Spy-funded privacy tools (like Signal and Tor) are not going to protect us from President Trump
by Yasha Levine
Originally published on Pando.com on November 28, 2016.
America’s in total turmoil following Donald Trump’s victory.
Nazis and white supremacists are suddenly in vogue, getting magazine profiles and primetime TV spots. Bernie supporters are nervously rejoicing — setting sights on taking over the Democratic Party, while waiting for blacklists and payback.
Sad to say, but most of my journalist colleagues are in total meltdown mode. Caught completely off-guard, they’re blaming everything from fake news to Facebook to Macedonian teenager-entrepreneurs and nursing wild theories about an underhanded plot by the Russians to hack voting machines via infected USB dongles.
Meanwhile, lots of people seem to think that Trump’s victory represents some kind of unique evil that has put America on fast track to becoming Nazi Germany — forgetting our country’s long and dark history of normalizing eugenicists, white supremacists and outright Nazis for political ends. Look no further than Ukraine, welfare reform and libertarians, just to name a few. And Trump’s cabinet picks are bearing this continuity out: more and more, his is shaping up to be a Charles Koch administration — you know, the richest man in the world, who just so happens to fund white supremacists and Holocaust deniers.
The crypto community’s not letting a good crisis go to waste. Our foremost privacy experts have seized on people’s fears and have been churning out articles and how-to guides urging us to immediately encrypt our digital lives in order protect ourselves from what they say will be a Totalitarian Trump presidency.
“With Trump eager to misuse his power and get revenge on his perceived enemies, it’s reasonable to conclude there will be a parallel increase in abuse of power in law enforcement and the intelligence community,” wrote Micah Lee, a technologist at The Intercept, owned by eBay billionaire Pierre Omidyar. “Activists who put their bodies on the line trying to protect basic rights — freedom of religion, freedom of speech, civil rights, reproductive rights, voting rights, privacy rights — will face the brunt of it.”
That sounds like a nightmare. And what’s the Intercept’s solution to the Trump menace? Lee says there’s only one thing to do: encrypt your computers and smartphones, host your websites in the dark web, browse the Internet using Tor and communicate via Signal. In fact, he lashed together a longwinded, five-page guide on the exact grassroots privacy tech people need to use to safeguard their cyber property:
“Surveillance Self-Defense Against the Trump Administration.”
“…you should get everyone in your activist Facebook groups to switch to an end-to-end encrypted group-messaging app, such as Signal, WhatsApp…”
“Everyone in your group will need to use Tor Browser…”
Lee’s post was shared thousands of times on Twitter and Facebook. And his wasn’t the only one. Reddit, Facebook, Twitter and Medium are awash with news articles and guides telling people to protect themselves using Tor and Signal. Even Edward Snowden chimed in via video link at the Real Future Fair in Oakland last week to tell people political struggle won’t be enough to stop Trump’s totalitarianism and that encryption was the answer.
“If you want to build a better future, you’re going to have to do it yourself. Politics will take us only so far … Law is simply letters on a page,” Ed told the conference, as reported by Matt Novak. “Technology works differently than law. Technology knows no jurisdiction.” He then added: “use Signal.”
Yep, forget collective action, forget politics. Use encryption apps. Tech trumps everything in our fight for collective freedom.
Those who’ve followed my reporting on the Tor Project and the Internet Freedom movement know I think this advice isn’t just ridiculous and dishonest, it’s downright dangerous — dangerous because it puts in harm’s way the very people that these encryption and privacy apps are supposed to protect.
The reason is simple, and can’t be repeated often enough: most of today’s “grassroots” privacy technology pushed by privacy activists like Lee and Snowden were created and continue to be controlled by the very same U.S. military-intelligence apparatus these apps are supposed to shield us from. I’m talking about the Pentagon (including the NSA), the State Department and several CIA spinoff outfits that had been covertly set up during the Cold War. In short, these tools are a part of the very same state apparatus that will in just a few months be under the control of President Donald Trump.
If this all sounds like a whack job conspiracy theory to you, then you’re in for a rude awakening.
Let’s start with Tor.
Tor went mainstream in 2013, after Edward Snowden popped up on the scene. He was a huge fan! His loyalty on full display in the first pictures that emerged while he was in hiding in Hong Kong: a big fat Tor sticker on his black laptop. After fleeing to Russia, he explained that Tor was central to what he did, allowing him to exfiltrate documents under the nose of the NSA. He also said Tor was good for more than just protecting leakers and whistleblowers. He described it as the best weapon people have to protect themselves against Internet surveillance. “Without Tor, the streets of the Internet become like the streets of a very heavily surveilled city,” he explained.
