Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

For The Record  

FTR #1078 Surveillance Valley, Part 4: Tor Up (Foxes Guarding the Online Privacy Henhouse, Part 1.)

Dave Emory’s entire life­time of work is avail­able on a flash dri­ve that can be obtained HERE. The new dri­ve is a 32-giga­byte dri­ve that is cur­rent as of the pro­grams and arti­cles post­ed by the fall of 2017. The new dri­ve (avail­able for a tax-deductible con­tri­bu­tion of $65.00 or more.)

WFMU-FM is pod­cast­ing For The Record–You can sub­scribe to the pod­cast HERE.

You can sub­scribe to e‑mail alerts from Spitfirelist.com HERE.

You can sub­scribe to RSS feed from Spitfirelist.com HERE.

Please con­sid­er sup­port­ing THE WORK DAVE EMORY DOES.

This broad­cast was record­ed in one, 60-minute seg­ment.

Intro­duc­tion: Con­tin­u­ing this series, we begin a dive into the meat of the vital­ly impor­tant book from which the pro­gram takes its title.  Yasha Levine’s sum­ma­tion of the inex­tri­ca­ble nature and sym­bio­sis between the Inter­net, the tech firms and the so-called “pri­va­cy com­mu­ni­ty” include:

  1. The Inter­net is a weapon, devel­oped for counter-insur­gency pur­pos­es.
  2. Big Tech firms net­work with the very intel­li­gence ser­vices they pub­licly decry.
  3. Big Tech firms that data mine their cus­tomers on a near­ly unimag­in­able scale do so as a direct, oper­a­tional exten­sion of the very sur­veil­lance func­tion upon which  the Inter­net is pred­i­cat­ed.
  4. The tech­nolo­gies tout­ed by the so-called “Pri­va­cy Activists” such as Edward Snow­den and Jacob Apple­baum were devel­oped by the very intel­li­gence ser­vices they are sup­posed to deflect.
  5. The tech­nolo­gies tout­ed by the so-called “Pri­va­cy Activists” such as Edward Snow­den and Jacob Applebaum–such as the Tor Inter­net func­tion and the Sig­nal mobile phone app– are read­i­ly acces­si­ble to the very intel­li­gence ser­vices they are sup­posed to deflect.
  6. The orga­ni­za­tions that pro­mote the alleged virtues of Snow­den, Apple­baum, Tor, Sig­nal et al are linked to the very intel­li­gence ser­vices they would have us believe they oppose.
  7. Big Tech firms embrace “Inter­net Free­dom” as a dis­trac­tion from their own will­ful and all-embrac­ing data min­ing and their ongo­ing con­scious col­lab­o­ra­tion with the very intel­li­gence ser­vices they pub­licly decry.

After detail­ing the his­to­ry of the devel­op­ment of the Inter­net by the nation­al secu­ri­ty estab­lish­ment, Levine presents the sto­ry of the devel­op­ment of the Tor net­work.

Key points of analy­sis and dis­cus­sion:

  1. Tor’s Sil­i­con Val­ley back­ing: ” . . . . Pri­va­cy groups fund­ed by com­pa­nies like Google and Face­book, includ­ing the Elec­tron­ic Fron­tier Foun­da­tion and Fight for the Future, were some of Tor’s biggest and most ded­i­cat­ed back­ers. Google had direct­ly bankrolled its devel­op­ment, pay­ing out gen­er­ous grants to col­lege stu­dents who worked at Tor dur­ing their sum­mer vaca­tions. Why would an Inter­net com­pa­ny whose entire busi­ness rest­ed on track­ing peo­ple online pro­mote and help devel­op a pow­er­ful pri­va­cy tool? Some­thing did­n’t add up. . . .”
  2. Not sur­pris­ing­ly, Tor does not shield users from orgias­tic data min­ing by Sil­i­con Val­ley tech giants: ” . . . . Tor works only if peo­ple are ded­i­cat­ed to main­tain­ing a strict anony­mous Inter­net rou­tine: using only dum­my email address­es and bogus accounts, car­ry­ing out all finan­cial trans­ac­tions in Bit­coin and oth­er cryp­tocur­ren­cies, and nev­er men­tion­ing their real name in emails or mes­sages. For the vast major­i­ty of peo­ple on the Internet—those who use Gmail, inter­act with Face­book friends, and shop on Amazon—you reveal your iden­ti­ty. These com­pa­nies know who you are. They know your name, your ship­ping address, your cred­it card infor­ma­tion. They con­tin­ue to scan your emails, map your social net­works, and com­pile dossiers. Tor or not, once you enter your account name and pass­word, Tor’s anonymi­ty tech­nol­o­gy becomes use­less. . . .”
  3. Sil­i­con Val­ley’s sup­port for Tor is some­thing of a “false bro­mide”: ” . . . . After all, Snow­den’s leaked doc­u­ments revealed that any­thing Inter­net com­pa­nies had, the NSA had as well. I was puz­zled, but at least I under­stood why Tor had back­ing from Sil­i­con Val­ley: it offered a false sense of pri­va­cy, while not pos­ing a threat to the indus­try’s under­ly­ing sur­veil­lance mod­el. . . .
  4. Tor is, in fact, financed by ele­ments of the very same intel­li­gence com­mu­ni­ty and nation­al secu­ri­ty estab­lish­ment that sup­pos­ed­ly frustrated/“locked out” by Tor! ” . . . . But as I ana­lyzed the orga­ni­za­tion’s finan­cial doc­u­ments, I found that the oppo­site was true. Tor had come out of a joint US Navy—DARPA mil­i­tary project in the ear­ly 2000s and con­tin­ued to rely on a series of fed­er­al con­tracts after it was spun off into a pri­vate non­prof­it. This fund­ing came from the Pen­ta­gon, the State Depart­ment, and at least one orga­ni­za­tion that derived from the CIA. These con­tracts added up to sev­er­al mil­lion dol­lars a year and, most years,  account­ed for more than 90 per­cent of Tor’s oper­at­ing bud­get. Tor was a fed­er­al mil­i­tary con­trac­tor. It even had its own fed­er­al con­tract­ing num­ber. . . This includ­ed Tor’s founder, Roger Din­gle­dine, who spent a sum­mer work­ing at the NSA and who had brought Tor to life under a series of DARPA and Navy con­tracts. . . .”

Wide­ly regard­ed as a cham­pi­on of Inter­net free­dom and pri­va­cy, the Elec­tron­ic Fron­tier Foun­da­tion helped finance Tor and cham­pi­oned its use.

Key ele­ments of dis­cus­sion and analy­sis of the EFF/Tor alliance include:

  1. EFF’s ear­ly financ­ing of Tor: ” . . . . . . . . In 2004, [Roger] Din­gle­dine struck out on his own, spin­ning the mil­i­tary onion rout­ing project into a non-prof­it cor­po­ra­tion called the Tor Project and, while still fund­ed by DARPA and the Navy, began scratch­ing around for pri­vate fund­ing. He got help from an unex­pect­ed ally: the Elec­tron­ic Fron­tier Foun­da­tion (EFF), which gave Tor almost a quar­ter mil­lion dol­lars to keep it going while Din­gle­dine looked for oth­er pri­vate spon­sors. The EFF even host­ed Tor’s web­site. . . .”
  2. The EFF’s effu­sive praise for the fun­da­men­tal­ly com­pro­mised Tor Project: ” . . . . ‘The Tor Project is a per­fect fit for EFF, because one of our pri­ma­ry goals is to pro­tect the pri­va­cy and anonymi­ty of Inter­net users. Tor can help peo­ple exer­cise their First Amend­ment right to free, anony­mous speech online.’ EFF’s tech­nol­o­gy man­ag­er Chris Palmer explained in a 2004 press release, which curi­ous­ly failed to men­tion that Tor was devel­oped pri­mar­i­ly for mil­i­tary intel­li­gence use and was still active­ly fund­ed by the Pen­ta­gon. . . .”
  3. The EFF’s his­to­ry of work­ing with ele­ments of the nation­al secu­ri­ty estab­lish­ment: ” . . . . In 1994, EFF worked with the FBI to pass the Com­mu­ni­ca­tions Assis­tance for Law Enforce­ment Act, which required all telecom­mu­ni­ca­tions com­pa­nies to build their equip­ment so that it could be wire­tapped by the FBI. In 1999, EFF worked to sup­port NATO’s bomb­ing cam­paign in Koso­vo with some­thing called the ‘Koso­vo Pri­va­cy Sup­port,’ which aimed to keep the region’s Inter­net access open dur­ing mil­i­tary action. Sell­ing a Pen­ta­gon intel­li­gence project as a grass­roots pri­va­cy tool—it did­n’t seem all that wild. . . .”
  4.  In FTR #854, we not­ed that EFF co-founder John Per­ry Bar­low was far more than a Grate­ful Dead lyricist/hippie icon: ” . . . . Indeed, in 2002, a few years before it fund­ed Tor, EFF cofounder [John] Per­ry Bar­low casu­al­ly admit­ted that he had been con­sult­ing for intel­li­gence agen­cies for a decade. It seemed that the worlds of sol­diers, spies, and pri­va­cy weren’t as far apart as they appeared. . . .”
  5. EFF’s grav­i­tas in the online pri­va­cy com­mu­ni­ty lent Tor great cred­i­bil­i­ty: ” . . . . EFF’s sup­port for Tor was a big deal. The orga­ni­za­tion com­mand­ed respect in Sil­i­con Val­ley and was wide­ly seen as the ACLU of the Inter­net Age. The fact that it backed Tor meant that no hard ques­tions would be asked about the anonymi­ty tool’s mil­i­tary ori­gins as it tran­si­tioned to the civil­ian world. And that’s exact­ly what hap­pened. . . .”

In FTR #‘s 891 and 895, we not­ed the pri­ma­ry posi­tion of the Broad­cast­ing Board of Gov­er­nors in the devel­op­ment of the so-called “pri­va­cy” net­works. The BBG is a CIA off­shoot: . . . .  The BBG might have had a bland sound­ing name and pro­fessed a noble mis­sion to inform the world and spread democ­ra­cy. In truth, the orga­ni­za­tion was an out­growth of the Cen­tral Intel­li­gence Agency. . . . The bulk of the BBG is no longer fund­ed from the CIA’s black bud­get, but the agen­cy’s orig­i­nal cold War goal and purpose—subversion and psy­cho­log­i­cal oper­a­tions direct­ed against coun­tries deemed hos­tile to US interests—remain the same. The only thing that did change about the BBG is that today, more of its broad­casts are tak­ing place online . . . .”

After doc­u­ment­ing Radio Free Europe’s growth from the Nazi/Vichy run Radio France dur­ing World War II and RCA’s David Sarnof­f’s involve­ment with the Tran­sra­dio Con­sor­tium (which com­mu­ni­cat­ed vital intel­li­gence to the Axis dur­ing the war), the pro­gram high­lights the involve­ment of Gehlen oper­a­tives in the oper­a­tions of Radio Free Europe, the sem­i­nal CIA broad­cast­ing out­lets.

The BBG (read “CIA”) became a major backer of the Tor Project: ” . . . . . . . . It was Wednes­day morn­ing, Feb­ru­ary 8, 2006, when Roger Din­gle­dine got the email he had been bad­ly wait­ing for. The Broad­cast­ing Board of Gov­er­nors had final­ly agreed to back the Tor Project. . . . With­in a year, the agency increased Tor’s con­tract to a quar­ter mil­lion dol­lars, and then bumped it up again to almost a mil­lion just a few years lat­er. The rela­tion­ship also led to major con­tracts with oth­er fed­er­al agen­cies, boost­ing Tor’s mea­ger oper­at­ing bud­get to sev­er­al mil­lion dol­lars a year. . . .”

Yasha Levine sums up the essence of the Tor Project: ” . . . . The Tor Project was not a rad­i­cal indie orga­ni­za­tion fight­ing The Man. For all intents and pur­pos­es, it was The Man. Or, at least, The Man’s right hand. . . . inter­nal cor­re­spon­dence reveals Tor’s close col­lab­o­ra­tion with the BBG and mul­ti­ple oth­er wings of the US gov­ern­ment, in par­tic­u­lar those that dealt with for­eign pol­i­cy and soft-pow­er pro­jec­tion. Mes­sages describe meet­ings, train­ings, and con­fer­ences with the NSA, CIA, FBI and State Depart­ment. . . . The fund­ing record tells the sto­ry even more pre­cise­ly. . . . Tor was sub­sist­ing almost exclu­sive­ly on gov­ern­ment con­tracts. By 2008, that includ­ed  con­tracts with DARPA, the Navy, the BBG, and the State Depart­ment as well as Stan­ford Research Insti­tute’s Cyber-Threat Ana­lyt­ics pro­gram. . . .” 

Next, we begin chron­i­cling the career of Jacob Appel­baum. A devo­tee of Ayn Rand, he became one of Tor’s most impor­tant employ­ees and pro­mot­ers. . . . . With­in months of get­ting the job, he assumed the role of offi­cial Tor Project spokesman and began pro­mot­ing Tor as a pow­er­ful weapon against gov­ern­ment oppres­sion. . . . Over the next sev­er­al years, Din­gledine’s reports back to the BBG [read “CIA”–D.E.] were filled with descrip­tions of Appel­baum’s suc­cess­ful out­reach. . . .”

Intro­duc­ing a top­ic to be more ful­ly explored in our next pro­gram, we note Appel­baum’s piv­otal role in the Wik­iLeaks oper­a­tion and his role in the adop­tion of Tor by Wik­iLeaks: ” . . . . Appel­baum decid­ed to attach him­self to the Wik­iLeaks cause. He spent a few weeks with Assange and the orig­i­nal Wik­iLeaks crew in Ice­land as they pre­pared their first major release and helped secure the site’s anony­mous sub­mis­sions sys­tem using Tor’s hid­den ser­vice fea­ture, which hid the phys­i­cal loca­tion of Wik­iLeaks servers and in the­o­ry made them much less sus­cep­ti­ble to sur­veil­lance and attack. From then on, the Wik­iLeaks site proud­ly adver­tised Tor: ‘secure, anony­mous, dis­trib­uted net­work for max­i­mum secu­ri­ty.’ . . . . Appel­baum did his best to be Assange’s right-hand man. He served as the orga­ni­za­tion’s offi­cial Amer­i­can rep­re­sen­ta­tive and bailed the founder of Wik­iLeaks out of tough spots when the heat from US author­i­ties got too hot. Appel­baum became so inter­twined with Wik­iLeaks that appar­ent­ly some staffers talked about him lead­ing the orga­ni­za­tion if some­thing were to hap­pen to Assange. . . . Assange gave Appel­baum and Tor wide cred­it for help­ing Wik­iLeaks. ‘Jake has been a tire­less pro­mot­er behind the scenes of our cause,’ he told a reporter. ‘Tor’s impor­tance to Wik­iLeaks can­not be under­es­ti­mat­ed.’ With those words, Appel­baum and the Tor Project became cen­tral heroes in the Wik­iLeaks saga, right behind Assange. . . .”

1. This seg­ment of our series on Sur­veil­lance Val­ley takes up the devel­op­ment and oper­a­tions of the Tor Project–the devel­op­ment of a sup­pos­ed­ly secure Inter­net net­work.  Tor is, in fact, financed by ele­ments of the very same intel­li­gence com­mu­ni­ty and nation­al secu­ri­ty estab­lish­ment that sup­pos­ed­ly frustrated/“locked out” by Tor!

Key points of analy­sis and dis­cus­sion:

  1. Tor’s Sil­i­con Val­ley back­ing: ” . . . . Pri­va­cy groups fund­ed by com­pa­nies like Google and Face­book, includ­ing the Elec­tron­ic Fron­tier Foun­da­tion and Fight for the Future, were some of Tor’s biggest and most ded­i­cat­ed back­ers. Google had direct­ly bankrolled its devel­op­ment, pay­ing out gen­er­ous grants to col­lege stu­dents who worked at Tor dur­ing their sum­mer vaca­tions. Why would an Inter­net com­pa­ny whose entire busi­ness rest­ed on track­ing peo­ple online pro­mote and help devel­op a pow­er­ful pri­va­cy tool? Some­thing did­n’t add up. . . .”
  2. Not sur­pris­ing­ly, Tor does not shield users from orgias­tic data min­ing by Sil­i­con Val­ley tech giants: ” . . . . Tor works only if peo­ple are ded­i­cat­ed to main­tain­ing a strict anony­mous Inter­net rou­tine: using only dum­my email address­es and bogus accounts, car­ry­ing out all finan­cial trans­ac­tions in Bit­coin and oth­er cryp­tocur­ren­cies, and nev­er men­tion­ing their real name in emails or mes­sages. For the vast major­i­ty of peo­ple on the Internet—those who use Gmail, inter­act with Face­book friends, and shop on Amazon—you reveal your iden­ti­ty. These com­pa­nies know who you are. They know your name, your ship­ping address, your cred­it card infor­ma­tion. They con­tin­ue to scan your emails, map your social net­works, and com­pile dossiers. Tor or not, once you enter your account name and pass­word, Tor’s anonymi­ty tech­nol­o­gy becomes use­less. . . .”
  3. Sil­i­con Val­ley’s sup­port for Tor is some­thing of a “false bro­mide”: ” . . . . After all, Snow­den’s leaked doc­u­ments revealed that any­thing Inter­net com­pa­nies had, the NSA had as well. I was puz­zled, but at least I under­stood why Tor had back­ing from Sil­i­con Val­ley: it offered a false sense of pri­va­cy, while not pos­ing a threat to the indus­try’s under­ly­ing sur­veil­lance mod­el. . . .
  4. Tor is, in fact, financed by ele­ments of the very same intel­li­gence com­mu­ni­ty and nation­al secu­ri­ty estab­lish­ment that sup­pos­ed­ly frustrated/“locked out” by Tor! ” . . . . But as I ana­lyzed the orga­ni­za­tion’s finan­cial doc­u­ments, I found that the oppo­site was true. Tor had come out of a joint US Navy—DARPA mil­i­tary project in the ear­ly 2000s and con­tin­ued to rely on a series of fed­er­al con­tracts after it was spun off into a pri­vate non­prof­it. This fund­ing came from the Pen­ta­gon, the State Depart­ment, and at least one orga­ni­za­tion that derived from the CIA. These con­tracts added up to sev­er­al mil­lion dol­lars a year and, most years, and, most years, account­ed for more than 90 per­cent of Tor’s oper­at­ing bud­get. Tor was a fed­er­al mil­i­tary con­trac­tor. It even had its own fed­er­al con­tract­ing num­ber. . . This includ­ed Tor’s founder, Roger Din­gle­dine, who spent a sum­mer work­ing at the NSA and who had brought Tor to life under a series of DARPA and Navy con­tracts. . . .”
  5. Far from frus­trat­ing intel­li­gence sur­veil­lance, Tor aug­ments that effort! ” . . . . Tor, as well as the larg­er app-obsessed pri­va­cy move­ment that ral­lied around it after Snow­den’s NSA leaks, does not thwart the pow­er of the US gov­ern­ment. It enhances it. The dis­clo­sures about Tor’s inner work­ings I obtained from the Broad­cast­ing Board of Gov­er­nors have nev­er been made pub­lic before now. The sto­ry they tell is vital to our under­stand­ing of the Inter­net; they reveal that Amer­i­can mil­i­tary and intel­li­gence inter­ests are so deeply embed­ded in the fab­ric of the net­work that they dom­i­nate the very encryp­tion tools and pri­va­cy orga­ni­za­tions that are sup­posed to be in oppo­si­tion to them. There is no escape. . . .”

