Surveillance Valley – a review

Note: This post is a book review. I did not buy this book on Amazon, and if, after reading this post, you consider buying it, I strongly urge you not to buy it on Amazon. Amazon is a proprietary software vendor and, more importantly, a company with highly problematic business and labour practices. They should clean up their act and, failing that, we should all boykot them. 

Most of us have heard that the Internet started as a research project initiated by the ARPA, the Advanced Research Projects Agency, an agency under the US military conducting advanced research, especially focusing on counter-insurgency and future war scenarios. A common version of this story is that the Internet was originally intended to be a decentralized network, a network with no central hub necessary for its operation, where individual nodes might be taken out without disrupting the traffic, which would just reroute itself through other nodes. A TCP/IP network may indeed work like that, but the true origins of the Internet are far darker.

In the 1940′s and 50′s, Norbert Wiener’s theory of cybernetics became very popular. Wiener was a mathematician who worked for the American military during WWII. The gist of cybernetics is that all systems maintain themselves through feedback between their elements. If one could understand the nature of the feedback that keeps them stable, one could predict their future behaviour. The beauty of this theory is that systems could consist of human beings and machines, and it did not in fact matter if a given element was one or the other; as the systems were supposed to stabilize naturally just like ecosystems, it should be possible to set down mathematical equations they’d need to fulfill to serve their role in the system.

This theory was criticized, in fact even by Wiener himself, for reducing human beings to machines; and the analogy to ecosystems has proven false, as later biological research has shown that ecosystems do not tend to become stable – in fact, they are in constant change. In the 50s, however, this theory was very respected, and ARPA wanted to utilize it for counterinsurgency in Asian countries. For that purpose, they started a detailed anthropological study of tribes in Thailand, recording the people’s physical traits as well as a lot of information about their culture, habits and overall behaviour. The intention was to use this information in cybernetic equations in order to be able to predict people’s behaviour in wars like the Korea or, later, the Vietnam war.

In order to do this, they needed computation power – a lot of it. After the Soviets sent up the Sputnik and beat the Americans to space, there was an extraordinary surge of investments in scientific and engineering research, not least into the field of computers. In the early 60′s, psychologist and computer scientist J.R.C. Licklider proposed “The Intergalactic Network” as a way to provide sufficient computation power for the things that ARPA wanted to do – by networking the computers, so problems might be solved by more computers than the user was currently operating. In doing so, Licklider predicted remote execution, keyboard-operated screens as well as a network layout that was practically identical to (if much smaller than) the current Internet. Apart from providing the power to crunch the numbers needed to supposedly predict the behaviour of large populations for counterinsurgency purposes, the idea that such a network could be used for control and surveillance materialized very early.

In the 1990s, the foundations of the company currently known as Google was created in Stanford Research Institute, a university lab that had for decades been operating as a military contractor. The algorithmic research that gave us the well-known Page Rank algorithm was originally funded by grants from the military.

From the very beginning, Google’s source of income was mining the information in its search log. You could say that from the very beginning, Google’s sole business model has been pervasive surveillance, dividing its users into millions of buckets in order to sell as fine-tuned advertising as possible.

At the same time, Google has always been a prolific military contractor, selling upgraded versions of all kinds of applications to help the US military fight their wars. As an example, Google Earth was originally developed by Keyhole, Inc. with military purposes in mind – the military people loved the video game-like interface, and the maps and geographical features could be overlaid with all kinds of tactical information about targets and allieds in the area.

More controversially, the Tor project, the free software project so lauded by the Internet Freedom and privacy communities, is not what it has consistently described itself as. It is commonly known that it was originally commissioned by a part of the US Navy as an experimental project for helping their intelligence agents stay anonymous, but it is less known that Tor has, since its inception, been almost exclusively financed by the US government, among others through grants from the Pentagon and the CIA but mainly by BBG, the “Broadcasting Board of Governors”, which originated in the CIA.

The BBG’s original mission was to run radio stations like Voice of America and, more recently, Radio Free Asia, targeting the populations of countries that were considered military enemies of the US. Among other things, BBG has been criticized for simply being a propaganda operation, a part of a hostile operation against political adversaries:

Wherever we feel there is an ideological enemy, we’re going to have a Radio Free Something (…) They lean very heavily on reports by and about dissidents in exile. It doesn’t sound like reporting about what’s going on in a country. Often, it reads like a textbook on democracy, which is fine, but even to an American it’s rather propagandistic.