But there is something about Tor that Snowden held back from his fans.
Tor is made by the Tor Project, a nonprofit based in Cambridge, Massachusetts. It is an Internet anonymity app that runs on your computer and hides your identity as you browse the Internet. It can also run Internet servers and make them accessible through the dark web. In fact, the “dark web” almost exclusively runs on Tor, making the service an integral part of a global network of illegal drug marketplaces, child sex abuse pornography communities, ISIS hangout spots and at least on crypto literary journal. The spooky thing about Tor wasn’t that it allowed all this bad stuff to take place online, but that it was almost entirely funded by the U.S. government.
Tor was initially developed by military researchers in the mid-1990s at the U.S. Naval Laboratory in Washington D.C. It was spun off as a quasi-independent nonprofit in 2004 but continued to receive most of its funding through contracts coming from three branches of the U.S. National Security State: the U.S. Navy, the State Department and the Broadcasting Board of Governors, an old CIA spinoff set up during the Cold War to wage psychological warfare and regime change ops against countries deemed hostile to U.S. security and economic interests. To date, Tor has received over $10 million in federal contracts. It even has its own federal contractor number. (For funding details see here, here and here.)
So why would the U.S. National Security State fund an app designed to thwart its own power? Well, that’s a long story and fascinating story — one that I’m addressing at length in my upcoming book “Surveillance Valley.” But the quick answer is that Tor was created not to thwart American power, but to enhance and multiply it.
Tor was developed by the U.S. Navy as a way of getting around the problem of the open nature of Internet communication, which allows anyone watching network traffic — ISPs, Google, spies — to see where you are coming from and where you are going. Imagine a CIA agent trying to log into their mail.cia.gov account while under cover in a hotel in Ankara. Whoever was monitoring the spy’s connection would immediately blow their cover. Internet architecture posed a problem for spies and Tor was one of the solutions: It could hide where you’ve coming from and where you are going on the Internet by bouncing your connections around several nodes and obscuring your identity. The only problem was that if only U.S. spies and agents used this system, then it’s would have been very obvious that anyone connecting to Tor was a spook. So in order for Tor to truly work, it needed to be opened up to as many people as possible: not just spies but soccer moms, drug dealers, terrorists, paranoid kids, activists, credit card scammers, Russian spies — anybody. The bigger the crowd Tor had, the better it could hide the spies used it. That’s why Tor was spun off from the U.S. Navy and became a non-profit organization, but was still actively used by the Pentagon, as well as the FBI.
As Tor matured, America’s foreign policy apparatus found another use for its anonymity technology: regime change.
America runs a sprawling foreign propaganda operation that blankets much of the world. Satellite, television and radio transmissions beamed to Latin America, Asia, the Middle East and Eastern Europe — targeting countries deemed hostile to U.S. interests: Russia, China, Cuba, Iran, Vietnam, North Korea, Venezuela. The idea behind it is the same thing that the U.S. and Europe now accuse Russia of doing: sponsoring news — some of it objective and very good, lots of it ideologically distorted or simply fabricated — as part of a destabilization and psychological warfare campaign. America has been doing this non-stop for more than half a century, using propaganda to complement grand plans of regime change.
During the Cold War, this propaganda was delivered mostly by radio through outfits like Radio Free Europe, Radio Liberty, Radio Free Asia — all of which were first set up and covertly run by the CIA. In the 2000s, the U.S. government began to use the Internet for these propaganda efforts. After the collapse of the Soviet Union a big focus was on China, so Radio Free Asia was brought back from the dead and began to use the Internet. But China simply blocked the IP addresses of Radio Free Asia’s websites. It was a pretty simple fix from China’s perspective. So the U.S. government needed a technology that could help the Chinese people to get around this censorship, and Tor offered the best solution.
That’s when Tor started getting funding from the Broadcasting Board of Governors, which is an umbrella federal agency that oversees all of America’s foreign propaganda operations. While one part of the U.S. military-intelligence apparatus used it to hide their tracks online, another part started using it like a crowbar to pry open national firewalls that prevented American propaganda from coming into countries like China and Iran. From then on, Tor became a foreign policy weapon, a soft power cyber weapon.
Today, Tor is private in name only. It's a federal weapons contractor with its own federal contractor number and gets the bulk of its budget via contracts from various wings of the U.S. National Security State: the State Department, the Pentagon and the U.S. Navy and several CIA spinoffs, including the Broadcasting Board of Governors and Radio Free Asia.
