Blogs Internet and New Media Archives - Page 4 of 18

A New Kind of Fake News Assault: 47 Sites (Including Zero Hedge) Steal an emptywheel Post

Update: Zero Hedge says the piece was sent in via their tips line, which led them to believe it was fair for reposting. They have agreed to take it down.

Update: I’ve taken off one more site.

A little over a week ago, emptywheel was damaged by a kind of fake news attack I hadn’t heard of before.

First, Zero Hedge stole my post, “On Disinformation and the Dossier,” reposting it without permission almost in its entirety.

From there, the 47 other dodgy sites listed below, mostly but not all Forex Trading sites, stole it.

The mass theft is all the more interesting given the topic of the post, arguing that it is increasingly likely Russia inserted disinformation into the Steele dossier to make it harder for the Democrats (and, perhaps, the FBI) to respond to Russia’s attack. Not even Zero Hedge, however, seems to have understood the post itself doesn’t support the either the pro-Trump or the FBI-abuse narrative.

We don’t have the bandwidth to chase down all these dodgy sites to issue takedown notices (and a goodly number of these sites are hosted in Europe), though we did try with ZH itself. But we are posting the following takedown language to make it clear we consider this theft, and to make public what happened.

Takedown language

It has come to our attention the websites listed below have made unauthorized use of copyrighted and protected work entitled “On Disinformation and the Dossier” (the “Work”). All rights have been reserved to the Work, first published on January 29, 2018. The protection so described has been actively and affirmatively asserted and noticed to the public for years.

The websites’ reposting is essentially identical, if not in fact identical and copied in whole, to the Work, and clearly used the Work as its basis, if not the entirety. A word-for-word comparison between the Work and your work reveals no difference between the two articles. That is telling.

As you neither asked for, nor received, permission to use the Work as the basis for your reprint, nor to make or distribute copies, including electronic copies, of same, we believe you have willfully infringed our rights under 17 U.S.C. Section 101 et seq. and could be liable for statutory damages as high as $150,000 as set forth in Section 504(c)(2) therein.

We simply cannot, and will not, allow our work to be so converted without knowledge, permission, control and consent by emptywheel.net and therefore affirmatively demand you immediately cease the use and distribution of all infringing works derived from any and all Emptywheel.net works as described herein, and all copies, including electronic copies, of same, that you deliver to us, if applicable, all unused, undistributed copies of same, or destroy such copies immediately and that you desist from this or any other infringement of our rights in the future.

Sites stealing the Disinformation post

Note: I don’t recommend you click through on any of these links, as I can’t vouch for the safety of any of these sites.

URL: https :// www.zerohedge. com/news/2018-01-30/disinformation-dossier — Site: Zero Hedge
URL: http :// earthsfinalcountdown. com/wp/2018/01/30/on-disinformation-the-dossier/ — Site: Earth’s Final Countdown
URL: http :// ifttt.itbehere. com/2018/01/31/on-disinformation-the-dossier/ — Site: iftttwall
URL: http :// www.tradebuddy. online/on-disinformation-the-dossier/ — Site: tradebuddy.online
URL: http :// thedeplorablepatriots. com/2018/01/on-disinformation-the-dossier/ — Site: thedeplorablepatriots
URL: https :// newzsentinel. com/2018/01/31/on-disinformation-the-dossier/ — Site: newzsentinel
URL: http :// protradingresearch. com/2018/01/30/on-disinformation-the-dossier/ — Site: ProTradingResearch
URL: http :// telzilla. com/zero-hedge/on-disinformation-the-dossier/ — Site: telzilla
URL: https :// www.investingdailynews. net/on-disinformation-the-dossier/ — Site: Investing Daily News
URL: http :// independentnews. media/on-disinformation-the-dossier/ — Site: independentnews.media
URL: https :// www.wallstreetkarma. com/2018/01/30/on-disinformation-the-dossier/ — Site: Wall Street Karma
URL: http :// stocktalkjournal. com/on-disinformation-the-dossier/ — Site: StockTalk Journal
URL: https :// www.realpatriot.news/2018/01/30/on-disinformation-the-dossier/ — Site: Real Patriot News
URL: http :// forex-enligne-fr. com/on-disinformation-the-dossier/ — Site: forex enligne
URL: http :// forexshaft. com/on-disinformation-the-dossier/ — Site: Forexshaft
URL: http :// wallstreetsectorselector. info/on-disinformation-the-dossier/ — Site: wallstreet selector info
URL: http :// theforexcenter. info/on-disinformation-the-dossier/ — Site: theforexcenter.info
URL: http :// forexnewstoday. net/on-disinformation-the-dossier/ — Site: forexnewstoday
URL: http :// eforexblog. com/on-disinformation-the-dossier/ — Site: eforexblog
URL: http :// options168. com/on-disinformation-the-dossier/ — Site: options168
URL: http :// mypees. com/on-disinformation-the-dossier/ — Site: mypees
URL: http :// top10brokersbinaryoptions. com/on-disinformation-the-dossier/ — Site: top10brokersbinaryoptions
URL: http :// binaryoption. cz/on-disinformation-the-dossier/ — Site: binary option
URL: http :// opinionforex-oficial. com/on-disinformation-the-dossier/ — Site: opinion forex
URL: http :// entertainment-ask. com/on-disinformation-the-dossier/ — Site: entertainment ask
URL: http :// binarybrokersblog. com/on-disinformation-the-dossier/ — Site: binary brokers blog
URL: http :// forex-trading-profits. com/on-disinformation-the-dossier/ — Site: forex trading profits
URL: http :// leaveeunow.co. uk/todays-news-31st-january-2018/ — Site: The One Hundredth Monkey
URL: http :// uroptions. net/on-disinformation-the-dossier/ — Site: uroptions
URL: http :// forexpic. com/on-disinformation-the-dossier/ — Site: forexpic
URL: http :// costamesalibraryfoundation. org/on-disinformation-the-dossier/ — Site: costamesalibraryfoundation
URL: http :// secretsforex. com/on-disinformation-the-dossier/ — Site: secretsforex
URL: http :// forexrogue. com/on-disinformation-the-dossier/ — Site: forexrogue
URL: http :// whatisaforex. com/on-disinformation-the-dossier/ — Site: whatisaforex
URL: http :// megaprojectfx-forex. com/on-disinformation-the-dossier/ — Site: megaprojeectfx
URL: http :// construction24h. com/on-disinformation-the-dossier/ — Site: construction24h
URL: http :// forex-4you. com/2018/01/31/on-disinformation-the-dossier/ — Site: forex4u
URL: http :// binar-experten. de/on-disinformation-the-dossier/ — Site: binarexperten
URL: http :// tradingbinaryinfo. com/on-disinformation-the-dossier/ — Site: tradingbinaryinfo
URL: http :// comparforex. com/on-disinformation-the-dossier/ — Site: comparforex
URL: http :// forexoperate. com/on-disinformation-the-dossier/ — Site: forexoperate
URL: http :// pustakaforex. com/on-disinformation-the-dossier/ — Site: pustakaforex
URL: http :// forexdemoaccountfree. com/on-disinformation-the-dossier/ — Site: forexdemoaccountfree
URL: http :// wordforex. net/on-disinformation-the-dossier/ — Site: wordforex
URL: http :// forex518. com/on-disinformation-the-dossier/ — Site: forex518
URL: http :// 4-forex. info/on-disinformation-the-dossier/ — Site: 4 forex
URL: http :// fastforexprofit. com/2018/01/31/on-disinformation-the-dossier/ — Site: fastforex

