a slight return to surveillance valley, with kit klarenberg

Signal, the ‘encrypted messenger of the future,’ has shady links to US national security interests
Kit Klarenberg, RT.com, Jan 27 2021

On Jan 4, WhatsApp announced sweeping changes to its privacy policies, affecting the vast bulk of its approximately two billion users globally. The poorly explained rules were interpreted by many as proof that the messaging service was about to commence sharing users’ private data, including their conversations, with parent company Facebook, and in response millions the world over began flocking to alternative messaging services that offered end-to-end encryption. The most common destinations for WhatsApp exiles were, and remain, Signal and Telegram. For reasons unclear, while available figures suggest the latter has to date received many orders of magnitude more fresh arrivals than the former, corporate news outlets have overwhelmingly focused on Signal’s surging intake. Much of this coverage has been highly approving; for instance, The Guardian published a lengthy explainer on Jan 24 titled “Is it time to leave WhatsApp, and is Signal the answer?” The headline was answered very much in the affirmative, to the extent that readers were offered advice on persuading their contacts to likewise make the switch. The media’s damascene conversion to the cause of encrypted communication is rather incongruous. With a few notable exceptions, mainstream reporting on encryption is typically neutral, if not outright condemnatory, the capability frequently framed as purposefully offering sanctuary to philanderers, drug dealers, paedophiles, assassins, and anyone with something sinister to hide in general.

Such perspectives strongly reflect the public positions of governments and security services worldwide, to which end-to-end encryption is by definition an extreme detriment, significantly curtailing the monitoring and collection of citizens’ communications. Privacy advocates contend authorities’ oft-expressed anxieties about encryption providing a “safe space” for criminals and the like are a cynical smokescreen to justify crackdowns on their usage and availability. Whatever the truth of the matter, efforts to restrict access to end-to-end encryption are demonstrably ongoing, but have predominantly gone largely uncriticized if not outright unremarked upon. Now though, news outlets seem widely gripped by encryption fever. In a palpable illustration of this abrupt paradigm shift, a mere three days before it effectively urged its readers to install Signal, The Guardian lambasted Facebook’s plans to implement end-to-end encryption across all its messaging platforms, on the basis that the move could harm efforts to reduce child exploitation.

Serious discussion of Signal’s history, and funding sources, has been entirely absent from the deluge of puff pieces on the platform to circulate far and wide in recent weeks – an omission perhaps predictable given the centrality of the US national security state to the app’s financing, creation and promotion. Signal was launched by now-defunct Open Whisper Systems (OWS) in 2013, brainchild of shadowy tech guru ‘Moxie Marlinspike,’ real name Matthew Rosenfeld. In February 2018, responsibility for managing the app passed to the nonprofit Signal Foundation, launched with $50 million in startup capital provided by billionaire former Facebook higher-up Brian Acton, the Foundation’s executive chair. OWS never published financial statements or disclosed the identities of its funders at any point during its operation, although the sums involved in launching and maintaining a messaging platform used by a vast number of people internationally over several years were surely significant.

Rosenfeld alleges the app “never [took] VC funding or sought investment” at any point during that time, and quite how much money was involved in total is a mystery. It’s clear though that at least $2.955m was provided by the Open Technology Fund (OTF) 2013-2016, and the organization’s website refers to Signal being “originally developed with OTF funding.” The site is also home to a dedicated OWS profile, which boasts of how the OTF “enabled the OWS team to continue providing Signal at no cost around the globe and adapt their operations for a growing user base.” The OTF was created in 2012 as a pilot program of Radio Free Asia (RFA), an asset of US Agency for Global Media (USAGM), which is in turn funded by US Congress to the tune of $637m/yr, in Aug 2018, its then-CEO acknowledged the outlet’s priorities “reflect US national security interests.” RFA’s own origins harken back to 1948, when National Security Council Directive 10/2 officially authorized the then-newly created CIA to engage in operations targeted at communist states, including propaganda, economic warfare, sabotage, subversion, and “assistance to underground resistance movements.”

The station formed a key part of this effort, along with Radio Free Europe and Radio Liberation From Bolshevism, later Radio Liberty. It broadcast unrelenting propaganda in China, North Korea, Vietnam and elsewhere. In 2007, the CIA’s official website stated these “psychological warfare” initiatives were among “the longest-running and successful covert action campaigns” the US ever mounted. After the CIA’s role was made public in the 1970s, Congress took over running and funding the stations, before in 1999 they were grouped along with other state-run media entities under the umbrella of the Broadcasting Board of Governors, USAGM’s forerunner. The launch of the OTF followed the US State Dept, then led by Hillary Clinton, pursuing an “Internet Freedom” policy, ostensibly an effort to develop tools to subvert restrictive internet policies. However, an extensive Jun 2011 NYT investigation pointed to a far darker raison d’etre, concluding that the endeavor was in fact an effort “to deploy ‘shadow’ internet and mobile phone systems dissidents can use to undermine repressive governments.” Among these assets were State Dept-funded “stealth wireless networks,” which would enable activists “to communicate outside the reach of governments in countries like Iran, Syria and Libya.” Reinforcing this conclusion, in Feb 2015 Jillian York, director of the International Freedom of Expression at the Electronic Frontier Foundation and an OTF advisory board member, stated that she “fundamentally” believed Internet Freedom was “at heart an agenda of regime change.” It may be no coincidence that Signal founder Rosenfeld previously created encrypted communications programs TextSecure and RedPhone, both featured in a Mar 2013 Gizmodo guide, “Which Encryption Apps Are Strong Enough to Help You Take Down a Government?”

