Posts

Facebook on the Hot Seat Before Senate Judiciary Committee

This is a dedicated post to capture your comments about Facebook CEO Mark Zuckerberg’s testimony before the Senate Judiciary Committee this afternoon. At the time of this post Zuckerberg has already been on the hot seat for more than two hours and another two hours is anticipated.

Before this hearing today I have already begun to think Facebook’s oligopolic position and its decade-plus inability to effectively police its operation requires a different approach than merely increasing regulation. While Facebook isn’t the only corporation monetizing users’ data as its core business model, its platform has become so ubiquitous that it is difficult to make use of a broad swath of online services without a Facebook login (or one of a very small number of competing platforms like Google or Twitter).

If Facebook’s core mission is connecting people with a positive experience, it should be regulated like a telecommunications provider — they, too, are connectors — or it should be taken public like the U.S. Postal Service. USPS, after all, is about connecting individual and corporate users by mediating exchange of analog data.

The EU’s General Data Protection Regulation (GDPR) offers a potential starting point as a model for the U.S. to regulate Facebook and other social media platforms. GDPR will shape both users’ expectations and Facebook’s service whether the U.S. is on board or not; we ought to look at GDPR as a baseline for this reason, while compliant with the First Amendment and existing data regulations like the Computer Fraud and Abuse Act (CFAA).

What aggravates me as I watch this hearing is Zuckerberg’s obvious inability to grasp nuance, whether divisions in political ideology or the fuzzy line between businesses’ interests and users’ rights. I don’t know if regulation will be enough if Facebook (manifest in Zuckerberg’s attitude) can’t fully and willingly comply with the Federal Trade Commission’s 2011 consent decree protecting users’ privacy. It’s possible fines for violations of this consent decree arising from the Cambridge Analytica/SCL abuse of users’ data might substantively damage Facebook; will we end up “owning” Facebook before we can even regulate it?

Have at it in comments.

UPDATE — 6:00 PM EDT — One of my senators, Gary Peters, just asked Zuck about audio capture, whether Facebook uses audio technology to listen to users in order to place ads relevant to users’ conversational topics. Zuck says no, which is really odd given the number of anecdotes floating around about ads popping up related to topics of conversation.

It strikes me this is one of the key problems with regulating social media: we are dealing with a technology which has outstripped its users AND its developers, evident in the inability to discuss Facebook’s operations with real fluency on either the part of government or its progenitor.

This is the real danger of artificial intelligence (AI) used to “fix” Facebook’s shortcomings; not only does Facebook not understand how its app is being abused, it can’t assure the public it can prevent AI from being flawed or itself being abused because Facebook is not in absolute control of its platform.

Zuckerberg called the Russian influence operation an ongoing “arms race.” Yeah — imagine arms made and sold by a weapons purveyor who has serious limitations understanding their own weapons. Gods help us.

EDIT — 7:32 PM EDT — Committee is trying to wrap up, Grassley is droning on in old-man-ese about defending free speech but implying at the same time Facebook needs to help salvage Congress’ public image. What a dumpster fire.

Future shock. Our entire society is suffering from future shock, unable to grasp the technology it relies on every day. Even the guy who launched Facebook can’t say with absolute certainty how his platform operates. He can point to the users’ Terms of Service but he can’t say how any user or the government can be absolutely certain users’ data is fully deleted if it goes overseas.

And conservatives aren’t going to like this one bit, but they are worst off as a whole. They are older on average, including in Congress, and they struggle with usage let alone implications and the fundamentals of social media technology itself. They haven’t moved fast enough from now-deceased Alaska Senator Ted Steven’s understanding of the internet as a “series of tubes.”

Parkland and the Twittered Revolt

Marvel at the teen survivors of the mass shooting at Marjory Stoneham Douglas High School in Parkland, Florida. Their composed rage is terrifying to a generation or two which have not seen the like since the 1960s and early 1970s. They are leading a revolution — but note the platform they’re using to best effect.


I can’t tell you how much use they are making of Facebook as I haven’t used it in several years. What I find telling is the dearth of links to students’ and followers’ Facebook posts tweeted into my timeline. I also note at least one MSD student exited Facebook after receiving death threats.

Twitter’s platform allows the authenticity and immediacy of the students’ communications, as easy to use as texting. There’s no filter. For whatever reason, parents haven’t taken to Twitter as they did Facebook, leaving the micro-blogging platform a space without as much adult oversight.

These attributes terrify the right-wing. There’s nothing limiting the reach of students’ messages — no algorithms slow their tweets. The ability to communicate bluntly, efficiently, and yet with grace has further thrown the right. The right-wing’s inability to accept these students as legitimately speaking for themselves and for their fellow students across the country is an expression of the right’s cognitive dissonance.

The students’ use of Twitter redeems the platform, asserting its true value. It’s 180 degrees from the problems Twitter posed as a toxic cesspool filled with trolls and bots. Parkland’s tragedy exposes what Twitter should be, what Twitter must do to ensure it doesn’t backslide.

Minors shouldn’t have to put up with bullying — especially bullying by adults. Donnie Trump Jr. is one of the worst examples of this bullying and should be booted out of the platform. Other adult bullies have also emerged but Twitter’s user base is ruthless in its swiftness, dealing a coup de grâce to Laura Ingraham’s sponsorships.

If only Twitter itself was as swift in ejecting bullies and trolls. Troll bots continue to flourish even after a large number were removed recently. Victims of tragedies should expect an ethical social media platform to eliminate trolls and bots promptly along with bullies.

Ethical social media platforms also need to ask themselves whether they want to make profit off products intended to maim and kill. Should it allow certain businesses to use promoted tweets to promote deadly products, or allow accounts for lobbying organizations representing weapons manufacturers as well as owners? Should Twitter remove the NRA just as it doesn’t permit accounts representing tobacco products?

Not to mention avoiding Facebook’s ethical crisis — should Twitter be more proactive in protecting its users now that Parkland’s Marjory Stoneham Douglas High School students have revitalized its brand?