The Gizmo™: Correlation Doesn’t Equal Adversary Nation

January 24, 2018/67 Comments/in Blogs Internet and New Media /by emptywheel

For days, reporters have been mis-using The Gizmo™ (the name I use for the “disinformation dashboard” from the German Marshall Fund, a black box that purports to show “Russian propaganda efforts on Twitter in near-real time”) to claim that Russian-linked accounts are pushing the #ReleaseTheMemo campaign calling for the public release of Devin Nunes’ politicized memo attacking the FBI.

As the effort lead by some Republicans to curtail special counsel Robert S. Mueller III’s investigation into the election meddling has heated up, Russian-linked accounts helped amplify a Twitter hashtag calling for the release of a memo the group hopes will help discredit Mueller’s work, according to Hamilton 68, a research firm that tracks the malicious accounts. The #releasethememo hashtag was tweeted by these accounts nearly 4,000 times in the last couple of days, the firm said.

As always with such reporting, the articles don’t provide even the nuance the project’s most responsible contributor, JM Berger, lays out on their methodology page.

Not all content in this network is “created” by Russia. A significant amount—probably a majority—of content is created by third parties and then amplified by the network because it is relevant to Russian messaging themes.
Not all content amplified by this network is pro-Russian. The network frequently mobilizes to criticize or attack individuals or news reports that it wishes to discredit.
Because of the two points above, we emphasize it is NOT CORRECT to describe sites linked by this network as Russian propaganda sites. We are not claiming that content producers linked by this network are Russian propaganda sites. Rather, content linked by this network is RELEVANT to Russian messaging themes.

Such reports certainly don’t consider the validity of drawing conclusions from such analysis that the authors have refused to have vetted by a third party. What does it mean to openly profess to be pro-Russian, for example? Do non-consensus views on Syria or Ukraine count? Does skepticism about Russian involvement in the election count?

And the reports don’t note the serial false positives, such as the time Jim Lankford used The Gizmo™ to claim Russia was stoking tensions around NFL players taking a knee during the anthem. More responsible analysis showed that,

[B]oth #TakeAKnee and #BoycottNFL were genuinely viral movements, generating high volumes of traffic from large numbers of accounts, but both received an additional boost from bots.

The bots which amplified #TakeAKnee were primarily non-political; they appear to be bots for hire, repurposed to amplify specific posts. Of these, the most significant group is that which retweeted @DianneLogic, given its previous use in online harassment campaigns in the context of Russia and the far right. However, the evidence of its prior behavior is suggestive but not conclusive. It cannot be taken as proving Senator Lankford’s claim.

The accounts which amplifed #BoycottNFL are a different breed. They are largely cyborgs, rather than bots, posting authored content in between slews of retweets. They are also political, rather than commercial. Their sole purpose appears to be boosting far-right American posts.

In both cases, the bots were functionally anonymous, providing no verifiable information on the identity of the user behind them. There is thus no independent information which would allow us to say definitively whether they were American, linked somehow to Russia, or managed from another country entirely.

In short, in spite of this thing being shown to measure something entirely different from what reporters continue to report — correlated traffic (and that, based on unpublished criteria) rather than causal traffic — nevertheless Russia got credit for a campaign clearly driven by right wing Americans backed by a far more extensive propaganda infrastructure.

And then, even as Twitter started leaking initial analysis saying just that — that Russia wasn’t to blame …

[A] knowledgeable source says that Twitter’s internal analysis has thus far found that authentic American accounts, and not Russian imposters or automated bots, are driving #ReleaseTheMemo. There are no preliminary indications that the Twitter activity either driving the hashtag or engaging with it is either predominantly Russian.

In short, according to this source, who would not speak to The Daily Beast for attribution, the retweets are coming from inside the country.

… Two members of Congress from California, Adam Schiff and Dianne Feinstein, called on two California companies, Twitter and Facebook, to confess further manipulation by Russia.

We understand Facebook and Twitter have developed significant expertise in identifying inauthentic and malicious accounts. Further, your forensic investigations into Russian government exploitation of your platforms during the 2016 U.S. election have helped expose to the American public the vast extent of Russia’s covert influence efforts. We therefore request that your companies conduct an in-depth forensic examination of this real-time activity on your platforms to determine:

Whether and how many accounts linked to Russian influence operations are involved in this campaign;

The frequency and volume of their postings on this topic; and

How many legitimate Twitter and Facebook account holders have been exposed to this campaign.

Given the urgency of this matter, we ask that you provide a public report to Congress and the American public by January 26, 2018. In addition, we urge your companies to immediately take necessary steps to expose and deactivate accounts involved in this influence operation that violate your respective user policies.

Nothing in this letter explains why Facebook should have to do this work, as The Gizmo™, the sole piece of evidence Schiff and Feinstein rely on, doesn’t track Facebook.

