by Yasha Levine
From the start, the Tor Project stood at the center of Snowden’s story. The leaker’s endorsement and promotion introduced the project to a global audience, boosting Tor’s worldwide user base from one million to six million almost overnight and injecting it into the heart of a burgeoning privacy movement. In Russia, where the BBG and Dingledine had tried but failed to recruit activists for their Tor deployment plan, use of the software increased from twenty thousand daily connections to somewhere around two hundred thousand.109
During a promotional campaign for the Tor Project, Snowden said:
Without Tor, the streets of the Internet become like the streets of a very heavily surveilled city. There are surveillance cameras everywhere, and if the adversary simply takes enough time, they can follow the tapes back and see everything you’ve done. With Tor, we have private spaces and private lives, where we can choose who we want to associate with and how, without the fear of what that is going to look like if it is abused. The design of the Tor system is structured in such a way that even if the US Government wanted to subvert it, it couldn’t.110
Snowden didn’t talk about Tor’s continued government funding, nor did he address an apparent contradiction: why the US government would fund a program that supposedly limited its own power.111
Whatever Snowden’s private thoughts on the matter, his endorsement gave Tor the highest possible seal of approval. It was like a Hacker’s Medal of Valor. With Snowden’s backing, no one even thought to question Tor’s radical antigovernment bona fides.
To some, Edward Snowden was a hero. To others, he was a traitor who deserved to be executed. Officials at the NSA claimed that he had caused irreparable harm to the security of the country, and every intelligence agency and contractor went on to invest in costly “insider threat” programs designed to spy on employees and make sure that another Edward Snowden would never pop up again. Some called for bringing him back in a black-ops kidnapping; others, like Donald Trump, called for him to be assassinated.112 Anatoly Kucherena, Snowden’s Russian lawyer, claimed that the leaker’s life was in danger. “There are real threats to his life out there that actually do exist,” he told one reporter.
Indeed, a lot of hate and malice was pointed in Snowden’s direction, but to those running the Internet Freedom wing of the US military intelligence apparatus, his embrace of Tor and crypto culture could not have come at a better moment.
In early January 2014, six months after Snowden’s leaks, Congress passed the Consolidated Appropriations Act, an omnibus federal spending bill. Tucked into the bill’s roughly fifteen hundred pages was a short provision that dedicated $50.5 million to the expansion of the US government’s Internet Freedom arsenal. The funds were to be split evenly between the State Department and the Broadcasting Board of Governors.113
Although Congress had been providing funds for various anticensorship programs for years, this was the first time that it budgeted money specifically for Internet Freedom. The motivation for this expansion came out of the Arab Spring. The idea was to make sure the US government would maintain its technological advantage in the censorship arms race that began in the early 2000s, but the funds were also going into developing a new generation of tools aimed at leveraging the power of the Internet to help foreign opposition activists organize into cohesive political movements.114
The BBG’s $25.25 million cut of the cash more than doubled the agency’s anticensorship technology budget from the previous year, and the BBG funneled the money into the Open Technology Fund,115 a new organization it had created within Radio Free Asia to fund Internet Freedom technologies in the wake of the Arab Spring.116
Initially launched by the Central Intelligence Agency in 1951 to target China with anticommunist radio broadcasts, Radio Free Asia had been shuttered and relaunched several times over the course of its history.117 In 1994, after the fall of the Soviet Union, it reappeared Terminator-like as a private nonprofit corporation wholly controlled and funded by the Broadcasting Board of Governors.118 Focused on whipping up anticommunist sentiment in North Korea, Vietnam, Laos, Cambodia, Burma, and China, Radio Free Asia played a central role in the US government’s anticensorship arms race that had been brewing ever since the BBG began pushing its China broadcasts through the Internet. Radio Free Asia had trouble shedding its covert Cold War tactics.119 In North Korea, it smuggled in tiny radios and buried cellphones just inside the country’s border with China so that its network of informants could report back on conditions inside the country. Following the death of Kim Jong Il in 2011, the radio “kicked into 24/7 emergency mode” to beam nonstop coverage of the death into North Korea in the hopes of triggering a mass uprising. Radio Free Asia executives hoped that, bit by bit, the stream of anticommunist propaganda directed at the country would bring about the collapse of the government.120
Now, with the Open Technology Fund (OTF), Radio Free Asia oversaw the funding of America’s Internet Freedom programs. To run OTF’s day-to-day operations, Radio Free Asia hired Dan Meredith, a young techie who worked at Al-Jazeera in Qatar and who had been involved in the State Department’s anticensorship initiatives going back to 2011.121 With a scruffy beard and messy blond surfer hair, Meredith wasn’t a typical stuffy State Department suit. He was fluent in cypherpunk-hacktivist lingo and was very much a part of the grassroots privacy community he sought to woo. In short, he wasn’t the kind of person you’d expect to run a government project with major foreign policy implications.
