Yevgeniy Prigozhin Continues to Troll Both Online and in the Courts

xkcd comic used under Creative Commons license — available online at https://imgs.xkcd.com/comics/free_speech.png

The trolls are engaging in lawfare again.

For some time, I’ve been fascinated by the way, particularly in the wake of the 2016 election tampering, Russians have engaged in lawfare to score political points against the US. There were the multiple lawsuits pertaining to the Steele dossier. There was Concord Management’s unexpected defense in the Internet Research Agency indictment. Last week, Yevgeniy Prigozhin’s trolls struck again, this time suing Facebook for deleting the account of Federal Agency of News on April 3, 2018.

I’m a bit mystified by this suit. It may be a moonshot bid to learn more about Mueller’s investigation and insinuate that Facebook is an agent of the US government. More likely, it may be as much about pressuring Facebook in Russia as it is about winning reinstatement on Facebook.

Another Prigozhin attempt to use lawfare to embarrass the US government (and their willing partner Facebook!)

As with Concord’s defense, Prigozhin has hired legit American lawyers for the lawfare. But unlike Concord’s defense, it’s not clear how seriously to take this effort. The suit complains, in significant part, that Facebook has deprived FAN of its First Amendment rights.

FAN’s publications and posts on Facebook were the exercise of its constitutionally protected freedom of speech to inform the general public of historical and current events in politics, entertainment and other areas of public interest.

Facebook violated FAN’s First Amendment rights by deleting the contents of FAN’s Facebook Page and blocking FAN’s access to its Facebook account.

Facebook took action against FAN in an effort to silence and deter FAN’s free speech.

Facebook violated FAN’s First Amendment rights solely on account of its and its members’ national origin.

As xkcd famously explained once, that’s not the way the First Amendment works. It only prevents the government from limiting speech. Facebook is a private company, and it can boot whatever users it sees fit. But FAN may be trying to do two things. First, by treating Facebook’s terms of service as a contract, it claims it fulfilled its side of the relationship, but Facebook nevertheless deleted its account.

FAN complied with the terms of the Contract by properly registering with Facebook, paying any fees that were due and complying with all applicable terms of service.

At no time did FAN violate the terms of the contract.

Despite its contractual obligation to provide FAN with access to Facebook. Facebook breached the contract by removing FAN’s Facebook account and blocking FAN’s content without a legitimate reason.

Then, by tying Facebook’s efforts to crack down on Russian trolls to US government efforts to respond to Russia’s 2016 operation, I suspect it is trying to argue that Facebook deleted FAN’s account as an agent of the US government, thereby amounting to a First Amendment violation. The very first section of the complaint’s Background description details, “Facebook and the United States Government Target Russian Websites.” Among other details to substantiate that effort, it cites:

  • The January 2017 Intelligence Community Assessment that described “a close Putin ally with ties to Russian intelligence” funding the Internet Research Agency
  • Former Facebook CISO Alex Stamos’ statements, which went overboard in trying to assure people they were hunting down all Russian influence operations, “even those with very weak signals of a connection and not associated with any known organized effort”
  • Mark Zuckerberg’s comments that Facebook was “actively working with the U.S. government on its ongoing investigations into Russian interference”

As the lawsuit lays out, when Facebook removed FAN’s account in April, both Stamos and Zuck said they were doing so solely because FAN was controlled by the Internet Research Association.

All that said, it’s still highly unlikely this will work. I’m not sure if any of the CA-specific complaints will either, but like I said, this is a moonshot.

Prigozhin’s corporate laundromat

To make the argument at all, of course, FAN has to dismiss the presumed and explicit reasons Facebook banned them, starting with the accusation that they’re tied to IRA. In part, that involves claiming that IRA was disbanded in 2016.

Upon information and belief, the IRA was liquidated on or about December 28, 2016.

It also describes the new digs FAN got in 2015, after cohabiting with IRA for a year.

At the time of FAN’s incorporation and until in or about the middle of 2015, FAN and the IRA were located in the same building at 55A Savushkina Street, Saint Petersburg, the Russian Federation, 197183.

In or about the beginning of 2015, FAN searched for new premises that would be more convenient for its business with regard to a larger space for the office premises. On July 1, 2015, FAN moved to a business center at 23J Krasnogvardeiskiy Lane, Saint Petersburg, 197342.

But it also involves denying claims made in the complaint against Elena Alekseevna Khusyaynova that was filed in September but not unsealed until October, events that post-dated Facebook’s banning of FAN by over five months. In that complaint, FBI Agent David Holt had alleged that FAN was one of the entities that helped obscure Project Lakhta’s disinformation efforts.

Beginning in or around mid-2014 and continuing to the present, Project Lakhta obscured its conduct by operating through a number of Russian entities, including Internet Research Agency LLC (“IRA”), Internet Research LLC, MediaSintez LLC, GlavSet LLC, MixInfo LLC, Azimut LLC, NovInfo LLC, Nevskiy News LLC (a/k/a “NevNov”), Economy Today LLC, National News LLC, Federal News Agency LLC (a/k/a “FAN”), and International News Agency (a/k/a “MAN”).

The complaint claims FAN has nothing to do with these efforts, in part by denying (correctly, by all public accounts) that Lakhta is a legal entity.

FAN has no knowledge of “Project Lakhta”. There is no known business or other organization in the Russian Federation that operates under such name. To the extent it is some sort of informal organization, FAN is unaware of its membership, goals or methods of operation.

FAN is not an entity within “Project Lakhta” and has no relationship with “Project Lakhta”, the IRA or GlavSet. To the contrary, FAN is a news gathering and dissemination organization. In that capacity, FAN gathers news from conventional sources and adheres to journalistic standards in its operations.

Denying any tie to IRA and Lakhta, however, also involves making claims about Khusyaynova that directly conflict with the claims in the complaint. Khusyaynova, the lawsuit claims, is FAN’s accountant, but that’s the only place she works.

Ms. Khusyaynova has been FAN’s chief accountant since at least August 2, 2016. As such, Ms. Khusyaynova has been involved in FAN’s day-to-day accounting operations, including the purchase of office equipment and furniture and payments for advertising or other business contracts as assigned by Mr. Zubarev in his capacity as the General Director of FAN.

As the Chief Accountant, Ms. Khusyaynova’s duties are akin to those of a bookkeeper in the United States. She is not an officer of FAN, does not exercise discretionary authority over the editorial content of FAN’s publications and is not aware of what stories are going to be published or not published.

To the best of FAN’s knowledge, Ms. Khusyaynova’s sole employment is with FAN. In fact, she has explicitly stated that FAN is her sole employer and that she does not provide any services to any other entity and denies any involvement with “Project Lakhta”.

FAN has no reason to believe that Ms. Khusyaynova or any of its employees were providing services to another entity, much less to an entity under the umbrella of “Project Lakhta”.

And it’s not just Khusyaynova about whom FAN must make claims that dispute those made by the US government. The complaint does the same of Aleksandra Yurievna Krylova, who was accused in the IRA indictment of planning and carrying out an intelligence gathering trip to the US in 2014.

Defendant ALEKSANDRA YURYEVNA KRYLOVA (Крылова Александра Юрьевна) worked for the ORGANIZATION from at least in or around September 2013 to at least in or around November 2014. By approximately April 2014, KRYLOVA served as director and was the ORGANIZATION’s third-highest ranking employee. In 2014, KRYLOVA traveled to the United States under false pretenses for the purpose of collecting intelligence to inform the ORGANIZATION’s operations.

[snip]

Only KRYLOVA and BOGACHEVA received visas, and from approximately June 4, 2014 through June 26, 2014, KRYLOVA and BOGACHEVA traveled in and around the United States, including stops in Nevada, California, New Mexico, Colorado, Illinois, Michigan, Louisiana, Texas, and New York to gather intelligence. After the trip, KRYLOVA and BURCHIK exchanged an intelligence report regarding the trip.

Here, the lawsuit has a bit more difficulty just dismissing ties. It admits that Krylova was the founder and first director of FAN, but in that passage of the lawsuit declines to mention when that was.