The Very Globalized Forces Manipulating the Anti-Globalist President

I want to consider three stories related to the conspiracies that got Trump elected and have influenced his policy decisions.

Cambridge Analytica and Facebook privatizes intelligence sources and methods behind “democratic” elections

First, there’s the Cambridge Analytica scandal. Here are some of the most scandalous tidbits:

Likelihood Facebook failed to abide by a 2011 FTC consent decree and certainty that Cambridge Analytica and Facebook failed to abide by British and EU privacy law, respectively. While Facebook and other big tech companies have sometimes publicly bowed to the onerous restrictions of more repressive regimes and have secretly bowed to the invasive demands of American spies, the public efforts to rein in big tech have had limited success in Europe and virtually none in the US.

In the US in particular, weak government agencies have done little more than ask consumers to trust big tech.

As privacy advocates have long argued, big tech can’t be trusted. Nor can big tech regulate itself.

Cambridge Analytica used legally suspect means — the same kind of illegal means intelligence agencies employ — to help its customers. Channel 4 reported that Cambridge Analytica at least promised they could set honey traps and other means to compromise politicians. The Guardian reported that Cambridge Analytica acted as a cut-out to share hacked emails in Nigerian and a Nevis/St. Kitts elections. Thus far, the most problematic claim made about Cambridge Analytica’s activities in the US are the aforementioned illegal use of data shared for research purposes, visa fraud to allow foreign (British) citizens to work on US elections, and possibly the illegal coordination between Rebekah Mercer’s PAC with the campaign.

Internet Research Agency used the same kind of methods advertising and marketing firms use, but to create grassroots. The IRA indictment laid out how a private company in Russia used Facebook (and other tech giants’) networking and advertising services to create fake grassroots enthusiasm here in the US.

All of these means undermine the democratic process. They’re all means nation-state intelligence services use. By privatizing them, such services became available to foreign agents and oligarchical interests more easily, with easy ways (many, but not all, broadly acceptable corporate accounting methods) to hide the financial trail.

Russia buys the network behind Joseph Mifsud

Then there’s the Beeb piece advancing the story of Joseph Mifsud (ignore the repetitive annoying music and John Schindler presence). It provides details on the role played by German born Swiss financier and lawyer Stephan Roh. Roh has three ties to Mifsud. In 2014, Roe started lecturing at the London Academy of Diplomacy where Misfud worked. In the same year, he bought the Roman institution Misfud helped manage. And then, in 2016, when George Papadopoulos was being targeted, Roh was on a panel with Papadopoulos’ two handlers.

That same month, Mifsud was in Moscow on a panel run by the Kremlin-backed Valdai Club with Timofeev and the third man, Dr Stephan Roh, a German multi-millionaire.

Mifsud and Roh interlock: in 2014, Roh became a visiting lecturer at the London Academy of Diplomacy. Roh bought Link Campus University, a private institution in Rome where Mifsud was part of the management and Mifsud became a consultant at Roh’s legal firm.

The Beeb piece goes on to describe how Roh bought a British nuclear consultancy too. When the British scientist behind it balked at cozying up to Russia, he was fired, but it appears to still be used as a cut-out.

Again, none of this is new: Russia just spent a lot of money to set up some fronts. The amount of money floating around and the ability to buy into a title by buying an old castle do make it easier, however.

George Nader purchases US foreign policy for the Saudis and Emirates

Then there’s NYT’s confirmation of something that was obvious from the first reports that the FBI whisked George Nader away from Dulles Airport before he could meet Donald Trump at Mar a Lago earlier this year. Nader got an immunity deal and has been cooperating with Mueller’s team to describe how he brokered US foreign policy decisions (most notably, and anti-Qatari stance). He did so by cultivating GOP fundraiser Elliott Broidy, turning him into both an asset and front for foreign influence. Those activities included:

  • Securing hundreds of millions of dollars of contracts for Broidy’s private security firm, Circinus, with the Saudis and Emirates, and offering several times more.
  • Working with Broidy to scuttle the nomination of Anne Patterson to DOD and to orchestrate the firing, last week, of Rex Tillerson, in both cases because they were deemed too supportive of diplomacy towards Iran.
  • Offering financial support for a $12.7 million Washington lobbying and public relations campaign, drafted by a third party, targeting both Qatar and the Muslim Brotherhood.
  • Paying Broidy $2.7 million to fund conferences at both Hudson Institute and the Foundation for Defense of Democracies attacking Qatar and the Muslim Brotherhood; Broidy provided a necessary American cut-out for the two think tanks because their fundraising rules prohibit donations from undemocratic regimes or foreign countries, respectively. The payment was laundered through an “Emirati-based company [Nader] controlled, GS Investments, to an obscure firm based in Vancouver, British Columbia, controlled by Mr. Broidy, Xieman International.”
  • Unsuccessfully pitching a private meeting, away from the White House, between Trump and Emirates Crown Prince Mohammed bin Zayed.
  • Obtaining a picture of Nader with Trump, effectively showing the president in the company of a foreign agent and convicted pedophile.

Effectively, Nader provides Mueller what Mueller has been getting from Rick Gates: details of how a foreign country purchased American policy support via cutouts in our easily manipulated campaign finance system.

Nader brings two more elements of what I pointed to last May: what is ultimately a Jared Kushner backed “peace” “plan” that is instead the money laundered wish of a bunch of foreign interests. While we’ve seen the Russian, Saudi, and Emirate money behind this plan, we’re still missing full details on how Mueller is obtaining the Israeli side, though I’m sure he’s getting that too.

Note, Broidy has claimed the details behind his work with Nader were hacked by Qatari hackers. That may be the case; there have also been a slew of presumably hacked documents from Emirates Ambassador to the US, Yousef al Otaiba, floating around. So while this is important reporting, it relies on the same kind of illicitly obtained intelligence that was used against Hillary in 2016.