With him at the helm, OTF put a lot of effort on branding. Outwardly, it looked like a grassroots privacy activist organization, not a government agency. It produced hip 8-bit YouTube videos about its mission to use “public funds to support Internet freedom projects” and promote “human rights and open societies.” Its web layout constantly changed to reflect the trendiest design standards.
But if OTF appeared scrappy, it was also extremely well connected. The organization was supported by a star-studded team—from best-selling science fiction authors to Silicon Valley executives and celebrated cryptography experts. Its advisory board included big names from the Columbia Journalism School, the Electronic Frontier Foundation, the Ford Foundation, Open Society Foundations, Google, Slack, and Mozilla. Andrew McLaughlin, the former head of Google’s public relations team who had brought in Al Gore to talk a California state senator into canceling legislation that would regulate Gmail’s email scanning program, was part of the OTF team. So was Cory Doctorow, a best-selling young adult science fiction author whose books about a totalitarian government’s surveillance were read and admired by Laura Poitras, Jacob Appelbaum, Roger Dingledine, and Edward Snowden.122 Doctorow was a huge personality in the crypto movement who could fill giant conference halls at privacy conferences. He publicly endorsed OTF’s Internet Freedom mission. “I’m proud to be a volunteer OTF advisor,” he tweeted.
From behind this hip and connected exterior, BBG and Radio Free Asia built a vertically integrated incubator for Internet Freedom technologies, pouring millions into projects big and small, including everything from evading censorship to helping political organizing, protests, and movement building. With its deep pockets and its recruitment of big-name privacy activists, the Open Technology Fund didn’t just thrust itself into the privacy movement. In many ways, it was the privacy movement.
It set up lucrative academic programs and fellowships, paying out $55,000 a year to graduate students, privacy activists, technologists, cryptographers, security researchers, and political scientists to study “the Internet censorship climate in former Soviet states,” probe the “technical capacity” of the Great Firewall of China, and track the “use of oppressive spyware command and control servers by repressive governments.”123
It expanded the reach and speed of the Tor Project network and directed several million dollars to setting up high-bandwidth Tor exit nodes in the Middle East and Southeast Asia, both high-priority regions for US foreign policy.124 It bankrolled encrypted chat apps, ultrasecure operating sys
tems supposedly impervious to hacking, and next-generation secure email initiatives designed to make it hard for governments to spy on activists’ communications. It backed anonymous WikiLeaks-like tools for leakers and whistle-blowers who wanted to expose their government’s corruption. It coinvested with the State Department in several “mesh networking” and “Internet-in-a-box” projects designed to keep activists connected even if their government tried turning off local Internet connections.125 It provided a “secure cloud” infrastructure with server nodes all around the world to host Internet Freedom projects, operated a “legal lab” that offered grantees legal protection in case something came up, and even ran a “Rapid Response Fund” to provide emergency support to Internet Freedom projects that were deemed vital and that required immediate deployment.126
The Tor Project remained the best-known privacy app funded by the Open Technology Fund, but it was quickly joined by another: Signal, an encrypted mobile phone messaging app for the iPhone and Android.
