Hall of Mirrors: Wikileaks volunteer helped build Tor, was funded by the Pentagon

By Yasha Levine , written on July 22, 2014

From The News Desk

Last week, I wrote an article about the Tor Network, an anonymity tool developed, built, and (currently) financed by the US National Security State: the Pentagon, the State Department, and a CIA spinoff, the International Broadcasting Bureau, that also operates a propaganda outfit aimed at subverting Cuba’s communist regime.

While most of the story — Tor's NatSec sponsors, military functionality, and the people involved  — is relatively straightforward, at times the narrative threads can veer into weird and murky territory.

One of these spooky tangents involves NSA contractor Edward Snowden.

The Snowden story itself is incomplete and insufficiently transparent, but one thing we've learned is that in his final months before fleeing, Snowden ran multiple high-bandwidth Tor exit nodes while working as an NSA contractor in Hawaii.

The fact that Snowden ran Tor nodes had been known to many in the Tor/crypto-privacy community for quite some time. But it only became public knowledge this past May, when former Tor developer Runa Sandvik decided to spill the news to Wired’s Kevin Poulsen. (A strange choice for Sandvik to spill the beans to, given what Glenn Greenwald called Kevin Poulsen's "journalistic disgrace" in his articles about whistleblower Chelsea Manning.)

In mid-November 2012, just a few weeks before Snowden reached out to Glenn Greenwald, he emailed Sandvik, telling her that he ran a major Tor node, and asking her if she could help get him some Tor stickers to give out to his colleagues. Snowden used the same anonymous email address — [email protected] — to contact Sandvik that he would use a couple of weeks later to unsuccessfully attempt to contact Greenwald. Despite the fact that Snowden was both an NSA spook and planning to leak his growing trove of NSA documents, he provided Sandvik with his full real name and his full real address. That would seem to be reckless behavior, unusual given Snowden's careful and deliberate movements in everything else.

As it turned out, Sandvik was already planning to visit Hawaii for vacation, where Snowden told her he lived and worked, so she suggested that they meet up there. In her capacity as a Tor ambassador, Sandvik offered to give a talk to locals about communication security and encryption. Snowden was apparently “enthusiastic” about the idea, and they agreed to host a "crypto party."

Snowden went to work rallying together local Hawaii-based techies: He created a wiki with details about the upcoming Runa Sandvik speaking event, and left a wide digital trail that included his anonymous Lavabit email address posted on the Internet. Snowden then used this same account to get in touch with Asher Wolf — who’s credited with coming up with the idea of hosting crypto-parties to teach people about info security — to ask her for tips and advice, which she gladly provided.

On December 11, 2012 — about three weeks after he first emailed her —  Sandvik and Snowden finally met and hosted a “crypto party” at a local “art space behind a furniture store” in Honolulu. There they taught twenty or so locals how to use Tor and encrypt their hard drives, and Snowden personally hosted a session about how to set up and run a Tor server.

“He introduced himself as Ed. We talked for a bit before everything started. And I remember asking where he worked or what he did, and he didn’t really want to tell,” Sandvik told Wired.

What she did end up learning was that Snowden was running more than one Tor exit node, and that he was trying to get some of his “work” buddies to run their own Tor nodes as well. That was his excuse for getting those Tor stickers from Sandvik: He told her he thought they would motivate his buddies to get more involved.

“He said he had been talking [sic] some of the more technical guys at work into setting up some additional fast servers, and figured some swag might incentivize them to do it sooner rather than later,” Sandvik told Wired.

The idea of a bunch of NSA contractors running exit Tor nodes is more than a little disturbing, as exit nodes have long been known to be one of the network's most obvious weaknesses. Snowden's own NSA leaks reveal the NSA and GCHQ run their own Tor nodes.

Which brings me to the obvious question: Was Snowden running Tor nodes as part of his job at the NSA?

