Interview with Cindy Cohn, EFF Executive Director

Many thanks to Cindy Cohn for her willingness to speak out on behalf of Tor, an invaluable tool for the defenders of human rights!

As we all know, Tor is unfortunately is on the receiving end of a seemingly unending stream of "bad press" in the US mass media, not to mention official invective associated with the "Going Dark" FUD punted by the leaders of such agencies as DOJ and FBI. The interview above is a rare example of a counterattack in the public sphere, but I fear no-one outside the Tor community will read it unless TP and EFF try to make our side of the story more widely available.

I would like to urge Tor Project, EFF, and Citizen Labs to consider joining forces to pursue four projects which involve reaching out to US politicians such as Washington Senator Maria Cantwell:

First, please try to ensure that Congress is aware of the positive role played by Tor in protecting activists, dissidents, human rights researchers, and whistle-blowers around the world.

Second, please try to ensure that Congress is aware of the negative role played by the rapidly growing cyberwar-as-a-service industry, which includes such notorious malefactors as Hacking Team, Gamma Group, NSO Group, and Dark Matter. Please try to ensure that they are aware that these companies are actively hiring form NSA/TAO and Unit 8800 (Israeli equivalent of NSA/TAO) operatives, and are attacking Americans in the USA who are opposed to human rights abuses by such countries as Saudi Arabia.

Third, please try to ensure that Congress is aware of the horrific potential for harm which is presented by machine learning (mis)-informed by Big Data repositories, in connection with "the New Jim Crow" and the kind of horrifying technologically sophisticated population control system ("social credit") being created (with the help of American companies) in China.

Please make sure they know that a similar system is not only possible in the US, it is inevitable unless Congress takes a hard look at the tales they are being told by companies such as Amazon, Facebook, Google, IBM, and Microsoft, which hope to profit by making self-serving and greatly exaggerated claims that machine learning informed by Big Data repositories holding (for example) the medical files of every American citizen, or the social media posts of every American student, can "cure cancer" [sic], "eliminate mental illness" [sic], "improve educational outcomes" [sic], "eliminate traffic congestion" [sic], "eliminate human trafficking" [sic], "eliminate cyberbullying and school shootings" [sic], and "prevent terrorism" [sic]. Deep Blue might be good at solving chess problems but the social woes just mentioned are not artificial and are for more complex.

Please try to ensure that Congress is particularly wary of particularly insidious population control schemes which USG has been developing for some decades, which go far beyond China's hideous "social credit" system, which consist of the following stages:

Stage One: "collect it all" about every American, using both government and corporate systems which collect and store all the "data exhaust" emitted by everyone alive.

Stage Two: amalgamate this data in huge databanks sourced from literally hundreds of government and corporate sources, including public school agencies, medical insurers, medical providers, data brokers, real-time bidding companies, brokers who collect (from their telecom partners) and sell real-time geolocation telecom data, credit agencies, police agencies, and a host of federal agencies such as NSA, FBI, and even CIA.

Stage Three: construct elaborate supercomputer models of the populations of entire major US cities, in which every resident is individually represented, together with their relationships with family, friends, employers, schools and local government agencies, plus their personal financial, educational, medical, housing, travel, and communications histories (to give an idea of the level of detail, these systems aim to know not only when and where parents drop off their children at school but route they drive, even the path they take when they walk the dog). The models also incorporate various alternative government actions, everything from PSAs to new administrative rules or new laws, or even actions targeting particular persons such as prominent political dissidents.

Stage Four: trial various alternative actions by the government in runs of the computer models, and choose the one which best meets some governmental objective (such as maximizing tax revenues, or minimizing political dissent).

Please suggest that Congress contact scientists employed by the US National Labs which have played a leading role, together with public/private partners such as the Santa Fe Institute, in developing these population control systems, in great secrecy. Please see in particular an tragically overlooked story published by Wired which offers a strong hint at what these systems are capable of doing to each and every citizen:

https://www.wired.com/story/scientists-know-how-youll-respond-to-nuclea…
Scientists Know How You’ll Respond to Nuclear War—and They Have a Plan
Using data from smartphones, satellites, remote sensors, and census surveys, modelers can create synthetic populations—and watch what they do in a disaster.
13 Feb 2018

This story only discusses the potential benefits of such computer models, but EFF should immediately appreciate the enormous potential dangers, particularly in the hands of someone like President Trump (or President Putin or President Xi.) Please note that the story suggests that some of the people who have been doing this kind of modeling for entities such as LANL are finally willing to speak out in public, at least about the potential benefits. But they should be called before Congress to testify about the all too plausible malicious uses of these vastly powerful systems for behavioral prediction and social control.