Signal was developed by Open Whisper Systems, a for-profit corporation run by Moxie Marlinspike, a tall, lanky cryptographer with a head full of dreadlocks. Marlinspike was an old friend of Jacob Appelbaum, and he played a similar radical game. He remained cryptic about his real name and identity, told stories of being targeted by the FBI, and spent his free time sailing and surfing in Hawaii. He had made a good chunk of money selling his encryption start-up to Twitter and had worked with the State Department on Internet Freedom projects since 2011, but he posed as a feisty anarchist fighting the system. His personal website was called thoughtcrime.org—a reference to George Orwell’s 1984, which seemed a bit tongue-in-cheek given that he was taking big money—nearly $3 million—from Big Brother to develop his privacy app.127
Signal was a huge success. Journalists, privacy activists, and cryptographers hailed Signal as an indispensable Internet privacy tool. It was a complement to Tor in the age of mobile phones. While Tor anonymized browsing, Signal encrypted voice calls and text, making it impossible for governments to monitor communication. Laura Poitras gave it two secure thumbs up as a powerful people’s encryption tool and told everyone to use it every day. People at the ACLU claimed that Signal made federal agents weep.128 The Electronic Frontier Foundation added Signal alongside Tor to its Surveillance Self-Defense guide. Fight for the Future, a Silicon Valley–funded privacy activist organization, described Signal and Tor as “NSA-proof” and urged people to use them.
Edward Snowden was the combo’s biggest and most famous booster and repeatedly took to Twitter to tell his three million followers that he used Signal and Tor every day, and that they should do the same to protect themselves from government surveillance. “Use Tor. Use Signal,” he tweeted out.129
With endorsements like these, Signal quickly became the go-to app for political activists around the world. Egypt, Russia, Syria, and even the United States—millions downloaded Signal, and it became the communication app of choice for those who hoped to avoid police surveillance. Feminist collectives, anti–President Donald Trump protesters, communists, anarchists, radical animal rights organizations, Black Lives Matter activists—all flocked to Signal. Many were heeding Snowden’s advice: “Organize. Compartmentalize to limit compromise. Encrypt everything, from calls to texts (use Signal as a first step).”130
Silicon Valley cashed in on OTF’s Internet Freedom spending as well. Facebook incorporated Signal’s underlying encryption protocol into WhatsApp, the most popular messaging app in the world. Google followed suit, building Signal encryption into its Allo and Duo text and video messaging apps.131 It was a smart move because the praise flowed in. “Allo and Duo’s new security features, in other words, are Google’s baby steps towards a fully-encrypted future, not the sort of bold moves to elevate privacy above profit or politics that some of its competitors have already taken,” wrote Wired’s Andy Greenberg. “But for a company built on a data collection model that’s often fundamentally opposed to privacy, baby steps are better than none at all.”
If you stepped back to survey the scene, the entire landscape of this new Internet Freedom privacy movement looked absurd. Cold War–era organizations spun off from the CIA now funding the global movement against government surveillance? Google and Facebook, companies that ran private surveillance networks and worked hand in hand with the NSA, deploying government-funded privacy tech to protect their users from government surveillance? Privacy activists working with Silicon Valley and the US government to fight government surveillance—and with the support of Edward Snowden himself?
It is very hard to imagine that back in the 1960s student radicals at Harvard and MIT would have ever thought to partner with IBM and the State Department to protest against Pentagon surveillance. If they did, they probably would have been mocked and chased off campus, branded fools or—worse—as some kind of feds. Back then, the lines were clear, but today all these connections are obscured. Most people involved in privacy activism do not know about the US government’s ongoing efforts to weaponize the privacy movement, nor do they appreciate Silicon Valley’s motives in this fight. Without that knowledge, it is impossible to makes sense of it all. So, talk of government involvement in the privacy space sounds like something cooked up by a paranoiac.