I tried asking Sandvik, but she hasn't replied to my request for comment. Wired’s Poulsen suggested that running Tor nodes and throwing a crypto party was a pet privacy project for Snowden. “Even as he was thinking globally, he was acting locally.”

Sure, that’s one explanation. But for some reason, I find it hard to imagine that an NSA contractor with top secret security clearance, in the middle of stealing a huge cache of secrets and leaking them to the world, would risk running a Tor node and lobbying his NSA coworkers to do the same — just to help out the cause of Internet privacy.

And if he was just a naive Internet privacy activist, did Snowden realize that he was reaching out — and disclosing his identity and address — to a person on the payroll of an outfit almost completely funded by the US National Security State?

Tor's Sandvik received roughly $140,000 for her work as a Tor contractor from 2011 through 2012 — with the funds supporting her salary coming mostly from Pentagon and intel-connected grants. The whole thing is bizarro-world: An NSA contractor secretly contacting a Pentagon-funded project employee in order to teach locals how to evade government internet spooks — all while failing to disclose their own ties to government  spooks.

Runa Sandvik’s run-in with Edward Snowden in December 2012 was not her last. Sandvik recently left her Pentagon-funded job at Tor and now works as a “privacy and security researcher” for Freedom of the Press Foundation (FPF), a group established to promote and help leakers of government secrets.

Curiously, this organization was founded the same month Edward Snowden first emailed Greenwald (and then met Sandvik in Hawaii), with the stated purpose, according to Greenwald, of providing funding to WikiLeaks.

FPF now features Edward Snowden on its Board of Directors, along with Glenn Greenwald and Laura Poitras — the two biggest beneficiaries of Snowden’s NSA leaks, along with their billionaire publisher Pierre Omidyar, who now funds the FPF, and is also a big supporter of Tor.

The Freedom of the Press Foundation promotes Tor on its website as a tool that can help individuals, journalists and activists to avoid surveillance online. Nowhere does FPF mention that Tor was designed, funded, and still supported by the US National Security State in order to conceal online spook activities.

And if you thought that all this Snowden-Tor-spook stuff couldn't get any more confusing or convoluted, it can and does.

After Edward Snowden failed to make contact with Glenn Greenwald (Greenwald initially dismissed Snowden as a crackpot), the would-be leaker then contacted Laura Poitras. Unlike Greenwald, she took Snowden seriously and decided to spend some time checking out his story. In order to vet Snowden, Poitras brought in Jacob Appelbaum — a Tor developer who, as I wrote last week, has spent the past five years working for an organization that's funded almost exclusively by the US National Security State.

Jacob Appelbaum and Wikileaks

In 2009, Jacob Appelbaum came onboard as one of five salaried employees of the Tor Network, earning a salary of $96,000 as a developer. About 90% of Tor's funds that year came from federal grants, mostly from the State Department and the CIA-spinoff International Broadcasting Bureau (IBB). Appelbaum's Tor gig has continued uninterrupted ever since, netting him somewhere around a half-million dollars. Not a bad haul.

Yet in 2010, right in the midst of him being funded by intel grants, Appelbaum emerged as an important Wikileaks volunteer. He used his celebrity status in the hacker world to promote the organization, helped secure Wikileaks' servers with Tor technology and even bailed Assange out of public speaking gigs when the heat from US authorities got too hot.

That year, Rolling Stone did a big story on Jacob Appelbaum, profiling him as a brilliant techno-anarchist rebel who's fighting the good fight by taking on America's evil military-surveillance apparatus. The mag described him as the “American Wikileaks Hacker" and featured praise from none other than Julian Assange himself.

"Jake has been a tireless promoter behind the scenes of our cause,” Julian Assange told the magazine.

Did Assange know that Appelbaum was a key employee at an organization funded almost exclusively by the US National Security State — the same all-powerful imperial machine that Wikileaks and Appelbaum were supposedly fighting against?

And it's not just the money. Appelbaum also spends quite a bit of time touring the world and giving US government-sponsored "training sessions" to corporate lackeys, pro-western "activists" and even government officials of repressive states that are allied with the United States.

