Runa Sandvik in Moscow at the Sakharov Center. Photo (c) by Sakharov Center.
So Runa Sandvik, who just left the staff of Tor Project (although she remains as a volunteer), who is now at the ill-named Center for Democracy and Technology, went to Moscow at the end of April.
Hello Moscow.
— Runa A. Sandvik (@runasand) April 29, 2014
In brief, I think it's more than likely she used the trip's ostensible purpose - to speak to human rights groups and journalists to help them with circumvention/encryption -- in fact to liaise with Snowden and coordinate various anarcho-crypto "movement" things with him -- the spinning of Glenn Greenwald's accidental leak about her own meeting with Snowden in December 2012 in Honolulu before he stole documents -- which was to come out May 21; and possibly -- big picture -- work on the take-over/compromise/control of Tor nordes in Russia -- and also discrediting of Russian Internet crypto figures not under her group's control (e.g. Durov).
All in all, mission accomplished, I think.
Let's go over it:
This trip wasn't a secret, and she even mentioned it on her Twitter timeline, but I was busy and didn't notice it until I read the Sakharov Center's news in Moscow. She was there for only two or three days, April 29-May 1, that holiday that Workers of the World love, May Day. Hide in plain sight, you know. That's always best!
Her purpose was to give the poor Russian bloggers and human rights workers now facing Internet blockage by Roskomnadzor lessons in how to use Tor and other circumvention and encryption tools like TrueCrypt. Of course, Russia is a land of Internet nerds with nothing to do but code at their no-show state jobs and surf the Internet, so there's little she can actually teach them. No matter.
That was the cover story.
Just like that trip to give the Crypto Party talk in Honolulu was the cover story. And another trip to go to a crypto conference in Hong Kong, right before Snowden arrived.
It's funny that a) the Russian government let her in if her purpose was to help people defeat their censorship and b) the US authorities didn't question her at the border, given everything. She brags about this on Twitter, that no authorities have ever questioned her about her trip to meet Snowden on December 11, 2012 *after* he contacted Glenn Greenwald for the first time on December 1, 2012 (a date that has changed, but that's the one GG is now giving in his book. She just "happened" to have a vacation right at the same time!
Number of times I have been in contact with law enforcement regarding Snowden and the Honolulu CryptoParty: 0.
— Runa A. Sandvik (@runasand) May 23, 2014
The Crypto Party was likely the device for Snowden's helpers at Tor -- more important than his journalists, who are just scribes, really -- to make the real-life connections they required on the ground to exchange keys and create trust and manage verifications online later.
And here we all were, staring at the Spring Break of Code, which she assiduously kept trying to deny -- working overtime to deflect any questioning about Jacob Appelbaum's role there and his possible meeting of Snowden there to exchange encryption keys, USBs, whatever. Or to go through a third-party cut-out.
Funny, all that.
It illustrates what a duplicitous creature she is, because we were all asking if Tor had contact with Snowden before/during the period he stole documents, and they were all denying it - but then, here it is, leaked by Greenwald himself, possibly accidently. Or maybe he wanted to burn Tor. And this story in Wired about all this has chisel marks all over it because it's been instrumented to tell the story in the most distractive, deflective possibly way, to create an alibi.
But BEFORE this story came out on May 21, there was Runa's trip to Moscow April 28-30. Why? To coordinate with Snowden because it was known the leak was coming, or perhaps the Cinncinnatus info was already seen in early review copies some journalists got of Greenwald's book. (I don't believe he intended to leak this -- John Young of Cryptome picked up the name "Cincinnatus" used with a Lavabit email address, checked the public keys, and saw this related to Snowden.)
So the trip to Moscow was likely really designed to liaise with Snowden -- and the Russian authorities didn't have a problem with that because they are all about helping the Snowdenistas, you know? So even a cover story about "defeating" their censorship works for them.
So Sandvik first sprinkles herself with the holy water of the Sakharov Center, a group of impeccable Soviet-era dissidents and their apprentices who were colleagues of Andrei Sakharov, the patron saint of the dissident movement. To be sure, lots of events are held there, and groups pay a modest fee to help support the Center, because space where people can have free discussions is increasingly hard to find.
I would love to know the visa-support organization that invited Runa and gave her her visa. No foreigner comes to Moscow without:
o an organization or agency or business authorized to provide visa support to foreigners writing a letter of invitation with its official registered seal and a number
o approval at the Foreign Ministry of that letter and that status and that foreigner
o another layer of review at the Russian Embassy abroad, and check of all the documents submitted by the foreigner.
I don't know if the Sakharov organization invited her -- I'd be sad if it did, because it's one more example of how the hackers are invading the human rights movement to try to a) radicalize it and/or b) discredit it and hijack it.