One could ask, what kind of interest could the BBG possibly have in privacy activism such as that supposedly championed by the Tor project? None, of course. But they might be interested in providing dissidents in hostile countries with a way to avoid censorship, maybe even to plot rebellion without being detected by the regime’s Internet surveillance. Radio Free Asia had for years been troubled by the Chinese government’s tendency to block their transmission frequencies. Maybe Tor could be used to blast a hole in the Great Chinese Firewall?

At the same time, Tor could be used by operatives from agencies like the CIA, the NSA or the FBI to hide their tracks when perusing e.g. Al Qaeda web sites.

But, if the US government promotes this tool to dissidents in Russia, China or Iran as a creation of the US government – why would they trust it? And, if an Al Qaeda site suddenly got a spike of visitors all using Tor – maybe they’d figure it out anyway, if Tor was known as a US government tool? Wouldn’t it be nice if millions of people used Tor because they thought they were “sticking it to the man” and “protecting their privacy”, giving legitimacy with respect to the dissidents and cover to the agents?

And so, Tor the Privacy Tool was born. People were told that if they used Tor and were careful, it was cryptographically impossible that anyone should know which sites they were visiting. Except for the fact that Tor has all the time had serious (unintentional) weaknesses which meant that hidden services might have their IP exposed and web site visitors might, with some probability, be identified even if they were using Tor correctly. And using Tor correctly is already very difficult.

Yes, someone like Edward Snowden who knew about its weaknesses and had considerable insight into its security issues could indeed use Tor safely to perform his leaks and communicate about them, for a short while. But advising people in repressive societies with no technical insight who may have their lives at stake doing really serious things to rely on this tool might be … completely irresponsible. Like sending someone in battle with a wooden toy gun.

And maybe, just maybe, the American government was happy enough letting these pesky privacy activists run around with their wooded toy gun, courtesy of Uncle Sam, instead of doing something stupid like demanding effective regulations. And who better to evangelize this wooden toy gun but Jacob Appelbaum, the now-disgraced Tor developer who toured the world pretending to “stick it to the Man”, all the while working for a military contractor and netting a $100,000 paycheck directly from the American government? Maybe, in that sense, Tor as a privacy tool was always worse than nothing.

These are just a few of the topics covered in Yasha Levine’s new book Surveillance Valley. Levine’s idea is to cover the military roots of the modern computer industry, and he does that in gory and unsettling detail.  Apart from cybernetics, ARPA, Google and Tor he also covers the influence of cybernetics on the counterculture and its later history of WIRED magazine and the Californian ideology. It also offers a critical examination of the consequences of Edward Snowden’s leaks.

This is not a flawless book; Levine has a point he wishes to get through, and in order to get there, he occasionally resorts “hatchet job” journalism, painting people’s motives in an artificially unfavourable light or not researching his accusations thoroughly enough. For instance, Levine accuses Dingledine and the Tor project of giving vulnerabilities to the government for possible exploitation before making them public. The example he gives to prove that assertion is wrong, and I guess he makes the mistake because his eagerness to nail them made him sloppy, and because Levine himself lacks the technical expertise to see why the vulnerability he mentions (TLS normalization, detectability of Tor traffic) couldn’t possibly have been unknown to others at the time.

But, apart from that, I wholeheartedly recommend the book. It tells a story about Silicon Valley that really isn’t told enough, and it points out some really unpleasant – but, alas, all too true – aspects of the technology that we have all come to depend on. Google, the “cool” and “progressive” do-good-company, in fact a military contractor that helps American drones kill children in Yemen and Afghanistan? As well as a partner in predictive policing and a collector of surveillance data that the NSA may yet try to use to control enemy populations in a Cybernetics War 2.0? The Tor Project as paid shills of the belligerent US foreign policy? And the Internet itself, that supposedly liberating tool, was originally conceived as a surveillance and control mechanism?

Yes, unfortunately – in spite of the book’s flaws, true on all counts. For those of us who love free software because we love freedom itself, that should be an eyeopener.

