Features & Columns

Surveillance Valley

From hacked nude celebrity selfies to Tor-encrypted drug deals, our privacy depends on Silicon Valley companies, whose data infrastructure dwarfs the NSA's
September 3-9, 2014 | Vol. 31, No. 25 | Silicon Valley, CA

Last year, in response to revelations about NSA surveillance, some of Silicon Valley's biggest names got together and formed an organization dedicated to promoting government surveillance reform. The charade should have been laughed at and mocked—after all, these same companies feed on privacy for profit, and unfettered surveillance is their stock and trade. Silicon Valley runs on for-profit surveillance, and that it dwarfs anything being run by the NSA.

Technologies championed by privacy groups such as the Electronic Frontier Foundation offer little protection. For example, the anonymizing network Tor used by pedophiles, drug dealers, tax cheats, jihadis and everyday porn consumers may turn out to be a government-sponsored honey pot, an inadvertent consequence of the need to cloak its own spying activities.

The interdependence between Silicon Valley's server farms and individual privacy came into clear focus this week. As starlets spin-controlled an anonymous hacker's posts of their naked vacation romps and bathroom mirror selfies with shaming tweets and legal threats, Apple's public relations team took advantage of the holiday weekend to formulate a measured response. Even the best written laws and data security precautions, however, couldn't have stopped the inevitable crack in the dam. Too much private information on too many servers foreshadowed a breach that would shift attention, at least for a moment, from governmental mass surveillance to the private sector's monetization of collected, stored personal data.

Google: Huge Data

Google runs the largest private surveillance operation in the history of mankind. The company has a de facto monopoly on much of the digital ecosystem: search, email, browsers, digital advertising, smartphones, tablets. Google is a global for-profit surveillance behemoth that makes billions in profits a year. Its purpose: to track, analyze and profile us as deeply as possible—who we are, what we do, where we go, who we talk to, what we think about—and then constantly figure out ways to monetize that intelligence.

What kind of info does Google collect? The company is very secretive about that. But here are a few data points that could go into its user profiles, gleaned from two patents Google filed a decade ago, prior to launching its Gmail service:

♦ Concepts and topics discussed in email, as well as email attachments

♦ The content of websites that users have visited

♦ Demographic information—including income, sex, race, marital status

♦ Geographic information

♦ Psychographic information—personality type, values, attitudes, interests

♦ Previous searches users have made

♦ Information about documents users viewed and edited

♦ Browsing activity

♦ Previous purchases

Google might be making money off advertising now, but the big question is: How will it use all this data in the future? Five years from now? Ten years from now? Data has a way of never fully disappearing or dying. Will it be passed around, re-analyzed, bought and sold for ever and ever? And what guarantee do we have that this info won't end up down the line in the hands of the US governmentÉ or in the hands of repressive totalitarian regimes?

And if that wasn't enough surveillance for you, then there's the uncomfortable ties between Google and the US military-surveillance complex—a collaboration that's been going on for so long that it's sometimes hard to discern where Google ends and the NatSec apparatus begins.

Over the years, Google's worked to enhance the surveillance capabilities of the biggest intel agencies in the world: the NSA, FBI, CIA, DEA, NGA and just about every wing of the DoD. Google's DC office is staffed by former spooks, high-level intelligence officials and revolving door military contractors: US Army, Air Force Intelligence, Central Intelligence Agency, Director of National Intelligence, USAID, SAIC, Lockheed.

Tor Curtain

The Tor browser and network has been touted as a scrappy but extremely effective grassroots technology that can protect journalists, dissidents and whistleblowers from powerful government forces that want to track their every move online. But according to a recent expose, Tor provides the opposite of anonymity: it singles out users for total NSA surveillance, potentially sucking up and recording everything they do online.

The Tor Network was developed, built and financed by the US military and surveillance establishments and continues to be funded by Department of Defense grants routed through entities such as the Menlo Park nonprofit SRI (formerly Stanford Research Institute). Government-originated funding dramatically increased in 2012.

