Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

For The Record  

FTR #1078 Surveillance Valley, Part 4: Tor Up (Foxes Guarding the Online Privacy Henhouse, Part 1.)

Dave Emory’s entire life­time of work is avail­able on a flash dri­ve that can be obtained HERE. The new dri­ve is a 32-giga­byte dri­ve that is cur­rent as of the pro­grams and arti­cles post­ed by the fall of 2017. The new dri­ve (avail­able for a tax-deductible con­tri­bu­tion of $65.00 or more.)

WFMU-FM is pod­cast­ing For The Record–You can sub­scribe to the pod­cast HERE.

You can sub­scribe to e‑mail alerts from Spitfirelist.com HERE.

You can sub­scribe to RSS feed from Spitfirelist.com HERE.

Please con­sid­er sup­port­ing THE WORK DAVE EMORY DOES.

This broad­cast was record­ed in one, 60-minute seg­ment.

Intro­duc­tion: Con­tin­u­ing this series, we begin a dive into the meat of the vital­ly impor­tant book from which the pro­gram takes its title.  Yasha Levine’s sum­ma­tion of the inex­tri­ca­ble nature and sym­bio­sis between the Inter­net, the tech firms and the so-called “pri­va­cy com­mu­ni­ty” include:

  1. The Inter­net is a weapon, devel­oped for counter-insur­gency pur­pos­es.
  2. Big Tech firms net­work with the very intel­li­gence ser­vices they pub­licly decry.
  3. Big Tech firms that data mine their cus­tomers on a near­ly unimag­in­able scale do so as a direct, oper­a­tional exten­sion of the very sur­veil­lance func­tion upon which  the Inter­net is pred­i­cat­ed.
  4. The tech­nolo­gies tout­ed by the so-called “Pri­va­cy Activists” such as Edward Snow­den and Jacob Apple­baum were devel­oped by the very intel­li­gence ser­vices they are sup­posed to deflect.
  5. The tech­nolo­gies tout­ed by the so-called “Pri­va­cy Activists” such as Edward Snow­den and Jacob Applebaum–such as the Tor Inter­net func­tion and the Sig­nal mobile phone app– are read­i­ly acces­si­ble to the very intel­li­gence ser­vices they are sup­posed to deflect.
  6. The orga­ni­za­tions that pro­mote the alleged virtues of Snow­den, Apple­baum, Tor, Sig­nal et al are linked to the very intel­li­gence ser­vices they would have us believe they oppose.
  7. Big Tech firms embrace “Inter­net Free­dom” as a dis­trac­tion from their own will­ful and all-embrac­ing data min­ing and their ongo­ing con­scious col­lab­o­ra­tion with the very intel­li­gence ser­vices they pub­licly decry.

After detail­ing the his­to­ry of the devel­op­ment of the Inter­net by the nation­al secu­ri­ty estab­lish­ment, Levine presents the sto­ry of the devel­op­ment of the Tor net­work.

Key points of analy­sis and dis­cus­sion:

  1. Tor’s Sil­i­con Val­ley back­ing: ” . . . . Pri­va­cy groups fund­ed by com­pa­nies like Google and Face­book, includ­ing the Elec­tron­ic Fron­tier Foun­da­tion and Fight for the Future, were some of Tor’s biggest and most ded­i­cat­ed back­ers. Google had direct­ly bankrolled its devel­op­ment, pay­ing out gen­er­ous grants to col­lege stu­dents who worked at Tor dur­ing their sum­mer vaca­tions. Why would an Inter­net com­pa­ny whose entire busi­ness rest­ed on track­ing peo­ple online pro­mote and help devel­op a pow­er­ful pri­va­cy tool? Some­thing did­n’t add up. . . .”
  2. Not sur­pris­ing­ly, Tor does not shield users from orgias­tic data min­ing by Sil­i­con Val­ley tech giants: ” . . . . Tor works only if peo­ple are ded­i­cat­ed to main­tain­ing a strict anony­mous Inter­net rou­tine: using only dum­my email address­es and bogus accounts, car­ry­ing out all finan­cial trans­ac­tions in Bit­coin and oth­er cryp­tocur­ren­cies, and nev­er men­tion­ing their real name in emails or mes­sages. For the vast major­i­ty of peo­ple on the Internet—those who use Gmail, inter­act with Face­book friends, and shop on Amazon—you reveal your iden­ti­ty. These com­pa­nies know who you are. They know your name, your ship­ping address, your cred­it card infor­ma­tion. They con­tin­ue to scan your emails, map your social net­works, and com­pile dossiers. Tor or not, once you enter your account name and pass­word, Tor’s anonymi­ty tech­nol­o­gy becomes use­less. . . .”
  3. Sil­i­con Val­ley’s sup­port for Tor is some­thing of a “false bro­mide”: ” . . . . After all, Snow­den’s leaked doc­u­ments revealed that any­thing Inter­net com­pa­nies had, the NSA had as well. I was puz­zled, but at least I under­stood why Tor had back­ing from Sil­i­con Val­ley: it offered a false sense of pri­va­cy, while not pos­ing a threat to the indus­try’s under­ly­ing sur­veil­lance mod­el. . . .
  4. Tor is, in fact, financed by ele­ments of the very same intel­li­gence com­mu­ni­ty and nation­al secu­ri­ty estab­lish­ment that sup­pos­ed­ly frustrated/“locked out” by Tor! ” . . . . But as I ana­lyzed the orga­ni­za­tion’s finan­cial doc­u­ments, I found that the oppo­site was true. Tor had come out of a joint US Navy—DARPA mil­i­tary project in the ear­ly 2000s and con­tin­ued to rely on a series of fed­er­al con­tracts after it was spun off into a pri­vate non­prof­it. This fund­ing came from the Pen­ta­gon, the State Depart­ment, and at least one orga­ni­za­tion that derived from the CIA. These con­tracts added up to sev­er­al mil­lion dol­lars a year and, most years,  account­ed for more than 90 per­cent of Tor’s oper­at­ing bud­get. Tor was a fed­er­al mil­i­tary con­trac­tor. It even had its own fed­er­al con­tract­ing num­ber. . . This includ­ed Tor’s founder, Roger Din­gle­dine, who spent a sum­mer work­ing at the NSA and who had brought Tor to life under a series of DARPA and Navy con­tracts. . . .”

Wide­ly regard­ed as a cham­pi­on of Inter­net free­dom and pri­va­cy, the Elec­tron­ic Fron­tier Foun­da­tion helped finance Tor and cham­pi­oned its use.

Key ele­ments of dis­cus­sion and analy­sis of the EFF/Tor alliance include:

  1. EFF’s ear­ly financ­ing of Tor: ” . . . . . . . . In 2004, [Roger] Din­gle­dine struck out on his own, spin­ning the mil­i­tary onion rout­ing project into a non-prof­it cor­po­ra­tion called the Tor Project and, while still fund­ed by DARPA and the Navy, began scratch­ing around for pri­vate fund­ing. He got help from an unex­pect­ed ally: the Elec­tron­ic Fron­tier Foun­da­tion (EFF), which gave Tor almost a quar­ter mil­lion dol­lars to keep it going while Din­gle­dine looked for oth­er pri­vate spon­sors. The EFF even host­ed Tor’s web­site. . . .”
  2. The EFF’s effu­sive praise for the fun­da­men­tal­ly com­pro­mised Tor Project: ” . . . . ‘The Tor Project is a per­fect fit for EFF, because one of our pri­ma­ry goals is to pro­tect the pri­va­cy and anonymi­ty of Inter­net users. Tor can help peo­ple exer­cise their First Amend­ment right to free, anony­mous speech online.’ EFF’s tech­nol­o­gy man­ag­er Chris Palmer explained in a 2004 press release, which curi­ous­ly failed to men­tion that Tor was devel­oped pri­mar­i­ly for mil­i­tary intel­li­gence use and was still active­ly fund­ed by the Pen­ta­gon. . . .”
  3. The EFF’s his­to­ry of work­ing with ele­ments of the nation­al secu­ri­ty estab­lish­ment: ” . . . . In 1994, EFF worked with the FBI to pass the Com­mu­ni­ca­tions Assis­tance for Law Enforce­ment Act, which required all telecom­mu­ni­ca­tions com­pa­nies to build their equip­ment so that it could be wire­tapped by the FBI. In 1999, EFF worked to sup­port NATO’s bomb­ing cam­paign in Koso­vo with some­thing called the ‘Koso­vo Pri­va­cy Sup­port,’ which aimed to keep the region’s Inter­net access open dur­ing mil­i­tary action. Sell­ing a Pen­ta­gon intel­li­gence project as a grass­roots pri­va­cy tool—it did­n’t seem all that wild. . . .”
  4.  In FTR #854, we not­ed that EFF co-founder John Per­ry Bar­low was far more than a Grate­ful Dead lyricist/hippie icon: ” . . . . Indeed, in 2002, a few years before it fund­ed Tor, EFF cofounder [John] Per­ry Bar­low casu­al­ly admit­ted that he had been con­sult­ing for intel­li­gence agen­cies for a decade. It seemed that the worlds of sol­diers, spies, and pri­va­cy weren’t as far apart as they appeared. . . .”
  5. EFF’s grav­i­tas in the online pri­va­cy com­mu­ni­ty lent Tor great cred­i­bil­i­ty: ” . . . . EFF’s sup­port for Tor was a big deal. The orga­ni­za­tion com­mand­ed respect in Sil­i­con Val­ley and was wide­ly seen as the ACLU of the Inter­net Age. The fact that it backed Tor meant that no hard ques­tions would be asked about the anonymi­ty tool’s mil­i­tary ori­gins as it tran­si­tioned to the civil­ian world. And that’s exact­ly what hap­pened. . . .”

In FTR #‘s 891 and 895, we not­ed the pri­ma­ry posi­tion of the Broad­cast­ing Board of Gov­er­nors in the devel­op­ment of the so-called “pri­va­cy” net­works. The BBG is a CIA off­shoot: . . . .  The BBG might have had a bland sound­ing name and pro­fessed a noble mis­sion to inform the world and spread democ­ra­cy. In truth, the orga­ni­za­tion was an out­growth of the Cen­tral Intel­li­gence Agency. . . . The bulk of the BBG is no longer fund­ed from the CIA’s black bud­get, but the agen­cy’s orig­i­nal cold War goal and purpose—subversion and psy­cho­log­i­cal oper­a­tions direct­ed against coun­tries deemed hos­tile to US interests—remain the same. The only thing that did change about the BBG is that today, more of its broad­casts are tak­ing place online . . . .”

After doc­u­ment­ing Radio Free Europe’s growth from the Nazi/Vichy run Radio France dur­ing World War II and RCA’s David Sarnof­f’s involve­ment with the Tran­sra­dio Con­sor­tium (which com­mu­ni­cat­ed vital intel­li­gence to the Axis dur­ing the war), the pro­gram high­lights the involve­ment of Gehlen oper­a­tives in the oper­a­tions of Radio Free Europe, the sem­i­nal CIA broad­cast­ing out­lets.

The BBG (read “CIA”) became a major backer of the Tor Project: ” . . . . . . . . It was Wednes­day morn­ing, Feb­ru­ary 8, 2006, when Roger Din­gle­dine got the email he had been bad­ly wait­ing for. The Broad­cast­ing Board of Gov­er­nors had final­ly agreed to back the Tor Project. . . . With­in a year, the agency increased Tor’s con­tract to a quar­ter mil­lion dol­lars, and then bumped it up again to almost a mil­lion just a few years lat­er. The rela­tion­ship also led to major con­tracts with oth­er fed­er­al agen­cies, boost­ing Tor’s mea­ger oper­at­ing bud­get to sev­er­al mil­lion dol­lars a year. . . .”