Fourth, please urge Congress to encourage the growth of a privacy industry.

Why are medical providers still relying upon unencrypted fax machines to share personal medical files, rather than using tools such as OnionShare which are no harder to use (and less expensive) than fax machines?

Same question for law offices, government officials, political parties, and most journalists, regarding other extremely sensitive personally identifiable information.

Why are such useful accessories as Faraday bags (for smart phones) so hard to obtain? Why are such horridly unsafe products as Amazon Ring and similar "home security systems" [sic] which rely upon insecure WiFi or even worse "cloud hosting" (shudder) the only game in town?

More generally, why are consumer devices designed using the sensible principle "do one simple thing and do it very well" (thank you, UNIX) impossible to find? A good example would be clocks which lack cameras/mics or any physical capability to transmit signals, but which receive over the air federal time signals--- such devices are invaluable in case of blackout and very useful for anyone using a Tor client running on a device with an imperfect system clock, but are virtually unobtainable in "big box" consumer electronics stores. Faraday bags are another item which would surely sell well if they were only readily available.

(I suspect that the answer to all my "why" questions is that Big Tech is well aware that they can make far more profit by spying on everyone than by helping anyone to make surveillance capitalism less easy or less profitable. Indeed, Amazon itself is already enjoys a virtual monopoly as retailer of consumer electronic items, and openly aims to become a monopoly on groceries and other household essentials as well. Congress talks but does nothing, because Amazon lobbyists come calling with huge campaign contributions. But maybe, just maybe, if EFF and Tor Project come calling to, some in Congress maybe willing to hear from those who are willing to speak up for the voiceless majority of citizens who are economically excluded from having a say in the American legal and political systems.)

Home security systems should not use WiFi and certainly should not be cloud based, because of the danger that cameras will be turned against the home owner, or used to harass entirely innocent passersby. The industry trend towards making everything IoT capable, equipped with hidden cameras/mics or WiFi radios, or cloud hosted is utterly insane from the viewpoint of cloud security.

Far from opposing strongly encrypted private messaging, Congress should seek to ensure that safe and reliable strongly encrypted communications are readily available to every American.

I know I am asking a great deal from three overworked and under-resourced groups, but I believe that all of these projects are extremely urgent and very much in vital interests of all North Americans (and all citizens of every other nation). One lonely voice is not enough, however well-informed, to counter the self-serving lobbying of vastly wealthy corporations such as Amazon, Facebook, Google, IBM, and Microsoft.

One simple task which I believe would be very helpful in countering the endless bad press targeting Tor with unfair accusations of responsibility for everything from human trafficking to incidents of swatting: the essays published in this blog during this and previous year-end fund-raising campaigns can do invaluable service in journalists and education decision makers about the positive role played by Tor in so many things connected with human rights, civil liberties, and social justice movements which aim to combat such threats as economic inequality, the dehousing crisis, militarized policing, nuclear weapons, failing states, criminal cartels and warlordism, famine, civil wars, mass migrations, and climate change. Accordingly, I ask TP to collect them and feature them prominently in the home page, www.torproject.org

@ readers: please join me in support Tor Project, Tails Project, and EFF!

I have the perfect real-world metaphor for legally mandated "backdoors" in Tor and other privacy-protecting software:

Imagine a physical door lock, widely sold to American homeowners, and particularly marketed to American landlords at "low low rates" made possible by secret financial assistance (to the lockmaker) from FBI and other LEAs, which has a covert feature of great convenience to entities such as intelligence agents and cops (and landlords) who wish to enjoy convenient covert access at any time to any home or apartment: if you insert any key (not necessarily the unique key which the homeowner or tenant possesses and mistakenly believes is the only one which will open the door) and wiggle it just right, the entire lock cylinder comes right out. Boom! Free access to someone else's home or apartment, no warrant or legitimate key possession required.

Now imagine that such "locks"--- the scare quotes are appropriate because any "lock" which has a built-in "defeat mechanism" is worse than no lock at all, because it offers ordinary citizens a very false sense of security in their own home--- are not only widely available but are actually required by law. Does the legal mandate for convenient LEA/landlord make you feel safer? Really? Did you forget about the friendly neighborhood drug dealer a few houses down? Want him to have easy access to your home too?

