Surveillance Valley
Page 23
As he settled into a life in Russian exile, he built up a lucrative speaking practice, making hundreds of thousands of dollars a year presenting remotely to universities, tech conferences, and investor groups.63 In his speeches and keynote addresses, he gave voice to the old cypherpunk dream, holding up Tor as a powerful example of grassroots privacy technology that could defeat the corrupting power of government surveillance and restore what he saw as the original utopian promise of the Internet. He called on his fellow techies—computer programmers, cryptographers, and cybersecurity types of every stripe and rank—to build powerful anonymity and privacy tools in Tor’s image.
In these talks, Snowden portrayed the Internet as a scary and violent place, a cyber-medieval landscape filled with roaming government bandits, hostile armies, and booby traps. It was a place where regular people were always at risk. The only islands of safety were the private datacenters controlled by private companies—Google, Apple, Facebook. These were the cyber-fortresses and walled cities that offered sanctuary to the masses. In this chaotic landscape, computer engineers and cryptographers played the role of selfless galloping knights and wizard-warriors whose job was to protect the weak folk of the Internet: the young, the old and infirm, families. It was their duty to ride out, weapons aloft, and convey people and their precious data safely from fortress to fortress, not letting any of the information fall into the hands of government spies. He called on them to start a people’s privacy war, rallying them to go forth and liberate the Internet, to reclaim it from the governments of the world.
“The lesson of 2013 is not that the NSA is evil. It’s that the path is dangerous. The network path is something that we need to help users get across safely. Our job as technologists, our job as engineers, our job as anybody who cares about the internet in any way, who has any kind of personal or commercial involvement is literally to armor the user, to protect the user and to make it that they can get from one end of the path to the other safely without interference,” he told an auditorium filled with the world’s foremost computer and network engineers at a 2015 meeting of the Internet Engineering Task Force in Prague.64 He reaffirmed his view a year later at Fusion’s 2016 Real Future Fair in Oakland, California. “If you want to build a better future, you’re going to have to do it yourself. Politics will take us only so far and if history is any guide, they are the least reliable means of achieving the effective change.… They’re not gonna jump up and protect your rights,” he said. “Technology works differently than law. Technology knows no jurisdiction.”
Snowden’s disregard for political solutions and his total trust in the ability of technology to solve complex social problems wasn’t surprising. He was simply reaffirming what he had told journalists back in 2013: “Let us speak no more of faith in man, but bind him down from mischief by chains of cryptography.”65
Snowden’s call to arms was taken up by people all over the world: Silicon Valley companies, privacy groups, corporate think tanks and lobbyists, political activists, and thousands of eager techies around the globe. Even Google’s Sergey Brin posed for a selfie with the infamous leaker—or the video-equipped “telepresence” robot that Snowden used to speak at conferences for him.66 Thanks to Snowden, the privacy movement was going mainstream, and the Tor Project was at the center of it all.
No matter where you turned in the privacy world, people were united in their admiration for Tor as a solution to surveillance on the Internet. This was true of powerful groups like the Electronic Frontier Foundation and the American Civil Liberties Union, Pulitzer Prize–winning journalists, hackers, and whistle-blowers.67 Google subsidized further development of Tor, as did eBay.68 Facebook built support for Tor, allowing users to access the social network as if it were a dark web site, in the same exact way people accessed Silk Road. Within a short time, Facebook boasted that over a million people logged in to their accounts using Tor’s cloaking system.69 Many saw Tor in almost sacred terms: it was salvation, a real-world example of technology defeating government intrusion into people’s private lives.
Daniel Ellsberg, the legendary whistle-blower who in 1971 leaked the Pentagon Papers, backed Tor as a powerful weapon of the people.70 “The government now has capabilities the Stasi couldn’t even imagine, the possibility for a total authoritarian control. To counter that is courage,” he explained. “And that is what Tor facilitates. So I would say that the future, the future of democracy, and not only in this country, depends upon countering the abilities of this government and every other government in this world to know everything about our private lives while they keep secret everything about what they’re doing officially.”
Tor’s underdog story grew in appeal. Before long, Hollywood celebrities joined in and helped promote the cause. “While law enforcement and the media have painted a picture that Tor and the darknet are nefarious tools for criminals, it is important to understand that they are largely used for good by government agencies, journalists and dissidents around the world,” said Keanu Reeves, narrating a documentary called Deep Web, a film made by his old Bill and Ted’s Excellent Adventure costar Alex Winter, which depicted Tor as resistant to government control.
But what about Tor’s criminal underbelly? To many in the new privacy movement, none of it mattered. In fact, people celebrated Tor’s dark side. Its ability to protect child pornographers from accountability only proved its effectiveness, demonstrating that the technology really was the powerful privacy tool Edward Snowden claimed it to be. Tor was the Internet’s AK-47—a cheap, durable field weapon everyday people could use to overthrow America’s surveillance state.