Yasha Levine sums up the essence of the Tor Project: ” . . . . The Tor Project was not a rad­i­cal indie orga­ni­za­tion fight­ing The Man. For all intents and pur­pos­es, it was The Man. Or, at least, The Man’s right hand. . . . inter­nal cor­re­spon­dence reveals Tor’s close col­lab­o­ra­tion with the BBG and mul­ti­ple oth­er wings of the US gov­ern­ment, in par­tic­u­lar those that dealt with for­eign pol­i­cy and soft-pow­er pro­jec­tion. Mes­sages describe meet­ings, train­ings, and con­fer­ences with the NSA, CIA, FBI and State Depart­ment. . . . The fund­ing record tells the sto­ry even more pre­cise­ly. . . . Tor was sub­sist­ing almost exclu­sive­ly on gov­ern­ment con­tracts. By 2008, that includ­ed  con­tracts with DARPA, the Navy, the BBG, and the State Depart­ment as well as Stan­ford Research Insti­tute’s Cyber-Threat Ana­lyt­ics pro­gram. . . .” 

Next, we begin chron­i­cling the career of Jacob Appel­baum. A devo­tee of Ayn Rand, he became one of Tor’s most impor­tant employ­ees and pro­mot­ers. . . . . With­in months of get­ting the job, he assumed the role of offi­cial Tor Project spokesman and began pro­mot­ing Tor as a pow­er­ful weapon against gov­ern­ment oppres­sion. . . . Over the next sev­er­al years, Din­gledine’s reports back to the BBG [read “CIA”–D.E.] were filled with descrip­tions of Appel­baum’s suc­cess­ful out­reach. . . .”

Intro­duc­ing a top­ic to be more ful­ly explored in our next pro­gram, we note Appel­baum’s piv­otal role in the Wik­iLeaks oper­a­tion and his role in the adop­tion of Tor by Wik­iLeaks: ” . . . . Appel­baum decid­ed to attach him­self to the Wik­iLeaks cause. He spent a few weeks with Assange and the orig­i­nal Wik­iLeaks crew in Ice­land as they pre­pared their first major release and helped secure the site’s anony­mous sub­mis­sions sys­tem using Tor’s hid­den ser­vice fea­ture, which hid the phys­i­cal loca­tion of Wik­iLeaks servers and in the­o­ry made them much less sus­cep­ti­ble to sur­veil­lance and attack. From then on, the Wik­iLeaks site proud­ly adver­tised Tor: ‘secure, anony­mous, dis­trib­uted net­work for max­i­mum secu­ri­ty.’ . . . . Appel­baum did his best to be Assange’s right-hand man. He served as the orga­ni­za­tion’s offi­cial Amer­i­can rep­re­sen­ta­tive and bailed the founder of Wik­iLeaks out of tough spots when the heat from US author­i­ties got too hot. Appel­baum became so inter­twined with Wik­iLeaks that appar­ent­ly some staffers talked about him lead­ing the orga­ni­za­tion if some­thing were to hap­pen to Assange. . . . Assange gave Appel­baum and Tor wide cred­it for help­ing Wik­iLeaks. ‘Jake has been a tire­less pro­mot­er behind the scenes of our cause,’ he told a reporter. ‘Tor’s impor­tance to Wik­iLeaks can­not be under­es­ti­mat­ed.’ With those words, Appel­baum and the Tor Project became cen­tral heroes in the Wik­iLeaks saga, right behind Assange. . . .”

1. This seg­ment of our series on Sur­veil­lance Val­ley takes up the devel­op­ment and oper­a­tions of the Tor Project–the devel­op­ment of a sup­pos­ed­ly secure Inter­net net­work.  Tor is, in fact, financed by ele­ments of the very same intel­li­gence com­mu­ni­ty and nation­al secu­ri­ty estab­lish­ment that sup­pos­ed­ly frustrated/“locked out” by Tor!

Key points of analy­sis and dis­cus­sion:

  1. Tor’s Sil­i­con Val­ley back­ing: ” . . . . Pri­va­cy groups fund­ed by com­pa­nies like Google and Face­book, includ­ing the Elec­tron­ic Fron­tier Foun­da­tion and Fight for the Future, were some of Tor’s biggest and most ded­i­cat­ed back­ers. Google had direct­ly bankrolled its devel­op­ment, pay­ing out gen­er­ous grants to col­lege stu­dents who worked at Tor dur­ing their sum­mer vaca­tions. Why would an Inter­net com­pa­ny whose entire busi­ness rest­ed on track­ing peo­ple online pro­mote and help devel­op a pow­er­ful pri­va­cy tool? Some­thing did­n’t add up. . . .”
  2. Not sur­pris­ing­ly, Tor does not shield users from orgias­tic data min­ing by Sil­i­con Val­ley tech giants: ” . . . . Tor works only if peo­ple are ded­i­cat­ed to main­tain­ing a strict anony­mous Inter­net rou­tine: using only dum­my email address­es and bogus accounts, car­ry­ing out all finan­cial trans­ac­tions in Bit­coin and oth­er cryp­tocur­ren­cies, and nev­er men­tion­ing their real name in emails or mes­sages. For the vast major­i­ty of peo­ple on the Internet—those who use Gmail, inter­act with Face­book friends, and shop on Amazon—you reveal your iden­ti­ty. These com­pa­nies know who you are. They know your name, your ship­ping address, your cred­it card infor­ma­tion. They con­tin­ue to scan your emails, map your social net­works, and com­pile dossiers. Tor or not, once you enter your account name and pass­word, Tor’s anonymi­ty tech­nol­o­gy becomes use­less. . . .”
  3. Sil­i­con Val­ley’s sup­port for Tor is some­thing of a “false bro­mide”: ” . . . . After all, Snow­den’s leaked doc­u­ments revealed that any­thing Inter­net com­pa­nies had, the NSA had as well. I was puz­zled, but at least I under­stood why Tor had back­ing from Sil­i­con Val­ley: it offered a false sense of pri­va­cy, while not pos­ing a threat to the indus­try’s under­ly­ing sur­veil­lance mod­el. . . .
  4. Tor is, in fact, financed by ele­ments of the very same intel­li­gence com­mu­ni­ty and nation­al secu­ri­ty estab­lish­ment that sup­pos­ed­ly frustrated/“locked out” by Tor! ” . . . . But as I ana­lyzed the orga­ni­za­tion’s finan­cial doc­u­ments, I found that the oppo­site was true. Tor had come out of a joint US Navy—DARPA mil­i­tary project in the ear­ly 2000s and con­tin­ued to rely on a series of fed­er­al con­tracts after it was spun off into a pri­vate non­prof­it. This fund­ing came from the Pen­ta­gon, the State Depart­ment, and at least one orga­ni­za­tion that derived from the CIA. These con­tracts added up to sev­er­al mil­lion dol­lars a year and, most years, and, most years, account­ed for more than 90 per­cent of Tor’s oper­at­ing bud­get. Tor was a fed­er­al mil­i­tary con­trac­tor. It even had its own fed­er­al con­tract­ing num­ber. . . This includ­ed Tor’s founder, Roger Din­gle­dine, who spent a sum­mer work­ing at the NSA and who had brought Tor to life under a series of DARPA and Navy con­tracts. . . .”
  5. Far from frus­trat­ing intel­li­gence sur­veil­lance, Tor aug­ments that effort! ” . . . . Tor, as well as the larg­er app-obsessed pri­va­cy move­ment that ral­lied around it after Snow­den’s NSA leaks, does not thwart the pow­er of the US gov­ern­ment. It enhances it. The dis­clo­sures about Tor’s inner work­ings I obtained from the Broad­cast­ing Board of Gov­er­nors have nev­er been made pub­lic before now. The sto­ry they tell is vital to our under­stand­ing of the Inter­net; they reveal that Amer­i­can mil­i­tary and intel­li­gence inter­ests are so deeply embed­ded in the fab­ric of the net­work that they dom­i­nate the very encryp­tion tools and pri­va­cy orga­ni­za­tions that are sup­posed to be in oppo­si­tion to them. There is no escape. . . .”

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 212–214.

. . . . My prob­lems had begun when I start­ed dig­ging into the Tor Project. I inves­ti­gat­ed Tor’s cen­tral role in the pri­va­cy move­ment after Edward Snow­den pre­sent­ed the project as a panacea to sur­veil­lance on the Inter­net. I was­n’t con­vinced, and it did­n’t take long to find a basis for my ini­tial sus­pi­cions.

The first red flag was its Sil­i­con Val­ley sup­port. Pri­va­cy groups fund­ed by com­pa­nies like Google and Face­book, includ­ing the Elec­tron­ic Fron­tier Foun­da­tion and Fight for the Future, were some of Tor’s biggest and most ded­i­cat­ed back­ers. Google had direct­ly bankrolled its devel­op­ment, pay­ing out gen­er­ous grants to col­lege stu­dents who worked at Tor dur­ing their sum­mer vaca­tions. Why would an Inter­net com­pa­ny whose entire busi­ness rest­ed on track­ing peo­ple online pro­mote and help devel­op a pow­er­ful pri­va­cy tool? Some­thing did­n’t add up.

As I dug into the tech­ni­cal details of how Tor worked, I quick­ly real­ized that the Tor Project offers no pro­tec­tion against the pri­vate track­ing and pro­fil­ing Inter­net com­pa­nies car­ry out. Tor works only if peo­ple are ded­i­cat­ed to main­tain­ing a strict anony­mous Inter­net rou­tine: using only dum­my email address­es and bogus accounts, car­ry­ing out all finan­cial trans­ac­tions in Bit­coin and oth­er cryp­tocur­ren­cies, and nev­er men­tion­ing their real name in emails or mes­sages. For the vast major­i­ty of peo­ple on the Internet—those who use Gmail, inter­act with Face­book friends, and shop on Amazon—you reveal your iden­ti­ty. These com­pa­nies know who you are. They know your name, your ship­ping address, your cred­it card infor­ma­tion. They con­tin­ue to scan your emails, map your social net­works, and com­pile dossiers. Tor or not, once you enter your account name and pass­word, Tor’s anonymi­ty tech­nol­o­gy becomes use­less.

Tor’s inef­fec­tive­ness against Sil­i­con Val­ley sur­veil­lance made it an odd pro­gram for Snow­den and oth­er pri­va­cy activists to embrace. After all, Snow­den’s leaked doc­u­ments revealed that any­thing Inter­net com­pa­nies had, the NSA had as well. I was puz­zled, but at least I under­stood why Tor had back­ing from Sil­i­con Val­ley: it offered a false sense of pri­va­cy, while not pos­ing a threat to the indus­try’s under­ly­ing sur­veil­lance mod­el.

What was­n’t clear, and what became appar­ent as I inves­ti­gat­ed Tor fur­ther, was why the US gov­ern­ment sup­port­ed it.

A big part of Tor’s mys­tique and appeal was that it was sup­pos­ed­ly a fierce­ly inde­pen­dent and rad­i­cal organization—an ene­my of the state. Its offi­cial sto­ry was that it was fund­ed by a wide vari­ety of sources, which gave it total free­dom to do what­ev­er it want­ed. But as I ana­lyzed the orga­ni­za­tion’s finan­cial doc­u­ments, I found that the oppo­site was true. Tor had come out of a joint US Navy—DARPA mil­i­tary project in the ear­ly 2000s and con­tin­ued to rely on a series of fed­er­al con­tracts after it was spun off into a pri­vate non­prof­it. This fund­ing came from the Pen­ta­gon, the State Depart­ment, and at least one orga­ni­za­tion that derived from the CIA. These con­tracts added up to sev­er­al mil­lion dol­lars a year and, most years, account­ed for more than 90 per­cent of Tor’s oper­at­ing bud­get. Tor was a fed­er­al mil­i­tary con­trac­tor. It even had its own fed­er­al con­tract­ing num­ber.

