Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

For The Record  

FTR #1080 Surveillance Valley, Part 6: Double Agents, Part 2 (Foxes Guarding the Online Privacy Henhouse, Part 3)

Dave Emory’s entire life­time of work is avail­able on a flash dri­ve that can be obtained HERE. The new dri­ve is a 32-giga­byte dri­ve that is cur­rent as of the pro­grams and arti­cles post­ed by the fall of 2017. The new dri­ve (avail­able for a tax-deductible con­tri­bu­tion of $65.00 or more.)

WFMU-FM is pod­cast­ing For The Record–You can sub­scribe to the pod­cast HERE.

You can sub­scribe to e‑mail alerts from Spitfirelist.com HERE.

You can sub­scribe to RSS feed from Spitfirelist.com HERE.

Please con­sid­er sup­port­ing THE WORK DAVE EMORY DOES.

This broad­cast was record­ed in one, 60-minute seg­ment.

Intro­duc­tion: In this pro­gram, we resume dis­cus­sion and analy­sis of the con­sum­mate­ly impor­tant recent book Sur­veil­lance Val­ley: The Secret Mil­i­tary His­to­ry of the Inter­net by Yasha Levine. In the pre­vi­ous pro­gram, we not­ed, among oth­er points of analy­sis, the deci­sive role of Eddie “The Friend­ly Spook” Snow­den in pro­mot­ing the intel­li­gence-agency craft­ed Tor net­work.

In addi­tion to Tor, the Open Tech­nol­o­gy Fund (read “CIA”) helped finance the Sig­nal app for mobile phones. It, too, is fun­da­men­tal­ly com­pro­mised. ” . . . . . . . . The Tor project remained the best-known pri­va­cy app fund­ed by the Open Tech­nol­o­gy Fund, but it was quick­ly joined by anoth­er: Sig­nal, an encrypt­ed mobile phone mes­sag­ing app for the iPhone and Android. . . .”

Not sur­pris­ing­ly, the CIA’s Eddie “The Friend­ly Spook” Snow­den was a big pro­mot­er of Sig­nal, as well as Tor: ” . . . . Peo­ple at the ACLU claimed that Sig­nal made fed­er­al agents weep. The Elec­tron­ic Fron­tier Foun­da­tion added Sig­nal along­side Tor to its Sur­veil­lance Self-Defense guide. Fight for the Future, a Sil­i­con Val­ley-fund­ed pri­va­cy activist orga­ni­za­tion, described Sig­nal and Tor as ‘NSA-proof’ and urged peo­ple to use them. Edward Snow­den was the com­bo’s biggest and most famous boost­er and repeat­ed­ly took to Twit­ter to tell his three mil­lion fol­low­ers that he used Sig­nal and Tor every day, and that they should do the same to pro­tect them­selves from gov­ern­ment sur­veil­lance. ‘Use Tor, Use Sig­nal,’ he tweet­ed out.

“With endorse­ments like these, Sig­nal quick­ly became the go-to app for polit­i­cal activists around the world. Egypt, Rus­sia, Syr­ia, and even the Unit­ed States—millions down­loaded Sig­nal, and it became the com­mu­ni­ca­tion app of choice for those who hoped to avoid police sur­veil­lance. Fem­i­nist col­lec­tives, anti-Pres­i­dent Don­ald Trump pro­test­ers, com­mu­nists, anar­chists, rad­i­cal ani­mal rights orga­ni­za­tions, Black Lives Mat­ter activists—all flocked to Sig­nal. Many were heed­ing Snow­den’s advice: ‘Orga­nize. Com­part­men­tal­ize to lim­it com­pro­mise. Encrypt every­thing, from calls to texts (use Sig­nal as a first step.)’ . . . .”

Yasha Levine sums up the fun­da­men­tal con­tra­dic­tions inher­ent  in this dynam­ic: ” . . . . If you stepped back to sur­vey the scene, the entire land­scape of this new Inter­net Free­dom pri­va­cy move­ment looked absurd. Cold War-era orga­ni­za­tions spun off from the CIA now fund­ing the glob­al move­ment against gov­ern­ment sur­veil­lance? Google and Face­book, com­pa­nies that ran pri­vate sur­veil­lance net­works and worked hand in hand with the NSA, deploy­ing gov­ern­ment-fund­ed pri­va­cy tech to pro­tect their users from gov­ern­ment sur­veil­lance? Pri­va­cy activists work­ing with Sil­i­con Val­ley and the US gov­ern­ment to fight gov­ern­ment surveillance—and with the sup­port of Edward Snow­den him­self? . . . .”

Fol­low­ing Snow­den’s pro­mo­tion of OTF’s Tor and Sig­nal tech­nolo­gies, OTF was at a zenith: ” . . . . After Edward Snow­den, OTF was tri­umphant. It did­n’t men­tion the leak­er by name in its pro­mo­tion­al mate­ri­als, but it prof­it­ed from the cryp­to cul­ture he pro­mot­ed and ben­e­fit­ed from his direct endorse­ment of the cryp­to tools it financed. It boast­ed that its part­ner­ship with both Sil­i­con Val­ley and respect­ed pri­va­cy activists meant that hun­dreds of mil­lions of peo­ple could use the pri­va­cy tools the US gov­ern­ment had brought to mar­ket. And OTF promised that this was just a start: ‘By lever­ag­ing social net­work effects, we expect to expand to a bil­lion reg­u­lar users tak­ing advan­tage of OTF-sup­port­ed tools and Inter­net Free­dom tech­nolo­gies by 2015. . . .’

As even­tu­al­ly became clear, the Tor net­work was eas­i­ly breached. It is a safe bet that the fas­cists grouped around the Pirate Bay site (on which Wik­iLeaks held forth), had breached Tor’s “secre­cy,” in addi­tion to the obvi­ous fact that intel­li­gence ser­vices could pen­e­trate it at will.

With this in mind, John Young’s rumi­na­tion about Wik­iLeaks sound more and more sub­stan­tive.

In all prob­a­bil­i­ty, Wik­iLeaks was a huge data min­ing oper­a­tion both by the very intel­li­gence agen­cies who were osten­si­bly tar­get­ed by Wik­iLeaks, and the Fas­cist Inter­na­tion­al net­work around Carl Lund­strom, Daniel Friberg, David Duke et al.

In FTR #‘s 756 and 831 we not­ed Snow­den’s fas­cist views and con­nec­tions. Levine mere­ly char­ac­ter­izes him as a “right-wing lib­er­tar­i­an,” but there is MUCH MORE TO IT THAN  THAT!

Snow­den down­played the fun­da­men­tal role of the Big Tech firms in aid­ing and abet­ting gov­ern­ment sur­veil­lance, in addi­tion to their own mas­sive sur­veil­lance and resul­tant data min­ing. ” . . . . There, while liv­ing under state pro­tec­tion at an undis­closed loca­tion in Moscow, he swept Sil­i­con Val­ley’s role in Inter­net sur­veil­lance under the rug. Asked about it by Wash­ing­ton Post reporter Bar­ton Gell­man, who had first report­ed on the NSA’s PRISM pro­gram, Snow­den shrugged off the dan­ger posed by com­pa­nies like Google and Face­book. The rea­son? Because pri­vate com­pa­nies do not have the pow­er to arrest, jail, or kill peo­ple. ‘Twit­ter does­n’t put war­heads on fore­heads,’ he joked. . . .”

Embody­ing his “cor­po­ratist” and Tech­no­crat­ic Fas­cist point of view, Snow­den cham­pi­oned the Big Tech firms as bul­warks against gov­ern­ment Inter­net sur­veil­lance, despite the only-too-obvi­ous fact (rein­forced by the doc­u­ments he leaked) that Big Tech is–and always has been–in bed with, and active­ly col­lab­o­rat­ing with, the very gov­ern­ment intel­li­gence agen­cies con­duct­ing that sur­veil­lance: ” . . . . The only islands of safe­ty were the pri­vate data cen­ters con­trolled by pri­vate companies—Google, Apple, Face­book. These were the cyber-fortress­es and walled cities that offered sanc­tu­ary to the mass­es. In this chaot­ic land­scape, com­put­er engi­neers and cryp­tog­ra­phers played the role of self­less gal­lop­ing knights and wiz­ard-war­riors whose job was to pro­tect the weak folk of the Inter­net: the young, the old and infirm, fam­i­lies. It was their duty to ride out, weapons aloft, and con­vey peo­ple and their pre­cious data safe­ly from fortress to fortress, not let­ting any of the infor­ma­tion fall into the hands of gov­ern­ment spies. He called on them to start a peo­ple’s pri­va­cy war, ral­ly­ing them to go forth and lib­er­ate the Inter­net, to reclaim it from the gov­ern­ments of the world. . . .”

The nau­se­at­ing head of Facebook–Mark Zuckerberg–has decried the intel­li­gence com­mu­ni­ty’s use of the Inter­net for data min­ing. In FTR #1077, we high­light­ed the Cam­bridge Ana­lyt­i­ca affair, and Face­book’s full coop­er­a­tion with that project at every turn.

Oth­er Big Tech firms had sim­i­lar reac­tions. “. . . . . ‘We had­n’t even heard of PRISM before yes­ter­day,’ Mark Zucker­berg wrote in a Face­book post. He blamed the gov­ern­ment and posi­tioned Face­book as a vic­tim. “I’ve called Pres­i­dent Oba­ma to express my frus­tra­tion over the dam­age the gov­ern­ment is cre­at­ing for all of our future. Unfor­tu­nate­ly, it seems like it will take a very long time for true full reform.’ Apple,  Microsoft, Google, and Yahoo! All react­ed in much the same way, deny­ing the alle­ga­tions and paint­ing them­selves as the vic­tims of gov­ern­ment over­reach. ‘It’s tremen­dous­ly dis­ap­point­ing that the gov­ern­ment sort of secret­ly did all this stuff and did­n’t tell us. We can’t have a democ­ra­cy if we’re hav­ing to pro­tect you and our users from the gov­ern­ment,’ Lar­ry Page told Char­lie Rose in an inter­view on CBS. . . . .”

We present the con­clu­sion of the main part of the book, with Levine’s sum­ma­tion of the inex­tri­ca­ble nature and sym­bio­sis between the Inter­net, the tech firms and the so-called “pri­va­cy com­mu­ni­ty.”

The key points of dis­cus­sion and analy­sis of Levine’s book (as a whole) include:

  1. The Inter­net is a weapon, devel­oped for counter-insur­gency pur­pos­es.
  2. Big Tech firms net­work with the very intel­li­gence ser­vices they pub­licly decry.
  3. Big Tech firms that data mine their cus­tomers on a near­ly unimag­in­able scale do so as a direct, oper­a­tional exten­sion of the very sur­veil­lance func­tion upon which  the Inter­net is pred­i­cat­ed.
  4. The tech­nolo­gies tout­ed by the so-called “Pri­va­cy Activists” such as Edward Snow­den and Jacob Apple­baum were devel­oped by the very intel­li­gence ser­vices they are sup­posed to deflect.
  5. The tech­nolo­gies tout­ed by the so-called “Pri­va­cy Activists” such as Edward Snow­den and Jacob Applebaum–such as the Tor Inter­net func­tion and the Sig­nal mobile phone app– are read­i­ly acces­si­ble to the very intel­li­gence ser­vices they are sup­posed to deflect.
  6. The orga­ni­za­tions that pro­mote the alleged virtues of Snow­den, Apple­baum, Tor, Sig­nal et al are linked to the very intel­li­gence ser­vices they would have us believe they oppose.
  7. Big Tech firms embrace “Inter­net Free­dom” as a dis­trac­tion from their own will­ful and all-embrac­ing data min­ing and their ongo­ing con­scious col­lab­o­ra­tion with the very intel­li­gence ser­vices they pub­licly decry.

NB: Mr. Levine does not go into the fascis­tic char­ac­ter of Snow­den, Assange, Green­wald et al. Some of those shows: Green­wald–FTR #888, Snow­den–FTR #‘s 756, 831, Assange and Wik­iLeaks–FTR #‘s 732, 745, 755, 917.