Tor was supposed to be so radical and so subversive that Tor employees constantly spoke of their harassment and intimidation at the hands of the US government. They lived a paranoid existence, some on the run, seeking refuge in foreign countries. For them, it wasn’t just a job but a revolutionary life. One prominent Tor developer described his work as a valiant act on par with fighting with the anarchist revolutionaries who warred against Franco’s Fascists.71
Tor was just the beginning. Soon other grassroots crypto organizations emerged, releasing encryption technology that promised to hide our digital lives from prying eyes. Open Whisper Systems, headed by a dreadlocked anarchist, developed a powerful crypto text and voice call app called Signal. A radical anarchist communication collective called RiseUp offered encrypted email services, while a group of techies banded together to create the ultimate encrypted operating system called Qubes; supposedly, even the NSA couldn’t hack it. Others formed training groups and held spontaneous crypto parties to educate the masses on how to handle these powerful new privacy tools.72
Crypto culture even made its way into museums and art galleries.73 The Whitney Museum of American Art held a “Surveillance Tech-In.” Trevor Paglen, an award-winning visual artist, partnered with the Tor Project to set up cryptographic anonymity cubes in museums and art galleries in New York, London, and Berlin. “What would the infrastructure of the Internet look like if mass surveillance wasn’t its business model?” Paglen asked in an interview with Wired. “My job as an artist is to learn how to see what the world looks like at this historical moment. But it’s also to try to make things that help us see how the world could be different.”74
Yes, suddenly, with crypto, the art world was part of the resistance.
As a reporter for Pando, a magazine based in San Francisco that covered the tech industry, I watched these developments with skepticism. Rebels arming themselves to the teeth and taking on the power of an evil government with nothing but their brains and their scrappy crypto tech? There was something off about this narrative. It was too clean. Too scripted. Too much like a cheap sci-fi plot, or maybe an Internet version of the old gunslinger National Rifle Association fantasy: if everyone was armed with a powerful (cryptographic) weapon, then there would be no government tyranny because people would be able to defend themselves and neutralize government force on their own. It was yet another version
of a cyber-libertarian utopia: the idea that you could equalize power levels with nothing more than technology.
I knew reality was usually more complicated. And, sure enough, so was the Tor story.
Down the Rabbit Hole
The year was 2014. On a warm and sunny November morning, I woke up, brewed a cup of coffee, and sat down at my desk to watch a couple of surfers make their way down to Venice Beach. I had just returned from Ukraine, where I spent a month reporting on the slow-grinding civil war and brutal economic collapse that was tearing that country apart. I was jet-lagged and weary, my mind still fixed on the horrific images of war and destruction in my ancestral homeland. I looked forward to a bit of rest and quiet time. But then I checked my email.
All hell had broken loose on the Internet.
The threats and attacks had begun sometime overnight while I slept. By morning, they had reached a vicious and murderous pitch. There were calls for my death—by fire, by suffocation, by having my throat slit with razor blades. People I had never met called me a rapist, and alleged that I took delight in beating women and forcing them to have sex with me. I was accused of homophobia. Anonymous people filed bogus complaints with my editor. Allegations that I was a CIA agent poured in, as did claims that I worked with British intelligence. The fact that I had been born in the Soviet Union didn’t do me any favors; naturally, I was accused of being an FSB spy and of working for Russia’s successor to the KGB. I was informed that my name was added to a dark net assassination list—a site where people could place anonymous bids for my murder.75 The roaming eye of the Internet hate machine had suddenly fixed on me.
Things got even weirder when the Anonymous movement joined the fray. The collective issued a fatwa against me and my colleagues, vowing not to stop until I was dead. “May an infinitude of venomous insects dwell in the fascist Yasha Levine’s intestines,” proclaimed the Anonymous Twitter account with 1.6 million followers.76 It was a bizarre turn. Anonymous was a decentralized hacker and script kiddie movement best known for going after the Church of Scientology. Now they were going after me—painting a giant target on my back.
I paced my living room, nervously scanning the street outside my window. Reflexively, I lowered the blinds, wondering just how far this was going to go. For the first time, I began to fear for my family’s safety. People knew where I lived. The apartment my wife, Evgenia, and I shared at the time was on the first floor, open to the street, with expansive windows on all sides, like a fishbowl. We contemplated staying at a friend’s house on the other side of town for a few days until things cooled down.
I had been on the receiving end of vicious Internet harassment campaigns before; it comes with the territory of being an investigative journalist. But this one was different. It went beyond anything I had ever experienced. Not just the intensity and viciousness scared me but also the reason why it was happening.
My problems had begun when I started digging into the Tor Project. I investigated Tor’s central role in the privacy movement after Edward Snowden presented the project as a panacea to surveillance on the Internet. I wasn’t convinced, and it didn’t take long to find a basis for my initial suspicions.
The first red flag was its Silicon Valley support. Privacy groups funded by companies like Google and Facebook, including the Electronic Frontier Foundation and Fight for the Future, were some of Tor’s biggest and most dedicated backers.77 Google had directly bankrolled its development, paying out generous grants to college students who worked at Tor during their summer vacations.78 Why would an Internet company whose entire business rested on tracking people online promote and help develop a powerful privacy tool? Something didn’t add up.