The deep­er I went, the stranger it got. I learned that just about every­one involved in devel­op­ing Tor was in some way tied up with the very state that they were sup­posed to be pro­tect­ing peo­ple from. This includ­ed Tor’s founder, Roger Din­gle­dine, who spent a sum­mer work­ing at the NSA and who had brought Tor to life under a series of DARPA and Navy con­tracts. I even uncov­ered an old audio copy of a talk Din­gle­dine gave in 2004, right as he was set­ting up Tor as an inde­pen­dent orga­ni­za­tion. “I con­tract for the Unit­ed States Gov­ern­ment to build an anonymi­ty tech­nol­o­gy for them and deploy it,” he admit­ted at the time. . . .

2. Far from frus­trat­ing intel­li­gence sur­veil­lance, Tor aug­ments that effort! ” . . . . Tor, as well as the larg­er app-obsessed pri­va­cy move­ment that ral­lied around it after Snow­den’s NSA leaks, does not thwart the pow­er of the US gov­ern­ment. It enhances it. The dis­clo­sures about Tor’s inner work­ings I obtained from the Broad­cast­ing Board of Gov­er­nors have nev­er been made pub­lic before now. The sto­ry they tell is vital to our under­stand­ing of the Inter­net; they reveal that Amer­i­can mil­i­tary and intel­li­gence inter­ests are so deeply embed­ded in the fab­ric of the net­work that they dom­i­nate the very encryp­tion tools and pri­va­cy orga­ni­za­tions that are sup­posed to be in oppo­si­tion to them. There is no escape. . . .”

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 223–234.

. . . . If Tor was tru­ly the heart of the mod­ern pri­va­cy move­ment and a real threat to the sur­veil­lance pow­er of agen­cies like the NSA, why would the fed­er­al government—including the Pen­ta­gon, the par­ent of the NSA—continue to fund the orga­ni­za­tion? Why would the Pen­ta­gon sup­port a tech­nol­o­gy that sub­vert­ed its own pow­er? It did not make any sense.

The doc­u­ments in the box wait­ing on my doorstep con­tained the answer. Com­bined with oth­er infor­ma­tion unearthed dur­ing my inves­ti­ga­tion, they showed that Tor, as well as the larg­er app-obsessed pri­va­cy move­ment that ral­lied around it after Snow­den’s NSA leaks, does not thwart the pow­er of the US gov­ern­ment. It enhances it.

The dis­clo­sures about Tor’s inner work­ings I obtained from the Broad­cast­ing Board of Gov­er­nors have nev­er been made pub­lic before now. The sto­ry they tell is vital to our under­stand­ing of the Inter­net; they reveal that Amer­i­can mil­i­tary and intel­li­gence inter­ests are so deeply embed­ded in the fab­ric of the net­work that they dom­i­nate the very encryp­tion tools and pri­va­cy orga­ni­za­tions that are sup­posed to be in oppo­si­tion to them. There is no escape. . . .

3. Wide­ly regard­ed as a cham­pi­on of Inter­net free­dom and pri­va­cy, the Elec­tron­ic Fron­tier Foun­da­tion helped finance Tor and cham­pi­oned its use.

Key ele­ments of dis­cus­sion and analy­sis of the EFF/Tor alliance include:

  1. EFF’s ear­ly financ­ing of Tor: ” . . . . . . . . In 2004, [Roger] Din­gle­dine struck out on his own, spin­ning the mil­i­tary onion rout­ing project into a non-prof­it cor­po­ra­tion called the Tor Project and, while still fund­ed by DARPA and the Navy, began scratch­ing around for pri­vate fund­ing. He got help from an unex­pect­ed ally: the Elec­tron­ic Fron­tier Foun­da­tion (EFF), which gave Tor almost a quar­ter mil­lion dol­lars to keep it going while Din­gle­dine looked for oth­er pri­vate spon­sors. The EFF even host­ed Tor’s web­site. . . .”
  2. The EFF’s effu­sive praise for the fun­da­men­tal­ly com­pro­mised Tor Project: ” . . . . ‘The Tor Project is a per­fect fit for EFF, because one of our pri­ma­ry goals is to pro­tect the pri­va­cy and anonymi­ty of Inter­net users. Tor can help peo­ple exer­cise their First Amend­ment right to free, anony­mous speech online.’ EFF’s tech­nol­o­gy man­ag­er Chris Palmer explained in a 2004 press release, which curi­ous­ly failed to men­tion that Tor was devel­oped pri­mar­i­ly for mil­i­tary intel­li­gence use and was still active­ly fund­ed by the Pen­ta­gon. . . .”
  3. The EFF’s his­to­ry of work­ing with ele­ments of the nation­al secu­ri­ty estab­lish­ment: ” . . . . In 1994, EFF worked with the FBI to pass the Com­mu­ni­ca­tions Assis­tance for Law Enforce­ment Act, which required all telecom­mu­ni­ca­tions com­pa­nies to build their equip­ment so that it could be wire­tapped by the FBI. In 1999, EFF worked to sup­port NATO’s bomb­ing cam­paign in Koso­vo with some­thing called the ‘Koso­vo Pri­va­cy Sup­port,’ which aimed to keep the region’s Inter­net access open dur­ing mil­i­tary action. Sell­ing a Pen­ta­gon intel­li­gence project as a grass­roots pri­va­cy tool—it did­n’t seem all that wild. . . .”
  4.  In FTR #854, we not­ed that EFF co-founder John Per­ry Bar­low was far more than a Grate­ful Dead lyricist/hippie icon: ” . . . . Indeed, in 2002, a few years before it fund­ed Tor, EFF cofounder [John] Per­ry Bar­low casu­al­ly admit­ted that he had been con­sult­ing for intel­li­gence agen­cies for a decade. It seemed that the worlds of sol­diers, spies, and pri­va­cy weren’t as far apart as they appeared. . . .”
  5. EFF’s grav­i­tas in the online pri­va­cy com­mu­ni­ty lent Tor great cred­i­bil­i­ty: ” . . . . EFF’s sup­port for Tor was a big deal. The orga­ni­za­tion com­mand­ed respect in Sil­i­con Val­ley and was wide­ly seen as the ACLU of the Inter­net Age. The fact that it backed Tor meant that no hard ques­tions would be asked about the anonymi­ty tool’s mil­i­tary ori­gins as it tran­si­tioned to the civil­ian world. And that’s exact­ly what hap­pened. . . .”

  Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 227–228.

. . . . In 2004, [Roger] Din­gle­dine struck out on his own, spin­ning the mil­i­tary onion rout­ing project into a non-prof­it cor­po­ra­tion called the Tor Project and, while still fund­ed by DARPA and the Navy, began scratch­ing around for pri­vate fund­ing. He got help from an unex­pect­ed ally: the Elec­tron­ic Fron­tier Foun­da­tion (EFF), which gave Tor almost a quar­ter mil­lion dol­lars to keep it going while Din­gle­dine looked for oth­er pri­vate spon­sors. The EFF even host­ed Tor’s web­site. To down­load the app, users had to browse to tor.eff.org, where they’d see a reas­sur­ing mes­sage from the EFF: “Your traf­fic is safe when you use Tor.”

Announc­ing its sup­port, the EFF sang Tor’s prais­es. “The Tor Project is a per­fect fit for EFF, because one of our pri­ma­ry goals is to pro­tect the pri­va­cy and anonymi­ty of Inter­net users. Tor can help peo­ple exer­cise their First Amend­ment right to free, anony­mous speech online.” EFF’s tech­nol­o­gy man­ag­er Chris Palmer explained in a 2004 press release, which curi­ous­ly failed to men­tion that Tor was devel­oped pri­mar­i­ly for mil­i­tary intel­li­gence use and was still active­ly fund­ed by the Pen­ta­gon.

Why would the EFF, a Sil­i­con Val­ley advo­ca­cy group that posi­tioned itself as a staunch crit­ic of gov­ern­ment sur­veil­lance pro­grams, help sell a mil­i­tary intel­li­gence com­mu­ni­ca­tions tool to unsus­pect­ing Inter­net users? Well, it was­n’t as strange as it seems.

EFF was only a decade old at the time, but it already had devel­oped a his­to­ry of work­ing with law enforce­ment agen­cies and aid­ing the mil­i­tary. In 1994, EFF worked with the FBI to pass the Com­mu­ni­ca­tions Assis­tance for Law Enforce­ment Act, which required all telecom­mu­ni­ca­tions com­pa­nies to build their equip­ment so that it could be wire­tapped by the FBI. In 1999, EFF worked to sup­port NATO’s bomb­ing cam­paign in Koso­vo with some­thing called the “Koso­vo Pri­va­cy Sup­port,” which aimed to keep the region’s Inter­net access open dur­ing mil­i­tary action. Sell­ing a Pen­ta­gon intel­li­gence project as a grass­roots pri­va­cy tool—it did­n’t seem all that wild. Indeed, in 2002, a few years before it fund­ed Tor, EFF cofounder [John] Per­ry Bar­low casu­al­ly admit­ted that he had been con­sult­ing for intel­li­gence agen­cies for a decade. It seemed that the worlds of sol­diers, spies, and pri­va­cy weren’t as far apart as they appeared.

EFF’s sup­port for Tor was a big deal. The orga­ni­za­tion com­mand­ed respect in Sil­i­con Val­ley and was wide­ly seen as the ACLU of the Inter­net Age. The fact that it backed Tor meant that no hard ques­tions would be asked about the anonymi­ty tool’s mil­i­tary ori­gins as it tran­si­tioned to the civil­ian world. And that’s exact­ly what hap­pened. . . .

7aIn FTR #‘s 891 and 895, we not­ed the pri­ma­ry posi­tion of the Broad­cast­ing Board of Gov­er­nors in the devel­op­ment of the so-called “pri­va­cy” net­works. The BBG is a CIA off­shoot: . . . .  The BBG might have had a bland sound­ing name and pro­fessed a noble mis­sion to inform the world and spread democ­ra­cy. In truth, the orga­ni­za­tion was an out­growth of the Cen­tral Intel­li­gence Agency. . . . The bulk of the BBG is no longer fund­ed from the CIA’s black bud­get, but the agen­cy’s orig­i­nal cold War goal and purpose—subversion and psy­cho­log­i­cal oper­a­tions direct­ed against coun­tries deemed hos­tile to US interests—remain the same. The only thing that did change about the BBG is that today, more of its broad­casts are tak­ing place online . . . .”

  Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 230–233.

. . . .  The BBG might have had a bland sound­ing name and pro­fessed a noble mis­sion to inform the world and spread democ­ra­cy. In truth, the orga­ni­za­tion was an out­growth of the Cen­tral Intel­li­gence Agency. . . .

. . . . The bulk of the BBG is no longer fund­ed from the CIA’s black bud­get, but the agen­cy’s orig­i­nal cold War goal and purpose—subversion and psy­cho­log­i­cal oper­a­tions direct­ed against coun­tries deemed hos­tile to US interests—remain the same. The only thing that did change about the BBG is that today, more of its broad­casts are tak­ing place online . . . .

7b. In our long series of inter­views with Jim DiEu­ge­nio about his mas­ter­work Des­tiny Betrayed, we high­light­ed vet­er­an intel­li­gence offi­cer Wal­ter Sheri­dan’s broad­cast hatch­et job on New Orleans D.A. Jim Gar­rison’s inves­ti­ga­tion of the JFK assas­si­na­tion. The TV hit piece was broad­cast on the NBC net­work.

In our dis­cus­sion of the Sheri­dan broad­cast, we not­ed the efforts of RCA chief David Sarnoff in res­ur­rect­ing the Nazi-run Radio France sta­tion and pre­sid­ing over its con­ver­sion to Radio Free Europe, pre­cur­sor to the BBG. (RCA is the par­ent com­pa­ny of NBC, which aired the Sheri­dan broad­cast.) In res­ur­rect­ing Radio France and mid­wiv­ing its con­ver­sion to Radio Free Europe, Sarnoff, who is Jew­ish, was build­ing on pro­found and trea­so­nous Axis con­nec­tions he main­tained dur­ing the war.

