A woman shoots videos with a cellphone during a protest in Srinagar, Kashmir on June 21, 2020.
encryption

Inside the Plot to Kill the Open Technology Fund

This U.S. program provides encryption technologies to journalists and activists living under repressive regimes. But a Trump appointee wants to tear it all down.
03 July 2020, 6:00am

In Indonesia, speaking openly about LGBT issues online can result in physical attacks, online abuse, and even arrest.

That’s why Dhyta Caturani, a human rights activist who specializes in helping people to stay safe online, created a training program for Indonesian LGBT groups to track digital threats and give people the skills they need to increase their security.

Caturani’s project was made possible thanks to money from the Open Technology Fund, a U.S. government-funded nonprofit, which is part of the umbrella group called the U.S. Agency for Global Media (USAGM), which also controls Radio Free Asia and Voice of America.

OTF’s goal is to help oppressed communities across the globe by building the digital tools they need and offering training and support to use those tools. Its work has saved countless lives, and every single day millions of people use OTF-assisted tools to communicate and speak out without fear of arrest, retribution, or even death.

The fund has helped dissidents raise their voices beyond China’s advanced censorship network, known as the Great Firewall; helped citizens in Cuba to access news from sources other than the state-sanctioned media; and supported independent journalists in Russia so they could work without fear of a backlash from the Kremlin.

Closer to home, the tools that OTF has funded, including the encrypted messaging app Signal, have allowed Black Lives Matter protesters to organize demonstrations across the country more securely.

But now all of that is under threat, after Michael Pack, a Trump appointee and close ally of Steve Bannon, took control of USAGM in June. Pack has ousted the OTF’s leadership, removed its bipartisan board, and replaced it with Trump loyalists, including Bethany Kozma, an anti-transgender activist.

“The attacks on the OTF are also an attack against us all, too,” Caturani told VICE News. “Losing our safety and security could mean losing our fights for freedom, human rights, and democracy.”

“Worst-case scenario”

One reason the OTF managed to gain the trust of technologists and activists around the world is because, as its name suggests, it invested largely in open-source technology. By definition, open-source software's source code is publicly available, meaning it can be studied, vetted, and in many cases contributed to by anyone in the world.

This transparency makes it possible for experts to study code to see if it has, for example, backdoors or vulnerabilities that would allow for governments to compromise the software's security, potentially putting users at risk of being surveilled or identified.

Now, groups linked to Pack and Bannon have been pressing for the funding of closed-source technology, which is antithetical to the OTF's work over the last eight years.

Closed-source technology — where all or part of the code is kept private — isn’t inherently a bad thing, but the danger is it can be designed with backdoors that would allow governments to secretly monitor users' activity.

Developers of open-source technology can tell journalists in Russia and dissidents in Iran that anyone can see exactly how the software works, and so experts are free to vet them for any vulnerabilities or backdoors. No software can be 100% secure, and governments have developed exploits for open-source technology, but the transparent nature of the code means more experts can vet it, and users can make informed decisions about the security of any given tool.

“This is really the worst-case scenario,” Jillian York, director of international freedom of expression at the Electronic Frontier Foundation and a member of the advisory council at the OTF, told VICE News. “I think the really dangerous thing here is that the new leadership is under pressure to fund these closed-source technologies.”

Security concerns

The technologies that Pack is being pressed to fund at OTF are Freegate and Ultrasurf, two little-known apps that allow users to circumvent internet censorship in repressive regimes but currently have very small user bases inside China.

These apps are not widely trusted by internet freedom experts and activists, according to six experts who spoke to VICE News. That the OTF would pivot its funding from trusted, open-source tech to more obscure, closed-source tech has alarmed activists around the world and has resulted in open revolt among OTF's former leadership.

VICE News has learned that Ultrasurf recently underwent a security audit to assess if the app contained any critical security flaws. The audit was conducted at the request of the State Department as a condition of funding, but the report has not been published.

This was because the developer of Ultrasurf wanted a reference to “a high-severity bug” removed from the report, according to a source at the company that conducted the audit, Cure53.

The developer, who uses the pseudonym Clint to protect his family in China, subsequently threatened Cure53 with legal action if they ever published the report. Clint told VICE News the audit was “sort of like a trap” and that the report was not made public because it would reveal too much about his source code.

The State Department, which has now received Cure53’s report, according to an email seen by VICE News, refused to comment.

Tearing down the Great Firewall

While the internet freedom community may have issues with Ultrasurf and Freegate, the developers behind the apps — which have been around since 2002 — are convinced they are the answer to China’s censorship problem.

“We can tear down the Great Firewall in a matter of months,” Clint from Ultrasurf said, while Bill Xia, the CEO of Dynamic Internet Technology, which maintains Freegate, told VICE News that his app “has been the most popular circumvention software in China since 2002” and “currently, we serve millions of users from China each month.”

But more than half a dozen experts in the internet freedom community who spoke to VICE News expressed a mixture of incredulity and frustration about those claims. The experts, who were granted anonymity to speak openly, said the apps’ code is out of date, dangerously vulnerable to compromise, and lacks the user base to allow it to effectively scale even if they secured government funding.

One source familiar with the technology said that giving the money to Ultrasurf or Freegate was “just fucking pissing money up against the Firewall."

So why are these technologies even being considered for funding?