The founder and first General Director of FAN was Aleksandra Yurievna Krylova. The Special Counsel has alleged that Krylova was an employee of the IRA from in or around September 2013 to in or around November 2014. FAN has no knowledge of this allegation and therefore does not know if it is accurate or not.

But as the lawsuit admits elsewhere, FAN was incorporated on May 22, 2014.

On May 22, 2014, FAN was incorporated in order to satisfy public needs of Russian and foreign legal entities and individuals by way of gathering, transmitting and supplying domestic and international news reports and other publications of public interest.

So at the time Krylova traveled to the US (while hiding her true purpose, thereby committing visa fraud), she had just recently formed FAN.

All this is no big deal, the lawsuit suggests, because FAN doesn’t know anything about it and besides it has been a long time.

Anna Vitalyevna Botneva succeeded Krylova as General Director of FAN, on November 17, 2014, and on December 24, 2014, Krylova sold 100% of the company’s shares to Botneva.

[snip]

At the time of Ms. Krylova’s indictment, she had no connection with FAN for more than three years.

At the time of Krylova’s indictment, of course, she also had had no connection with IRA for the same length of time.

FAN is silent about how long Botneva ran the show and how long she remained the sole shareholder. What it does make clear is that Evgeniy Lvovich Zubarev — the guy who’s being fronted as a plaintiff and the one who presumably would be asked to claim to have ignorance of IRA’s ties to FAN and Khusyaynova’s day job — became the sole shareholder last year.

Since August 2, 2016, Evgeniy Lvovich Zubarev has been the General Director of FAN, and since April 5, 2017, he has been the sole shareholder of the company.

In preparation of the Concord Management challenge of the IRA indictment, Prigozhin got himself named the director, which would give him the opportunity to claim to need to review discovery. This feels like the opposite: the creation of a figurehead who can claim to be dumb and dissociated from Prigozhin’s other efforts.

I highly doubt this well get very far (in part, because FAN would have to provide better proof than it has provided that these things are true).

A set-up to claim Facebook is conducting influence operations in Russia

Which finally brings us to where I think this is going. A First Amendment claim here in the US is unlikely to get anywhere, though it does give Russian propagandists an opportunity to claim Russia is being deplatformed by American social media along with the Nazis and terrorists.

But how Russia will use this argument within Russia is another matter. The lawsuit describes its injury, in part, in terms of a loss of access in Russia.

As of October 2018, FAN is ranked among the Top 35 most visited websites in Russia by LiveInternet, one of the largest Russian internet blogging platforms; among the Top 20 by Mail.ru, a Russian internet company which reaches approximately 86% of Russian internet users per month; and among the Top 25 by Rambler, a Russian search engine and one of the biggest Russian web portals.

Many of FAN’s subscribers are also Facebook users who for at least the past four years were able to access FAN through Facebook and who did, in fact, access FAN through Facebook.

That is, FAN is making an argument that it has lost Russian readers, not just American ones, because of Facebook’s actions.

And, in the last line of the introduction, the lawsuit uses language that (I could imagine) Russia might use in the future to accuse Facebook of conducting its own influence operations.

Facebook seeks to dictate news content based upon its own political view point thereby attempting to influence the public media coverage of internal political events in the Russian Federation.

After laying out a claim that Facebook was acting as an agent of the US government in cutting off trolls, it ends with a suggestion that Facebook’s real goal here is to influence “internal political events” within Russia.

That, I suspect, is the real purpose of this effort, setting up a future attack against Facebook operating in Russia.

Mueller to Yevgeniy Prigozhin: Sure You Can Have Discovery … If You Come to the United States to Get It

This Concord Management filing, from Mueller’s team, is attracting a lot of attention because Mueller predictably asked for a protective order and said Russians are still engaging in information operations (so are we!!). Since we covered the certainty that there’d be a protective order in this case over a month ago, I’m going to focus on some other interesting tidbits about this filing.

As a reminder, Concord Management is a company owned by close Putin ally Yevgeniy Prigozhin. Concord is accused in the Internet Research Agency indictment of funding the troll operation.

Defendants CONCORD MANAGEMENT AND CONSULTING LLC (Конкорд Менеджмент и Консалтинг) and CONCORD CATERING are related Russian entities with various Russian government contracts. CONCORD was the ORGANIZATION’s primary source of funding for its interference operations. CONCORD controlled funding, recommended personnel, and oversaw ORGANIZATION activities through reporting and interaction with ORGANIZATION management.

[snip]

To conceal its involvement, CONCORD labeled the monies paid to the ORGANIZATION for Project Lakhta as payments related to software support and development. To further conceal the source of funds, CONCORD distributed monies to the ORGANIZATION through approximately fourteen bank accounts held in the names of CONCORD affiliates, including Glavnaya Liniya LLC, Merkuriy LLC, Obshchepit LLC, Potentsial LLC, RSP LLC, ASP LLC, MTTs LLC, Kompleksservis LLC, SPb Kulinariya LLC, Almira LLC, Pishchevik LLC, Galant LLC, Rayteks LLC, and Standart LLC.

The indictment accuses Prigozhin of supervising the operation closely enough to have been saluted by troll operations in the US.

PRIGOZHIN approved and supported the ORGANIZATION’s operations, and Defendants and their co-conspirators were aware of PRIGOZHIN’s role.

For example, on or about May 29, 2016, Defendants and their co-conspirators, through an ORGANIZATION-controlled social media account, arranged for a real U.S. person to stand in front of the White House in the District of Columbia under false pretenses to hold a sign that read “Happy 55th Birthday Dear Boss.” Defendants and their co-conspirators informed the real U.S. person that the sign was for someone who “is a leader here and our boss . . . our funder.” PRIGOZHIN’s Russian passport identifies his date of birth as June 1, 1961.

When Concord moved to defend itself, it presented the possibility that it and Prigozhin would obtain discovery, and via Prigozhin, everyone else in Russia who was part of this operation, up to and including Putin. Indeed, the Mueller filing makes it quite clear that is the intent of the defense attorneys. They explicitly asked to share information with co-defendants that serve as officers of Concord, which can only mean they want to share information with Prigozhin.

In its initial proposed protective order, the government proposed a complete prohibition on sharing discovery with any co-defendant charged in this criminal case, whether individual or organizational. Defense counsel proposed that they be permitted to share discovery with a codefendant if that co-defendant is an officer or employee of Concord Management. To the government’s knowledge, the only charged defendant in this category is Yevgeniy Viktorovich Prigozhin, who was charged individually for conspiring to defraud the United States, in violation of 18 U.S.C. § 371.

So this dispute over the protective order is an effort to continue with the prosecution, while ensuring that Russia doesn’t obtain important information on the investigation into the operation by doing so.

Before I get into how Mueller’s team proposes to resolve the dispute, it’s worth reviewing the data in question, because that’s actually one of the most interesting parts of this filings. Apparently, the government used no classified information in the investigation of social media trolling (or parallel constructed whatever they did use).

As described further in the government’s ex parte affidavit, the discovery in this case contains unclassified but sensitive information that remains relevant to ongoing national security investigations and efforts to protect the integrity of future U.S. elections. [my emphasis]

Later, the filing makes it clear that much of the evidence in the case came from US providers — surely Facebook and Twitter and others.

The evidence includes data related to hundreds of social media accounts, as well as evidence obtained from email providers, internet service providers, financial institutions, and other sources. Additionally, the need to produce much of the data in its original format (formats that include, for example, Excel and HTML files) makes it infeasible to make certain redactions without compromising expeditious review of the data.

These two details confirm a point I made in March: this indictment really doesn’t rely on information as secret as many reporters claimed. It relies on stuff you get from social media providers.

And contrary to what NBC says about the heavy reliance, in the Internet Research Agency indictment, “on secret intelligence gathered by the CIA, the FBI, the National Security Agency (NSA) and the Department of Homeland Security (DHS),” it really wasn’t all that sophisticated from a cybersecurity standpoint. Especially not once you consider the interesting forensics on it (aside from IDing the IRA’s VPNs) would have come from Facebook and Twitter.

That detail — that much of this indictment comes from the social media providers that Russia exploited in 2016 — is important background to this passage (this is the one that has gotten all the press), which asserts that Russia continues to do what Prigozhin’s trolls did in 2016.