But even the demand to Twitter was based on yet another misreading of what The Gizmo™ actually measures. And, having never asked The Gizmo™ to explain the methodology behind its serial panics, a Senator representing both Facebook and Twitter demanded that they check its work, rather than vice versa.

If I were a forewoman in a Russian troll factory, there would be no easier way to boost my career prospects than to use a few of my bots to manipulate The Gizmo™’s sloppy methodology to claim credit for an obviously American-generated hoax. “Ивана! Давайте претендовать на последнюю республиканскую пропаганду!” Doing so would set off a self-fulfilling prophecy, precisely the kind of thing The Gizmo™’s authors claim to want to prevent, boosting Russia’s ability to sow discord with virtually no effort.

Mark Warner’s Inconsistent Social Media Law-Mongering

October 5, 2017/4 Comments/in 2016 Presidential Election, Blogs Internet and New Media, Russian hacks /by emptywheel

Remember when, three weeks ago, people were shooting off their baby cannons because two reports kind of sort of claimed that Robert Mueller used a criminal search warrant to obtain details on Facebook’s ad sales to the Internet Research Association? I noted at the time that the logic behind those stories — that Facebook would have needed a warrant (as opposed to a 2703(d) order or a 702 directive) to obtain that information — was faulty. I’ve since become more certain that a D order was used in this case.

But since the stories were so dodgy, I assumed then they weren’t actually reporting about the investigation, but rather pressure on the part of Mark Warner to force Facebook to share the same data with Congress, including leaving (rather than just showing) ads.

And it worked! Last week and this week, Facebook did share those ads, with all the more leaks about them.

Unsurprisingly, Mark Warner is back, now insisting that Facebook should release all those ads that he or someone close to him just weeks ago was suggesting could only be released with a criminal search warrant, but now wants released with neither legal process nor a congressional oversight claim to force it.

I get why he wants that to happen. Even on top of informing the public about what happened in last year’s election, Warner would like to embarrass Facebook into accepting more sweeping regulation of political ads, which is a totally respectable goal.

But I find it amusing that the same people who, weeks ago, were certain that such materials were so private they could only be released with a search warrant are now arguing they should be released with no process whatsoever.

And whatever the beneficial goal here, there’s also the precedent of protection for private data. Do we really want it to be possible for (say) Russia to force Facebook to release all the information on the NGOs that target Russian users? Do we want Jeff Sessions’ DOJ to be able to force Facebook to release the details of those who oppose Trump without legal process?

I don’t expect Warner to be bound by those considerations — he’s trying to win a political battle (and doing a remarkably effective job). But I’d expect those reporting on this story to show some awareness of the claims they made about the sensitivity of this data just weeks ago.

In Praise of Day Two

October 2, 2017/7 Comments/in Blogs Internet and New Media /by Quinn Norton

I know everybody is looking at that thing right now on social media. Hang back — don’t tell me what’s happening with the active shooter. Don’t tell me about the flood in progress. I don’t need to know about the skewed path of the car or the janky homemade bomb that might have gone off a thousand miles from me. I don’t even need to know the path of the plume that might be spreading into that community, far from me.

I can wait for these stories. In fact, there’s nothing else I can do in the vast, truly vast, majority of cases.

I am not saying I want to be ignorant, I’m not for shutting off all the news. I would like to be aware, expand and deepen my understanding of the world. I would like to be able to position myself to act constructively, where I can. I would like to be in a position to inform and contextualize events for myself and others. But right now, the way we consume the news does the opposite. And that’s on you, dear reader. It’s understandable, and it’s natural, but it’s on you.

About a year into my journalism career my old editor sent me off to cover the launch of a very difficult to understand piece of technology. The specifics aren’t germane, but I had kept an eye on this for six months, and I was eager to cover it. I also had to get someone home from the hospital that day, so I knew filing on time wasn’t going to be easy. Still, I made the event, and hung around doing on and off the record interviews, looking at how everyone from schools to defense contractors were thinking about using this tech. I never got to publish my story. I was too late to file and my frustrated editor said we’d turn it into a day two story. We ran a wire story instead of mine. When I got up the next morning and read through everyone else’s coverage, I felt mightily vindicated. Nearly everyone had misunderstood the tech, just about every story was wrong. The ones that weren’t were just uninformative. I went and triumphantly pointed this out to my editor, and he said something that would shape my career ever after: “It doesn’t matter if you’re right, if no one reads you.”

It was true, and it hit me hard, harder than I think he realized. I could chase the scoop, I could evolve into the hot take, the fast and consolidated posts of tech news, with the occasional in-depth reporting as a reward for other work. But I was pretty sure I would not only be bad at all of those things, I would be miserable. But that was also the path to a staff job, benefits, something tangible for a resume. That was the career path, and I was on it.

I decided that if I couldn’t write the first story, then I’d try to write the last. I turned down a contract and said I’d stick with piecework. I decided that I could write slow, and build a mutual trust with my readers: I will put in the work, and you will click the link, after you’ve waited, because you know I’ve put in the work.

This has gone remarkably well for my career. Maybe not in money, but in every other way. I did work that was defining, work that came back to me in other art and media, in forms I never expected. I got to bring a depth into my writing that I’m proud of. Some pieces took a few days, or weeks, and some, I’ve been working on for years.

Looking at this way of producing information for you, and how much richer it’s been, sent me back to thinking about how I consume information, back to thinking about that day two story that sent my career in such a different direction. Those stories were still all wrong, and that was a fucking product launch. If that was so bad, what the hell was happening with wars and disasters and complex geopolitics? It was pretty clear by the 2000s we were getting all those wrong too. It’s only gotten worse from there. We all know it’s a disaster, and surely it’s Facebook’s fault, but I saw this starting before Facebook was a thing. I saw this before I was a journalist—back in the days of cable news. Facebook made it worse, but only because we wanted them to make it worse.