Here's Appelbaum's RS profile on this secretive part of his Tor work:

...Appelbaum spends much of each year leading Tor training sessions around the world, often conducted in secrecy to protect activists whose lives are in danger. Some, like the sex-worker advocates from Southeast Asia he tutored, had limited knowledge of computers. Others, like a group of students Appelbaum trained at a seminar in Qatar, are highly sophisticated: One worked on the government's censorship network, another works for a national oil company, and a third created an Al-Jazeera message board that allows citizens to post comments anonymously.
Appelbaum trained an employee of Qatar's "censorship network"? That's nice of him — I mean, why wouldn't you train a censorship apparatchik working for an autocratic state known for brutal "modern slavery," where foreign workers are routinely worked to death in the punishing Qatari heat, and where there's no freedom of religion and sexuality?

For someone who sells himself as a techno-anarchist fighting against the all-powerful US Imperial Surveillance State, it's a bit weird to see Appelbaum fight for the interests of political movements and activists in conflict zones around the world — activists that just so happen to be in states like Iran and Syria, where the U.S. has been trying to conduct regime operations since before Appelbaum was born.

In a joint talk last year with Tor co-founder Roger Dingledine, Appelbaum argued that sure, Tor might facilitate the spread of child pornography, but this was a necessary evil in the great fight against global injustice at the hands of dictators in countries like Iran and Syria:

If you have a tool and someone is being abused. There is a child that is being abused. And you have this tool and you say 'Gosh, we should take care of that we should get rid of that tool so that child won’t be abused anymore.'

Well you have someone in Syria right now who might not be even involved in the revolution or the civil war — whatever you want to call Assad committing genocide against people right now. If you take away Tor, you don’t stop the child abuse. And you do harm the person in Syria who needs that help actively.

...If you take away Tor you are going to cause a net harm. Because really awful people that are going to commit these crimes...are going to commit a pretty simple crime [child pornography? —YL] compared to the heinous crimes they are interested in. You see this with Assad and his campaign against the Syrian people, where, what, 70,000 people been killed. How the hell does Appelbaum reconcile all these conflicted sides of his life: employee of an organization funded by military/intel grants, radical transparency activist, ambassador of American-style democracy?

I asked him, but got no reply.

Clearly, Appelbaum thinks of himself as a hacker-spy, an anarcho-007, who plays the game and lives the dream of every adolescent boy in the universe: to be a secret agent.

Just look at the dramatic scene he set up in his apartment for the benefit of a gullible Rolling Stone correspondent:

Appelbaum has dedicated his life to fighting for anonymity and privacy. An anarchist street kid raised by a heroin-addict father, he dropped out of high school, taught himself the intricacies of code and developed a healthy paranoia along the way. "I don't want to live in a world where everyone is watched all the time," he says.

...I visit him at his cavernous duplex in San Francisco. The only furniture is a black couch, a black chair and a low black table; a Guy Fawkes mask hangs on a wall in the kitchen. The floor is littered with Ziploc bags containing bundles of foreign cash: Argentine pesos, Swiss francs, Romanian lei, old Iraqi dinars bearing Saddam Hussein's face. The bag marked "Zimbabwe" contains a single $50 billion bill. Photographs, most of them taken by Appelbaum, cover the wall above his desk: punk girls in seductive poses and a portrait of his deceased father, an actor, in drag. A black couch, a single desk, pictures of beautiful women and cash from exotic, dangerous places laid out on the floor in neat zip-lock bags. Man, what a life! Whatever or whoever Appelbaum is, he's got a feel for drama and can put on a good show.

As for how this all fits in with Tor? Well, your guess is as good as mine. All I can say is: welcome to the ridiculous, hall of mirrors world of (what's supposed to be) the most effective, trustworthy tool for online anonymity.


Want to know more? Almost everyone involved in developing Tor was (or is) funded by the US government

[Image credit: Mike Pennington (Creative Commons)]