In any event, in addition to possible coordination of how the leakage of the Cincinnatus story would work, other things are possible, like:
o coordination of Snowden's continued running of Tor nodes. Who said he stopped running them? Did he turn off those ones at NSA or get others to collude with him? And even if those servers were removed from his access (we hope) he could start new ones at any time -- and the Russian government will be only too happy!
o in the interview below, you see in fact that Sandvik has trouble denying that Snowden works for Tor -- in fact, she's basically admitting he does. That has several hypotheses that may go with it:
o Snowden is working with Russian intelligence knowingly to take over Tor essentially hollowing it out from the Navy's one-time control -- and please don't tell me bullshit about how the system can't be compromised. More on that below. We already had several dozen such compromised nodes
o At one time none other than Craig Pirrong, who was wildly harassing me for months on end over my simple criticism of his implausible theses, claimed strangely that Jacob Appelbaum went to Moscow to set up those compromised servers. I continue to maintain that that a) doesn't make sense and b) has no evidence because we can't place Appelbaum there. Plus, you don't have to go there to run these servers, given all the virtualization and remote technology out there, and it seemed to obvious.
o Now that we've placed Sandvik in Moscow it's possible in fact that's what they're up to -- busy "spoiling" The Onion Router (Tor) which is what the letters stand for, although it's also a word that means "throne" or "honored seating place in the yurt" in the Eurasian languages.
o And that means this could be a collaborative effort by Wired State types both in the US government and the Russian government who think they are above it all, beyond states, The Smart People Surrounded By Idiots, and all the rest. Or some configuration thereof. People who are too clever by half, who think they are overthrowing others who may have overthrown them.
What's the net effect of this trip? Well, several hypotheses:
o to destroy faith in Tor as compromised by the US and/or Russian intelligence agencies to diminish the ability of people to use it to get around censorship
o on the contrary, to add luster to its reputation and dissipate doubters so that it can then lure lots of people in, and then they can be compromised.
Much of what Runa and her little friends do is premised on the arrogant notion that Tor is unbeatable. So they really don't think (perhaps) that the Russians or Americans can snoop on them due to "math".
They should read my blog, and not only the Swedish paper but Paul Syverson's paper in which he explains that within 3 months, watching the exits, they pretty much out everybody. The Russian government can see who uses Tor -- that was how Harvard was able to find a hacker who made a fake terrorist threat (and if it were up to Runa, he would have followed her good-housekeeping hints and hidden his tracks better.)
So they could simply close everyone down on that basis. Or they can compromise nodes or monitor servers through various intrusive gadgets or watch the exits. There aren't that many nodes now -- it's back down to 4,000, with the number in Russia small and highly visible. So...either or both of the Russians and the Americans and anybody else interested allow Runa to wander the world of crypto parties because she is like dye or radioactive, and then lights up what she touches. Maybe all her stickers she hands out have RFIDs -- like that one on her passport yuck yuck.
Oh, except, she tore the RFID off her Norwegian passport, funny, that. Runa also has a green card or work authorization for the US which she bragged about renewing -- I was surprised she did. No quality control at DHS I guess, especially given that Crypto Party! But she says she's been in London. Why did she leave Tor? Did she figure the axe would fall there soon? She is no longer a paid employee but just one of those evangelizing volunteers. She is also among the "technical advisory committee" at the Freedom of the Press Foundation, which funds Snowden and has Snowden on its board.
FFP was started by John Perry Barlow and the Electronic Frontier Foundation people. Appelbaum is also on that TAC, and still listed very robustly at Tor. Sandvik's interviews for the Russian media are important to look at, and I have them below, but first, study her timeline as its instructive as to how they are playing this whole ideological caper: First, before the trip, she drops a tweet to establish her street cred as a fighter for a free Russian internet:
VKontakte, Russia’s most popular social network, is said to be “under the complete control” of close allies of Putin: <ahref="http://t.co/cDwnlXDIeX">http://t.co/cDwnlXDIeX
— Runa A. Sandvik (@runasand) April 22, 2014
But here's the thing. Runa's real attitude is one of moral equivalence -- if the US is "just like" Russia and Snowden, trapped in Putin's cage, asks the tyrant on state-controlled TV a prefabricated question, why that's "just like" a congressman in a democracy asking something of an appointed official under oversight -- sure.
Side-by-side comparison of Ron Wyden's question to James Clapper and Edward Snowden's question to Vladimir Putin: https://t.co/cxCFqCUdL1
— Runa A. Sandvik (@runasand) April 18, 2014
Oh, and you see, the real problem isn't the Kremlin, it's those evil Western capitalist corporations:
Russia is using deep packet inspection technology from China, Canada, Israel and the US to monitor network activity in the country.