Importantly, the Nader story generalizes this. Nader has worked with both the Clinton and the Dick Cheney Administrations, and the laundering of foreign funds to US think tanks has long been tolerated (in some cases, such as Brookings, the think tank doesn’t even bother with the money laundering and accepts the foreign money directly). Democrats are not immune from this kind of influence peddling, in the least. It’s just that Trump, because of his greater narcissism, his ignorance of real foreign policy doctrine, and his debt and multinational business make Trump far more vulnerable to such cultivation. Given Cheney’s ties to Halliburton and the Clinton Foundation, it’s a matter of degree and competence, not principle.

Globalism is just another word for fighting over which oligarchs will benefit from globalization

Which brings us to Trump’s claim (orchestrated by Steven Bannon, paid for by the Mercers) to oppose “globalists,” a racialized term to demonize the downsides of globalization without actually addressing the forces of globalization in an effective way. Little Trump is doing (up to and including the trade war with China he’s rolling out today) will help the white people who made him president (the demonization of immigrants will have benefits and drawbacks).

What it will do is foster greater authoritarianism in this country, making it easier both to make Trump’s white voters less secure even while channeling the resultant anger by making racism even more of an official policy.

And it will also shift somewhat which oligarchs — both traditionally well-loved ones, like the Sauds, and adversaries, like the Russians — will benefit as a result.

Importantly, it is being accomplished using the tools of globalization, from poorly overseen global tech companies, easily manipulated global finance system, and a global network of influence peddling that can also easily be bought and paid for.

Cambridge Analytica Uncovered and More to Come

A little recap of events overnight while we wait for Channel 4’s next video. Channel 4 had already posted a video on March 17 which you can see here:

Very much worth watching — listen carefully to whistleblower Chris Wylie explain what data was used and how it was used. I can’t emphasize enough the problem of non-consensual use; if you didn’t explicitly consent but a friend did, they still swept up your data

David Carroll of Parsons School of Design (@profcarroll) offered a short and sweet synopsis last evening of the fallout after UK’s Channel 4 aired the first video of Cambridge Analytica Uncovered.

Facebook CTO Alex Stamos had a disagreement with management about the company’s handling of crisis; first reports said he had resigned. Stamos tweeted later, explaining:

“Despite the rumors, I’m still fully engaged with my work at Facebook. It’s true that my role did change. I’m currently spending more time exploring emerging security risks and working on election security.”

Other reports say Stamos is leaving in August. Both could be true: his job has changed and he’s eventually leaving.

I’m betting we will hear from him before Congress soon, whatever the truth.

Speaking of Congress, Sen. Ron Wyden has asked Mark Zuckerberg to provide a lot of information pronto to staffer Chris Sogohian. This ought to be a lot of fun.

A Facebook whistleblower has now come forward; Sandy Parkilas said covert harvesting of users’ data happened frequently, and Facebook could have done something about it.

Perhaps we ought to talk about nationalization of a citizens’ database?

Another Shoe Dropped: Cambridge Analytica Used Its Own Kompromat

I confess, I did NOT see this coming, a perfect example of blindness based in preconceived notions about technology companies.

UK’s Channel 4 just aired a report in which Cambridge Analytica executives were secretly filmed discussing the creation and use of compromising material in campaigns. Some of the acts described violate UK Bribery Act and the US Foreign Corrupt Practices Act.

Watch:

Last evening there had been teasers revealing Cambridge Analytica had used actual Facebook users’ account information while demonstrating their psychographic profiling product, without masking the users’ personal information. This is ugly on its own, violating users’ privacy without permission.

But the creation and use of kompromat…wow.

This is an open thread. Have at it.

In Two So-Called Fact Checks of Facebook, NYT Forgets Everything It Knows about Indictments

In both this Scott Shane article and this “fact check” of Facebook VP Rob Goldman’s recent tweets on Russian trolls’ use of Facebook (which President Trump then picked up), the NYT has twice forgotten everything it knows about indictments, and in the process failed to properly analyze last week’s Internet Research Agency indictment.

In Shane’s article, he attempts to fact check Goldman using the indictment.

Facebook’s vice president for advertising, Rob Goldman, said on Twitter on Friday, “I have seen all of the Russian ads and I can say very definitively that swaying the election was *NOT* the main goal” — a statement that President Trump retweeted.

But Mr. Mueller’s indictment repeatedly states that the Russian operation was designed not just to provoke division among Americans but also to denigrate Hillary Clinton and support her rivals, mainly Mr. Trump. The hashtags the Russian operation used included #Trump2016, #TrumpTrain, #MAGA and #Hillary4Prison, and one Russian operative was reprimanded for “a low number of posts dedicated to criticizing Hillary Clinton,” the indictment says.

On Twitter, Shane even suggested Goldman hadn’t read the indictment.

Wonder if Rob Goldman has read the indictment. Mueller appears to disagree.

Then, Sheera Frenkel extends the purported fact check.

“I have seen all of the Russian ads and I can say very definitively that swaying the election was *NOT* the main goal.” Tweet #2

Not according to the indictment.

The grand jury indictment secured by Mr. Mueller asserts that the goal of Russian operatives was to influence the 2016 election, particularly by criticizing Hillary Clinton and supporting Mr. Trump and Bernie Sanders, Mrs. Clinton’s chief rival for the Democratic nomination.

The Russians “engaged in operations primarily intended to communicate derogatory information about Hillary Clinton, to denigrate other candidates such as Ted Cruz and Marco Rubio, and to support Bernie Sanders and then-candidate Donald Trump,” the indictment said.

Mr. Goldman later wrote in another tweet that “the Russian campaign was certainly in favor of Trump.”

Both Shane and Frenkel don’t consider what I laid out here:

[T]here are hints that Mueller is using this indictment to set up a more important point.