Right now we are swamped in news that is ultravioletly hyperemotional. You can actually feel media fritzing out your nervous system, and it’s not a metaphor. Media is an exhausting physical experience of fight or flight. I can watch and listen and read things delivered to me all day that make me feel like I’m dying, or like I want to die, from this quiet flat in this sedate neighborhood of Luxembourg*. It switches up, changes from one life ending moment to the next, a constant feed of urgency and importance we are addicted to like junkies who never even got to chase a high.

We chase lows. Lows feel important. But are they? For the people on the scene, they certainly are. But news is rarely written for the people who are being directly affected by events. They’re using direct and localized communications. The eviction, the hurricane, the shelter-in-place order, where your children are. The cancer diagnosis, the suicide, the kid who just OD’d. No one thinks you should read the news when these things are going on in your own life. You are the news, you are the statistic, but at the moment you’re the only one allowed to prioritize for action rather than emotion.

When it’s not about you, when you’re not there, all you do is respond with emotion. Rarely does our immediate emotional response help anyone, anywhere. Our informed awareness can help people, it can help the whole damn world, but there’s little academically, and even less in recent global results, to show that grabbing emotions creates informed awareness that people act on productively.

Here’s what I propose: Slow it down. If you’re hundreds of miles away, and not trying to find your family, wait for Day Two. Look for stories with depth and context that may not stimulate you, make you want to run and smash things or rip out your wallet at once. Maybe even wait for that news source trying to write the last story, outlets like Reveal and ProPublica are good for this. Consider the usefulness of you knowing something and where it fits into your ability to see the world and act before you decide to spend some of your precious time on Earth and limited mental space. Construct what you know out of quality information, don’t just consume everything and try to make something meaningful out of it later. That’s not your job. Let me, and my colleagues in the slow news business do our jobs, and give you something healthier for you, for us, for the whole damn planet. Day two stories, and the slow news they represent have always been what lets the body politic think and act like a better creature. It’s also hard in this environment of constant urgency and heightened emotionality, and stress makes it worse. But when we slow it down, when we take responsibility for how we construct our knowledge, we don’t make as many mistakes and we don’t get played so easily by bad actors.

Day one is always feelings, and day one feels like the story you need. Day two is when we can start to get it right. Wait for day two. Wait for next week, wait for the story that needs you.

*All the neighborhoods of Luxembourg are sedate.

My work for Emptywheel is supported by my wonderful patrons on Patreon. You can find out more, and support my work, at Patreon.

Facebook Anonymously Admits It IDed Guccifer 2.0 in Real Time

September 24, 2017/24 Comments/in Blogs Internet and New Media, Cybersecurity /by emptywheel

The headline of this story focuses on how Obama, in the weeks after the election, nine days before the White House declared the election, “free and fair from a cybersecurity perspective,” begged Mark Zuckerberg to take the threat of fake news seriously.

Now huddled in a private room on the sidelines of a meeting of world leaders in Lima, Peru, two months before Trump’s inauguration, Obama made a personal appeal to Zuckerberg to take the threat of fake news and political disinformation seriously. Unless Facebook and the government did more to address the threat, Obama warned, it would only get worse in the next presidential race.

But 26 paragraphs later, WaPo reveals a detail that should totally change the spin of the article: in June, Facebook not only detected APT 28’s involvement in the operation (which I heard at the time), but also informed the FBI about it (which, along with the further details, I didn’t).

It turned out that Facebook, without realizing it, had stumbled into the Russian operation as it was getting underway in June 2016.

At the time, cybersecurity experts at the company were tracking a Russian hacker group known as APT28, or Fancy Bear, which U.S. intelligence officials considered an arm of the Russian military intelligence service, the GRU, according to people familiar with Facebook’s activities.

Members of the Russian hacker group were best known for stealing military plans and data from political targets, so the security experts assumed that they were planning some sort of espionage operation — not a far-reaching disinformation campaign designed to shape the outcome of the U.S. presidential race.

Facebook executives shared with the FBI their suspicions that a Russian espionage operation was in the works, a person familiar with the matter said. An FBI spokesperson had no immediate comment.

Soon thereafter, Facebook’s cyber experts found evidence that members of APT28 were setting up a series of shadowy accounts — including a persona known as Guccifer 2.0 and a Facebook page called DCLeaks — to promote stolen emails and other documents during the presidential race. Facebook officials once again contacted the FBI to share what they had seen.

Like the U.S. government, Facebook didn’t foresee the wave of disinformation that was coming and the political pressure that followed. The company then grappled with a series of hard choices designed to shore up its own systems without impinging on free discourse for its users around the world. [my emphasis]

But the story doesn’t provide the details you would expect from such disclosures.

For example, where did Facebook see Guccifer 2.0? Did Guccifer 2.0 try to set up a Facebook account? Or, as sounds more likely given the description, did he/they use Facebook as a signup for the WordPress site?

More significantly, what did Facebook do with the DC Leaks account, described explicitly?

It seems Facebook identified, and — at least in the case of the DC Leaks case — shut down an APT 28 attempt to use its infrastructure. And it told FBI about it, at a time when the DNC was withholding its server from the FBI.

This puts this passage from Facebook’s April report, which I’ve pointed to repeatedly, in very different context.

Facebook is not in a position to make definitive attribution to the actors sponsoring this activity. It is important to emphasize that this example case comprises only a subset of overall activities tracked and addressed by our organization during this time period; however our data does not contradict the attribution provided by the U.S. Director of National Intelligence in the report dated January 6, 2017.

In other words, Facebook had reached this conclusion back in June 2016, and told FBI about it, twice.

And then what happened?

Again, I’m sympathetic to the urge to blame Facebook for this election. But this article describes Facebook’s heavy handed efforts to serve as a wing of the government to police terrorist content, without revealing that sometimes Facebook has erred in censoring content that shouldn’t have been. Then, it reveals Facebook reported Guccifer 2.0 and DC Leaks to FBI, twice, with no further description of what FBI did with those leads.

Yet from all that, it headlines Facebook’s insufficient efforts to track down other abuses of the platform.

I’m not sure what the answer is. But it sounds like Facebook was more forthcoming with the FBI about APT 28’s efforts than the DNC was.

