Pando

How leading Tor developers and advocates tried to smear me after I reported their US Government ties

By Yasha Levine , written on November 14, 2014

From The News Desk

“I contract for the United States Government to build anonymity technology for them and deploy it.”

— Roger Dingledine, cofounder of Tor, 2004

* * *

About three months ago, I published an article exploring the deeply conflicted ties between agencies of the U.S. National Security State, and the Tor Network—an online anonymity tool popular among anti-surveillance privacy groups and activists, including Edward Snowden.

My article traced the history of Tor and the US military-intelligence apparatus that spawned it—from Tor's initial development by military researchers in the mid-1990s at the US Naval Laboratory in Washington DC, through its quasi-independent period after it was spun off as a nonprofit in 2004 but continued to receive most of its funding from a variety of government branches: Pentagon, State Department, USAID, Radio Free Asia. My article also revealed that Tor was created not to protect the public from government surveillance, but rather, to cloak the online identity of intelligence agents as they snooped on areas of interest. But in order to do that, Tor had to be released to the public and used by as diverse a group of people as possible: activists, dissidents, journalists, paranoiacs, kiddie porn scum, criminals and even would-be terrorists — the bigger and weirder the crowd, the easier it would be for agents to mix in and hide in plain sight.

Finally, I pointed out that Tor was not nearly as secure as many of its proponents claimed. For people with really something to hide from the state, Tor very likely offered the opposite of anonymity: it singled out users for total NSA surveillance, with intel agencies potentially sucking up and recording everything they did online. Recent events have proven yet again that Tor is not as secure as its fans claim, or as its own developers say they hoped.

All of this information is public, and it's been out there for quite a while—but mostly in a scattered and fragmented way. As a result, the full story of Tor's many pitfalls and contradictions has never been widely known by the public. So even people who should know better, and who care about this issue, have been promoting Tor as a grassroots anti-government surveillance tool without questioning or double-checking that story.

When people are told about Tor's roots in intelligence, and its ongoing funding from the Pentagon, they are usually shocked and surprised. So was I. The Tor story needed to be revisited, which I did, assembling all the verifiable facts, tax and financial records; public statements by Tor's inventors and developers; published academic papers, and so on. Before publishing, we at Pando reached out multiple times to several key Tor people for comment; editors meticulously fact-checked the article before putting it up.

One would've thought that an article warning about Tor's little-known dangers and conflicts-of-interest would've been greeted by the privacy and anonymity community—that they would be more interested in protecting the public and getting Tor right, than in protecting Tor's brand. But instead of being welcomed by the privacy community or sparking a discussion about the aspects of Tor that have been swept under the rug, the article was met with a smear campaign. Surprisingly, the smears weren't waged by the usual fringe anonymous-troll types, but rather by some of the most prominent privacy and anti-surveillance names in the country—top people from groups like the ACLU, Electronic Frontier Foundation, Freedom of the Press Foundation, and Pierre Omidyar's First Look Media.

Curiously, not a single one of these critics disputed the facts in the story. There wasn't a single factual error they could point to; so instead, they took to a range of familiar PR smear tactics—tactics one usually sees used by oil company PR flacks, but not by privacy hacktivists. First, they flooded social media telling anyone who showed interest in my article that they should ignore it; then when that didn't work and the article caught fire, they tried to discredit it with crude insults, misdirection, and outright lies, even going as far as to claim that I'm funded by the CIA. From my experience, when your article produces bizarre hostile reactions like this it means you've hit on something important.

Take Tor developer Andrea Shepard. As soon as my story went live, Shepard responded with a torrent of childish insults, calling me “Pandofilth” and “Yasha the Foul,” a “statist propagandist," a "fucktard's fucktard." Shepard accused me of being funded by spooks, and ranted on and on about the various ways in which she said I had performed sexual favors for a male colleague. She hurled similar childish abuse at anyone she caught commenting positively about my article. When readers suggested to Shepard that she should instead offer a point-by-point rebuttal of my article, rather that swearing and insulting at anyone who mentioned it, she responded that my article wasn't worth the effort of rebutting (only insulting), and that I don't deserve to live:

— Andreⓐ (@puellavulnerata) July 18, 2014 Jacob Appelbaum, another Tor developer who crisscrosses the globe promoting it as a tool against government surveillance, had refused my multiple requests for comment when I was working on the article. When it was published, he called my reporting "a bunch of bullshit", but refused to elaborate with a substantive rebuttal. Instead, Appelbaum made vague suggestions that I was driven by dark and mysterious motives:

— Jacob Appelbaum (@ioerror) October 26, 2014 Perhaps it's somewhat understandable that salaried Tor developers like Andrea Shepard and Jacob Appelbaum went on the attack. Shepard is a libertarian (which is why she called me "statist"—a harsh epithet in her libertarian world); Appelbaum is a bit of a celebrity in the anti-surveillance community, having helped set up Wikileaks, and lately being constantly profiled as a rebel-fugitive hiding out in Berlin from his NSA pursuers. Both Appelbaum and Shepard circulate in radical anti-police state circles, and my article pointed out that they earn $100,000-plus annual salaries working for a nonprofit federal government security contractor—a nonprofit that gets at least three-quarters of its annual funding from the Pentagon, State Department, and other federal agencies. In other words, Tor anti-National Security State rebels are living off the largesse of their NatSec State nemesis.

But it wasn't only Tor employees who were determined to discredit my reporting.

Take Jillian York, "Director for International Freedom of Expression" at the Electronic Frontier Foundation, a tech industry lobby group funded by Silicon Valley's largest corporations. As soon as the story came out, she counseled her 45,000 followers to ignore my story:

— Jillian C. York (@jilliancyork) July 17, 2014 The reason? Because it was not being shared very much on social media:

— Jillian C. York (@jilliancyork) July 17, 2014 (I'm not convinced that social traffic is a meaningful measure of an article's importance but, for what it's worth, the piece currently has around 1.5k Twitter shares and a little over 4k Facebook likes.)

Morgan Marquis-Boire, a former Googler who was recently poached by Pierre Omidyar to run security at First Look, called me a loony conspiracy theorist for reporting on Tor's government funding—but then contradicted himself by arguing that this "conspiracy theory" is a matter of public record. It was a baffling, oxymoronic argument to make—accusing my article of being both a wild conspiracy theory, yet also boring old news that no one should bother reading—but for some reason, Tor defenders thought this self-contradiction made perfect logical sense:

— Morgan Mayhem (@headhntr) July 28, 2014

— Morgan Mayhem (@headhntr) July 18, 2014

— Morgan Mayhem (@headhntr) July 28, 2014 Christopher Soghoian, who works on privacy policies for the ACLU, took the lowest, scummiest road. Soghoian compared my reporting on Tor to the Protocols of the Elders of Zion, a sick anti-Semitic forgery disseminated by the Tsar's secret police, unleashing waves of deadly pogroms against Jews across the Russian Empire in the early 20th century. As a refugee from the Soviet Union whose family escaped from state sponsored anti-Semitism, I found Soghoian’s comparison to be outrageously offensive and disgusting.

— Christopher Soghoian (@csoghoian) August 6, 2014 I tried to confront Soghoian over his disgusting anti-Semitic smear against me:

— Yasha Levine (@yashalevine) August 6, 2014 But the ACLU's Soghoian brushed it off with snark:

— Christopher Soghoian (@csoghoian) August 6, 2014 And mocked me as a mentally ill paranoiac:

— Christopher Soghoian (@csoghoian) August 6, 2014 Only later, after getting his smears out of his system, Soghoian was finally able to formulate something of a critique. It boiled down to this: He did not like my article because it raised questions about Tor’s longstanding financial relationship with the US government's military-intelligence agencies—which he found irrelevant, allowing only for purely technical critiques as relevant:

“My beef is that your article has no solid technical criticism, but some hand waving about funding. There are so many things you could have nailed Tor for, but instead, you went for lazy low hanging fruit about funding.”
What were these many things I could have nailed Tor for? Well, he was helpful enough to give me a couple of suggestions:
“There are many things about Tor to worthy of criticism: A crappy user interface, no auto security updates, no browser sandbox. Your attacks against Tor's state dept funding, or Roger's summer internship in college at the NSA, are stupid though.”
Yes, what sane journalist would care that Tor was created by military intelligence, is currently funded by the government and is almost certainly a giant honeypot. That’s all secondary and “low hanging fruit” compared to the big giant issue of our day: Tor’s crappy user interface.