11 thoughts on “Surveillance Valley – a review

  1. Pingback: Links 6/4/2018: New Fedora ISO, Next Ubuntu Reaches Final Beta | Techrights

  2. Dear Carsten,
    thanks for the thought-provoking review. I disagree with the assessment of Tor, which looks like an attempt to spread Fear, Uncertainty, and Doubt to me:
    1. It’s Tor, not TOR.
    2. The fact that Tor was funded by the US government was well-known early on. The seminal research paper from 2004 acknowledges ONR and DARPA support, and one of authors indicates “Naval Research Lab” as employer [1]. Nowadays, see here for sponsors [2] and here for financial reports [3]. (Of course, I don’t know whether additional payments with hidden agenda go to individuals.)
    3. What’s wrong with $100,000 paychecks for uniquely skilled people (whatever you might be thinking about them personally)?
    4. You already mention a wrong example for rumors. Something always sticks, right?

    For years, I’ve been advertising Tor [4] (here in German [5]), in particular the Tor Browser, as indispensable tool in times of mass surveillance. Do you remember the Snowden revelations? How do you protect your surfing against surveillance by your own government, various foreign governments, and all kinds of known and unknown data brokers? Is there a strong alternative to Tor? Something better?

    Thanks
    Jens

    [1] https://www.freehaven.net/anonbib/cache/draft-tor-design-2004.pdf
    [2] https://www.torproject.org/about/sponsors.html.en
    [3] https://www.torproject.org/about/financials.html.en
    [4] https://blogs.fsfe.org/jens.lechtenboerger/tag/tor/
    [5] https://www.informationelle-selbstbestimmung-im-internet.de/Anonymes_Surfen_mit_Tor.html

  3. Dear Jens,

    thanks for your comment! I’ll reply to your concerns one by one:

    1) Duly noted, I’ll fix it.

    2) It’s always been well-known that Tor was originally created by the Naval Research Lab and was subseqeuntly sponsored by the EFF. However, the fact that Tor was subsequently financed almost solely by the Broadcasting Board of Governors, which is best described as a propaganda section of the American intelligence sector which aims at destabilizing governments considered hostile to the United States of America, has not been a prominent part of Tor’s marketing. I find the connection to the BBG very politically problematic. Note, this criticism is political, I do think they’re doing their best technically. But, taking money from a propaganda sapling of the CIA – how is that not problematic? What if it was the FSB, or the similar service in China? Would you still promote it?

    3) There’s nothing wrong with paying skilled professionals $100,000. In fact, that’s in the ballpark of what I make myself. However, if someone travels the world evangelizing a tool to protect us from The Man, I do expect them not to be paid a very high salary from The Man himself. If that’s the case, I’d say something doesn’t add up.

    4) I think it’s very important to be exact in our criticism, and the flaws I’ve pointed are serious defects in Levine’s book. However, in the end the book stands up (I’ve also been through some of its references), and IMO the criticism of Tor stands up despite of the too negative style. I really do get some cognitive dissonance out of a tool to protect us from the American intelligence services being (not just created, but) overwhelmingly paid and maintained by the very same intelligence services. Something is wrong here, and I think Levine’s analysis of what it is is correct. Basically, privacy activists are used to give credibility to what is really a project to further the American foreign policy (BBG – main sponsor), law enforcement (FBI) and intelligence services (CIA – co-sponsor).

    Honestly, I’d want a privacy tool to run with no support whatever from intelligence services and with no shares at all in surreptitious American foreign policy machinations. I don’t think that’s a point of view that’s very difficult to understand.

    Once again, thanks for your comment. :-)

    • Ad 2) I’m not sure what a “propaganda sapling” is, but I’m sure that 1950s propaganda goals and techniques were different from today’s. Also, propaganda and education both aim to influence thinking, behavior, feelings, and the distinction is sometimes not clear cut.
      You asked whether I would accept money from China or Russia. Let me remark first that this situation is different from Tor’s because they were spending (mostly) US money inside the US. Instead, your scenario is more complicated because it raises ethical issues related to the money’s origin. Suppose I was in charge of a Tor-like free software project, and some party offered funding when nobody else did. If that money was obtained through unacceptable means (say, from the mafia, child or slave labor, etc.), I wouldn’t want it. Whether public money from China or Russia is acceptable or not in that ethical sense, is beyond the scope of this discussion. Instead, I could decide whether I want their money although their goals for my project do not align with (or even subvert) my goals for my project. In this case, which I believe to be similar to Tor’s, I would first need to reevaluate my project in general: Does it offer more good than bad? If I decided to continue my project I would gladly accept the money. Money cannot take freedom (software’s and mine) away, but money allows me to do more of what I did anyways.
      Another question for a different discussion is this: How much money do you need to pay so that you can be sure that I betray my ideals and surreptitiously subvert my initial goals?