“. . . . Then there was the fact that Sig­nal ran on Ama­zon’s servers, which meant that all its data were avail­able to a part­ner in the NSA’s PRISM sur­veil­lance pro­gram. Equal­ly prob­lem­at­ic, Sig­nal need­ed Apple and Google to install and run the app on peo­ple’s mobile phones. Both com­pa­nies were, and as far as we know still are, part­ners in PRISM as well. ‘Google usu­al­ly has root access to the phone, there’s the issue of integri­ty,’ writes Sander Ven­e­ma, a respect­ed devel­op­er and secure—technology train­er, in a blog post explain­ing why he no longer rec­om­mends peo­ple use Sig­nal for encrypt­ed chat. ‘Google is still coop­er­at­ing with the NSA and oth­er intel­li­gence agen­cies. PRISM is also still a thing. I’m pret­ty sure that Google could serve a spe­cial­ly mod­i­fied update or ver­sion of Sig­nal to spe­cif­ic tar­get for sur­veil­lance, and they would be none the wis­er that they installed mal­ware on their phones.’ . . .

. . . . So, although the app encrypt­ed the con­tent of peo­ple’s mes­sages, it also marked them with a flash­ing red sign: ‘Fol­low Me, I Have Some­thing to Hide.’ (Indeed, activists protest­ing at the Demo­c­ra­t­ic Nation­al Con­ven­tion in Philadel­phia in 2016 told me that they were bewil­dered by the fact that police seemed to know and antic­i­pate their every move despite their hav­ing used Sig­nal to orga­nize. . . .”

” . . . . For many Inter­net com­pa­nies, includ­ing Google and Face­book, sur­veil­lance is the busi­ness mod­el. It is the base on which their cor­po­rate and eco­nom­ic pow­er rests. Dis­en­tan­gle sur­veil­lance and prof­it, and these com­pa­nies would col­lapse. Lim­it data col­lec­tion, an the com­pa­nies would see investors flee and their stock prices plum­met. [Ital­ics are mine–D.E.]

“Sil­i­con Val­ley fears a polit­i­cal solu­tion to pri­va­cy. Inter­net Free­dom and cryp­to offer an accept­able alter­na­tive. Tools like Sig­nal and Tor pro­vide a false solu­tion to the pri­va­cy prob­lem, focus­ing people’s atten­tion on gov­ern­ment sur­veil­lance and dis­tract­ing them from the pri­vate spy­ing car­ried out by the Inter­net com­pa­nies they use every day. All the while, cryp­to tools give peo­ple a [false] sense that they’re doing some­thing to pro­tect them­selves, a feel­ing of per­son­al empow­er­ment and con­trol. And all those cryp­to rad­i­cals? Well, they just enhance the illu­sion, height­en­ing the impres­sion of risk and dan­ger. With Sig­nal or Tor installed, using an iPhone or Android sud­den­ly becomes edgy and rad­i­cal. So instead of push­ing for polit­i­cal and demo­c­ra­t­ic solu­tions to sur­veil­lance, we out­source our pri­va­cy pol­i­tics to cryp­to apps–software made by the very same pow­er­ful enti­ties that these apps are sup­posed to pro­tect us from. . . .”

1. The Arab Spring pro­vid­ed moti­va­tion for enhanced U.S. fund­ing for Inter­net Free­dom. The Open Tech­nol­o­gy Fund, like the BBG a CIA “deriv­a­tive,” was at the cen­ter of this: ” . . . . The moti­va­tion for this expan­sion came out of the Arab Spring. The idea was to make sure the US gov­ern­ment would main­tain its tech­no­log­i­cal advan­tage in the cen­sor­ship arms race that began in the ear­ly 2000s, but the funds were also going into devel­op­ing a new gen­er­a­tion of tools aimed at lever­ag­ing the pow­er of the Inter­net to help for­eign oppo­si­tion activists orga­nize into cohe­sive polit­i­cal move­ments. The BBG’s $25.5 mil­lion cut of the cash more than dou­bled the agen­cy’s anti­cen­sor­ship tech­nol­o­gy bud­get from the pre­vi­ous year, and the BBG fun­neled the mon­ey into the Open Tech­nol­o­gy Fund, a new orga­ni­za­tion it had cre­at­ed with­in Radio Free Asia to fund Inter­net Free­dom tech­nolo­gies in the wake of the Arab Spring. . . .”

The fun­da­men­tal posi­tion of BBG and OTF (read “CIA”) to the so-called online pri­va­cy com­mu­ni­ty was con­cise­ly expressed by Yasha Levine: ” . . . . From behind this hip and con­nect­ed exte­ri­or, BBG and Radio Free Asia built a ver­ti­cal­ly inte­grat­ed incu­ba­tor for Inter­net Free­dom tech­nolo­gies, pour­ing mil­lions into projects big and small, includ­ing every­thing from evad­ing cen­sor­ship to help­ing polit­i­cal orga­niz­ing, protests, and move­ment build­ing. With its deep pock­ets and its recruit­ment of big-name pri­va­cy activists, the Open Tech­nol­o­gy Fund did­n’t just thrust itself into the pri­va­cy move­ment. In many ways, it WAS the pri­va­cy move­ment. . . .”

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 254—256.

. . . . In ear­ly Jan­u­ary 2014, six months after Snow­den’s leaks, Con­gress passed the Con­sol­i­dat­ed Appro­pri­a­tions Act, an omnibus fed­er­al spend­ing bill. Tucked into the bil­l’s rough­ly fif­teen hun­dred pages was a short pro­vi­sion that ded­i­cat­ed $50.5 mil­lion to the expan­sion of the US gov­ern­men­t’s Inter­net Free­dom arse­nal. The funds were to be split even­ly between the State Depart­ment and the Broad­cast­ing Board of Gov­er­nors.

Although Con­gress had been pro­vid­ing funds for var­i­ous anti-cen­sor­ship pro­grams for years, this was the first time that it bud­get­ed mon­ey specif­i­cal­ly for Inter­net Free­dom. The moti­va­tion for this expan­sion came out of the Arab Spring. The idea was to make sure the US gov­ern­ment would main­tain its tech­no­log­i­cal advan­tage in the cen­sor­ship arms race that began in the ear­ly 2000s, but the funds were also going into devel­op­ing a new gen­er­a­tion of tools aimed at lever­ag­ing the pow­er of the Inter­net to help for­eign oppo­si­tion activists orga­nize into cohe­sive polit­i­cal move­ments.

The BBG’s $25.5 mil­lion cut of the cash more than dou­bled the agen­cy’s anti­cen­sor­ship tech­nol­o­gy bud­get from the pre­vi­ous year, and the BBG fun­neled the mon­ey into the Open Tech­nol­o­gy Fund, a new orga­ni­za­tion it had cre­at­ed with­in Radio Free Asia to fund Inter­net Free­dom tech­nolo­gies in the wake of the Arab Spring.

Ini­tial­ly launched by the Cen­tral Intel­li­gence Agency in 1951 to tar­get Chi­na with anti­com­mu­nist radio broad­casts, Radio Free Asia had been shut­tered and relaunched sev­er­al times over the course of its his­to­ry. In 1994, after the fall of the Sovi­et Union, it reap­peared Ter­mi­na­tor-like as a pri­vate non­prof­it cor­po­ra­tion whol­ly con­trolled and fund­ed by the Broad­cast­ing Board of Gov­er­nors. . . .

. . . . Now, with the Open Tech­nol­o­gy Fund (OTF), Radio Free Asia over­saw the fund­ing of Amer­i­ca’s Inter­net Free­dom pro­grams. To run OTF’s day-to-day oper­a­tions, Radio Free Asia hired Dan Mered­ith, a young techie who worked at Al-Jazeera in Qatar and who had been involved in the State Depart­men­t’s anti­cen­sor­ship ini­tia­tives going back to 2011. With a scruffy beard and messy blond surfer hair, Mered­ith was­n’t a typ­i­cal stuffy State Depart­ment suit. He was flu­ent in cypher­punk-hack­tivist lin­go and was very much a part of the grass­roots pri­va­cy com­mu­ni­ty he sought to woo. In short, he was­n’t the kind of per­son you’d expect to run a gov­ern­ment project with major for­eign pol­i­cy impli­ca­tions.

With him at the helm, OTF put a lot of effort on brand­ing. Out­ward­ly, it looked like a grass­roots pri­va­cy activist orga­ni­za­tion, not a gov­ern­ment agency. It pro­duced hip 8‑bit YouTube videos about its mis­sion to use “pub­lic funds to sup­port Inter­net free­dom projects” and pro­mote “human rights and open soci­eties.” Its web lay­out con­stant­ly changed to reflect the trendi­est design stan­dards.

But if OTF appeared scrap­py, it was also extreme­ly well con­nect­ed. The orga­ni­za­tion was sup­port­ed by a star-stud­ded team—from best-sell­ing sci­ence fic­tion authors to Sil­i­con Val­ley exec­u­tives and cel­e­brat­ed cryp­tog­ra­phy experts. Its advi­so­ry board includ­ed big names from the Colum­bia Jour­nal­ism School, the Elec­tron­ic Fron­tier Foun­da­tion, the Ford Foun­da­tion, Open Soci­ety Foun­da­tions, Google, Slack, and Mozil­la. Andrew McLaugh­lin, the for­mer head of Google’s pub­lic rela­tions team who had brought in Al Gore to talk a Cal­i­for­nia state sen­a­tor into can­cel­ing leg­is­la­tion that would reg­u­late Gmail’s email scan­ning pro­gram, was part of the OTF team. So was Cory Doc­torow, a best-sell­ing young adult sci­ence fic­tion author, whose books about a total­i­tar­i­an gov­ern­men­t’s sur­veil­lance were read and admired by Lau­ra Poitras, Jacob Apple­baum, Roger Din­gle­dine, and Edward Snow­den. Doc­torow was a huge per­son­al­i­ty in the cryp­to move­ment who could fill giant con­fer­ence halls at pri­va­cy con­fer­ences. He pub­licly endorsed OTF’s Inter­net Free­dom mis­sion. “I’m proud to be a vol­un­teer OTF advi­sor,” he tweet­ed.

From behind this hip and con­nect­ed exte­ri­or, BBG and Radio Free Asia built a ver­ti­cal­ly inte­grat­ed incu­ba­tor for Inter­net Free­dom tech­nolo­gies, pour­ing mil­lions into projects big and small, includ­ing every­thing from evad­ing cen­sor­ship to help­ing polit­i­cal orga­niz­ing, protests, and move­ment build­ing. With its deep pock­ets and its recruit­ment of big-name pri­va­cy activists, the Open Tech­nol­o­gy Fund did­n’t just thrust itself into the pri­va­cy move­ment. In many ways, it was the pri­va­cy move­ment. . . .

2. In addi­tion to Tor, the Open Tech­nol­o­gy Fund (read “CIA”) helped finance the Sig­nal app for mobile phones. It, too, is fun­da­men­tal­ly com­pro­mised. ” . . . . . . . . The Tor project remained the best-known pri­va­cy app fund­ed by the Open Tech­nol­o­gy Fund, but it was quick­ly joined by anoth­er: Sig­nal, an encrypt­ed mobile phone mes­sag­ing app for the iPhone and Android. . . .”

Not sur­pris­ing­ly, the CIA’s Eddie “The Friend­ly Spook” Snow­den was a big pro­mot­er of Sig­nal: ” . . . . Peo­ple at the ACLU claimed that Sig­nal made fed­er­al agents weep. The Elec­tron­ic Fron­tier Foun­da­tion added Sig­nal along­side Tor to its Sur­veil­lance Self-Defense guide. Fight for the Future, a Sil­i­con Val­ley-fund­ed pri­va­cy activist orga­ni­za­tion, described Sig­nal and Tor as ‘NSA-proof’ and urged peo­ple to use them. Edward Snow­den was the com­bo’s biggest and most famous boost­er and repeat­ed­ly took to Twit­ter to tell his three mil­lion fol­low­ers that he used Sig­nal and Tor every day, and that they should do the same to pro­tect them­selves from gov­ern­ment sur­veil­lance. ‘Use Tor, Use Sig­nal,’ he tweet­ed out.

