Posts

Parkland and the Twittered Revolt

Marvel at the teen survivors of the mass shooting at Marjory Stoneham Douglas High School in Parkland, Florida. Their composed rage is terrifying to a generation or two which have not seen the like since the 1960s and early 1970s. They are leading a revolution — but note the platform they’re using to best effect.


I can’t tell you how much use they are making of Facebook as I haven’t used it in several years. What I find telling is the dearth of links to students’ and followers’ Facebook posts tweeted into my timeline. I also note at least one MSD student exited Facebook after receiving death threats.

Twitter’s platform allows the authenticity and immediacy of the students’ communications, as easy to use as texting. There’s no filter. For whatever reason, parents haven’t taken to Twitter as they did Facebook, leaving the micro-blogging platform a space without as much adult oversight.

These attributes terrify the right-wing. There’s nothing limiting the reach of students’ messages — no algorithms slow their tweets. The ability to communicate bluntly, efficiently, and yet with grace has further thrown the right. The right-wing’s inability to accept these students as legitimately speaking for themselves and for their fellow students across the country is an expression of the right’s cognitive dissonance.

The students’ use of Twitter redeems the platform, asserting its true value. It’s 180 degrees from the problems Twitter posed as a toxic cesspool filled with trolls and bots. Parkland’s tragedy exposes what Twitter should be, what Twitter must do to ensure it doesn’t backslide.

Minors shouldn’t have to put up with bullying — especially bullying by adults. Donnie Trump Jr. is one of the worst examples of this bullying and should be booted out of the platform. Other adult bullies have also emerged but Twitter’s user base is ruthless in its swiftness, dealing a coup de grâce to Laura Ingraham’s sponsorships.

If only Twitter itself was as swift in ejecting bullies and trolls. Troll bots continue to flourish even after a large number were removed recently. Victims of tragedies should expect an ethical social media platform to eliminate trolls and bots promptly along with bullies.

Ethical social media platforms also need to ask themselves whether they want to make profit off products intended to maim and kill. Should it allow certain businesses to use promoted tweets to promote deadly products, or allow accounts for lobbying organizations representing weapons manufacturers as well as owners? Should Twitter remove the NRA just as it doesn’t permit accounts representing tobacco products?

Not to mention avoiding Facebook’s ethical crisis — should Twitter be more proactive in protecting its users now that Parkland’s Marjory Stoneham Douglas High School students have revitalized its brand?

The Gizmo™: Correlation Doesn’t Equal Adversary Nation

For days, reporters have been mis-using The Gizmo™ (the name I use for the “disinformation dashboard” from the German Marshall Fund, a black box that purports to show “Russian propaganda efforts on Twitter in near-real time”) to claim that Russian-linked accounts are pushing the #ReleaseTheMemo campaign calling for the public release of Devin Nunes’ politicized memo attacking the FBI.

As the effort lead by some Republicans to curtail special counsel Robert S. Mueller III’s investigation into the election meddling has heated up, Russian-linked accounts helped amplify a Twitter hashtag calling for the release of a memo the group hopes will help discredit Mueller’s work, according to Hamilton 68, a research firm that tracks the malicious accounts. The #releasethememo hashtag was tweeted by these accounts nearly 4,000 times in the last couple of days, the firm said.

As always with such reporting, the articles don’t provide even the nuance the project’s most responsible contributor, JM Berger, lays out on their methodology page.

  1. Not all content in this network is “created” by Russia. A significant amount—probably a majority—of content is created by third parties and then amplified by the network because it is relevant to Russian messaging themes.
  2. Not all content amplified by this network is pro-Russian. The network frequently mobilizes to criticize or attack individuals or news reports that it wishes to discredit.
  3. Because of the two points above, we emphasize it is NOT CORRECT to describe sites linked by this network as Russian propaganda sites. We are not claiming that content producers linked by this network are Russian propaganda sites. Rather, content linked by this network is RELEVANT to Russian messaging themes.

Such reports certainly don’t consider the validity of drawing conclusions from such analysis that the authors have refused to have vetted by a third party. What does it mean to openly profess to be pro-Russian, for example? Do non-consensus views on Syria or Ukraine count? Does skepticism about Russian involvement in the election count?