For example, the indictment (perhaps because of Mueller’s mandate) focuses on political activities supporting or opposing one or another 2016 candidate. Even where topics (immigration, Muslim religion, race) are not necessarily tied to the election, they’re presented here as such. Unless Facebook’s public reports are wrong, this is a very different emphasis than what Facebook has said the IRA focused on. Which is to say that Mueller’s team are focusing on a subset of the known IRA trolling, the subset that involves the 2016 contest between Trump and Hillary.

Goldman was addressing all of IRA’s activity on Facebook, which it described this way in September:

  • The vast majority of ads run by these accounts didn’t specifically reference the US presidential election, voting or a particular candidate.
  • Rather, the ads and accounts appeared to focus on amplifying divisive social and political messages across the ideological spectrum — touching on topics from LGBT matters to race issues to immigration to gun rights.
  • About one-quarter of these ads were geographically targeted, and of those, more ran in 2015 than 2016.
  • The behavior displayed by these accounts to amplify divisive messages was consistent with the techniques mentioned in the white paper we released in April about information operations.

Nowhere in the indictment does Mueller describe the scope of what IRA activity his team investigated, though it does describe how “over time” the IRA activity came to focus on the 2016 election.

These groups and pages, which addressed divisive U.S. political and social issues, falsely claimed to be controlled by U.S. activists when, in fact, they were controlled by Defendants. Defendants also used the stolen identities of real U.S. persons to post on ORGANIZATION-controlled social media accounts. Over time, these social media accounts became Defendants’ means to reach significant numbers of Americans for purposes of interfering with the U.S. political system, including the presidential election of 2016.

Indeed, the indictment makes it clear that the universe of IRA activity is larger than the election-related activity, in part by tying two counts of identity theft to crimes that happened after the election, as recent as May 2017.

Eight of the usages of fake credentials described in ¶92 also postdate the election. That’s presumably part of what Goldman was pointing to when he tweeted,

The majority of the Russian ad spend happened AFTER the election. We shared that fact, but very few outlets have covered it because it doesn’t align with the main media narrative of Tump and the election.

Even as they, a mainstream media outlet, ignored how Goldman’s invocation of this spending detail and the inclusion of 2017 activities in the indictment is proof that not all of the IRA activities Mueller investigated did pertain to the election, NYT deemed that claim lacking in context.

According to figures published by Facebook last October, 44 percent of the Russian-bought ads were displayed before the 2016 election, while 56 percent were shown afterward. Mr. Goldman asserted that those figures were not published by the “mainstream media” — however, many mainstream news outlets did print those numbers, including CNN, Reuters and The Wall Street Journal.

The point is that there are two universes of IRA Facebook activities: the entire universe, for which Goldman’s claims are generally true, and the activities that Mueller has chosen to focus on, which Shane and Frenkel mistake as the entire universe, and in the process blow their fact checks.

This disjunct continues to the citation of real life events planned using Facebook. Goldman pointed to two May 21, 2016 Houston events, where an Islamophobic event was planned on the same day as a United Muslims event, as the quintessential example of how Russia was trying to pit Americans against each other.

The single best demonstration of Russia’s true motives is the Houston anti-islamic protest. Americans were literally puppeted into the streets by trolls who organized both the sides of protest.

Frenkel doesn’t even get Goldman’s reference correct, in spite of his link to a story on it, and instead apparently takes the citation to be a reference to this passage from the indictment.

By in or around early November 2016, Defendants and their co-conspirators used the ORGANIZATION-controlled “United Muslims of America” social media accounts to post anti-vote messages such as: “American Muslims [are] boycotting elections today, most of the American Muslim voters refuse to vote for Hillary Clinton because she wants to continue the war on Muslims in the middle east and voted yes for invading Iraq.”

From which she concludes,

The protests in Houston in November 2017 were among many rallies organized by Russian operatives through Facebook. While the Houston protest was anti-Islamic, as Mr. Goldman said, he failed to note that the goal in promoting the demonstration was to link Mrs. Clinton’s campaign with a pro-Islamic message.

Again, the indictment is focusing on a particular subset of the IRA activity, whereas Goldman is commenting on the larger universe, arguably to say the indictment understates the threat.

With NYT’s mad, repeated rush to fact check Facebook using an indictment that never claims to be addressing the same universe of IRA activity Goldman was commenting on, they commit some pretty significant analytical errors, errors that extend to their ability to understand what Mueller is doing with the indictment.

I can’t say for certain why Mueller focused on certain kinds of IRA activity, but I can think of three likely possibilities:

  • Since his mandate is to investigate Russian tampering in the 2016 election, he is focusing on that subset of the IRA activity
  • Because it is tied to election law, the conspiracy to defraud the US charge in the indictment depends on activity that violates election law, and much of the IRA Facebook trolling does not
  • The events on which Mueller does focus — notably, twin events at key times in NYC and activities in FL that involve three identified Trump campaign officials — may hint at further crimes or more sophisticated cooperation between the campaign and Russian agents

The last possibility is (as I noted in my earlier post) one of the most intriguing parts of the indictment. But the NYT won’t see it because they’re so busy fact checking claims made about different sets of data.

I get the urge to beat up Facebook. They’ve got a lot to pay for in permitting Russia to abuse their platform. But (I suspect entirely because Trump used Goldman’s tweet to try to exonerate himself) in doing so, NYT has missed Goldman’s larger point, which isn’t an apology at all. Indeed, Goldman was saying that the problem is far bigger than what Mueller lays out in the indictment, and that our continued divisions are a vulnerability Russia continues to exploit.

As Mueller moves forward, we’re likely to see similar kinds of confusion between the specific crimes he addresses in indictments and pleas and the larger toxins that hurt our democracy. So long as we confuse Mueller’s investigation for the larger, still vulnerable whole, we’re never going to do the things as a society we need to prevent this from happening again.

Update: My apologies to Frenkel for misspelling her name originally in this.

Update: On the limits of what is and is not illegal for foreigners to engage in see this Rick Hasen post.

Update: I had an exchange on Twitter with Frenkel about this, and the so-called article has what purports to be a correction.