Does Tor work? Don’t get your hopes up. Tor is a bit of a boondoggle. It’s almost completely useless in countries like China or Iran that actively try to block it. As for protecting people in the United States from their own government? Well, the ACLA, EFF and even Edward Snowden champion it as the most powerful anonymity tool on the Internet. That may be true, but being the most powerful tool does not necessarily make it secure against the U.S. National Security State. As Tor developer Mike Perry admitted a few years back, Tor is not at all effective against powerful, organized “adversaries” (aka governments like the United States) that are capable monitoring huge swaths of the Internet. “Extremely well funded adversaries that are able to observe large portions of the Internet can probably break aspects of Tor and may be able to deanonymize users,” he wrote.
And Tor’s been battered in a bad way in recent years — with so many holes poked in it that it now looks like a log of Swiss cheese. Front and center: a small group of researchers at Carnegie Mellon University had figured out a cheap and easy way to crack Tor’s super-secure network with just $3,000 worth of computer equipment. The method was then used by the FBI to mount an international raid that punched holes in Tor’s defenses and shutdown several hundred anonymous drug and kiddie porn markets.
There is one thing Tor does really well: it concentrates everyone who has something to hide on its network. According to documents leaked by Edward Snowden, this is the exact reason why the NSA does not want to spook people away from Tor. It is also a reason why the NSA, along with the GCHQ, run their own Tor nodes.
In short: if you’re looking to score a few grams of coke online, Tor might shield you from the FBI and DEA — but only because they have bigger suckers to bust. But if your political activities are in any way perceived as a threat by the powers that be — well, I wouldn’t trust Tor if I were you.
Despite all this, Tor is still being pushed by the likes of the Intercept and all sorts of well-meaning organizations. For instance, here is a DIY guide to feminist cybersecurity: “If you are ever in a position where you absolutely NEED to be anonymous, be it for safety or political reasons, then you need to use the Tor network.”
Yeah, good luck with that.
Signal is an encrypted chat app you can download for use on your Android and iPhone. Like Tor, it went mainstream largely thanks to Edward Snowden. Ed made the NSA’s surveillance of the Internet a global concern and offered Signal as the best, free and easy-to-use tool people could use to encrypt themselves against the NSA menace.
“Use anything by Open Whisper Systems,” Snowden told his followers, referring to the outfit that makes Signal.
Snowden isn’t Signal’s only celebrity endorsement. Laura Poitras is a huge fan, telling anyone who will listen: “Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.” Other Signal boosters include respected encryption experts like Bruce Schneier and Matt Green. You can find most of these endorsements right there on Open Whisper System’s homepage. Without a doubt, Signal is hugely popular in the privacy world — so popular that Facebook even integrated it into WhatsApp’s encrypted chat mode.
As a result of all this promotion, Signal has become the communication app of choice for political activists and protesters — from the Black Lives Matter movement to people currently organizing the national #J20 anti-Trump strike planned for January 20th, Inauguration Day.
And why not use Signal, right?
Here’s the problem: Signal was created by the same spooky regime change outfits that fund the Tor Project. The money primarily comes through the federal government’s premier Internet Freedom venture capital outfit: Open Technology Fund, which works closely with the State Department’s regime change arm and is funded through several layers of Cold War CIA cutouts — including Radio Free Asia and the Broadcasting Board of Governors.
So what’s Signal story?
Here’s a quick rundown: The encrypted chat app — which can be downloaded from Apple and Google’s stores for free — is built by Open Whisper Systems (aka Quiet Riddle Ventures), an opaque for-profit organization run by Moxie Marlinspike (not his real name). Marlinspike likes to keep the details of his biography wrapped in mystery. He poses as an anti-government radical in the mold of Jacob Appelbaum, who selflessly works for the greater good, risking life and freedom building super-secure communication technology powerful enough to stand to the National Security Agency. It’s a nice story. The reality is something different: Marlinspike made a bunch of money selling his previous encryption startup to Twitter in 2011. Right after that, he began partnering with America’s soft-power regime change apparatus — including the State Department and the Broadcasting Board of Governors — which led to them funding his next venture: a suite of encrypted chat and voice mobile apps. Signal is a direct result of this project.
You won’t find it anywhere on Open Whisper System’s website, but Signal depends on NatSec cash for continued survival. Exactly how much cash is hard to gauge, as Open Whisper System refuses to disclose its financing structure. But if you tally up documents released by Radio Free Asia’s Open Technology Fund, we know Marlinspike’s outfit received $2.26 million in the span of the past three years — not exactly pocket change. And the NatSec cashflow shows no sign of ending.