And the reports don’t note the serial false positives, such as the time Jim Lankford used The Gizmo™ to claim Russia was stoking tensions around NFL players taking a knee during the anthem. More responsible analysis showed that,

[B]oth #TakeAKnee and #BoycottNFL were genuinely viral movements, generating high volumes of traffic from large numbers of accounts, but both received an additional boost from bots.

The bots which amplified #TakeAKnee were primarily non-political; they appear to be bots for hire, repurposed to amplify specific posts. Of these, the most significant group is that which retweeted @DianneLogic, given its previous use in online harassment campaigns in the context of Russia and the far right. However, the evidence of its prior behavior is suggestive but not conclusive. It cannot be taken as proving Senator Lankford’s claim.

The accounts which amplifed #BoycottNFL are a different breed. They are largely cyborgs, rather than bots, posting authored content in between slews of retweets. They are also political, rather than commercial. Their sole purpose appears to be boosting far-right American posts.

In both cases, the bots were functionally anonymous, providing no verifiable information on the identity of the user behind them. There is thus no independent information which would allow us to say definitively whether they were American, linked somehow to Russia, or managed from another country entirely.

In short, in spite of this thing being shown to measure something entirely different from what reporters continue to report — correlated traffic (and that, based on unpublished criteria) rather than causal traffic — nevertheless Russia got credit for a campaign clearly driven by right wing Americans backed by a far more extensive propaganda infrastructure.

And then, even as Twitter started leaking initial analysis saying just that — that Russia wasn’t to blame …

[A] knowledgeable source says that Twitter’s internal analysis has thus far found that authentic American accounts, and not Russian imposters or automated bots, are driving #ReleaseTheMemo. There are no preliminary indications that the Twitter activity either driving the hashtag or engaging with it is either predominantly Russian.

In short, according to this source, who would not speak to The Daily Beast for attribution, the retweets are coming from inside the country.

… Two members of Congress from California, Adam Schiff and Dianne Feinstein, called on two California companies, Twitter and Facebook, to confess further manipulation by Russia.

We understand Facebook and Twitter have developed significant expertise in identifying inauthentic and malicious accounts.  Further, your forensic investigations into Russian government exploitation of your platforms during the 2016 U.S. election have helped expose to the American public the vast extent of Russia’s covert influence efforts. We therefore request that your companies conduct an in-depth forensic examination of this real-time activity on your platforms to determine:

  1. Whether and how many accounts linked to Russian influence operations are involved in this campaign;
  2. The frequency and volume of their postings on this topic; and
  3. How many legitimate Twitter and Facebook account holders have been exposed to this campaign.

Given the urgency of this matter, we ask that you provide a public report to Congress and the American public by January 26, 2018.  In addition, we urge your companies to immediately take necessary steps to expose and deactivate accounts involved in this influence operation that violate your respective user policies.

Nothing in this letter explains why Facebook should have to do this work, as The Gizmo™, the sole piece of evidence Schiff and Feinstein rely on, doesn’t track Facebook.

But even the demand to Twitter was based on yet another misreading of what The Gizmo™ actually measures. And, having never asked The Gizmo™ to explain the methodology behind its serial panics, a Senator representing both Facebook and Twitter demanded that they check its work, rather than vice versa.

If I were a forewoman in a Russian troll factory, there would be no easier way to boost my career prospects than to use a few of my bots to manipulate The Gizmo™’s sloppy methodology to claim credit for an obviously American-generated hoax. “Ивана! Давайте претендовать на последнюю республиканскую пропаганду!” Doing so would set off a self-fulfilling prophecy, precisely the kind of thing The Gizmo™’s authors claim to want to prevent, boosting Russia’s ability to sow discord with virtually no effort.

10 Years of emptywheel: Key Non-Surveillance Posts 2016-2017

Happy Birthday to me! To us! To the emptywheel community!

On December 3, 2007, emptywheel first posted as a distinct website. That makes us, me, we, ten today.

To celebrate, over the next few days, the emptywheel team will be sharing some of our favorite work from the last decade. I’ll be doing probably 3 posts featuring some of my most important or — in my opinion — resilient non-surveillance posts, plus a separate post bringing together some of my most important surveillance work. I think everyone else is teeing up their favorites, too.

Putting together these posts has been a remarkable experience to see where we’ve been and the breadth of what we’ve covered, on top of mainstays like surveillance. I’m really proud of the work I’ve done, and proud of the community we’ve maintained over the years.

