The Internet as we know it may soon be changed forever by a project the Pentagon is developing behind closed doors and with little mention. A tight lid has been kept on the work, amid concerns it will anger U.S. legislators and even people within the military.
The end goal of the project run by the Pentagon’s Research and Development Branch, DARPA, is to create several new systems that will make monitoring citizens online anywhere nearly impossible.
The centerpiece of this effort is Tor, a program originally developed by the U.S. Naval Research Laboratory to protect government communications.
Tor has been a thorn in the side of U.S. intelligence agencies tasked with monitoring hackers, spies, and terrorist networks. It’s also one of few options for people looking to dodge the piercing eye of oppressive regimes.
The program hides a user’s identity by encrypting his or her online data then randomly bouncing it around a large network to hide the source. In a leaked document published by the Guardian, the NSA calls Tor “the King of high secure, low latency Internet Anonymity” and notes, “There are no contenders for the throne in waiting.”
Rather than destroy this tool that is now often used against it, the Pentagon is instead trying to make Tor stronger.
“When DARPA started the program, the reason they stayed quiet was because there were people in Washington who were kind of upset,” said Terry Benzel, head of the Defense Technology Experimental Research Lab (DETERLab) at the University of Southern California.
In many countries, open discussion on the Internet can have dire consequences, and so ensuring that programs for anonymity work properly on the global Internet is taken seriously. That’s where Benzel and the DETERLab come in.
“This Tor stuff is real. It’s life and death,” Benzel said. “Some of those people in some of those countries, if they’re found they’re arrested and executed or worse.”
“We’re glad we can provide the technology for some of those people whose lives may be at risk,” she said.
DETERLab’s set of 500 computers uses software that lets it mimic the full Internet and is freely available for researchers around the world. The program was started 10 years ago with funds from the Department of Homeland Security. Using it, researchers can test how programs will work on the open Internet.
Using the systems at DETERLab, researchers can test whether the new technologies can effectively protect a user, and they can launch large-scale attacks against the programs to see whether they can hold up under pressure.
The new tools are part of a program called Safer Warfighter Communications (SAFER). According to DARPA, the goal of the program “is to develop technology that will enable safe, resilient communications over the Internet, particularly in situations in which a third-party is attempting to discover the identity or location of the end users, or block the communication.”
The program can be traced back to 2010 when the U.S. Department of State unveiled plans for “21st Century Statecraft” and digital diplomacy.
“The cornerstone of the 21st century statecraft policy agenda is Internet freedom,” states the State Department website, noting that among the rights people around the world have online are free speech, freedom of assembly in cyberspace, and the freedom to connect.
“A third of the world’s population, even if they have access, live under governments that block content, censor speech, conduct invasive mass surveillance and curb the potential of the Internet as an engine of free speech and commerce,” it states.
At the time, governments around the world were considering programs to end online anonymity. The debates came to an end in the United States with the start of the Arab Spring movement in Egypt and Libya where people rose up to overthrow oppressive governments.
The Arab Spring was organized heavily through social media, and it quickly became apparent that ending anonymity on social media websites could cost people their lives.
Part of the 21st Century Statecraft program announced by Secretary of State Hillary Clinton includes developing new technologies to guard digital rights for people around the world. The tools in the SAFER program are part of it.
Benzel, who has worked closely alongside the program at DETERLab, said, “As a result, DARPA got tasked with spending money on how we could do Internet freedom.”
The tools for the SAFER program are built to provide what people in a movement like the Arab Spring would need, both to organize and to keep themselves safe.
According to the DARPA website, the SAFER program will also provide secure communication tools including for social networking, instant messaging, emailing, streaming video, and video chat tools. The idea is to ensure citizens can organize without being traced, keeping their identities and information secret.
Included in the SAFER program are new tools within the Tor Project, alternatives to Tor, and entirely new technologies.
“Some of them have Tor central to them. Some of them are alternatives,” Benzel said.
While the anonymity tools in the SAFER program could make the job of U.S. law enforcement and intelligence agencies in tracking bad guys more difficult, the harm will likely be minimal. This is partly due to former NSA contractor Edward Snowden, who stole and released secret NSA documents in May 2013.
Snowden’s dump of NSA documents put the world’s terrorists and criminals on alert that, if they were not already using tools to hide their identities and locations, they needed to do so. Hackers and criminal groups often use Tor alongside other programs to hide their online activity, then top off the masking of their activities by encrypting their computers and files.
Thus, the hackers, organized crime groups, and terrorist suspects will likely get very little from SAFER that they don’t already have. The people it will benefit, however, are the average folks living under authoritarian regimes—the people the SAFER program is intended for.
Recent developments around government spying and control over the Internet make the protection offered by SAFER all the more important.
China and Russia have been trying to gain more say over the global Internet, and have been shaking the foundations of the multistakeholder model that creates the open and free Internet we know in the West. Their proposals are for a global Internet with stronger government control.
The debate over Internet governance came to the surface in December 2012 when members of the International Telecommunications Union (ITU) met in Dubai to propose changes to the laws governing the Internet. The ITU is an agency of the United Nations focused on information and communications technologies.
Although content of the ITU meetings was confidential, some information was leaked. According to the leaks, a program passed at the ITU meeting that would allow countries to monitor citizens. It would be defeated by DARPA’s SAFER program.
The program called Y.2770 was proposed by the Chinese regime and creates government standards for deep packet inspection. Deep packet inspection allows governments to read the contents of messages at various connection points on the Internet.
CNET reported the program would “help network providers target BitTorrent uploaders, detect trading of copyrighted MP3 files, and, critics said, accelerate Internet censorship in repressive nations.”
The type of spying used by Y.2770 is directly addressed in a DARPA job posting for the SAFER program. It says SAFER is designed to block deep packet inspection, like that of Y.2770, which is commonly used to analyze online traffic.
While the United States may be losing the battle to defend the multistakeholder model that has produced the dynamic and free Internet we in the West enjoy, SAFER may change the basic landscape in favor of freedom.