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 212–214.

. . . . My prob­lems had begun when I start­ed dig­ging into the Tor Project. I inves­ti­gat­ed Tor’s cen­tral role in the pri­va­cy move­ment after Edward Snow­den pre­sent­ed the project as a panacea to sur­veil­lance on the Inter­net. I was­n’t con­vinced, and it did­n’t take long to find a basis for my ini­tial sus­pi­cions.

The first red flag was its Sil­i­con Val­ley sup­port. Pri­va­cy groups fund­ed by com­pa­nies like Google and Face­book, includ­ing the Elec­tron­ic Fron­tier Foun­da­tion and Fight for the Future, were some of Tor’s biggest and most ded­i­cat­ed back­ers. Google had direct­ly bankrolled its devel­op­ment, pay­ing out gen­er­ous grants to col­lege stu­dents who worked at Tor dur­ing their sum­mer vaca­tions. Why would an Inter­net com­pa­ny whose entire busi­ness rest­ed on track­ing peo­ple online pro­mote and help devel­op a pow­er­ful pri­va­cy tool? Some­thing did­n’t add up.

As I dug into the tech­ni­cal details of how Tor worked, I quick­ly real­ized that the Tor Project offers no pro­tec­tion against the pri­vate track­ing and pro­fil­ing Inter­net com­pa­nies car­ry out. Tor works only if peo­ple are ded­i­cat­ed to main­tain­ing a strict anony­mous Inter­net rou­tine: using only dum­my email address­es and bogus accounts, car­ry­ing out all finan­cial trans­ac­tions in Bit­coin and oth­er cryp­tocur­ren­cies, and nev­er men­tion­ing their real name in emails or mes­sages. For the vast major­i­ty of peo­ple on the Internet—those who use Gmail, inter­act with Face­book friends, and shop on Amazon—you reveal your iden­ti­ty. These com­pa­nies know who you are. They know your name, your ship­ping address, your cred­it card infor­ma­tion. They con­tin­ue to scan your emails, map your social net­works, and com­pile dossiers. Tor or not, once you enter your account name and pass­word, Tor’s anonymi­ty tech­nol­o­gy becomes use­less.

Tor’s inef­fec­tive­ness against Sil­i­con Val­ley sur­veil­lance made it an odd pro­gram for Snow­den and oth­er pri­va­cy activists to embrace. After all, Snow­den’s leaked doc­u­ments revealed that any­thing Inter­net com­pa­nies had, the NSA had as well. I was puz­zled, but at least I under­stood why Tor had back­ing from Sil­i­con Val­ley: it offered a false sense of pri­va­cy, while not pos­ing a threat to the indus­try’s under­ly­ing sur­veil­lance mod­el.

What was­n’t clear, and what became appar­ent as I inves­ti­gat­ed Tor fur­ther, was why the US gov­ern­ment sup­port­ed it.

A big part of Tor’s mys­tique and appeal was that it was sup­pos­ed­ly a fierce­ly inde­pen­dent and rad­i­cal organization—an ene­my of the state. Its offi­cial sto­ry was that it was fund­ed by a wide vari­ety of sources, which gave it total free­dom to do what­ev­er it want­ed. But as I ana­lyzed the orga­ni­za­tion’s finan­cial doc­u­ments, I found that the oppo­site was true. Tor had come out of a joint US Navy—DARPA mil­i­tary project in the ear­ly 2000s and con­tin­ued to rely on a series of fed­er­al con­tracts after it was spun off into a pri­vate non­prof­it. This fund­ing came from the Pen­ta­gon, the State Depart­ment, and at least one orga­ni­za­tion that derived from the CIA. These con­tracts added up to sev­er­al mil­lion dol­lars a year and, most years, account­ed for more than 90 per­cent of Tor’s oper­at­ing bud­get. Tor was a fed­er­al mil­i­tary con­trac­tor. It even had its own fed­er­al con­tract­ing num­ber.

The deep­er I went, the stranger it got. I learned that just about every­one involved in devel­op­ing Tor was in some way tied up with the very state that they were sup­posed to be pro­tect­ing peo­ple from. This includ­ed Tor’s founder, Roger Din­gle­dine, who spent a sum­mer work­ing at the NSA and who had brought Tor to life under a series of DARPA and Navy con­tracts. I even uncov­ered an old audio copy of a talk Din­gle­dine gave in 2004, right as he was set­ting up Tor as an inde­pen­dent orga­ni­za­tion. “I con­tract for the Unit­ed States Gov­ern­ment to build an anonymi­ty tech­nol­o­gy for them and deploy it,” he admit­ted at the time. . . .

2. Far from frus­trat­ing intel­li­gence sur­veil­lance, Tor aug­ments that effort! ” . . . . Tor, as well as the larg­er app-obsessed pri­va­cy move­ment that ral­lied around it after Snow­den’s NSA leaks, does not thwart the pow­er of the US gov­ern­ment. It enhances it. The dis­clo­sures about Tor’s inner work­ings I obtained from the Broad­cast­ing Board of Gov­er­nors have nev­er been made pub­lic before now. The sto­ry they tell is vital to our under­stand­ing of the Inter­net; they reveal that Amer­i­can mil­i­tary and intel­li­gence inter­ests are so deeply embed­ded in the fab­ric of the net­work that they dom­i­nate the very encryp­tion tools and pri­va­cy orga­ni­za­tions that are sup­posed to be in oppo­si­tion to them. There is no escape. . . .”

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 223–234.

. . . . If Tor was tru­ly the heart of the mod­ern pri­va­cy move­ment and a real threat to the sur­veil­lance pow­er of agen­cies like the NSA, why would the fed­er­al government—including the Pen­ta­gon, the par­ent of the NSA—continue to fund the orga­ni­za­tion? Why would the Pen­ta­gon sup­port a tech­nol­o­gy that sub­vert­ed its own pow­er? It did not make any sense.

The doc­u­ments in the box wait­ing on my doorstep con­tained the answer. Com­bined with oth­er infor­ma­tion unearthed dur­ing my inves­ti­ga­tion, they showed that Tor, as well as the larg­er app-obsessed pri­va­cy move­ment that ral­lied around it after Snow­den’s NSA leaks, does not thwart the pow­er of the US gov­ern­ment. It enhances it.

The dis­clo­sures about Tor’s inner work­ings I obtained from the Broad­cast­ing Board of Gov­er­nors have nev­er been made pub­lic before now. The sto­ry they tell is vital to our under­stand­ing of the Inter­net; they reveal that Amer­i­can mil­i­tary and intel­li­gence inter­ests are so deeply embed­ded in the fab­ric of the net­work that they dom­i­nate the very encryp­tion tools and pri­va­cy orga­ni­za­tions that are sup­posed to be in oppo­si­tion to them. There is no escape. . . .

3. Wide­ly regard­ed as a cham­pi­on of Inter­net free­dom and pri­va­cy, the Elec­tron­ic Fron­tier Foun­da­tion helped finance Tor and cham­pi­oned its use.

Key ele­ments of dis­cus­sion and analy­sis of the EFF/Tor alliance include:

  1. EFF’s ear­ly financ­ing of Tor: ” . . . . . . . . In 2004, [Roger] Din­gle­dine struck out on his own, spin­ning the mil­i­tary onion rout­ing project into a non-prof­it cor­po­ra­tion called the Tor Project and, while still fund­ed by DARPA and the Navy, began scratch­ing around for pri­vate fund­ing. He got help from an unex­pect­ed ally: the Elec­tron­ic Fron­tier Foun­da­tion (EFF), which gave Tor almost a quar­ter mil­lion dol­lars to keep it going while Din­gle­dine looked for oth­er pri­vate spon­sors. The EFF even host­ed Tor’s web­site. . . .”
  2. The EFF’s effu­sive praise for the fun­da­men­tal­ly com­pro­mised Tor Project: ” . . . . ‘The Tor Project is a per­fect fit for EFF, because one of our pri­ma­ry goals is to pro­tect the pri­va­cy and anonymi­ty of Inter­net users. Tor can help peo­ple exer­cise their First Amend­ment right to free, anony­mous speech online.’ EFF’s tech­nol­o­gy man­ag­er Chris Palmer explained in a 2004 press release, which curi­ous­ly failed to men­tion that Tor was devel­oped pri­mar­i­ly for mil­i­tary intel­li­gence use and was still active­ly fund­ed by the Pen­ta­gon. . . .”
  3. The EFF’s his­to­ry of work­ing with ele­ments of the nation­al secu­ri­ty estab­lish­ment: ” . . . . In 1994, EFF worked with the FBI to pass the Com­mu­ni­ca­tions Assis­tance for Law Enforce­ment Act, which required all telecom­mu­ni­ca­tions com­pa­nies to build their equip­ment so that it could be wire­tapped by the FBI. In 1999, EFF worked to sup­port NATO’s bomb­ing cam­paign in Koso­vo with some­thing called the ‘Koso­vo Pri­va­cy Sup­port,’ which aimed to keep the region’s Inter­net access open dur­ing mil­i­tary action. Sell­ing a Pen­ta­gon intel­li­gence project as a grass­roots pri­va­cy tool—it did­n’t seem all that wild. . . .”
  4.  In FTR #854, we not­ed that EFF co-founder John Per­ry Bar­low was far more than a Grate­ful Dead lyricist/hippie icon: ” . . . . Indeed, in 2002, a few years before it fund­ed Tor, EFF cofounder [John] Per­ry Bar­low casu­al­ly admit­ted that he had been con­sult­ing for intel­li­gence agen­cies for a decade. It seemed that the worlds of sol­diers, spies, and pri­va­cy weren’t as far apart as they appeared. . . .”
  5. EFF’s grav­i­tas in the online pri­va­cy com­mu­ni­ty lent Tor great cred­i­bil­i­ty: ” . . . . EFF’s sup­port for Tor was a big deal. The orga­ni­za­tion com­mand­ed respect in Sil­i­con Val­ley and was wide­ly seen as the ACLU of the Inter­net Age. The fact that it backed Tor meant that no hard ques­tions would be asked about the anonymi­ty tool’s mil­i­tary ori­gins as it tran­si­tioned to the civil­ian world. And that’s exact­ly what hap­pened. . . .”

  Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 227–228.

. . . . In 2004, [Roger] Din­gle­dine struck out on his own, spin­ning the mil­i­tary onion rout­ing project into a non-prof­it cor­po­ra­tion called the Tor Project and, while still fund­ed by DARPA and the Navy, began scratch­ing around for pri­vate fund­ing. He got help from an unex­pect­ed ally: the Elec­tron­ic Fron­tier Foun­da­tion (EFF), which gave Tor almost a quar­ter mil­lion dol­lars to keep it going while Din­gle­dine looked for oth­er pri­vate spon­sors. The EFF even host­ed Tor’s web­site. To down­load the app, users had to browse to tor.eff.org, where they’d see a reas­sur­ing mes­sage from the EFF: “Your traf­fic is safe when you use Tor.”

Announc­ing its sup­port, the EFF sang Tor’s prais­es. “The Tor Project is a per­fect fit for EFF, because one of our pri­ma­ry goals is to pro­tect the pri­va­cy and anonymi­ty of Inter­net users. Tor can help peo­ple exer­cise their First Amend­ment right to free, anony­mous speech online.” EFF’s tech­nol­o­gy man­ag­er Chris Palmer explained in a 2004 press release, which curi­ous­ly failed to men­tion that Tor was devel­oped pri­mar­i­ly for mil­i­tary intel­li­gence use and was still active­ly fund­ed by the Pen­ta­gon.

Why would the EFF, a Sil­i­con Val­ley advo­ca­cy group that posi­tioned itself as a staunch crit­ic of gov­ern­ment sur­veil­lance pro­grams, help sell a mil­i­tary intel­li­gence com­mu­ni­ca­tions tool to unsus­pect­ing Inter­net users? Well, it was­n’t as strange as it seems.

EFF was only a decade old at the time, but it already had devel­oped a his­to­ry of work­ing with law enforce­ment agen­cies and aid­ing the mil­i­tary. In 1994, EFF worked with the FBI to pass the Com­mu­ni­ca­tions Assis­tance for Law Enforce­ment Act, which required all telecom­mu­ni­ca­tions com­pa­nies to build their equip­ment so that it could be wire­tapped by the FBI. In 1999, EFF worked to sup­port NATO’s bomb­ing cam­paign in Koso­vo with some­thing called the “Koso­vo Pri­va­cy Sup­port,” which aimed to keep the region’s Inter­net access open dur­ing mil­i­tary action. Sell­ing a Pen­ta­gon intel­li­gence project as a grass­roots pri­va­cy tool—it did­n’t seem all that wild. Indeed, in 2002, a few years before it fund­ed Tor, EFF cofounder [John] Per­ry Bar­low casu­al­ly admit­ted that he had been con­sult­ing for intel­li­gence agen­cies for a decade. It seemed that the worlds of sol­diers, spies, and pri­va­cy weren’t as far apart as they appeared.

EFF’s sup­port for Tor was a big deal. The orga­ni­za­tion com­mand­ed respect in Sil­i­con Val­ley and was wide­ly seen as the ACLU of the Inter­net Age. The fact that it backed Tor meant that no hard ques­tions would be asked about the anonymi­ty tool’s mil­i­tary ori­gins as it tran­si­tioned to the civil­ian world. And that’s exact­ly what hap­pened. . . .

7aIn FTR #‘s 891 and 895, we not­ed the pri­ma­ry posi­tion of the Broad­cast­ing Board of Gov­er­nors in the devel­op­ment of the so-called “pri­va­cy” net­works. The BBG is a CIA off­shoot: . . . .  The BBG might have had a bland sound­ing name and pro­fessed a noble mis­sion to inform the world and spread democ­ra­cy. In truth, the orga­ni­za­tion was an out­growth of the Cen­tral Intel­li­gence Agency. . . . The bulk of the BBG is no longer fund­ed from the CIA’s black bud­get, but the agen­cy’s orig­i­nal cold War goal and purpose—subversion and psy­cho­log­i­cal oper­a­tions direct­ed against coun­tries deemed hos­tile to US interests—remain the same. The only thing that did change about the BBG is that today, more of its broad­casts are tak­ing place online . . . .”

  Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 230–233.

. . . .  The BBG might have had a bland sound­ing name and pro­fessed a noble mis­sion to inform the world and spread democ­ra­cy. In truth, the orga­ni­za­tion was an out­growth of the Cen­tral Intel­li­gence Agency. . . .

. . . . The bulk of the BBG is no longer fund­ed from the CIA’s black bud­get, but the agen­cy’s orig­i­nal cold War goal and purpose—subversion and psy­cho­log­i­cal oper­a­tions direct­ed against coun­tries deemed hos­tile to US interests—remain the same. The only thing that did change about the BBG is that today, more of its broad­casts are tak­ing place online . . . .

7b. In our long series of inter­views with Jim DiEu­ge­nio about his mas­ter­work Des­tiny Betrayed, we high­light­ed vet­er­an intel­li­gence offi­cer Wal­ter Sheri­dan’s broad­cast hatch­et job on New Orleans D.A. Jim Gar­rison’s inves­ti­ga­tion of the JFK assas­si­na­tion. The TV hit piece was broad­cast on the NBC net­work.

In our dis­cus­sion of the Sheri­dan broad­cast, we not­ed the efforts of RCA chief David Sarnoff in res­ur­rect­ing the Nazi-run Radio France sta­tion and pre­sid­ing over its con­ver­sion to Radio Free Europe, pre­cur­sor to the BBG. (RCA is the par­ent com­pa­ny of NBC, which aired the Sheri­dan broad­cast.) In res­ur­rect­ing Radio France and mid­wiv­ing its con­ver­sion to Radio Free Europe, Sarnoff, who is Jew­ish, was build­ing on pro­found and trea­so­nous Axis con­nec­tions he main­tained dur­ing the war.

Key points of analy­sis and dis­cus­sion include David Sarnof­f’s suc­cess­ful efforts to restore and expand the Nazi Radio France Sta­tion and re-brand it as “Radio Free Europe.” (Radio France was tak­en over by the Nazis and the Vichy pup­pet regime, and then sab­o­taged as the Third Reich with­drew from France. ” . . . . In 1944, Sarnoff worked for the com­plete restora­tion of the Nazi destroyed Radio France sta­tion in Paris until its sig­nal was able to reach through­out Europe. It was then reti­tled Radio Free Europe. He lat­er lob­bied the White House to expand the range and reach of Radio Free Europe. At about this point, Radio Free Europe became a pet project of Allen Dulles. Sarnoff’s com­pa­ny, Radio Cor­po­ra­tion of Amer­i­ca, became a large part of the tech­no­log­i­cal core of the NSA. . . . Robert was pres­i­dent of RCA, NBC’s par­ent com­pa­ny, at the time Sheridan’s spe­cial aired. David was chair­man. . . .”

Des­tiny Betrayed by Jim DiEu­ge­nio; Sky­horse Pub­lish­ing [SC]; Copy­right 1992, 2012 by Jim DiEu­ge­nio; ISBN 978–1‑62087–056‑3; p. 255.

. . . . It is rel­e­vant to note here that Gen­er­al David Sarnoff, founder of NBC, worked for the Sig­nal Corps dur­ing World War II as a reserve offi­cer. In 1944, Sarnoff worked for the com­plete restora­tion of the Nazi destroyed Radio France sta­tion in Paris until its sig­nal was able to reach through­out Europe. It was then reti­tled Radio Free Europe. He lat­er lob­bied the White House to expand the range and reach of Radio Free Europe. At about this point, Radio Free Europe became a pet project of Allen Dulles. Sarnoff’s com­pa­ny, Radio Cor­po­ra­tion of Amer­i­ca, became a large part of the tech­no­log­i­cal core of the NSA. Dur­ing the war, David’s son Robert worked in the broad­cast arm of the Office of Strate­gic Ser­vices (OSS), the fore­run­ner of the CIA. Robert was pres­i­dent of RCA, NBC’s par­ent com­pa­ny, at the time Sheridan’s spe­cial aired. David was chair­man. . .

7c. In Trad­ing with the Ene­my, Charles High­am chron­i­cled the deep involve­ment of David Sarnoff with the Tran­sra­dio Con­sor­tium, which joined the Axis nations with the West­ern Allies in a telecom­mu­ni­ca­tions car­tel that pro­vid­ed vital–and lethal–intelligence to the Axis dur­ing the war.