Key points of analy­sis and dis­cus­sion include David Sarnof­f’s suc­cess­ful efforts to restore and expand the Nazi Radio France Sta­tion and re-brand it as “Radio Free Europe.” (Radio France was tak­en over by the Nazis and the Vichy pup­pet regime, and then sab­o­taged as the Third Reich with­drew from France. ” . . . . In 1944, Sarnoff worked for the com­plete restora­tion of the Nazi destroyed Radio France sta­tion in Paris until its sig­nal was able to reach through­out Europe. It was then reti­tled Radio Free Europe. He lat­er lob­bied the White House to expand the range and reach of Radio Free Europe. At about this point, Radio Free Europe became a pet project of Allen Dulles. Sarnoff’s com­pa­ny, Radio Cor­po­ra­tion of Amer­i­ca, became a large part of the tech­no­log­i­cal core of the NSA. . . . Robert was pres­i­dent of RCA, NBC’s par­ent com­pa­ny, at the time Sheridan’s spe­cial aired. David was chair­man. . . .”

Des­tiny Betrayed by Jim DiEu­ge­nio; Sky­horse Pub­lish­ing [SC]; Copy­right 1992, 2012 by Jim DiEu­ge­nio; ISBN 978–1‑62087–056‑3; p. 255.

. . . . It is rel­e­vant to note here that Gen­er­al David Sarnoff, founder of NBC, worked for the Sig­nal Corps dur­ing World War II as a reserve offi­cer. In 1944, Sarnoff worked for the com­plete restora­tion of the Nazi destroyed Radio France sta­tion in Paris until its sig­nal was able to reach through­out Europe. It was then reti­tled Radio Free Europe. He lat­er lob­bied the White House to expand the range and reach of Radio Free Europe. At about this point, Radio Free Europe became a pet project of Allen Dulles. Sarnoff’s com­pa­ny, Radio Cor­po­ra­tion of Amer­i­ca, became a large part of the tech­no­log­i­cal core of the NSA. Dur­ing the war, David’s son Robert worked in the broad­cast arm of the Office of Strate­gic Ser­vices (OSS), the fore­run­ner of the CIA. Robert was pres­i­dent of RCA, NBC’s par­ent com­pa­ny, at the time Sheridan’s spe­cial aired. David was chair­man. . .

7c. In Trad­ing with the Ene­my, Charles High­am chron­i­cled the deep involve­ment of David Sarnoff with the Tran­sra­dio Con­sor­tium, which joined the Axis nations with the West­ern Allies in a telecom­mu­ni­ca­tions car­tel that pro­vid­ed vital–and lethal–intelligence to the Axis dur­ing the war.

Key points of analy­sis and dis­cus­sion include:

  1. Sarnof­f’s RCA was part of the Tran­sra­dio Con­sor­tium, some­thing of a broad­cast car­tel meld­ing Axis and West­ern Allied broad­cast estab­lish­ments: ” . . . . RCA was in part­ner­ship before and after Pearl Har­bor with British Cable and Wire­less; with Tele­funken, the Nazi com­pa­ny; with Ital­ca­ble, whol­ly owned by the Mus­soli­ni gov­ern­ment; and with Vichy’s Com­pag­nie Gen­erale, in an orga­ni­za­tion known as the Tran­sra­dio Con­sor­tium, with Gen­er­al Robert C. Davis, head of the New York Chap­ter of the Amer­i­can Red Cross, as its chair­man. In turn, RCA, British Cable and Wire­less, and the Ger­man and Ital­ian com­pa­nies had a share with ITT in TTP (Telegrafi­ca y Tele­fon­i­ca del Pla­ta), an Axis-con­trolled com­pa­ny pro­vid­ing tele­graph and tele­phone ser­vice between Buenos Aires and Mon­te­v­ideo. Nazis in Mon­te­v­ideo could tele­phone Buenos Aires through TTP with­out com­ing under the con­trol of either the state-owned sys­tem in Uruguay or the ITT sys­tem in Argenti­na. Mes­sages, often dan­ger­ous to Amer­i­can secu­ri­ty, were trans­mit­ted direct­ly to Berlin and Rome by Tran­sra­dio. Anoth­er share­hold­er was ITT’s Ger­man ‘rival,’ Siemens, which linked cables and net­works with Behn south of Pana­ma. . . .”
  2. Tran­sra­dio Con­sor­tium was the vehi­cle for lethal­ly trea­so­nous com­mu­ni­ca­tions dur­ing the war: ” . . . . But the pub­lic, which thought of Sarnoff as a pil­lar of patri­o­tism, would have been aston­ished to learn of his part­ner­ship with the ene­my through Tran­sra­dio and TTP. The British pub­lic, belea­guered and bombed, would have been equal­ly shocked to learn that British Cable and Wire­less, 10 per­cent owned by the British gov­ern­ment, and under vir­tu­al gov­ern­ment con­trol in wartime, was in fact also in part­ner­ship with the Ger­mans and Ital­ians through the same com­pa­nies and prox­ies. . . . Simul­ta­ne­ous­ly, the Tran­sra­dio sta­tions, accord­ing to State Depart­ment reports with the full knowl­edge of David Sarnoff, kept up a direct line to Berlin. The amount of intel­li­gence passed along the lines can scarce­ly be cal­cu­lat­ed. The Lon­don office was in con­stant touch with New York through­out the war, sift­ing through reports from Argenti­na, Brazil, and Chile and send­ing com­pa­ny reports to the Ital­ian and Ger­man inter­ests. . . .”

  Trad­ing with the Ene­my: An Expose of the Nazi-Amer­i­can Mon­ey Plot 1933–1949 by Charles High­am; Dela­corte Press [HC]; Copy­right 1983 by Charles High­am; ISBN 10–0440090644; 13–978-0440090649; pp. 104–107.

. . . . In South Amer­i­ca, Sos­thenes Behn was in part­ner­ship (as well as rival­ry) with an even more pow­er­ful organ­ism: the giant Radio Cor­po­ra­tion of Amer­i­ca, which owned the NBC radio net­work. RCA was in part­ner­ship before and after Pearl Har­bor with British Cable and Wire­less; with Tele­funken, the Nazi com­pa­ny; with Ital­ca­ble, whol­ly owned by the Mus­soli­ni gov­ern­ment; and with Vichy’s Com­pag­nie Gen­erale, in an orga­ni­za­tion known as the Tran­sra­dio Con­sor­tium, with Gen­er­al Robert C. Davis, head of the New York Chap­ter of the Amer­i­can Red Cross, as its chair­man. In turn, RCA, British Cable and Wire­less, and the Ger­man and Ital­ian com­pa­nies had a share with ITT in TTP (Telegrafi­ca y Tele­fon­i­ca del Pla­ta), an Axis-con­trolled com­pa­ny pro­vid­ing tele­graph and tele­phone ser­vice between Buenos Aires and Mon­te­v­ideo. Nazis in Mon­te­v­ideo could tele­phone Buenos Aires through TTP with­out com­ing under the con­trol of either the state-owned sys­tem in Uruguay or the ITT sys­tem in Argenti­na.

Mes­sages, often dan­ger­ous to Amer­i­can secu­ri­ty, were trans­mit­ted direct­ly to Berlin and Rome by Tran­sra­dio. Anoth­er share­hold­er was ITT’s Ger­man “rival,” Siemens, which linked cables and net­works with Behn south of Pana­ma.

The head of RCA dur­ing World War II was Colonel David Sarnoff, a stocky, square-set, deter­mined man with a slow, sub­dued voice, who came from Rus­sia as an immi­grant at the turn of the cen­tu­ry and began as a news­pa­per sell­er, mes­sen­ger boy, and Mar­coni Wire­less oper­a­tor. . . .

. . . . After Pearl Har­bor, Sarnoff cabled Roo­sevelt, “All of our facil­i­ties and per­son­nel are ready and at your instant ser­vice. We await your com­mand.” Sarnoff played a cru­cial role, as cru­cial as Behn’s, in the U.S. war effort, and, like Behn, he was giv­en a colonel­cy in the U.S. Sig­nal Corps. He solved com­plex prob­lems, dealt with a maze of dif­fi­cult require­ments by the twelve mil­lion mem­bers of the U.S. armed forces, and coor­di­nat­ed details relat­ed to the Nor­mandy land­ings. He pre­pared the whole print­ed and elec­tron­ic press-cov­er­age of V‑J day; in Lon­don in 1944, with head­quar­ters at Clar­idge’s Hotel, he was Eisen­how­er’s inspired con­sul­tant and earned the Medal of Mer­it for his help in the occu­pa­tion of Europe.

Open­ing in 1943 with a cho­rus of praise from var­i­ous gen­er­als, the new RCA lab­o­ra­to­ries had proved to be indis­pens­able in time of war.

But the pub­lic, which thought of Sarnoff as a pil­lar of patri­o­tism, would have been aston­ished to learn of his part­ner­ship with the ene­my through Tran­sra­dio and TTP. The British pub­lic, belea­guered and bombed, would have been equal­ly shocked to learn that British Cable and Wire­less, 10 per­cent owned by the British gov­ern­ment, and under vir­tu­al gov­ern­ment con­trol in wartime, was in fact also in part­ner­ship with the Ger­mans and Ital­ians through the same com­pa­nies and prox­ies. . . .

. . . . Simultaneously, the Transradio stations, according to State Department reports with the full knowledge of David Sarnoff, kept up a direct line to Berlin. The amount of intelligence passed along the lines can scarcely be calculated. The London office was in constant touch with New York throughout the war, sifting through reports from Argentina, Brazil, and Chile and sending company reports to the Italian and German interests.

7d. Rely­ing on Gehlen “org” per­son­nel and alum­ni, Radio Free Europe built effec­tive­ly up from fas­cist foun­da­tions to cor­re­spond­ing func­tion­al real­i­ty:

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; p. 232.

. . . . In some cas­es, the  sta­tions, espe­cial­ly  those tar­get­ing Ukraine, Ger­many, and the  Baltic States, were staffed by known Nazi col­lab­o­ra­tors and broad­cast anti-Semit­ic pro­pa­gan­da. . . . 

8. The BBG (read “CIA”) was a major backer of the Tor Project: ” . . . . . . . . It was Wednes­day morn­ing, Feb­ru­ary 8, 2006, when Roger Din­gle­dine got the email he had been bad­ly wait­ing for. The Broad­cast­ing Board of Gov­er­nors had final­ly agreed to back the Tor Project. . . . With­in a year, the agency increased Tor’s con­tract to a quar­ter mil­lion dol­lars, and then bumped it up again to almost a mil­lion just a few years lat­er. The rela­tion­ship also led to major con­tracts with oth­er fed­er­al agen­cies, boost­ing Tor’s mea­ger oper­at­ing bud­get to sev­er­al mil­lion dol­lars a year. . . .”

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 228–229.

. . . . It was Wednes­day morn­ing, Feb­ru­ary 8, 2006, when Roger Din­gle­dine got the email he had been bad­ly wait­ing for. The Broad­cast­ing Board of Gov­er­nors had final­ly agreed to back the Tor Project. . . .

. . . . The Broad­cast­ing Board of Gov­er­nors, or BBG, seemed to offer a com­pro­mise. A large fed­er­al agency with close ties to the State Depart­ment, BBG ran Amer­i­ca’s for­eign broad­cast­ing oper­a­tion: Voice of Amer­i­ca, Radio Free Europe/Radio Lib­er­ty, and Radio Free Asia. It was a gov­ern­ment agency, so that was­n’t ide­al. But at least it had an altru­is­tic-sound­ing mis­sion:  “to inform, engage, and con­nect peo­ple around the world in sup­port of free­dom and democ­ra­cy.” Any­way, gov­ern­ment or not, Din­gle­dine did­n’t have much choice. Mon­ey was tight and this seemed to be the best he could line up. So he said yes.