Amid Promises to Share Ads with Congress, Some Other Interesting Promises

September 21, 2017/25 Comments/in 2016 Presidential Election, Blogs Internet and New Media, Russian hacks /by emptywheel

DC is atwitter with Facebook’s announcement that it can, after all, voluntarily share the same information it shared with Robert Mueller with Congress. As part of that announcement, it released a statement from their General Counsel, a Q&A addressing some of the questions that had been generating bad PR, and some promises of additional things Facebook will do to support democracy from Mark Zuckerberg.

I’m most interested in two details in Zuck’s statement. For example, this paragraph says Facebook will continue to look at what happened closely.

We will continue our investigation into what happened on Facebook in this election. We may find more, and if we do, we will continue to work with the government. We are looking into foreign actors, including additional Russian groups and other former Soviet states, as well as organizations like the campaigns, to further our understanding of how they used our tools. These investigations will take some time, but we will continue our thorough review. [my emphasis]

While the frenzy responding to this announcement has focused on Russian ads, Zuck just revealed that Facebook is also looking at what the campaigns did.

That would permit Facebook to look for any apparently similar activity from campaigns and Russian actors, as we have reason to believe there was. It also might suggest Facebook is reviewing to see whether Republican dark marketing served to suppress turnout, and if so in coordination with what other actors.

I’d really love to have this information, but note that it is a substantially different thing for Facebook to review Russian actions and for Facebook to review Democratic or Republican actions.

Then there’s the promise to work even more closely with other tech companies.

We will increase sharing of threat information with other tech and security companies. We already share information on bad actors on the internet through programs like ThreatExchange, and now we’re exploring ways we can share more information about anyone attempting to interfere with elections. It is important that tech companies collaborate on this because it’s almost certain that any actor trying to misuse Facebook will also be trying to abuse other internet platforms too.

I think I’m okay with this (and they’re legally permitted to do this in any case). But given my newfound obsession with the fact that with any of these global tech companies, you’re dealing with intelligence resources that might rival nation-state intelligence, I’m interested in Facebook’s efforts to expand the sharing.

Facebook, by itself, may not rival the NSA. But when you put together Facebook, Microsoft, Google, Twitter, and others, then you’re beginning to talk really powerful intelligence capabilities.

It’s good, I suppose, that that much technical power is going to hunt down Russians. But it might be worth pausing to imagine what else they might cooperate to hunt down.

Facebook Troll Account Events Happen in Wake of Guccifer 2.0 Released Targeting Data

September 20, 2017/8 Comments/in 2016 Presidential Election, Blogs Internet and New Media /by emptywheel

In this post, I noted that the Russian troll Facebook events identified to date — including an event that drew four people in Idaho — weren’t exactly a smoking gun showing the troll accounts had intervened meaningfully in the election.

The Daily Beast has found an account — which it assumes must be tied to Internet Research Agency because it was shut down the same time as the other IRA accounts were, which seems a fair assumption — that does appear to be more legitimately tied to the election.

The demonstrations—at least one of which was promoted online by local pro-Trump activists— brought dozens of supporters together in real life. They appear to be the first case of Russian provocateurs successfully mobilizing Americans over Facebook in direct support of Donald Trump.

The Aug. 20, 2016, events were collectively called “Florida Goes Trump!” and they were billed as a “patriotic state-wide flash mob,” unfolding simultaneously in 17 different cities and towns in the battleground state. It’s difficult to determine how many of those locations actually witnessed any turnout, in part because Facebook’s recent deletion of hundreds of Russian accounts hid much of the evidence. But videos and photos from two of the locations—Fort Lauderdale and Coral Springs—were reposted to a Facebook page run by the local Trump campaign chair, where they remain to this day.

“On August 20, we want to gather patriots on the streets of Floridian towns and cities and march to unite America and support Donald Trump!” read the Facebook event page for the demonstrations. “Our flash mob will occur in several places at the same time; more details about locations will be added later. Go Donald!”

The Florida flash mob was one of at least four pro-Trump or anti-Hillary Clinton demonstrations conceived and organized over a Facebook page called “Being Patriotic,” and a related Twitter account called “march_for_trump.” (The Daily Beast identified the accounts in a software-assisted review of politically themed social-media profiles.)

Being Patriotic had 200,000 followers and the strongest activist bent of any of the suspected Russian Facebook election pages that have so far emerged.

Unlike the previously reported events, the Florida ones took place in a swing state. And the numbers represent more significant turnout than other reported events.

I’m also interested that these events happened in FL — and happened in late August — for another reason. Florida was the first of the swing states for which Guccifer 2.0 publicly released DCCC data, including targeting information. He released that information via his website on August 15, admittedly too close to the rallies to do much good, but early enough to know they were available before the rallies. But by that point, HelloFLA already had (and had released) documents.

As I have said, we don’t have to prove that Republicans helped the IRA target ads, because we already know that Russians obtained targeting information by stealing it from the Democrats. It just so happens that this first instance where Facebook events might affect the Presidential came in the wake of targeting information for key congressional districts became publicly available (and therefore deniable for entities more closely with with Russia).

Can Congress — or Robert Mueller — Order Facebook to Direct Its Machine Learning?

September 19, 2017/7 Comments/in Blogs Internet and New Media, Cybersecurity, emptywheel, EO 12333, Mueller Probe /by emptywheel

The other day I pointed out that two articles (WSJ, CNN) — both of which infer that Robert Mueller obtained a probable cause search warrant on Facebook based off an interpretation that under Facebook’s privacy policy a warrant would be required — actually ignored two other possibilities. Without something stronger than inference, then, these articles do not prove Mueller got a search warrant (particularly given that both miss the logical step of proving that the things Facebook shared with Mueller count as content and not business records).

In response to that and to this column arguing that Facebook should provide more information, some of the smartest surveillance lawyers in the country discussed what kind of legal process would be required, but were unable to come to any conclusions.

Last night, WaPo published a story that made it clear Congress wanted far more than WSJ and CNN had suggested (which largely fell under the category of business records and the ads posted to targets, the latter of which Congress had been able to see but not keep). What Congress is really after is details about the machine learning Facebook used to identify the malicious activity identified in April and the ads described in its most recent report, to test whether Facebook’s study was thorough enough.

A 13-page “white paper” that Facebook published in April drew from this fuller internal report but left out critical details about how the Russian operation worked and how Facebook discovered it, according to people briefed on its contents.