Key points of analy­sis and dis­cus­sion include:

  1. Sarnof­f’s RCA was part of the Tran­sra­dio Con­sor­tium, some­thing of a broad­cast car­tel meld­ing Axis and West­ern Allied broad­cast estab­lish­ments: ” . . . . RCA was in part­ner­ship before and after Pearl Har­bor with British Cable and Wire­less; with Tele­funken, the Nazi com­pa­ny; with Ital­ca­ble, whol­ly owned by the Mus­soli­ni gov­ern­ment; and with Vichy’s Com­pag­nie Gen­erale, in an orga­ni­za­tion known as the Tran­sra­dio Con­sor­tium, with Gen­er­al Robert C. Davis, head of the New York Chap­ter of the Amer­i­can Red Cross, as its chair­man. In turn, RCA, British Cable and Wire­less, and the Ger­man and Ital­ian com­pa­nies had a share with ITT in TTP (Telegrafi­ca y Tele­fon­i­ca del Pla­ta), an Axis-con­trolled com­pa­ny pro­vid­ing tele­graph and tele­phone ser­vice between Buenos Aires and Mon­te­v­ideo. Nazis in Mon­te­v­ideo could tele­phone Buenos Aires through TTP with­out com­ing under the con­trol of either the state-owned sys­tem in Uruguay or the ITT sys­tem in Argenti­na. Mes­sages, often dan­ger­ous to Amer­i­can secu­ri­ty, were trans­mit­ted direct­ly to Berlin and Rome by Tran­sra­dio. Anoth­er share­hold­er was ITT’s Ger­man ‘rival,’ Siemens, which linked cables and net­works with Behn south of Pana­ma. . . .”
  2. Tran­sra­dio Con­sor­tium was the vehi­cle for lethal­ly trea­so­nous com­mu­ni­ca­tions dur­ing the war: ” . . . . But the pub­lic, which thought of Sarnoff as a pil­lar of patri­o­tism, would have been aston­ished to learn of his part­ner­ship with the ene­my through Tran­sra­dio and TTP. The British pub­lic, belea­guered and bombed, would have been equal­ly shocked to learn that British Cable and Wire­less, 10 per­cent owned by the British gov­ern­ment, and under vir­tu­al gov­ern­ment con­trol in wartime, was in fact also in part­ner­ship with the Ger­mans and Ital­ians through the same com­pa­nies and prox­ies. . . . Simul­ta­ne­ous­ly, the Tran­sra­dio sta­tions, accord­ing to State Depart­ment reports with the full knowl­edge of David Sarnoff, kept up a direct line to Berlin. The amount of intel­li­gence passed along the lines can scarce­ly be cal­cu­lat­ed. The Lon­don office was in con­stant touch with New York through­out the war, sift­ing through reports from Argenti­na, Brazil, and Chile and send­ing com­pa­ny reports to the Ital­ian and Ger­man inter­ests. . . .”

  Trad­ing with the Ene­my: An Expose of the Nazi-Amer­i­can Mon­ey Plot 1933–1949 by Charles High­am; Dela­corte Press [HC]; Copy­right 1983 by Charles High­am; ISBN 10–0440090644; 13–978-0440090649; pp. 104–107.

. . . . In South Amer­i­ca, Sos­thenes Behn was in part­ner­ship (as well as rival­ry) with an even more pow­er­ful organ­ism: the giant Radio Cor­po­ra­tion of Amer­i­ca, which owned the NBC radio net­work. RCA was in part­ner­ship before and after Pearl Har­bor with British Cable and Wire­less; with Tele­funken, the Nazi com­pa­ny; with Ital­ca­ble, whol­ly owned by the Mus­soli­ni gov­ern­ment; and with Vichy’s Com­pag­nie Gen­erale, in an orga­ni­za­tion known as the Tran­sra­dio Con­sor­tium, with Gen­er­al Robert C. Davis, head of the New York Chap­ter of the Amer­i­can Red Cross, as its chair­man. In turn, RCA, British Cable and Wire­less, and the Ger­man and Ital­ian com­pa­nies had a share with ITT in TTP (Telegrafi­ca y Tele­fon­i­ca del Pla­ta), an Axis-con­trolled com­pa­ny pro­vid­ing tele­graph and tele­phone ser­vice between Buenos Aires and Mon­te­v­ideo. Nazis in Mon­te­v­ideo could tele­phone Buenos Aires through TTP with­out com­ing under the con­trol of either the state-owned sys­tem in Uruguay or the ITT sys­tem in Argenti­na.

Mes­sages, often dan­ger­ous to Amer­i­can secu­ri­ty, were trans­mit­ted direct­ly to Berlin and Rome by Tran­sra­dio. Anoth­er share­hold­er was ITT’s Ger­man “rival,” Siemens, which linked cables and net­works with Behn south of Pana­ma.

The head of RCA dur­ing World War II was Colonel David Sarnoff, a stocky, square-set, deter­mined man with a slow, sub­dued voice, who came from Rus­sia as an immi­grant at the turn of the cen­tu­ry and began as a news­pa­per sell­er, mes­sen­ger boy, and Mar­coni Wire­less oper­a­tor. . . .

. . . . After Pearl Har­bor, Sarnoff cabled Roo­sevelt, “All of our facil­i­ties and per­son­nel are ready and at your instant ser­vice. We await your com­mand.” Sarnoff played a cru­cial role, as cru­cial as Behn’s, in the U.S. war effort, and, like Behn, he was giv­en a colonel­cy in the U.S. Sig­nal Corps. He solved com­plex prob­lems, dealt with a maze of dif­fi­cult require­ments by the twelve mil­lion mem­bers of the U.S. armed forces, and coor­di­nat­ed details relat­ed to the Nor­mandy land­ings. He pre­pared the whole print­ed and elec­tron­ic press-cov­er­age of V‑J day; in Lon­don in 1944, with head­quar­ters at Clar­idge’s Hotel, he was Eisen­how­er’s inspired con­sul­tant and earned the Medal of Mer­it for his help in the occu­pa­tion of Europe.

Open­ing in 1943 with a cho­rus of praise from var­i­ous gen­er­als, the new RCA lab­o­ra­to­ries had proved to be indis­pens­able in time of war.

But the pub­lic, which thought of Sarnoff as a pil­lar of patri­o­tism, would have been aston­ished to learn of his part­ner­ship with the ene­my through Tran­sra­dio and TTP. The British pub­lic, belea­guered and bombed, would have been equal­ly shocked to learn that British Cable and Wire­less, 10 per­cent owned by the British gov­ern­ment, and under vir­tu­al gov­ern­ment con­trol in wartime, was in fact also in part­ner­ship with the Ger­mans and Ital­ians through the same com­pa­nies and prox­ies. . . .

. . . . Simultaneously, the Transradio stations, according to State Department reports with the full knowledge of David Sarnoff, kept up a direct line to Berlin. The amount of intelligence passed along the lines can scarcely be calculated. The London office was in constant touch with New York throughout the war, sifting through reports from Argentina, Brazil, and Chile and sending company reports to the Italian and German interests.

7d. Rely­ing on Gehlen “org” per­son­nel and alum­ni, Radio Free Europe built effec­tive­ly up from fas­cist foun­da­tions to cor­re­spond­ing func­tion­al real­i­ty:

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; p. 232.

. . . . In some cas­es, the  sta­tions, espe­cial­ly  those tar­get­ing Ukraine, Ger­many, and the  Baltic States, were staffed by known Nazi col­lab­o­ra­tors and broad­cast anti-Semit­ic pro­pa­gan­da. . . . 

8. The BBG (read “CIA”) was a major backer of the Tor Project: ” . . . . . . . . It was Wednes­day morn­ing, Feb­ru­ary 8, 2006, when Roger Din­gle­dine got the email he had been bad­ly wait­ing for. The Broad­cast­ing Board of Gov­er­nors had final­ly agreed to back the Tor Project. . . . With­in a year, the agency increased Tor’s con­tract to a quar­ter mil­lion dol­lars, and then bumped it up again to almost a mil­lion just a few years lat­er. The rela­tion­ship also led to major con­tracts with oth­er fed­er­al agen­cies, boost­ing Tor’s mea­ger oper­at­ing bud­get to sev­er­al mil­lion dol­lars a year. . . .”

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 228–229.

. . . . It was Wednes­day morn­ing, Feb­ru­ary 8, 2006, when Roger Din­gle­dine got the email he had been bad­ly wait­ing for. The Broad­cast­ing Board of Gov­er­nors had final­ly agreed to back the Tor Project. . . .

. . . . The Broad­cast­ing Board of Gov­er­nors, or BBG, seemed to offer a com­pro­mise. A large fed­er­al agency with close ties to the State Depart­ment, BBG ran Amer­i­ca’s for­eign broad­cast­ing oper­a­tion: Voice of Amer­i­ca, Radio Free Europe/Radio Lib­er­ty, and Radio Free Asia. It was a gov­ern­ment agency, so that was­n’t ide­al. But at least it had an altru­is­tic-sound­ing mis­sion:  “to inform, engage, and con­nect peo­ple around the world in sup­port of free­dom and democ­ra­cy.” Any­way, gov­ern­ment or not, Din­gle­dine did­n’t have much choice. Mon­ey was tight and this seemed to be the best he could line up. So he said yes.

It was a smart move. The ini­tial $80,000 was just the begin­ning. With­in a year, the agency increased Tor’s con­tract to a quar­ter mil­lion dol­lars, and then bumped it up again to almost a mil­lion just a few years lat­er. The rela­tion­ship also led to major con­tracts with oth­er fed­er­al agen­cies, boost­ing Tor’s mea­ger oper­at­ing bud­get to sev­er­al mil­lion dol­lars a year. . . .

9The essence of the Tor Project: ” . . . . The Tor Project was not a rad­i­cal indie orga­ni­za­tion fight­ing The Man. For all intents and pur­pos­es, it was The Man. Or, at least, The Man’s right hand. . . . inter­nal cor­re­spon­dence reveals Tor’s close col­lab­o­ra­tion with the BBG and mul­ti­ple oth­er wings of the US gov­ern­ment, in par­tic­u­lar those that dealt with for­eign pol­i­cy and soft-pow­er pro­jec­tion. Mes­sages describe meet­ings, train­ings, and con­fer­ences with the NSA, CIA, FBI and State Depart­ment. . . . The fund­ing record tells the sto­ry even more pre­cise­ly. . . . Tor was sub­sist­ing almost exclu­sive­ly on gov­ern­ment con­tracts. By 2008, that includ­ed  con­tracts with DARPA, the Navy, the BBG, and the State Depart­ment as well as Stan­ford Research Insti­tute’s Cyber-Threat Ana­lyt­ics pro­gram. . . .” 

  Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 237–238.

. . . . The cor­re­spon­dence left lit­tle room for doubt. The Tor Project was not a rad­i­cal indie orga­ni­za­tion fight­ing The Man. For all intents and pur­pos­es, it was The Man. Or, at least, The Man’s right hand. Inter­mixed with updates on new hires, sta­tus reports, chat­ty sug­ges­tions for hikes and vaca­tion spots, and the usu­al office ban­ter, inter­nal cor­re­spon­dence reveals Tor’s close col­lab­o­ra­tion with the BBG and mul­ti­ple oth­er wings of the US gov­ern­ment, in par­tic­u­lar those that dealt with for­eign pol­i­cy and soft-pow­er pro­jec­tion. Mes­sages describe meet­ings, train­ings, and con­fer­ences with the NSA, CIA, FBI and State Depart­ment. There are strat­e­gy ses­sions and dis­cus­sions about the need to influ­ence news cov­er­age and con­trol bad press. The cor­re­spon­dence also shows Tor employ­ees tak­ing orders from their han­dlers in the fed­er­al gov­ern­ment, includ­ing plans to deploy their anonymi­ty tool in coun­tries deemed hos­tile to US inter­ests; Chi­na, Iran, Viet­nam, and, of course, Rus­sia. . . .

. . . . The fund­ing record tells the sto­ry even more pre­cise­ly. . . . Tor was sub­sist­ing almost exclu­sive­ly on gov­ern­ment con­tracts. By 2008, that includ­ed  con­tracts with DARPA, the Navy, the BBG, and the State Depart­ment as well as Stan­ford Research Insti­tute’s Cyber-Threat Ana­lyt­ics pro­gram. . . . 

10. Next, we high­light the career of Jacob Appel­baum, the Amer­i­can Wik­iLeak­er. This sup­posed “pro­gres­sive” is a devo­tee of Ayn Rand.

   Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; p. 239.

 . . . . Like most young lib­er­tar­i­ans, he was enchant­ed by Ayn Rand’s The Foun­tain­head, which he described as one of his favorite books. “I took up this book while I was trav­el­ing around Europe last year. Most of my super left wing friends real­ly dis­like Ayn Rand for some rea­son or anoth­er. I can­not even begin to fath­om why, but hey, to each their own,” he wrote in his blog diary. “While read­ing The Foun­tain­head, I felt like I was read­ing a sto­ry about peo­ple that I knew in my every­day life. The char­ac­ters were sim­ple. The sto­ry was sim­ple. What I found com­pelling was the moral behind the sto­ry. I sup­pose it may be summed up in one line . . . Those that seek to gath­er you togeth­er for self­less actions, wish to enslave you for their own gain.” . . . .

11. Appel­baum went to work for the Tor Project and did much to fos­ter use of the net­work: . . . . With­in months of get­ting the job, he assumed the role of offi­cial Tor Project spokesman and began pro­mot­ing Tor as a pow­er­ful weapon against gov­ern­ment oppres­sion. . . . Over the next sev­er­al years, Din­gledine’s reports back to the BBG [read “CIA”–D.E.] were filled with descrip­tions of Appel­baum’s suc­cess­ful out­reach. . . .”

   Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 240—241.

. . . . And in 2008, Appel­baum final­ly got his dream job—a posi­tion that could expand with his giant ego and ambi­tion.

In April of that year, Din­gle­dine hired him as a  full-time Tor con­trac­tor. He had a start­ing salary of $96,000 plus ben­e­fits and was put to work mak­ing Tor more user-friend­ly. He was a good coder, but he did­n’t stay focused on the tech­ni­cal side for long. As Din­gle­dine dis­cov­ered, Appel­baum proved bet­ter and much more use­ful at some­thing else: brand­ing and pub­lic rela­tions. . . .

. . . . With­in months of get­ting the job, he assumed the role of offi­cial Tor Project spokesman and began pro­mot­ing Tor as a pow­er­ful weapon against gov­ern­ment oppres­sion. . . .

. . . . Over the next sev­er­al years, Din­gledine’s reports back to the BBG [read “CIA”–D.E.] were filled with descrip­tions of Appel­baum’s suc­cess­ful out­reach. “Lots of Tor advo­ca­cy,” wrote Din­gle­dine.  “Anoth­er box of Tor stick­ers applied to many lap­tops. Lots of peo­ple were inter­est­ed in Tor and many peo­ple installed Tor on both lap­tops and servers. This advo­ca­cy result­ed in at least two new high band­width nodes that he helped the admin­is­tra­tors con­fig­ure.” Inter­nal doc­u­ments show that the pro­posed bud­get for Din­gle­dine and Appel­baum’s glob­al pub­lic­i­ty pro­gram was $20,000 a year, which includ­ed a pub­lic rela­tions strat­e­gy. “Craft­ing a mes­sage that the media can under­stand is a crit­i­cal piece of this,” Din­gle­dine explained in a 2008 pro­pos­al. “This isn’t so much about get­ting good press about Tor as it is about prepar­ing jour­nal­ists so if they see bad press and con­sid­er spread­ing it fur­ther, they’ll stop and think.” . . . .

12. Next, we dis­cuss Appel­baum’s net­work­ing with Julian Assange, and how that liai­son led to Tor being used for the alleged­ly secure, anony­mous Wik­iLeaks oper­a­tion.

” . . . . Appel­baum decid­ed to attach him­self to the Wik­iLeaks cause. He spent a few weeks with Assange and the orig­i­nal Wik­iLeaks crew in Ice­land as they pre­pared their first major release and helped secure the site’s anony­mous sub­mis­sions sys­tem using Tor’s hid­den ser­vice fea­ture, which hid the phys­i­cal loca­tion of Wik­iLeaks servers and in the­o­ry made them much less sus­cep­ti­ble to sur­veil­lance and attack. From then on, the Wik­iLeaks site proud­ly adver­tised Tor: ‘secure, anony­mous, dis­trib­uted net­work for max­i­mum secu­ri­ty.’ . . . . Appel­baum did his best to be Assange’s right-hand man. He served as the orga­ni­za­tion’s offi­cial Amer­i­can rep­re­sen­ta­tive and bailed the founder of Wik­iLeaks out of tough spots when the heat from US author­i­ties got too hot. Appel­baum became so inter­twined with Wik­iLeaks that appar­ent­ly some staffers talked about him lead­ing the orga­ni­za­tion if some­thing were to hap­pen to Assange. . . . Assange gave Appel­baum and Tor wide cred­it for help­ing Wik­iLeaks. ‘Jake has been a tire­less pro­mot­er behind the scenes of our cause,’ he told a reporter. ‘Tor’s impor­tance to Wik­iLeaks can­not be under­es­ti­mat­ed.’ With those words, Appel­baum and the Tor Project became cen­tral heroes in the Wik­iLeaks saga, right behind Assange. . . .”

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 242—243.

. . . . Jacob Appel­baum and Julian Assange had met in Berlin some­time in 2005, just as the mys­te­ri­ous Aus­tralian hack­er was get­ting ready to set Wik­iLeaks in motion. . . .

. . . . Appel­baum decid­ed to attach him­self to the Wik­iLeaks cause. He spent a few weeks with Assange and the orig­i­nal Wik­iLeaks crew in Ice­land as they pre­pared their first major release and helped secure the site’s anony­mous sub­mis­sions sys­tem using Tor’s hid­den ser­vice fea­ture, which hid the phys­i­cal loca­tion of Wik­iLeaks servers and in the­o­ry made them much less sus­cep­ti­ble to sur­veil­lance and attack. From then on, the Wik­iLeaks site proud­ly adver­tised Tor: “secure, anony­mous, dis­trib­uted net­work for max­i­mum secu­ri­ty.” . . . .

. . . . Assange was sud­den­ly one of the most famous peo­ple in he world—a fear­less rad­i­cal tak­ing on the awe­some pow­er of the Unit­ed States. Appel­baum did his best to be Assange’s right-hand man. He served as the orga­ni­za­tion’s offi­cial Amer­i­can rep­re­sen­ta­tive and bailed the founder of Wik­iLeaks out of tough spots when the heat from US author­i­ties got too hot. Appel­baum became so inter­twined with Wik­iLeaks that appar­ent­ly some staffers talked about him lead­ing the orga­ni­za­tion if some­thing were to hap­pen to Assange. But Assange kept firm con­trol of Wik­iLeaks, even after he was forced to go into hid­ing at the Ecuado­ri­an embassy in Lon­don to escape extra­di­tion back to Swe­den to face an inves­ti­ga­tion of rape alle­ga­tions.