It was a smart move. The ini­tial $80,000 was just the begin­ning. With­in a year, the agency increased Tor’s con­tract to a quar­ter mil­lion dol­lars, and then bumped it up again to almost a mil­lion just a few years lat­er. The rela­tion­ship also led to major con­tracts with oth­er fed­er­al agen­cies, boost­ing Tor’s mea­ger oper­at­ing bud­get to sev­er­al mil­lion dol­lars a year. . . .

9The essence of the Tor Project: ” . . . . The Tor Project was not a rad­i­cal indie orga­ni­za­tion fight­ing The Man. For all intents and pur­pos­es, it was The Man. Or, at least, The Man’s right hand. . . . inter­nal cor­re­spon­dence reveals Tor’s close col­lab­o­ra­tion with the BBG and mul­ti­ple oth­er wings of the US gov­ern­ment, in par­tic­u­lar those that dealt with for­eign pol­i­cy and soft-pow­er pro­jec­tion. Mes­sages describe meet­ings, train­ings, and con­fer­ences with the NSA, CIA, FBI and State Depart­ment. . . . The fund­ing record tells the sto­ry even more pre­cise­ly. . . . Tor was sub­sist­ing almost exclu­sive­ly on gov­ern­ment con­tracts. By 2008, that includ­ed  con­tracts with DARPA, the Navy, the BBG, and the State Depart­ment as well as Stan­ford Research Insti­tute’s Cyber-Threat Ana­lyt­ics pro­gram. . . .” 

  Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 237–238.

. . . . The cor­re­spon­dence left lit­tle room for doubt. The Tor Project was not a rad­i­cal indie orga­ni­za­tion fight­ing The Man. For all intents and pur­pos­es, it was The Man. Or, at least, The Man’s right hand. Inter­mixed with updates on new hires, sta­tus reports, chat­ty sug­ges­tions for hikes and vaca­tion spots, and the usu­al office ban­ter, inter­nal cor­re­spon­dence reveals Tor’s close col­lab­o­ra­tion with the BBG and mul­ti­ple oth­er wings of the US gov­ern­ment, in par­tic­u­lar those that dealt with for­eign pol­i­cy and soft-pow­er pro­jec­tion. Mes­sages describe meet­ings, train­ings, and con­fer­ences with the NSA, CIA, FBI and State Depart­ment. There are strat­e­gy ses­sions and dis­cus­sions about the need to influ­ence news cov­er­age and con­trol bad press. The cor­re­spon­dence also shows Tor employ­ees tak­ing orders from their han­dlers in the fed­er­al gov­ern­ment, includ­ing plans to deploy their anonymi­ty tool in coun­tries deemed hos­tile to US inter­ests; Chi­na, Iran, Viet­nam, and, of course, Rus­sia. . . .

. . . . The fund­ing record tells the sto­ry even more pre­cise­ly. . . . Tor was sub­sist­ing almost exclu­sive­ly on gov­ern­ment con­tracts. By 2008, that includ­ed  con­tracts with DARPA, the Navy, the BBG, and the State Depart­ment as well as Stan­ford Research Insti­tute’s Cyber-Threat Ana­lyt­ics pro­gram. . . . 

10. Next, we high­light the career of Jacob Appel­baum, the Amer­i­can Wik­iLeak­er. This sup­posed “pro­gres­sive” is a devo­tee of Ayn Rand.

   Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; p. 239.

 . . . . Like most young lib­er­tar­i­ans, he was enchant­ed by Ayn Rand’s The Foun­tain­head, which he described as one of his favorite books. “I took up this book while I was trav­el­ing around Europe last year. Most of my super left wing friends real­ly dis­like Ayn Rand for some rea­son or anoth­er. I can­not even begin to fath­om why, but hey, to each their own,” he wrote in his blog diary. “While read­ing The Foun­tain­head, I felt like I was read­ing a sto­ry about peo­ple that I knew in my every­day life. The char­ac­ters were sim­ple. The sto­ry was sim­ple. What I found com­pelling was the moral behind the sto­ry. I sup­pose it may be summed up in one line . . . Those that seek to gath­er you togeth­er for self­less actions, wish to enslave you for their own gain.” . . . .

11. Appel­baum went to work for the Tor Project and did much to fos­ter use of the net­work: . . . . With­in months of get­ting the job, he assumed the role of offi­cial Tor Project spokesman and began pro­mot­ing Tor as a pow­er­ful weapon against gov­ern­ment oppres­sion. . . . Over the next sev­er­al years, Din­gledine’s reports back to the BBG [read “CIA”–D.E.] were filled with descrip­tions of Appel­baum’s suc­cess­ful out­reach. . . .”

   Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 240—241.

. . . . And in 2008, Appel­baum final­ly got his dream job—a posi­tion that could expand with his giant ego and ambi­tion.

In April of that year, Din­gle­dine hired him as a  full-time Tor con­trac­tor. He had a start­ing salary of $96,000 plus ben­e­fits and was put to work mak­ing Tor more user-friend­ly. He was a good coder, but he did­n’t stay focused on the tech­ni­cal side for long. As Din­gle­dine dis­cov­ered, Appel­baum proved bet­ter and much more use­ful at some­thing else: brand­ing and pub­lic rela­tions. . . .

. . . . With­in months of get­ting the job, he assumed the role of offi­cial Tor Project spokesman and began pro­mot­ing Tor as a pow­er­ful weapon against gov­ern­ment oppres­sion. . . .

. . . . Over the next sev­er­al years, Din­gledine’s reports back to the BBG [read “CIA”–D.E.] were filled with descrip­tions of Appel­baum’s suc­cess­ful out­reach. “Lots of Tor advo­ca­cy,” wrote Din­gle­dine.  “Anoth­er box of Tor stick­ers applied to many lap­tops. Lots of peo­ple were inter­est­ed in Tor and many peo­ple installed Tor on both lap­tops and servers. This advo­ca­cy result­ed in at least two new high band­width nodes that he helped the admin­is­tra­tors con­fig­ure.” Inter­nal doc­u­ments show that the pro­posed bud­get for Din­gle­dine and Appel­baum’s glob­al pub­lic­i­ty pro­gram was $20,000 a year, which includ­ed a pub­lic rela­tions strat­e­gy. “Craft­ing a mes­sage that the media can under­stand is a crit­i­cal piece of this,” Din­gle­dine explained in a 2008 pro­pos­al. “This isn’t so much about get­ting good press about Tor as it is about prepar­ing jour­nal­ists so if they see bad press and con­sid­er spread­ing it fur­ther, they’ll stop and think.” . . . .

12. Next, we dis­cuss Appel­baum’s net­work­ing with Julian Assange, and how that liai­son led to Tor being used for the alleged­ly secure, anony­mous Wik­iLeaks oper­a­tion.

” . . . . Appel­baum decid­ed to attach him­self to the Wik­iLeaks cause. He spent a few weeks with Assange and the orig­i­nal Wik­iLeaks crew in Ice­land as they pre­pared their first major release and helped secure the site’s anony­mous sub­mis­sions sys­tem using Tor’s hid­den ser­vice fea­ture, which hid the phys­i­cal loca­tion of Wik­iLeaks servers and in the­o­ry made them much less sus­cep­ti­ble to sur­veil­lance and attack. From then on, the Wik­iLeaks site proud­ly adver­tised Tor: ‘secure, anony­mous, dis­trib­uted net­work for max­i­mum secu­ri­ty.’ . . . . Appel­baum did his best to be Assange’s right-hand man. He served as the orga­ni­za­tion’s offi­cial Amer­i­can rep­re­sen­ta­tive and bailed the founder of Wik­iLeaks out of tough spots when the heat from US author­i­ties got too hot. Appel­baum became so inter­twined with Wik­iLeaks that appar­ent­ly some staffers talked about him lead­ing the orga­ni­za­tion if some­thing were to hap­pen to Assange. . . . Assange gave Appel­baum and Tor wide cred­it for help­ing Wik­iLeaks. ‘Jake has been a tire­less pro­mot­er behind the scenes of our cause,’ he told a reporter. ‘Tor’s impor­tance to Wik­iLeaks can­not be under­es­ti­mat­ed.’ With those words, Appel­baum and the Tor Project became cen­tral heroes in the Wik­iLeaks saga, right behind Assange. . . .”

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 242—243.

. . . . Jacob Appel­baum and Julian Assange had met in Berlin some­time in 2005, just as the mys­te­ri­ous Aus­tralian hack­er was get­ting ready to set Wik­iLeaks in motion. . . .

. . . . Appel­baum decid­ed to attach him­self to the Wik­iLeaks cause. He spent a few weeks with Assange and the orig­i­nal Wik­iLeaks crew in Ice­land as they pre­pared their first major release and helped secure the site’s anony­mous sub­mis­sions sys­tem using Tor’s hid­den ser­vice fea­ture, which hid the phys­i­cal loca­tion of Wik­iLeaks servers and in the­o­ry made them much less sus­cep­ti­ble to sur­veil­lance and attack. From then on, the Wik­iLeaks site proud­ly adver­tised Tor: “secure, anony­mous, dis­trib­uted net­work for max­i­mum secu­ri­ty.” . . . .

. . . . Assange was sud­den­ly one of the most famous peo­ple in he world—a fear­less rad­i­cal tak­ing on the awe­some pow­er of the Unit­ed States. Appel­baum did his best to be Assange’s right-hand man. He served as the orga­ni­za­tion’s offi­cial Amer­i­can rep­re­sen­ta­tive and bailed the founder of Wik­iLeaks out of tough spots when the heat from US author­i­ties got too hot. Appel­baum became so inter­twined with Wik­iLeaks that appar­ent­ly some staffers talked about him lead­ing the orga­ni­za­tion if some­thing were to hap­pen to Assange. But Assange kept firm con­trol of Wik­iLeaks, even after he was forced to go into hid­ing at the Ecuado­ri­an embassy in Lon­don to escape extra­di­tion back to Swe­den to face an inves­ti­ga­tion of rape alle­ga­tions.

It’s not clear whether Assange knew that Appel­baum’s salary was being paid by the same  gov­ern­ment he was try­ing to destroy. What  is clear is that Assange gave Appel­baum and Tor wide cred­it for help­ing Wik­iLeaks. “Jake has been a tire­less pro­mot­er behind the scenes of our cause,” he told a reporter. “Tor’s impor­tance to Wik­iLeaks can­not be under­es­ti­mat­ed.”

With those words, Appel­baum and the Tor Project became cen­tral heroes in the Wik­iLeaks saga, right behind Assange. . . .

Discussion

2 comments for “FTR #1078 Surveillance Valley, Part 4: Tor Up (Foxes Guarding the Online Privacy Henhouse, Part 1.)”

  1. Peter Thiel cre­at­ed news a cou­ple days ago when he sug­gest­ed dur­ing a speech at the Nation­al Con­ser­vatism Con­fer­ence that Google should be inves­ti­gat­ed for pos­si­ble trea­son over what Thiel describes as Google’s deci­sion to coop­er­ate with the Chi­nese gov­ern­ment but not the US gov­ern­ment and the infil­tra­tion of Google’s exec­u­tive board by the Chi­nese gov­ern­ment. Thiel’s charges were made in the con­text of a dis­cus­sion about the poten­tial mil­i­tary appli­ca­tions of AI and the nation-state AI race cre­at­ed by this poten­tial mil­i­tary use and a ref­er­ence to the par­al­lel sto­ries of Google agree­ing to work with the Chi­nese gov­ern­ment in build­ing a cen­sored search engine at the same time Google end­ed a con­tract with the US Depart­ment of Defense that allowed the DOD to use Google’s arti­fi­cial intel­li­gence tools to ana­lyze drone footage. So it’s going to be inter­est­ing to see how Google responds. Not just a response defend­ing itself from Thiel’s charges but also a response hit­ting back at Palan­tir.