Public or unauthorized disclosure of this case’s discovery would result in the release of information that would assist foreign intelligence services, particularly those of the Russian Federation, and other foreign actors in future operations against the United States. First, the substance of the government’s evidence identifies uncharged individuals and entities that the government believes are continuing to engage in interference operations like those charged in the present indictment. Second, information within this case’s discovery identifies sources, methods, and techniques used to identify the foreign actors behind these interference operations, and disclosure of such information will allow foreign actors to learn of these techniques and adjust their conduct, thus undermining ongoing and future national security investigations.

And that, in turn, explains much of the logic for the larger protective order request: the government is trying to prevent Prigozhin and through him Putin from learning what the US is doing to counter its information operations.

The government’s description of what it considers “sensitive” information that it wants to require a special review before sharing with foreign nationals reveals it is also trying to prevent Prigozhin and others from learning about the status of the investigation and its targets.

a. Witness statements provided pursuant to 18 U.S.C. § 3500;

b. Information that could lead to the identification of potential witnesses, including civilian, foreign and domestic law enforcement witnesses and cooperating witnesses;

c. Information related to ongoing investigations, including information that could identify the targets of such investigations; and

d. Information related to sensitive law enforcement or intelligence collection techniques.

Finally, the government is trying to hide what it knows about relationships between parties involved in this operation and “other uncharged foreign entities and governments.”

At a high level, the sensitive-but-unclassified discovery in this case includes information describing the government’s investigative steps taken to identify foreign parties responsible for interfering in U.S. elections; the techniques used by foreign parties to mask their true identities while conducting operations online; the relationships of charged and uncharged parties to other uncharged foreign entities and governments; the government’s evidence-collection capabilities related to online conduct; and the identities of cooperating individuals and, or companies. Discovery in this case contains sensitive information about investigative techniques and cooperating witnesses that goes well beyond the information that will be disclosed at trial. [my emphasis]

So one thing the government wants to protect is what it knows about the relationship between Prigozhin and Putin, and the Russian government’s involvement in this trolling operation more generally.

And to do that, the government is demanding the ability to prohibit Concord’s lawyers from sharing information with Prigozhin (or any other defendant) without prior court review.

Notwithstanding the previous categories of authorized persons, no co-defendant charged in this criminal case, whether individual or organizational, shall be deemed an authorized person for purposes of discovery until the co-defendant appears before this Court. Defense counsel shall not disclose or discuss the material or their contents to any co-defendant charged in this criminal case, whether individual or organizational, until the co-defendant appears before this Court unless otherwise directed by this Court. If defense counsel, after reviewing discovery in this matter, believes it necessary to seek to disclose or discuss any material with a co-defendant who has not appeared before this Court, counsel must first seek permission from this Court and a modification of this Order.

Perhaps more interesting, it is demanding that Concord’s lawyers keep anything deemed sensitive in the US, firewalled from the Internet.

Neither defense counsel nor any person authorized by this Court is permitted at any time to inspect or review Sensitive materials outside of the U.S. offices of Reed Smith LLP, without prior permission from of this Court. Defense counsel or a designated and identified employee of Reed Smith LLP must accompany any person at all times while he or she is reviewing Sensitive materials at U.S. offices of Reed Smith LLP, unless otherwise authorized by this Court.

[snip]

Sensitive materials shall not be viewed or stored on any device that is connected to or accessible from the Internet.

Sensitive materials may under no circumstances be transported or transmitted outside the United States.

The logic here is nifty: even if they lose on the ability to protect all materials from Prigozhin, they’ve already succeeded in requiring that he come to the US if he wants to read it. At which point, he’d be met by authorities at customs and promptly put in custody.

On one point I was mistaken. I thought there would be classified discovery of some sort, that would require the use of the Classified Intelligence Protection Act procedures. It will apparently never get to that. The government will either win on this protective order, which will largely moot much of the logic for Concord to contest the case, or it will lose, which will likely lead it to dismiss the indictment against Concord.

Update: Fixed protective for protection, h/t mw.

Yet More Proof Facebook’s Surveillance Capitalism Is Good at Surveilling — Even Russian Hackers

I’ve long tracked Facebook’s serial admission to having SIGINT visibility that nearly rivals the NSA: knowing that Facebook had intelligence corroborating NSA’s judgment that GRU was behind the DNC hack was one reason I was ultimately convinced of the IC’s claims, in spite of initial questions.

Among all his evasions and questionably correct answers in Senate testimony yesterday, Mark Zuckerberg provided another tidbit about the visibility Facebook had on the 2016 attacks.

One of my greatest regrets in running the company is that we were slow in identifying the Russian information operations in 2016. We expected them to do a number of more traditional cyberattacks, which we did identify, and notified the campaigns, that they were trying to hack into them. But we were slow to identifying [sic] the type of new information operations.

Not only did Facebook see GRU’s operations in real time, but they notified “the campaigns” about them.

Note, Zuck didn’t describe the targets in any more detail than “campaigns.” That led Robby Mook to dispute Zuck, eliciting more details from Facebook CISO Alex Stamos.

Aside from illustrating how routinely those involved in and covering the 2016 hacks confuse the possible affected targets (resulting in some real misunderstanding of what happened), Stamos’ clarification provides important new details: these hacks affected both the DNC and RNC’s key employees, and Facebook alerted the FBI (something we’ve previously heard).

The DNC likes to claim they never got any warning they were being hacked. But apparently, in addition to the FBI’s serial attempts to lead them to discover Russia was hacking them, Facebook let them know too.

Elsewhere in his testimony, Zuck got coy about the degree to which Facebook remains involved in the Mueller investigation, a fact that should have been obvious to anyone who has read the Internet Research Agency indictment, but which numerous news outlets treated as news anyway.

Facebook has a lot to answer for (this David Dayen piece on yesterday’s testimony is superb).

But one thing that has continued to trickle out is that Facebook’s surveillance capitalism is good at what it’s designed for: surveillance, including of Russian hackers.

Facebook Cuts Off Cambridge Analytica, Promises Further Investigation

As I noted in my post on Andrew McCabe’s firing, the far more important news of the weekend is that Facebook has suspended Cambridge Analytica’s access to its data.

As Facebook explained, back in 2015, Cambridge researcher Aleksandr Kogan harvested data on millions of Americans by getting them to willingly use his research app. When Facebook found out that he had handed the data off to two downstream companies (this detail is important), it made them delete the data based on developer user agreements.

In 2015, we learned that a psychology professor at the University of Cambridge named Dr. Aleksandr Kogan lied to us and violated our Platform Policies by passing data from an app that was using Facebook Login to SCL/Cambridge Analytica, a firm that does political, government and military work around the globe. He also passed that data to Christopher Wylie of Eunoia Technologies, Inc.

Like all app developers, Kogan requested and gained access to information from people after they chose to download his app. His app, “thisisyourdigitallife,” offered a personality prediction, and billed itself on Facebook as “a research app used by psychologists.” Approximately 270,000 people downloaded the app. In so doing, they gave their consent for Kogan to access information such as the city they set on their profile, or content they had liked, as well as more limited information about friends who had their privacy settings set to allow it.

Although Kogan gained access to this information in a legitimate way and through the proper channels that governed all developers on Facebook at that time, he did not subsequently abide by our rules. By passing information on to a third party, including SCL/Cambridge Analytica and Christopher Wylie of Eunoia Technologies, he violated our platform policies. When we learned of this violation in 2015, we removed his app from Facebook and demanded certifications from Kogan and all parties he had given data to that the information had been destroyed. Cambridge Analytica, Kogan and Wylie all certified to us that they destroyed the data.

They now claim to have new information that CA didn’t delete the data (I have firsthand knowledge that Facebook knew of this at least a year ago, and these pieces argue Facebook knew even earlier).

Several days ago, we received reports that, contrary to the certifications we were given, not all data was deleted. We are moving aggressively to determine the accuracy of these claims. If true, this is another unacceptable violation of trust and the commitments they made. We are suspending SCL/Cambridge Analytica, Wylie and Kogan from Facebook, pending further information.