It’s not clear whether Assange knew that Appel­baum’s salary was being paid by the same  gov­ern­ment he was try­ing to destroy. What  is clear is that Assange gave Appel­baum and Tor wide cred­it for help­ing Wik­iLeaks. “Jake has been a tire­less pro­mot­er behind the scenes of our cause,” he told a reporter. “Tor’s impor­tance to Wik­iLeaks can­not be under­es­ti­mat­ed.”

With those words, Appel­baum and the Tor Project became cen­tral heroes in the Wik­iLeaks saga, right behind Assange. . . .

Discussion

3 comments for “FTR #1078 Surveillance Valley, Part 4: Tor Up (Foxes Guarding the Online Privacy Henhouse, Part 1.)”

  1. Peter Thiel cre­at­ed news a cou­ple days ago when he sug­gest­ed dur­ing a speech at the Nation­al Con­ser­vatism Con­fer­ence that Google should be inves­ti­gat­ed for pos­si­ble trea­son over what Thiel describes as Google’s deci­sion to coop­er­ate with the Chi­nese gov­ern­ment but not the US gov­ern­ment and the infil­tra­tion of Google’s exec­u­tive board by the Chi­nese gov­ern­ment. Thiel’s charges were made in the con­text of a dis­cus­sion about the poten­tial mil­i­tary appli­ca­tions of AI and the nation-state AI race cre­at­ed by this poten­tial mil­i­tary use and a ref­er­ence to the par­al­lel sto­ries of Google agree­ing to work with the Chi­nese gov­ern­ment in build­ing a cen­sored search engine at the same time Google end­ed a con­tract with the US Depart­ment of Defense that allowed the DOD to use Google’s arti­fi­cial intel­li­gence tools to ana­lyze drone footage. So it’s going to be inter­est­ing to see how Google responds. Not just a response defend­ing itself from Thiel’s charges but also a response hit­ting back at Palan­tir.

    What unpleas­ant things about Palan­tir and Thiel might Google decide to start talk­ing about? We’ll see, but it looks like Thiel is itch­ing to start a Sil­i­con Val­ley Defense Con­trac­tor fight. Pre­sum­ably part of the motive is to gain advan­tage in the bid­ding wars for nation­al secu­ri­ty AI gov­ern­ment con­tracts.

    But giv­en that Thiel’s com­ments hap­pened on Sun­day, the same day Pres­i­dent Trump’s high-pro­file pre-announced mul­ti-city mass depor­ta­tion ICE raids of undoc­u­ment­ed immi­grants start­ed, it’s worth keep­ing in mind that part of the motive for Thiel’s deci­sion to pick a fight with Google may have involved pre­emp­tive­ly deflect­ing atten­tion away from the role Palan­tir plays in pro­vid­ing mass data­bas­es of immi­grants for ICE. Palan­tir’s soft­ware is used to build pro­files on immi­grants by merg­ing data­bas­es from mul­ti­ple sources includ­ing DHS and the FBI. So it’s going to be inter­est­ing to see if Google ends up find­ing a way to pub­licly bring up Palan­tir’s role build­ing immi­grant data­bas­es for ICE.

    But as the fol­low­ing arti­cle makes clear, Palan­tir isn’t the only Sil­i­con Val­ley con­trac­tor build­ing large com­pre­hen­sive data­bas­es about peo­ple for the US gov­ern­ment. The Depart­ment of Home­land Secu­ri­ty’s Office of Bio­met­ric Iden­ti­ty Man­age­ment is replac­ing its bio­met­ric analy­sis plat­form. The cur­rent sys­tem, called the the Auto­mat­ed Bio­met­ric Iden­ti­fi­ca­tion Sys­tem, or IDENT, is a data­base of bio­met­ric data and bio­graph­i­cal data col­lect­ed by gov­ern­ment agen­cies, includ­ing the Trans­porta­tion Secu­ri­ty Admin­is­tra­tion, Cus­toms and Bor­der Pro­tec­tion, Secret Ser­vice and oth­er DHS agen­cies. IDENT is billed as allow­ing offi­cials to quick­ly iden­ti­fy sus­pect­ed ter­ror­ists, immi­gra­tion vio­la­tors, crim­i­nals and any­one else includ­ed in their data­bas­es. So it’s worth keep­ing that mass bio­met­rics could be part of any cur­rent of future mass immi­gra­tion raids. The capa­bil­i­ty is already there in IDENT, and now that sys­tem is get­ting an upgrade.

    The planned new bio­met­rics sys­tem, the Home­land Advanced Recog­ni­tion Tech­nol­o­gy Sys­tem, or HART, will expand on those capa­bil­i­ties with tools that can iden­ti­fy indi­vid­u­als based on DNA, palm prints, scars, phys­i­cal mark­ings and tat­toos.

    Northrop Grum­man won a $95 mil­lion con­tract to devel­op the first two stages of the HART sys­tem but that con­tract will expire in 2021. The gov­ern­ment is going to be solic­it­ing bids for the next phase of devel­op­ment, so that’s going to be a bid­ding war to watch since the win­ner is going to get to get access to that mas­sive bio­met­ric data­base.

    DHS can also access the State Department’s Con­sular Con­sol­i­dat­ed Data­base of 500 mil­lion pass­port, visa, and expat records, along with the data­bas­es of “sev­er­al for­eign gov­ern­ments as well as state, local, trib­al and ter­ri­to­r­i­al law enforce­ment agen­cies.” In addi­tion, DHS shares its bio­met­ric data­base with oth­er gov­ern­ment agen­cies like the DOD and FBI, so the HART data­base is going to draw infor­ma­tion in from more than just the DHS’s agen­cies and then shared with more than just DHS.

    There’s anoth­er aspect of HART that’s going to be con­tract­ed out and the con­trac­tor has already been select­ed: while IDENT was host­ed on gov­ern­ment-run servers, the new HART sys­tem will be host­ed on Ama­zon’s cloud for gov­ern­ment ser­vices (the “Gov­Cloud”), which should make access­ing it much eas­i­er for all sorts of agen­cies. As the arti­cle notes, Ama­zon already pro­vides cloud ser­vices for sen­si­tive infor­ma­tion for the CIA, DOD, NASA, and oth­er fed­er­al agen­cies. So at this point we can be con­fi­dent that Ama­zon is going to be real­ly, real­ly, real­ly good at iden­ti­fy­ing spe­cif­ic indi­vid­u­als for the fore­see­able future:

    NextGov

    DHS to Move Bio­met­ric Data on Hun­dreds of Mil­lions of Peo­ple to Ama­zon Cloud

    By JACK CORRIGAN
    JUNE 19, 2019

    The Home­land Secu­ri­ty Depart­ment is look­ing to upgrade the soft­ware it uses to ana­lyze bio­met­ric data on hun­dreds of mil­lions of peo­ple around the globe, and it plans to store that infor­ma­tion in Amazon’s cloud.

    The agency’s Office of Bio­met­ric Iden­ti­ty Man­age­ment will replace its lega­cy bio­met­ric analy­sis plat­form, called the Auto­mat­ed Bio­met­ric Iden­ti­fi­ca­tion Sys­tem, or IDENT, with a new, more robust sys­tem host­ed by Ama­zon Web Ser­vices, accord­ing to a request for infor­ma­tion released Mon­day.

    IDENT essen­tial­ly serves as an enter­prisewide clear­ing­house for troves of bio­met­ric and bio­graph­ic data col­lect­ed by the Trans­porta­tion Secu­ri­ty Admin­is­tra­tion, Cus­toms and Bor­der Pro­tec­tion, Secret Ser­vice and oth­er Home­land Secu­ri­ty com­po­nents. The sys­tem links fin­ger­print, iris and face data to bio­graph­ic infor­ma­tion, allow­ing offi­cials to quick­ly iden­ti­fy sus­pect­ed ter­ror­ists, immi­gra­tion vio­la­tors, crim­i­nals and any­one else includ­ed in their data­bas­es.

    In total, IDENT con­tains infor­ma­tion on more than 250 mil­lion peo­ple, a Home­land Secu­ri­ty spokesper­son told Nextgov.

    Accord­ing to the solic­i­ta­tion, Home­land Secu­ri­ty is in the process of replac­ing IDENT with the Home­land Advanced Recog­ni­tion Tech­nol­o­gy Sys­tem, or HART. The new sys­tem will include the same bio­met­ric recog­ni­tion fea­tures as its pre­de­ces­sor, and poten­tial­ly addi­tion­al tools that could iden­ti­fy indi­vid­u­als based on DNA, palm prints, scars, phys­i­cal mark­ings and tat­toos.

    Where­as IDENT stores records in gov­ern­ment-run data cen­ters, the Home­land Secu­ri­ty solic­i­ta­tion states “HART will reside in the Ama­zon Web Ser­vices (AWS) FedRAMP cer­ti­fied Gov­Cloud.” Fur­ther, “bio­met­ric match­ing capa­bil­i­ties for fin­ger­print, iris, and facial match­ing will be inte­grat­ed with HART in the Ama­zon Web Ser­vices Gov­Cloud.” Ama­zon Web Ser­vices will also store HART’s bio­met­ric image data.

    Ama­zon Web Ser­vices’ Gov­Cloud US-East and US-West regions are data cen­ters specif­i­cal­ly built by the com­pa­ny to house some of the government’s most restrict­ed infor­ma­tion. AWS is no stranger to host­ing sen­si­tive gov­ern­ment data, hav­ing already claimed the CIA, Defense Depart­ment, NASA and oth­er fed­er­al agen­cies as cus­tomers in part because of per­ceived secu­ri­ty improve­ments over gov­ern­ment lega­cy sys­tems.

    When reached for com­ment, an AWS spokesper­son referred inquiries to DHS.

    In 2018, Northrop Grum­man won a $95 mil­lion con­tract to devel­op the first two stages of the HART sys­tem, and its con­tract is set to expire in 2021. The depart­ment plans to use respons­es to the lat­est solic­i­ta­tion to inform its strat­e­gy for fur­ther devel­op­ing the plat­form, the DHS spokesper­son said.

    Specif­i­cal­ly, offi­cials are ask­ing ven­dors for ideas on how to build those mul­ti­ple iden­ti­fi­ca­tion func­tions into the new sys­tem, while leav­ing room to add any new recog­ni­tion “modal­i­ties” as they arise. Offi­cials also want input on devel­op­ing a hand­ful of gen­er­al report­ing, ana­lyt­ics and search tools, as well as desk­top and mobile web por­tals where Home­land Secu­ri­ty employ­ees can access the sys­tem.

    ...

    In addi­tion to the hun­dreds of mil­lions of records stored local­ly in its IDENT sys­tem, Home­land Secu­ri­ty can also access swaths of bio­met­ric infor­ma­tion housed at oth­er agen­cies.

    Accord­ing to the solic­i­ta­tion, the agency shares bio­met­ric data and tech­nol­o­gy with the Defense Depart­ment and the FBI, which can access some 640 mil­lion pho­tos for its own facial recog­ni­tion oper­a­tions. Offi­cials also said they can tap into the State Department’s Con­sular Con­sol­i­dat­ed Database—which con­tained near­ly 500 mil­lion pass­port, visa and expat records as of 2016—as well as the data­bas­es of “sev­er­al for­eign gov­ern­ments as well as state, local, trib­al and ter­ri­to­r­i­al law enforce­ment agen­cies.”

    The government’s use of bio­met­ric tech­nol­o­gy, par­tic­u­lar­ly facial recog­ni­tion, has come under sharp scruti­ny in recent months. Mem­bers of the House Over­sight Com­mit­tee have expressed broad bipar­ti­san sup­port for rein­ing in the use of bio­met­rics at agen­cies like the FBI, and on Mon­day, a group of law­mak­ers raised con­cerns about CBP’s expand­ing facial recog­ni­tion pro­gram.

    ———-

    “DHS to Move Bio­met­ric Data on Hun­dreds of Mil­lions of Peo­ple to Ama­zon Cloud” by JACK CORRIGAN; NextGov; 06/19/2019

    “Where­as IDENT stores records in gov­ern­ment-run data cen­ters, the Home­land Secu­ri­ty solic­i­ta­tion states “HART will reside in the Ama­zon Web Ser­vices (AWS) FedRAMP cer­ti­fied Gov­Cloud.” Fur­ther, “bio­met­ric match­ing capa­bil­i­ties for fin­ger­print, iris, and facial match­ing will be inte­grat­ed with HART in the Ama­zon Web Ser­vices Gov­Cloud.” Ama­zon Web Ser­vices will also store HART’s bio­met­ric image data.

    Well, let’s hope Ama­zon’s Gov­Cloud does­n’t get hacked. And keeps its Gov­Cloud employ­ees hap­py.

    when it comes to future mass depor­ta­tion ICE raids, it sounds like the HART sys­tem will be cen­tral to that since it will allow offi­cials to quick­ly iden­ti­fy sus­pect­ed immi­gra­tion law vio­la­tors:

    ...
    IDENT essen­tial­ly serves as an enter­prisewide clear­ing­house for troves of bio­met­ric and bio­graph­ic data col­lect­ed by the Trans­porta­tion Secu­ri­ty Admin­is­tra­tion, Cus­toms and Bor­der Pro­tec­tion, Secret Ser­vice and oth­er Home­land Secu­ri­ty com­po­nents. The sys­tem links fin­ger­print, iris and face data to bio­graph­ic infor­ma­tion, allow­ing offi­cials to quick­ly iden­ti­fy sus­pect­ed ter­ror­ists, immi­gra­tion vio­la­tors, crim­i­nals and any­one else includ­ed in their data­bas­es.

    In total, IDENT con­tains infor­ma­tion on more than 250 mil­lion peo­ple, a Home­land Secu­ri­ty spokesper­son told Nextgov.

    Accord­ing to the solic­i­ta­tion, Home­land Secu­ri­ty is in the process of replac­ing IDENT with the Home­land Advanced Recog­ni­tion Tech­nol­o­gy Sys­tem, or HART. The new sys­tem will include the same bio­met­ric recog­ni­tion fea­tures as its pre­de­ces­sor, and poten­tial­ly addi­tion­al tools that could iden­ti­fy indi­vid­u­als based on DNA, palm prints, scars, phys­i­cal mark­ings and tat­toos.
    ...

    You have to won­der if Palan­tir’s data­base of pro­files on immi­grants will be incor­po­rat­ed into the HART sys­tem. You also have to won­der if Palan­tir is going to get access to the sys­tem. Based on Palan­tir’s busi­ness mod­el is seems like exact­ly the kind of data­base Palan­tir would get access to. And that points towards one of the oth­er big ques­tions for this planned sys­tem: we know gov­ern­ment agen­cies out­side of DHS will be able to access it. But how about all the Sil­i­con Val­ley con­trac­tors work­ing for the gov­ern­ment like Palan­tir, Google, and all the rest. Will they also get to access HART as part of their gov­ern­ment work? If so, we should prob­a­bly expect more than just Ama­zon to get real­ly, real­ly, real­ly good at iden­ti­fy­ing peo­ple, includ­ing peo­ple tar­get­ed for politi­cized mass depor­ta­tions.

    Posted by Pterrafractyl | July 16, 2019, 12:34 pm
  2. Here’s a sto­ry worth keep­ing an regard­ing the grow­ing role that Ama­zon’s cloud ser­vices has in host­ing sen­si­tive data for the US gov­ern­ment, like the planned DHS bio­met­ric data­base that’s going to be host­ed Ama­zon’s cloud: When it comes to the CIA’s exist­ing $600 mil­lion cloud com­put­ing con­tract, Ama­zon has long been the exclu­sive provider. But the CIA has big plans for spend­ing “tens of bil­lions” on dol­lars on an upgrade to its cloud capa­bil­i­ties. But this time the con­tract is going to be going to mul­ti­ple cloud ser­vice providers.

    Inter­est­ing­ly, the doc­u­ments for the planned con­tract indi­cate that the planned cloud will need to sup­port cloud con­nec­tions at “tac­ti­cal edge loca­tions,” imply­ing that it’s going to be used for intel­li­gence-gath­er­ing oper­a­tions world­wide, some­thing anal­o­gous to the vision of Project Agile in the 1960’s cov­ered in Sur­veil­lance Val­ley.

    So it sounds like there’s going to be mul­ti­ple tech giants involved in host­ing the CIA’s sen­si­tive secrets going for­ward and the cloud is going to be built to touch the entire globe:

    The Wash­ing­ton Post

    CIA long relied exclu­sive­ly on Ama­zon for its cloud com­put­ing. Now it is seek­ing mul­ti­ple providers for a mas­sive new con­tract.

    By Aaron Gregg
    April 2, 2019

    The Cen­tral Intel­li­gence Agency is tak­ing ear­ly steps toward procur­ing a mas­sive cloud com­put­ing infra­struc­ture to sup­port its nation­al secu­ri­ty mis­sion, accord­ing to doc­u­ments reviewed by The Wash­ing­ton Post, with plans to award a con­tract worth “tens of bil­lions” of dol­lars to more than one cloud provider by 2021.

    The cloud effort, known as the C2E Com­mer­cial Cloud Enter­prise, builds on an ear­li­er $600 mil­lion cloud com­put­ing con­tract that was award­ed to Amazon’s cloud com­put­ing divi­sion in 2013. And it runs par­al­lel to a sep­a­rate, $10 bil­lion cloud effort being pur­sued by the Defense Depart­ment. Both efforts are meant to out­fit U.S. nation­al secu­ri­ty agen­cies with next-gen­er­a­tion cloud com­put­ing inno­va­tions from Sil­i­con Val­ley.

    The agency’s deci­sion to award the con­tract to more than one com­pa­ny could prove to be a major depar­ture from its past cloud com­put­ing efforts, which have almost exclu­sive­ly involved Ama­zon. The C2E con­tract is sure to become a source of intense com­pe­ti­tion between the two lead­ing U.S. com­mer­cial cloud providers, Ama­zon and Microsoft. And oth­er com­peti­tors includ­ing IBM, Ora­cle and Google may see an oppor­tu­ni­ty to gain mar­ket share.

    An exec­u­tive from IBM’s fed­er­al busi­ness unit, which com­petes with Ama­zon Web Ser­vices, laud­ed the CIA’s deci­sion to turn to more than one cloud provider.

    “The world’s largest enter­pris­es are mov­ing to mul­ti-cloud envi­ron­ments because of their secu­ri­ty, flex­i­bil­i­ty and resilience,” IBM Fed­er­al gen­er­al man­ag­er Sam Gordy said in an email. “The CIA’s approach to C2E clear­ly rec­og­nizes the val­ue of mul­ti-cloud while encour­ag­ing com­pe­ti­tion, sup­port­ing lega­cy appli­ca­tions and ensur­ing the agency’s access to future inno­va­tion.”