Investigators believe the company has not fully examined all potential ways that Russians could have manipulated Facebook’s sprawling social media platform.

[snip]

Congressional investigators are questioning whether the Facebook review that yielded those findings was sufficiently thorough.

They said some of the ad purchases that Facebook has unearthed so far had obvious Russian fingerprints, including Russian addresses and payments made in rubles, the Russian currency.

Investigators are pushing Facebook to use its powerful data-crunching ability to track relationships among accounts and ad purchases that may not be as obvious, with the goal of potentially detecting subtle patterns of behavior and content shared by several Facebook users or advertisers.

Such connections — if they exist and can be discovered — might make clear the nature and reach of the Russian propaganda campaign and whether there was collusion between foreign and domestic political actors. Investigators also are pushing for fuller answers from Google and Twitter, both of which may have been targets of Russian propaganda efforts during the 2016 campaign, according to several independent researchers and Hill investigators.

“The internal analysis Facebook has done [on Russian ads] has been very helpful, but we need to know if it’s complete,” Schiff said. “I don’t think Facebook fully knows the answer yet.”

[snip]

In the white paper, Facebook noted new techniques the company had adopted to trace propaganda and disinformation.

Facebook said it was using a data-mining technique known as machine learning to detect patterns of suspicious behavior. The company said its systems could detect “repeated posting of the same content” or huge spikes in the volume of content created as signals of attempts to manipulate the platform.

The push to do more — led largely by Adam Schiff and Mark Warner (both of whom have gotten ahead of the evidence at times in their respective studies) — is totally understandable. We need to know how malicious foreign actors manipulate the social media headquartered in Schiff’s home state to sway elections. That’s presumably why Facebook voluntarily conducted the study of ads in response to cajoling from Warner.

But the demands they’re making are also fairly breathtaking. They’re demanding that Facebook use its own intelligence resources to respond to the questions posed by Congress. They’re also demanding that Facebook reveal those resources to the public.

Now, I’d be surprised (pleasantly) if either Schiff or Warner made such detailed demands of the NSA. Hell, Congress can’t even get NSA to count how many Americans are swept up under Section 702, and that takes far less bulk analysis than Facebook appears to have conducted. And Schiff and Warner surely would never demand that NSA reveal the extent of machine learning techniques that it uses on bulk data, even though that, too, has implications for privacy and democracy (America’s and other countries’). And yet they’re asking Facebook to do just that.

And consider how two laws might offer guidelines, but (in my opinion) fall far short of authorizing such a request.

There’s Section 702, which permits the government to oblige providers to provide certain data on foreign intelligence targets. Section 702’s minimization procedures even permit Congress to obtain data collected by the NSA for their oversight purposes.

Certainly, the Russian (and now Macedonian and Belarus) troll farms Congress wants investigated fall squarely under the definition of permissible targets under the Foreign Government certificate. But there’s no public record of NSA making a request as breathtaking as this one, that Facebook (or any other provider) use its own intelligence resources to answer questions the government wants answered. While the NSA does draw from far more data than most people understand (including, probably, providers’ own algorithms about individually targeted accounts), the most sweeping request we know of involves Yahoo scanning all its email servers for a signature.

Then there’s CISA, which permits providers to voluntarily share cyber threat indicators with the federal government, using these definitions:

(A) IN GENERAL.—Except as provided in subparagraph (B), the term “cybersecurity threat” means an action, not protected by the First Amendment to the Constitution of the United States, on or through an information system that may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system.

(B) EXCLUSION.—The term “cybersecurity threat” does not include any action that solely involves a violation of a consumer term of service or a consumer licensing agreement.

(6) CYBER THREAT INDICATOR.—The term “cyber threat indicator” means information that is necessary to describe or identify—

(A) malicious reconnaissance, including anomalous patterns of communications that appear to be transmitted for the purpose of gathering technical information related to a cybersecurity threat or security vulnerability;

(B) a method of defeating a security control or exploitation of a security vulnerability;

(C) a security vulnerability, including anomalous activity that appears to indicate the existence of a security vulnerability;

(D) a method of causing a user with legitimate access to an information system or information that is stored on, processed by, or transiting an information system to unwittingly enable the defeat of a security control or exploitation of a security vulnerability;

(E) malicious cyber command and control;

(F) the actual or potential harm caused by an incident, including a description of the information exfiltrated as a result of a particular cybersecurity threat;

(G) any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law; or

(H) any combination thereof.

Since January, discussions of Russian tampering have certainly collapsed Russia’s efforts on social media with their various hacks. Certainly, Russian abuse of social media has been treated as exploiting a vulnerability. But none of this language defining a cyber threat indicator envisions the malicious use of legitimate ad systems.

Plus, CISA is entirely voluntary. While Facebook thus far has seemed willing to be cajoled into doing these studies, that willingness might change quickly if they had to expose their sources and methods, just as NSA clams up every time you ask about their sources and methods.

Moreover, unlike the sharing provisions in 702 minimization procedures, I’m aware of no language in CISA that permits sharing of this information with Congress.

Mind you, part of the problem may be that we’ve got global companies that have sources and methods that are as sophisticated as those of most nation-states. And, inadequate as they are, Facebook is hypothetically subject to more controls than nation-state intelligence agencies because of Europe’s data privacy laws.

All that said, let’s be aware of what Schiff and Warner are asking for, however justified it may be from a investigative standpoint. They’re asking for things from Facebook that they, NSA’s overseers, have been unable to ask from NSA.

If we’re going to demand transparency on sources and methods, perhaps we should demand it all around?

The (Thus Far) Flimsy Case for Republican Cooperation on Russian Targeting

September 16, 2017/27 Comments/in 2016 Presidential Election, Blogs Internet and New Media, Cybersecurity, Mueller Probe, Russian hacks /by emptywheel

A number of credulous people are reading this article this morning and sharing it, claiming it is a smoking gun supporting the case that Republicans helped the Russians target their social media, in spite of this line, six paragraphs in.