As I dug into the technical details of how Tor worked, I quickly realized that the Tor Project offers no protection against the private tracking and profiling Internet companies carry out. Tor works only if people are dedicated to maintaining a strict anonymous Internet routine: using only dummy email addresses and bogus accounts, carrying out all financial transactions in Bitcoin and other cryptocurrencies, and never mentioning their real name in emails or messages. For the vast majority of people on the Internet—those who use Gmail, interact with Facebook friends, and shop on Amazon—Tor does nothing. The moment you log into your personal account—whether on Google, Facebook, eBay, Apple, or Amazon—you reveal your identity. These companies know who you are. They know your name, your shipping address, your credit card information. They continue to scan your emails, map your social networks, and compile dossiers. Tor or not, once you enter your account name and password, Tor’s anonymity technology becomes useless.
Tor’s ineffectiveness against Silicon Valley surveillance made it an odd program for Snowden and other privacy activists to embrace. After all, Snowden’s leaked documents revealed that anything Internet companies had, the NSA had as well. I was puzzled, but at least I understood why Tor had backing from Silicon Valley: it offered a false sense of privacy, while not posing a threat to the industry’s underlying surveillance business model.
What wasn’t clear, and what became apparent as I investigated Tor further, was why the US government supported it.
A big part of Tor’s mystique and appeal was that it was supposedly a fiercely independent and radical organization—an enemy of the state. Its official story was that it was funded by a wide variety of sources, which gave it total freedom to do whatever it wanted. But as I analyzed the organization’s financial documents, I found that the opposite was true. Tor had come out of a joint US Navy–DARPA military project in the early 2000s and continued to rely on a series of federal contracts after it was spun off into a private nonprofit. This funding came from the Pentagon, the State Department, and at least one organization that derived from the CIA. These contracts added up to several million dollars a year and, most years, accounted for more than 90 percent of Tor’s operating budget. Tor was a federal military contractor. It even had its own federal contracting number.
The deeper I went, the stranger it got. I learned that just about everyone involved in developing Tor was in some way tied up with the very state that they were supposed to be protecting people from. This included Tor’s founder, Roger Dingledine, who spent a summer working at the NSA and who had brought Tor to life under a series of DARPA and US Navy contracts.79 I even uncovered an old audio copy of a talk Dingledine gave in 2004, right as he was setting up Tor as an independent organization. “I contract for the United States Government to build anonymity technology for them and deploy it,” he admitted at the time.80
I was confused. How could a tool at the center of a global privacy movement against government surveillance get funding from the very US government it was supposed to elude? Was it a ruse? A sham? A honey trap? Was I having paranoid delusions? Though mystified, I decided to try to make sense of it as best I could.
In the summer of 2014, I assembled all the verifiable financial records related to Tor, dug into the histories of the US government agencies that funded it, consulted privacy and encryption experts, and published several articles in Pando Daily exploring the conflicted ties between Tor and the government. They were straightforward and stuck to an old journalistic adage: when you’re faced with a mystery, first thing you do is follow the money—see who benefits. I naively thought that background funding information on Tor would be welcomed by the privacy community, a paranoid group of people who are always on the hunt for bugs and security vulnerabilities. But I was wrong. Instead of welcoming my reporting on Tor’s puzzling government support, the leading lights of the privacy community answered it with attacks.
Micah Lee, the former EFF technologist who helped Edward Snowden communicate securely with journalists and who now works at The Intercept, attacked me as a conspiracy theorist and accused me and my colleagues at Pando of being sexist bullies; he claimed that my reporting was motivated not by a desire to get at the truth but by a malicious impulse to harass a female Tor developer.81 Although Lee conceded that my information about Tor�
�s government funding was correct, he counterintuitively argued that it didn’t matter. Why? Because Tor was open source and powered by math, which he claimed made it infallible. “[Of] course funders might try to influence the direction of the project and the research. In Tor’s case this is mitigated by the fact that 100% of the scientific research and source code that Tor releases is open, that the crypto math is peer-reviewed and backed up by the laws of physics,” he wrote. What Lee was saying, and what many others in the privacy community believed as well, was that it did not matter that Tor employees depended on the Pentagon for their paychecks. They were impervious to influence, careers, mortgages, car payments, personal relationships, food, and all the other “squishy” aspects of human existence that silently drive and affect people’s choices. The reason was that Tor, like all encryption algorithms, was based on math and physics—which made it impervious to coercion.82
It was a baffling argument. Tor was not “a law of physics” but computer code written by a small group of human beings. It was software like any other, with holes and vulnerabilities that were constantly being discovered and patched. Encryption algorithms and computer systems might be based on abstract mathematical concepts, but translated into the real physical realm they become imperfect tools, constrained by human error and the computer platforms and networks they run on. After all, even the most sophisticated encryption systems are eventually cracked and broken. And neither Lee nor anyone else could answer the bigger question raised by my reporting: If Tor was such a danger to the US government, why would this same government continue to spend millions of dollars on the project’s development, renewing the funding year after year? Imagine if, during World War II, the Allies funded the development of Nazi Germany’s Enigma machine instead of mounting a massive effort to crack the code.