BY KEVIN GALLAGHER
Given the National Security Agency’s surveillance revelations of the last few months, we need to pay even more attention to the private companies who are working hand-in-hand with the state to carry this mass surveillance out. In fact, someone’s already done a lot of that work for us—an American journalist who has been in jail for over a year: Barrett Brown.
In a statement released on Monday, WikiLeaks states that Brown is “being persecuted for critical reporting on the growing surveillance state” and that his prosecution “chills investigative reporting of national security issues and provides cover for the unholy alliance between government agencies and the security industry.” The Dallas, Texas-based writer—who contributed to The Guardian, Huffington Post, and Vanity Fair, among other outlets—now faces up to 105 years in prison on charges that are crucially related to his reporting.
Brown’s status as a journalist will most likely affect how his actions are perceived in a court of law. His investigative journalism, memorialized at the crowdsourced research outfit with an associated wiki, Project PM, brought to light extremely important findings on the issue of private firms and public surveillance. While Brown isn’t due sole credit for all of the information below, he followed these matters very closely. Now, more than ever, it is important for other journalists and researchers to revisit and recognize the importance of his work and if possible, pick up threads where he left off. As such, it’s worth going over a summary review of some critical subjects Brown reported on, and the private firms he investigated allegedly involved in gathering intelligence and surveilling public citizens.
1) Team Themis
Team Themis is a consortium of firms, made up of HBGary, Palantir, Berico, and Endgame Systems, that was apparently set up to provide offensive intelligence capabilities against certain enemies on behalf of the law firm Hunton & Williams, who was working at the behest of Bank of America and the U.S. Chamber of Commerce. The plans—discovered in emails pilfered by Anonymous from HBGary, which were drawn up but never acted upon—consisted of disinformation efforts against WikiLeaks and its supporters (including Glenn Greenwald) and other activists involved in criticizing the Chamber of Commerce.
Some of the methods proposed, which could feasibly be described as a dirty-tricks campaign using false documents to sow distrust, border upon the criminal. The affair made the news and resulted in calls for an investigation that never materialized, which is not surprising considering that the Department of Justice (DOJ) set the affair in motion by recommending Hunton & Williams to Bank of America, who were then concerned that WikiLeaks possessed information belonging to them. In the end a single Palantir employee was placed on leave pending a review of his actions, and later allowed to return.
Romas/COIN was a sophisticated campaign of mass surveillance and data mining targeted at Arab countries, which was unveiled in an exclusive Project PM report during 2011. The report was picked up by Raw Story and one other outlet, and it resulted in an article by Brown in the Guardian and a segment on Russia Today featuring confirmatory comments from Lt. Col. Anthony Shaffer. But otherwise it didn’t get much traction.
Most striking was the revelation that companies like Apple and Google were team partners in this effort. While its exact nature and scope is unknown, mobile phone applications were believed to constitute a major component of the program. The contract for Romas/COIN was set to be replaced by a successor, codenamed Odyssey, which is quite possibly being used today to monitor, deceive, and manipulate whole populations.
3) “Persona Management”
The capability of persona management entails “the use of software by which to facilitate the use of multiple fake online personas, or ‘sockpuppets,’ generally for the use of propaganda, disinformation, or as a surveillance method by which to discover details of a human target via social interactions.” The United States Air Force (USAF) was revealed on the General Services Administration’s Federal Business Opportunities website to have requested bids from contractors for the opportunity to work on this class of software. It’s a high priority for DARPA (Defense Advanced Research Projects Agency), and U.S. Central Command (CENTCOM) has admitted to using similar capabilities—including psychological operations on U.S. senators—abroad, under Operation Earnest Voice, to increase support for wars.
There are two very concerning aspects to this. One: the possibility that fake social media profiles, replete with supporting biographical details, could be deployed against Americans, which is against the law. Second: the possibility of a future in which you never know whether you’re communicating with a live person or a software abstraction, and a world where governments control narratives and wield an intense grip upon trends and topics via whole armies of these things. Let’s just say it’s scary.
Brown played a central role in the media coverage of TrapWire, a mass video surveillance system developed by Abraxas Corporation that was revealed last year. TrapWire’s marketing material boasts the ability to predict terrorist attacks. The emails, which came out of Stratfor and were published by WikiLeaks, showed that a network of closed-circuit television (CCTV) cameras had been installed in most major American cities, the feeds of which were fed into a system designed to detect patterns of suspicious behavior.
Brown demonstrated how the New York Times got TrapWire wrong by arguing its fears were overstated (based on the word of an unnamed and unquoted DHS official) and underplayed its significance by dismissing its own marketing claims. He also detailed how articles about TrapWire were scrubbed from Australian newspapers at the behest of Cubic Corporation, who argued they were not connected to TrapWire, even though they had purchased the company that created it, Abraxas, two years earlier.