USAGM is moreover evidently extremely proud of Signal, an official factsheet published Nov 2019 giving the app top-billing in a list of “tools supported by OTF.” The agency might be, given how popular it has become with dissidents overseas, including those in countries and regions of intense interest to Washington. For example, Signal became the messaging platform of choice for protesters in Hong Kong after its launch, just as the National Endowment for Democracy, the US government regime-change arm, greatly increased its direct and indirect support and promotion of activists and activist groups there. In an unexpected twist, in Jun 2020 funding for a number of USAGM projects was unexpectedly frozen, including OTF plans to directly aid protesters in Hong Kong, just as the administrative region prepared to implement a highly controversial and much-contested national security law. One was the creation of cyber-security incident response teams to analyze Chinese surveillance techniques in real-time during demonstration, and share relevant information directly with developers of secure communications apps, in order to circumvent crackdowns and restrictions. Another shelved initiative was a $500k rapid response fund in support of anyone subject to “digital attack” by authorities. Still, the next month Signal became the most-downloaded app in Hong Kong, the app’s official Twitter account resultantly boasting that unlike competitor Telegram, which had just announced it would cease cooperating with authorities’ requests for user data, “we never started turning over user data to HK police.”

There’s no suggestion whatsoever that any US security agency had a direct hand in crafting the app’s now world-standard encryption system, or plays a day-to-day role running the company. However, the same can’t be said of popular internet anonymity browser Tor, which is frequently recommended by privacy advocates in the same breath as Signal. First developed by US Naval Research Laboratory employees in the mid-1990s, Tor quickly caught the attention of the Defense and Research Projects Agency (DARPA), and since then has been almost entirely funded by US government entities, including the Pentagon, to the tune of tens of millions. Its original purpose was to shield clandestine government operatives from detection in the field, by insulating them from the inherently open nature of the internet, although the potential of Tor’s anonymizing powers to enable regime change in enemy countries wasn’t lost on its funders. Perhaps unsurprisingly, it’s also supported by the OTF, and features alongside Signal in the aforementioned USAGM factsheet. In Mar 2011, Tor developer Mike Perry conceded the browser may “unfortunately” not provide effective sanctuary from prying governmental eyes. He said:

Extremely well-funded adversaries that are able to observe large portions of the internet can probably break aspects of Tor and may be able to deanonymize users. Though I personally don’t believe any adversary can reliably deanonymize all Tor users. Attacks on anonymity are subtle and cumulative in nature.

Among the most well-funded “adversaries” of internet privacy are of course the NSA and GCHQ, and classified documents leaked by Edward Snowden in 2013 revealed the partner agencies devote considerable time and resources to attacking and undermining the service and its users. However, the papers also indicated the pair were keen not to discourage citizens from using Tor. After all, given that it congregates anyone and everyone with something or other to hide on a single network, surveilling their activities is made all the easier. So does Signal, and therein lies the rub.

One Comment

  1. anon
    Posted January 27, 2021 at 11:19 pm | Permalink

    “Something to hide” is a canard that essentially recycles CIA 90s clipper chip propaganda, and it’s unfortunate that Klarenberg ends a more-or-less useful article with that brain fart. Klarenberg’s shtik here replicates Yasha Levine’s FUD argument. We know why criminal government enterprises need anonymity – to conceal the gravest crimes. But the tacit non sequitur is that the government will poke holes in its own OPSEC. If Klarenberg or Levine think it’s backdoored, show us the backdoor – the code is open source. Never got an answer from Levine. Levine’s best point is catching Tor devs sitting on vulnerabilities. That’s not a smoking gun because it might reflect resource allocation decisions. Somebody should ask Jacob Appelbaum if he saw anything.

    Systemic attacks like Carnegie-Mellon’s snitch nodes are a known and manageable risk, and in any case not a reason to go naked instead. If Klarenberg’s kind of reasoning scares you, the thing to do is use privacy infrastructure that doesn’t get all the media frenzy: i2p dominates Tor, if you stay on it all the time (the only real government attack is bots;) and ricochet beats the hell out of Signal (it depends on Tor hidden services but makes very ingenious use of them.)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.