Because of an editing error, an earlier version of this article misstated the month when protests organized by Russian operatives were held in Houston. It was March 2016, not November 2017.

Except that as corrected (by me, though I got no attribution), the piece compounds its error.

The protests in Houston in May 2016 were among many rallies organized by Russian operatives through Facebook. While the Houston protest was anti-Islamic, as Mr. Goldman said, he failed to note that the goal in promoting the demonstration was to link Mrs. Clinton’s campaign with a pro-Islamic message.

According to the indictment secured by Mr. Mueller, there were many other examples of Russian operatives using Facebook and Instagram to organize pro-Trump rallies. At one protest, the Russian operatives paid for a cage to be built, in which an actress dressed as Mrs. Clinton posed in a prison uniform.

None of the materials or contemporary coverage associated with the anti-Islamic side of the protest associated it with Clinton’s campaign. On the contrary. the protest was about a local Islamic center.

A group calling themselves Heart of Texas called for the rally to protest what they consider “Islamization” of Texas – sparked in part by the recent opening of a privately funded library inside the downtown center. The group had also encouraged followers to bring legal firearms.

Although the Heart of Texas group never showed, about 10 people bearing flags of the United States, Texas and the Confederacy were there. “This is America. We have the right to speak out and protest,” said Ken Reed, who wore a T-shirt emblazoned with the phrase “White Lives Matter.” “We feel Texas, our great state and the United States is being threatened by the influx of Islam.”

Again, I agree that Facebook is a shitty company. But a newspaper doubling down on its errors to attack Facebook’s errors is … doing what it is complaining about.

The Gizmo™: Correlation Doesn’t Equal Adversary Nation

For days, reporters have been mis-using The Gizmo™ (the name I use for the “disinformation dashboard” from the German Marshall Fund, a black box that purports to show “Russian propaganda efforts on Twitter in near-real time”) to claim that Russian-linked accounts are pushing the #ReleaseTheMemo campaign calling for the public release of Devin Nunes’ politicized memo attacking the FBI.

As the effort lead by some Republicans to curtail special counsel Robert S. Mueller III’s investigation into the election meddling has heated up, Russian-linked accounts helped amplify a Twitter hashtag calling for the release of a memo the group hopes will help discredit Mueller’s work, according to Hamilton 68, a research firm that tracks the malicious accounts. The #releasethememo hashtag was tweeted by these accounts nearly 4,000 times in the last couple of days, the firm said.

As always with such reporting, the articles don’t provide even the nuance the project’s most responsible contributor, JM Berger, lays out on their methodology page.

  1. Not all content in this network is “created” by Russia. A significant amount—probably a majority—of content is created by third parties and then amplified by the network because it is relevant to Russian messaging themes.
  2. Not all content amplified by this network is pro-Russian. The network frequently mobilizes to criticize or attack individuals or news reports that it wishes to discredit.
  3. Because of the two points above, we emphasize it is NOT CORRECT to describe sites linked by this network as Russian propaganda sites. We are not claiming that content producers linked by this network are Russian propaganda sites. Rather, content linked by this network is RELEVANT to Russian messaging themes.

Such reports certainly don’t consider the validity of drawing conclusions from such analysis that the authors have refused to have vetted by a third party. What does it mean to openly profess to be pro-Russian, for example? Do non-consensus views on Syria or Ukraine count? Does skepticism about Russian involvement in the election count?

And the reports don’t note the serial false positives, such as the time Jim Lankford used The Gizmo™ to claim Russia was stoking tensions around NFL players taking a knee during the anthem. More responsible analysis showed that,

[B]oth #TakeAKnee and #BoycottNFL were genuinely viral movements, generating high volumes of traffic from large numbers of accounts, but both received an additional boost from bots.

The bots which amplified #TakeAKnee were primarily non-political; they appear to be bots for hire, repurposed to amplify specific posts. Of these, the most significant group is that which retweeted @DianneLogic, given its previous use in online harassment campaigns in the context of Russia and the far right. However, the evidence of its prior behavior is suggestive but not conclusive. It cannot be taken as proving Senator Lankford’s claim.

The accounts which amplifed #BoycottNFL are a different breed. They are largely cyborgs, rather than bots, posting authored content in between slews of retweets. They are also political, rather than commercial. Their sole purpose appears to be boosting far-right American posts.

In both cases, the bots were functionally anonymous, providing no verifiable information on the identity of the user behind them. There is thus no independent information which would allow us to say definitively whether they were American, linked somehow to Russia, or managed from another country entirely.

In short, in spite of this thing being shown to measure something entirely different from what reporters continue to report — correlated traffic (and that, based on unpublished criteria) rather than causal traffic — nevertheless Russia got credit for a campaign clearly driven by right wing Americans backed by a far more extensive propaganda infrastructure.

And then, even as Twitter started leaking initial analysis saying just that — that Russia wasn’t to blame …

[A] knowledgeable source says that Twitter’s internal analysis has thus far found that authentic American accounts, and not Russian imposters or automated bots, are driving #ReleaseTheMemo. There are no preliminary indications that the Twitter activity either driving the hashtag or engaging with it is either predominantly Russian.

In short, according to this source, who would not speak to The Daily Beast for attribution, the retweets are coming from inside the country.

… Two members of Congress from California, Adam Schiff and Dianne Feinstein, called on two California companies, Twitter and Facebook, to confess further manipulation by Russia.

We understand Facebook and Twitter have developed significant expertise in identifying inauthentic and malicious accounts.  Further, your forensic investigations into Russian government exploitation of your platforms during the 2016 U.S. election have helped expose to the American public the vast extent of Russia’s covert influence efforts. We therefore request that your companies conduct an in-depth forensic examination of this real-time activity on your platforms to determine:

  1. Whether and how many accounts linked to Russian influence operations are involved in this campaign;
  2. The frequency and volume of their postings on this topic; and
  3. How many legitimate Twitter and Facebook account holders have been exposed to this campaign.