Mainly because prominent individuals with strong links to Pack have spent the better part of the last decade repeatedly pushing these apps to receive tens of millions of dollars in funding from the U.S. government, without providing any evidence that the technology will succeed.

The two loudest proponents of these technologies are Michael Horowitz, a former director of the Project for International Religious Liberty at the Hudson Institute, and Katrina Lantos Swett, the president of the Lantos Foundation Human Rights and Justice.

OTF staffers who spoke to VICE News on the condition of anonymity as they were not authorized to speak to the press, say they’re concerned Horowitz and Swett will finally succeed thanks to their links to Pack and Bannon.

In recent months, as Pack’s confirmation gained momentum, Swett and Horowitz have increased their lobbying efforts and attacks on the leadership of the OTF.

In March, around the time Trump decided to pressure Republicans in the Senate to confirm Pack’s appointment, Libby Liu, OTF’s CEO, and Laura Cunningham, OTF’s president, got a phone call from Swett and her colleagues to discuss funding for large-scale circumvention tools to help people in China bypass the Great Firewall.

Swett described it as “a very professional and a very cordial call,” but that’s not how Liu and Cunningham remember it.

“It was quite threatening,” Cunningham told VICE News. “They said that they were very close with Michael Pack [and] told us that there was a lot of disappointment that we were not funding the most effective circumvention tools out there. Their advice was that if we wanted to make sure we stayed in CEO Pack’s good graces, that we needed to reorient our funds immediately to support those technologies.”

Liu says Swett and her colleagues “lectured us, you know, round robin-style, and threatened us.”

Extensive contemporaneous notes of the call made by Liu, and seen by VICE News, back up the assertions made by the pair, including the assertions of close links to Pack and his people.

“The overall gist of the call felt like an effort to threaten OTF into doing an immediate award to Ultrasurf,” Liu notes. “There were so many inaccuracies in their statements that it was very difficult, if not impossible, to correct them all in real time.”

A much less-detailed set of handwritten notes from Swett, also seen by VICE News, makes no reference to any issues on the call.

“Pack's over there to clean house”

Three months later, Pack was finally confirmed by the Senate, and within days, Swett and the Lantos Foundation sent a lobbying letter, again listing Ultrasurf and Freegate, despite OTF’s obvious concerns about their closed-source nature.

Then, on June 13, Horowitz appeared on Bannon’s radio show “War Room” and openly called on Pack to fire Liu, and Bannon apparently wrote her name down.

Bannon has made no secret of being close to Pack and what he’s doing in his new role. “We are going hard on the charge,” Bannon told Vox. “Pack’s over there to clean house.”

Seeing the writing on the wall, Liu resigned. But four days later, Pack fired her anyway. A day later, believing she had been spared and ready to double down on the work she’d been doing, Cunningham was fired by email.

“I had no intention of resigning and no intention of leaving OTF,” Cunningham said. “I was 100% dedicated to staying with the organization and protecting this critical work.”

The email from Pack, seen by VICE News, gave no reason why Cunningham was being fired.

On Wednesday, seven prominent Republican senators, led by staunch Trump supporters Linsday Graham and Marco Rubio, wrote a scathing letter attacking Pack’s decision to fire Liu and Cunningham and the heads of all the other USAGM entities.

“The termination of qualified expert staff and network heads for no specific reason as well as the removal of their boards raised questions about the preservation of these entities and their ability to implement their statutory missions now and in the future,” they wrote. “These actions, which came without any consultation with Congress, let alone notification, raise serious questions about the future of USAGM under your leadership.”

Pack’s arrival at USAGM coincides with an unprecedented uptick in internet censorship the world over, as authoritarian leaders follow China’s lead.

While some U.S. companies like Apple and Zoom have shown a willingness to censor their products to retain access to the hugely lucrative Chinese market, a much smaller U.S. company could provide the tools necessary to overcome China’s censorship.

Lantern is a secretive U.S. company that, based on data reviewed by VICE News, is among the largest circumvention tools currently being used anywhere in the world.

The team of 20 or so engineers who maintain the app, which is partly funded by the U.S. State Department, rarely speaks to the media about their efforts, to avoid painting a target on their back for the authorities in Beijing.

But silence also makes it much harder to get funding.

Amid the continuing fallout from Pack’s arrival and louder talk of hefty funding for other technologies such as Ultrasurf, the founders decided to speak up, saying their technology is primed to grow exponentially, if only they had the funding.

“At the moment, we have a cap of 500MB on free accounts,” Wolf, one of the co-founders of Lantern, who uses a pseudonym to protect his identity, told VICE News. “If we got funding, then we could just switch that cap off and grow our user base rapidly. That's what they don't know in Washington.”

Lantern was named by the Lantos Foundation in their lobbying efforts, but Wolf said they have no affiliation with the organization and have no reason to be associated with their efforts, because at the end of the day the funding should go to the team with the most widely used tool. “The U.S. government needs to back the right horse—and that’s us,” Wolf said.

Pack has yet to reveal who will be put in charge of OTF or where it will divert funds in the future. A spokesman for USAGM refused to answer any questions posed by VICE News.

But current and former staff members who spoke to VICE News said they’re worried about where Pack will take the organization. If he decides to follow the advice of Swett and Horowitz, and fund Ultrasurf and Freegate, then lives will be put at risk.

Cover: A woman shoots videos with a cellphone during a protest in Srinagar, Kashmir on June 21, 2020. (Photo by Faisal Khan/Anadolu Agency via Getty Images)