Review of Yasha Levine's Surveillance Valley - strong criticism of the Tor Project


#1

Originally: http://blogs.fsfe.org/agger/2018/04/05/surveillance-valley-a-review/

Surveillance Valley - a review

Note: This post is a book review. I did not buy this book on Amazon, and if, after reading this post, you consider buying it, I strongly urge you not to buy it on Amazon. Amazon is a proprietary software vendor and, more importantly, a company with highly problematic business and labour practices. They should clean up their act and, failing that, we should all boykot them.

Most of us have heard that the Internet started as a research project initiated by the ARPA, the Advanced Research Projects Agency, an agency under the US military conducting advanced research, especially focusing on counter-insurgency and future war scenarios. A common version of this story is that the Internet was originally intended to be a decentralized network, a network with no central hub necessary for its operation, where individual nodes might be taken out without disrupting the traffic, which would just reroute itself through other nodes. A TCP/IP network may indeed work like that, but the true origins of the Internet are far darker.

In the 1940′s and 50′s, Norbert Wiener’s theory of cybernetics became very popular. Wiener was a mathematician who worked for the American military during WWII. The gist of cybernetics is that all systems maintain themselves through feedback between their elements. If one could understand the nature of the feedback that keeps them stable, one could predict their future behaviour. The beauty of this theory is that systems could consist of human beings and machines, and it did not in fact matter if a given element was one or the other; as the systems were supposed to stabilize naturally just like ecosystems, it should be possible to set down mathematical equations they’d need to fulfill to serve their role in the system.

This theory was criticized, in fact even by Wiener himself, for reducing human beings to machines; and the analogy to ecosystems has proven false, as later biological research has shown that ecosystems do not tend to become stable – in fact, they are in constant change. In the 50s, however, this theory was very respected, and ARPA wanted to utilize it for counterinsurgency in Asian countries. For that purpose, they started a detailed anthropological study of tribes in Thailand, recording the people’s physical traits as well as a lot of information about their culture, habits and overall behaviour. This intention was to use this information in cybernetic equations in order to be able to predict people’s behaviour in wars like the Korea or, later, the Vietnam war.

In order to do this, they needed computation power – a lot of it. After the Soviets sent up the Sputnik and beat the Americans to space, there was an extraordinary surge of investments in scientific and engineering research, not least into the field of computers. In the early 60′s, psychologist and computer scientist J.R.C. Licklider proposed “The Intergalactic Network” as a way to provide sufficient computation power for the things that ARPA wanted to do – by networking the computers, so problems might be solved by more computers than the user was currently operating. In doing so, Licklider predicted remote execution, keyboard-operated screens as well as a network layout that was practically identical to (if much smaller than) the current Internet. Apart from providing the power to crunch the numbers needed to supposedly predict the behaviour of large populations for counterinsurgency purposes, the idea that such a network could be used for control and surveillance materialized very early.

In the 1990s, the foundations of the company currently known as Google was created in Stanford Research Institute, a university lab that had for decades been operating as a military contractor. The algorithmic research that gave us the well-known Page Rank algorithm was originally funded by grants from the military.

From the very beginning, Google’s source of income was mining the information in its search log. You could say that from the very beginning, Google’s sole business model has been pervasive surveillance, dividing its users into millions of buckets in order to sell as fine-tuned advertising as possible.

At the same time, Google has always been a prolific military contractor, selling upgraded versions of all kinds of applications to help the US military fight their wars. As an example, Google Earth was originally developed by Keyhole, Inc. with military purposes in mind – the military people loved the video game-like interface, and the maps and geographical features could be overlaid with all kinds of tactical information about targets and allieds in the area.

More controversially, the TOR project, the free software project so lauded by the Internet Freedom and privacy communities, is not what it has consistently described itself as. It is commonly known that it was originally commissioned by a part of the US Navy as an experimental project for helping their intelligence agents stay anonymous, but it is less known that Tor has, since its inception, been almost exclusively financed by the US government, among others through grants from the Pentagon and the CIA but mainly by BBG, the “Broadcasting Board of Governors”, which originated in the CIA.