We are committed to vigorously enforcing our policies to protect people’s information. We will take whatever steps are required to see that this happens. We will take legal action if necessary to hold them responsible and accountable for any unlawful behavior.

What changed is that the guy who operationalized all this data, Christopher Wylie, just came forward publicly. Here’s how Carole Cadwalladr, the Guardian reporter who has owned this story, describes Wylie.

Or, as Wylie describes it, he was the gay Canadian vegan who somehow ended up creating “Steve Bannon’s psychological warfare mindfuck tool”.

In 2014, Steve Bannon – then executive chairman of the “alt-right” news network Breitbart – was Wylie’s boss. And Robert Mercer, the secretive US hedge-fund billionaire and Republican donor, was Cambridge Analytica’s investor. And the idea they bought into was to bring big data and social media to an established military methodology – “information operations” – then turn it on the US electorate.

Wylie describes how he profiled Americans so they could tailor political ads.

[W]hile studying for a PhD in fashion trend forecasting, he came up with a plan to harvest the Facebook profiles of millions of people in the US, and to use their private and personal information to create sophisticated psychological and political profiles. And then target them with political ads designed to work on their particular psychological makeup.

“We ‘broke’ Facebook,” he says.

And he did it on behalf of his new boss, Steve Bannon.

Wylie is going on the record (and providing the records) to back this description of how, contrary to repeated claims made in parliamentary testimony, Alexsandr Kogan harvested data in the guise of doing research.

Kogan then set up GSR to do the work, and proposed to Wylie they use the data to set up an interdisciplinary institute working across the social sciences. “What happened to that idea,” I ask Wylie. “It never happened. I don’t know why. That’s one of the things that upsets me the most.”

It was Bannon’s interest in culture as war that ignited Wylie’s intellectual concept. But it was Robert Mercer’s millions that created a firestorm. Kogan was able to throw money at the hard problem of acquiring personal data: he advertised for people who were willing to be paid to take a personality quiz on Amazon’s Mechanical Turk and Qualtrics. At the end of which Kogan’s app, called thisismydigitallife, gave him permission to access their Facebook profiles. And not just theirs, but their friends’ too. On average, each “seeder” – the people who had taken the personality test, around 320,000 in total – unwittingly gave access to at least 160 other people’s profiles, none of whom would have known or had reason to suspect.

What the email correspondence between Cambridge Analytica employees and Kogan shows is that Kogan had collected millions of profiles in a matter of weeks. But neither Wylie nor anyone else at Cambridge Analytica had checked that it was legal. It certainly wasn’t authorised. Kogan did have permission to pull Facebook data, but for academic purposes only. What’s more, under British data protection laws, it’s illegal for personal data to be sold to a third party without consent.

“Facebook could see it was happening,” says Wylie. “Their security protocols were triggered because Kogan’s apps were pulling this enormous amount of data, but apparently Kogan told them it was for academic use. So they were like, ‘Fine’.” [my emphasis]

Here’s where the violation(s) come in. While participants in Kogan’s harvesting project willingly participated in the project (and in the process made their friends’ Facebook data accessible to Kogan as well), he told Facebook it was for research, and in spite of the fact that the harvesting was done in the UK, he didn’t get consent before he sold the data to CA.

Both Cadwalladr and NYT’s story are calling this a “breach” which in my opinion is counterproductive for a lot of reasons, not least that consumer recourse for “breaches” in the US is virtually nothing — as the recent experience of those exposed in Equifax’ breach has made clear.

Whereas the kinds of TOS violations that Kogan committed in the UK do provide consumers recourse, not just to demand transparency about what happened, but also financial fines. Facebook, in the EU, is similarly exposed (full disclosure: I believe I have a still running challenge in Ireland for my CA-related FB data).

Just as this story was breaking, David Carroll, who has been a key activist on this issue, filed a claim against CA in the UK.

In other words, with Wylie’s testimony, there are sticks to use in Europe to first gain transparency about what happened, and possibly fine the parties. Which is probably why Facebook finally suspended CA’s access to Facebook, without which it is far less dangerous.

There are other aspects of this story: shell companies, a pitch to Lukoil, and questions about the citizenship of those who worked for CA in the 2014 and 2016 elections, potentially raising questions about the involvement of foreign (British) actors in our elections. But here’s the detail in the NYT story I’m most interested in.

While the substance of Mr. Mueller’s interest is a closely guarded secret, documents viewed by The Times indicate that the firm’s British affiliate claims to have worked in Russia and Ukraine.

The Ukrainian side of Paul Manafort’s involvement in the Party of Regions — the American lobbying side of which is what got him charged with conspiracy to defraud the US — pertains to bringing American style politics to Ukraine.

He also directed Yanukovych’s party to harp on a single theme each week—say, the sorry condition of pensioners. These were not the most-sophisticated techniques, but they had never been deployed in Ukraine. Yanukovych was proud of his American turn. After he hired Manafort, he invited U.S. Ambassador John Herbst to his office, placed a binder containing Manafort’s strategy in front of him, and announced, “I’m going with Washington.”

Manafort often justified his work in Ukraine by arguing that he hoped to guide the country toward Europe and the West. But his polling data suggested that Yanukovych should accentuate cultural divisions in the country, playing to the sense of victimization felt by Russian speakers in eastern Ukraine. And sure enough, his clients railed against nato expansion. When a U.S. diplomat discovered a rabidly anti-American speech on the Party of Regions’ website, Manafort told him, “But it isn’t on the English version.”

Yanukovych’s party succeeded in the parliamentary elections beyond all expectations, and the oligarchs who’d funded it came to regard Manafort with immense respect.

There are Americans doing this overseas more and more of late, and Manafort’s efforts for Yanukovych precede the foundation of CA (and Manafort’s involvement in the Trump campaign largely precedes Bannon and Cambridge Analytica’s). But that’s the basis for his relationships in the region.

There’s a lot of implications of the Wylie testimony, assuming law enforcement, parliament, and Congress find his underlying documents as compelling as the journalists have. For starters, this significantly limits what CA (and its intelligence contractor SCL) will be able to do, which neutralizes a powerful tool Bannon and the Mercers have been holding. I believe that both CA and FB are both already at significant legal exposure. I suspect this will finally force FB to get a lot more attentive to what app developers do with FB user data. I’ve been saying for a while that at some point US tech companies may want to harmonize with Europe’s General Data Protection Regulation (GDPR), which starts being enforced in May. Certainly, it would provide a solution to some of the political problems they’re already facing and harmonization would make compliance easier. That would provide even more teeth to prevent this illicit kind of downstream data usage.

But there also may be aspects of this story that expose CA and their clients, including the Trump campaign, to legal concerns that piggy back on any conspiracy with Russia.

In Two So-Called Fact Checks of Facebook, NYT Forgets Everything It Knows about Indictments

In both this Scott Shane article and this “fact check” of Facebook VP Rob Goldman’s recent tweets on Russian trolls’ use of Facebook (which President Trump then picked up), the NYT has twice forgotten everything it knows about indictments, and in the process failed to properly analyze last week’s Internet Research Agency indictment.

In Shane’s article, he attempts to fact check Goldman using the indictment.

Facebook’s vice president for advertising, Rob Goldman, said on Twitter on Friday, “I have seen all of the Russian ads and I can say very definitively that swaying the election was *NOT* the main goal” — a statement that President Trump retweeted.

But Mr. Mueller’s indictment repeatedly states that the Russian operation was designed not just to provoke division among Americans but also to denigrate Hillary Clinton and support her rivals, mainly Mr. Trump. The hashtags the Russian operation used included #Trump2016, #TrumpTrain, #MAGA and #Hillary4Prison, and one Russian operative was reprimanded for “a low number of posts dedicated to criticizing Hillary Clinton,” the indictment says.

On Twitter, Shane even suggested Goldman hadn’t read the indictment.

Wonder if Rob Goldman has read the indictment. Mueller appears to disagree.

Then, Sheera Frenkel extends the purported fact check.

“I have seen all of the Russian ads and I can say very definitively that swaying the election was *NOT* the main goal.” Tweet #2

Not according to the indictment.