— Runa A. Sandvik (@runasand) April 24, 2014
That's how they play it -- make seeming criticisms of Kremlin policy, but then double back and make moral equivalence between the West and Russia, which then essentially undoes the criticism -- and then spin it around to make it really be about Western corporations. I've seen this technique used over and over again -- by Rebecca MacKinnon, by the Snowdenistas, by Soldatov and Sergei Makarov, another human rights activist (who wasted his personal meeting with Obama fretting about Snowden) and by Sarah Harrison of WikiLeaks in her "leak about Syria" which was really about the West.
It gets tiresome.
Then, Runa name-checks the leading Internet and censorship guru of Russia -- who, well, still lives in Russia:
Internet censorship initiatives in Russia provoke the rise of self-censorship among users, says @AndreiSoldatov: http://t.co/msixBAmkSc
— Runa A. Sandvik (@runasand) April 25, 2014
Then, the day before her departure:
Heh, tried to remove a sticker from the front of my passport and accidentally removed the first "S" in "PASSPORT" and half of the RFID icon.
— Runa A. Sandvik (@runasand) April 27, 2014
Heh. I'll bet that was a TOTAL accident. Then, here's a tip that Tor is in fact heavily vulnerable -- on the eve of her trip to Moscow.
Modified #heartbleed scanner allows direct scanning of #Tor hidden services (via @Bike_E_Maker): https://t.co/oKiBCDOOs3
— Runa A. Sandvik (@runasand) April 28, 2014
Now, on the day she travels to Moscow, this insight -- which is something about her comms there obviously, and this crypto kid is telling us this in public..why? To throw people off the scent, or something.
Turns out @twitter's two-factor authentication backup code is only good for one use. Good thing I have a backup-backup solution in place.
— Runa A. Sandvik (@runasand) April 29, 2014
While in Moscow, she has nothing to say that is critical of Putin, of course, but she has a cryptic message, in case you were waiting for her at the Cafe Pushkin!
Made it to the Red Square only to find that the area was closed off in preparation for a parade. And no luck finding Café Pushkin.
— Runa A. Sandvik (@runasand) April 30, 2014
Cafe Pushkin by Aleksandr Torchiev.
Oh, come now. Cafe Pushkin is right down on Tverskaya! Any smartphone would find it or just ask anybody. Oh, and now that I've noticed its salmon-coloured walls again and ornate paintings, I'm suddenly wondering if that's the location of the private dining room at the "hotel" where Snowden has met his various visitors. Surely Runa wouldn't miss a rendevous with Snowie!
Then for final good measure, she makes it appear if she's all about Internet freedom in Russia again:
Last week, @CenDemTech called on Russia to respect privacy and free expression rights of all Internet users: https://t.co/T9kYJcIGlg
— Runa A. Sandvik (@runasand) May 2, 2014
and brags about her interview on an independent Russian news site:
While in Moscow, I spoke to a journalist at @ru_slon about censorship, online anonymity, and #Tor : http://t.co/BVvcuJ1gwr
— Runa A. Sandvik (@runasand) May 16, 2014
So let's take a look at Slon. And the interview of her especially at Colt.ru, one of the best independent sites in Russia. Russian journalists are simply more used to Russian official obfuscation, lies and spin, so they ask Runa questions that she and her comrades never get asked (and should!) by the American media, which is bedazzled by Snowden:
Runa claims there are "a few thousand" Tor users in Russia but slon.ru says "100,000" because they've gone to check the open source statistics. Runa explained that a virus appeared that artificially increased the number of users (?!) Gosh, how does that work! And can we believe there are even a few thousand?
Tor gets grants based on proposals, and doesn't take instructions from governments, says Sandvik, when the Russian journalists at Colt.ru task her repeatedly.
"However, Tor never takes money in order to install a function which would reflect poorly on its reputation or on the security of the system." "
"But you can hardly agree with the fact that you can preserve your independence by taking money from the government," Colt persists:
Sandvik replies that by just publicizing sources, that should take care of any problem. That is, if you make cooperating with the government not a secret, then the problem goes away, see? Try telling that to Russians. She did!
Here she is, continuing to justify Tor (in reverse translation):
In fact, Tor was created by Naval Intelligence of American in order to protect the American government. But if you are the only user of Tor, then in fact you are easy to spot, because the Tor user is you. So they came to the opinion that in protecting everyone everywhere, you acquire an advantage for yourself, you create a system in which it is ipmossible to understand who this or that user is in America or Sweden. I think that is one of the reasons for the funding of Tor. Moroever, in the last few years, the purpse [of the American authorities] was to help users of the Internet in Iran.