Given the urgency of this matter, we ask that you provide a public report to Congress and the American public by January 26, 2018.  In addition, we urge your companies to immediately take necessary steps to expose and deactivate accounts involved in this influence operation that violate your respective user policies.

Nothing in this letter explains why Facebook should have to do this work, as The Gizmo™, the sole piece of evidence Schiff and Feinstein rely on, doesn’t track Facebook.

But even the demand to Twitter was based on yet another misreading of what The Gizmo™ actually measures. And, having never asked The Gizmo™ to explain the methodology behind its serial panics, a Senator representing both Facebook and Twitter demanded that they check its work, rather than vice versa.

If I were a forewoman in a Russian troll factory, there would be no easier way to boost my career prospects than to use a few of my bots to manipulate The Gizmo™’s sloppy methodology to claim credit for an obviously American-generated hoax. “Ивана! Давайте претендовать на последнюю республиканскую пропаганду!” Doing so would set off a self-fulfilling prophecy, precisely the kind of thing The Gizmo™’s authors claim to want to prevent, boosting Russia’s ability to sow discord with virtually no effort.

Why Call Alice Donovan a Troll?

The WaPo and CounterPunch have the story of Alice Donovan, a pseudonymous persona the FBI suspected (it’s not clear starting when) of being part of a Russian influence operation. The WaPo makes it clear sources told them about the investigation (though without clearly revealing when FBI identified Donovan or when they learned about the investigation) and leaked the report behind this story (or perhaps it is all one report).

The FBI was tracking Donovan as part of a months-long counterintelligence operation code-named “NorthernNight.” Internal bureau reports described her as a pseudonymous foot soldier in an army of Kremlin-led trolls seeking to undermine America’s democratic institutions.

[snip]

The events surrounding the FBI’s NorthernNight investigation follow a pattern that repeated for years as the Russian threat was building: U.S. intelligence and law enforcement agencies saw some warning signs of Russian meddling in Europe and later in the United States but never fully grasped the breadth of the Kremlin’s ambitions.

CP first learned about it when Adam Entous called about the leaked intelligence report on her.

We received a call on Thursday morning, November 30, from Adam Entous, a national security reporter at the Washington Post. Entous said that he had a weird question to ask about one of our contributors. What did we know about Alice Donovan? It was indeed an odd question. The name was only faintly familiar. Entous said that he was asking because he’d been leaked an FBI document alleging that “Alice Donovan” was a fictitious identity with some relationship to Russia. He described the FBI document as stating that “Donovan” began pitching stories to websites in early 2016. The document cites an article titled “Cyberwarfare: Challenge of Tomorrow.”

And CP reveals they first came to believe that Donovan was fake (and not just a serial plagiarist) when a NYT story listed Donovan’s account among those that Facebook had shut down as fake.

This long story focused on dozens of phony Facebook accounts which the Times claims pushed pro-Russian messages during the election. Buried in the 28th paragraph of the story was the name “Alice Donovan.” Donovan’s Facebook page, the Times said, “pointed to documents from Mr. Soros’s Open Society Foundations that she said showed its pro-American tilt and — in rather formal language for Facebook — describe eventual means and plans of supporting opposition movements, groups or individuals in various countries.’” According to the Times, Facebook had deactivated the Donovan account after it failed a verification protocol.

CP ends by noting that for the entirety of the period when FBI was investigating this pseudonymous persona, they never informed CP.

If the FBI was so worried about the risks posed by Alice Donovan’s false persona, they could have tipped off some of the media outlets she was corresponding with. But in this case they refrained for nearly two years. Perhaps they concluded that Donovan was the hapless and ineffectual persona she appears to be. More likely, they wanted to continue tracking her. But they couldn’t do that without also snooping on American journalists and that represents an icy intrusion on the First Amendment. For a free press to function, journalists need to be free to communicate with whomever they want, without fear that their exchanges are being monitored by federal agencies. A free press needs to be free to make mistakes and learn from them. We did.

It’s an interesting example — and given my prior focus on Facebook’s intelligence apparatus (one reiterated by the revelation that Facebook has been taking down NK infrastructure of its own accord) — one that raises questions about whether FBI identified this persona or FB did.

But I’m wondering why both WaPo and CP are calling the Donovan persona a troll. While it sounds like Donovan’s election related interventions were trollish about Hillary, some of what she published at CP and other outlets clearly supported Russian policy objectives (that CP might legitimately agree with) or — as CP notes — mirrored mainstream reporting on Clinton’s emails.

Donovan served not just to poison debate, as trolls do.

So I’m wondering why people are using that term. I’m wondering, in part, why we should distinguish Donovan’s authorship (or plagiarism) of articles from leaks from foreign intelligence services, which news articles have long relied on, whether Israeli, Saudi, or Russian sources (remember, for example, how presumed Yemeni or Saudi sources have repeatedly revealed details of US or UK double agents). A number of people in DC have laughed with me about the way that Rinat Akhmetshin — a central figure in the June 9, 2016 Trump Tower meeting and as such suspected of doing Russian intelligence bidding — has long regaled mainstream journalists as a source. And I’ve suggested that Scott Balber — and American lawyer working for a Russian oligarch — may be fostering a cover story for the same meeting.

So why is one kind of intelligence disinformation called journalism and another called trolling?

10 Years of emptywheel: Key Non-Surveillance Posts 2016-2017

Happy Birthday to me! To us! To the emptywheel community!

On December 3, 2007, emptywheel first posted as a distinct website. That makes us, me, we, ten today.

To celebrate, over the next few days, the emptywheel team will be sharing some of our favorite work from the last decade. I’ll be doing probably 3 posts featuring some of my most important or — in my opinion — resilient non-surveillance posts, plus a separate post bringing together some of my most important surveillance work. I think everyone else is teeing up their favorites, too.