The grand jury indictment secured by Mr. Mueller asserts that the goal of Russian operatives was to influence the 2016 election, particularly by criticizing Hillary Clinton and supporting Mr. Trump and Bernie Sanders, Mrs. Clinton’s chief rival for the Democratic nomination.

The Russians “engaged in operations primarily intended to communicate derogatory information about Hillary Clinton, to denigrate other candidates such as Ted Cruz and Marco Rubio, and to support Bernie Sanders and then-candidate Donald Trump,” the indictment said.

Mr. Goldman later wrote in another tweet that “the Russian campaign was certainly in favor of Trump.”

Both Shane and Frenkel don’t consider what I laid out here:

[T]here are hints that Mueller is using this indictment to set up a more important point.

For example, the indictment (perhaps because of Mueller’s mandate) focuses on political activities supporting or opposing one or another 2016 candidate. Even where topics (immigration, Muslim religion, race) are not necessarily tied to the election, they’re presented here as such. Unless Facebook’s public reports are wrong, this is a very different emphasis than what Facebook has said the IRA focused on. Which is to say that Mueller’s team are focusing on a subset of the known IRA trolling, the subset that involves the 2016 contest between Trump and Hillary.

Goldman was addressing all of IRA’s activity on Facebook, which it described this way in September:

  • The vast majority of ads run by these accounts didn’t specifically reference the US presidential election, voting or a particular candidate.
  • Rather, the ads and accounts appeared to focus on amplifying divisive social and political messages across the ideological spectrum — touching on topics from LGBT matters to race issues to immigration to gun rights.
  • About one-quarter of these ads were geographically targeted, and of those, more ran in 2015 than 2016.
  • The behavior displayed by these accounts to amplify divisive messages was consistent with the techniques mentioned in the white paper we released in April about information operations.

Nowhere in the indictment does Mueller describe the scope of what IRA activity his team investigated, though it does describe how “over time” the IRA activity came to focus on the 2016 election.

These groups and pages, which addressed divisive U.S. political and social issues, falsely claimed to be controlled by U.S. activists when, in fact, they were controlled by Defendants. Defendants also used the stolen identities of real U.S. persons to post on ORGANIZATION-controlled social media accounts. Over time, these social media accounts became Defendants’ means to reach significant numbers of Americans for purposes of interfering with the U.S. political system, including the presidential election of 2016.

Indeed, the indictment makes it clear that the universe of IRA activity is larger than the election-related activity, in part by tying two counts of identity theft to crimes that happened after the election, as recent as May 2017.

Eight of the usages of fake credentials described in ¶92 also postdate the election. That’s presumably part of what Goldman was pointing to when he tweeted,

The majority of the Russian ad spend happened AFTER the election. We shared that fact, but very few outlets have covered it because it doesn’t align with the main media narrative of Tump and the election.

Even as they, a mainstream media outlet, ignored how Goldman’s invocation of this spending detail and the inclusion of 2017 activities in the indictment is proof that not all of the IRA activities Mueller investigated did pertain to the election, NYT deemed that claim lacking in context.

According to figures published by Facebook last October, 44 percent of the Russian-bought ads were displayed before the 2016 election, while 56 percent were shown afterward. Mr. Goldman asserted that those figures were not published by the “mainstream media” — however, many mainstream news outlets did print those numbers, including CNN, Reuters and The Wall Street Journal.

The point is that there are two universes of IRA Facebook activities: the entire universe, for which Goldman’s claims are generally true, and the activities that Mueller has chosen to focus on, which Shane and Frenkel mistake as the entire universe, and in the process blow their fact checks.

This disjunct continues to the citation of real life events planned using Facebook. Goldman pointed to two May 21, 2016 Houston events, where an Islamophobic event was planned on the same day as a United Muslims event, as the quintessential example of how Russia was trying to pit Americans against each other.

The single best demonstration of Russia’s true motives is the Houston anti-islamic protest. Americans were literally puppeted into the streets by trolls who organized both the sides of protest.

Frenkel doesn’t even get Goldman’s reference correct, in spite of his link to a story on it, and instead apparently takes the citation to be a reference to this passage from the indictment.

By in or around early November 2016, Defendants and their co-conspirators used the ORGANIZATION-controlled “United Muslims of America” social media accounts to post anti-vote messages such as: “American Muslims [are] boycotting elections today, most of the American Muslim voters refuse to vote for Hillary Clinton because she wants to continue the war on Muslims in the middle east and voted yes for invading Iraq.”

From which she concludes,

The protests in Houston in November 2017 were among many rallies organized by Russian operatives through Facebook. While the Houston protest was anti-Islamic, as Mr. Goldman said, he failed to note that the goal in promoting the demonstration was to link Mrs. Clinton’s campaign with a pro-Islamic message.

Again, the indictment is focusing on a particular subset of the IRA activity, whereas Goldman is commenting on the larger universe, arguably to say the indictment understates the threat.

With NYT’s mad, repeated rush to fact check Facebook using an indictment that never claims to be addressing the same universe of IRA activity Goldman was commenting on, they commit some pretty significant analytical errors, errors that extend to their ability to understand what Mueller is doing with the indictment.

I can’t say for certain why Mueller focused on certain kinds of IRA activity, but I can think of three likely possibilities:

  • Since his mandate is to investigate Russian tampering in the 2016 election, he is focusing on that subset of the IRA activity
  • Because it is tied to election law, the conspiracy to defraud the US charge in the indictment depends on activity that violates election law, and much of the IRA Facebook trolling does not
  • The events on which Mueller does focus — notably, twin events at key times in NYC and activities in FL that involve three identified Trump campaign officials — may hint at further crimes or more sophisticated cooperation between the campaign and Russian agents

The last possibility is (as I noted in my earlier post) one of the most intriguing parts of the indictment. But the NYT won’t see it because they’re so busy fact checking claims made about different sets of data.

I get the urge to beat up Facebook. They’ve got a lot to pay for in permitting Russia to abuse their platform. But (I suspect entirely because Trump used Goldman’s tweet to try to exonerate himself) in doing so, NYT has missed Goldman’s larger point, which isn’t an apology at all. Indeed, Goldman was saying that the problem is far bigger than what Mueller lays out in the indictment, and that our continued divisions are a vulnerability Russia continues to exploit.

As Mueller moves forward, we’re likely to see similar kinds of confusion between the specific crimes he addresses in indictments and pleas and the larger toxins that hurt our democracy. So long as we confuse Mueller’s investigation for the larger, still vulnerable whole, we’re never going to do the things as a society we need to prevent this from happening again.

Update: My apologies to Frenkel for misspelling her name originally in this.

Update: On the limits of what is and is not illegal for foreigners to engage in see this Rick Hasen post.

Update: I had an exchange on Twitter with Frenkel about this, and the so-called article has what purports to be a correction.

Because of an editing error, an earlier version of this article misstated the month when protests organized by Russian operatives were held in Houston. It was March 2016, not November 2017.

Except that as corrected (by me, though I got no attribution), the piece compounds its error.

The protests in Houston in May 2016 were among many rallies organized by Russian operatives through Facebook. While the Houston protest was anti-Islamic, as Mr. Goldman said, he failed to note that the goal in promoting the demonstration was to link Mrs. Clinton’s campaign with a pro-Islamic message.

According to the indictment secured by Mr. Mueller, there were many other examples of Russian operatives using Facebook and Instagram to organize pro-Trump rallies. At one protest, the Russian operatives paid for a cage to be built, in which an actress dressed as Mrs. Clinton posed in a prison uniform.

None of the materials or contemporary coverage associated with the anti-Islamic side of the protest associated it with Clinton’s campaign. On the contrary. the protest was about a local Islamic center.

A group calling themselves Heart of Texas called for the rally to protest what they consider “Islamization” of Texas – sparked in part by the recent opening of a privately funded library inside the downtown center. The group had also encouraged followers to bring legal firearms.

Although the Heart of Texas group never showed, about 10 people bearing flags of the United States, Texas and the Confederacy were there. “This is America. We have the right to speak out and protest,” said Ken Reed, who wore a T-shirt emblazoned with the phrase “White Lives Matter.” “We feel Texas, our great state and the United States is being threatened by the influx of Islam.”