Tor's original—and current—purpose is to cloak the online identity of government agents and informants while they are in the field. Just everybody involved in developing Tor technology has been and/or still is funded by the Pentagon or related arm of the US government. Tor is still very much in active use by the US government for intelligence gathering activities.

Tor's origins go back to 1995, when military scientists at the Naval Research Laboratory began developing cloaking technology that would prevent someone's activity on the Internet from being traced back to them. The technology was funded by the Office of Naval Research and DARPA. The original goal of what's called "onion routing" was to allow intelligence and military personnel to work online undercover without fear of being unmasked by someone monitoring their Internet activity.

In the '90s, as public Internet use and infrastructure grew and multiplied, spooks needed to figure out a way to hide their identity in plain sight online. An undercover spook sitting in a hotel room in a hostile country somewhere couldn't simply dial up CIA.gov on his browser and log in — anyone sniffing his connection would know who he was. Nor could a military intel agent infiltrate a potential terrorist group masquerading as an online animal rights forum if he had to create an account and log in from an army base IP address. As Michael Reed, one of the inventors of onion routing, explains:

"The *PURPOSE* was for DoD/Intelligence usage (open source intelligence gathering, covering of forward deployed assets, whatever). Not helping dissidents in repressive countries. Not assisting criminals in covering their electronic tracks. Not helping bit-torrent users avoid MPAA/RIAA prosecution. Not giving a 10 year old a way to bypass an anti-porn filter. Of course, we knew those would be other unavoidable uses for the technology, but that was immaterial to the problem at hand we were trying to solve (and if those uses were going to give us more cover traffic to better hide what we wanted to use the network for, all the betterÉI once told a flag officer that much to his chagrin)."

Very early on, researchers understood that just designing a system that only technically anonymizes traffic is not enough—not if the system is used exclusively by military and intelligence. In order to cloak spooks better, Tor needed to be used by a diverse group of people: Activists, students, corporate researchers, soccer moms, journalists, drug dealers, hackers, child pornographers, foreign agents, terrorists—the more diverse the group that spooks could hide in the crowd in plain sight.

Tor also needed to be moved off site and disassociated from Naval research. As Syverson told Bloomberg in January 2014: "If you have a system that's only a Navy system, anything popping out of it is obviously from the Navy. You need to have a network that carries traffic for other people as well."

Tor co-founder Roger Dingledine said the same thing at a conference in 2004: "The United States government can't simply run an anonymity system for everybody and then use it themselves only. Because then every time a connection came from it people would say, 'Oh, it's another CIA agent.' If those are the only people using the network."

In 2007, 22-year-old Swedish hacker/researcher Dan Egerstad told Sydney Morning Herald that he thinks many of the major Tor nodes are being run by intelligence agencies or other parties interested in listening in on Tor communication. Egerstad had managed to capture a trove of passwords and other sensitive information by monitoring Tor traffic on five servers he had installed. He can't help but speculate who's behind other Tor servers. "If you actually look into where these Tor nodes are hosted and how big they are, some of these nodes cost thousands of dollars each month just to host because they're using lots of bandwidth, they're heavy-duty servers and so on," Egerstad says. "Who would pay for this and be anonymous? For example, five of six of them are in Washington D.C."

Edward Snowden's leaks clearly showed the NSA and GCHQ run Tor nodes, and are interested in running more. And running 50 Tor nodes doesn't seem like it would be too difficult for any of the world's intelligence agencies—whether American, German, British, Russian, Chinese or Iranian. Hell, if you're an intelligence agency, there's no reason not to run a Tor node.

In 2012, Dingledine revealed that the Tor Network is configured to prioritize speed and route traffic through through the fastest servers/nodes available. Dingledine was criticized by the Tor community for the obvious reason that funneling traffic through a handful of fast nodes made surveilling and subverting Tor much easier. In 2013, the Washington Post revealed that the NSA had figured out various ways of unmasking and penetrating the anonymity of the Tor Network... continue reading