For years, we’ve done this content ad free, relying on donations and me doing freelance work for others to fund the stuff you read here. I would make far more if I worked for some free-standing outlet, but I wouldn’t be able to do the weedy, iterative work that I do here, which would amount to not being able to do my best work.

If you’ve found this work valuable — if you’d like to ensure it remains available for the next ten years — please consider supporting the site.

2016

Why Doesn’t Dianne Feinstein Want to Prevent Murders Like those Robert Dear Committed?

I’ve written a lot about how the focus on Islamic terrorism, based on a claim it’s foreign, creates gross inequalities for Muslims in this country, and does nothing to address some of our most dangerous mass killers (as the Stephen Paddock massacre in Las Vegas makes all too clear). This post is one of that series. It focuses on how the ill-advised efforts to use the No Fly List to create a list of those who couldn’t own guns would be discriminatory and wouldn’t add much to safety.

“Only Facts Matter:” Jim Comey Is Not the Master Bureaucrat of Integrity His PR Sells Him As

From the periods when Jim Comey was universally revered as a boy scout through those when Democrats blamed him for giving us Trump (through the time Democrats predictably flip flopped on that point), I have consistently pointed to a more complicated story, particularly with regards to surveillance and torture. I think the lesson of Comey isn’t so much he’s a bad person — it’s that he’s human, and no human fits into the Manichean world of good guys and bad guys that he viewed justice through.

NSA and CIA Hacked Enrique Peña Nieto before the 2012 Election

As Americans came to grips with the fact that Russia had hacked Democrats to influence last year’s election, many people forgot that the US does the same. And it’s not even just in the bad old days of Allen Dulles. The Snowden documents revealed that NSA and CIA hacked Enrique Peña Nieto in the weeks before he was elected in 2012. The big difference is we don’t know what our spooks did with that information.

Why Is HPSCI’s Snowden Report So Inexcusably Shitty?

In 2016, HPSCI released its Devin Nunes-led investigation into Edward Snowden’s leaks. It was shitty. Really shitty.

Now that the HPSCI investigation into the Russian hack (which has not been subjected to the same limitations as the Snowden investigation was) has proven to be such a shit show, people should go back and review how shitty this review was (including its reliance on Mike Flynn’s inflammatory claims). There absolutely should have been a review of Snowden’s leaks. But this was worse than useless.

Look Closer to Home: Russian Propaganda Depends on the American Structure of Social Media

As people began to look at the role of fake news in the election, I noted that we can’t separate the propaganda that supported Trump from the concentrated platforms that that propaganda exploited. A year later, that’s a big part of what the Intelligence Committees have concluded.

The Evidence to Prove the Russian Hack

In this post I did a comprehensive review of what we knew last December about the proof Russia was behind the tampering in last year’s election.

Obama’s Response to Russia’s Hack: An Emphasis on America’s More Generalized Vulnerability

Last year, in a speech on the hack, Obama focused more on America’s vulnerability that made it possible for Russia to do so much damage than he did on attacking Putin. I think it’s a really important point, one I’ve returned to a lot in the last year.

The Shadow Brokers: “A Nice Little NSA You’ve Got Here; It’d Be a Shame If…”

In December, I did a review of all the posts Shadow Brokers had done and suggested he was engaged in a kind of hostage taking, threatening to dump more NSA tools unless the government met his demands. I was particularly interested in whether such threats were meant to prevent the US from taking more aggressive measures to retaliate against Russia for the hack.

2017

On “Fake News”

After getting into a bunch of Twitter wars over whether we’re at a unique moment with Fake News, I did this post, which I’ve often returned to.

How Hal Martin Stole 75% of NSA’s Hacking Tools: NSA Failed to Implement Required Security Fixes for Three Years after Snowden

The government apparently is still struggling to figure out how its hacking tools (both NSA and CIA) got stolen. I noted back in January that an IG report from 2016 showed that in the three years after Snowden, the IC hadn’t completed really basic things to make itself more safe from such theft.

The Doxing of Equation Group Hackers Raises Questions about the Legal Role of Nation-State Hackers

One thing Shadow Brokers did that Snowden and WikiLeaks, with its Vault 7 releases, have not is to reveal the identities of NSA’s own hackers. Like DOJ’s prosecution of nation-state hackers, I think this may pose problems for the US’ own hackers.