I thought I'd seen it all when an ACLU technology celebrity took to hurling anti-Semitic smears against my reporting. Until last week. That's when the Los Angeles Review of Books published an article by a computer researcher/privacy activist named Harry Halpin. The article purported to be a review of Julian Assange’s new book, "When Google Met Wikileaks"—but in the middle of his review, Halpin went off on a longwinded tangent attacking me. He called me a conspiracy theorist for reporting on Tor's government funding, and falsely accused me and PandoDaily of being funded by the CIA:

If Levine is looking for a pot of magical money that has not been touched by the evils of this world, he could always look at his own employer PandoDaily. Levine and PandoDaily are publicly funded by Greylock Partners, who are senior partners with the [sic] In-Q-Tel, the venture capital wing of the CIA. So, the CIA funded Yasha Levine when he exposed that the State Department funded Tor in order to defend CIA agents. The problem with conspiracy theories — including any analysis of conspiracies as networks — is that one immediately runs up against the incommensurable reality of late capitalism: everything is actually connected.
Halpin later admitted that he lied about the CIA-Pando link, saying he did so in order to "prove" a larger point: that investigative journalism that follows the money—like reporting on Tor's government financing—is nothing but useless conspiracy mongering. Why? Because everything is "connected" so it's just silly (and a bit crazy) to make a connection between funding and influence. Halpin's editor added two corrections to the piece, including rewording my alleged CIA link to read "So one could argue that the CIA funded Yasha Levine..." And, yes, one could argue that, assuming one was happy to fabricate facts from whole cloth.

As it turned out, Halpin, like the Tor developers and their defenders, had other reasons to try to discredit reporting on funding and conflicts-of-interest.

Halpin is the president of LEAP, a small privacy/encryption outfit that gets most of its funding from various government sources—including more than $1 million from Radio Free Asia's "Open Technology Fund." This fund just happens to be a major financial backer of the Tor Network; last year alone, the Open Technology Fund gave Tor $600,000. The fund also happens to be run out of the Broadcasters Board of Governors (BBG), an old CIA spinoff dedicated to waging propaganda warfare against regimes hostile to US interests. The BBG—which until recently was called the International Broadcasting Bureau—has also been one of the biggest backers of Tor going back to 2007.

So... Halpin attacks me for reporting on Tor’s conflicted government financing—getting money from the very entities Tor purports to protect the public from—while his privacy startup is funded by same government agency that funds Tor. And in one of the craziest twists, Halpin—who lied about my and Pando's CIA ties—turns out to be funded by an organization that was founded by the CIA. No "one could argue" about it. It doesn't get more absurd than this—or more unethical.

When the attacks first started a few months back, I had thought maybe they were driven by a petty defensive reflex: Many were vocal and public supporters of Tor and recommended it to others as an effective tool to protect them from government surveillance. Perhaps the article made them look or feel stupid — after all, no one likes being outed as a sucker. But as the attacks on my article rolled on, month after month, I began to realize there was something more going on, for the oldest reason in the books: self-interest, and money.

Most of the privacy activists who attacked my reporting had spent their careers moving through the same tight circle of advocacy groups, think-tanks and nonprofits—all funded by the same small network of government and corporate foundations that fund Tor: Radio Free Asia, State Department, Google, Peirre Omidyar, Ford Foundation. These were people circling the wagons and protecting themselves by smearing critical reporting on Tor's funding.