Putting together these posts has been a remarkable experience to see where we’ve been and the breadth of what we’ve covered, on top of mainstays like surveillance. I’m really proud of the work I’ve done, and proud of the community we’ve maintained over the years.

For years, we’ve done this content ad free, relying on donations and me doing freelance work for others to fund the stuff you read here. I would make far more if I worked for some free-standing outlet, but I wouldn’t be able to do the weedy, iterative work that I do here, which would amount to not being able to do my best work.

If you’ve found this work valuable — if you’d like to ensure it remains available for the next ten years — please consider supporting the site.

2016

Why Doesn’t Dianne Feinstein Want to Prevent Murders Like those Robert Dear Committed?

I’ve written a lot about how the focus on Islamic terrorism, based on a claim it’s foreign, creates gross inequalities for Muslims in this country, and does nothing to address some of our most dangerous mass killers (as the Stephen Paddock massacre in Las Vegas makes all too clear). This post is one of that series. It focuses on how the ill-advised efforts to use the No Fly List to create a list of those who couldn’t own guns would be discriminatory and wouldn’t add much to safety.

“Only Facts Matter:” Jim Comey Is Not the Master Bureaucrat of Integrity His PR Sells Him As

From the periods when Jim Comey was universally revered as a boy scout through those when Democrats blamed him for giving us Trump (through the time Democrats predictably flip flopped on that point), I have consistently pointed to a more complicated story, particularly with regards to surveillance and torture. I think the lesson of Comey isn’t so much he’s a bad person — it’s that he’s human, and no human fits into the Manichean world of good guys and bad guys that he viewed justice through.

NSA and CIA Hacked Enrique Peña Nieto before the 2012 Election

As Americans came to grips with the fact that Russia had hacked Democrats to influence last year’s election, many people forgot that the US does the same. And it’s not even just in the bad old days of Allen Dulles. The Snowden documents revealed that NSA and CIA hacked Enrique Peña Nieto in the weeks before he was elected in 2012. The big difference is we don’t know what our spooks did with that information.

Why Is HPSCI’s Snowden Report So Inexcusably Shitty?

In 2016, HPSCI released its Devin Nunes-led investigation into Edward Snowden’s leaks. It was shitty. Really shitty.

Now that the HPSCI investigation into the Russian hack (which has not been subjected to the same limitations as the Snowden investigation was) has proven to be such a shit show, people should go back and review how shitty this review was (including its reliance on Mike Flynn’s inflammatory claims). There absolutely should have been a review of Snowden’s leaks. But this was worse than useless.

Look Closer to Home: Russian Propaganda Depends on the American Structure of Social Media

As people began to look at the role of fake news in the election, I noted that we can’t separate the propaganda that supported Trump from the concentrated platforms that that propaganda exploited. A year later, that’s a big part of what the Intelligence Committees have concluded.

The Evidence to Prove the Russian Hack

In this post I did a comprehensive review of what we knew last December about the proof Russia was behind the tampering in last year’s election.

Obama’s Response to Russia’s Hack: An Emphasis on America’s More Generalized Vulnerability

Last year, in a speech on the hack, Obama focused more on America’s vulnerability that made it possible for Russia to do so much damage than he did on attacking Putin. I think it’s a really important point, one I’ve returned to a lot in the last year.

The Shadow Brokers: “A Nice Little NSA You’ve Got Here; It’d Be a Shame If…”

In December, I did a review of all the posts Shadow Brokers had done and suggested he was engaged in a kind of hostage taking, threatening to dump more NSA tools unless the government met his demands. I was particularly interested in whether such threats were meant to prevent the US from taking more aggressive measures to retaliate against Russia for the hack.

2017

On “Fake News”

After getting into a bunch of Twitter wars over whether we’re at a unique moment with Fake News, I did this post, which I’ve often returned to.

How Hal Martin Stole 75% of NSA’s Hacking Tools: NSA Failed to Implement Required Security Fixes for Three Years after Snowden

The government apparently is still struggling to figure out how its hacking tools (both NSA and CIA) got stolen. I noted back in January that an IG report from 2016 showed that in the three years after Snowden, the IC hadn’t completed really basic things to make itself more safe from such theft.

The Doxing of Equation Group Hackers Raises Questions about the Legal Role of Nation-State Hackers

One thing Shadow Brokers did that Snowden and WikiLeaks, with its Vault 7 releases, have not is to reveal the identities of NSA’s own hackers. Like DOJ’s prosecution of nation-state hackers, I think this may pose problems for the US’ own hackers.

Reasons Why Dems Have Been Fucking Stupid on the Steele Dossier: a Long Essay

I believe Democrats have been ill-advised to focus their Russia energy on the Steele dossier, not least because there has been so much more useful reporting on the Russia hack that the Steele dossier only makes their case more vulnerable to attack. In any case, I continue to post this link, because I continue to have to explain the dossier’s problems.

Other Key Posts Threads

10 Years of emptywheel: Key Non-Surveillance Posts 2008-2010

10 Years of emptywheel: Key Non-Surveillance Posts 2011-2012

10 Years of emptywheel: Key Non-Surveillance Posts 2013-2015

PureVPN Doesn’t Need to Keep Logs Given How Many Google Keeps

There’s a cyber-stalking case in MA that has a lot of people questioning whether or not VPNs keep serial cyber-stalkers safe from the FBI. In it, Ryan Lin is accused of stalking a former roommate, referred to by the pseudonym Jennifer Smith in the affidavit, as well as conducting some bomb hoaxes and other incidences of stalking (if these accusations are true he’s a total shithole with severe control problems).

Because the affidavit in the case refers to tying Lin’s usage to several VPNs, it has been read to confirm that PureVPN, especially, has been keeping historic logs of users, contrary to their public claims. To be clear: you can never know whether a VPN is honest about keeping logs or not, and simply having a VPN on your computer might provide means of compromise (sort of like an anti-virus), that makes you more vulnerable. But I don’t think the affidavit, by itself (particularly with a great deal of the evidence in the case still hidden), confirms PureVPN is keeping logs. Rather, I think the account matching described in the affidavit says the FBI could have identified which VPNs Lin used via orders to Google, Facebook, and other tech companies, and using that, obtained a pen register on PureVPN collecting prospective traffic. I don’t think what is shown proves that FBI obtained historic logs (though it doesn’t disprove it either).