Reasons Why Dems Have Been Fucking Stupid on the Steele Dossier: a Long Essay

I believe Democrats have been ill-advised to focus their Russia energy on the Steele dossier, not least because there has been so much more useful reporting on the Russia hack that the Steele dossier only makes their case more vulnerable to attack. In any case, I continue to post this link, because I continue to have to explain the dossier’s problems.

Other Key Posts Threads

10 Years of emptywheel: Key Non-Surveillance Posts 2008-2010

10 Years of emptywheel: Key Non-Surveillance Posts 2011-2012

10 Years of emptywheel: Key Non-Surveillance Posts 2013-2015

Richard Burr’s Tacit Warning to Christopher Steele

I’m just now catching up to Richard Burr and Mark Warner’s press conference on the Russia investigation yesterday. I saw some folks questioning why they did the presser, which surprises me. The answer seems obvious. They did the presser to release and apply pressure from specific areas of the investigation. For example, Burr exonerated those involved in the Mayflower Hotel meetings on April 2016 and further argued that the GOP platform was not changed to let Russia off the hook for Ukraine (I think the latter conclusion, in any case, is correct; I’m less persuaded about the first). Warner used the presser to push for Facebook to release the ads sold to Russia.

A particularly instance of this — one that I believe has been misunderstood by those who’ve reported it thus far — pertains to the Steele dossier. Here’s what Burr said about it, working off of prepared remarks (meaning issuing this tacit warning was one purpose of the presser; after 16:00):

As it relates to the Steele dossier: unfortunately the committee has hit a wall. We have on several occasions made attempts to contact Mr. Steele, to meet with Mr. Steele, to include, personally, the Vice Chairman and myself as two individuals, of making that connection. Those offers have gone unaccepted. The committee cannot really decide the credibility of the dossier without understanding things like who paid for it? who are your sources and sub-sources? We’re investigating a very expansive Russian network of interference in US elections. And though we have been incredibly enlightened at our ability to rebuild backwards, the Steele dossier up to a certain date, getting past that point has been somewhat impossible. And I say this because I don’t think we’re going to find any intelligence products that unlock that key to pre-June of ’16. My hope is that Mr. Steele will make a decision to meet with either Mark and I or the committee or both, so that we can hear his side of it, versus for us to depict in our findings what his intent or what his actions were. And I say that to you but I also say that to Chris Steele.

People seem to interpret this to mean SSCI hasn’t been able to corroborate the dossier — a point on which Burr is ambiguous. He references intelligence products that might unlock secrets of the dossier, which might suggest the committee has found intelligence products from later in the process that either confirms or doesn’t the events as the dossier as produced.

More important, however, is his reference to June 2016. While it seems like Burr might be suggesting the committee has found no evidence on collusion dating to before that date, that would seem to be inconsistent with the committee having received information on Michael Cohen’s discussions of financial dealings from before June (though given Burr’s exoneration of the Mayflower attendees, he may deem the earlier activities to be inconclusive).

So it seems more likely Burr raised the June 2016, along with his question about how paid for the report, to suggest he has real questions about whether its findings served as a partisan effort to taint Trump, paid for by a still undisclosed Hillary backer.

If Christopher Steele won’t talk about what intelligence he had on Trump before the time when, in June 2016, he reported on Russia providing kompromat (though not, at that point, hacked emails) on Hillary to Trump’s team, Burr seems to be saying, then it will be far easier to question his motivations and the conclusions of the report. And frankly, given some of the details on the Steele dossier — especially Steele’s briefings to journalists and his claim that the customers for the brief never read it — Burr is right to question that.

In other words, one point of the presser, it seems to me, was for Burr to warn Steele that his dossier will not be treated as a credible piece of work unless and until the committee gets more details about the background to it.

Update: Apparently, Steele responded to Burr’s comments by informing the committee he is willing to meet with Burr and Warner.

Twitter Asked to Tell Reality Winner the FBI Had Obtained Her Social Media Activity

Last week, the Augusta Chronicle reported that the government had unsealed notice that it had obtained access to Reality Winner’s phone and social media metadata. Altogether, the government obtained metadata from her AT&T cell phone, two Google accounts, her Facebook and Instagram accounts, and her Twitter account. Of those providers, it appears that only Twitter asked to tell Winner the government had obtained that information. The government obtained the 2703(d) order on June 13. On June 26, Twitter asked the FBI to rescind the non-disclosure order. In response, FBI got a 180-day deadline on lifting the gag; then on August 31, the FBI asked the court to unseal the order for Twitter, as well as the other providers.