5) Cubic Corporation
And what about Cubic, a large company primarily serving the defense sector and its other wholly owned subsidiary, Ntrepid? In 2011, Ntrepid won a $2.76 million contract for persona management from CENTCOM mentioned earlier. Ntrepid also has an interesting product called Tartan, an investigation software with the ability to find hidden relationships within groups, analyze and identify ranks of influence, and locate key voices. Tartan’s own brochures suggest its potential for deployment against anarchist and protest groups; Occupy Wall Street is mentioned specifically.
Cubic also sells a product of dubious trustworthiness called Anonymizer, a proxy tool intended to make Internet activity untraceable, while developing other solutions to investigate, track, and analyze groups of people who are communicating over social media websites. In summary, Ntrepid’s software is intended to help one pick apart organizations, allowing you to discover who is most influential within them, and even uncover the identities of people trying to remain anonymous. Its potential value to law enforcement investigations can’t be understated.
6) Endgame Systems
Another focus of Brown’s research was Endgame Systems—a company named on his search warrant. Endgame conducts vulnerability research that gets used in cyber-warfare. Their premiere product, Bonesaw, is an offensive cyber-targeting application with a map displaying the locations and addresses of most Internet-connected computers and devices around the world, providing situational awareness and a platform from which to launch operations against adversaries and threats.
Endgame is also involved in the sale of zero-day exploits—e.g., weaknesses that can be used to attack and infiltrate systems. They were particularly secretive about the company’s involvement in Team Themis and purposely kept a low profile during the discussions. As one employee told another in an internal email according to this WIRED article, “We don’t ever want to see our name in a press release.” Like other companies, such as VUPEN, that sell exploits to governments, Endgame’s vulnerability research and experience with cyber-weapons has secured them a prominent role in the U.S. cyber-security arena.
7) Qorvis Communications
The public relations firm Qorvis has had certain interactions with the Kingdom of Bahrain that begat a few scandals. Qorvis was reportedly hired by the Bahraini regime to engage in “reputation management”—essentially monitoring the media and manipulating the press to promote a specific perception of the Kingdom while silencing critical voices. This is particularly troubling in view of the human rights situation in Bahrain: There have been violent crackdowns by security forces against demonstrators, and activists are frequently targeted with attacks or censorship by the regime. Actions by Qorvis are suspected to include a coordinated barrage of vicious social media attacks against Maryam al-Khawaja, a Bahraini human rights activist, when she gave a speech at the Oslo Freedom Forum in 2011.
8) Booz Allen Hamilton
Let’s not forget Booz Allen Hamilton, another entity Brown was looking into. A major U.S. intelligence contractor with offices in Virginia, Booz Allen Hamilton was found by Project PM to have an unspecified ‘project’ potentially related to disrupting Anonymous and WikiLeaks. No more details about that have been forthcoming, no doubt due to the firm’s intense culture of secrecy.
Booz Allen is best known as the company that whistle-blower Edward Snowden was briefly employed by as a systems administrator, under contract to the NSA, during which he used his broad access to obtain documents revealing secret surveillance programs. The current Director of National Intelligence, James Clapper, who lied to Congress, was a former executive at Booz. It’s been reported that Booz Allen has experienced conflicts of interest and has a history of overbilling, while 99 percent of the company’s revenue comes from the federal government. As the author of that report notes, the firm merits closer scrutiny.
9) Palantir Technologies
Palantir Technologies is a major player in this field who is of great interest to Brown and Project PM. Palantir, known as a “darling of the intelligence and law enforcement communities”, was founded with a boatload of money from In-Q-Tel, the CIA’s venture capital firm, and PayPal cofounder Peter Thiel. It’s led by the eccentric Alex Karp. Palantir was also involved in Team Themis, and even apologized to Greenwald for it—but what we know of its work speaks to the company’s expertise in dealing with large datasets.
Palantir’s self-titled flagship product is able to sift through extremely large amounts of data while providing advanced search and discovery capabilities: think things like telephone calls, bank transaction records, emails, text messages, etc. Of course, it’s wildly profitable and boast many customers, chief among them our nation’s counterterrorism and cyber analysts. Palantir claims to have built-in privacy controls, but that isn’t necessarily very reassuring since abuses and violations do happen.
10) Berico Technologies and HBGary
Berico Technologies, another firm implicated in Team Themis, develops fancy tools and infrastructure that are used in data visualization and analysis to assist signals intelligence (SIGINT) missions. After the Themis scandal broke, the company issued a statement that it does “not condone or support any effort that proactively targets American firms, organizations or individuals” and broke off ties with HBGary. For its part, HBGary does a lot of malware detection and also claims to have offensive cyber capabilities (more zero-day exploits).