    ...

    The agency held an indus­try day for prospec­tive bid­ders on March 22, accord­ing to doc­u­ments reviewed by The Post and report­ed about ear­li­er by Bloomberg News. Doc­u­ments from the indus­try day note that the sys­tem should be able to han­dle both clas­si­fied and unclas­si­fied infor­ma­tion, and incor­po­rate data sources both on the ground and in space. The agency intends to “acquire cloud com­put­ing ser­vices direct­ly from com­mer­cial cloud ser­vice providers with estab­lished track records for inno­va­tion and oper­a­tional excel­lence in cloud ser­vice deliv­ery for a large cus­tomer base,” sug­gest­ing the agency wants to turn to a com­pa­ny that already has sub­stan­tial expe­ri­ence in the com­mer­cial tech­nol­o­gy indus­try.

    And the doc­u­ments not­ed that who wins the con­tract should be able to sup­port cloud con­nec­tions at “tac­ti­cal edge loca­tions,” sug­gest­ing the sys­tem will be used for the agency’s world­wide intel­li­gence-gath­er­ing oper­a­tions and not just for its U.S.-based busi­ness sys­tems. A pre­lim­i­nary time­line released at the indus­try day calls for “one or more con­tracts” to be award­ed “no lat­er than July 2021.”

    The CIA’s new cloud com­put­ing effort comes as the Defense Department’s par­al­lel effort, known as the Joint Enter­prise Defense Infra­struc­ture or “JEDI” for short, is stalled in a pro­tract­ed legal bat­tle. At the root of the con­flict is a Defense Depart­ment deci­sion to turn to just one provider for the JEDI con­tract, fol­low­ing a sim­i­lar approach to the CIA’s ear­li­er efforts. The Defense Depart­ment has empha­sized that, although it will work with mul­ti­ple cloud providers for its over­all mis­sion, the JEDI effort would be bid to just one com­pa­ny in order to make for an eas­i­er tran­si­tion. That deci­sion has been laud­ed by Ama­zon and crit­i­cized by its com­peti­tors

    Pre-award bid protests from IBM and Ora­cle were respec­tive­ly dis­missed and denied last year. In a new­er bid protest case in the U.S. Court of Fed­er­al Claims, Ora­cle is suing the Defense Depart­ment and Ama­zon for what it claims are “con­flicts of inter­est” in rela­tion to Ama­zon.

    The Defense Depart­ment put a hold on the case while it inves­ti­gates those con­flicts. In the mean­time, the Pentagon’s $10 bil­lion JEDI con­tract, though orig­i­nal­ly, expect­ed in April 2019, is on hold. Ama­zon, Microsoft, IBM and Ora­cle have sub­mit­ted bids.

    ———-

    “CIA long relied exclu­sive­ly on Ama­zon for its cloud com­put­ing. Now it is seek­ing mul­ti­ple providers for a mas­sive new con­tract.” by Aaron Gregg, The Wash­ing­ton Post, 04/02/2019

    The agency’s deci­sion to award the con­tract to more than one com­pa­ny could prove to be a major depar­ture from its past cloud com­put­ing efforts, which have almost exclu­sive­ly involved Ama­zon. The C2E con­tract is sure to become a source of intense com­pe­ti­tion between the two lead­ing U.S. com­mer­cial cloud providers, Ama­zon and Microsoft. And oth­er com­peti­tors includ­ing IBM, Ora­cle and Google may see an oppor­tu­ni­ty to gain mar­ket share.”

    Will com­pe­ti­tion between mul­ti­ple cloud com­put­ing giants lead to a bet­ter and cheap­er CIA cloud? We’ll find out. We’ll also find out, but not the the Depart­ment of Defense is stick­ing with just a sin­gle provider for its planned cloud (and it looks like Ama­zon will prob­a­bly get that con­tract):

    ...
    The CIA’s new cloud com­put­ing effort comes as the Defense Department’s par­al­lel effort, known as the Joint Enter­prise Defense Infra­struc­ture or “JEDI” for short, is stalled in a pro­tract­ed legal bat­tle. At the root of the con­flict is a Defense Depart­ment deci­sion to turn to just one provider for the JEDI con­tract, fol­low­ing a sim­i­lar approach to the CIA’s ear­li­er efforts. The Defense Depart­ment has empha­sized that, although it will work with mul­ti­ple cloud providers for its over­all mis­sion, the JEDI effort would be bid to just one com­pa­ny in order to make for an eas­i­er tran­si­tion. That deci­sion has been laud­ed by Ama­zon and crit­i­cized by its com­peti­tors
    ...

    And note how the CIA’s cloud is going to have to be acces­si­ble at “tac­ti­cal edge loca­tions”, which implies that the cloud is going to have to be some­how acces­si­ble not just from bat­tle­field loca­tions but also from places like behind Chi­na’s inter­net fire­wall:

    ...
    And the doc­u­ments not­ed that who wins the con­tract should be able to sup­port cloud con­nec­tions at “tac­ti­cal edge loca­tions,” sug­gest­ing the sys­tem will be used for the agency’s world­wide intel­li­gence-gath­er­ing oper­a­tions and not just for its U.S.-based busi­ness sys­tems. A pre­lim­i­nary time­line released at the indus­try day calls for “one or more con­tracts” to be award­ed “no lat­er than July 2021.”
    ...

    Giv­en that the CIA is plan­ning on its future cloud being used for intel­li­gence-gath­er­ing pur­pos­es which implies access­ing it over the inter­net in coun­tries like Chi­na, we should prob­a­bly expect a lot more boost­ing by the US gov­ern­ment of ser­vices like Tor that were tai­lor made for spies.

    As we can see, Ama­zon is def­i­nite­ly going to be much more close­ly fused with the over­all US nation­al secu­ri­ty appa­ra­tus in the com­ing decades. And some yet-to-be-cho­sen cloud serv­er com­peti­tors will also have a very cozy rela­tion­ship with the CIA too.

    So with all that in mind, here’s reminder that any spies embed­ded in work­force main­tain­ing this vast nation­al secu­ri­ty cloud infra­struc­ture are prob­a­bly going to be involved in a lot of intel­li­gence gath­er­ing of their own: Cap­i­tal One just announced mas­sive hack involv­ing the per­son­al data of over 100 mil­lion peo­ple. The data includes 140,000 Social Secu­ri­ty num­bers and 80,000 bank account num­bers. The data was stolen from an Ama­zon Web Ser­vices serv­er Capi­tol One was using. It appears that a mis­con­fig­u­ra­tion of the server’s fire­wall by Capi­tol One was what left the serv­er vul­ner­a­ble, so it was­n’t a prob­lem with Ama­zon’s actu­al infra­struc­ture. But there was one part of Ama­zon’s infra­struc­ture that was com­pro­mised: the hack­er was a for­mer Ama­zon Web Ser­vices engi­neer who worked on the same serv­er busi­ness Capi­tol One was using:

    The New York Times

    Cap­i­tal One Data Breach Com­pro­mis­es Data of Over 100 Mil­lion

    By Emi­ly Flit­ter and Karen Weise
    July 29, 2019

    A soft­ware engi­neer in Seat­tle hacked into a serv­er hold­ing cus­tomer infor­ma­tion for Cap­i­tal One and obtained the per­son­al data of over 100 mil­lion peo­ple, fed­er­al pros­e­cu­tors said on Mon­day, in one of the largest thefts of data from a bank.

    The sus­pect, Paige Thomp­son, 33, left a trail online for inves­ti­ga­tors to fol­low as she boast­ed about the hack­ing, accord­ing to court doc­u­ments in Seat­tle, where she was arrest­ed and charged with one count of com­put­er fraud and abuse.

    Ms. Thomp­son, who for­mer­ly worked for Ama­zon Web Ser­vices, which host­ed the Cap­i­tal One data­base that was breached, was not shy about her work as a hack­er. She is list­ed as the orga­niz­er of a group on Meet­up, a social net­work, called Seat­tle Warez Kid­dies, described as a gath­er­ing for “any­body with an appre­ci­a­tion for dis­trib­uted sys­tems, pro­gram­ming, hack­ing, crack­ing.”

    The F.B.I. noticed her activ­i­ty on Meet­up and used it to trace her oth­er online activ­i­ties, even­tu­al­ly link­ing her to posts describ­ing the data theft on Twit­ter and the Slack mes­sag­ing ser­vice.

    “I’ve basi­cal­ly strapped myself with a bomb vest,” Ms. Thomp­son wrote in a Slack post, accord­ing to pros­e­cu­tors, “drop­ping cap­i­tal ones dox and admit­ting it.”

    Online, she used the name “errat­ic,” inves­ti­ga­tors said, adding that they ver­i­fied her iden­ti­ty after she post­ed a pho­to­graph of an invoice she had received from a vet­eri­nar­i­an car­ing for one of her pets.

    Accord­ing to court papers and Cap­i­tal One, Ms. Thomp­son stole 140,000 Social Secu­ri­ty num­bers and 80,000 bank account num­bers in the breach.

    In addi­tion to the tens of mil­lions of cred­it card appli­ca­tions stolen, the com­pa­ny said on Mon­day, the breach com­pro­mised one mil­lion Cana­di­an social insur­ance num­bers — the equiv­a­lent of Social Secu­ri­ty num­bers for Amer­i­cans.

    The infor­ma­tion came from cred­it card appli­ca­tions that con­sumers and small busi­ness­es had sub­mit­ted as ear­ly as 2005 and as recent­ly as 2019, accord­ing to Cap­i­tal One, which is the nation’s third-largest cred­it card issuer, accord­ing to its web­site.

    “Based on our analy­sis to date,” the bank said in a state­ment, “we believe it is unlike­ly that the infor­ma­tion was used for fraud or dis­sem­i­nat­ed by this indi­vid­ual.”

    The bank also said it expect­ed that the breach would cost it up to $150 mil­lion, includ­ing pay­ing for cred­it mon­i­tor­ing for affect­ed cus­tomers. Last week, the cred­it bureau Equifax set­tled claims from a 2017 data breach that exposed sen­si­tive infor­ma­tion on over 147 mil­lion con­sumers, cost­ing it about $650 mil­lion.

    Ama­zon Web Ser­vices hosts the remote data servers that com­pa­nies use to store their infor­ma­tion, but large enter­pris­es like Cap­i­tal One build their own web appli­ca­tions on top of Amazon’s cloud data so they can use the infor­ma­tion in ways spe­cif­ic to their needs.

    The F.B.I. agent who inves­ti­gat­ed the breach said in court papers that Ms. Thomp­son had gained access to the sen­si­tive data through a “mis­con­fig­u­ra­tion” of a fire­wall on a web appli­ca­tion. That allowed the hack­er to com­mu­ni­cate with the serv­er where Cap­i­tal One was stor­ing its infor­ma­tion and, even­tu­al­ly, obtain cus­tomer files.

    Ama­zon said its cus­tomers ful­ly con­trolled the appli­ca­tions they built, and Cap­i­tal One said in a news release that it had “imme­di­ate­ly fixed the con­fig­u­ra­tion vul­ner­a­bil­i­ty” once it dis­cov­ered the prob­lem. Ama­zon said it had found no evi­dence that its under­ly­ing cloud ser­vices were com­pro­mised.

    On July 17, a tip­ster wrote to a Cap­i­tal One secu­ri­ty hot­line, warn­ing that some of the bank’s data appeared to have been “leaked,” the crim­i­nal com­plaint said.

    Once alert­ed to the breach, the author­i­ties found what they said were Ms. Thompson’s online boasts that she want­ed to “dis­trib­ute” the mate­ri­als. On June 27, she also list­ed “sev­er­al com­pa­nies, gov­ern­ment enti­ties and edu­ca­tion­al insti­tu­tions,” accord­ing to court papers, which inves­ti­ga­tors inter­pret­ed to be oth­er hacks she “may have com­mit­ted.”

    Oth­er users in that chan­nel, on Slack, expressed alarm. One said “don’t go to jail plz,” accord­ing to the com­plaint.

    On Mon­day, F.B.I. agents exe­cut­ed a search war­rant on Ms. Thompson’s house. They seized “numer­ous dig­i­tal devices,” pros­e­cu­tors said, and found on them “items that ref­er­enced Cap­i­tal One” and Ama­zon, which they referred to in the com­plaint only as the “cloud com­put­ing com­pa­ny.”

    “I am deeply sor­ry for what has hap­pened,” the bank’s chief exec­u­tive, Richard D. Fair­bank, said in a state­ment. “I sin­cere­ly apol­o­gize for the under­stand­able wor­ry this inci­dent must be caus­ing those affect­ed, and I am com­mit­ted to mak­ing it right.”

    Cap­i­tal One said the bank account num­bers were linked to cus­tomers with “secured” cred­it cards. Secured cards require cus­tomers to put forth a sum of mon­ey — $200 or $250 — in exchange for a card.

    “It’s a way for banks to min­i­mize the risk asso­ci­at­ed with lend­ing to folks who don’t have per­fect cred­it or who are just get­ting start­ed,” said Matt Schulz, an ana­lyst for Com­pare Cards. These cus­tomers are vul­ner­a­ble, he said, and “often have very lit­tle finan­cial mar­gin for error.”

    While the breach was pos­si­ble because of a secu­ri­ty lapse by Cap­i­tal One, it was aid­ed by Ms. Thompson’s exper­tise. Infor­ma­tion post­ed on social media shows she worked at one time for Ama­zon, as an engi­neer for the same serv­er busi­ness that court papers said Cap­i­tal One was using.

    Cap­i­tal One is a long­stand­ing and promi­nent client of Amazon’s. In a 2015 keynote at Ama­zon Web Ser­vices’ main annu­al con­fer­ence, a Cap­i­tal One exec­u­tive gave a pre­sen­ta­tion on the company’s efforts to move crit­i­cal parts of its tech­nol­o­gy to Amazon’s cloud infra­struc­ture so it could focus on build­ing con­sumer appli­ca­tions and oth­er needs.

    Ms. Thomp­son will remain in fed­er­al cus­tody until a hear­ing on Thurs­day, pros­e­cu­tors said. Her lawyer did not respond to an email seek­ing com­ment.

    Cap­i­tal One has faced secu­ri­ty breach­es before, and they are a con­stant, and cost­ly, threat for the finan­cial indus­try. The chief of JPMor­gan Chase, Jamie Dimon, has said his bank spends almost $600 mil­lion a year on secu­ri­ty. Bank of America’s chief has said in the past that the bank has a “blank check” for cyber­se­cu­ri­ty.

    In a breach in 2017, Cap­i­tal One noti­fied cus­tomers that a for­mer employ­ee may have had access for near­ly four months to their per­son­al data, includ­ing account num­bers, tele­phone num­bers, trans­ac­tion his­to­ry and Social Secu­ri­ty num­bers. The com­pa­ny report­ed a sim­i­lar breach involv­ing an employ­ee in 2014.

    ...

    ———-

    “Cap­i­tal One Data Breach Com­pro­mis­es Data of Over 100 Mil­lion” by Emi­ly Flit­ter and Karen Weise, The New York Times, 07/29/2019

    While the breach was pos­si­ble because of a secu­ri­ty lapse by Cap­i­tal One, it was aid­ed by Ms. Thompson’s exper­tise. Infor­ma­tion post­ed on social media shows she worked at one time for Ama­zon, as an engi­neer for the same serv­er busi­ness that court papers said Cap­i­tal One was using.”

    Being a for­mer AWS engi­neer was no doubt quite help­ful in exe­cut­ing this hack. And note that this isn’t the kind of thing Ama­zon can defend against since it was Cap­i­tal One’s own staff who was respon­si­ble for con­fig­ur­ing the fire­wall:

    ...
    Ama­zon Web Ser­vices hosts the remote data servers that com­pa­nies use to store their infor­ma­tion, but large enter­pris­es like Cap­i­tal One build their own web appli­ca­tions on top of Amazon’s cloud data so they can use the infor­ma­tion in ways spe­cif­ic to their needs.

    The F.B.I. agent who inves­ti­gat­ed the breach said in court papers that Ms. Thomp­son had gained access to the sen­si­tive data through a “mis­con­fig­u­ra­tion” of a fire­wall on a web appli­ca­tion. That allowed the hack­er to com­mu­ni­cate with the serv­er where Cap­i­tal One was stor­ing its infor­ma­tion and, even­tu­al­ly, obtain cus­tomer files.

    Ama­zon said its cus­tomers ful­ly con­trolled the appli­ca­tions they built, and Cap­i­tal One said in a news release that it had “imme­di­ate­ly fixed the con­fig­u­ra­tion vul­ner­a­bil­i­ty” once it dis­cov­ered the prob­lem. Ama­zon said it had found no evi­dence that its under­ly­ing cloud ser­vices were com­pro­mised.
    ...

    And if these kinds of tech­ni­cal mis­takes seem like the thing defense con­trac­tors and nation­al secu­ri­ty employ­ees work­ing on these clouds with sen­si­tive infor­ma­tion aren’t like­ly to make, recall the sto­ry from 2017 about a top defense con­trac­tor leav­ing a cache of 60,000 files filled with sen­si­tive infor­ma­tion includ­ing pass­words on an Ama­zon cloud serv­er that was left exposed to the inter­net with no pass­word pro­tec­tion. And, of course, there’s the whole Snow­den affair. Keep in mind that CIA uses secu­ri­ty con­trac­tors too, like Palan­tir, so that 2017 data breach night­mare sto­ry could be a pre­lude to a future del­uge of sim­i­lar sto­ries. Along those lines, it’s worth ask­ing how much access direct Palan­tir will have to the infor­ma­tion in these upcom­ing CIA and DOD clouds.

    Also note the hack­er in this case, Paige Thomp­son, appears to have men­tal health issues and was seem­ing­ly try­ing to get caught. That’s the rea­son this hack was caught. The hack­er open­ly bragged about it. The future hack­ers of these nation­al secu­ri­ty clouds pre­sum­ably won’t be as open.

    So at this point it’s clear that Ama­zon’s cozy rela­tion­ship with the US nation­al secu­ri­ty state is poised to get a lot cozi­er and the com­pa­ny is going to be privy to a vast trove of high­ly sen­si­tive nation­al secu­ri­ty infor­ma­tion. Whether or not the rest of the world ends up get­ting access to this trove pre­sum­ably depends on the secu­ri­ty of those future clouds. Uh oh.

