is amazingly well preserved: thick stone walls, squat guard
towers, a pair of ominous smoke stacks connected to the camp’s gas chamber and crematorium. A few
jagged metal bars stick out of the wall above the camp’s enormous gates, remnants of a giant iron Nazi
eagle that was torn down immediately after liberation. It is quiet now, just a few solemn visitors. But in
the 1930s, Mauthausen had been a vital economic engine of Hitler’s genocidal plan to remake Europe and
the Soviet Union into his own backyard utopia. It started out as a granite quarry but quickly grew into the
largest slave labor complex in Nazi Germany, with fifty subcamps that spanned most of modern-day
Austria. Here, hundreds of thousands of prisoners—mostly European Jews but also Roma, Spaniards,
Russians, Serbs, Slovenes, Germans, Bulgarians, even Cubans—were worked to death. They refined oil,
built fighter aircraft, assembled cannons, developed rocket technology, and were leased out to private
German businesses. Volkswagen, Siemens, Daimler-Benz, BMW, Bosch—all benefited from the camp’s
slave labor pool. Mauthausen, the administrative nerve center, was centrally directed from Berlin using
the latest in early computer technology: IBM punch card tabulators.
No IBM machines are displayed at Mauthausen today. And, sadly, the memorial makes no mention of
them. But the camp had several IBM machines working overtime to handle the big churn of inmates and to
make sure there were always enough bodies to perform the necessary work.
1 These machines didn’t
operate in isolation but were part of a larger slave labor control-and-accounting system that stretched
across Nazi-occupied Europe, connecting Berlin to every major concentration and labor camp by punch
card, telegraph, telephone, and human courier. This wasn’t the automated type of computer network
system that the Pentagon would begin to build in the United States just a decade later, but it was an
information network nonetheless: an electromechanical web that fueled and sustained Nazi Germany’s
war machine with blazing efficiency.
2
It extended beyond the labor camps and reached into cities and
towns, crunching mountains of genealogical data to track down people with even the barest whiff of
Jewish blood or perceived racial impurity in a mad rush to fulfill Adolf Hitler’s drive to purify the
German people.
3 The IBM machines themselves did not kill people, but they made the Nazi death machine
run faster and more efficiently, scouring the population and tracking down victims in ways that would
never have been possible without them.
Of course, IBM tabulators didn’t start out in this capacity. They were invented in 1890 by a young
engineer named Herman Hollerith to help the US Census Bureau count America’s growing immigrant
population. Fifty years later, Nazi Germany employed the same technology to systematically carry out the
Holocaust.
This is, perhaps, a grim note on which to end a book about the Internet. But for me, the story of
Mauthausen and IBM carries an important lesson about computer technology. Today, a lot of people still
see the Internet as something uniquely special, something uncorrupted by earthly human flaws and sins. To
many, progress and goodness are built in to the Internet’s genetic code: if left alone to evolve, the network
will automatically lead to a better, more progressive world. This belief is embedded deep in our culture,
resistant to facts and evidence. To me, Mauthausen is a powerful reminder of how computer technology
can’t be separated from the culture in which it is developed and used.
As I stood there surveying the idyllic pastoral scene in that horrible place, I thought about my
conversation with Stephen Wolff, the National Science Foundation manager who helped privatize the
Internet. “There are certainly values built in,” he told me. “Whether they’re exclusively Western values or
not, I couldn’t say. There is no culture that I know of that has refused to use the Internet. So, there must be
something universal about it. But is it a supra-national entity? No. The Internet is a piece of the world. It’s
a mirror of the world, but it’s a piece of the world at the same time. It’s subject to all the ills that the rest
of the world is subject to, and participates in the good things as well as the bad, and the bad things as
well as the good.”
4
Wolff captures it beautifully. The Internet, and the networked microprocessor technology on which it
runs, does not transcend the human world. For good or ill, it is an expression of this world and was
invented and is used in ways that reflect the political, economic, and cultural forces and values that
dominate society. Today, we live in a troubled world, a world of political disenfranchisement, rampant
poverty and inequality, unchecked corporate power, wars that seem to have no end and no purpose, and a
runaway privatized military and intelligence complex—and hanging over it all are the prospects of global
warming and environmental collapse. We live in bleak times, and the Internet is a reflection of them: run
by spies and powerful corporations just as our society is run by them. But it isn’t all hopeless.
It’s true that the development of computer technology has always been driven by a need to analyze
huge amounts of complex data, monitor people, build predictive models of the future, and fight wars. In
that sense, surveillance and control are embedded in the DNA of this technology. But not all control is
equal. Not all surveillance is bad. Without them, there can be no democratic oversight of society. Ensuring
oil refineries comply with pollution regulations, preventing Wall Street fraud, forcing wealthy citizens to
pay their fair share of taxes, and monitoring the quality of food, air, and water—none of these would be
possible. In that sense, surveillance and control are not problems in and of themselves. How they are used
depends on our politics and political culture.
Whatever shape the Internet and computer networks take in the future, it is safe to say that we will be
living with this technology for a long time to come. By pretending that the Internet transcends politics and
culture, we leave the most malevolent and powerful forces in charge of its built-in potential for
surveillance and control. The more we understand and democratize the Internet, the more we can deploy
its power in the service of democratic and humanistic values, making it work for the many, not the few.
notes and source
FAIR USE NOTICE
This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. As a journalist, I am making such material available in my efforts to advance understanding of artistic, cultural, historic, religious and political issues. I believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law.
In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. Copyrighted material can be removed on the request of the owner.
No comments:
Post a Comment