Again, I agree that Facebook is a shitty company. But a newspaper doubling down on its errors to attack Facebook’s errors is … doing what it is complaining about.

A New Kind of Fake News Assault: 47 Sites (Including Zero Hedge) Steal an emptywheel Post

Update: Zero Hedge says the piece was sent in via their tips line, which led them to believe it was fair for reposting. They have agreed to take it down.

Update: I’ve taken off one more site.

A little over a week ago, emptywheel was damaged by a kind of fake news attack I hadn’t heard of before.

First, Zero Hedge stole my post, “On Disinformation and the Dossier,” reposting it without permission almost in its entirety.

From there, the 47 other dodgy sites listed below, mostly but not all Forex Trading sites, stole it.

The mass theft is all the more interesting given the topic of the post, arguing that it is increasingly likely Russia inserted disinformation into the Steele dossier to make it harder for the Democrats (and, perhaps, the FBI) to respond to Russia’s attack. Not even Zero Hedge, however, seems to have understood the post itself doesn’t support the either the pro-Trump or the FBI-abuse narrative.

We don’t have the bandwidth to chase down all these dodgy sites to issue takedown notices (and a goodly number of these sites are hosted in Europe), though we did try with ZH itself. But we are posting the following takedown language to make it clear we consider this theft, and to make public what happened.

Takedown language

It has come to our attention the websites listed below have made unauthorized use of copyrighted and protected work entitled “On Disinformation and the Dossier” (the “Work”). All rights have been reserved to the Work, first published on January 29, 2018. The protection so described has been actively and affirmatively asserted and noticed to the public for years.

The websites’ reposting is essentially identical, if not in fact identical and copied in whole, to the Work, and clearly used the Work as its basis, if not the entirety. A word-for-word comparison between the Work and your work reveals no difference between the two articles. That is telling.

As you neither asked for, nor received, permission to use the Work as the basis for your reprint, nor to make or distribute copies, including electronic copies, of same, we believe you have willfully infringed our rights under 17 U.S.C. Section 101 et seq. and could be liable for statutory damages as high as $150,000 as set forth in Section 504(c)(2) therein.

We simply cannot, and will not, allow our work to be so converted without knowledge, permission, control and consent by emptywheel.net and therefore affirmatively demand you immediately cease the use and distribution of all infringing works derived from any and all Emptywheel.net works as described herein, and all copies, including electronic copies, of same, that you deliver to us, if applicable, all unused, undistributed copies of same, or destroy such copies immediately and that you desist from this or any other infringement of our rights in the future.

Sites stealing the Disinformation post

Note: I don’t recommend you click through on any of these links, as I can’t vouch for the safety of any of these sites.

  1. URL: https :// www.zerohedge. com/news/2018-01-30/disinformation-dossier — Site: Zero Hedge
  2. URL: http :// earthsfinalcountdown. com/wp/2018/01/30/on-disinformation-the-dossier/ — Site: Earth’s Final Countdown
  3. URL: http :// ifttt.itbehere. com/2018/01/31/on-disinformation-the-dossier/ — Site: iftttwall
  4. URL: http :// www.tradebuddy. online/on-disinformation-the-dossier/ — Site: tradebuddy.online
  5. URL: http :// thedeplorablepatriots. com/2018/01/on-disinformation-the-dossier/ — Site: thedeplorablepatriots
  6. URL: https :// newzsentinel. com/2018/01/31/on-disinformation-the-dossier/ — Site: newzsentinel
  7. URL: http :// protradingresearch. com/2018/01/30/on-disinformation-the-dossier/ — Site: ProTradingResearch
  8. URL: http :// telzilla. com/zero-hedge/on-disinformation-the-dossier/ — Site: telzilla
  9. URL: https :// www.investingdailynews. net/on-disinformation-the-dossier/ — Site: Investing Daily News
  10. URL: http :// independentnews. media/on-disinformation-the-dossier/ — Site: independentnews.media
  11. URL: https :// www.wallstreetkarma. com/2018/01/30/on-disinformation-the-dossier/ — Site: Wall Street Karma
  12. URL: http :// stocktalkjournal. com/on-disinformation-the-dossier/ — Site: StockTalk Journal
  13. URL: https :// www.realpatriot.news/2018/01/30/on-disinformation-the-dossier/ — Site: Real Patriot News
  14. URL: http :// forex-enligne-fr. com/on-disinformation-the-dossier/ — Site: forex enligne
  15. URL: http :// forexshaft. com/on-disinformation-the-dossier/ — Site: Forexshaft
  16. URL: http :// wallstreetsectorselector. info/on-disinformation-the-dossier/ — Site: wallstreet selector info
  17. URL: http :// theforexcenter. info/on-disinformation-the-dossier/ — Site: theforexcenter.info
  18. URL: http :// forexnewstoday. net/on-disinformation-the-dossier/ — Site: forexnewstoday
  19. URL: http :// eforexblog. com/on-disinformation-the-dossier/ — Site: eforexblog
  20. URL: http :// options168. com/on-disinformation-the-dossier/ — Site: options168
  21. URL: http :// mypees. com/on-disinformation-the-dossier/ — Site: mypees
  22. URL: http :// top10brokersbinaryoptions. com/on-disinformation-the-dossier/ — Site: top10brokersbinaryoptions
  23. URL: http :// binaryoption. cz/on-disinformation-the-dossier/ — Site: binary option
  24. URL: http :// opinionforex-oficial. com/on-disinformation-the-dossier/ — Site: opinion forex
  25. URL: http :// entertainment-ask. com/on-disinformation-the-dossier/ — Site: entertainment ask
  26. URL: http :// binarybrokersblog. com/on-disinformation-the-dossier/ — Site: binary brokers blog
  27. URL: http :// forex-trading-profits. com/on-disinformation-the-dossier/ — Site: forex trading profits
  28. URL: http :// leaveeunow.co. uk/todays-news-31st-january-2018/ — Site: The One Hundredth Monkey
  29. URL: http :// uroptions. net/on-disinformation-the-dossier/ — Site: uroptions
  30. URL: http :// forexpic. com/on-disinformation-the-dossier/ — Site: forexpic
  31. URL: http :// costamesalibraryfoundation. org/on-disinformation-the-dossier/ — Site: costamesalibraryfoundation
  32. URL: http :// secretsforex. com/on-disinformation-the-dossier/ — Site: secretsforex
  33. URL: http :// forexrogue. com/on-disinformation-the-dossier/ — Site: forexrogue
  34. URL: http :// whatisaforex. com/on-disinformation-the-dossier/ — Site: whatisaforex
  35. URL: http :// megaprojectfx-forex. com/on-disinformation-the-dossier/ — Site: megaprojeectfx
  36. URL: http :// construction24h. com/on-disinformation-the-dossier/ — Site: construction24h
  37. URL: http :// forex-4you. com/2018/01/31/on-disinformation-the-dossier/ — Site: forex4u
  38. URL: http :// binar-experten. de/on-disinformation-the-dossier/ — Site: binarexperten
  39. URL: http :// tradingbinaryinfo. com/on-disinformation-the-dossier/ — Site: tradingbinaryinfo
  40. URL: http :// comparforex. com/on-disinformation-the-dossier/ — Site: comparforex
  41. URL: http :// forexoperate. com/on-disinformation-the-dossier/ — Site: forexoperate
  42. URL: http :// pustakaforex. com/on-disinformation-the-dossier/ — Site: pustakaforex
  43. URL: http :// forexdemoaccountfree. com/on-disinformation-the-dossier/ — Site: forexdemoaccountfree
  44. URL: http :// wordforex. net/on-disinformation-the-dossier/ — Site: wordforex
  45. URL: http :// forex518. com/on-disinformation-the-dossier/ — Site: forex518
  46. URL: http :// 4-forex. info/on-disinformation-the-dossier/ — Site: 4 forex
  47. URL: http :// fastforexprofit. com/2018/01/31/on-disinformation-the-dossier/ — Site: fastforex

The Gizmo™: Correlation Doesn’t Equal Adversary Nation

For days, reporters have been mis-using The Gizmo™ (the name I use for the “disinformation dashboard” from the German Marshall Fund, a black box that purports to show “Russian propaganda efforts on Twitter in near-real time”) to claim that Russian-linked accounts are pushing the #ReleaseTheMemo campaign calling for the public release of Devin Nunes’ politicized memo attacking the FBI.