If it sounds like I am describing an actual physical door "lock" above, that is because I am.

I doubt that, in this context, I need to offer any explanation of the analogy between physical front door "locks" and a "backdoored" Tor. But see also this highly relevant story:

theguardian.com
Popular chat app ToTok is actually a spying tool of UAE government – report
Government reportedly uses ToTok to track conversations, locations and other data of those who install the app
Associated Press
23 Dec 2019

> A chat app that quickly became popular in the United Arab Emirates for communicating with friends and family is actually a spying tool used by the government to track its users, according to a New York Times report. The government uses ToTok to track conversations, locations, images and other data of those who install the app on their phones, the Times reported, citing US officials familiar with a classified intelligence assessment and the newspaper’s own investigation.

Just to be clear: I trust TP's assurances that Tor has not been "backdoored", because if we cannot trust Tor, we cannot trust anyone. But I am concerned that Tor consistently fails to address a possibility which is far more likely that NSA attempting to insert backdoors directly into the Tor code itself, namely: NSA and other adversaries may well attempt to covertly mandate weaknesses in pseudorandom number generators, NTP, OSCP lookups, gedit, or other code which is used by Tor and/or Tails but which is not developed by Tor Project or Tails Project coders, but by "upstream" providers. I note that while the "millions of eyes" which some claim (ludicrously) are constantly fixed upon all open source software may be able to detect some obvious "backdoors" inserted into code, very few are likely to spot subtle cryptographic flaws in a pseudorandom number generator.

I hope that if the day comes that TP receives a legal order from USG requiring that TP knowingly accept backdoors--- including subtle flaws in "upstream" provided pseudorandom number generators incorporated into Tor--- that Tor will immediately violate any gag orders, contact the press, move outside the US, and continue to offer unbackdoored Tor.

Please, never forget the principle that a misleading assurance of false security is always even more dangerous than a knowing lack of security.

>> medical insurers, medical providers

Like USG, HMG (the government of the UK) collects the medical records of all Britons, and has for some years been planning to quietly sell these. There was a huge public outcry after their initial plans were revealed (thank goodness for journalism!), but now they are trying again:

Revealed: NHS England bosses meet with tech and pharmaceutical giants to discuss price list of millions of Brits' medical data
Nine 'commercial models' to access central database mulled at hush-hush meeting
Paul Kunert, UK editor
12 Dec 2019

> Exclusive Talks to package millions of British medical records into a vast, commercially valuable database that may then be sold on are already underway between NHS England bosses and global giants, documents exclusively obtained by The Register show. Last month, a cache of leaked files emerged into public view, detailing post-Brexit trade negotiations between Britain and the United States in which access to the UK's national health service was said to be on the table. Now, hush-hush files and presentation slides seen this week by The Register reveal discussions are already in progress over the future use of patients' personal records and related information, said to be valued at roughly £10bn a year.

Americans wondering who is supposed to pay for the gigantic Drump tax cuts will no doubt get the point. It is surely not a coincidence that a major "consumer on-line privacy bill" called COPRA which has been placed before the US Senate (but has no chance of advancing in this session), which EFF cautiously endorsed, appears to entirely overlook such enormous state-sponsored databreaches of one of the most sensitive categories of personal information concerning residents of the USA:

eff.org
Sen. Cantwell Leads With New Consumer Data Privacy Bill
Adam Schwartz
3 Dec 2019

> There is a lot to like about U.S. Sen. Cantwell’s new Consumer Online Privacy Rights Act (COPRA). It is an important step towards the comprehensive consumer data privacy legislation that we need to protect us from corporations that place their profits ahead of our privacy. The bill, introduced on November 26, is co-sponsored by Sens. Schatz, Klobuchar, and Markey. It fleshes out the framework for comprehensive federal privacy legislation announced a week earlier by Sens. Cantwell, Feinstein, Brown, and Murray, who are, respectively, the ranking members of the Senate committees on Commerce, Judiciary, Banking, and Health, Education, Labor and Pensions. This post will address COPRA’s various provisions in four groupings: EFF’s key priorities, the bill’s consumer rights, its business duties, and its scope of coverage.