    Posted by Pterrafractyl | August 1, 2019, 1:04 pm
  3. Tales of dig­i­tal bas­ket­cas­es are noth­ing new for Sil­i­con Val­ley. But if the lat­est Sil­i­con Val­ley whistle­blow­er’s claims are even par­tial­ly true we real­ly have to won­der just how bad it is inside the com­pa­ny. Because accord­ing to the com­pa­ny’s for­mer secu­ri­ty chief, Peter Zatko, the com­pa­ny is suf­fer­ing from a pret­ty seri­ous rogue employ­ee prob­lem. Rogue senior employ­ees. In par­tic­u­lar, the senior employ­ees in charge of over­see­ing secu­ri­ty issues. The way Zatko describes it, there’s a group of senior man­agers who rou­tine­ly pri­or­i­tize new-user growth over secu­ri­ty. And these same man­agers hide infor­ma­tion about sub­se­quent secu­ri­ty vio­la­tions from the board of direc­tors. Zatko was only hired in 2020, so he pre­sum­ably wit­nessed a night­mare sit­u­a­tion before quit­ting and going pub­lic.

    So is Twit­ter just anoth­er irre­spon­si­ble Sil­i­con Val­ley enti­ty pri­or­i­tiz­ing prof­its over user safe­ty and secu­ri­ty? Yes, but as we’re going to see in the Mint­Press report below from back in June, we should­n’t nec­es­sar­i­ly assume that ram­pant greed and neg­li­gence are the only fac­tors here. Because as that report describes, Twit­ter has been on a hir­ing spree. A nation­al secu­ri­ty hir­ing spree from agen­cies like the FBI, CIA, or think-tanks like the Atlantic Coun­cil for posi­tions over­see­ing areas like cyber­crime and dis­in­for­ma­tion. So when we learn that Twit­ter has fill­ing its senior man­age­ment in areas like cyber­crime and dis­in­for­ma­tion with mem­bers of the nation­al secu­ri­ty com­mu­ni­ty, and then learn that the senior man­age­ment has been hid­ing ram­pant abus­es from the board of direc­tors, we have to ask: are these the same senior man­agers that we’re talk­ing about in both sto­ries? Because if so, this is a much larg­er and more com­pli­cat­ed sto­ry:

    The Guardian

    Twitter’s whistle­blow­er has pitched up at a very incon­ve­nient moment

    A long and detailed com­plaint about lax prac­tices by the social media firm’s for­mer secu­ri­ty chief must be music to Elon Musk’s ears

    by John Naughton

    Sat 27 Aug 2022 11.00 EDT
    Last mod­i­fied on Sat 27 Aug 2022 23.14 EDT

    “Ex-Twit­ter exec blows the whis­tle, alleg­ing reck­less and neg­li­gent cyber­se­cu­ri­ty poli­cies,” said the CNN head­line. My ini­tial reac­tion? Yawn… so what’s new: a social media com­pa­ny play­ing fast and loose with its users’ data? And who’s this whistle­blow­er, any­way? A guy called Peit­er Zatko. Nev­er heard of him. Prob­a­bly anoth­er tech bro who’s dis­cov­ered his con­science…

    But what’s this? He has a nick­name – “Mudge”. (Cue audio of pen­nies drop­ping.) The main­stream media calls him a “hack­er”, which is their usu­al way of under­min­ing a gift­ed soft­ware expert. Which this Mudge cer­tain­ly is. In fact, in that line of busi­ness, he has blue-chip sta­tus. He was the high­est-pro­file mem­ber of a famous hack­er think­tank, the L0pht (pro­nounced “loft”) and a mem­ber of the well-known coop­er­a­tive Cult of the Dead Cow. In that sense, he was a pio­neer of “hack­tivism” who has spent much of his life try­ing to edu­cate the world on cyber­se­cu­ri­ty and has a long list of dis­cov­ered vul­ner­a­bil­i­ties to his cred­it.

    Dur­ing the Clin­ton admin­is­tra­tion, he was appar­ent­ly some­times involved in nation­al secu­ri­ty coun­cil brief­in­gs of the pres­i­dent. In 2010, he was recruit­ed by Darpa, the Pentagon’s tech think­tank, where he over­saw cyber­se­cu­ri­ty research fund­ed by the agency. After that, he worked at Google in its advanced tech­nol­o­gy and projects divi­sion and then for Stripe, a lead­ing pay­ment pro­cess­ing com­pa­ny. In 2020, he was hired by Twitter’s founder, Jack Dorsey, as the company’s head of secu­ri­ty. It is said that the incom­ing Biden admin­is­tra­tion tried to hire Zatko as the country’s cyber­se­cu­ri­ty chief, but he decid­ed to go to Twit­ter.

    In July, he filed a com­plaint with the US Secu­ri­ties and Exchange Com­mis­sion accus­ing Twit­ter of vio­lat­ing its 2011 agree­ment with the Fed­er­al Trade Com­mis­sion (FTC) to main­tain safe secu­ri­ty prac­tices. Some­how, the Wash­ing­ton Post got its hands on a copy and has made it avail­able on the web. It’s 84 pages long, and heav­i­ly cen­sored, but it makes for riv­et­ing read­ing.

    It’s basi­cal­ly a dev­as­tat­ing cri­tique of Twitter’s man­age­ment and secu­ri­ty prac­tices. In 2011, the FTC found that it was triv­ial­ly easy for its employ­ees to gain total access to all of its sys­tems and that this poor secu­ri­ty had been exploit­ed by hack­ers, includ­ing those who had sent tweets from then Pres­i­dent Obama’s account. Ten years on, Zatko says that thou­sands of employ­ees still have wide-rang­ing and poor­ly tracked inter­nal access to core com­pa­ny sys­tems. He also claims that half of the company’s servers are run­ning out-of-date and vul­ner­a­ble soft­ware and that senior exec­u­tives had with­held from the board of direc­tors infor­ma­tion about the num­ber of secu­ri­ty breach­es and lack of pro­tec­tion of user data.

    The same exec­u­tives, he says, had con­sis­tent­ly pri­ori­tised the growth of the num­ber of users over data secu­ri­ty. “Senior man­age­ment had no appetite to prop­er­ly mea­sure the preva­lence of bot [auto­mat­ed] accounts because… they were con­cerned that if accu­rate mea­sure­ments ever became pub­lic, it would harm the image and val­u­a­tion of the com­pa­ny.” He also describes how on var­i­ous occa­sions in 2021 he “wit­nessed senior exec­u­tives engag­ing in deceit­ful and/or mis­lead­ing com­mu­ni­ca­tions affect­ing board mem­bers, users and share­hold­ers”. In the end, the ten­sions between him and the chief exec­u­tive became acute and he was sacked on 19 Jan­u­ary. “Mr Zatko was fired from Twit­ter more than six months ago for poor per­for­mance and lead­er­ship,” said Rebec­ca Hahn, Twitter’s glob­al vice-pres­i­dent of com­mu­ni­ca­tions, the oth­er day. “And he now appears to be oppor­tunis­ti­cal­ly seek­ing to inflict harm on Twit­ter, its cus­tomers and its share­hold­ers.”

    All this is doubt­less music to the ears of Elon Musk’s lawyers as they strug­gle to find a way for their client to escape from his expen­sive­ly mis­guid­ed bid to buy Twit­ter. His excuse for chang­ing his mind on the pur­chase is that he was mis­led by Twitter’s exec­u­tives about the preva­lence of spam bots on the plat­form and Zatko’s sub­mis­sion to the SEC seems to sup­port that propo­si­tion, though doubt­less the Delaware court hear­ing the argu­ments on both sides may con­clude that one shouldn’t make $44bn takeover bids with­out doing your own due dili­gence.

    ...

    ———-

    “Twitter’s whistle­blow­er has pitched up at a very incon­ve­nient moment” by John Naughton; The Guardian; 08/27/2022

    “In July, he filed a com­plaint with the US Secu­ri­ties and Exchange Com­mis­sion accus­ing Twit­ter of vio­lat­ing its 2011 agree­ment with the Fed­er­al Trade Com­mis­sion (FTC) to main­tain safe secu­ri­ty prac­tices. Some­how, the Wash­ing­ton Post got its hands on a copy and has made it avail­able on the web. It’s 84 pages long, and heav­i­ly cen­sored, but it makes for riv­et­ing read­ing.

    An 84 page long report on Twit­ter’s years of fla­grant secu­ri­ty vio­la­tions. Sounds like a riv­et­ing read. And accord­ing to Peter Zaitko’s report, it’s senior Twit­ter exec­u­tives who are lead­ing the secu­ri­ty coverups inside the com­pa­ny. So this isn’t an issue with neg­li­gent man­age­ment allow­ing low-lev­el employ­ees to lack­adaisi­cal­ly uphold Twit­ter’s inter­nal secu­ri­ty con­trols. This is about senior exec­u­tives mak­ing the cyn­i­cal deci­sion to coverup secu­ri­ty prob­lems and pri­or­i­ty user growth:

    ...
    It’s basi­cal­ly a dev­as­tat­ing cri­tique of Twitter’s man­age­ment and secu­ri­ty prac­tices. In 2011, the FTC found that it was triv­ial­ly easy for its employ­ees to gain total access to all of its sys­tems and that this poor secu­ri­ty had been exploit­ed by hack­ers, includ­ing those who had sent tweets from then Pres­i­dent Obama’s account. Ten years on, Zatko says that thou­sands of employ­ees still have wide-rang­ing and poor­ly tracked inter­nal access to core com­pa­ny sys­tems. He also claims that half of the company’s servers are run­ning out-of-date and vul­ner­a­ble soft­ware and that senior exec­u­tives had with­held from the board of direc­tors infor­ma­tion about the num­ber of secu­ri­ty breach­es and lack of pro­tec­tion of user data.

    The same exec­u­tives, he says, had con­sis­tent­ly pri­ori­tised the growth of the num­ber of users over data secu­ri­ty. “Senior man­age­ment had no appetite to prop­er­ly mea­sure the preva­lence of bot [auto­mat­ed] accounts because… they were con­cerned that if accu­rate mea­sure­ments ever became pub­lic, it would harm the image and val­u­a­tion of the com­pa­ny.” He also describes how on var­i­ous occa­sions in 2021 he “wit­nessed senior exec­u­tives engag­ing in deceit­ful and/or mis­lead­ing com­mu­ni­ca­tions affect­ing board mem­bers, users and share­hold­ers”. In the end, the ten­sions between him and the chief exec­u­tive became acute and he was sacked on 19 Jan­u­ary. “Mr Zatko was fired from Twit­ter more than six months ago for poor per­for­mance and lead­er­ship,” said Rebec­ca Hahn, Twitter’s glob­al vice-pres­i­dent of com­mu­ni­ca­tions, the oth­er day. “And he now appears to be oppor­tunis­ti­cal­ly seek­ing to inflict harm on Twit­ter, its cus­tomers and its share­hold­ers.”
    ...

    And note now Zaitko only joined Twit­ter in 2020. And yet his report report­ed­ly details years of laps­es. That sug­gests Zaitko walked into an absolute night­mare sit­u­a­tion that many peo­ple in the com­pa­ny were already well aware of. He had to get all those his­toric details in that report from some­where.

    Also note that Zatko did­n’t join Stripe until 2017, four years after Saikat Chakrabar­ti left the com­pa­ny. So while it would have been inter­est­ing to learn that Zak­to’s and Chakrabar­ti’s time at Stripe over­lapped, that’s not the case:

    ...
    Dur­ing the Clin­ton admin­is­tra­tion, he was appar­ent­ly some­times involved in nation­al secu­ri­ty coun­cil brief­in­gs of the pres­i­dent. In 2010, he was recruit­ed by Darpa, the Pentagon’s tech think­tank, where he over­saw cyber­se­cu­ri­ty research fund­ed by the agency. After that, he worked at Google in its advanced tech­nol­o­gy and projects divi­sion and then for Stripe, a lead­ing pay­ment pro­cess­ing com­pa­ny. In 2020, he was hired by Twitter’s founder, Jack Dorsey, as the company’s head of secu­ri­ty. It is said that the incom­ing Biden admin­is­tra­tion tried to hire Zatko as the country’s cyber­se­cu­ri­ty chief, but he decid­ed to go to Twit­ter.
    ...

    So with Twit­ter fac­ing accu­sa­tions of ram­pant inter­nal secu­ri­ty laps­es that senior exec­u­tives know about and are hid­ing this infor­ma­tion from the board of direc­tors, here’s an excerpt from a Mint­Press report back in June that puts this whistle­blow­ing in an even more remark­able con­text. Because it turns out Twit­ter has been on a nation­al secu­ri­ty hir­ing spree, with dozens of senior per­son­nel from agen­cies like the FBI and CIA and think-tanks like the Atlantic Coun­cil mak­ing up a num­ber of senior posi­tions inside the com­pa­ny. Posi­tions direct­ly involved with over­see­ing cyber­crime and dis­in­for­ma­tion. This even involves the employ­ment of active duty mil­i­tary offi­cers, includ­ing active mem­bers of a UK psy­cho­log­i­cal war­fare unit. Beyond that, groups like the Stan­ford Inter­net Obser­va­to­ry and the Aus­tralian Strate­gic Pol­i­cy Insti­tute (ASPI) have direct feeds to the com­pa­ny with list of accounts they want tak­en down. And it’s not just Twit­ter. This is the Sil­i­con Val­ley norm:

    Mint­Press

    The Fed­er­al Bureau of Tweets: Twit­ter Is Hir­ing an Alarm­ing Num­ber of FBI Agents

    Alan Macleod
    June 21st, 2022

    SAN FRANCISCO – Twit­ter has been on a recruit­ment dri­ve of late, hir­ing a host of for­mer feds and spies. Study­ing a num­ber of employ­ment and recruit­ment web­sites, Mint­Press has ascer­tained that the social media giant has, in recent years, recruit­ed dozens of indi­vid­u­als from the nation­al secu­ri­ty state to work in the fields of secu­ri­ty, trust, safe­ty and con­tent.

    Chief amongst these is the Fed­er­al Bureau of Inves­ti­ga­tions. The FBI is gen­er­al­ly known as a domes­tic secu­ri­ty and intel­li­gence force. How­ev­er, it has recent­ly expand­ed its remit into cyber­space. “The FBI’s inves­tiga­tive author­i­ty is the broad­est of all fed­er­al law enforce­ment agen­cies,” the “About” sec­tion of its web­site informs read­ers. “The FBI has divid­ed its inves­ti­ga­tions into a num­ber of pro­grams, such as domes­tic and inter­na­tion­al ter­ror­ism, for­eign coun­ter­in­tel­li­gence [and] cyber crime,” it adds.

    For exam­ple, in 2019, Dawn Bur­ton (the for­mer direc­tor of Wash­ing­ton oper­a­tions for Lock­heed Mar­tin) was poached from her job as senior inno­va­tion advi­sor to the direc­tor at the FBI to become senior direc­tor of strat­e­gy and oper­a­tions for legal, pub­lic pol­i­cy, trust and safe­ty at Twit­ter. The fol­low­ing year, Karen Walsh went straight from 21 years at the bureau to become direc­tor of cor­po­rate resilience at the sil­i­con val­ley giant. Twitter’s deputy gen­er­al coun­sel and vice pres­i­dent of legal, Jim Bak­er, also spent four years at the FBI between 2014 and 2018, where his resumé notes he rose to the role of senior strate­gic advi­sor.

    Mean­while, Mark Jaroszews­ki end­ed his 21-year post­ing as a super­vi­so­ry spe­cial agent in the Bay Area to take up a posi­tion at Twit­ter, ris­ing to become direc­tor of cor­po­rate secu­ri­ty and risk. And Dou­glas Turn­er spent 14 years as a senior spe­cial agent and SWAT Team leader before being recruit­ed to serve in Twitter’s cor­po­rate and exec­u­tive secu­ri­ty ser­vices. Pre­vi­ous­ly, Turn­er had also spent sev­en years as a secret ser­vice spe­cial agent with the Depart­ment of Home­land Secu­ri­ty.

    When asked to com­ment by Mint­Press, for­mer FBI agent and whistle­blow­er Coleen Row­ley said that she was “not sur­prised at all” to see FBI agents now work­ing for the very tech com­pa­nies the agency polices, stat­ing that there now exists a “revolv­ing door” between the FBI and the areas they are try­ing to reg­u­late. This cre­at­ed a seri­ous con­flict of inter­ests in her mind, as many agents have one eye on post-retire­ment jobs. “The truth is that at the FBI 50% of all the nor­mal con­ver­sa­tions that peo­ple had were about how you were going to make mon­ey after retire­ment,” she said.

    Many for­mer FBI offi­cials hold influ­en­tial roles with­in Twit­ter. For instance, in 2020, Matthew W. left a 15-year career as an intel­li­gence pro­gram man­ag­er at the FBI to take up the post of senior direc­tor of prod­uct trust at Twit­ter. Patrick G., a 23-year FBI super­vi­so­ry spe­cial agent, is now head of cor­po­rate secu­ri­ty. And Twitter’s direc­tor of insid­er risk and secu­ri­ty inves­ti­ga­tions, Bruce A., was head­hunt­ed from his role as a super­vi­so­ry spe­cial agent at the bureau. His resumé notes that at the FBI he held “[v]arious intel­li­gence and law enforce­ment roles in the US, Africa, Europe, and the Mid­dle East” and was a “human intel­li­gence and coun­ter­in­tel­li­gence region­al spe­cial­ist.” (On employ­ment sites such as LinkedIn, many users choose not to reveal their full names.)

    Mean­while, between 2007 and 2021 Jeff Carl­ton built up a dis­tin­guished career in the Unit­ed States Marine Corps, ris­ing to become a senior intel­li­gence ana­lyst. Between 2014 and 2017, his LinkedIn pro­file notes, he worked for both the CIA and FBI, authored dozens of offi­cial reports, some of which were read by Pres­i­dent Barack Oba­ma. Carl­ton describes his role as a “prob­lem-solver” and claims to have worked in many “dynam­ic, high-pres­sure envi­ron­ments” such as Iraq and Korea. In May 2021, he left offi­cial ser­vice to become a senior pro­gram man­ag­er at Twit­ter, respon­si­ble for deal­ing with the company’s “high­est-pro­file trust and safe­ty esca­la­tions.”

    Oth­er for­mer FBI staff are employed by Twit­ter, such as Cher­relle Y.. as a pol­i­cy domain spe­cial­ist and Lau­ra D. as a senior ana­lyst in glob­al risk intel­li­gence.

    Many of those list­ed above were active in the FBI’s pub­lic out­reach pro­grams, a prac­tice sold as a com­mu­ni­ty trust-build­ing ini­tia­tive. Accord­ing to Row­ley, how­ev­er, these also func­tion as “ways for offi­cials to meet the impor­tant peo­ple that would give them jobs after retire­ment.” “It basi­cal­ly inserts a huge con­flict of inter­est,” she told Mint­Press. “It warps and per­verts the crim­i­nal inves­tiga­tive work that agents do when they are still work­ing as agents because they antic­i­pate get­ting lucra­tive jobs after retir­ing or leav­ing the FBI.”