Slon asks whether in fact Tor is really invincible and whether the NSA can break it, as she had claimed in her presentation. They asked in in fact if this was Snowden's leak. Runa said yes, Snowden had leaked many documents on this issue of Tor, that the NSA had tried and failed to break Tor and there was an article on this in the Guardian.
"Would you hire Snowden for the Tor team?" asks the impish slon.ru.
"Tor accepts any anonymous contributions, so anyone could take part in it," she says coyly.
Slon.ru presses further.
"But would you hire him for the job?"
"Hire for the job...I can't comment on that. Tor has funding for people who regularly help the project and work for it. I cannot imagine that Tor Project would discriminate against anyone," she dodges again. She doesn't want to be later caught in a lie, but...
That is, if you're a fugitive felon who has committed the worst heist against US national security in history, sure, send your resume, we're an equal-opportunity employer.
Slon continues to press -- does Tor help the government on crimes, i.e. drug deals, prosecution.
"How do you work with the government in those cases? Can it ask you to provide information about users?"
Runa answers with her usual mantra, "there is no one person, no one facility that could review the system and censor what users can do or not do. And in the same way there is no way for Tor to track users."
She uses the usual distractive rhetoric to deflect legitimate concern about Tor's enabling of criminality:
"On the one hand, for now this system makes it difficult to search for criminals, but on the other hand, it helps people, activists and human rights defenders. There are people in Tor who have spent a lot of time to help victims of domestic violence and have advised them, for example, how to visit sites so their abusers can't see this.
Of course, there are pluses and minuses in this but if you imagine, that someone in Tor tracks the visits of users of this or that site, then the question is raised: who should that person be? Can some project decide, whether users throughout the whole world can or cannot do online? If Tor had that ability, then perhaps one could ask the question, should he be paid from the American or another budget for fulfilling the censor's functions. But Tor has no functions of oversight which would enable it to remain free. For example, I have no special knowledge about the work of Tor, which is inaccessible to others. There is nothing secret in it, all of its work is absolutely open, and in order to know how it works, you just have to spend some time.
Slon presses even further -- they are so much smarter than American journalists!
"You said in your lecture that there is no system to check people who work at Tor. But can you imagine that the intelligence service, for example, or someone else wants to get involved in the project. Would they also not know anything?"
Runa claims there is no way to learn anything but IP addresses that the system is using and that there is "no way to know who is using Tor to visit certain sites." She ought to read the paper of Paul Syverson et. al. -- which no Torean has never committed on. Runa explains that Tor gets requests from the US, British, Norwegian, Polish, German governments asking them to help find criminals. They "explain how Tor works" and say they can't help. She claims she doesn't know if the Russian government has made a request.
Well, look then, US, British, Norwegian, Polish and German governments: if there is a perfect encryption tool that can evade all of your intelligence and law-enforcement, that is a weapon. It's a weapon that should not be in these unscrupulous hands.
Yeah, I get how hard it is to get it out of their hands now, you know, you can always copy on the Internet. But do try to think about the ramifications, here.
She admits Heartbleed was a big blow, and they had trouble getting all the people running nodes to upgrade. She said they lost 1000 out of 5000 servers because they couldn't reach people and ensure they had the patch.
Slon even asks if the staff of Tor could be bribed, and she says "no".
So what else was accomplished in this interview? What else was her purpose?
o To discredit Pavel Durov. She mentions Telegram, his mobile encryption program, and that it was made by "a guy who fled from Russia". Here are her damning comments:
"The creators of Telegram don't say much publicly how their app works, but they offer to pay you if you find a problem in their security system. I tried to ask them about their privacy policy. They assure us that they do not provide law enforcement agencies with information, but sometimes, after all it is impossible to refuse? Only if you are prepared to go to prison for the sake of your users.
Then I asked them under what jurisdiction they work, and they did not reply. Then I looked at how you can get in connect with them -- through a press service. And for that, you must load an app which automatically loads your contact list, every number and every name in the telephone. Although for users, that could be a convenience: when the system sees that your friends are using it, it offers you to become a user. The app in fact is becoming more popular."
So the purpose of that is in part just commercial sabotage -- she doesn't want anyone competing with Tor or Whispersystems, which is the mobile encryption program of her and Jake's friend Moxie Marlingspike. She even filed a FOIA on Telegram (!) -- and when the hackers asked her if she did that with all such software (because even they thought it was odd) she indicated she had plans to.
She doesn't want somehow making encryption software who isn't under the Snowdenistas' control or the control of the Russian government, I guess. Which is it? This is all a complicated chess game. There are feints and dodges and ruses. I leave it to you to figure out.
Recent Comments