“With endorse­ments like these, Sig­nal quick­ly became the go-to app for polit­i­cal activists around the world. Egypt, Rus­sia, Syr­ia, and even the Unit­ed States—millions down­loaded Sig­nal, and it became the com­mu­ni­ca­tion app of choice for those who hoped to avoid police sur­veil­lance. Fem­i­nist col­lec­tives, anti-Pres­i­dent Don­ald Trump pro­test­ers, com­mu­nists, anar­chists, rad­i­cal ani­mal rights orga­ni­za­tions, Black Lives Mat­ter activists—all flocked to Sig­nal. Many were heed­ing Snow­den’s advice: ‘Orga­nize. Com­part­men­tal­ize to lim­it com­pro­mise. Encrypt every­thing, from calls to texts (use Sig­nal as a first step.)’ . . . .”

Yasha Levine sums up the fun­da­men­tal con­tra­dic­tions inher­ent  in this dynam­ic: ” . . . . If you stepped back to sur­vey the scene, the entire land­scape of this new Inter­net Free­dom pri­va­cy move­ment looked absurd. Cold War-era orga­ni­za­tions spun off from the CIA now fund­ing the glob­al move­ment against gov­ern­ment sur­veil­lance? Google and Face­book, com­pa­nies that ran pri­vate sur­veil­lance net­works and worked hand in hand with the NSA, deploy­ing gov­ern­ment-fund­ed pri­va­cy tech to pro­tect their users from gov­ern­ment sur­veil­lance? Pri­va­cy activists work­ing with Sil­i­con Val­ley and the US gov­ern­ment to fight gov­ern­ment surveillance—and with the sup­port of Edward Snow­den him­self? . . . .”

Fol­low­ing Snow­den’s pro­mo­tion of OTF’s Tor and Sig­nal tech­nolo­gies, OTF was at a zenith: ” . . . . After Edward Snow­den, OTF was tri­umphant. It did­n’t men­tion the leak­er by name in its pro­mo­tion­al mate­ri­als, but it prof­it­ed from the cryp­to cul­ture he pro­mot­ed and ben­e­fit­ed from his direct endorse­ment of the cryp­to tools it financed. It boast­ed that its part­ner­ship with both Sil­i­con Val­ley and respect­ed pri­va­cy activists meant that hun­dreds of mil­lions of peo­ple could use the pri­va­cy tools the US gov­ern­ment had brought to mar­ket. And OTF promised that this was just a start: ‘By lever­ag­ing social net­work effects, we expect to expand to a bil­lion reg­u­lar users tak­ing advan­tage of OTF-sup­port­ed tools and Inter­net Free­dom tech­nolo­gies by 2015. . . .’

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 257—260.

. . . . The Tor project remained the best-known pri­va­cy app fund­ed by the Open Tech­nol­o­gy Fund, but it was quick­ly joined by anoth­er: Sig­nal, an encrypt­ed mobile phone mes­sag­ing app for the iPhone and Android.

Sig­nal was devel­oped by Open Whis­per Sys­tems, a for-prof­it cor­po­ra­tion run by Mox­ie Mar­lin­spike, a tall lanky cryp­tog­ra­ph­er with a head full of dread­locks. Mar­lin­spike was an old friend of Jacob Appel­baum, and he played a sim­i­lar rad­i­cal game. He remained cryp­tic about his real name and iden­ti­ty, told sto­ries of being tar­get­ed by the FBI, and spent his free time sail­ing and surf­ing in Hawaii. He had made a good chunk of mon­ey sell­ing his encryp­tion start-up and had worked with the State Depart­ment on Inter­net Free­dom projects since 2011, but he posed as a feisty anar­chist fight­ing the sys­tem. His per­son­al web­site was called thoughtcrime.org—a ref­er­ence to George Orwell’s 1984, which seemed a bit tongue-in-cheek giv­en that he was tak­ing big money—nearly $3 million—from Big Broth­er to devel­op his pri­va­cy app.

Sig­nal was a huge suc­cess. Jour­nal­ists, pri­va­cy activists, and cryp­tog­ra­phers hailed Sig­nal as an indis­pens­able Inter­net pri­va­cy tool. It was a com­ple­ment to Tor in the age of mobile phones. While Tor anonymized brows­ing, Sig­nal encrypt­ed voice calls and text, mak­ing it impos­si­ble for gov­ern­ments to mon­i­tor com­mu­ni­ca­tion. Lau­ra Poitras gave it two secure thumbs up as a pow­er­ful peo­ple’s encryp­tion tool and told every­one to use it every day. Peo­ple at the ACLU claimed that Sig­nal made fed­er­al agents weep. The Elec­tron­ic Fron­tier Foun­da­tion added Sig­nal along­side Tor to its Sur­veil­lance Self-Defense guide. Fight for the Future, a Sil­i­con Val­ley-fund­ed pri­va­cy activist orga­ni­za­tion, described Sig­nal and Tor as “NSA-proof” and urged peo­ple to use them.

Edward Snow­den was the com­bo’s biggest and most famous boost­er and repeat­ed­ly took to Twit­ter to tell his three mil­lion fol­low­ers that he used Sig­nal and Tor every day, and that they should do the same to pro­tect them­selves from gov­ern­ment sur­veil­lance. “Use Tor, Use Sig­nal,” he tweet­ed out.

With endorse­ments like these, Sig­nal quick­ly became the go-to app for polit­i­cal activists around the world. Egypt, Rus­sia, Syr­ia, and even the Unit­ed States—millions down­loaded Sig­nal, and it became the com­mu­ni­ca­tion app of choice for those who hoped to avoid police sur­veil­lance. Fem­i­nist col­lec­tives, anti-Pres­i­dent Don­ald Trump pro­test­ers, com­mu­nists, anar­chists, rad­i­cal ani­mal rights orga­ni­za­tions, Black Lives Mat­ter activists—all flocked to Sig­nal. Many were heed­ing Snow­den’s advice: “Orga­nize. Com­part­men­tal­ize to lim­it com­pro­mise. Encrypt every­thing, from calls to texts (use Sig­nal as a first step.)”

Sil­i­con Val­ley cashed in on OTF’s inter­net Free­dom spend­ing as well. Face­book incor­po­rat­ed Sig­nal’s under­ly­ing encryp­tion pro­to­col into What­sApp, the most pop­u­lar mes­sag­ing app in the world. Google fol­lowed suit, build­ing Sig­nal’s Encryp­tion into its Allo and Duo text and video mes­sag­ing apps. It was a smart move because the praise flowed in. “Allo and Duo’s new secu­ri­ty fea­tures, in oth­er words, are Google’s baby steps towards a ful­ly-encrypt­ed future, into the sort of bold moves to ele­vate pri­va­cy above prof­it or pol­i­tics that some of its com­peti­tors have already tak­en,” wrote Wired’s Andy Green­berg. “But for a com­pa­ny to build on a data col­lec­tion mod­el that’s often fun­da­men­tal­ly opposed to pri­va­cy, baby steps are bet­ter than none at all.”

If you stepped back to sur­vey the scene, the entire land­scape of this new Inter­net Free­dom pri­va­cy move­ment looked absurd. Cold War-era orga­ni­za­tions spun off from the CIA now fund­ing the glob­al move­ment against gov­ern­ment sur­veil­lance? Google and Face­book, com­pa­nies that ran pri­vate sur­veil­lance net­works and worked hand in hand with the NSA, deploy­ing gov­ern­ment-fund­ed pri­va­cy tech to pro­tect their users from gov­ern­ment sur­veil­lance? Pri­va­cy activists work­ing with Sil­i­con Val­ley and the US gov­ern­ment to fight gov­ern­ment surveillance—and with the sup­port of Edward Snow­den him­self? . . . .

. . . . In any event, with sup­port from some­one as cel­e­brat­ed as Edward Snow­den, few had any rea­son to ques­tion why apps like Sig­nal and Tor exist­ed, or what larg­er pur­pose they served. It was eas­i­er and sim­pler to put your trust in app, and to believe in the idea that Amer­i­ca still had a healthy civ­il soci­ety, where peo­ple could come togeth­er to fund tools that coun­ter­vailed the sur­veil­lance pow­er of the state. That suit­ed the spon­sors of Inter­net Free­dom just fine.

After Edward Snow­den, OTF was tri­umphant. It did­n’t men­tion the leak­er by name in its pro­mo­tion­al mate­ri­als, but it prof­it­ed from the cryp­to cul­ture he pro­mot­ed and ben­e­fit­ed from his direct endorse­ment of the cryp­to tools it financed. It boast­ed that its part­ner­ship with both Sil­i­con Val­ley and respect­ed pri­va­cy activists meant that hun­dreds of mil­lions of peo­ple could use the pri­va­cy tools the US gov­ern­ment had brought to mar­ket. And OTF promised that this was just a start: “By lever­ag­ing social net­work effects, we expect to expand to a bil­lion reg­u­lar users tak­ing advan­tage of OTF-sup­port­ed tools and Inter­net Free­dom tech­nolo­gies by 2015. . . .”

3. As even­tu­al­ly became clear, the Tor net­work was eas­i­ly breached. It is a safe bet that the fas­cists grouped around the Pirate Bay site (on which Wik­iLeaks held forth), had breached Tor’s “secre­cy,” in addi­tion to the obvi­ous fact that intel­li­gence ser­vices could pen­e­trate it at will.

With this in mind, John Young’s rumi­na­tion about Wik­iLeaks sound more and more sub­stan­tive.

In all prob­a­bil­i­ty, Wik­iLeaks was a huge data min­ing oper­a­tion both by the very intel­li­gence agen­cies who were osten­si­bly tar­get­ed by Wik­iLeaks, and the Fas­cist Inter­na­tion­al net­work around Carl Lund­strom, Daniel Friberg, David Duke et al.

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 263–265.

. . . . Work­ing under a Pen­ta­gon con­tract, researchers [at Carnegie Mel­lon Uni­ver­si­ty in Penn­syl­va­nia] had fig­ured out a cheap and easy way to crack Tor’s super-secure net­work with just $3,000.00 worth of equip­ment. . . .

. . . . He [Din­gle­dine] accused Carnegie Mel­lon researchers of vio­lat­ing  aca­d­e­m­ic stan­dards for eth­i­cal research by work­ing with law enforce­ment. He then announced that the Tor Project would pub­lish guide­lines for peo­ple who might want to hack or crack Tor for “aca­d­e­m­ic” and “inde­pen­dent research” pur­pos­es in the future but do so in an eth­i­cal man­ner by first obtain­ing con­sent of the peo­ple who were being hacked. . . .

. . . . If it was so frail that it need­ed aca­d­e­m­ic researchers to abide by an eth­i­cal hon­or code to avoid deanonymiz­ing users with­out their con­sent, how could it hold up to the FBI or NSA or the scores of for­eign intel­li­gence agen­cies from Rus­sia to Chi­na to Aus­tralia that might want to punch through its anonymi­ty sys­tems?

In 2015, when I first read these state­ments from the Tor Project, I was shocked. This was noth­ing less than a veiled admis­sion that Tor was use­less at guar­an­tee­ing anonymi­ty and that it required attack­ers to behave “eth­i­cal­ly” in order for it to remain secure. . . .

4. In FTR #‘s 756 and 831 we not­ed Snow­den’s fas­cist views and con­nec­tions. Levine mere­ly char­ac­ter­izes him as a “right-wing lib­er­tar­i­an,” but there is MUCH MORE TO IT THAN  THAT!

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 196–197.