As the effort lead by some Republicans to curtail special counsel Robert S. Mueller III’s investigation into the election meddling has heated up, Russian-linked accounts helped amplify a Twitter hashtag calling for the release of a memo the group hopes will help discredit Mueller’s work, according to Hamilton 68, a research firm that tracks the malicious accounts. The #releasethememo hashtag was tweeted by these accounts nearly 4,000 times in the last couple of days, the firm said.

As always with such reporting, the articles don’t provide even the nuance the project’s most responsible contributor, JM Berger, lays out on their methodology page.

  1. Not all content in this network is “created” by Russia. A significant amount—probably a majority—of content is created by third parties and then amplified by the network because it is relevant to Russian messaging themes.
  2. Not all content amplified by this network is pro-Russian. The network frequently mobilizes to criticize or attack individuals or news reports that it wishes to discredit.
  3. Because of the two points above, we emphasize it is NOT CORRECT to describe sites linked by this network as Russian propaganda sites. We are not claiming that content producers linked by this network are Russian propaganda sites. Rather, content linked by this network is RELEVANT to Russian messaging themes.

Such reports certainly don’t consider the validity of drawing conclusions from such analysis that the authors have refused to have vetted by a third party. What does it mean to openly profess to be pro-Russian, for example? Do non-consensus views on Syria or Ukraine count? Does skepticism about Russian involvement in the election count?

And the reports don’t note the serial false positives, such as the time Jim Lankford used The Gizmo™ to claim Russia was stoking tensions around NFL players taking a knee during the anthem. More responsible analysis showed that,

[B]oth #TakeAKnee and #BoycottNFL were genuinely viral movements, generating high volumes of traffic from large numbers of accounts, but both received an additional boost from bots.

The bots which amplified #TakeAKnee were primarily non-political; they appear to be bots for hire, repurposed to amplify specific posts. Of these, the most significant group is that which retweeted @DianneLogic, given its previous use in online harassment campaigns in the context of Russia and the far right. However, the evidence of its prior behavior is suggestive but not conclusive. It cannot be taken as proving Senator Lankford’s claim.

The accounts which amplifed #BoycottNFL are a different breed. They are largely cyborgs, rather than bots, posting authored content in between slews of retweets. They are also political, rather than commercial. Their sole purpose appears to be boosting far-right American posts.

In both cases, the bots were functionally anonymous, providing no verifiable information on the identity of the user behind them. There is thus no independent information which would allow us to say definitively whether they were American, linked somehow to Russia, or managed from another country entirely.

In short, in spite of this thing being shown to measure something entirely different from what reporters continue to report — correlated traffic (and that, based on unpublished criteria) rather than causal traffic — nevertheless Russia got credit for a campaign clearly driven by right wing Americans backed by a far more extensive propaganda infrastructure.

And then, even as Twitter started leaking initial analysis saying just that — that Russia wasn’t to blame …

[A] knowledgeable source says that Twitter’s internal analysis has thus far found that authentic American accounts, and not Russian imposters or automated bots, are driving #ReleaseTheMemo. There are no preliminary indications that the Twitter activity either driving the hashtag or engaging with it is either predominantly Russian.

In short, according to this source, who would not speak to The Daily Beast for attribution, the retweets are coming from inside the country.

… Two members of Congress from California, Adam Schiff and Dianne Feinstein, called on two California companies, Twitter and Facebook, to confess further manipulation by Russia.

We understand Facebook and Twitter have developed significant expertise in identifying inauthentic and malicious accounts.  Further, your forensic investigations into Russian government exploitation of your platforms during the 2016 U.S. election have helped expose to the American public the vast extent of Russia’s covert influence efforts. We therefore request that your companies conduct an in-depth forensic examination of this real-time activity on your platforms to determine:

  1. Whether and how many accounts linked to Russian influence operations are involved in this campaign;
  2. The frequency and volume of their postings on this topic; and
  3. How many legitimate Twitter and Facebook account holders have been exposed to this campaign.

Given the urgency of this matter, we ask that you provide a public report to Congress and the American public by January 26, 2018.  In addition, we urge your companies to immediately take necessary steps to expose and deactivate accounts involved in this influence operation that violate your respective user policies.

Nothing in this letter explains why Facebook should have to do this work, as The Gizmo™, the sole piece of evidence Schiff and Feinstein rely on, doesn’t track Facebook.

But even the demand to Twitter was based on yet another misreading of what The Gizmo™ actually measures. And, having never asked The Gizmo™ to explain the methodology behind its serial panics, a Senator representing both Facebook and Twitter demanded that they check its work, rather than vice versa.

If I were a forewoman in a Russian troll factory, there would be no easier way to boost my career prospects than to use a few of my bots to manipulate The Gizmo™’s sloppy methodology to claim credit for an obviously American-generated hoax. “Ивана! Давайте претендовать на последнюю республиканскую пропаганду!” Doing so would set off a self-fulfilling prophecy, precisely the kind of thing The Gizmo™’s authors claim to want to prevent, boosting Russia’s ability to sow discord with virtually no effort.

Mark Warner’s Inconsistent Social Media Law-Mongering

Remember when, three weeks ago, people were shooting off their baby cannons because two reports kind of sort of claimed that Robert Mueller used a criminal search warrant to obtain details on Facebook’s ad sales to the Internet Research Association? I noted at the time that the logic behind those stories — that Facebook would have needed a warrant (as opposed to a 2703(d) order or a 702 directive) to obtain that information — was faulty. I’ve since become more certain that a D order was used in this case.

But since the stories were so dodgy, I assumed then they weren’t actually reporting about the investigation, but rather pressure on the part of Mark Warner to force Facebook to share the same data with Congress, including leaving (rather than just showing) ads.

And it worked! Last week and this week, Facebook did share those ads, with all the more leaks about them.

Unsurprisingly, Mark Warner is back, now insisting that Facebook should release all those ads that he or someone close to him just weeks ago was suggesting could only be released with a criminal search warrant, but now wants released with neither legal process nor a congressional oversight claim to force it.

I get why he wants that to happen. Even on top of informing the public about what happened in last year’s election, Warner would like to embarrass Facebook into accepting more sweeping regulation of political ads, which is a totally respectable goal.

But I find it amusing that the same people who, weeks ago, were certain that such materials were so private they could only be released with a search warrant are now arguing they should be released with no process whatsoever.

And whatever the beneficial goal here, there’s also the precedent of protection for private data. Do we really want it to be possible for (say) Russia to force Facebook to release all the information on the NGOs that target Russian users? Do we want Jeff Sessions’ DOJ to be able to force Facebook to release the details of those who oppose Trump without legal process?

I don’t expect Warner to be bound by those considerations — he’s trying to win a political battle (and doing a remarkably effective job). But I’d expect those reporting on this story to show some awareness of the claims they made about the sensitivity of this data just weeks ago.

In Praise of Day Two

I know everybody is looking at that thing right now on social media. Hang back — don’t tell me what’s happening with the active shooter. Don’t tell me about the flood in progress. I don’t need to know about the skewed path of the car or the janky homemade bomb that might have gone off a thousand miles from me. I don’t even need to know the path of the plume that might be spreading into that community, far from me.

I can wait for these stories. In fact, there’s nothing else I can do in the vast, truly vast, majority of cases.

I am not saying I want to be ignorant, I’m not for shutting off all the news. I would like to be aware, expand and deepen my understanding of the world. I would like to be able to position myself to act constructively, where I can. I would like to be in a position to inform and contextualize events for myself and others. But right now, the way we consume the news does the opposite. And that’s on you, dear reader. It’s understandable, and it’s natural, but it’s on you.