The BBG’s original mission was to run radio stations like Voice of America and, more recently, Radio Free Asia, targeting the populations of countries that were considered military enemies of the US. Among other things, BBG has been criticized for simply being a propaganda operation, a part of a hostile operation against political adversaries:

Wherever we feel there is an ideological enemy, we’re going to have a Radio Free Something (…) They lean very heavily on reports by and about dissidents in exile. It doesn’t sound like reporting about what’s going on in a country. Often, it reads like a textbook on democracy, which is fine, but even to an American it’s rather propagandistic.

One could ask, what kind of interest could the BBG possibly have in privacy activism such as that supposedly championed by the Tor project? None, of course. But they might be interested in providing dissidents in hostile countries with a way to avoid censorship, maybe even to plot rebellion without being detected by the regime’s Internet surveillance. Radio Free Asia had for years been troubled by the Chinese government’s tendency to block their transmission frequencies. Maybe Tor could be used to blast a hole in the Great Chinese Firewall?

At the same time, Tor could be used by operatives from agencies like the CIA, the NSA or the FBI to hide their tracks when perusing e.g. Al Qaeda web sites.

But, if the US government promotes this tool to dissidents in Russia, China or Iran as a creation of the US government – why would they trust it? And, if an Al Qaeda site suddenly got a spike of visitors all using Tor – maybe they’d figure it out anyway, if Tor was known as a US government tool? Wouldn’t it be nice if millions of people used Tor because they thought they were “sticking it to the man” and “protecting their privacy”, giving legitimacy with respect to the dissidents and cover to the agents?

And so, Tor the Privacy Tool was born. People were told that if they used Tor and were careful, it was cryptographically impossible that anyone should know which sites they were visiting. Except for the fact that Tor has all the time had serious (unintentional) weaknesses which meant that hidden services might have their IP exposed and web site visitors might, with some probability, be identified even if they were using Tor correctly. And using Tor correctly is already very difficult.

Yes, someone like Edward Snowden who knew about its weaknesses and had considerable insight into its security issues could indeed use Tor safely to perform his leaks and communicate about them, for a short while. But advising people in repressive societies with no technical insight who may have their lives at stake doing really serious things to rely on this tool might be … completely irresponsible. Like sending someone in battle with a wooden toy gun.

And maybe, just maybe, the American government was happy enough letting these pesky privacy activists run around with their wooded toy gun, courtesy of Uncle Sam, instead of doing something stupid like demanding effective regulations. And who better to evangelize this wooden toy gun but Jacob Appelbaum, the now-disgraced Tor developer who toured the world pretending to “stick it to the Man”, all the while working for a military contractor and netting a $100,000 paycheck directly from the American government? Maybe, in that sense, Tor as a privacy tool was always worse than nothing.

These are just a few of the topics covered in Yasha Levine’s new book Surveillance Valley. Levine’s idea is to cover the military roots of the modern computer industry, and he does that in gory and unsettling detail. Apart from cybernetics, ARPA, Google and Tor he also covers the influence of cybernetics on the counterculture and its later history of WIRED magazine and the Californian ideology. It also offers a critical examination of the consequences of Edward Snowden’s leaks.

This is not a flawless book; Levine has a point he wishes to get through, and in order to get there, he occasionally resorts “hatchet job” journalism, painting people’s motives in an artificially unfavourable light or not researching his accusations thoroughly enough. For instance, Levine accuses Dingledine and the Tor project of giving vulnerabilities to the government for possible exploitation before making them public. The example he gives to prove that assertion is wrong, and I guess he makes the mistake because his eagerness to nail them made him sloppy, and because Levine himself lacks the technical expertise to see why the vulnerability he mentions (TLS normalization, detectability of Tor traffic) couldn’t possibly have been unknown to others at the time.

But, apart from that, I wholeheartedly recommend the book. It tells a story about Silicon Valley that really isn’t told enough, and it points out some really unpleasant – but, alas, all too true – aspects of the technology that we have all come to depend on. Google, the “cool” and “progressive” do-good-company, in fact a military contractor that helps American drones kill children in Yemen and Afghanistan? As well as a partner in predictive policing and a collector of surveillance data that the NSA may yet try to use to control enemy populations in a Cybernetics War 2.0? The Tor Project as paid shills of the belligerent US foreign policy? And the Internet itself, that supposedly liberating tool, was originally conceived as a surveillance and control mechanism?

Yes, unfortunately – in spite of the book’s flaws, true on all counts. For those of us who love free software because we love freedom itself, that should be an eyeopener.


#2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.