. . . . There he came out as a right-wing lib­er­tar­i­an: he hat­ed the New Deal, want­ed to shrink the gov­ern­ment to the size of a peanut, and believed the state had no right to con­trol the mon­ey sup­ply. He pre­ferred the gold stan­dard. He mocked old peo­ple for need­ing old-age pen­sions. “Some­how, our soci­ety man­aged to make it hun­dreds of years with­out social secu­ri­ty just fine,” he wrote on the forum. “Mag­i­cal­ly the world changed after the new deal, and old peo­ple became made of glass.” He called peo­ple who defend­ed Amer­i­ca’s Social Secu­ri­ty sys­tem “fuck­ing retards.” . . . .

5. Snow­den down­played the fun­da­men­tal role of the Big Tech firms in aid­ing and abet­ting gov­ern­ment sur­veil­lance, in addi­tion to their own mas­sive sur­veil­lance and resul­tant data min­ing. ” . . . . There, while liv­ing under state pro­tec­tion at an undis­closed loca­tion in Moscow, he swept Sil­i­con Val­ley’s role in Inter­net sur­veil­lance under the rug. Asked about it by Wash­ing­ton Post reporter Bar­ton Gell­man, who had first report­ed on the NSA’s PRISM pro­gram, Snow­den shrugged off the dan­ger posed by com­pa­nies like Google and Face­book. The rea­son? Because pri­vate com­pa­nies do not have the pow­er to arrest, jail, or kill peo­ple. ‘Twit­ter does­n’t put war­heads on fore­heads,’ he joked. . . .”

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 199–200.

. . . . There, while liv­ing under state pro­tec­tion at an undis­closed loca­tion in Moscow, he swept Sil­i­con Val­ley’s role in Inter­net sur­veil­lance under the rug. Asked about it by Wash­ing­ton Post reporter Bar­ton Gell­man, who had first report­ed on the NSA’s PRISM pro­gram, Snow­den shrugged off the dan­ger posed by com­pa­nies like Google and Face­book. The rea­son? Because pri­vate com­pa­nies do not have the pow­er to arrest, jail, or kill peo­ple. “Twit­ter does­n’t put war­heads on fore­heads,” he joked. . . .

. . . . Snow­den’s views on pri­vate sur­veil­lance were sim­plis­tic, but they seemed to be in line with his pol­i­tics. He was a lib­er­tar­i­an and believed the utopi­an promise of com­put­er net­works. He believed that the Inter­net was an inher­ent­ly lib­er­at­ing tech­nol­o­gy that, if left alone, would evolve into a force of good in the world. The prob­lem was­n’t Sil­i­con Val­ley; it was gov­ern­ment pow­er. To him, cyn­i­cal intel­li­gence agen­cies like the NSA had warped the utopi­an promise of the Inter­net, turn­ing it into a dystopia where spies tracked our every move and record­ed every­thing we said. He believed the gov­ern­ment was the cen­tral prob­lem and dis­trust­ed leg­isla­tive or polit­i­cal solu­tions to curb sur­veil­lance, which would only involve the gov­ern­ment even more. As it so hap­pened, his line of think­ing tracked per­fect­ly with the antigov­ern­ment pri­va­cy ini­tia­tives that Inter­net com­pa­nies like Google and Face­book had start­ed push­ing to deflect atten­tion from their pri­vate sur­veil­lance prac­tices. . . .

6. Embody­ing his “cor­po­ratist” and Tech­no­crat­ic Fas­cist point of view, Snow­den cham­pi­oned the Big Tech firms as bul­warks against gov­ern­ment Inter­net sur­veil­lance, despite the only-too-obvi­ous fact (rein­forced by the doc­u­ments he leaked) that Big Tech is–and always has been–in bed with, and active­ly col­lab­o­rat­ing with, the very gov­ern­ment intel­li­gence agen­cies con­duct­ing that sur­veil­lance: ” . . . . The only islands of safe­ty were the pri­vate data cen­ters con­trolled by pri­vate companies—Google, Apple, Face­book. These were the cyber-fortress­es and walled cities that offered sanc­tu­ary to the mass­es. In this chaot­ic land­scape, com­put­er engi­neers and cryp­tog­ra­phers played the role of self­less gal­lop­ing knights and wiz­ard-war­riors whose job was to pro­tect the weak folk of the Inter­net: the young, the old and infirm, fam­i­lies. It was their duty to ride out, weapons aloft, and con­vey peo­ple and their pre­cious data safe­ly from fortress to fortress, not let­ting any of the infor­ma­tion fall into the hands of gov­ern­ment spies. He called on them to start a peo­ple’s pri­va­cy war, ral­ly­ing them to go forth and lib­er­ate the Inter­net, to reclaim it from the gov­ern­ments of the world. . . .”

  Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 207–208.

. . . . Snow­den por­trayed the Inter­net as a scary and vio­lent place, a cyber-medieval land­scape filled with roam­ing gov­ern­ment ban­dits, hos­tile armies, and boo­by traps. It was a place where reg­u­lar peo­ple were always at risk. The only islands of safe­ty were the pri­vate data cen­ters con­trolled by pri­vate companies—Google, Apple, Face­book. These were the cyber-fortress­es and walled cities that offered sanc­tu­ary to the mass­es. In this chaot­ic land­scape, com­put­er engi­neers and cryp­tog­ra­phers played the role of self­less gal­lop­ing knights and wiz­ard-war­riors whose job was to pro­tect the weak folk of the Inter­net: the young, the old and infirm, fam­i­lies. It was their duty to ride out, weapons aloft, and con­vey peo­ple and their pre­cious data safe­ly from fortress to fortress, not let­ting any of the infor­ma­tion fall into the hands of gov­ern­ment spies. He called on them to start a peo­ple’s pri­va­cy war, ral­ly­ing them to go forth and lib­er­ate the Inter­net, to reclaim it from the gov­ern­ments of the world. . . .

. . . . Snow­den’s dis­re­gard for polit­i­cal solu­tions and his total trust in the abil­i­ty of tech­nol­o­gy to solve com­plex social prob­lems was­n’t sur­pris­ing. He was sim­ply reaf­firm­ing what he had told jour­nal­ists back in 2013: “Let us speak no more of faith in man, but bind him down from mis­chief by chains of cryp­tog­ra­phy.” . . .

7. The nau­se­at­ing head of Facebook–Mark Zuckerberg–has decried the intel­li­gence com­mu­ni­ty’s use of the Inter­net for data min­ing. In FTR #1077, we high­light­ed the Cam­bridge Ana­lyt­i­ca affair, and Face­book’s full coop­er­a­tion with that project at every turn.

Oth­er Big Tech firms had sim­i­lar reac­tions. “. . . . . ‘We had­n’t even heard of PRISM before yes­ter­day,’ Mark Zucker­berg wrote in a Face­book post. He blamed the gov­ern­ment and posi­tioned Face­book as a vic­tim. “I’ve called Pres­i­dent Oba­ma to express my frus­tra­tion over the dam­age the gov­ern­ment is cre­at­ing for all of our future. Unfor­tu­nate­ly, it seems like it will take a very long time for true full reform.’ Apple,  Microsoft, Google, and Yahoo! All react­ed in much the same way, deny­ing the alle­ga­tions and paint­ing them­selves as the vic­tims of gov­ern­ment over­reach. ‘It’s tremen­dous­ly dis­ap­point­ing that the gov­ern­ment sort of secret­ly did all this stuff and did­n’t tell us. We can’t have a democ­ra­cy if we’re hav­ing to pro­tect you and our users from the gov­ern­ment,’ Lar­ry Page told Char­lie Rose in an inter­view on CBS. . . . .”

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 194–195.

. . . . You did­n’t have to be a tech expert to see that the gov­ern­ment sur­veil­lance on the Inter­net sim­ply could not exist with­out the pri­vate infra­struc­ture and con­sumer ser­vices pro­vid­ed by Sil­i­con Val­ley. Com­pa­nies like Google, Face­book, Yahoo!, eBay and Apple did all the heavy lift­ing: they built the plat­forms that drew in bil­lions of users and col­lect­ed a bog­gling amount of data about them. All that the NSA had to do to get at the data was con­nect a few wires, which the agency did with full coop­er­a­tion and total dis­cre­tion from the com­pa­nies them­selves. . . . .

. . . . . “We had­n’t even heard of PRISM before yes­ter­day,” Mark Zucker­berg wrote in a Face­book post. He blamed the gov­ern­ment and posi­tioned Face­book as a vic­tim. “I’ve called Pres­i­dent Oba­ma to express my frus­tra­tion over the dam­age the gov­ern­ment is cre­at­ing for all of our future. Unfor­tu­nate­ly, it seems like it will take a very long time for true full reform.” Apple,  Microsoft, Google, and Yahoo! All react­ed in much the same way, deny­ing the alle­ga­tions and paint­ing them­selves as the vic­tims of gov­ern­ment over­reach. “It’s tremen­dous­ly dis­ap­point­ing that the gov­ern­ment sort of secret­ly did all this stuff and did­n’t tell us. We can’t have a democ­ra­cy if we’re hav­ing to pro­tect you and our users from the gov­ern­ment,” Lar­ry Page told Char­lie Rose in an inter­view on CBS. . . . .

8. We present the con­clu­sion of the main part of the book, with Levine’s sum­ma­tion of the inex­tri­ca­ble nature and sym­bio­sis between the Inter­net, the tech firms and the so-called “pri­va­cy com­mu­ni­ty.”

The key points of dis­cus­sion and analy­sis of Levine’s book (as a whole) include:

  1. The Inter­net is a weapon, devel­oped for counter-insur­gency pur­pos­es.
  2. Big Tech firms net­work with the very intel­li­gence ser­vices they pub­licly decry.
  3. Big Tech firms that data mine their cus­tomers on a near­ly unimag­in­able scale do so as a direct, oper­a­tional exten­sion of the very sur­veil­lance func­tion upon which  the Inter­net is pred­i­cat­ed.
  4. The tech­nolo­gies tout­ed by the so-called “Pri­va­cy Activists” such as Edward Snow­den and Jacob Apple­baum were devel­oped by the very intel­li­gence ser­vices they are sup­posed to deflect.
  5. The tech­nolo­gies tout­ed by the so-called “Pri­va­cy Activists” such as Edward Snow­den and Jacob Applebaum–such as the Tor Inter­net func­tion and the Sig­nal mobile phone app– are read­i­ly acces­si­ble to the very intel­li­gence ser­vices they are sup­posed to deflect.
  6. The orga­ni­za­tions that pro­mote the alleged virtues of Snow­den, Apple­baum, Tor, Sig­nal et al are linked to the very intel­li­gence ser­vices they would have us believe they oppose.
  7. Big Tech firms embrace “Inter­net Free­dom” as a dis­trac­tion from their own will­ful and all-embrac­ing data min­ing and their ongo­ing con­scious col­lab­o­ra­tion with the very intel­li­gence ser­vices they pub­licly decry.

NB: Mr. Levine does not go into the fascis­tic char­ac­ter of Snow­den, Assange, Green­wald et al. Some of those shows: Green­wald–FTR #888, Snow­den–FTR #‘s 756, 831, Assange and Wik­iLeaks–FTR #‘s 732, 745, 755, 917.

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 266–269.

. . . . Then there was the fact that Sig­nal ran on Ama­zon’s servers, which meant that all its data were avail­able to a part­ner in the NSA’s PRISM sur­veil­lance pro­gram. Equal­ly prob­lem­at­ic, Sig­nal need­ed Apple and Google to install and run the app on peo­ple’s mobile phones. Both com­pa­nies were, and as far as we know still are, part­ners in PRISM as well. “Google usu­al­ly has root access to the phone, there’s the issue of integri­ty,” writes Sander Ven­e­ma, a respect­ed devel­op­er and secure—technology train­er, in a blog post explain­ing why he no longer rec­om­mends peo­ple use Sig­nal for encrypt­ed chat. “Google is still coop­er­at­ing with the NSA and oth­er intel­li­gence agen­cies. PRISM is also still a thing. I’m pret­ty sure that Google could serve a spe­cial­ly mod­i­fied update or ver­sion of Sig­nal to a spe­cif­ic tar­get for sur­veil­lance, and they would be none the wis­er that they installed mal­ware on their phones.”