    Row­ley – who in 2002 was named, along with two oth­er whistle­blow­ers, as Time magazine’s Per­son of the Year – was skep­ti­cal that there was any­thing seri­ous­ly nefar­i­ous about the hir­ing of so many FBI agents, sug­gest­ing that Twit­ter could be using them as sources of infor­ma­tion and intel­li­gence. She stat­ed:

    Retired agents often main­tained good rela­tion­ships and net­works with cur­rent agents. So they can call up their old bud­dy and find out stuff… There were cer­tain­ly instances of retired agents for exam­ple try­ing to find out if there was an inves­ti­ga­tion of so and so. And if you are work­ing for a com­pa­ny, that com­pa­ny is going to like that influ­ence.”

    Row­ley also sug­gest­ed that hir­ing peo­ple from var­i­ous three-let­ter agen­cies gave them a cred­i­bil­i­ty boost. “These [tech] com­pa­nies are using the myth­i­cal aura of the FBI. They can point to some­body and say ‘oh, you can trust us; our CEO or CFO is FBI,’” she explained.

    Twit­ter cer­tain­ly has endorsed the FBI as a cred­i­ble actor, allow­ing the orga­ni­za­tion to play a part in reg­u­lat­ing the glob­al dis­sem­i­na­tion of infor­ma­tion on its plat­form. In Sep­tem­ber 2020, it put out a state­ment thank­ing the fed­er­al agency. “We wish to express our grat­i­tude to the FBI’s For­eign Influ­ence Task Force for their close col­lab­o­ra­tion and con­tin­ued sup­port of our work to pro­tect the pub­lic con­ver­sa­tion at this crit­i­cal time,” the state­ment read.

    One month lat­er, the com­pa­ny announced that the FBI was feed­ing it intel­li­gence and that it was com­ply­ing with their requests for dele­tion of accounts. “Based on intel pro­vid­ed by the FBI, last night we removed approx­i­mate­ly 130 accounts that appeared to orig­i­nate in Iran. They were attempt­ing to dis­rupt the pub­lic con­ver­sa­tion dur­ing the first 2020 U.S. Pres­i­den­tial Debate,” Twitter’s safe­ty team wrote.

    Yet the evi­dence they sup­plied of this sup­posed threat to Amer­i­can democ­ra­cy was notably weak. All four of the mes­sages from this Iran­ian oper­a­tion that Twit­ter itself shared showed that none of them gar­nered any likes or retweets what­so­ev­er, mean­ing that essen­tial­ly nobody saw them. This was, in oth­er words, a com­plete­ly rou­tine cleanup oper­a­tion of insignif­i­cant troll accounts. Yet the announce­ment allowed Twit­ter to present the FBI as on the side of democ­ra­cy and place the idea into the pub­lic psy­che that the elec­tion was under threat from for­eign actors.

    Iran has been a favorite Twit­ter tar­get in the past. In 2009, at the behest of the U.S. gov­ern­ment, it post­poned rou­tine main­te­nance of the site, which would have required tak­ing it offline. This was because an anti-gov­ern­ment protest move­ment in Tehran was using the app to com­mu­ni­cate and the U.S. did not want the demon­stra­tions’ regime-change poten­tial to be stymied.

    A car­ni­val of spooks

    The FBI is far from the only state secu­ri­ty agency fill­ing Twitter’s ranks. Short­ly after leav­ing a 10-year career as a CIA ana­lyst, Michael Scott Robin­son was hired to become a senior pol­i­cy man­ag­er for site integri­ty, trust and safe­ty.

    The Cal­i­for­nia-based app has also recruit­ed heav­i­ly from the Atlantic Coun­cil, a NATO cutout orga­ni­za­tion that serves as the mil­i­tary alliance’s think tank. The coun­cil is spon­sored by NATO, led by senior NATO gen­er­als and reg­u­lar­ly plays out regime-change sce­nar­ios in ene­my states, such as Chi­na.

    The Atlantic Coun­cil has been asso­ci­at­ed with many of the most egre­gious fake news plants of the last few years. It pub­lished a series of lurid reports alleg­ing that vir­tu­al­ly every polit­i­cal group in Europe chal­leng­ing the sta­tus quo – from the Labour Par­ty under Jere­my Cor­byn and UKIP in Great Britain to PODEMOS and Vox in Spain and Syriza and Gold­en Dawn in Greece – were all secret­ly “the Kremlin’s Tro­jan Hors­es.” Atlantic Coun­cil employ­ee Michael Weiss was also very like­ly the cre­ator of the shad­owy orga­ni­za­tion Pro­pOrNot, a group that anony­mous­ly pub­lished a list of fake-news web­sites that reg­u­lar­ly ped­dled Krem­lin dis­in­for­ma­tion. Includ­ed in this list was vir­tu­al­ly every anti-war alter­na­tive media out­let one could think of – from Mint­Press to Truthout, TruthDig and The Black Agen­da Report. Also includ­ed were pro-Trump web­sites like The Drudge Report, and lib­er­atar­i­an ven­tures like Antiwar.com and The Ron Paul Insti­tute.

    PropOrNot’s list was imme­di­ate­ly her­ald­ed in the cor­po­rate press, and was the basis for a who­lescale algo­rithm shift at Google and oth­er big tech plat­forms, a shift that saw traf­fic to alter­na­tive media sites crash overnight, nev­er to recov­er. Thus, the alle­ga­tion of a huge (Russ­ian) state-spon­sored attempt to influ­ence the media was itself an intel­li­gence op by the U.S. nation­al secu­ri­ty state.

    In 2020, Kan­ishk Karan left his job as a research asso­ciate at the Atlantic Council’s Dig­i­tal Foren­sics Research (DFR) Lab to join Twit­ter as infor­ma­tion integri­ty and safe­ty spe­cial­ist – essen­tial­ly help­ing to con­trol what Twit­ter sees as legit­i­mate infor­ma­tion and nefar­i­ous dis­in­for­ma­tion. Anoth­er DFR Lab grad­u­ate turned Twit­ter employ­ee is Daniel Weimert, who is now a senior pub­lic pol­i­cy asso­ciate for Rus­sia – a key tar­get of the Atlantic Coun­cil. Mean­while, Sarah Oh is simul­ta­ne­ous­ly an Atlantic Coun­cil DFR Lab non-res­i­dent senior fel­low and a Twit­ter advi­sor, her social media bio not­ing she works on “high risk trust and safe­ty issues.”

    In 2019, Twit­ter also hired Greg Ander­sen straight from NATO to work on cyber­crime pol­i­cy. There is sparse infor­ma­tion on what Ander­sen did at NATO, but, alarm­ing­ly, his own LinkedIn pro­file stat­ed sim­ply that he worked on “psy­cho­log­i­cal oper­a­tions” for the mil­i­tary alliance. After Mint­Press high­light­ed this fact in an arti­cle in April, he removed all men­tion of “psy­cho­log­i­cal oper­a­tions” from his pro­file, claim­ing now to have mere­ly worked as a NATO “researcher.” Ander­sen left Twit­ter in the sum­mer of last year to work as a prod­uct pol­i­cy man­ag­er for the pop­u­lar video plat­form Tik­Tok.

    Twit­ter also direct­ly employs active army offi­cers. In 2019, Gor­don Macmil­lan, the head of edi­to­r­i­al for the entire Europe, Mid­dle East and Africa region was revealed to be an offi­cer in the British Army’s noto­ri­ous 77th Brigade – a unit ded­i­cat­ed to online war­fare and psy­cho­log­i­cal oper­a­tions. This bomb­shell news was stead­fast­ly ignored across the media.

    Posi­tions of pow­er and con­trol

    With near­ly 400 mil­lion glob­al users, there is no doubt that Twit­ter has grown to become a plat­form large and influ­en­tial enough to neces­si­tate exten­sive secu­ri­ty mea­sures, as actors of all stripes attempt to use the ser­vice to influ­ence pub­lic opin­ion and polit­i­cal actions. There is also no doubt that there is a lim­it­ed pool of peo­ple qual­i­fied in these sorts of fields.

    But recruit­ing large­ly from the U.S. nation­al secu­ri­ty state fun­da­men­tal­ly under­mines claims Twit­ter makes about its neu­tral­i­ty. The U.S. gov­ern­ment is the source of some of the largest and most exten­sive influ­ence oper­a­tions in the world. As far back as 2011, The Guardian report­ed on the exis­tence of a mas­sive, world­wide U.S. mil­i­tary online influ­ence cam­paign in which it had designed soft­ware that allowed its per­son­nel to “secret­ly manip­u­late social media sites by using fake online per­sonas to influ­ence inter­net con­ver­sa­tions and spread pro-Amer­i­can pro­pa­gan­da.” The pro­gram boasts that the back­ground of these per­sonas is so con­vinc­ing that psy­cho­log­i­cal oper­a­tions sol­diers can be sure to work “with­out fear of being dis­cov­ered by sophis­ti­cat­ed adver­saries.” Yet Twit­ter appears to be recruit­ing from the source of the prob­lem.

    These for­mer nation­al secu­ri­ty state offi­cials are not being employed in polit­i­cal­ly neu­tral depart­ments such as sales or cus­tomer ser­vice, but in secu­ri­ty, trust and con­tent, mean­ing that some hold con­sid­er­able sway over what mes­sages and infor­ma­tion are pro­mot­ed, and what is sup­pressed, demot­ed or delet­ed.

    ...

    Is there a prob­lem?

    Some might ask “What is the prob­lem with Twit­ter active­ly recruit­ing from the FBI, CIA and oth­er three-let­ter agen­cies?” They, after all, are experts in study­ing online dis­in­for­ma­tion and pro­pa­gan­da. One is opti­cal. If a Russ­ian-owned social media app’s trust, secu­ri­ty and con­tent mod­er­a­tion was run by for­mer KGB or FSB agents and still insist­ed it was a polit­i­cal­ly neu­tral plat­form, the entire world would laugh.

    But apart from this, the huge influx of secu­ri­ty state per­son­nel into Twitter’s deci­sion-mak­ing ranks means that the com­pa­ny will start to view every prob­lem in the same man­ner as the U.S. gov­ern­ment does – and act accord­ing­ly. “In terms of their out­looks on the world and on the ques­tion of mis­in­for­ma­tion and inter­net secu­ri­ty, you couldn’t get a bet­ter field of pro­fes­sion­als who are almost inher­ent­ly going to be more in tune with the government’s per­spec­tive,” Row­ley said.

    Thus, when polic­ing the plat­form for dis­in­for­ma­tion and influ­ence cam­paigns, the for­mer FBI and CIA agents and Atlantic Coun­cil fel­lows only ever seem to find them ema­nat­ing from ene­my states and nev­er from the U.S. gov­ern­ment itself. This is because their back­grounds and out­looks con­di­tion them to con­sid­er Wash­ing­ton to be a unique force for good.

    This one-sided view of dis­in­for­ma­tion can be seen by study­ing the reports Twit­ter has pub­lished on state-linked infor­ma­tion oper­a­tions. The entire list of coun­tries it has iden­ti­fied as engag­ing in these cam­paigns are as fol­lows: Rus­sia (in 7 reports), Iran (in 5 reports), Chi­na (4 reports), Sau­di Ara­bia (4 reports), Venezuela (3 reports), Egypt (2 reports), Cuba, Ser­bia, Bangladesh, the UAE, Ecuador, Ghana, Nige­ria, Hon­duras, Indone­sia, Turkey, Thai­land, Arme­nia, Spain, Tan­za­nia, Mex­i­co and Ugan­da.

    One can­not help notic­ing that this list cor­re­lates quite close­ly to a hit list of U.S. gov­ern­ment adver­saries. All coun­tries car­ry out dis­in­fo cam­paigns to a cer­tain extent. But these “for­mer” spooks and feds are unlike­ly to point the fin­ger at their for­mer col­leagues or sis­ter orga­ni­za­tions or inves­ti­gate their oper­a­tions.

    The Cold (cyber)war

    Twit­ter has mir­rored U.S. hos­til­i­ty towards states like Rus­sia, Chi­na, Iran and Cuba, attempt­ing to sup­press the reach and influ­ence of their state media by adding warn­ing mes­sages to the tweets of jour­nal­ists and accounts affil­i­at­ed with those gov­ern­ments. “State-affil­i­at­ed media is defined as out­lets where the state exer­cis­es con­trol over edi­to­r­i­al con­tent through finan­cial resources, direct or indi­rect polit­i­cal pres­sures, and/or con­trol over pro­duc­tion and dis­tri­b­u­tion,” it not­ed.

    In a rather bizarre adden­dum, it explained that it would not be doing the same to state-affil­i­at­ed media or per­son­al­i­ties from oth­er coun­tries, least of all the U.S. “State-financed media orga­ni­za­tions with edi­to­r­i­al inde­pen­dence, like the BBC in the U.K. or NPR in the U.S. for exam­ple, are not defined as state-affil­i­at­ed media for the pur­pos­es of this pol­i­cy,” it wrote. It did not explain how it decid­ed that Cuban, Russ­ian, Chi­nese or Iran­ian jour­nal­ists did not have edi­to­r­i­al inde­pen­dence, but British and Amer­i­can ones did – this was tak­en for grant­ed. The effect of the action has been a throt­tling of ideas and nar­ra­tives from ene­my states and an ampli­fi­ca­tion of those com­ing from West­ern state media.

    As the U.S. ramps up ten­sions with Bei­jing, so too has Twit­ter aggres­sive­ly shut down pro-Chi­na voic­es on its plat­form. In 2020, it banned 170,000 accounts it said were “spread­ing geopo­lit­i­cal nar­ra­tives favor­able to the Com­mu­nist Par­ty of Chi­na,” such as prais­ing its han­dling of the Covid-19 pan­dem­ic or express­ing oppo­si­tion to the Hong Kong protests, both of which are major­i­ty views in Chi­na. Impor­tant­ly, the Sil­i­con Val­ley com­pa­ny did not claim that these accounts were con­trolled by the gov­ern­ment; mere­ly shar­ing these opin­ions was grounds enough for dele­tion.

    The group behind Twitter’s deci­sion to ban those Chi­nese accounts was the Aus­tralian Strate­gic Pol­i­cy Insti­tute (ASPI), a deeply con­tro­ver­sial think tank fund­ed by the Pen­ta­gon, the State Depart­ment and a host of weapons man­u­fac­tur­ers. ASPI has con­stant­ly ped­dled con­spir­a­cy the­o­ries about Chi­na and called for ramp­ing up ten­sions with the Asian nation.

    Per­haps most notable, how­ev­er, was Twitter’s announce­ment last year that it was delet­ing dozens of accounts for the new vio­la­tion of “under­min­ing faith in the NATO alliance.” The state­ment was wide­ly ridiculed online by users. But few not­ed that the deci­sion was based upon a part­ner­ship with the Stan­ford Inter­net Obser­va­to­ry, a counter-dis­in­for­ma­tion think tank filled with for­mer spooks and state offi­cials and head­ed by an indi­vid­ual who is on the advi­so­ry board of NATO’s Col­lec­tive Cyber­se­cu­ri­ty Cen­ter of Excel­lence. That Twit­ter is work­ing so close­ly with orga­ni­za­tions that are clear­ly intel­li­gence indus­try catspaws should con­cern all users.

    Not just Twit­ter

    While some might be alarmed that Twit­ter is cul­ti­vat­ing such an inti­mate rela­tion­ship with the FBI and oth­er groups belong­ing to the secret state, it is per­haps unfair to sin­gle it out, as many social media plat­forms are doing the same. Face­book, for exam­ple, has entered into a for­mal part­ner­ship with the Atlantic Council’s Dig­i­tal Foren­sics Research Lab, where­by the lat­ter holds sig­nif­i­cant influ­ence over 2.9 bil­lion users’ news feeds, help­ing to decide what con­tent to pro­mote and what con­tent to sup­press. The NATO cutout orga­ni­za­tion now serves as Facebook’s “eyes and ears,” accord­ing to a Face­book press release. Anti-war and anti-estab­lish­ment voic­es across the world have report­ed mas­sive drops in traf­fic on the plat­form.

    The social media giant also hired for­mer NATO Press Sec­re­tary Ben Nim­mo to be its head of intel­li­gence. Nim­mo sub­se­quent­ly used his pow­er to attempt to swing the elec­tion in Nicaragua away from the left­ist San­din­ista Par­ty and towards the far-right, pro‑U.S. can­di­date, delet­ing hun­dreds of left-wing voic­es in the week of the elec­tion, claim­ing they were engag­ing in “inau­then­tic behav­ior.” When these indi­vid­u­als (includ­ing some well-known per­son­al­i­ties) poured onto Twit­ter, record­ing video mes­sages prov­ing they were not bots, Twit­ter delet­ed those accounts too, in what one com­men­ta­tor called a Sil­i­con Val­ley “dou­ble tap strike.”

    An April Mint­Press study revealed how Tik­Tok, too, has been fill­ing its orga­ni­za­tion with alum­ni of the Atlantic Coun­cil, NATO, the CIA and the State Depart­ment. As with Twit­ter, these new Tik­Tok employ­ees large­ly work in high­ly polit­i­cal­ly sen­si­tive fields such as trust, safe­ty, secu­ri­ty and con­tent mod­er­a­tion, mean­ing these state oper­a­tives hold influ­ence over the direc­tion of the com­pa­ny and what con­tent is pro­mot­ed and what is demot­ed.

    Like­wise, in 2017, con­tent aggre­ga­tion site Red­dit plucked Jes­si­ca Ashooh from the Atlantic Council’s Mid­dle East Strat­e­gy Task Force to become its new direc­tor of pol­i­cy, despite the fact that she had few rel­e­vant qual­i­fi­ca­tions or expe­ri­ence in the field.

    ...

    Social media holds enor­mous influ­ence in today’s soci­ety. While this arti­cle is not alleg­ing that any­one men­tioned is a bad actor or does not gen­uine­ly care about the spread of dis­in­for­ma­tion, it is high­light­ing a glar­ing con­flict of inter­est. Through its agen­cies, the U.S. gov­ern­ment reg­u­lar­ly plants fake news and false infor­ma­tion. There­fore, social media hir­ing indi­vid­u­als straight from the FBI, CIA, NATO and oth­er groups to work on reg­u­lat­ing dis­in­for­ma­tion is a fun­da­men­tal­ly flawed prac­tice. One of media’s pri­ma­ry func­tions is to serve as a fourth estate; a force that works to hold the gov­ern­ment and its agen­cies to account. Yet instead of doing that, increas­ing­ly it is col­lab­o­rat­ing with them. Such are these increas­ing inter­lock­ing con­nec­tions that it is becom­ing increas­ing­ly dif­fi­cult to see where big gov­ern­ment ends and big media begins.

    ———-

    “The Fed­er­al Bureau of Tweets: Twit­ter Is Hir­ing an Alarm­ing Num­ber of FBI Agents” by Alan Macleod; Mint­Press; 06/21/2022

    “When asked to com­ment by Mint­Press, for­mer FBI agent and whistle­blow­er Coleen Row­ley said that she was “not sur­prised at all” to see FBI agents now work­ing for the very tech com­pa­nies the agency polices, stat­ing that there now exists a “revolv­ing door” between the FBI and the areas they are try­ing to reg­u­late. This cre­at­ed a seri­ous con­flict of inter­ests in her mind, as many agents have one eye on post-retire­ment jobs. “The truth is that at the FBI 50% of all the nor­mal con­ver­sa­tions that peo­ple had were about how you were going to make mon­ey after retire­ment,” she said.