    What unpleas­ant things about Palan­tir and Thiel might Google decide to start talk­ing about? We’ll see, but it looks like Thiel is itch­ing to start a Sil­i­con Val­ley Defense Con­trac­tor fight. Pre­sum­ably part of the motive is to gain advan­tage in the bid­ding wars for nation­al secu­ri­ty AI gov­ern­ment con­tracts.

    But giv­en that Thiel’s com­ments hap­pened on Sun­day, the same day Pres­i­dent Trump’s high-pro­file pre-announced mul­ti-city mass depor­ta­tion ICE raids of undoc­u­ment­ed immi­grants start­ed, it’s worth keep­ing in mind that part of the motive for Thiel’s deci­sion to pick a fight with Google may have involved pre­emp­tive­ly deflect­ing atten­tion away from the role Palan­tir plays in pro­vid­ing mass data­bas­es of immi­grants for ICE. Palan­tir’s soft­ware is used to build pro­files on immi­grants by merg­ing data­bas­es from mul­ti­ple sources includ­ing DHS and the FBI. So it’s going to be inter­est­ing to see if Google ends up find­ing a way to pub­licly bring up Palan­tir’s role build­ing immi­grant data­bas­es for ICE.

    But as the fol­low­ing arti­cle makes clear, Palan­tir isn’t the only Sil­i­con Val­ley con­trac­tor build­ing large com­pre­hen­sive data­bas­es about peo­ple for the US gov­ern­ment. The Depart­ment of Home­land Secu­ri­ty’s Office of Bio­met­ric Iden­ti­ty Man­age­ment is replac­ing its bio­met­ric analy­sis plat­form. The cur­rent sys­tem, called the the Auto­mat­ed Bio­met­ric Iden­ti­fi­ca­tion Sys­tem, or IDENT, is a data­base of bio­met­ric data and bio­graph­i­cal data col­lect­ed by gov­ern­ment agen­cies, includ­ing the Trans­porta­tion Secu­ri­ty Admin­is­tra­tion, Cus­toms and Bor­der Pro­tec­tion, Secret Ser­vice and oth­er DHS agen­cies. IDENT is billed as allow­ing offi­cials to quick­ly iden­ti­fy sus­pect­ed ter­ror­ists, immi­gra­tion vio­la­tors, crim­i­nals and any­one else includ­ed in their data­bas­es. So it’s worth keep­ing that mass bio­met­rics could be part of any cur­rent of future mass immi­gra­tion raids. The capa­bil­i­ty is already there in IDENT, and now that sys­tem is get­ting an upgrade.

    The planned new bio­met­rics sys­tem, the Home­land Advanced Recog­ni­tion Tech­nol­o­gy Sys­tem, or HART, will expand on those capa­bil­i­ties with tools that can iden­ti­fy indi­vid­u­als based on DNA, palm prints, scars, phys­i­cal mark­ings and tat­toos.

    Northrop Grum­man won a $95 mil­lion con­tract to devel­op the first two stages of the HART sys­tem but that con­tract will expire in 2021. The gov­ern­ment is going to be solic­it­ing bids for the next phase of devel­op­ment, so that’s going to be a bid­ding war to watch since the win­ner is going to get to get access to that mas­sive bio­met­ric data­base.

    DHS can also access the State Department’s Con­sular Con­sol­i­dat­ed Data­base of 500 mil­lion pass­port, visa, and expat records, along with the data­bas­es of “sev­er­al for­eign gov­ern­ments as well as state, local, trib­al and ter­ri­to­r­i­al law enforce­ment agen­cies.” In addi­tion, DHS shares its bio­met­ric data­base with oth­er gov­ern­ment agen­cies like the DOD and FBI, so the HART data­base is going to draw infor­ma­tion in from more than just the DHS’s agen­cies and then shared with more than just DHS.

    There’s anoth­er aspect of HART that’s going to be con­tract­ed out and the con­trac­tor has already been select­ed: while IDENT was host­ed on gov­ern­ment-run servers, the new HART sys­tem will be host­ed on Ama­zon’s cloud for gov­ern­ment ser­vices (the “Gov­Cloud”), which should make access­ing it much eas­i­er for all sorts of agen­cies. As the arti­cle notes, Ama­zon already pro­vides cloud ser­vices for sen­si­tive infor­ma­tion for the CIA, DOD, NASA, and oth­er fed­er­al agen­cies. So at this point we can be con­fi­dent that Ama­zon is going to be real­ly, real­ly, real­ly good at iden­ti­fy­ing spe­cif­ic indi­vid­u­als for the fore­see­able future:

    NextGov

    DHS to Move Bio­met­ric Data on Hun­dreds of Mil­lions of Peo­ple to Ama­zon Cloud

    By JACK CORRIGAN
    JUNE 19, 2019

    The Home­land Secu­ri­ty Depart­ment is look­ing to upgrade the soft­ware it uses to ana­lyze bio­met­ric data on hun­dreds of mil­lions of peo­ple around the globe, and it plans to store that infor­ma­tion in Amazon’s cloud.

    The agency’s Office of Bio­met­ric Iden­ti­ty Man­age­ment will replace its lega­cy bio­met­ric analy­sis plat­form, called the Auto­mat­ed Bio­met­ric Iden­ti­fi­ca­tion Sys­tem, or IDENT, with a new, more robust sys­tem host­ed by Ama­zon Web Ser­vices, accord­ing to a request for infor­ma­tion released Mon­day.

    IDENT essen­tial­ly serves as an enter­prisewide clear­ing­house for troves of bio­met­ric and bio­graph­ic data col­lect­ed by the Trans­porta­tion Secu­ri­ty Admin­is­tra­tion, Cus­toms and Bor­der Pro­tec­tion, Secret Ser­vice and oth­er Home­land Secu­ri­ty com­po­nents. The sys­tem links fin­ger­print, iris and face data to bio­graph­ic infor­ma­tion, allow­ing offi­cials to quick­ly iden­ti­fy sus­pect­ed ter­ror­ists, immi­gra­tion vio­la­tors, crim­i­nals and any­one else includ­ed in their data­bas­es.

    In total, IDENT con­tains infor­ma­tion on more than 250 mil­lion peo­ple, a Home­land Secu­ri­ty spokesper­son told Nextgov.

    Accord­ing to the solic­i­ta­tion, Home­land Secu­ri­ty is in the process of replac­ing IDENT with the Home­land Advanced Recog­ni­tion Tech­nol­o­gy Sys­tem, or HART. The new sys­tem will include the same bio­met­ric recog­ni­tion fea­tures as its pre­de­ces­sor, and poten­tial­ly addi­tion­al tools that could iden­ti­fy indi­vid­u­als based on DNA, palm prints, scars, phys­i­cal mark­ings and tat­toos.

    Where­as IDENT stores records in gov­ern­ment-run data cen­ters, the Home­land Secu­ri­ty solic­i­ta­tion states “HART will reside in the Ama­zon Web Ser­vices (AWS) FedRAMP cer­ti­fied Gov­Cloud.” Fur­ther, “bio­met­ric match­ing capa­bil­i­ties for fin­ger­print, iris, and facial match­ing will be inte­grat­ed with HART in the Ama­zon Web Ser­vices Gov­Cloud.” Ama­zon Web Ser­vices will also store HART’s bio­met­ric image data.

    Ama­zon Web Ser­vices’ Gov­Cloud US-East and US-West regions are data cen­ters specif­i­cal­ly built by the com­pa­ny to house some of the government’s most restrict­ed infor­ma­tion. AWS is no stranger to host­ing sen­si­tive gov­ern­ment data, hav­ing already claimed the CIA, Defense Depart­ment, NASA and oth­er fed­er­al agen­cies as cus­tomers in part because of per­ceived secu­ri­ty improve­ments over gov­ern­ment lega­cy sys­tems.

    When reached for com­ment, an AWS spokesper­son referred inquiries to DHS.

    In 2018, Northrop Grum­man won a $95 mil­lion con­tract to devel­op the first two stages of the HART sys­tem, and its con­tract is set to expire in 2021. The depart­ment plans to use respons­es to the lat­est solic­i­ta­tion to inform its strat­e­gy for fur­ther devel­op­ing the plat­form, the DHS spokesper­son said.

    Specif­i­cal­ly, offi­cials are ask­ing ven­dors for ideas on how to build those mul­ti­ple iden­ti­fi­ca­tion func­tions into the new sys­tem, while leav­ing room to add any new recog­ni­tion “modal­i­ties” as they arise. Offi­cials also want input on devel­op­ing a hand­ful of gen­er­al report­ing, ana­lyt­ics and search tools, as well as desk­top and mobile web por­tals where Home­land Secu­ri­ty employ­ees can access the sys­tem.

    ...

    In addi­tion to the hun­dreds of mil­lions of records stored local­ly in its IDENT sys­tem, Home­land Secu­ri­ty can also access swaths of bio­met­ric infor­ma­tion housed at oth­er agen­cies.

    Accord­ing to the solic­i­ta­tion, the agency shares bio­met­ric data and tech­nol­o­gy with the Defense Depart­ment and the FBI, which can access some 640 mil­lion pho­tos for its own facial recog­ni­tion oper­a­tions. Offi­cials also said they can tap into the State Department’s Con­sular Con­sol­i­dat­ed Database—which con­tained near­ly 500 mil­lion pass­port, visa and expat records as of 2016—as well as the data­bas­es of “sev­er­al for­eign gov­ern­ments as well as state, local, trib­al and ter­ri­to­r­i­al law enforce­ment agen­cies.”

    The government’s use of bio­met­ric tech­nol­o­gy, par­tic­u­lar­ly facial recog­ni­tion, has come under sharp scruti­ny in recent months. Mem­bers of the House Over­sight Com­mit­tee have expressed broad bipar­ti­san sup­port for rein­ing in the use of bio­met­rics at agen­cies like the FBI, and on Mon­day, a group of law­mak­ers raised con­cerns about CBP’s expand­ing facial recog­ni­tion pro­gram.

    ———-

    “DHS to Move Bio­met­ric Data on Hun­dreds of Mil­lions of Peo­ple to Ama­zon Cloud” by JACK CORRIGAN; NextGov; 06/19/2019

    “Where­as IDENT stores records in gov­ern­ment-run data cen­ters, the Home­land Secu­ri­ty solic­i­ta­tion states “HART will reside in the Ama­zon Web Ser­vices (AWS) FedRAMP cer­ti­fied Gov­Cloud.” Fur­ther, “bio­met­ric match­ing capa­bil­i­ties for fin­ger­print, iris, and facial match­ing will be inte­grat­ed with HART in the Ama­zon Web Ser­vices Gov­Cloud.” Ama­zon Web Ser­vices will also store HART’s bio­met­ric image data.

    Well, let’s hope Ama­zon’s Gov­Cloud does­n’t get hacked. And keeps its Gov­Cloud employ­ees hap­py.

    when it comes to future mass depor­ta­tion ICE raids, it sounds like the HART sys­tem will be cen­tral to that since it will allow offi­cials to quick­ly iden­ti­fy sus­pect­ed immi­gra­tion law vio­la­tors:

    ...
    IDENT essen­tial­ly serves as an enter­prisewide clear­ing­house for troves of bio­met­ric and bio­graph­ic data col­lect­ed by the Trans­porta­tion Secu­ri­ty Admin­is­tra­tion, Cus­toms and Bor­der Pro­tec­tion, Secret Ser­vice and oth­er Home­land Secu­ri­ty com­po­nents. The sys­tem links fin­ger­print, iris and face data to bio­graph­ic infor­ma­tion, allow­ing offi­cials to quick­ly iden­ti­fy sus­pect­ed ter­ror­ists, immi­gra­tion vio­la­tors, crim­i­nals and any­one else includ­ed in their data­bas­es.

    In total, IDENT con­tains infor­ma­tion on more than 250 mil­lion peo­ple, a Home­land Secu­ri­ty spokesper­son told Nextgov.

