A woman holds up a sign at a support rally for Edward Snowden, a former contractor at the National Security Agency (NSA), in New York June 19, 2013. © Eric Thayer / Reuters
The Tor Project, hailed as a bulwark against the encroaching surveillance state, has received funding from US government agency the BBG and cooperates with intelligence agencies, newly released documents reveal.
Tor, free software which enables anonymous communication over the internet, is a “privatized extension of the very same government that it claimed to be fighting,” claims journalist Yasha Levine, who obtained 2,500 pages of correspondence about the project via Freedom of Information Act (FOIA) requests.
Hailed as “NSA-proof” and used by journalists and whistleblowers alike to protect themselves and their sources from government retribution, Tor is painted in an entirely new light in the FOIA documents, which reveal cooperation between the software’s developers and US government agencies.
The documents released by Levine mostly focus on how Tor received funding from the Broadcasting Board of Governors (BBG), which supervises Washington-funded media, including Voice of America and Radio Free Europe/Radio Liberty. But they also tell a story of how employees of the non-profit met regularly with the Department of Justice, the FBI, and other three-letter agencies for training sessions and conferences, where the agencies pitched their software needs, the documents show.
Commenting on the potentially explosive contents, Levine wrote in a blog post published on his website: “Why would the US government fund a tool that limited its own power? The answer, as I discovered, was that Tor didn’t threaten American power. It enhanced it.”
According to Levine’s research, Tor received “almost 100 percent” of its funding from three US government agencies: the Navy, the State Department, and the BBG. In collaboration with government agencies, Tor even drew up plans to deploy their anonymity tool to countries that Washington was actively working to destabilize – including China, Iran and Russia.
Although Levine claims there was never any doubt that Washington had repurposed Tor as a “foreign policy weapons” – arming foreign dissidents with the power to communicate anonymously – he says that his document cache shows “collaboration between the federal government, the Tor Project and key members of the privacy and Internet Freedom movement on a level that was hard to believe.”
Crucially, the FOIA documents also cast doubt on Tor’s ability to shield its users from government spying. Although there’s no evidence of Tor employees providing the US government with a direct “backdoor” to the software, the documents do show that Tor has “no qualms with privately tipping off the federal government to security vulnerabilities before alerting the public, a move that would give the feds an opportunity to exploit the security weakness long before informing Tor users.”
Levine, who says he used many of the documents in his book on “how privacy technology evolved into a tool of military and corporate power,” now hopes that the released FOIA files will be analyzed by journalists and historians who “will make use of this information to explore the relationship between privacy technology, government power and Silicon Valley economic dominance.”
The alarming revelations from Levine’s data dump are not the first to have implicated Tor in plotting with the US government, however. In 2016, a Tor developer was caught creating malware for the FBI to help the agency spy on users of the supposed anonymity tool.
The Tor browser was launched in 2001, using the so-called “onion routing” technology to provide anonymity while communicating over a computer network. Onion routing was developed and patented by the US Navy back in 1998 and its code was later released as an open-source. It relies on sending an encrypted message through multiple network nodes, each of them “peels” off a layer of encryption, sending the data further. The technology is supposed to ensure that each single node of the network is not aware of where the encrypted message is from or going to.