The applications all include this language on Winner’s use of Tor, and more details about using a thumb drive with a computer last November.

During the search of her home, agents found spiral-bound notebooks in which the defendant had written information about setting up a single-use “burner” email account, downloading the TOR darkweb browser at its highest security setting, and unlocking a cell phone to enable the removal and replacement of its SIM card. Agents also learned, and the defendant admitted, that the defendant had inserted a thumb drive into a classified computer in November 2016, while on active duty with the U.S. Air Force and holding a Top Secret/SCI clearance. The defendant claimed to have thrown the thumb drive away in November 2016, and agents have not located the thumb drive.

Given that the FBI applied for and eventually unsealed the orders in all these cases, it provides a good way to compare what the FBI asks for from each provider — which gives you a sense of how the FBI actually uses these metadata requests to get a comprehensive picture of all the aliases, including IP addresses, someone might use. The MAC and IP addresses, in particular, would be very valuable to identify any of her otherwise unidentified device and Internet usage. Note, too, that AT&T gets asked to share all details of wire communications sent using the phone — so any information, including cell tower location, an app shares with AT&T would be included in that. AT&T, of course, tends to interpret surveillance requests broadly.

Though note: the prosecutor here pretty obviously cut and paste from the Google request for the social media companies, given that she copied over the Google language on cookies in her Twitter request.

AT&T

AT&T Corporation is required to disclose the following records and other information, if available, to the United States for each Account listed in Part I of this Attachment, for the time period beginning June 1, 2016, through and including June 7, 2017:

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses. Electronic Serial Numbers (“ESN”), Mobile Electronic Identity Numbers (“MEIN”), Mobile Equipment Identifier (“MEID”), Mobile Identification Numbers (“MIN”), Subscriber Identity Modules (“SIM”), Mobile Subscriber Integrated Services Digital Network Number (“MSISDN”), International Mobile Subscriber Identifiers (“IMSl”), or International Mobile Equipment Identities (“IMEI”));
7. Other subscriber numbers or identities (including the registration Internet Protocol (“IP”) address); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to wire and electronic communications sent from or received by the Account, including the date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers), and including information regarding the cell towers and sectors through which the communications were sent or received.

Records of any accounts registered with the same email address, phone number(s), or method(s) of payment as the account listed in Part I.

Google

Google is required to disclose the following records and other information, if available, to the United States for each account or identifier listed in Part 1 of this Attachment (“Account”), for the time period beginning June 1, 2016, through and including June 7,2017:

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Internet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Internet Protocol addresses;
2. Information about each communication sent or received by the Account, including the date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers);
3. Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address as either of the accounts listed in Part 1; and Records of any accounts that are linked to either of the accounts listed in Part 1 by machine cookies (meaning all Google user IDs that logged into any Google account by the same machine as either of the accounts in Part

Facebook/Instagram

Facebook, Inc. is required to disclose tbe following records and other information, if available, to the United States for each account or identifier listed in Part 1 of this Attachment (“Account”),
for the time period beginning June 1, 2016, through and including June 7, 2017:

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Intemet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Intemet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Intemet Protocol addresses;
2. Information about each communication sent or received by tbe Account, including tbe date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers). Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address as either of the accounts listed in Part I; and
3. Records of any accounts that are linked to either of the accounts listed in Part I by machine cookies (meaning all Facebook/Instagram user IDs that logged into any Facebook/Instagram account by the same machine as either of the accounts in Part I).

Twitter

Twitter, Inc. is required to disclose the following records and other information, if available, to the United States for each account or identifier listed in Part 1 of this Attachment (“Account”), for the time period beginning June 1,2016, through and including June 7,2017:

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Internet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Internet Protocol addresses;
2. Information about each communication sent or received by the Account, including the date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers).
3. Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address the account listed in Part I; and
4. Records of any accounts that are linked to the account listed in Part I by machine cookies (meaning all Google [sic] user IDs that logged into any Google [sic] account by the same machine as the account in Part I).

The Nine-Minute Gap [UPDATE-2]

[IMPORTANT: UPDATES AT BOTTOM]

Consider yourself warned: this won’t be a very long post.