    Accord­ing to the solic­i­ta­tion, Home­land Secu­ri­ty is in the process of replac­ing IDENT with the Home­land Advanced Recog­ni­tion Tech­nol­o­gy Sys­tem, or HART. The new sys­tem will include the same bio­met­ric recog­ni­tion fea­tures as its pre­de­ces­sor, and poten­tial­ly addi­tion­al tools that could iden­ti­fy indi­vid­u­als based on DNA, palm prints, scars, phys­i­cal mark­ings and tat­toos.
    ...

    You have to won­der if Palan­tir’s data­base of pro­files on immi­grants will be incor­po­rat­ed into the HART sys­tem. You also have to won­der if Palan­tir is going to get access to the sys­tem. Based on Palan­tir’s busi­ness mod­el is seems like exact­ly the kind of data­base Palan­tir would get access to. And that points towards one of the oth­er big ques­tions for this planned sys­tem: we know gov­ern­ment agen­cies out­side of DHS will be able to access it. But how about all the Sil­i­con Val­ley con­trac­tors work­ing for the gov­ern­ment like Palan­tir, Google, and all the rest. Will they also get to access HART as part of their gov­ern­ment work? If so, we should prob­a­bly expect more than just Ama­zon to get real­ly, real­ly, real­ly good at iden­ti­fy­ing peo­ple, includ­ing peo­ple tar­get­ed for politi­cized mass depor­ta­tions.

    Posted by Pterrafractyl | July 16, 2019, 12:34 pm
  2. Here’s a sto­ry worth keep­ing an regard­ing the grow­ing role that Ama­zon’s cloud ser­vices has in host­ing sen­si­tive data for the US gov­ern­ment, like the planned DHS bio­met­ric data­base that’s going to be host­ed Ama­zon’s cloud: When it comes to the CIA’s exist­ing $600 mil­lion cloud com­put­ing con­tract, Ama­zon has long been the exclu­sive provider. But the CIA has big plans for spend­ing “tens of bil­lions” on dol­lars on an upgrade to its cloud capa­bil­i­ties. But this time the con­tract is going to be going to mul­ti­ple cloud ser­vice providers.

    Inter­est­ing­ly, the doc­u­ments for the planned con­tract indi­cate that the planned cloud will need to sup­port cloud con­nec­tions at “tac­ti­cal edge loca­tions,” imply­ing that it’s going to be used for intel­li­gence-gath­er­ing oper­a­tions world­wide, some­thing anal­o­gous to the vision of Project Agile in the 1960’s cov­ered in Sur­veil­lance Val­ley.

    So it sounds like there’s going to be mul­ti­ple tech giants involved in host­ing the CIA’s sen­si­tive secrets going for­ward and the cloud is going to be built to touch the entire globe:

    The Wash­ing­ton Post

    CIA long relied exclu­sive­ly on Ama­zon for its cloud com­put­ing. Now it is seek­ing mul­ti­ple providers for a mas­sive new con­tract.

    By Aaron Gregg
    April 2, 2019

    The Cen­tral Intel­li­gence Agency is tak­ing ear­ly steps toward procur­ing a mas­sive cloud com­put­ing infra­struc­ture to sup­port its nation­al secu­ri­ty mis­sion, accord­ing to doc­u­ments reviewed by The Wash­ing­ton Post, with plans to award a con­tract worth “tens of bil­lions” of dol­lars to more than one cloud provider by 2021.

    The cloud effort, known as the C2E Com­mer­cial Cloud Enter­prise, builds on an ear­li­er $600 mil­lion cloud com­put­ing con­tract that was award­ed to Amazon’s cloud com­put­ing divi­sion in 2013. And it runs par­al­lel to a sep­a­rate, $10 bil­lion cloud effort being pur­sued by the Defense Depart­ment. Both efforts are meant to out­fit U.S. nation­al secu­ri­ty agen­cies with next-gen­er­a­tion cloud com­put­ing inno­va­tions from Sil­i­con Val­ley.

    The agency’s deci­sion to award the con­tract to more than one com­pa­ny could prove to be a major depar­ture from its past cloud com­put­ing efforts, which have almost exclu­sive­ly involved Ama­zon. The C2E con­tract is sure to become a source of intense com­pe­ti­tion between the two lead­ing U.S. com­mer­cial cloud providers, Ama­zon and Microsoft. And oth­er com­peti­tors includ­ing IBM, Ora­cle and Google may see an oppor­tu­ni­ty to gain mar­ket share.

    An exec­u­tive from IBM’s fed­er­al busi­ness unit, which com­petes with Ama­zon Web Ser­vices, laud­ed the CIA’s deci­sion to turn to more than one cloud provider.

    “The world’s largest enter­pris­es are mov­ing to mul­ti-cloud envi­ron­ments because of their secu­ri­ty, flex­i­bil­i­ty and resilience,” IBM Fed­er­al gen­er­al man­ag­er Sam Gordy said in an email. “The CIA’s approach to C2E clear­ly rec­og­nizes the val­ue of mul­ti-cloud while encour­ag­ing com­pe­ti­tion, sup­port­ing lega­cy appli­ca­tions and ensur­ing the agency’s access to future inno­va­tion.”

    ...

    The agency held an indus­try day for prospec­tive bid­ders on March 22, accord­ing to doc­u­ments reviewed by The Post and report­ed about ear­li­er by Bloomberg News. Doc­u­ments from the indus­try day note that the sys­tem should be able to han­dle both clas­si­fied and unclas­si­fied infor­ma­tion, and incor­po­rate data sources both on the ground and in space. The agency intends to “acquire cloud com­put­ing ser­vices direct­ly from com­mer­cial cloud ser­vice providers with estab­lished track records for inno­va­tion and oper­a­tional excel­lence in cloud ser­vice deliv­ery for a large cus­tomer base,” sug­gest­ing the agency wants to turn to a com­pa­ny that already has sub­stan­tial expe­ri­ence in the com­mer­cial tech­nol­o­gy indus­try.

    And the doc­u­ments not­ed that who wins the con­tract should be able to sup­port cloud con­nec­tions at “tac­ti­cal edge loca­tions,” sug­gest­ing the sys­tem will be used for the agency’s world­wide intel­li­gence-gath­er­ing oper­a­tions and not just for its U.S.-based busi­ness sys­tems. A pre­lim­i­nary time­line released at the indus­try day calls for “one or more con­tracts” to be award­ed “no lat­er than July 2021.”

    The CIA’s new cloud com­put­ing effort comes as the Defense Department’s par­al­lel effort, known as the Joint Enter­prise Defense Infra­struc­ture or “JEDI” for short, is stalled in a pro­tract­ed legal bat­tle. At the root of the con­flict is a Defense Depart­ment deci­sion to turn to just one provider for the JEDI con­tract, fol­low­ing a sim­i­lar approach to the CIA’s ear­li­er efforts. The Defense Depart­ment has empha­sized that, although it will work with mul­ti­ple cloud providers for its over­all mis­sion, the JEDI effort would be bid to just one com­pa­ny in order to make for an eas­i­er tran­si­tion. That deci­sion has been laud­ed by Ama­zon and crit­i­cized by its com­peti­tors

    Pre-award bid protests from IBM and Ora­cle were respec­tive­ly dis­missed and denied last year. In a new­er bid protest case in the U.S. Court of Fed­er­al Claims, Ora­cle is suing the Defense Depart­ment and Ama­zon for what it claims are “con­flicts of inter­est” in rela­tion to Ama­zon.

    The Defense Depart­ment put a hold on the case while it inves­ti­gates those con­flicts. In the mean­time, the Pentagon’s $10 bil­lion JEDI con­tract, though orig­i­nal­ly, expect­ed in April 2019, is on hold. Ama­zon, Microsoft, IBM and Ora­cle have sub­mit­ted bids.

    ———-

    “CIA long relied exclu­sive­ly on Ama­zon for its cloud com­put­ing. Now it is seek­ing mul­ti­ple providers for a mas­sive new con­tract.” by Aaron Gregg, The Wash­ing­ton Post, 04/02/2019

    The agency’s deci­sion to award the con­tract to more than one com­pa­ny could prove to be a major depar­ture from its past cloud com­put­ing efforts, which have almost exclu­sive­ly involved Ama­zon. The C2E con­tract is sure to become a source of intense com­pe­ti­tion between the two lead­ing U.S. com­mer­cial cloud providers, Ama­zon and Microsoft. And oth­er com­peti­tors includ­ing IBM, Ora­cle and Google may see an oppor­tu­ni­ty to gain mar­ket share.”

    Will com­pe­ti­tion between mul­ti­ple cloud com­put­ing giants lead to a bet­ter and cheap­er CIA cloud? We’ll find out. We’ll also find out, but not the the Depart­ment of Defense is stick­ing with just a sin­gle provider for its planned cloud (and it looks like Ama­zon will prob­a­bly get that con­tract):

    ...
    The CIA’s new cloud com­put­ing effort comes as the Defense Department’s par­al­lel effort, known as the Joint Enter­prise Defense Infra­struc­ture or “JEDI” for short, is stalled in a pro­tract­ed legal bat­tle. At the root of the con­flict is a Defense Depart­ment deci­sion to turn to just one provider for the JEDI con­tract, fol­low­ing a sim­i­lar approach to the CIA’s ear­li­er efforts. The Defense Depart­ment has empha­sized that, although it will work with mul­ti­ple cloud providers for its over­all mis­sion, the JEDI effort would be bid to just one com­pa­ny in order to make for an eas­i­er tran­si­tion. That deci­sion has been laud­ed by Ama­zon and crit­i­cized by its com­peti­tors
    ...

    And note how the CIA’s cloud is going to have to be acces­si­ble at “tac­ti­cal edge loca­tions”, which implies that the cloud is going to have to be some­how acces­si­ble not just from bat­tle­field loca­tions but also from places like behind Chi­na’s inter­net fire­wall:

    ...
    And the doc­u­ments not­ed that who wins the con­tract should be able to sup­port cloud con­nec­tions at “tac­ti­cal edge loca­tions,” sug­gest­ing the sys­tem will be used for the agency’s world­wide intel­li­gence-gath­er­ing oper­a­tions and not just for its U.S.-based busi­ness sys­tems. A pre­lim­i­nary time­line released at the indus­try day calls for “one or more con­tracts” to be award­ed “no lat­er than July 2021.”
    ...

    Giv­en that the CIA is plan­ning on its future cloud being used for intel­li­gence-gath­er­ing pur­pos­es which implies access­ing it over the inter­net in coun­tries like Chi­na, we should prob­a­bly expect a lot more boost­ing by the US gov­ern­ment of ser­vices like Tor that were tai­lor made for spies.

    As we can see, Ama­zon is def­i­nite­ly going to be much more close­ly fused with the over­all US nation­al secu­ri­ty appa­ra­tus in the com­ing decades. And some yet-to-be-cho­sen cloud serv­er com­peti­tors will also have a very cozy rela­tion­ship with the CIA too.

    So with all that in mind, here’s reminder that any spies embed­ded in work­force main­tain­ing this vast nation­al secu­ri­ty cloud infra­struc­ture are prob­a­bly going to be involved in a lot of intel­li­gence gath­er­ing of their own: Cap­i­tal One just announced mas­sive hack involv­ing the per­son­al data of over 100 mil­lion peo­ple. The data includes 140,000 Social Secu­ri­ty num­bers and 80,000 bank account num­bers. The data was stolen from an Ama­zon Web Ser­vices serv­er Capi­tol One was using. It appears that a mis­con­fig­u­ra­tion of the server’s fire­wall by Capi­tol One was what left the serv­er vul­ner­a­ble, so it was­n’t a prob­lem with Ama­zon’s actu­al infra­struc­ture. But there was one part of Ama­zon’s infra­struc­ture that was com­pro­mised: the hack­er was a for­mer Ama­zon Web Ser­vices engi­neer who worked on the same serv­er busi­ness Capi­tol One was using:

    The New York Times

    Cap­i­tal One Data Breach Com­pro­mis­es Data of Over 100 Mil­lion

    By Emi­ly Flit­ter and Karen Weise
    July 29, 2019

    A soft­ware engi­neer in Seat­tle hacked into a serv­er hold­ing cus­tomer infor­ma­tion for Cap­i­tal One and obtained the per­son­al data of over 100 mil­lion peo­ple, fed­er­al pros­e­cu­tors said on Mon­day, in one of the largest thefts of data from a bank.