Equal­ly weird was the way the app was designed to make it easy for any­one mon­i­tor­ing Inter­net traf­fic to flag peo­ple using Sig­nal to com­mu­ni­cate. All that the FBI or, say, Egypt­ian or Russ­ian secu­ri­ty ser­vices had  to do was watch for the mobile phones that pinged a par­tic­u­lar Ama­zon serv­er used by Sig­nal, and it was triv­ial to iso­late activists from the gen­er­al smart­phone pop­u­la­tion. So, although the app encrypt­ed the con­tent of peo­ple’s mes­sages, it also marked them with a flash­ing red sign: “Fol­low Me, I Have Some­thing to Hide.” (Indeed, activists protest­ing at the Demo­c­ra­t­ic Nation­al Con­ven­tion in Philadel­phia in 2016 told me that they were bewil­dered by the fact that police seemed to know and antic­i­pate their every move despite their hav­ing used Sig­nal to orga­nize.

Debate about Sig­nal’s tech­ni­cal design was moot any­way. Snow­den’s leaks showed that the NSA had devel­oped tools that could grab every­thing peo­ple did on their smart­phones, which pre­sum­ably includ­ed text and received by Sig­nal. In ear­ly March, 2017, Wik­iLeaks pub­lished a cache of CIA hack­ing tools that con­firmed the inevitable. The agency worked with the NSA as well as oth­er “cyber arms con­trac­tors” to devel­op hack­ing tools that tar­get­ed smart­phones, allow­ing it to bypass the encryp­tion of Sig­nal and any oth­er encrypt­ed chat apps, includ­ing Face­book’s What­sApp. “The CIA’s Mobile Devices Branch (MDB) devel­oped numer­ous attacks to remote­ly hack and con­trol pop­u­lar smart phones. Infect­ed phones can be instruct­ed to send the CIA the user’s geolo­ca­tion, audio and text com­mu­ni­ca­tions as well as covert­ly acti­vate the phone’s cam­era and micro­phone,” explained a Wik­iLeaks press release. “These tech­niques per­mit the CIA to bypass the encryp­tion of What­sApp, Sig­nal, Telegram, Wiebo, Con­fide and Cloack­man by hack­ing the ‘smart’ phones that they run on and col­lect­ing audio and mes­sage traf­fic before encryp­tion is applied.”

Dis­clo­sure of these hack­ing tools showed that, in the end, Sig­nal’s encryp­tion did­n’t real­ly mat­ter, not when the CIA and NSA owned the under­ly­ing oper­at­ing sys­tem and could grab what­ev­er they want­ed before encryp­tion or obfus­ca­tion algo­rithms were applied. The flaw went beyond Sig­nal and applied to every type of encryp­tion tech­nol­o­gy on every type of con­sumer com­put­er sys­tem. . . .

. . . . Con­vo­lut­ed as the sto­ry may be, US gov­ern­ment sup­port for Inter­net Free­dom and its under­writ­ing of cryp­to cul­ture makes per­fect sense. The Inter­net came out of a 1960s mil­i­tary project to devel­op an infor­ma­tion weapon. It was born out of a need to quick­ly com­mu­ni­cate, process data, and con­trol a chaot­ic world. Today, the net­work is more than a weapon; it is also a field of bat­tle, a place where vital mil­i­tary and intel­li­gence oper­a­tions take place. Geopo­lit­i­cal strug­gle has moved online, and Inter­net Free­dom is a weapon in that fight.

If you take a big-pic­ture view, Sil­i­con Valley’s sup­port for Inter­net Free­dom makes sense as well. Com­pa­nies like Google and Face­book first sup­port­ed it as a part of a geopo­lit­i­cal busi­ness strat­e­gy, a way of sub­tly pres­sur­ing coun­tries that closed their net­works and mar­kets to West­ern tech­nol­o­gy com­pa­nies. But after Edward Snowden’s rev­e­la­tions exposed the industry’s ram­pant pri­vate sur­veil­lance prac­tices to the pub­lic, Inter­net Free­dom offered anoth­er pow­er­ful ben­e­fit.

For years, pub­lic opin­ion has been stacked firm­ly against Sil­i­con Valley’s under­ly­ing busi­ness mod­el. In poll, after poll, a major­i­ty of Amer­i­cans have voiced their oppo­si­tion to cor­po­rate sur­veil­lance and have sig­naled sup­port for increased reg­u­la­tion of the indus­try. This has always been a deal break­er for Sil­i­con Val­ley. For many Inter­net com­pa­nies, includ­ing Google and Face­book, sur­veil­lance is the busi­ness mod­el. It is the base on which their cor­po­rate and eco­nom­ic pow­er rests. Dis­en­tan­gle sur­veil­lance and prof­it, and these com­pa­nies would col­lapse. Lim­it data col­lec­tion, and the com­pa­nies would see investors flee and their stock prices plum­met. [Ital­ics are mine–D.E.]

Sil­i­con Val­ley fears a polit­i­cal solu­tion to pri­va­cy. Inter­net Free­dom and cryp­to offer an accept­able alter­na­tive. Tools like Sig­nal and Tor pro­vide a false solu­tion to the pri­va­cy prob­lem, focus­ing people’s atten­tion on gov­ern­ment sur­veil­lance and dis­tract­ing them from the pri­vate spy­ing car­ried out by the Inter­net com­pa­nies they use every day. All the while, cryp­to tools give peo­ple a [false] sense that they’re doing some­thing to pro­tect them­selves, a feel­ing of per­son­al empow­er­ment and con­trol. And all those cryp­to rad­i­cals? Well, they just enhance the illu­sion, height­en­ing the impres­sion of risk and dan­ger. With Sig­nal or Tor installed, using an iPhone or Android sud­den­ly becomes edgy and rad­i­cal. So instead of push­ing for polit­i­cal and demo­c­ra­t­ic solu­tions to sur­veil­lance, we out­source our pri­va­cy pol­i­tics to cryp­to apps–software made by the very same pow­er­ful enti­ties that these apps are sup­posed to pro­tect us from.

In that sense, Edward Snow­den is like the brand­ed face of an Inter­net con­sumerism-as-rebel­lion lifestyle cam­paign, like the old Apple ad about shat­ter­ing Big Broth­er or the Nike spot set to the Bea­t­les’ “Rev­o­lu­tion.” While Inter­net bil­lion­aires like Lar­ry Page, Sergey Brin, and Mark Zucker­berg slam gov­ern­ment sur­veil­lance, talk up free­dom, and embrace Snow­den and cryp­to pri­va­cy cul­ture, their com­pa­nies still cut deals with the Pen­ta­gon, work with the NSA and CIA, [and com­pa­nies like Cam­bridge Analytica–D.E.] and con­tin­ue to track and pro­file peo­ple for prof­it. It is the same old split-screen mar­ket­ing trick: the pub­lic brand­ing and the behind-the-scenes real­i­ty.

Inter­net Free­dom is a win-win for every­one involved–everyone except reg­u­lar users, who trust their pri­va­cy to dou­ble-deal­ing mil­i­tary con­trac­tors, while pow­er­ful Sur­veil­lance Val­ley cor­po­ra­tions con­tin­ue to build out the old mil­i­tary cyber­net­ic dream of a world where every­one is watched, pre­dict­ed, and con­trolled. . . .

Discussion

2 comments for “FTR #1080 Surveillance Valley, Part 6: Double Agents, Part 2 (Foxes Guarding the Online Privacy Henhouse, Part 3)”

  1. This next arti­cle based on a for­mer Apple sub­con­trac­tor who exposed the pri­va­cy abus­es that are going on with smart­phones. He announced this in a let­ter sent to Euro­pean data pro­tec­tion reg­u­la­tors. He revealed that peo­ple who use Siri would have it acti­vat­ed with­out their per­mis­sion or knowl­edge. It was used to record con­ver­sa­tions and all back­ground infor­ma­tion with who­ev­er was present. This was done with­out the user hav­ing acti­vat­ed Siri or autho­rized this to be done. The infor­ma­tion was tran­scribed. The laws on the books in the EU are not being enforced. He men­tioned that he lis­tened to hun­dreds of con­ver­sa­tions per day and this was done by his col­leagues.

    He also said that the com­pe­ti­tions activ­i­ties were worse because Apple did not link the infor­ma­tion to a spe­cif­ic account, while their com­pe­ti­tion did.

    Apple whistle­blow­er goes pub­lic over ‘lack of action’
    Thomas le Bon­niec says firm vio­lat­ing rights and con­tin­ues mas­sive col­lec­tion of data
    Alex Hern
    @alexhern
    The Guardian, U.K.
    Wed 20 May 2020 00.00 EDT
    Last mod­i­fied on Wed 20 May 2020 00.03 EDT

    A for­mer Apple con­trac­tor who helped blow the whis­tle on the
    company’s pro­gramme to lis­ten to users’ Siri record­ings has decid­ed to go pub­lic, in protest at the lack of action tak­en as a result of the dis­clo­sures.

    In a let­ter announc­ing his deci­sion, sent to all Euro­pean data pro­tec­tion reg­u­la­tors, Thomas le Bon­niec said: “It is wor­ry­ing that Apple (and undoubt­ed­ly not just Apple) keeps ignor­ing and vio­lat­ing fun­da­men­tal rights and con­tin­ues their mas­sive col­lec­tion of data.

    “I am extreme­ly con­cerned that big tech com­pa­nies are basi­cal­ly wire­tap­ping entire pop­u­la­tions despite Euro­pean cit­i­zens being told the EU has one of the strongest data pro­tec­tion laws in the world. Pass­ing a law is not good enough: it needs to be enforced upon pri­va­cy offend­ers.”

    Le Bon­niec, 25, worked as a sub­con­trac­tor for Apple in its Cork offices, tran­scrib­ing user requests in Eng­lish and French, until he quit in the sum­mer of 2019 due to eth­i­cal con­cerns with the work. “They do oper­ate on a moral and legal grey area,” he told the Guardian at the time, “and they have been doing this for years on a mas­sive scale. They should be called out in every pos­si­ble way.”

    Fol­low­ing the rev­e­la­tions of Le Bon­niec and his col­leagues, Apple promised sweep­ing changes to its “grad­ing” pro­gram, which involved thou­sands of con­trac­tors lis­ten­ing to record­ings made, both acci­den­tal­ly and delib­er­ate­ly, using Siri. The com­pa­ny apol­o­gised, brought the work in-house, and promised that it would only grade record­ings from users who had explic­it­ly opt­ed-in to the prac­tice.

    “We realise we have not been ful­ly liv­ing up to our high ideals,” the com­pa­ny said in a state­ment in August. It even­tu­al­ly released a soft­ware update in late Octo­ber that allowed users to opt-in or out of their voice record­ings being used to “improve Siri dic­ta­tion”, and to choose to delete the record­ings that Apple had stored. The com­pa­ny also empha­sised that, unlike its com­pe­ti­tion, Siri record­ings are nev­er linked to a spe­cif­ic Apple account.

    But, Le Bon­niec argues, the com­pa­ny nev­er real­ly faced the con­se­quences for its years-long pro­gramme in the first place.

    “I lis­tened to hun­dreds of record­ings every day, from var­i­ous Apple devices (eg. iPhones, Apple Watch­es, or iPads). These record­ings were often tak­en out­side of any acti­va­tion of Siri, eg in the con­text of an actu­al inten­tion from the user to acti­vate it for a request. These pro­cess­ings were made with­out users being aware of it, and were gath­ered into datasets to cor­rect the tran­scrip­tion of the record­ing made by the device,” he said.

    “The record­ings were not lim­it­ed to the users of Apple devices, but also involved rel­a­tives, chil­dren, friends, col­leagues, and who­ev­er could be record­ed by the device. The sys­tem record­ed every­thing: names, address­es, mes­sages, search­es, argu­ments, back­ground nois­es, films, and con­ver­sa­tions. I heard peo­ple talk­ing about their can­cer, refer­ring to dead rel­a­tives, reli­gion, sex­u­al­i­ty, pornog­ra­phy, pol­i­tics, school, rela­tion­ships, or drugs with no inten­tion to acti­vate Siri what­so­ev­er.