One thing to understand about this case is that Lin would have been the suspect right from the start, because his stalking started while he still lived with Smith, and intensified right after his roommates got him evicted. Plus, some of his stalking of Smith and others involved his real social media accounts. That means that, at a very early stage in this investigation, FBI would have been able to get all this information from Google and Facebook, which his victims knew he used.

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Internet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Internet Protocol addresses;
2. Information about each communication sent or received by the Account, including the date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers);
3. Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address as [] the accounts listed in Part 1; and Records of any accounts that are linked to either of the accounts listed in Part 1 by machine cookies (meaning all Google user IDs that logged into any Google account by the same machine as [] the accounts in Part 1). [my emphasis]

So very early in the investigation (almost certainly 2016), the FBI would have started obtaining every IP address that Lin was using to access Google and Facebook, and any accounts tied to the IP addresses used to log into his known accounts.

Instragram IDs WAN usage

Now consider the different references to VPNs in the affidavit. First, in February 2017, Lin registered a new Instagram account via WAN Security, one of the three VPNs listed.

February 2017: Lin registers Instagram account via WAN Security, also uses it to send email from [email protected] to local police department

That would mean that from the time FBI learned he used WAN to register with Instagram, the FBI would have known he used that service, and probably would have a very good idea which WAN server he default logged into.

Gmail ties WAN usage to other pseudonymous accounts

Then, FBI tracked April 2017 activity to connect Lin to an anonymous account at a service called Rover that he used to stalk people.

  • April 14, 2017, 14:55:52: Lin’s Gmail address accessed from IP address tied to WANSecurity server
  • April 14, 2017, 15:06:27: “Ashley Plano,” using [email protected], accessed Rover via same WANSecurity server
  • April 17, 2017, 21:54:25: “Ashley Plano” accesses Rover via Secure Internet server
  • April 17, 2017, 23:19:12: Lin’s Gmail address accessed via same Secure Internet server
  • April 18, 2017, 23:48:28: Lin’s Gmail address accessed via same Secure Internet server
  • April 19, 2017, 00:30:11: Ashley Plano account accessed via same Secure Internet server
  • April 24, 2017 (unspecified times): Lin’s Gmail and [email protected] email account accessed via same Secure Internet server

The WAN Security usage would have been accessible from Lin’s Gmail account (and would have been known since at least February). A subpoena to Rover after reports it was used for stalking would have likewise shown the WAN Security usage and times (assuming their logs are that detailed).

The Secure Internet use would have likewise shown up in his Gmail usage. Matching that to the Rover logs would have been the same process as with the WAN Security usage. And matching Lin’s known Gmail to his (alleged) pseudonymous teleportx email would have been done by Google itself, matching other accounts accessed by the IP Lin used (though they would have had to weed out other multiple Secure Internet server users).

In other words, this stuff could have come — and almost certainly did — from 2703(d) order returns available with a relevance standard, probably starting months before this activity.

Work computer confirms PureVPN usage, may provide account number

Then there’s this information, tying Lin’s work computer to PureVPN.

July 24, 2017: Lin fired by his unnamed software company employer — he asks, but is denied, to access his work computer to sign out of accounts

August 29, 2017: FBI agents find “Artifacts indicat[ing] that PureVPN, a VPN service that was used repeatedly in the cyberstalking scheme, was installed on the computer.”

What is not mentioned here is whether the “artifact” that showed Lin, like a fucking moron, loaded PureVPN onto his work computer also included him loading his PureVPN account number onto the computer. I think the vagueness here is intentional — both to keep the information from us and from Lin (at least until he signs a protection order). I also think this discussion, while useful for establishing probable cause to search his house, is also a feint. I suspect they already had Lin tied to PureVPN, and probably to a specific account there.

FBI’s not telling when and how they IDed Lin’s PureVPN usage, but Google would have had it

Which leads us to this language, which is the stuff that has everyone wigged out about PureVPN keeping logs.

Further, records from PureVPN show that the same email accounts–Lin’s gmail account and the teleportfx gmail account–were accessed from the same WANSecurity IP address. Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time.

[snip]

PureVPN also features prominently in the cyberstalking campaign, and the search of Lin’s workplace computer showed access of PureVPN.

Unlike almost every reference in this affidavit, there’s no date attached to this knowledge. It appears after the work computer language, leaving the impression that the knowledge came after the work computer access. But particularly since FBI alleges Lin used PureVPN for a lot of his stalking, they probably were looking at PureVPN much earlier.

One thing is certain: FBI could have easily IDed a known PureVPN server accessing Lin’s Gmail account and the teleportfx one FBI identified at least as early as April, months before finding PureVPN loaded onto his work computer.

The FBI doesn’t say which victims Lin accessed via PureVPN or when, only that it figured prominently. It does say, however, that PureVPN identified use from both Lin’s home and work addresses.

Most importantly, FBI doesn’t say when they asked PureVPN about all this. Nothing in this affidavit rules out the FBI serving PureVPN with a PRTT to track ongoing usage tied to Lin’s known accounts (rather than historical usage tied to them). Mind you, there’s nothing to rule out historical logs either (as the affidavit also notes, Lin at one point tweeted something indicating knowledge that VPNs will at least keep access information tied to users).

Here’s the thing, though: if you’re using the same Gmail account tied to the same home IP to access three different VPN providers, often on the same day, your VPN usage is going to be identified from Google’s extensive log keeping. It is an open question what the FBI can do with that knowledge once they have it — whether they can only collect prospective information or whether a provider is going to have some useful historical knowledge to share. But the FBI didn’t need historic logs from PureVPN to get to Lin.