    An FBI career as a step­ping stone to cor­po­rate shilling. That’s the way FBI whis­tle-blow­er Coleen Row­ley char­ac­ter­ized her rec­ol­lec­tion of life inside the agency. It would be an alarm­ing enough anec­dote to hear on its own, but we hear­ing this in the con­text of a report on how Twit­ter has been hir­ing one senior FBI agent after anoth­er. As Row­ley describes, it’s a trou­bling con­flict of inter­est. A mul­ti-faceted con­flict of inter­est. And not just for FBI agents think­ing dream­ing about their cor­po­rate pay­outs. It’s a prob­lem for Twit­ter, which appears to have an excep­tion­al­ly close work­ing rela­tion­ship with the FBI. So close that the FBI was basi­cal­ly feed­ing the com­pa­ny lists of accounts to delete. Would this kind of FBI-to-Twit­ter-action pipeline exist if that clus­ter of for­mer senior FBI agents weren’t in lead­er­ship roles at the com­pa­ny? It’s one of the ques­tions raised by this report:

    ...
    Many of those list­ed above were active in the FBI’s pub­lic out­reach pro­grams, a prac­tice sold as a com­mu­ni­ty trust-build­ing ini­tia­tive. Accord­ing to Row­ley, how­ev­er, these also func­tion as “ways for offi­cials to meet the impor­tant peo­ple that would give them jobs after retire­ment.” “It basi­cal­ly inserts a huge con­flict of inter­est,” she told Mint­Press. “It warps and per­verts the crim­i­nal inves­tiga­tive work that agents do when they are still work­ing as agents because they antic­i­pate get­ting lucra­tive jobs after retir­ing or leav­ing the FBI.”

    ...

    Row­ley also sug­gest­ed that hir­ing peo­ple from var­i­ous three-let­ter agen­cies gave them a cred­i­bil­i­ty boost. “These [tech] com­pa­nies are using the myth­i­cal aura of the FBI. They can point to some­body and say ‘oh, you can trust us; our CEO or CFO is FBI,’” she explained.

    Twit­ter cer­tain­ly has endorsed the FBI as a cred­i­ble actor, allow­ing the orga­ni­za­tion to play a part in reg­u­lat­ing the glob­al dis­sem­i­na­tion of infor­ma­tion on its plat­form. In Sep­tem­ber 2020, it put out a state­ment thank­ing the fed­er­al agency. “We wish to express our grat­i­tude to the FBI’s For­eign Influ­ence Task Force for their close col­lab­o­ra­tion and con­tin­ued sup­port of our work to pro­tect the pub­lic con­ver­sa­tion at this crit­i­cal time,” the state­ment read.

    One month lat­er, the com­pa­ny announced that the FBI was feed­ing it intel­li­gence and that it was com­ply­ing with their requests for dele­tion of accounts. “Based on intel pro­vid­ed by the FBI, last night we removed approx­i­mate­ly 130 accounts that appeared to orig­i­nate in Iran. They were attempt­ing to dis­rupt the pub­lic con­ver­sa­tion dur­ing the first 2020 U.S. Pres­i­den­tial Debate,” Twitter’s safe­ty team wrote.

    Yet the evi­dence they sup­plied of this sup­posed threat to Amer­i­can democ­ra­cy was notably weak. All four of the mes­sages from this Iran­ian oper­a­tion that Twit­ter itself shared showed that none of them gar­nered any likes or retweets what­so­ev­er, mean­ing that essen­tial­ly nobody saw them. This was, in oth­er words, a com­plete­ly rou­tine cleanup oper­a­tion of insignif­i­cant troll accounts. Yet the announce­ment allowed Twit­ter to present the FBI as on the side of democ­ra­cy and place the idea into the pub­lic psy­che that the elec­tion was under threat from for­eign actors.
    ...

    And as the report points out, the FBI is just one of the state secu­ri­ty agen­cies Twit­ter has been aggres­sive­ly recruit­ing from. For starters, there’s the Atlantic Coun­cil, which has been play­ing a lead­ing role in recent years in pro­vid­ing ‘analy­sis’ regard­ing dis­in­for­ma­tion. Analy­sis that, itself, is basi­cal­ly weaponized dis­in­for­ma­tion put out by out­fits like Pro­pOrNot. And note how we can’t real­ly say with 100% cer­tain­ty that Atlantic Coun­cil employ­ee Michael Weiss was the fig­ure behind Pro­pOrNot because it was rolled out anony­mous­ly back in 2016, and appears to also have ties to OUN-affil­i­at­ed orga­ni­za­tions in Ukraine. So Twit­ter was fol­low­ing the lead of anonymized Ukrain­ian fas­cist dis­in­for­ma­tion out oper­at­ing in part­ner­ship with the the Atlantic Coun­cil, and lat­er hired an Atlantic Coun­cil employ­ee, Kan­ishk Karan, for a role con­trol­ling the dis­in­for­ma­tion allowed on the plat­form. It’s a prob­lem:

    ...
    The FBI is far from the only state secu­ri­ty agency fill­ing Twitter’s ranks. Short­ly after leav­ing a 10-year career as a CIA ana­lyst, Michael Scott Robin­son was hired to become a senior pol­i­cy man­ag­er for site integri­ty, trust and safe­ty.

    The Cal­i­for­nia-based app has also recruit­ed heav­i­ly from the Atlantic Coun­cil, a NATO cutout orga­ni­za­tion that serves as the mil­i­tary alliance’s think tank. The coun­cil is spon­sored by NATO, led by senior NATO gen­er­als and reg­u­lar­ly plays out regime-change sce­nar­ios in ene­my states, such as Chi­na.

    The Atlantic Coun­cil has been asso­ci­at­ed with many of the most egre­gious fake news plants of the last few years. It pub­lished a series of lurid reports alleg­ing that vir­tu­al­ly every polit­i­cal group in Europe chal­leng­ing the sta­tus quo – from the Labour Par­ty under Jere­my Cor­byn and UKIP in Great Britain to PODEMOS and Vox in Spain and Syriza and Gold­en Dawn in Greece – were all secret­ly “the Kremlin’s Tro­jan Hors­es.” Atlantic Coun­cil employ­ee Michael Weiss was also very like­ly the cre­ator of the shad­owy orga­ni­za­tion Pro­pOrNot, a group that anony­mous­ly pub­lished a list of fake-news web­sites that reg­u­lar­ly ped­dled Krem­lin dis­in­for­ma­tion. Includ­ed in this list was vir­tu­al­ly every anti-war alter­na­tive media out­let one could think of – from Mint­Press to Truthout, TruthDig and The Black Agen­da Report. Also includ­ed were pro-Trump web­sites like The Drudge Report, and lib­er­atar­i­an ven­tures like Antiwar.com and The Ron Paul Insti­tute.

    PropOrNot’s list was imme­di­ate­ly her­ald­ed in the cor­po­rate press, and was the basis for a who­lescale algo­rithm shift at Google and oth­er big tech plat­forms, a shift that saw traf­fic to alter­na­tive media sites crash overnight, nev­er to recov­er. Thus, the alle­ga­tion of a huge (Russ­ian) state-spon­sored attempt to influ­ence the media was itself an intel­li­gence op by the U.S. nation­al secu­ri­ty state.

    In 2020, Kan­ishk Karan left his job as a research asso­ciate at the Atlantic Council’s Dig­i­tal Foren­sics Research (DFR) Lab to join Twit­ter as infor­ma­tion integri­ty and safe­ty spe­cial­ist – essen­tial­ly help­ing to con­trol what Twit­ter sees as legit­i­mate infor­ma­tion and nefar­i­ous dis­in­for­ma­tion. Anoth­er DFR Lab grad­u­ate turned Twit­ter employ­ee is Daniel Weimert, who is now a senior pub­lic pol­i­cy asso­ciate for Rus­sia – a key tar­get of the Atlantic Coun­cil. Mean­while, Sarah Oh is simul­ta­ne­ous­ly an Atlantic Coun­cil DFR Lab non-res­i­dent senior fel­low and a Twit­ter advi­sor, her social media bio not­ing she works on “high risk trust and safe­ty issues.”
    ...

    And then there are the hires direct­ly from NATO or an active British psy­cho­log­i­cal war­fare offi­cer. How many oth­er active duty mil­i­tary offi­cers are direct­ly employed by the com­pa­ny?

    ...
    In 2019, Twit­ter also hired Greg Ander­sen straight from NATO to work on cyber­crime pol­i­cy. There is sparse infor­ma­tion on what Ander­sen did at NATO, but, alarm­ing­ly, his own LinkedIn pro­file stat­ed sim­ply that he worked on “psy­cho­log­i­cal oper­a­tions” for the mil­i­tary alliance. After Mint­Press high­light­ed this fact in an arti­cle in April, he removed all men­tion of “psy­cho­log­i­cal oper­a­tions” from his pro­file, claim­ing now to have mere­ly worked as a NATO “researcher.” Ander­sen left Twit­ter in the sum­mer of last year to work as a prod­uct pol­i­cy man­ag­er for the pop­u­lar video plat­form Tik­Tok.

    Twit­ter also direct­ly employs active army offi­cers. In 2019, Gor­don Macmil­lan, the head of edi­to­r­i­al for the entire Europe, Mid­dle East and Africa region was revealed to be an offi­cer in the British Army’s noto­ri­ous 77th Brigade – a unit ded­i­cat­ed to online war­fare and psy­cho­log­i­cal oper­a­tions. This bomb­shell news was stead­fast­ly ignored across the media.
    ...

    And as the arti­cle reminds us, we’ve known for over a decade that the US mil­i­tary had already devel­oped sophis­ti­cat­ed sock-pup­pet man­age­ment soft­ware plat­forms designed to allowed for elab­o­rate human-man­aged mass-sock­pup­petry. How inclined would any of the for­mer US nation­al secu­ri­ty employ­ees be to flag sock pup­petry ema­nat­ing from US agen­cies? Pre­sum­ably not very inclined:

    ...
    But recruit­ing large­ly from the U.S. nation­al secu­ri­ty state fun­da­men­tal­ly under­mines claims Twit­ter makes about its neu­tral­i­ty. The U.S. gov­ern­ment is the source of some of the largest and most exten­sive influ­ence oper­a­tions in the world. As far back as 2011, The Guardian report­ed on the exis­tence of a mas­sive, world­wide U.S. mil­i­tary online influ­ence cam­paign in which it had designed soft­ware that allowed its per­son­nel to “secret­ly manip­u­late social media sites by using fake online per­sonas to influ­ence inter­net con­ver­sa­tions and spread pro-Amer­i­can pro­pa­gan­da.” The pro­gram boasts that the back­ground of these per­sonas is so con­vinc­ing that psy­cho­log­i­cal oper­a­tions sol­diers can be sure to work “with­out fear of being dis­cov­ered by sophis­ti­cat­ed adver­saries.” Yet Twit­ter appears to be recruit­ing from the source of the prob­lem.
    ...

    But it’s not like Twit­ter has to active­ly hire fig­ures from these kind of nation­al secu­ri­ty-con­nect­ed groups to fol­low their lead. The com­pa­ny will just fol­low their lead ‘in part­ner­ship’ with these groups, like when it delet­ed dozens of accounts for “under­min­ing faith in NATO” at the request of the Stan­ford Inter­net Obser­va­to­ry. Recall how the Stan­ford Inter­net Obser­va­to­ry is head­ing by Renee DiRes­ta, the same per­son who wrote that Sen­ate Report as part of her work at New Knowl­edge, the same firm that cre­at­ed the fake ‘Russ­ian bot’ net­work in the 2017 Alaba­ma Sen­ate race. Let’s hope the obser­va­to­ry isn’t involved with any more fake ‘Russ­ian bot’ cam­paigns, because they def­i­nite­ly won’t be flag­ging them as part of this part­ner­ship:

    ...
    Per­haps most notable, how­ev­er, was Twitter’s announce­ment last year that it was delet­ing dozens of accounts for the new vio­la­tion of “under­min­ing faith in the NATO alliance.” The state­ment was wide­ly ridiculed online by users. But few not­ed that the deci­sion was based upon a part­ner­ship with the Stan­ford Inter­net Obser­va­to­ry, a counter-dis­in­for­ma­tion think tank filled with for­mer spooks and state offi­cials and head­ed by an indi­vid­ual who is on the advi­so­ry board of NATO’s Col­lec­tive Cyber­se­cu­ri­ty Cen­ter of Excel­lence. That Twit­ter is work­ing so close­ly with orga­ni­za­tions that are clear­ly intel­li­gence indus­try catspaws should con­cern all users.
    ...

    Sim­i­lar­ly, we also find the Aus­tralian Strate­gic Pol­i­cy Insti­tute (ASPI) play­ing a spe­cial role when it comes to Twit­ter’s poli­cies towards the ban­ning of Chi­nese accounts. Recall how the ASPI is direct­ly con­nect­ed to the Aus­tralian mil­i­tary and has been spon­sor­ing the ‘research’ of Adri­an Zenz pur­port­ing to show mass geno­cide being per­pe­trat­ed by the Chi­nese gov­ern­ment against its Quighur pop­u­la­tion. Inter­est­ing­ly, we find that Chi­nese-own Tik­Tok has also been hir­ing fig­ures from the Atlantic Coun­cil, NATO, the CIA and the State Depart­ment. You have to won­der if these hires played a role in the US gov­ern­men­t’s deci­sion to drop the Trump-era Tik­Tok ban:

    ...
    As the U.S. ramps up ten­sions with Bei­jing, so too has Twit­ter aggres­sive­ly shut down pro-Chi­na voic­es on its plat­form. In 2020, it banned 170,000 accounts it said were “spread­ing geopo­lit­i­cal nar­ra­tives favor­able to the Com­mu­nist Par­ty of Chi­na,” such as prais­ing its han­dling of the Covid-19 pan­dem­ic or express­ing oppo­si­tion to the Hong Kong protests, both of which are major­i­ty views in Chi­na. Impor­tant­ly, the Sil­i­con Val­ley com­pa­ny did not claim that these accounts were con­trolled by the gov­ern­ment; mere­ly shar­ing these opin­ions was grounds enough for dele­tion.

    The group behind Twitter’s deci­sion to ban those Chi­nese accounts was the Aus­tralian Strate­gic Pol­i­cy Insti­tute (ASPI), a deeply con­tro­ver­sial think tank fund­ed by the Pen­ta­gon, the State Depart­ment and a host of weapons man­u­fac­tur­ers. ASPI has con­stant­ly ped­dled con­spir­a­cy the­o­ries about Chi­na and called for ramp­ing up ten­sions with the Asian nation.

    ...

    An April Mint­Press study revealed how Tik­Tok, too, has been fill­ing its orga­ni­za­tion with alum­ni of the Atlantic Coun­cil, NATO, the CIA and the State Depart­ment. As with Twit­ter, these new Tik­Tok employ­ees large­ly work in high­ly polit­i­cal­ly sen­si­tive fields such as trust, safe­ty, secu­ri­ty and con­tent mod­er­a­tion, mean­ing these state oper­a­tives hold influ­ence over the direc­tion of the com­pa­ny and what con­tent is pro­mot­ed and what is demot­ed.
    ...

    Final­ly, regard­ing the obser­va­tion that Twit­ter only seems to ever find vio­la­tions com­ing from coun­tries on the US gov­ern­ment, recall how this was basi­cal­ly the same pat­tern we saw when look­ing at Microsoft­’s hack­ing cam­paign reports, where Rus­sia, Chi­na, Iran, and North Korea were rou­tine­ly declared the sole cul­prits of state-backed hack­ing. It sure sounds famil­iar:

    ...
    Thus, when polic­ing the plat­form for dis­in­for­ma­tion and influ­ence cam­paigns, the for­mer FBI and CIA agents and Atlantic Coun­cil fel­lows only ever seem to find them ema­nat­ing from ene­my states and nev­er from the U.S. gov­ern­ment itself. This is because their back­grounds and out­looks con­di­tion them to con­sid­er Wash­ing­ton to be a unique force for good.

    This one-sided view of dis­in­for­ma­tion can be seen by study­ing the reports Twit­ter has pub­lished on state-linked infor­ma­tion oper­a­tions. The entire list of coun­tries it has iden­ti­fied as engag­ing in these cam­paigns are as fol­lows: Rus­sia (in 7 reports), Iran (in 5 reports), Chi­na (4 reports), Sau­di Ara­bia (4 reports), Venezuela (3 reports), Egypt (2 reports), Cuba, Ser­bia, Bangladesh, the UAE, Ecuador, Ghana, Nige­ria, Hon­duras, Indone­sia, Turkey, Thai­land, Arme­nia, Spain, Tan­za­nia, Mex­i­co and Ugan­da.

    One can­not help notic­ing that this list cor­re­lates quite close­ly to a hit list of U.S. gov­ern­ment adver­saries. All coun­tries car­ry out dis­in­fo cam­paigns to a cer­tain extent. But these “for­mer” spooks and feds are unlike­ly to point the fin­ger at their for­mer col­leagues or sis­ter orga­ni­za­tions or inves­ti­gate their oper­a­tions.
    ...

    You get what you pay for, and Twit­ter is clear­ly pay­ing for the kind of selec­tive polic­ing that will keep it on the US gov­ern­men­t’s good side.

    Sure, these hires do like­ly pos­sess the skills Twit­ter is look­ing for to fill these roles. It’s not like they’re hired to do noth­ing. But it’s the fact that these roles appear to include the role of unof­fi­cial enforcers of US for­eign pol­i­cy that makes these hires prob­lem­at­ic.

    But also keep in mind that Twit­ter is one of the most valu­able intel­li­gence sources on the plan­et. So when we hear from fig­ures like Zatko about the ram­pant inter­nal secu­ri­ty vio­la­tions tak­ing place with the aware­ness of these senior exec­u­tives, we have to ask how much of that is to just facil­i­tate the extrac­tion of that data for intel­li­gence pur­pos­es.

    It’s all a reminder that the idea of ‘checks and bal­ances’ in demo­c­ra­t­ic soci­eties includes a bal­ance between pub­lic and pri­vate actors. Gov­ern­ment offi­cials aren’t sup­posed to be play­ing senior roles in pri­vate enti­ties. And while these employ­ees aren’t tech­ni­cal­ly gov­ern­ment employ­ees any­more (with the excep­tion of the active duty offi­cers) it’s pret­ty clear that’s how they’re oper­at­ing, which is why Twit­ter hired them in the first place. It’s a pret­ty seri­ous con­flict of inter­est. And one that isn’t mak­ing Twit­ter users any safer either.

    Posted by Pterrafractyl | August 29, 2022, 4:28 pm

Post a comment