There’s been a lot of chatter about the timing of the July 26 search warrant’s execution on Paul Manafort’s Alexandria VA residence. The Washington Post called it a “predawn raid.” Some have pooh-poohed this as hyperbole, claiming the warrant was probably executed sometime after 6:00 a.m. EDT. Sunrise happened to be 6:04 a.m. EDT that day, leaving a narrow four-minute window for both “predawn” and “daytime hours” (beginning at 6:00 a.m.) to be accurate.

Some have also noted Trump completely surprised his military leadership the same day as the raid by tweeting an unexpected ban on transgender individuals in the service.

You may also recall reports indicating members of the military sat with bated breath waiting for nine minutes between his first tweet and his next to determine if they were supposed to scramble or take other military action. That overlong ellipsis at the end of the first tweet left them wondering if they were to begin a North Korean strike.

But it wasn’t just the same day the raid and the tweets happened. Trump tweeted just as the raid must have been underway at Manafort’s house.

What happened to trigger the initial 5:55 a.m. EDT tweet of the series? We know Manafort wasn’t in contact with Trump at that time if he was still asleep when the FBI knocked on his bedroom door.

What happened in that nine minute gap between 5:55 a.m. and the 6:04 a.m. sunrise tweet containing the decisive wording about a transgender ban, while our military stood by, waiting a possible strike order?

And did any one or all of these tweets serve as a signal, not to the Department of Defense or transgender Americans an intent to change policy, but something else entirely different?

UPDATE — 12:15 a.m. EDT 10-AUG-2017 —

CNN’s Jim Sciutto confirmed the search warrant was “no-knock” — timing of the raid may have been earlier than 6:00 a.m. EDT. When did the raid begin and how long between the warrant being served and Trump’s tweets?

UPDATE — 1:30 p.m. EDT 10-AUG-2017 —

Jon Kimball says the time stamp on Trump’s tweets was PDT, not EDT.

Can somebody explain this back-and-forth timezone in tweets? The link Kimball shares to Trump’s tweet shows 8:55. The screenshot I took last night shows 6:55.

Ridiculous situation — I feel like Schroedinger’s dead/alive cat-in-a-box.

If Kimball’s right and the timestamp in my screenshot is PDT (I use EDT on my desktop, by the way), the nine-minute gap matters not. The deployment of an utterly unanticipated change in policy via tweets to distract from the raid on Paul Manafort’s residence is still absolutely relevant.

The Blame the Media Movement

screen-shot-2016-11-14-at-10-10-55-amThere was an odd moment yesterday on Twitter when a bunch of people were RTing screen caps of NYT’s front page the day after Jim Comey’s October 28 letter, blaming the media for Hillary’s loss.

I think the idea behind their complaints is that because the media — as embodied by the NYT — spent so much time focusing on Hillary’s emails, she lost.

I agree that “the media’s” focus on Hillary’s email contributed significantly to the loss. But the way in which people were complaining about it betrays a lack of understanding of the problem.

First, consider what they were complaining about. The NYT’s print edition had a topline story that “New emails jolt Clinton campaign in race’s last days.” That is almost exactly the Hillary camp’s preferred explanation for why they lost, that the Comey announcement roiled her campaign right at the end. The NYT also focused on Comey’s inappropriate behavior. And also reported what Trump said about the emails — again, reporting what the opposing candidate actually said.

Here’s how Media Matters — which because of close ties between the campaign and the organization, should be considered a house organ for the campaign — dealt with this treatment in real time.

Over the past two days, The New York Times has devoted five of its six above-the-fold articles to FBI director James Comey’s letter to congressional leaders indicating that the Bureau is reviewing additional “emails that appear to be pertinent to the investigation” of Democratic presidential nominee Hillary Clinton’s use of a private server as secretary of state. By providing such prominent coverage, the Times has indicated that the letter is news of the highest possible significance — in spite of the Times’ own reporting that FBI agents have yet to read the emails and determine if they are significant and the letter “did not reopen” the investigation.

In his October 28 letter, Comey wrote that the FBI has “learned of the existence of emails that appear to be pertinent to the investigation” while investigating an unrelated case and is taking “appropriate investigative steps designed to allow investigators to review these emails to determine whether they contain classified information, as well as to assess their importance to our investigation.” He added that the “FBI cannot yet assess whether or not this material may be significant, and I cannot predict how long it will take us to complete.”

Despite the paucity of information Comey indicated was available, the letter triggered a firestorm of speculative media coverage.