No evidence has emerged to link Kushner, Cambridge Analytica, or Manafort to the Russian election-meddling enterprise;

Not only is there not yet evidence supporting the claim that Republican party apparatchiks helped Russians target their social media activity, not only does the evidence thus far raise real questions about the efficacy of what Russia did (though that will likely change, especially once we learn more about other platforms), but folks arguing for assistance are ignoring already-public evidence and far more obvious means by which assistance might be obtained.

Don’t get me wrong. I’m acutely interested in the role of Cambridge Analytica, the micro-targeting company that melds Robert Mercer’s money with Facebook’s privatized spying (and was before it was fashionable). I first focused on Jared Kushner’s role in that process, which people are gleefully discovering now, back in May. I have repeatedly said that Facebook — which has been forthcoming about analyzing and sharing (small parts) of its data — and Twitter — which has been less forthcoming — and Google — which is still channeling Sargent Schultz — should be more transparent and have independent experts review their methodology. I’ve also been pointing out, longer than most, of the import of concentration among social media giants as a key vulnerability Russia exploited. I’m particularly interested in whether Russian operatives manipulated influencers — on Twitter, but especially in 4Chan — to magnify anti-Hillary hostility. We may find a lot of evidence that Russia had a big impact on the US election via social media.

But we don’t have that yet and people shooting off their baby cannons over the evidence before us and over mistaken interpretations about how Robert Mueller might get Facebook data are simply degrading the entire concept of evidence.

The first problem with these arguments is an issue of scale. I know a slew of articles have been written about how far $100K spent on Facebook ads go. Only one I saw dealt with scale, and even that didn’t do so by examining the full scale of what got spent in the election.

Hillary Clinton spent a billion dollars on losing last year. Of that billion, she spent tens of millions paying a 100-person digital media team and another $1 million to pay David Brock to harass people attacking Hillary on social media (see this and this for more on her digital team). And while you can — and I do, vociferously — argue she spent that money very poorly, paying pricey ineffective consultants and spending on ads in CA instead of MI, even the money she spent wisely drowns out the (thus far identified) Russian investment in fake Facebook ads. Sure, it’s possible we’ll learn Russians exploited the void in advertising left in WI and MI to sow Hillary loathing (though this is something Trump’s people have explicitly taken credit for), but we don’t have that yet.

The same is true on the other side, even accounting for all the free advertising the sensationalist press gave Trump. Sheldon Adelson spent $82 million last year, and it’s not like that money came free of demands about policy outcomes involving a foreign country. The Mercers spent millions too (and $25 million total for the election, though a lot of that got spent on Ted Cruz), even before you consider their long-term investments in Breitbart and Cambridge Analytica, the former of which is probably the most important media story from last year. Could $100K have an effect among all this money sloshing about? Sure. But by comparison it’d be tiny, particularly given the efficacy of the already established right wing noise machine backed by funding orders of magnitude larger than Russia’s spending.

Then there’s what we know thus far about how Russia spent that money. Facebook tells us (having done the kind of analysis that even the intelligence community can’t do) that these obviously fake ads weren’t actually focused primarily on the Presidential election.

The vast majority of ads run by these accounts didn’t specifically reference the US presidential election, voting or a particular candidate.

Rather, the ads and accounts appeared to focus on amplifying divisive social and political messages across the ideological spectrum — touching on topics from LGBT matters to race issues to immigration to gun rights.

About one-quarter of these ads were geographically targeted, and of those, more ran in 2015 than 2016.

That’s not to say sowing discord in the US has no effect, or even no effect on the election. But thus far, we don’t have evidence showing that Russia’s Facebook trolls were (primarily) affirmatively pushing for Trump (though their Twitter trolls assuredly were) or that the discord they fostered happened in states that decided the election.

Now consider what a lot of breathless reporting on actual Facebook ads have shown. There was the article showing Russia bought ads supporting an anti-immigrant rally in Twin Falls, ID. The ad in question showed that just four people claimed to attend this rally in the third most Republican state. Another article focused on ads touting events in Texas. While the numbers of attendees are larger, and Texas will go Democratic long before Idaho does, we’re still talking relatively modest events in a state that was not going to decide the election.

To show Russia’s Facebook spending had a measurable impact on last year’s election, you’d want to focus on MI, WI, PA, and other close states. There were surely closely targeted ads that, particularly in rural areas where the local press is defunct and in MI where there was little advertising (WI had little presidential advertising, but tons tied to the Senate race) where such social media had an important impact; thus far it’s not clear who paid for them, though (again, Trump’s campaign has boasted about doing just that).

Additionally, empiricalerror showed that a number of the identifiably Russian ads simply repurposed existing, American ads.

That’s not surprising, as the ads appear to follow (not lead) activities that happened on far right outlets, including both Breitbart and Infowars. As with the Gizmo that tracks what it claims are Russian linked accounts and thereby gets credulous journalists to claim campaigns obviously pushed by Americans are actually Russian plots, it seems Russian propaganda is following, not leading, the right wing noise machine.

So thus far what we’re seeing is the equivalent of throwing a few matches on top of the raging bonfire that is the well established, vicious, American-funded inferno of far right media. That’s likely to change, but that’s what we have thus far.

But as I said, all this ignores one other key point: We already have evidence of assistance on the election.

Except, it went the opposite direction from where everyone is looking, hunting for instances where Republicans helped Russians decide to buy ads in Idaho that riled up 4 people.

As I reminded a few weeks back, at a time when Roger Stone and (we now know) a whole bunch of other long-standing GOP rat-fuckers were reaching out to presumed Russian hackers in hopes of finding Hillary’s long lost hacked Clinton Foundation emails, Guccifer 2.0 was reaching out to journalists and others with close ties to Republicans to push the circulation of stolen DCCC documents.

That is, the persona believed to be a front for Russia was distributing documents on House races in swing states such that they might be used by Republican opponents. Some of that data could be used for targeting.

Now, I have no idea whether Russia would risk doing more without some figure like Guccifer 2.0 to provide deniability. That is, I have no idea whether Russia would go so far as take more timely and granular data about Democrats’ targeting decisions and share that with Republicans covertly (in any case, we are led to believe that data would be old, no fresher than mid-June). But we do know they were living in the Democrats’ respective underwear drawers for almost a year.

