Surveillance Valley

Just read Yasha Levine’s Surveillance Valley. There was a lot more new information than I was expecting but also a lot of “guilt by association” arguments and some interpretations I found a bit sketchy. Curious if anyone else has read it and what they thought. The book has two main sections.

First: the proto-history of the internet in ARPA was tied closely to concrete surveillance usecases. We usually tell the ARPANET story as an independent research arm within ARPA, but he shows that this is something of a myth – from the very beginning the intelligence community was using it to build linked databases of domestic surveillance (eg their dossiers on Vietnam War protestors). This surveillance use was recognized by the anti-war left at the time – there were large protests at MIT and Harvard against these projects. This has largely dropped out of our collective memory.

Second, and more interesting: the recent wave of anti-surveillance feeling, and the way it has centralized around Tor and Signal. The ultimate puzzle he is trying to unravel is: “privacy activists claim that Tor and Signal break the surveillance power of governments and large internet corporations. So why do those institutions support those tools and advocate their widespread use?” Specifically, the US government is a major funder of both, through a variety of entities such as OTF and the Broadcasting Board of Governors. He spends much less time discussing the large tech companies, but treats them by-and-large as collaborators with government surveillance, and makes that case pretty strongly and well.

(He also spends a lot of time in this section detailing how his previous investigations into these issues led to him being harassed online by privacy activists.)

His answer has three main components.

Answer 1: technical reasons. Tor was created as a DARPA project for spy communication – but the developers quickly realized that they would need lots of non-spy activity on Tor for the spy activity to blend into the background, which is why they opened it up and continue to fund it and advocate for it.

Answer 2: influence. The funding relationship allows the government to exert influence on these organizations, get advance notice of vulnerabilities and roadmaps, shape the direction and steer them away from things that are actively dangerous to the handlers. Somewhere in here is the possbility of backdoors, which I can’t really assess the evidence for. Part of this explanation is that by supporting a highly visible but secretly defanged privacy movement, they reduce the pressure that might otherwise cause trouble for them.

Answer 3: use of these systems as a tool to destabilize enemy regimes – the USG funds privacy training for political activists across the world, and advises them to use Tor and Signal. This is not exactly hidden – the OTF’s Wiki page cites its mission statement as wanting to “support projects that develop open and accessible technologies to circumvent censorship and surveillance, and thus promote human rights and open societies”. The extent of the activities that we’re supporting likely go deeper – we’re not above a little violent regime change – but this goal is out in the open.

There are a lot of interesting issues raised here, and the facts in this book are painstakingly documented. But ultimately I wonder if he’s seeking too consistent an explanation, in the vein of conspiracy theorists who need a simple causal pattern to explain a wide variety of events. He seems to think that “Google” and “the US government” are monolithic entities with a single volition, whose actions must be somehow consistent – this is of course not the way these institutions work, especially when it comes to the intelligence community. The story he tells (especially Answer 2) complicates and punctures the self-aggrandizing, radical-aesthetic narrative in the privacy community. But I don’t think this is as big a puzzle as he makes it out to be.