Signal, like Tor, is bankrolled by the soft-power wing of the U.S. National Security State as part of a larger “Internet Freedom” initiative — an attempt to leverage the Internet and digital communication tools as a compliment to more traditional elements of psychological warfare and regime change ops. The ideas behind “Internet Freedom” go back to the origins of the commercial Internet, but they began to be implemented in earnest during President Barack Obama’s first term — led by Hillary Clinton’s State Department.
Hillary Clinton isn’t too Internet savvy, but she surrounded herself by a bunch of gee-whiz cyber-democracy advisors who were sold on the idea that the Internet is a magic technology that transforms everyone that comes in contact with it into a happy, non-violent democratic-consumer. To make world peace a reality, all you had to do was unleash Silicon Valley on the world and let the for-profit Internet work its magic.
With these geniuses whispering in her ear, Secretary Clinton made Internet Freedom a central plank of her State Department tenure. To her, it was not about regime change, but about helping people around the world talk to one another. “We see more and more people around the globe using the Internet, mobile phones and other technologies to make their voices heard as they protest against injustice and seek to realize their aspirations,” she said back in 2011. “So we’re focused on helping them do that, on helping them talk to each other, to their communities, to their governments and to the world.”
In reality, Internet Freedom was just war fought by other means. Here’s a report by the New York Times from June 2011, right around the time that Marlinspike began working with the State Department on Internet Freedom efforts, which would grow later become Signal.
The Obama administration is leading a global effort to deploy “shadow” Internet and mobile phone systems that dissidents can use to undermine repressive governments that seek to silence them by censoring or shutting down telecommunications networks.
The effort includes secretive projects to create independent cellphone networks inside foreign countries, as well as one operation out of a spy novel in a fifth-floor shop on L Street in Washington, where a group of young entrepreneurs who look as if they could be in a garage band are fitting deceptively innocent-looking hardware into a prototype “Internet in a suitcase.”
Financed with a $2 million State Department grant, the suitcase could be secreted across a border and quickly set up to allow wireless communication over a wide area with a link to the global Internet.
The American effort, revealed in dozens of interviews, planning documents and classified diplomatic cables obtained by The New York Times, ranges in scale, cost and sophistication.
Some projects involve technology that the United States is developing; others pull together tools that have already been created by hackers in a so-called liberation-technology movement sweeping the globe.
The State Department, for example, is financing the creation of stealth wireless networks that would enable activists to communicate outside the reach of governments in countries like Iran, Syria and Libya, according to participants in the projects.
Ah yes. Look at Syria and Libya — models of democracy, where Al-Qaeda and ISIS run wild and democracy’s a-flourishin’.
Aside from the geopolitical aspect of Internet Freedom technology, the question is: Does Signal actually work? Certainly, lots of encryption experts say its code is flawless. But then again, these experts have been saying the same thing about Tor.
Signal runs on Amazon AWS cloud service — and Amazon is itself a CIA contractor. Signal also requires that users tie their app to a real mobile phone number (their identity) and give unrestricted access to their entire address book (the identities of all their friends, colleagues, fellow activists and organizers and sources). Troubling on an even more fundamental level: Signal depends on Apple and Google to deliver and install the app. As one respected security researcher recently pointed out, this is a serious problem because both companies partner with the NSA and can modify the app (at request of, say, the NSA or CIA) without anyone getting wise.
“Google usually has root access to the phone, there’s the issue of integrity. Google is still cooperating with the NSA and other intelligence agencies. PRISM is also still a thing. I’m pretty sure that Google could serve a specially modified update or version of Signal to specific targets for surveillance, and they would be none the wiser that they installed malware on their phones,” wrote Sander Venema in a post called “Why I won’t be recommending Signal anymore.”
Yeah, that’s pretty troubling. Like Tor, Signal might work if you're chatting with your local neighborhood dealer to score a few grams of coke, but don’t expect it to protect you if you decide to do anything really transgressive — like organizing against concentrated corporate political power in the United States. For what it's worth, I personally heard activists protesting the Democratic National Convention in Philadelphia tell me that the cops seemed to know their every move, despite the fact they were using Signal to organize.
The moral of this story: Tor and Signal are creations of America’s spooky war apparatus. They are designed for regime change in the age of the Internet. If they ever posed a threat to the United States — and to the corporate monopoly power that calls the shots here — their funding would be pulled and they would cease to exist. In short: if you’re worried about corporate-state surveillance, technology funded by this very same state is not the answer.
Yasha Levine is author of Surveillance Valley, coming 2017 from Public Affairs
Update: An earlier version of this story incorrectly described Open Whisper Systems as a non-profit. It is, in fact, a for profit company.
Art for Pando by Jeannette Langmead.