Some Americans may believe that their medical records are strongly protected by the HIPAA law, but that law has been burdened with several enormous loopholes which Sen. Cantwell (who some regard as "the senator from Microsoft"--- Microsoft Azure holds and trawls a vast number of medical records of residents of Washington state) has carefully ignored for many years. Possibly the two most dangerous loopholes are exceptions for "researchers" (an undefined term) and a second undefined term which allows trawling psychotherapy case notes (summaries of what a patient told a psychologist or psychiatrist in each session) simply by calling them something other than "psychotherapy case notes".

By the way, another source of data in Stage Two is US Census data. Charming.

>> brokers who collect (from their telecom partners) and sell real-time geolocation telecom data,
nytimes.com
How to Track President Trump
Stuart A. Thompson and Charlie Warzel
20 Dec 2019

> If you own a mobile phone, its every move is logged and tracked by dozens of companies. No one is beyond the reach of this constant digital surveillance. Not even the president of the United States. The Times Privacy Project obtained a dataset with more than 50 billion location pings from the phones of more than 12 million people in this country. It was a random sample from 2016 and 2017, but it took only minutes — with assistance from publicly available information — for us to deanonymize location data and track the whereabouts of President Trump.

The accompanying graphics showing actual tracks of USG officials is quite impressive.

If the Times hides behind a paywall, you can get the gist from

theregister.co.uk
Tracking President Trump

> The scale of the cellphone-location data market was on show this week when the New York Times obtained a three-year-old database of 50 billion phone location pings for more than 12 million Americans. The journalists analyzing the data found one phone that appeared to belong to a Secret Service agent on President Trump's team, and showed the course of the agent's progress during a trip to the commander-in-chief's Mar-a-Lago resort, then to a golf course where Trump was playing golf with the Japanese prime minister. The NYT team were able to track other phones into Congress, the Pentagon, and many other sensitive areas. By following where the phones spent the night, they could also get a good idea of a target's home address and when they were out.

A brilliant example of data journalism, exposing both the ease of "re-identification" and the ease with which nongovernmental entities (such as the Trump re-election campaign) can acquire vast geolocation databases.

> national security surveillance, and ineffective legal and technical protections

The buzzword, "national security," is all too often simply a euphemism for the whims of plutocrats. To workers in law enforcement, think of who you're actually protecting and serving when someone gives you orders.

Second, laws are just promises that people in power make to people they rule over. Promises are easily broken. They aren't cryptography. They aren't math. They aren't physics. They're just words -- rhetoric occasionally called on to justify top-down action or inaction. And despite the trappings of legislative assemblies, the powerful people who write and amend laws are not always elected.

Double standards in practice, secret courts, rubber stamps, mission creep, unthinking paper-pushing cogs in a machine...

> would-be dictators know that they have to prevent the people from being able to speak and learn things confidentially.

Those types of leaders, appointed or elected, never think they will be targeted by regime systems they establish and institutionalize against other people. And if those systems were in place when they ascended to leadership, they dilute or bury every attempt to undo or reform their status quo until the status quo threatens them personally, and sometimes not even then.

> advocates and developers... ultimately will have to address the need to re-decentralize the internet. We need to be ready and build out alternatives.

Distributed, trustless protocols on the lowest layers possible. centralized < decentralized (federated) < distributed. I sometimes hear about small groups that try to tackle the work, but many fade away. Tim Berners-Lee is one of the people advocating for working on it. Much of the attention today is on blockchains however.

Paul Baran's RAND-published September 1962 justification for distributed communications networks: https://friend.camp/@darius/102259810212340922

> We need to build a world where everyone has free (as in speech) access

We need access to be virtually free "as in beer" too. Internet is practically expected and required for many national government services. Taxes, banking, shopping, and monthly bills pester customers to "go paperless". Teachers throughout grade school assign and collect homework on school websites. If society's institutions depend on everyone having internet, it needs to be a public utility like electricity, water, sewage, heating gas, trash removal, and so on. However, reclassifying it as a utility could regrettably pressure it to centralize as public utilities are, as if it isn't almost centralized by private mergers already.

> A world where our technology, whether as simple as an email or as complex as an AI system, is trustworthy and loyal to us.

Email can't really be fixed. It was flawed from the beginning because developers never thought of privacy. But protocols "as simple as" email submitted for approval as standards in the future have the chance to implement trustless, distributed privacy from the ground up.

Talking about AI systems "trustworthy and loyal to us", have a look at https://github.com/home-assistant/home-assistant