Take EFF's Jillian York. After continuously mocking and playing down concerns about Tor's funding, York penned an article—"Why we need Tor now more than ever"—that hard-sold Tor as the best and most urgent way for users to protect themselves from government Big Brother surveillance. York made no mention of the government's ongoing sponsorship of Tor; instead she misrepresented Tor as  totally independent since 2006. Without elaborating, she claimed that it "receives funding from a range of sources, including individual donors":

Initially developed by the U.S. Naval Research Laboratory and DARPA, Tor (which originally stood for “the onion router”) is free software that enables anonymity and censorship circumvention. Since 2006, the Tor Project has operated as a nonprofit organization based out of Massachusetts; it receives funding from a range of sources, including individual donors. Karen Reilly, the Tor Project’s development director, told me that since the organization enabled donations with Bitcoin—the peer-to-peer payment system that allows users to send money anonymously—the organization has seen an uptick in donations, an unsurprising development given their user base.
This is crude sophistry that does a disservice to York's readers. Sure, Tor might receive funding from a "range of sources," but the overwhelming majority of Tor's funding comes from just one: the United States Government, which has continued to provide anywhere from 70 to 100% of Tor's annual budget since 2007.

Jillian York, of all people, should know better. Her employer, EFF, is one of the biggest promotors of Tor. It was also an early financial sponsor, and was instrumental in helping Tor transition from a US Navy project to an “independent” organization back in 2004. EFF even shares two corporate funders with Tor: Google and the Omidyar Network. Even more importantly: Jillian York sits on the advisory council of Radio Free Asia's "Open Technology Fund," the federal government entity and a major backer of Tor that also funds LARB book reviewer Harry Halrin's company.

Morgan Marquis-Boire, the First Look Media techie who called me a conspiracy theorist for investigating Tor’s funding, is another prime example. Marquis-Boire is listed as a “special advisor” to EFF; he's also a longtime researcher at Toronto-based Citizen Lab, a forensic tech outfit backed by Google, Ford Foundation, George Soros’ Open Society Institute, Palantir and Canada's version of USAID. Citizen Lab is also a close partner of Radio Free Asia’s “Open Technology Fund.” Before taking his current job with Omidyar, he was on Google's payroll.

Then there’s ACLU’s Christopher Soghoian, who compared my Tor reporting to deadly anti-Semitic propaganda. Soghoian has been dubbed the "Ralph Nader for the Internet Age" by Wired, but it's a curious analogy. Nader's fame came from fighting corporate power and greed; but Soghoian has spent his entire career sucking from the corporate teat, indiscriminately moving from one oligarch's foundation to another: graduate school scholarship from Google in 2006/2007; the Koch brothers’ Institute for Humane Studies, chaired by Charles Koch himself, in 2008/2009; fellowship at Harvard’s Berkman Center for Internet & Society, an outfit funded by the State Department, USAID, Soros, Google, Omidyar, and so on; Soros Open Society fellowship in 2011/2012; TEDGlobal Fellow in 2012, funded in part by Amazon billionaire Jeff Bezos; and most recently, a fellowship at Yale Law School's Information Society Project, which is funded by Google, Ford Foundation, Soros, Microsoft and many many more.

Not surprisingly, Soghoian's policy work on privacy and encryption argues that markets are the solution to online privacy and surveillance problems, not laws, regulations or politics. In a recent paper published in the Harvard Journal of Law and Technology—which was co-authored with a former-prosecutor-turned-lobbyist—Soghoian argued that encryption technology, not regulations, was the only thing that could effectively protect Americans from surveillance:

"communications of Americans will only be secured through the use of privacy enhancing technologies like encryption, not with regulations prohibiting the use or sale of interception technology."
No wonder all these people are so upset by my reporting. They've branded themselves as radical activists fighting The Man and the corporate surveillance apparatus—while taking money from the US government's military and foreign policy arms, as well as the biggest and worst corporate violators of our privacy. By branding themselves as radical activists, they appear to share the same interests as the grassroots they seek to influence; exposing their funding conflicts-of-interests makes it hard for them to pose as grassroots radicals. So instead of  explaining why getting funding from the very entitities that Tor is supposed to protect users from is not a problem, they've taken the low road to discredit the very idea of reporting on monetary conflicts-of-interests as either irrelevant, or worse, a sign of mental illness.

Who would've thought that many of the people we've entrusted with protecting our online privacy have the same values as sleazy K Street lobbyists.

[Illustration by Brad Jonas for Pando]