      Ad 3) IMO, “the Man” is a figure of speech but not a useful basis for an argument. It would be very surprising to me if anyone could pinpoint any single person or entity in the US that drives policy decisions based on a consistent set of goals. Even more so over decades.

      Ad 4) Concerning the dissonance and what’s wrong: Similarly to “the Man,” I do not think that there is something like a consistent “American foreign policy.” I know next to nothing about the BBG, but I suppose that it has arms and people aiming for education and human rights. The Open Technology Fund (funded by Radio Free Asia->BBG->the Man) certainly supports lots of projects whose (published) goals I share. Restricting attention to Tor again, I see funding by the Man1 to spread propaganda in a censor-resistant way, by the Man2 to cover his agents’s tracks, by the Man3 to discover “interesting” activities of “interesting” parties on the net, by the Man4 to spread human rights as part of foreign policy. I donated to Tor for my own goals, use it on a daily basis, and recommend its use for ordinary surfing.

      > Honestly, I’d want a privacy tool to run with no support whatever from intelligence services and with no shares at all in surreptitious American foreign policy machinations.

      I agree completely.

      However, where to draw the line? My interest in Tor started when the EU parliament passed the data retention directive (2005). Clearly, Tor opposes the EU’s surveillance goals. So, in your view, should public money coming from anywhere in the EU be avoided as well?

      > I don’t think that’s a point of view that’s very difficult to understand.

      Not at all. But wishful thinking does not help much. FUD neither.

  4. For something completely different: The book cover is embedded via HTTP, which causes a browser warning when visiting the article via HTTPS.

  5. Thanks for the interesting review :)
    I have not read the book and I fail to see how “The Internet was originally conceived as a surveillance and control mechanism” can logically follow from the rest. The Internet was built to share data/information and computing power. It is now used for surveillance and control, but these are not the ends for which it was conceived.

    • The Internet was built under the direction of ARPA, the American military’s Advanced Research Project Agency.

      It was thus built with the aim of fulfilling the needs of the military, not least the other, non-computer-related branches of ARPA. What did these do? Well, I’m glad you asked. Under the direction of William H. Godel, they worked with counter-insurgency in Vietnam, Laos and Thailand in the early sixties, even before the US was officially involved in Vietnam.

      As such, they oversaw the creation and application of the infamous Agent Orange and a lot of other defoliation chemicals, leading to the birth of thousands of deformed children long after the fact. They also oversaw techniques such as forcibly removing the population to “secured” villages, in some cases resembling the Native American reservations in the US, in other concentration camps, but always destroying the fabric of centuries-old traditional life.

      They also planted surveillance devices, i.e. radio transmitters with microphones and urine detectors, along the Ho-Chi-Minh Path in order to detect troop movements. Unfortunately, the Viet Cong figured that out and learned to provoke an attack with false alarms, allowing them to pass unharmed through the wreckage afterwards.

      And they collected loads of data points of some tribes in Thailand, with Google or Facebook style set of parameters which they wanted to manipulate in order to predict their behaviour in various scenarios. These data points were, despite ARPA’s use of anthropologist, built on a somewhat racist perception of South East Asian people and probably couldn’t work very well. (Unfortunately, I’m not making all of this up.)

      Given that the first priority in Licklider’s vision for a network in his early memo about the “Intergalactic Network” is about ensuring computing power for tasks at hand, the idea was to produce this for the benefit of the army in general and ARPA in particular; and, given the nature of ARPA’s activities, I don’t think it’s wrong to speak about it as a “surveillance and control mechanism”.

      Of course, Doug Engelbart’s vision was quite different, and many of the people who actually implemented it had very different ideas. But it was conceived by Licklider for ARPA’s use.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>