About a year into my journalism career my old editor sent me off to cover the launch of a very difficult to understand piece of technology. The specifics aren’t germane, but I had kept an eye on this for six months, and I was eager to cover it. I also had to get someone home from the hospital that day, so I knew filing on time wasn’t going to be easy. Still, I made the event, and hung around doing on and off the record interviews, looking at how everyone from schools to defense contractors were thinking about using this tech. I never got to publish my story. I was too late to file and my frustrated editor said we’d turn it into a day two story. We ran a wire story instead of mine. When I got up the next morning and read through everyone else’s coverage, I felt mightily vindicated. Nearly everyone had misunderstood the tech, just about every story was wrong. The ones that weren’t were just uninformative. I went and triumphantly pointed this out to my editor, and he said something that would shape my career ever after: “It doesn’t matter if you’re right, if no one reads you.”

It was true, and it hit me hard, harder than I think he realized. I could chase the scoop, I could evolve into the hot take, the fast and consolidated posts of tech news, with the occasional in-depth reporting as a reward for other work. But I was pretty sure I would not only be bad at all of those things, I would be miserable. But that was also the path to a staff job, benefits, something tangible for a resume. That was the career path, and I was on it.

I decided that if I couldn’t write the first story, then I’d try to write the last. I turned down a contract and said I’d stick with piecework. I decided that I could write slow, and build a mutual trust with my readers: I will put in the work, and you will click the link, after you’ve waited, because you know I’ve put in the work.

This has gone remarkably well for my career. Maybe not in money, but in every other way. I did work that was defining, work that came back to me in other art and media, in forms I never expected. I got to bring a depth into my writing that I’m proud of. Some pieces took a few days, or weeks, and some, I’ve been working on for years.

Looking at this way of producing information for you, and how much richer it’s been, sent me back to thinking about how I consume information, back to thinking about that day two story that sent my career in such a different direction. Those stories were still all wrong, and that was a fucking product launch. If that was so bad, what the hell was happening with wars and disasters and complex geopolitics? It was pretty clear by the 2000s we were getting all those wrong too. It’s only gotten worse from there. We all know it’s a disaster, and surely it’s Facebook’s fault, but I saw this starting before Facebook was a thing. I saw this before I was a journalist—back in the days of cable news. Facebook made it worse, but only because we wanted them to make it worse.

Right now we are swamped in news that is ultravioletly hyperemotional. You can actually feel media fritzing out your nervous system, and it’s not a metaphor. Media is an exhausting physical experience of fight or flight. I can watch and listen and read things delivered to me all day that make me feel like I’m dying, or like I want to die, from this quiet flat in this sedate neighborhood of Luxembourg*. It switches up, changes from one life ending moment to the next, a constant feed of urgency and importance we are addicted to like junkies who never even got to chase a high.

We chase lows. Lows feel important. But are they? For the people on the scene, they certainly are. But news is rarely written for the people who are being directly affected by events. They’re using direct and localized communications. The eviction, the hurricane, the shelter-in-place order, where your children are. The cancer diagnosis, the suicide, the kid who just OD’d. No one thinks you should read the news when these things are going on in your own life. You are the news, you are the statistic, but at the moment you’re the only one allowed to prioritize for action rather than emotion.

When it’s not about you, when you’re not there, all you do is respond with emotion. Rarely does our immediate emotional response help anyone, anywhere. Our informed awareness can help people, it can help the whole damn world, but there’s little academically, and even less in recent global results, to show that grabbing emotions creates informed awareness that people act on productively.

Here’s what I propose: Slow it down. If you’re hundreds of miles away, and not trying to find your family, wait for Day Two. Look for stories with depth and context that may not stimulate you, make you want to run and smash things or rip out your wallet at once. Maybe even wait for that news source trying to write the last story, outlets like Reveal and ProPublica are good for this. Consider the usefulness of you knowing something and where it fits into your ability to see the world and act before you decide to spend some of your precious time on Earth and limited mental space. Construct what you know out of quality information, don’t just consume everything and try to make something meaningful out of it later. That’s not your job. Let me, and my colleagues in the slow news business do our jobs, and give you something healthier for you, for us, for the whole damn planet. Day two stories, and the slow news they represent have always been what lets the body politic think and act like a better creature. It’s also hard in this environment of constant urgency and heightened emotionality, and stress makes it worse. But when we slow it down, when we take responsibility for how we construct our knowledge, we don’t make as many mistakes and we don’t get played so easily by bad actors.

Day one is always feelings, and day one feels like the story you need. Day two is when we can start to get it right. Wait for day two. Wait for next week, wait for the story that needs you.

 

 

*All the neighborhoods of Luxembourg are sedate.

My work for Emptywheel is supported by my wonderful patrons on Patreon. You can find out more, and support my work, at Patreon.

Facebook Anonymously Admits It IDed Guccifer 2.0 in Real Time

The headline of this story focuses on how Obama, in the weeks after the election, nine days before the White House declared the election, “free and fair from a cybersecurity perspective,” begged Mark Zuckerberg to take the threat of fake news seriously.

Now huddled in a private room on the sidelines of a meeting of world leaders in Lima, Peru, two months before Trump’s inauguration, Obama made a personal appeal to Zuckerberg to take the threat of fake news and political disinformation seriously. Unless Facebook and the government did more to address the threat, Obama warned, it would only get worse in the next presidential race.

But 26 paragraphs later, WaPo reveals a detail that should totally change the spin of the article: in June, Facebook not only detected APT 28’s involvement in the operation (which I heard at the time), but also informed the FBI about it (which, along with the further details, I didn’t).

It turned out that Facebook, without realizing it, had stumbled into the Russian operation as it was getting underway in June 2016.

At the time, cybersecurity experts at the company were tracking a Russian hacker group known as APT28, or Fancy Bear, which U.S. intelligence officials considered an arm of the Russian military intelligence service, the GRU, according to people familiar with Facebook’s activities.

Members of the Russian hacker group were best known for stealing military plans and data from political targets, so the security experts assumed that they were planning some sort of espionage operation — not a far-reaching disinformation campaign designed to shape the outcome of the U.S. presidential race.

Facebook executives shared with the FBI their suspicions that a Russian espionage operation was in the works, a person familiar with the matter said. An FBI spokesperson had no immediate comment.

Soon thereafter, Facebook’s cyber experts found evidence that members of APT28 were setting up a series of shadowy accounts — including a persona known as Guccifer 2.0 and a Facebook page called DCLeaks — to promote stolen emails and other documents during the presidential race. Facebook officials once again contacted the FBI to share what they had seen.

Like the U.S. government, Facebook didn’t foresee the wave of disinformation that was coming and the political pressure that followed. The company then grappled with a series of hard choices designed to shore up its own systems without impinging on free discourse for its users around the world. [my emphasis]

But the story doesn’t provide the details you would expect from such disclosures.

For example, where did Facebook see Guccifer 2.0? Did Guccifer 2.0 try to set up a Facebook account? Or, as sounds more likely given the description, did he/they use Facebook as a signup for the WordPress site?

More significantly, what did Facebook do with the DC Leaks account, described explicitly?

It seems Facebook identified, and — at least in the case of the DC Leaks case — shut down an APT 28 attempt to use its infrastructure. And it told FBI about it, at a time when the DNC was withholding its server from the FBI.

This puts this passage from Facebook’s April report, which I’ve pointed to repeatedly, in very different context.

Facebook is not in a position to make definitive attribution to the actors sponsoring this activity. It is important to emphasize that this example case comprises only a subset of overall activities tracked and addressed by our organization during this time period; however our data does not contradict the attribution provided by the U.S. Director of National Intelligence in the report dated January 6, 2017.

In other words, Facebook had reached this conclusion back in June 2016, and told FBI about it, twice.

And then what happened?

Again, I’m sympathetic to the urge to blame Facebook for this election. But this article describes Facebook’s heavy handed efforts to serve as a wing of the government to police terrorist content, without revealing that sometimes Facebook has erred in censoring content that shouldn’t have been. Then, it reveals Facebook reported Guccifer 2.0 and DC Leaks to FBI, twice, with no further description of what FBI did with those leads.

Yet from all that, it headlines Facebook’s insufficient efforts to track down other abuses of the platform.

I’m not sure what the answer is. But it sounds like Facebook was more forthcoming with the FBI about APT 28’s efforts than the DNC was.

image_print