Former TOR head now working for intelligence contractor that protects companies against TOR
About a year ago, Pando’s Yasha Levine published an exposé on the Tor project’s deeply conflicted relationship with a number of US national security state agencies, including branches of the Pentagon, the State Department, and some old CIA cutouts.
As we subsequently reported, one of Tor’s own senior developers responded to that article with a vicious, bizarre and relentless online harassment campaign in which she and others repeatedly libeled and threatened Levine and other staffers at Pando. By December of last year, the online harassment campaign had reached new levels of craziness, including planting defamatory articles about Levine in the Guardian and the Los Angeles Review of Books, both of which had to be retracted.
Fortunately there was one person at Tor who claimed to want no part of the harassment campaign: executive director, Andrew Lewman. After we reported on the behavior of Tor developers, Lewman contacted Pando editor Paul Carr to try to bring some sanity to the debate over Tor’s conflicted financial relationship with the US government military-intelligence complex. Lewman told Carr that, while he disagreed with Pando’s articles critical of Tor’s government financing, Tor respected the value of critical investigative journalism. Most importantly, Lewman told Carr that Tor’s senior leadership in no way supported smear campaigns against journalists.
Sure enough, Lewman later confirmed he was personally overseeing an internal investigation into the Tor developer who had led the campaign against Levine. A campaign that was most likely illegal under US laws that ban organizations funded by the US State Department and CIA from being used to influence domestic American opinion and domestic journalism. Specifically, the law still states that “no funds” from the US State Department and the Broadcasting Board of Governors “shall be used to influence public opinion in the United States.” Tor receives millions of dollars in funding from both the State Department and the BBG, which started out as a Cold War CIA propaganda cutout.
Lewman concluded his investigation but before he could make the results public, the Tor Project suddenly announced that Andrew Lewman had resigned to join an unnamed “internet services company.” Around the same time, Tor announced it had hired a leading public relations firm, Thomson Communications—whose clients include NSA partner Verizon—to handle Tor’s PR problems. The internal investigation was quickly buried.
Earlier this month, we finally learned the name of this mysterious “internet services company” that Lewman has joined: San Mateo-based Norse, which describes itself as “the global leader in live attack intelligence.”
Actually, it goes further than that. According to Norse’s about page:
WE’RE KIND OF SPOOKY
A bunch of our folks cut their teeth at one or another of those three-letter government agencies, or proudly served in the armed forces. We know this business, from the front-lines application of human counterintel, to signals intelligence to the vanguard of cyber intelligence collection from the darkest corners of the Internet.
That’s right, after objecting to Pando’s reporting on Tor’s ties to US government spooks, executive director Andrew Lewman quit to join a private intelligence contractor that boasts of its ties to “three-letter government agencies.”
Among the spookiest of Norse’s top team members is board director Robert Lentz, former Chief Information Security Office for the US Department of Defense where he headed the Pentagon’s cybersecurity program. According to his Norse bio, Lentz’s 34-year career included stints in top DoD agencies as well as the National Security Agency. Norse co-founder Tommy Stiansen boasts that he served as a Homeland Security cybersecurity consultant during the Bush years, while the company’s Chief Security Strategist, Brian Contos, boasts of his work for the Defense Information Systems Agency (DISA)—which handles communications for the executive branch and military. Contos also co-authored a book with the former deputy director of the NSA, William Crowell.
Lewman’s move from Tor — another government funded three letter agency — to Norse is even more peculiar when you consider the company boasts of being the leading monitor of and defense against attacks from the Dark Net. The very same Dark Net that runs in large part on Tor.
In other words, the US government funds Tor which, while headed by Andrew Lewman, helps create and exacerbate the Dark Net crime problem; which Norse then offers to solve, counting several US government agencies among its clients. What a great business that is: where you create the problem via a government-funded non-profit, and then also create the for-profit solution, pocketing profits off government contracts on the other end.
Still, to some national security commentators, Lewman’s new job is just business as usual. Journalist Tim Shorrock, whose book Spies For Hire uncovered the extensive cronyism between the NSA and private military-intelligence contractors, tells Pando,
“Lewman’s move to Norse is all too typical of the defense and intelligence contracting industries. But it raises serious questions about Tor and the claims from privacy advocates that Tor’s government funding is nothing to worry about. People like Lewman are valuable to intelligence contractors precisely because of their institutional knowledge of how spying and surveillance works. Among Tor’s funders are DARPA, which funds all kinds of secret NSA projects, and SRI, a company that specializes in signals intelligence. It’s clear from the Norse website and its descriptions of its own work that it has extensive and deep ties to US intelligence agencies, particularly NSA. Did Lewman maintain these contacts while he ran the Tor network? I’d certainly want to know that if I was using Tor to protect myself from the prying eyes of US intelligence.”