In any event, with support from someone as celebrated as Edward Snowden, few had any reason to question why apps like Signal and Tor existed, or what larger purpose they served. It was easier and simpler to put your trust in app, and to believe in the idea that America still had a healthy civil society, where people could come together to fund tools that countervailed the surveillance power of the state. That suited the sponsors of Internet Freedom just fine.
After Edward Snowden, OTF was triumphant. It didn’t mention the leaker by name in its promotional materials, but it profited from the crypto culture he promoted and benefited from his direct endorsement of the crypto tools it financed. It boasted that its partnership with both Silicon Valley and respected privacy activists meant that hundreds of millions of people could use the privacy tools the US government had brought to market. And OTF promised that this was just a start: “By leveraging social network effects, we expect to expand to a billion regular users taking advantage of OTF-supported tools and Internet Freedom technologies by 2015.”132
False Sense of Security
While accolades for the Tor Project, Signal, and other crypto apps funded by the US government rolled in, a deeper look showed that they were not as secure or as impervious to government penetration as their proponents claimed. Perhaps no story better exemplifies the flaws in impenetrable crypto security than that of Ross Ulbricht, otherwise known as Dread Pirate Roberts, the architect of Silk Road.
After its founding in 2012, Silk Road grew rapidly and appeared to be a place where organized criminals could hide in plain sight—until it wasn’t. In October 2013, four months after Edward Snowden came out of hiding and endorsed Tor, a twenty-nine-year-old native Texan by the name of Ross Ulbricht was arrested in a public library in San Francisco. He was accused of being Dread Pirate Roberts and was charged with multiple counts of money laundering, narcotics trafficking, hacking, and, on top of it all, murder.
When his case went to trial a year later, the story of the Tor Project took on a different shade, demonstrating the power of marketing and ideology over reality.
The internal communications and diaries recovered by investigators from Ulbricht’s encrypted laptop showed that he believed he was fully protected by Tor. He believed in Tor’s claims that were backed up by Edward Snowden and promoted by Jacob Appelbaum. He believed that everything he did in the murkiness of the dark web would have no bearing on him in the real world—he believed it so much that he not only built a massively illegal drug business on top of it but also ordered hits on anyone who threatened his business. His belief in the power of the Tor Project to create a cybernetic island completely impervious to the law persisted even in the face of strong countervailing evidence.
Sta
rting in March 2013, Silk Road was hit with multiple attacks that crashed the Tor hidden server software that enabled it to be on the dark web. Over and over the site’s real IP address leaked to the public, a mission-critical failure that could have made it trivial for law enforcement to track down the real identity of Dread Pirate Roberts.133 Indeed, the attackers not only seemed to know the IP address of the Silk Road servers but also claimed to have hacked the site’s user data and demanded that he pay them to keep quiet.
It seemed the party was over. Tor had failed. If it couldn’t protect his identity from a group of extortionists, how would it fare against the nearly unlimited resources of federal law enforcement? But Ulbricht still believed. Instead of shutting down Silk Road, he put out a contract with the Hells Angels to whack the extortionists, ultimately paying the motorcycle gang $730,000 to kill six people. “Commissioned hit on blackmailer with angels,” he wrote in his diary on March 29, 2013. Three days later, he followed it up with another note: “got word that blackmailer was excuted [sic] / created file upload script.”134 His nonchalance was born out of routine. Earlier that year, he had already paid $80,000 to have a former Silk Road administrator, who he suspected of stealing over $300,000, killed.135
Amazingly, just a month before his arrest, Ulbricht was contacted by the creators of Atlantis, one of the many copycat dark web drug stores inspired by Silk Road’s success. It was a friendly sort of outreach. They told him that Atlantis was permanently closing up shop because they got word of a major hole in Tor’s security, and they implied that he do the same. “I was messaged by one of their team who said they shut down because of an FBI doc leaked to them detailing vulnerabilities in Tor,” Ulbricht wrote in his diary. Yet, amazingly, he continued to run his site, confident that it would turn out fine in the end. “Had revelation about the need to eat well, get good sleep, and meditate so I can stay positive and productive,” he wrote on September 30. A day later, he was in federal custody.