And Russia surely wouldn’t need a persona like Guccifer 2.0 if they were sharing stolen data within Russia. If the FSB stole targeting data during the 11 months they were in the DNC servers, they could easily share that data with the Internet Research Association (the troll farm the IC believes has ties to Russian intelligence) so IRA can target more effectively than supporting immigration rallies in Idaho Falls.

Which is a mistake made by many of the sources in the Vanity Fair article everyone keeps sharing, the assumption that the only possible source of targeting help had to be Republicans.

We already know the Russians had help: they got it by helping themselves to campaign data in Democratic servers. It’s not clear they would need any more. Nor, absent proof of more effective targeting, is there any reason to believe that the dated information they stole from the Democrats wouldn’t suffice to what we’ve seen them do. Plus, we’ve never had clear answers whether or not Russians weren’t burrowed into far more useful data in Democratic servers. (Again, I think Russia’s actions with influencers on social media, particularly via 4Chan, was far more extensive, but that has more to do with HUMINT than with targeting.)

So, again, I certainly think it’s possible we’ll learn, down the road, that Republicans helped Russians figure out where to place their ads. But we’re well short of having proof of that right now, and we do have proof that some targeting data was flowing in the opposite direction.

Update: This post deals with DB’s exposure of a FB campaign organizing events in FL, which gets us far closer to something of interest. Those events came in the wake of Guccifer 2.0 releasing FL-based campaign information.

Twitter Asked to Tell Reality Winner the FBI Had Obtained Her Social Media Activity

September 11, 2017/2 Comments/in Blogs Internet and New Media, Leak Investigations /by emptywheel

Last week, the Augusta Chronicle reported that the government had unsealed notice that it had obtained access to Reality Winner’s phone and social media metadata. Altogether, the government obtained metadata from her AT&T cell phone, two Google accounts, her Facebook and Instagram accounts, and her Twitter account. Of those providers, it appears that only Twitter asked to tell Winner the government had obtained that information. The government obtained the 2703(d) order on June 13. On June 26, Twitter asked the FBI to rescind the non-disclosure order. In response, FBI got a 180-day deadline on lifting the gag; then on August 31, the FBI asked the court to unseal the order for Twitter, as well as the other providers.

The applications all include this language on Winner’s use of Tor, and more details about using a thumb drive with a computer last November.

During the search of her home, agents found spiral-bound notebooks in which the defendant had written information about setting up a single-use “burner” email account, downloading the TOR darkweb browser at its highest security setting, and unlocking a cell phone to enable the removal and replacement of its SIM card. Agents also learned, and the defendant admitted, that the defendant had inserted a thumb drive into a classified computer in November 2016, while on active duty with the U.S. Air Force and holding a Top Secret/SCI clearance. The defendant claimed to have thrown the thumb drive away in November 2016, and agents have not located the thumb drive.

Given that the FBI applied for and eventually unsealed the orders in all these cases, it provides a good way to compare what the FBI asks for from each provider — which gives you a sense of how the FBI actually uses these metadata requests to get a comprehensive picture of all the aliases, including IP addresses, someone might use. The MAC and IP addresses, in particular, would be very valuable to identify any of her otherwise unidentified device and Internet usage. Note, too, that AT&T gets asked to share all details of wire communications sent using the phone — so any information, including cell tower location, an app shares with AT&T would be included in that. AT&T, of course, tends to interpret surveillance requests broadly.

Though note: the prosecutor here pretty obviously cut and paste from the Google request for the social media companies, given that she copied over the Google language on cookies in her Twitter request.

AT&T

AT&T Corporation is required to disclose the following records and other information, if available, to the United States for each Account listed in Part I of this Attachment, for the time period beginning June 1, 2016, through and including June 7, 2017:

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses. Electronic Serial Numbers (“ESN”), Mobile Electronic Identity Numbers (“MEIN”), Mobile Equipment Identifier (“MEID”), Mobile Identification Numbers (“MIN”), Subscriber Identity Modules (“SIM”), Mobile Subscriber Integrated Services Digital Network Number (“MSISDN”), International Mobile Subscriber Identifiers (“IMSl”), or International Mobile Equipment Identities (“IMEI”));
7. Other subscriber numbers or identities (including the registration Internet Protocol (“IP”) address); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to wire and electronic communications sent from or received by the Account, including the date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers), and including information regarding the cell towers and sectors through which the communications were sent or received.

Records of any accounts registered with the same email address, phone number(s), or method(s) of payment as the account listed in Part I.

Google

Google is required to disclose the following records and other information, if available, to the United States for each account or identifier listed in Part 1 of this Attachment (“Account”), for the time period beginning June 1, 2016, through and including June 7,2017:

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Internet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Internet Protocol addresses;
2. Information about each communication sent or received by the Account, including the date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers);
3. Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address as either of the accounts listed in Part 1; and Records of any accounts that are linked to either of the accounts listed in Part 1 by machine cookies (meaning all Google user IDs that logged into any Google account by the same machine as either of the accounts in Part

Facebook/Instagram

Facebook, Inc. is required to disclose tbe following records and other information, if available, to the United States for each account or identifier listed in Part 1 of this Attachment (“Account”),
for the time period beginning June 1, 2016, through and including June 7, 2017:

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Intemet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Intemet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Intemet Protocol addresses;
2. Information about each communication sent or received by tbe Account, including tbe date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers). Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address as either of the accounts listed in Part I; and
3. Records of any accounts that are linked to either of the accounts listed in Part I by machine cookies (meaning all Facebook/Instagram user IDs that logged into any Facebook/Instagram account by the same machine as either of the accounts in Part I).

Twitter

Twitter, Inc. is required to disclose the following records and other information, if available, to the United States for each account or identifier listed in Part 1 of this Attachment (“Account”), for the time period beginning June 1,2016, through and including June 7,2017:

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Internet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Internet Protocol addresses;
2. Information about each communication sent or received by the Account, including the date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers).
3. Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address the account listed in Part I; and
4. Records of any accounts that are linked to the account listed in Part I by machine cookies (meaning all Google [sic] user IDs that logged into any Google [sic] account by the same machine as the account in Part I).