    “These prac­tices are clear­ly at odds with the company’s ‘pri­va­cy-dri­ven’ poli­cies and should be urgent­ly inves­ti­gat­ed by data pro­tec­tion author­i­ties and Pri­va­cy watch­dogs. With the cur­rent state­ment, I want to bring this issue to your atten­tion, and also offer my coop­er­a­tion to pro­vide any ele­ment sub­stan­ti­at­ing these facts. Although this case has already gone pub­lic, Apple has not been sub­ject to any kind of inves­ti­ga­tion to the best of my knowl­edge.”

    https://www.theguardian.com/technology/2020/may/20/apple-whistleblower-goes-public-over-lack-of-action?CMP=Share_iOSApp_Other

    Posted by Mary Benton | May 23, 2020, 12:36 pm
  2. A Pen­ta­gon-relat­ed inter­net mys­tery was revealed last week. It was the kind of reveal that that answered one mys­tery but cre­at­ed a much larg­er mys­tery in the process. A much larg­er mys­tery that includes the mys­tery of why this whole thing was­n’t more mys­te­ri­ous:

    First, here’s an excerpt from an AP arti­cle last week that revealed some infor­ma­tion about a mys­tery that erupt­ed on Inau­gu­ra­tion Day, Jan­u­ary 20: A Flori­da-based com­pa­ny, Glob­al Resource Sys­tems LLC, announced that it was now man­ag­ing a pre­vi­ous­ly idle chunk of the inter­net ‘address space’ (like IP address­es) owned by the US Depart­ment of Defense. About 175 mil­lion inter­net address­es in total, which is about 1/25th (~4%) of the size of the cur­rent inter­net and more inter­net space than Chi­na Tele­com, AT&T or Com­cast. The announce­ment imme­di­ate­ly cre­at­ed the mys­tery of why exact­ly this seem­ing­ly ran­dom com­pa­ny — with no his­to­ry of gov­ern­ment con­tracts — was cho­sen for this job. And more gen­er­al­ly, the mys­tery of what it was that the Pen­ta­gon wants Glob­al Resource Sys­tems to do with all this address space.

    The mys­tery was solved some­what last week when the Pen­ta­gon pro­vid­ed a brief expla­na­tion for what it has in mind for the com­pa­ny. The Pen­ta­gon hopes to “assess, eval­u­ate and pre­vent unau­tho­rized use of DoD IP address space,” accord­ing to the state­ment. It’s a plau­si­ble agen­da item for the Pen­ta­gon since address-space squat­ting is a real issue.

    But the announced expla­na­tion of the Pen­tagon’s intent for this project still does­n’t explain why Glob­al Resource Sys­tems was cho­sen for this job. It’s not just that Glob­al Resource Sys­tems has no track record for this kind of gov­ern­ment work. It turns out the only per­son pub­licly asso­ci­at­ed with the com­pa­ny in the Flori­da busi­ness reg­istry, Ray­mond Sauli­no, does have a his­to­ry of gov­ern­ment con­tract­ing work and it’s a rather inter­est­ing his­to­ry. The kind of inter­est­ing his­to­ry that gives us some clues about the nature of the actu­al work Glob­al Resource Sys­tems will be involved with while man­ag­ing this chunk of the inter­net address space.

    For starters, Sauli­no’s name showed in in 2018 in Neva­da cor­po­rate records as a man­ag­ing mem­ber of a cybersecurity/internet sur­veil­lance equip­ment com­pa­ny called Pack­et Foren­sics. Pack­et Foren­sics had near­ly $40 mil­lion in pub­licly dis­closed fed­er­al con­tracts over the past decade, includ­ing with the FBI and the Pentagon’s Defense Advanced Research Projects Agency (DARPA). So while Glob­al Resource Sys­tems has no his­to­ry of gov­ern­ment con­tract­ing, Sauli­no appears to have quite a bit of expe­ri­ence.

    In 2011, Pack­et Foren­sics and Sauli­no were fea­tured in a Wired sto­ry because the com­pa­ny was sell­ing an appli­ance to gov­ern­ment agen­cies and law enforce­ment that let them spy on people’s web brows­ing using forged secu­ri­ty cer­tifi­cates. So Sauli­no appears to have expe­ri­ence with gov­ern­ment con­tract­ing involv­ing tech­nol­o­gy that allows for web brows­ing spy­ing. That’s the lone per­son pub­licly list­ed in rela­tion to Glob­al Resource Sys­tems, which is rather odd when you think about it. When a long­time col­league at Pack­et Foren­sics, Rod­ney Joffe, was con­tact­ed about Sauli­no, Joffe said he believed Sauli­no was retired. Joffe is chief tech­ni­cal offi­cer at Neustar Inc., which pro­vides inter­net intel­li­gence and ser­vices for major indus­tries.

    It also turns out that Pack­et Foren­sics con­tin­ues to sell “law­ful inter­cept” equip­ment and cur­rent­ly has a DARPA con­tract. That con­tract is described as “har­ness­ing auton­o­my for coun­ter­ing cyber-adver­sary sys­tems.” Con­tract descrip­tion says the project involves inves­ti­gat­ing “tech­nolo­gies for con­duct­ing safe, nondis­rup­tive, and effec­tive active defense oper­a­tions in cyber­space,” than that pro­gram would “inves­ti­gate the fea­si­bil­i­ty of cre­at­ing safe and reli­able autonomous soft­ware agen­cies that can effec­tive­ly counter mali­cious bot­net implants and sim­i­lar large-scale mal­ware.”

    You read that cor­rect­ly: autonomous soft­ware agen­cies that can counter bot­nets and large-scale mal­ware. That’s what Pack­et Foren­sics was con­tract­ed to devel­op for DARPA. It’s a rather intrigu­ing descrip­tion. After all, what exact­ly is that? It’s kind of vague. But as we’ll see, it sure sounds like the idea is to lit­er­al­ly cre­ate antivirus soft­ware that will prop­a­gate itself.
    Now, on the one hand, if you’re deal­ing with a bot­net of mal­ware-infect­ed com­put­ers scat­tered across the inter­net, antivirus soft­ware that can prop­a­gate itself across that mal­ware net­work does make a cer­tain kind of log­i­cal sense. It’s just...well, now you’re antivirus soft­ware is act­ing like a virus It would have to prop­a­gate itself across com­put­ers with­out ask­ing for per­mis­sion first. That’s a virus. A the­o­ret­i­cal­ly benign virus, in this case although the def­i­n­i­tion of ‘benign’ is obvi­ous­ly a mat­ter of inter­pre­ta­tion.

    So the only thing was know about Glob­al Resource Sys­tems is the name a sin­gle guy, Ray­mond Sauli­no. Sauli­no brings us to Pack­et Foren­sics, which recent­ly got a DARPA con­tract to cre­ate virus-like autonomous antivirus soft­ware. Is this the nature of Glob­al Resource Sys­tem­s’s work for the Pen­ta­gon? Devel­op­ing and/or deploy­ing autonomous antivirus soft­ware? Keep in mind that any unau­tho­rized com­put­ers oper­at­ing in the inter­net address space man­aged by Glob­al Resource Sys­tems are tech­ni­cal­ly break­ing the rules of the inter­net. Might that cre­ate a legal loop­hole to allow for the deploy­ment of ‘autonomous soft­ware agen­cies’ on those com­put­ers?

    But the selec­tion of Glob­al Resource Sys­tems for this project gets odd­er: the name is iden­ti­cal to a com­pa­ny pre­vi­ous­ly sued for unfair busi­ness prac­tices in 2006 over mass email spam­ming and was shut down over a decade ago. And both the old and cur­rent incar­na­tions of Glob­al Resource Sys­tems have the same street address. So if Glob­al Resource Sys­tems was set up to be an innocu­ous ran­dom com­pa­ny that does­n’t draw a lot of atten­tion it was pret­ty weird to give it the same name and address of a com­pa­ny charged with unfair busi­ness prac­tices. But that’s what hap­pened for mys­te­ri­ous rea­sons:

    Asso­ci­at­ed Press

    The big Pen­ta­gon inter­net mys­tery now par­tial­ly solved

    By FRANK BAJAK
    April 25, 2021

    BOSTON (AP) — A very strange thing hap­pened on the inter­net the day Pres­i­dent Joe Biden was sworn in. A shad­owy com­pa­ny resid­ing at a shared work­space above a Flori­da bank announced to the world’s com­put­er net­works that it was now man­ag­ing a colos­sal, pre­vi­ous­ly idle chunk of the inter­net owned by the U.S. Depart­ment of Defense.

    That real estate has since more than quadru­pled to 175 mil­lion address­es — about 1/25th the size of the cur­rent inter­net.

    ”It is mas­sive. That is the biggest thing in the his­to­ry of the inter­net,” said Doug Mado­ry, direc­tor of inter­net analy­sis at Ken­tik, a net­work oper­at­ing com­pa­ny. It’s also more than twice the size of the inter­net space actu­al­ly used by the Pen­ta­gon.

    After weeks of won­der by the net­work­ing com­mu­ni­ty, the Pen­ta­gon has now pro­vid­ed a very terse expla­na­tion for what it’s doing. But it has not answered many basic ques­tions, begin­ning with why it chose to entrust man­age­ment of the address space to a com­pa­ny that seems not to have exist­ed until Sep­tem­ber.

    The mil­i­tary hopes to “assess, eval­u­ate and pre­vent unau­tho­rized use of DoD IP address space,” said a state­ment issued Fri­day by Brett Gold­stein, chief of the Pentagon’s Defense Dig­i­tal Ser­vice, which is run­ning the project. It also hopes to “iden­ti­fy poten­tial vul­ner­a­bil­i­ties” as part of efforts to defend against cyber-intru­sions by glob­al adver­saries, who are con­sis­tent­ly infil­trat­ing U.S. net­works, some­times oper­at­ing from unused inter­net address blocks.

    The state­ment did not spec­i­fy whether the “pilot project” would involve out­side con­trac­tors.

    The Pen­ta­gon peri­od­i­cal­ly con­tends with unau­tho­rized squat­ting on its space, in part because there has been a short­age of first-gen­er­a­tion inter­net address­es since 2011; they now sell at auc­tion for upwards of $25 each.

    Mado­ry said adver­tis­ing the address space will make it eas­i­er to chase off squat­ters and allow the U.S. mil­i­tary to “col­lect a mas­sive amount of back­ground inter­net traf­fic for threat intel­li­gence.”

    Some cyber­se­cu­ri­ty experts have spec­u­lat­ed that the Pen­ta­gon may be using the new­ly adver­tised space to cre­ate “hon­ey­pots,” machines set up with vul­ner­a­bil­i­ties to draw hack­ers. Or it could be look­ing to set up ded­i­cat­ed infra­struc­ture — soft­ware and servers — to scour traf­fic for sus­pect activ­i­ty.

    “This great­ly increas­es the space they could mon­i­tor,” said Mado­ry, who pub­lished a blog post on the mat­ter Sat­ur­day.

    What a Pen­ta­gon spokesman could not explain Sat­ur­day is why the Defense Depart­ment chose Glob­al Resource Sys­tems LLC, a com­pa­ny with no record of gov­ern­ment con­tracts, to man­age the address space.

    “As to why the DoD would have done that I’m a lit­tle mys­ti­fied, same as you,” said Paul Vix­ie, an inter­net pio­neer cred­it­ed with design­ing its nam­ing sys­tem and the CEO of Far­sight Secu­ri­ty.

    The com­pa­ny did not return phone calls or emails from The Asso­ci­at­ed Press. It has no web pres­ence, though it has the domain grscorp.com. Its name doesn’t appear on the direc­to­ry of its Plan­ta­tion, Flori­da, domi­cile, and a recep­tion­ist drew a blank when an AP reporter asked for a com­pa­ny rep­re­sen­ta­tive at the office ear­li­er this month. She found its name on a ten­ant list and sug­gest­ed try­ing email. Records show the com­pa­ny has not obtained a busi­ness license in Plan­ta­tion.