HBGary Federal, however, is mostly perceived as a joke today—in no small part due to the foolish efforts of one executive, Aaron Barr, to identify the leadership structure of Anonymous. This attempt backfired in spectacular fashion, with the company’s servers being hacked and email spools leaked. Barr had no choice but to resign, and several firms attempted to distance themselves from him and HBGary after they were compromised.
11) Strategic Forecasting, Inc.
Strategic Forecasting, Inc. was hacked by AntiSec in association with Anonymous at the end of 2011 and had thousands of emails stolen. The emails are now continually being published by WikiLeaks as the Global Intelligence Files. Stratfor’s wide-ranging spying activities were later exposed, “including surveillance of Bhopal activists at the behest of Dow Chemical, of PETA on behalf of Coca-Cola, and of Occupy Wall Street under contract to the U.S. Department of Homeland Security.” Those facts are less surprising and perplexing than the fact that notorious hacker Sabu was working for the FBI when Stratfor was hacked, and indeed provided the servers used to dump the data by Jeremy Hammond; add to that the fact that Sabu tried to sell the data to Julian Assange as part of a failed sting in which the FBI thought an American company was apparently expendable in its effort to nab the founder of WikiLeaks. Don’t even mention that Brown was indicted for identity theft and fraud for pasting a link in a chat room to an archive that contained unencrypted credit card numbers which, by Stratfor CEO George Friedman’s own account, had already been canceled—the FBI, banks and cardholders having been notified weeks beforehand.
12) Leonie Industries
Then there’s Leonie Industries, a federal contracting firm specializing in information operations which it offers to the Department of Defense. In 2012, it was caught in an online smear campaign against a journalist and an editor from USA Today, who were reporting about tax violations and waste at that same company, Leonie Industries. The article basically made the case that the contract between Leonie and the DoD was expensive and ineffective; the Pentagon then launched an investigation into back taxes owed. A calculated disinformation campaign in response to protected press activity is an ominous signal and reminder that journalists and activists are frequently targeted by these contractors. The person responsible apologized and divested themselves of ownership in the company. That shadowy, unseen forces have the ability to launch allegations to discredit perceived enemies at the behest of their clients is no less than absolutely terrifying.
13) Gamma International
Some who are well-versed in this area might recall Gamma International, the proprietor of the FinSpy/FinFisher spyware that is able to remotely take control of a computer, log keystrokes, copy stored information, and intercept communications. The New York Times reported that this software had been deployed against activists in Bahrain and Egypt. The FinFisher case illustrates the problem very well: here U.K./U.S. firms are actively engaged in selling capabilities to oppressive dictatorships with poor human rights records; tools which can be used to surveil, detain, arrest, torture, or do worse to fellow humans.
Last but far from least, Raytheon was shown earlier this year to have secretly developed a program called Riot that is, according to the Guardian, “capable of tracking people’s movements and predicting future behaviour by mining data from social networking websites.” Here we have a military defense contractor—the fifth largest in the world—working on a product that combines social networking, big data, and analytics in ways that could be extremely invasive to the privacy of average, law-abiding citizens. Like TrapWire, Riot boasts predictive powers that might be dangerously misused or just plain wrong. It recalls the concept of pre-crime from the short story/film The Minority Report. Clients of Raytheon are buying into the promise of predictive analytics: techniques from statistics, modeling, machine learning and data mining are being applied to complex human behavior.
Forecasting unknown events based on current facts, especially when it involves the motives and emotions of individuals, comes with a huge margin of error. That innocent people may one day arrested and convicted based on these predictions suggests a future that is truly Orwellian—straight out of 1984.
We are now witnessing the militarization of the Internet. These businesses are all part of a continuous intelligence and law enforcement community with an incestuous, revolving-door relationship between the government and private industry. Those involved allegedly get rich off of contracts that are paid to spy on people, conduct shady cyber-warfare, and disrupt activist movements. There tends to be no moral consideration at stake as part of this market exchange. The ability to investigate and target people is for sale to those who will pay for it.
What Brown’s work teaches us is that technological capabilities such as these—which improve at a rate far greater than populations are able to keep up with or learn about —are inevitably subject to abuse.
Stories about privacy violations like these have a shelf life, and the U.S. media is ill-equipped to cover them. They’re hot for awhile, such as when hackers first leak information; then their appeal fades. The issues at stake are sometimes too complex for the average person with an average attention span to attempt to understand. Brown frequently complained about this.
We do, however, now have the ability to change it—all we need to do is accept that Snowden has opened the door, and to walk through it. There are no doubt numerous revelations of journalistic import in those thousands of emails, just waiting to be found. We need to watch these matters a lot more closely if we hope to preserve basic fundamentals of democracy, privacy, and liberty in the years to come.
Illustration by Jason Reed