    The sus­pect, Paige Thomp­son, 33, left a trail online for inves­ti­ga­tors to fol­low as she boast­ed about the hack­ing, accord­ing to court doc­u­ments in Seat­tle, where she was arrest­ed and charged with one count of com­put­er fraud and abuse.

    Ms. Thomp­son, who for­mer­ly worked for Ama­zon Web Ser­vices, which host­ed the Cap­i­tal One data­base that was breached, was not shy about her work as a hack­er. She is list­ed as the orga­niz­er of a group on Meet­up, a social net­work, called Seat­tle Warez Kid­dies, described as a gath­er­ing for “any­body with an appre­ci­a­tion for dis­trib­uted sys­tems, pro­gram­ming, hack­ing, crack­ing.”

    The F.B.I. noticed her activ­i­ty on Meet­up and used it to trace her oth­er online activ­i­ties, even­tu­al­ly link­ing her to posts describ­ing the data theft on Twit­ter and the Slack mes­sag­ing ser­vice.

    “I’ve basi­cal­ly strapped myself with a bomb vest,” Ms. Thomp­son wrote in a Slack post, accord­ing to pros­e­cu­tors, “drop­ping cap­i­tal ones dox and admit­ting it.”

    Online, she used the name “errat­ic,” inves­ti­ga­tors said, adding that they ver­i­fied her iden­ti­ty after she post­ed a pho­to­graph of an invoice she had received from a vet­eri­nar­i­an car­ing for one of her pets.

    Accord­ing to court papers and Cap­i­tal One, Ms. Thomp­son stole 140,000 Social Secu­ri­ty num­bers and 80,000 bank account num­bers in the breach.

    In addi­tion to the tens of mil­lions of cred­it card appli­ca­tions stolen, the com­pa­ny said on Mon­day, the breach com­pro­mised one mil­lion Cana­di­an social insur­ance num­bers — the equiv­a­lent of Social Secu­ri­ty num­bers for Amer­i­cans.

    The infor­ma­tion came from cred­it card appli­ca­tions that con­sumers and small busi­ness­es had sub­mit­ted as ear­ly as 2005 and as recent­ly as 2019, accord­ing to Cap­i­tal One, which is the nation’s third-largest cred­it card issuer, accord­ing to its web­site.

    “Based on our analy­sis to date,” the bank said in a state­ment, “we believe it is unlike­ly that the infor­ma­tion was used for fraud or dis­sem­i­nat­ed by this indi­vid­ual.”

    The bank also said it expect­ed that the breach would cost it up to $150 mil­lion, includ­ing pay­ing for cred­it mon­i­tor­ing for affect­ed cus­tomers. Last week, the cred­it bureau Equifax set­tled claims from a 2017 data breach that exposed sen­si­tive infor­ma­tion on over 147 mil­lion con­sumers, cost­ing it about $650 mil­lion.

    Ama­zon Web Ser­vices hosts the remote data servers that com­pa­nies use to store their infor­ma­tion, but large enter­pris­es like Cap­i­tal One build their own web appli­ca­tions on top of Amazon’s cloud data so they can use the infor­ma­tion in ways spe­cif­ic to their needs.

    The F.B.I. agent who inves­ti­gat­ed the breach said in court papers that Ms. Thomp­son had gained access to the sen­si­tive data through a “mis­con­fig­u­ra­tion” of a fire­wall on a web appli­ca­tion. That allowed the hack­er to com­mu­ni­cate with the serv­er where Cap­i­tal One was stor­ing its infor­ma­tion and, even­tu­al­ly, obtain cus­tomer files.

    Ama­zon said its cus­tomers ful­ly con­trolled the appli­ca­tions they built, and Cap­i­tal One said in a news release that it had “imme­di­ate­ly fixed the con­fig­u­ra­tion vul­ner­a­bil­i­ty” once it dis­cov­ered the prob­lem. Ama­zon said it had found no evi­dence that its under­ly­ing cloud ser­vices were com­pro­mised.

    On July 17, a tip­ster wrote to a Cap­i­tal One secu­ri­ty hot­line, warn­ing that some of the bank’s data appeared to have been “leaked,” the crim­i­nal com­plaint said.

    Once alert­ed to the breach, the author­i­ties found what they said were Ms. Thompson’s online boasts that she want­ed to “dis­trib­ute” the mate­ri­als. On June 27, she also list­ed “sev­er­al com­pa­nies, gov­ern­ment enti­ties and edu­ca­tion­al insti­tu­tions,” accord­ing to court papers, which inves­ti­ga­tors inter­pret­ed to be oth­er hacks she “may have com­mit­ted.”

    Oth­er users in that chan­nel, on Slack, expressed alarm. One said “don’t go to jail plz,” accord­ing to the com­plaint.

    On Mon­day, F.B.I. agents exe­cut­ed a search war­rant on Ms. Thompson’s house. They seized “numer­ous dig­i­tal devices,” pros­e­cu­tors said, and found on them “items that ref­er­enced Cap­i­tal One” and Ama­zon, which they referred to in the com­plaint only as the “cloud com­put­ing com­pa­ny.”

    “I am deeply sor­ry for what has hap­pened,” the bank’s chief exec­u­tive, Richard D. Fair­bank, said in a state­ment. “I sin­cere­ly apol­o­gize for the under­stand­able wor­ry this inci­dent must be caus­ing those affect­ed, and I am com­mit­ted to mak­ing it right.”

    Cap­i­tal One said the bank account num­bers were linked to cus­tomers with “secured” cred­it cards. Secured cards require cus­tomers to put forth a sum of mon­ey — $200 or $250 — in exchange for a card.

    “It’s a way for banks to min­i­mize the risk asso­ci­at­ed with lend­ing to folks who don’t have per­fect cred­it or who are just get­ting start­ed,” said Matt Schulz, an ana­lyst for Com­pare Cards. These cus­tomers are vul­ner­a­ble, he said, and “often have very lit­tle finan­cial mar­gin for error.”

    While the breach was pos­si­ble because of a secu­ri­ty lapse by Cap­i­tal One, it was aid­ed by Ms. Thompson’s exper­tise. Infor­ma­tion post­ed on social media shows she worked at one time for Ama­zon, as an engi­neer for the same serv­er busi­ness that court papers said Cap­i­tal One was using.

    Cap­i­tal One is a long­stand­ing and promi­nent client of Amazon’s. In a 2015 keynote at Ama­zon Web Ser­vices’ main annu­al con­fer­ence, a Cap­i­tal One exec­u­tive gave a pre­sen­ta­tion on the company’s efforts to move crit­i­cal parts of its tech­nol­o­gy to Amazon’s cloud infra­struc­ture so it could focus on build­ing con­sumer appli­ca­tions and oth­er needs.

    Ms. Thomp­son will remain in fed­er­al cus­tody until a hear­ing on Thurs­day, pros­e­cu­tors said. Her lawyer did not respond to an email seek­ing com­ment.

    Cap­i­tal One has faced secu­ri­ty breach­es before, and they are a con­stant, and cost­ly, threat for the finan­cial indus­try. The chief of JPMor­gan Chase, Jamie Dimon, has said his bank spends almost $600 mil­lion a year on secu­ri­ty. Bank of America’s chief has said in the past that the bank has a “blank check” for cyber­se­cu­ri­ty.

    In a breach in 2017, Cap­i­tal One noti­fied cus­tomers that a for­mer employ­ee may have had access for near­ly four months to their per­son­al data, includ­ing account num­bers, tele­phone num­bers, trans­ac­tion his­to­ry and Social Secu­ri­ty num­bers. The com­pa­ny report­ed a sim­i­lar breach involv­ing an employ­ee in 2014.

    ...

    ———-

    “Cap­i­tal One Data Breach Com­pro­mis­es Data of Over 100 Mil­lion” by Emi­ly Flit­ter and Karen Weise, The New York Times, 07/29/2019

    While the breach was pos­si­ble because of a secu­ri­ty lapse by Cap­i­tal One, it was aid­ed by Ms. Thompson’s exper­tise. Infor­ma­tion post­ed on social media shows she worked at one time for Ama­zon, as an engi­neer for the same serv­er busi­ness that court papers said Cap­i­tal One was using.”

    Being a for­mer AWS engi­neer was no doubt quite help­ful in exe­cut­ing this hack. And note that this isn’t the kind of thing Ama­zon can defend against since it was Cap­i­tal One’s own staff who was respon­si­ble for con­fig­ur­ing the fire­wall:

    ...
    Ama­zon Web Ser­vices hosts the remote data servers that com­pa­nies use to store their infor­ma­tion, but large enter­pris­es like Cap­i­tal One build their own web appli­ca­tions on top of Amazon’s cloud data so they can use the infor­ma­tion in ways spe­cif­ic to their needs.

    The F.B.I. agent who inves­ti­gat­ed the breach said in court papers that Ms. Thomp­son had gained access to the sen­si­tive data through a “mis­con­fig­u­ra­tion” of a fire­wall on a web appli­ca­tion. That allowed the hack­er to com­mu­ni­cate with the serv­er where Cap­i­tal One was stor­ing its infor­ma­tion and, even­tu­al­ly, obtain cus­tomer files.

    Ama­zon said its cus­tomers ful­ly con­trolled the appli­ca­tions they built, and Cap­i­tal One said in a news release that it had “imme­di­ate­ly fixed the con­fig­u­ra­tion vul­ner­a­bil­i­ty” once it dis­cov­ered the prob­lem. Ama­zon said it had found no evi­dence that its under­ly­ing cloud ser­vices were com­pro­mised.
    ...

    And if these kinds of tech­ni­cal mis­takes seem like the thing defense con­trac­tors and nation­al secu­ri­ty employ­ees work­ing on these clouds with sen­si­tive infor­ma­tion aren’t like­ly to make, recall the sto­ry from 2017 about a top defense con­trac­tor leav­ing a cache of 60,000 files filled with sen­si­tive infor­ma­tion includ­ing pass­words on an Ama­zon cloud serv­er that was left exposed to the inter­net with no pass­word pro­tec­tion. And, of course, there’s the whole Snow­den affair. Keep in mind that CIA uses secu­ri­ty con­trac­tors too, like Palan­tir, so that 2017 data breach night­mare sto­ry could be a pre­lude to a future del­uge of sim­i­lar sto­ries. Along those lines, it’s worth ask­ing how much access direct Palan­tir will have to the infor­ma­tion in these upcom­ing CIA and DOD clouds.

    Also note the hack­er in this case, Paige Thomp­son, appears to have men­tal health issues and was seem­ing­ly try­ing to get caught. That’s the rea­son this hack was caught. The hack­er open­ly bragged about it. The future hack­ers of these nation­al secu­ri­ty clouds pre­sum­ably won’t be as open.

    So at this point it’s clear that Ama­zon’s cozy rela­tion­ship with the US nation­al secu­ri­ty state is poised to get a lot cozi­er and the com­pa­ny is going to be privy to a vast trove of high­ly sen­si­tive nation­al secu­ri­ty infor­ma­tion. Whether or not the rest of the world ends up get­ting access to this trove pre­sum­ably depends on the secu­ri­ty of those future clouds. Uh oh.

    Posted by Pterrafractyl | August 1, 2019, 1:04 pm

Post a comment