    Incor­po­rat­ed in Delaware and reg­is­tered by a Bev­er­ly Hills lawyer, Glob­al Resource Sys­tems LLC now man­ages more inter­net space than Chi­na Tele­com, AT&T or Com­cast.

    The only name asso­ci­at­ed with it on the Flori­da busi­ness reg­istry coin­cides with that of a man list­ed as recent­ly as 2018 in Neva­da cor­po­rate records as a man­ag­ing mem­ber of a cybersecurity/internet sur­veil­lance equip­ment com­pa­ny called Pack­et Foren­sics. The com­pa­ny had near­ly $40 mil­lion in pub­licly dis­closed fed­er­al con­tracts over the past decade, with the FBI and the Pentagon’s Defense Advanced Research Projects Agency among its cus­tomers.

    That man, Ray­mond Sauli­no, is also list­ed as a prin­ci­pal in a com­pa­ny called Tide­wa­ter Laskin Asso­ciates, which was incor­po­rat­ed in 2018 and obtained an FCC license in April 2020. It shares the same Vir­ginia Beach, Vir­ginia, address — a UPS store — in cor­po­rate records as Pack­et Foren­sics. The two have dif­fer­ent mail­box num­bers. Calls to the num­ber list­ed on the Tide­wa­ter Laskin FCC fil­ing are answered by an auto­mat­ed ser­vice that offers four dif­fer­ent options but doesn’t con­nect callers with a sin­gle one, recy­cling all calls to the ini­tial voice record­ing.

    Sauli­no did not return phone calls seek­ing com­ment, and a long­time col­league at Pack­et Foren­sics, Rod­ney Joffe, said he believed Sauli­no was retired. Joffe, a cyber­se­cu­ri­ty lumi­nary, declined fur­ther com­ment. Joffe is chief tech­ni­cal offi­cer at Neustar Inc., which pro­vides inter­net intel­li­gence and ser­vices for major indus­tries, includ­ing telecom­mu­ni­ca­tions and defense.

    In 2011, Pack­et Foren­sics and Sauli­no, its spokesman, were fea­tured in a Wired sto­ry because the com­pa­ny was sell­ing an appli­ance to gov­ern­ment agen­cies and law enforce­ment that let them spy on people’s web brows­ing using forged secu­ri­ty cer­tifi­cates.

    The com­pa­ny con­tin­ues to sell “law­ful inter­cept” equip­ment, accord­ing to its web­site. One of its cur­rent con­tracts with the Defense Advanced Research Projects Agency is for “har­ness­ing auton­o­my for coun­ter­ing cyber-adver­sary sys­tems.” A con­tract descrip­tion says it is inves­ti­gat­ing “tech­nolo­gies for con­duct­ing safe, nondis­rup­tive, and effec­tive active defense oper­a­tions in cyber­space.” Con­tract lan­guage from 2019 says the pro­gram would “inves­ti­gate the fea­si­bil­i­ty of cre­at­ing safe and reli­able autonomous soft­ware agen­cies that can effec­tive­ly counter mali­cious bot­net implants and sim­i­lar large-scale mal­ware.”

    Deep­en­ing the mys­tery is Glob­al Resource Sys­tems’ name. It is iden­ti­cal to that of a firm that inde­pen­dent inter­net fraud researcher Ron Guil­mette says was send­ing out email spam using the very same inter­net rout­ing iden­ti­fi­er. It shut down more than a decade ago. All that dif­fers is the type of com­pa­ny. This one’s a lim­it­ed lia­bil­i­ty cor­po­ra­tion. The oth­er was a cor­po­ra­tion. Both used the same street address in Plan­ta­tion, a sub­urb of Fort Laud­erdale.

    “It’s deeply sus­pi­cious,” said Guil­mette, who unsuc­cess­ful­ly sued the pre­vi­ous incar­na­tion of Glob­al Resource Sys­tems in 2006 for unfair busi­ness prac­tices. Guil­mette con­sid­ers such mas­querad­ing, known as slip-stream­ing, a ham-hand­ed tac­tic in this sit­u­a­tion. “If they want­ed to be more seri­ous about hid­ing this they could have not used Ray Sauli­no and this sus­pi­cious name.”

    Guil­mette and Mado­ry were alert­ed to the mys­tery when net­work oper­a­tors began inquir­ing about it on an email list in mid-March. But almost every­one involved didn’t want to talk about it. Mike Leber, who owns Hur­ri­cane Elec­tric, the inter­net back­bone com­pa­ny han­dling the address blocks’ traf­fic, didn’t return emails or phone mes­sages.

    ...

    ———-

    “The big Pen­ta­gon inter­net mys­tery now par­tial­ly solved” by FRANK BAJAK; Asso­ci­at­ed Press; 04/25/2021

    “The mil­i­tary hopes to “assess, eval­u­ate and pre­vent unau­tho­rized use of DoD IP address space,” said a state­ment issued Fri­day by Brett Gold­stein, chief of the Pentagon’s Defense Dig­i­tal Ser­vice, which is run­ning the project. It also hopes to “iden­ti­fy poten­tial vul­ner­a­bil­i­ties” as part of efforts to defend against cyber-intru­sions by glob­al adver­saries, who are con­sis­tent­ly infil­trat­ing U.S. net­works, some­times oper­at­ing from unused inter­net address blocks.”

    Is the Pen­ta­gon mere­ly hir­ing Glob­al Resource Sys­tems to “assess, eval­u­ate and pre­vent unau­tho­rized use of DoD IP address space” and “iden­ti­fy poten­tial vul­ner­a­bil­i­ties”? Per­haps, but that’s the kind of descrip­tion that could include a lot of dif­fer­ent activ­i­ty. Activ­i­ty that could prob­a­bly include the DARPA con­tract for Ray­mond Sauli­no’s Pack­et Foren­sics to “inves­ti­gate the fea­si­bil­i­ty of cre­at­ing safe and reli­able autonomous soft­ware agen­cies that can effec­tive­ly counter mali­cious bot­net implants and sim­i­lar large-scale mal­ware”:

    ...
    What a Pen­ta­gon spokesman could not explain Sat­ur­day is why the Defense Depart­ment chose Glob­al Resource Sys­tems LLC, a com­pa­ny with no record of gov­ern­ment con­tracts, to man­age the address space.

    ...

    The only name asso­ci­at­ed with it on the Flori­da busi­ness reg­istry coin­cides with that of a man list­ed as recent­ly as 2018 in Neva­da cor­po­rate records as a man­ag­ing mem­ber of a cybersecurity/internet sur­veil­lance equip­ment com­pa­ny called Pack­et Foren­sics. The com­pa­ny had near­ly $40 mil­lion in pub­licly dis­closed fed­er­al con­tracts over the past decade, with the FBI and the Pentagon’s Defense Advanced Research Projects Agency among its cus­tomers.

    That man, Ray­mond Sauli­no, is also list­ed as a prin­ci­pal in a com­pa­ny called Tide­wa­ter Laskin Asso­ciates, which was incor­po­rat­ed in 2018 and obtained an FCC license in April 2020. It shares the same Vir­ginia Beach, Vir­ginia, address — a UPS store — in cor­po­rate records as Pack­et Foren­sics. The two have dif­fer­ent mail­box num­bers. Calls to the num­ber list­ed on the Tide­wa­ter Laskin FCC fil­ing are answered by an auto­mat­ed ser­vice that offers four dif­fer­ent options but doesn’t con­nect callers with a sin­gle one, recy­cling all calls to the ini­tial voice record­ing.

    Sauli­no did not return phone calls seek­ing com­ment, and a long­time col­league at Pack­et Foren­sics, Rod­ney Joffe, said he believed Sauli­no was retired. Joffe, a cyber­se­cu­ri­ty lumi­nary, declined fur­ther com­ment. Joffe is chief tech­ni­cal offi­cer at Neustar Inc., which pro­vides inter­net intel­li­gence and ser­vices for major indus­tries, includ­ing telecom­mu­ni­ca­tions and defense.

    In 2011, Pack­et Foren­sics and Sauli­no, its spokesman, were fea­tured in a Wired sto­ry because the com­pa­ny was sell­ing an appli­ance to gov­ern­ment agen­cies and law enforce­ment that let them spy on people’s web brows­ing using forged secu­ri­ty cer­tifi­cates.

    The com­pa­ny con­tin­ues to sell “law­ful inter­cept” equip­ment, accord­ing to its web­site. One of its cur­rent con­tracts with the Defense Advanced Research Projects Agency is for “har­ness­ing auton­o­my for coun­ter­ing cyber-adver­sary sys­tems.” A con­tract descrip­tion says it is inves­ti­gat­ing “tech­nolo­gies for con­duct­ing safe, nondis­rup­tive, and effec­tive active defense oper­a­tions in cyber­space.” Con­tract lan­guage from 2019 says the pro­gram would “inves­ti­gate the fea­si­bil­i­ty of cre­at­ing safe and reli­able autonomous soft­ware agen­cies that can effec­tive­ly counter mali­cious bot­net implants and sim­i­lar large-scale mal­ware.”
    ...

    And then there’s the mys­tery of why Glob­al Resource Sys­tems was giv­en the name and address of a com­pa­ny charged with unfair busi­ness prac­tices. It’s like they were try­ing to cre­ate a ker­fuf­fle. Or just got real­ly lazy:

    ...
    Deep­en­ing the mys­tery is Glob­al Resource Sys­tems’ name. It is iden­ti­cal to that of a firm that inde­pen­dent inter­net fraud researcher Ron Guil­mette says was send­ing out email spam using the very same inter­net rout­ing iden­ti­fi­er. It shut down more than a decade ago. All that dif­fers is the type of com­pa­ny. This one’s a lim­it­ed lia­bil­i­ty cor­po­ra­tion. The oth­er was a cor­po­ra­tion. Both used the same street address in Plan­ta­tion, a sub­urb of Fort Laud­erdale.

    “It’s deeply sus­pi­cious,” said Guil­mette, who unsuc­cess­ful­ly sued the pre­vi­ous incar­na­tion of Glob­al Resource Sys­tems in 2006 for unfair busi­ness prac­tices. Guil­mette con­sid­ers such mas­querad­ing, known as slip-stream­ing, a ham-hand­ed tac­tic in this sit­u­a­tion. “If they want­ed to be more seri­ous about hid­ing this they could have not used Ray Sauli­no and this sus­pi­cious name.”

    Guil­mette and Mado­ry were alert­ed to the mys­tery when net­work oper­a­tors began inquir­ing about it on an email list in mid-March. But almost every­one involved didn’t want to talk about it. Mike Leber, who owns Hur­ri­cane Elec­tric, the inter­net back­bone com­pa­ny han­dling the address blocks’ traf­fic, didn’t return emails or phone mes­sages.
    ...

    And that’s why we can only report that this mys­tery has been par­tial­ly solved. We know at least have an offi­cial expla­na­tion from the Pen­ta­gon. An offi­cial expla­na­tion that does­n’t actu­al­ly explain what it is that Glob­al Resource Sys­tems is going to be work­ing on or why it was hired in the first place. But at least we have enough clues now to get a vague idea of what Glob­al Resource Sys­tems might be work­ing on: autonomous (viral) antivi­ral soft­ware. It’s a fas­ci­nat­ing con­cept and obvi­ous­ly a poten­tial pri­va­cy night­mare. After all, once you start going down the path of autonomous antivirus soft­ware that can prop­a­gate itself from com­put­er to com­put­er, you’re just one step removed from autonomous antivirus soft­ware that can pre­emp­tive­ly prop­a­gate itself from com­put­er to com­put­er with­out ask­ing. Might that be what Glob­al Resource Sys­tems is actu­al­ly work­ing on? Well, if so, it’s worth not­ing that the Snow­den doc­u­ments actu­al­ly talked about devel­op­ing exact­ly that kind of tech­nol­o­gy:

    The Verge

    Leaked Snow­den doc­u­ments detail NSA’s plans for ‘mil­lions’ of mal­ware attacks

    By Adi Robert­son
    Mar 12, 2014, 10:36am EDT

    Over the past months, leaked doc­u­ments from the NSA, GCHQ, and oth­er agen­cies have shed light on efforts to dra­mat­i­cal­ly scale the process of putting mal­ware on tar­gets’ com­put­ers. At The Inter­cept, Glenn Green­wald and Ryan Gal­lagher have pub­lished more details about how these pro­grams work, and what tools oper­a­tives use to com­pro­mise secu­ri­ty — whether that’s by hack­ing routers or imper­son­at­ing Face­book. A pro­gram known as TURBINE, first revealed last year, is meant to dra­mat­i­cal­ly speed the process: one doc­u­ment says it will “allow the cur­rent implant net­work to scale to large size (mil­lions of implants) by cre­at­ing a sys­tem that does auto­mat­ed con­trol implants by groups instead of indi­vid­u­al­ly.

    The group behind TURBINE, known as the NSA’s Tai­lored Access Oper­a­tions (TAO) divi­sion, gath­ers infor­ma­tion on spe­cif­ic tar­gets, but Green­wald and secu­ri­ty experts wor­ry that a large, auto­mat­ed sys­tem makes the sur­veil­lance process too pain­less and open to abuse. The scal­ing process, accord­ing to Green­wald, start­ed in 2004, when the NSA oper­at­ed only 100 to 150 soft­ware implants. The num­ber of implants used in the years between 2010 to 2012, by con­trast, is described as num­ber­ing in the tens of thou­sands. The doc­u­ments revealed in this report appear to be most­ly from 2009.

    ...

    ———–

    “Leaked Snow­den doc­u­ments detail NSA’s plans for ‘mil­lions’ of mal­ware attacks” by Adi Robert­son; The Verge; 03/12/2014

    “...A pro­gram known as TURBINE, first revealed last year, is meant to dra­mat­i­cal­ly speed the process: one doc­u­ment says it will “allow the cur­rent implant net­work to scale to large size (mil­lions of implants) by cre­at­ing a sys­tem that does auto­mat­ed con­trol implants by groups instead of indi­vid­u­al­ly.””

    Large scale implants of mal­ware via auto­mat­ed con­trol implants. That sure sounds like the basis for the cre­ation of “safe and reli­able autonomous soft­ware agen­cies that can effec­tive­ly counter mali­cious bot­net implants and sim­i­lar large-scale mal­ware.” Is Glob­al Resource Sys­tems devel­op­ing an off­shoot of project TURBINE? It sure sounds plau­si­ble based on what we’ve been told (and haven’t been told). There’s clear­ly an inter­est in this tech­nol­o­gy. For exam­ple, here’s an announce­ment from 2018 about DARPA con­tracts for the Har­ness­ing Auton­o­my for Coun­ter­ing Cyber-adver­sary Sys­tems (HACCS) pro­gram. What does the HACCS pro­gram devel­op? Accord­ing to the announce­ment, the pro­gram would seek “the abil­i­ty to find and elim­i­nate sophis­ti­cat­ed cyber secu­ri­ty threats in a scal­able, time­ly, safe, and reli­able man­ner, while main­tain­ing pri­va­cy and oth­er legal safe­guards — even if the own­ers of bot­net-con­script­ed net­works are unaware of the infec­tion and are not par­tic­i­pat­ing in neu­tral­iza­tion.In oth­er words, it was a DARPA pro­gram on how to devel­op a legal antivi­ral virus:

    Mil­i­tary & Aero­space Elec­tron­ics

    DARPA hires two trust­ed com­put­ing com­pa­nies to devise cyber secu­ri­ty for net­work bot­net attacks

    ARLINGTON, Va. – U.S. mil­i­tary trust­ed com­put­ing researchers are look­ing to two U.S. cyber secu­ri­ty com­pa­nies to find ways to iden­ti­fy and elim­i­nate bot­net, large-scale mal­ware, and oth­er cyber secu­ri­ty threats from com­pro­mised mil­i­tary devices and net­works.

    John Keller
    Apr 6th, 2018

    ARLINGTON, Va. – U.S. mil­i­tary trust­ed com­put­ing researchers are look­ing to two U.S. cyber secu­ri­ty com­pa­nies to find ways to iden­ti­fy and elim­i­nate bot­net, large-scale mal­ware, and oth­er cyber secu­ri­ty threats from com­pro­mised mil­i­tary devices and net­works.

    Offi­cials of the U.S. Defense Advanced Research Projects Agency (DARPA) this week announced con­tracts to Sotera Defense Solu­tions Inc. in Hern­don, Va., and to Aarno Labs LLC in Cam­bridge, Mass., for the Har­ness­ing Auton­o­my for Coun­ter­ing Cyber-adver­sary Sys­tems (HACCS) pro­gram.

    HACCS seeks the abil­i­ty to find and elim­i­nate sophis­ti­cat­ed cyber secu­ri­ty threats in a scal­able, time­ly, safe, and reli­able man­ner, while main­tain­ing pri­va­cy and oth­er legal safe­guards — even if the own­ers of bot­net-con­script­ed net­works are unaware of the infec­tion and are not par­tic­i­pat­ing in neu­tral­iza­tion.

    Sotera won a $7.3 DARPA HACCS con­tract on Thurs­day, and Aarno Labs won a $6.5 mil­lion HACCS con­tract on Mon­day. In the HACCS pro­gram, Sotera and Aarno Labs will inves­ti­gate cre­at­ing safe and reli­able autonomous agents to counter var­i­ous types of mali­cious bot­net implants and sim­i­lar large-scale mal­ware.

    The com­pa­nies will devel­op the tech­niques and soft­ware nec­es­sary to mea­sure the accu­ra­cy of iden­ti­fy­ing bot­net-infect­ed net­works, the accu­ra­cy of iden­ti­fy­ing the type of devices resid­ing in a net­work, and the sta­bil­i­ty of poten­tial access vec­tors.

    Sotera and Aarno Labs also will mea­sure the effec­tive­ness of deny­ing, degrad­ing, and dis­rupt­ing bot­nets and indi­vid­ual bot­net implants with­out affect­ing the sys­tems and net­works where they reside.

    Mali­cious actors can pen­e­trate and use with impuni­ty large num­bers of devices owned and oper­at­ed by third par­ties, DARPA offi­cials say. Such col­lec­tions of com­pro­mised devices, com­mon­ly referred to as bot­nets, are used for crim­i­nal, espi­onage, and com­put­er net­work attack pur­pos­es — some­times all three.

    Recent exam­ples of bot­nets and self-prop­a­gat­ing mal­code include Mirai, Hid­den Cobra, Wan­naCry, and Petya/NotPetya. The scale of their poten­tial and actu­al­ized effects make such mal­ware a nation­al secu­ri­ty threat. Yet improv­ing the secu­ri­ty pos­ture of U.S. mil­i­tary net­works alone is insuf­fi­cient to counter such threats, DARPA offi­cials say. Cur­rent inci­dent response meth­ods are too resource- and time-con­sum­ing to address the prob­lem at scale.

    Active defense meth­ods are insuf­fi­cient­ly pre­cise and pre­dictable in their behav­ior, pos­ing a risk that the “fix” may cause pro­cess­ing issues or oth­er side effects. This is where the HACCS pro­gram comes in.

    HACCS con­trac­tors Sotera and Aarno Labs will iden­ti­fy and fin­ger­print not only bot­net-con­script­ed net­works to deter­mine the pres­ence of bot­net implants, but also the num­ber and types of devices present on said net­works, and the soft­ware ser­vices run­ning on these devices.

    The com­pa­nies will gen­er­ate non-dis­rup­tive soft­ware exploits for many known vul­ner­a­bil­i­ties that could estab­lish ini­tial pres­ence in each bot­net-con­script­ed net­work with­out affect­ing legit­i­mate sys­tem func­tion­al­i­ty.

    In addi­tion, the com­pa­nies will cre­ate soft­ware agents that autonomous­ly nav­i­gate with­in bot­net-con­script­ed net­works, iden­ti­fy bot­net implants, and neu­tral­ize them or oth­er­wise cur­tail their abil­i­ty to oper­ate, while min­i­miz­ing net­work side effects.

    ...

    ———–

    “DARPA hires two trust­ed com­put­ing com­pa­nies to devise cyber secu­ri­ty for net­work bot­net attacks” by John Keller; Mil­i­tary & Aero­space Elec­tron­ics; 04/06/2018

    “HACCS seeks the abil­i­ty to find and elim­i­nate sophis­ti­cat­ed cyber secu­ri­ty threats in a scal­able, time­ly, safe, and reli­able man­ner, while main­tain­ing pri­va­cy and oth­er legal safe­guards — even if the own­ers of bot­net-con­script­ed net­works are unaware of the infec­tion and are not par­tic­i­pat­ing in neu­tral­iza­tion.

    This sure sounds a lot like the Pack­et Foren­sics DARPA con­tract. But with more details. Details like the fact that this autonomous soft­ware is intend­ed to be run on the com­put­ers of unwit­ting bot­net vic­tims with­out them being aware any of this is hap­pen­ing. And note the lan­guage used to describe how this autonomous antivirus soft­ware will be deployed: non-dis­rup­tive soft­ware exploits for many known vul­ner­a­bil­i­ties will be used to estab­lish the ini­tial pres­ence on the bot­net-infect­ed net­work (where the soft­ware will pro­ceed to cat­a­logue all the devices on the net­work and what soft­ware its run­ning). In oth­er words, they’re going to hack into these already-hacked net­works. All very inno­cent­ly and benign­ly, of course. It’s a remind­ing that the con­cept of the autonomous antivirus virus a includes the idea that this autonomous soft­ware has robust built-in hack­ing capa­bil­i­ties. Oth­er­wise how is it sup­posed to prop­a­gate itself oth­er­wise?

    ...
    Active defense meth­ods are insuf­fi­cient­ly pre­cise and pre­dictable in their behav­ior, pos­ing a risk that the “fix” may cause pro­cess­ing issues or oth­er side effects. This is where the HACCS pro­gram comes in.

    HACCS con­trac­tors Sotera and Aarno Labs will iden­ti­fy and fin­ger­print not only bot­net-con­script­ed net­works to deter­mine the pres­ence of bot­net implants, but also the num­ber and types of devices present on said net­works, and the soft­ware ser­vices run­ning on these devices.

    The com­pa­nies will gen­er­ate non-dis­rup­tive soft­ware exploits for many known vul­ner­a­bil­i­ties that could estab­lish ini­tial pres­ence in each bot­net-con­script­ed net­work with­out affect­ing legit­i­mate sys­tem func­tion­al­i­ty.

    In addi­tion, the com­pa­nies will cre­ate soft­ware agents that autonomous­ly nav­i­gate with­in bot­net-con­script­ed net­works, iden­ti­fy bot­net implants, and neu­tral­ize them or oth­er­wise cur­tail their abil­i­ty to oper­ate, while min­i­miz­ing net­work side effects.
    ...

    Is this the future of the bat­tle against virus­es? Keep in mind that this is all kind of the log­i­cal end of the cur­rent dig­i­tal pri­va­cy conun­drum: hav­ing the NSA pre­emp­tive­ly infect every­one’s com­put­ers with autonomous net­works of antivirus virus­es locked in a per­pet­u­al bat­tle with all the oth­er virus­es. A log­i­cal end that basi­cal­ly includes the end of what­ev­er sem­blance of dig­i­tal pri­va­cy that remains. It’s not a great thought but let’s not pre­tend there are easy answers here.

    So we’ll see how well cre­at­ing autonomous super-hack­er soft­ware enti­ties that can auto-hack their way across the inter­net turns out. Autonomous super-hack­er soft­ware autonomous­ly work­ing for the greater good, so there should prob­a­bly be noth­ing to wor­ry about. That’s how these things work, right?

    Posted by Pterrafractyl | May 1, 2021, 4:24 pm

Post a comment