The Times, which has both a responsibility as the leading national newspaper to put the story in appropriate context, and a long history of applying excessive and disproportionate scrutiny to news about Bill and Hillary Clinton, led the media’s feeding frenzy.

On Saturday, the entirety of the Times’ front page above the fold was dedicated to three separate articles about Comey’s letter. The lead story declared, “New Emails Jolt Clinton Campaign In Race’s Last Days; FBI Looks at Messages Found During Inquiry.” But as that article noted, it is not clear whether the emails are “new” or duplicates of emails previously reviewed by the FBI; the FBI “had not yet examined” the emails.

The front page also featured articles on Trump’s response to the news and on Republican and Democratic lawmakers’ criticism of Comey in light of the letter.

The Times front page drew criticism for providing such prominent coverage before it was clear whether the emails in question were even relevant to the investigation.

The MM piece does raise two absolutely fair content complaints: that the NYT said FBI “reopened” the investigation (though I’m not sure the distinction is as important as they make out, especially since the FBI had at least one other open investigation during this period), and that the headline said the emails were new when that was not yet clear.

Fair points. But.

MM is also absolutely obsessed with the way NYT has emphasized this on their front page. You know? A dead tree front page? Not just any dead tree, but the NYT’s dead tree?

Of the 100,000 or so people who decided this election, how many of them get their news from the NYT, much less the dead tree version of the NYT? In both the rural and urban areas where Hillary lost MI, you’d have to go to a store, and even then the Sunday Times might be the only thing you could get in dead tree form in timely fashion. I’m sure it’s easier to get the dead tree NYT in Philly, but not in Erie, PA, two other places where Hillary lost this election. So while the NYT’s coverage surely matters, its relative placement on the dead tree is not the thing you should focus on.

You want to track what caused the undue influence of the Comey letter on the election? A far better place to focus is on Bret Baier’s claim, a few days later, that two sources had told him with 99% certainty that Hillary was going to be indicted. MM did cover that, for several days straight, including showing that Fox kept reporting on the claim even after Baier retracted it.

screen-shot-2016-11-14-at-11-27-51-am

But that’s not the other thing you need to track.

Obviously, you need to track Breitbart, the Steve Bannon site that legitimized white supremacy.

Particularly given that the rural areas where Hillary underperformed have often lost their local press (which might otherwise have exposed them to the AP version) you also need to account for social media. It would be bad enough if that consisted solely of people consuming the conspiracy theories their buddies pass on. But, as has increasingly been discussed both during and since the election, those have been hijacked.

On both, people — even some without any stake in the election, such as kids in Macedonia — created false claims to generate clicks to make money.

“This is the news of the millennium!” said the story on WorldPoliticus.com. Citing unnamed FBI sources, it claimed Hillary Clinton will be indicted in 2017 for crimes related to her email scandal.

“Your Prayers Have Been Answered,” declared the headline.

For Trump supporters, that certainly seemed to be the case. They helped the baseless story generate over 140,000 shares, reactions, and comments on Facebook.

Meanwhile, roughly 6,000 miles away in a small town in the former Yugoslav Republic of Macedonia, a young man watched as money began trickling into his Google AdSense account.

[snip]

Most of the posts on these sites are aggregated, or completely plagiarized, from fringe and right-wing sites in the US. The Macedonians see a story elsewhere, write a sensationalized headline, and quickly post it to their site. Then they share it on Facebook to try and generate traffic. The more people who click through from Facebook, the more money they earn from ads on their website.

Earlier in the year, some in Veles experimented with left-leaning or pro–Bernie Sanders content, but nothing performed as well on Facebook as Trump content.

“People in America prefer to read news about Trump,” said a Macedonian 16-year-old who operates BVANews.com.

BuzzFeed News’ research also found that the most successful stories from these sites were nearly all false or misleading.

Far more troublingly, Facebook’s algorithm that influences what news people see not only doesn’t sort out fake news, but they purposely avoided fixing the problem during the election because that would have disproportionately affected conservative “news.”

[I]t’s hard to visit Facebook without seeing phony headlines like “FBI Agent Suspected in Hillary Email Leaks Found Dead in Apparent Murder-Suicide” or “Pope Francis Shocks World, Endorses Donald Trump for President, Releases Statement” promoted by no-name news sites like the Denver Guardian and Ending The Fed.

Gizmodo has learned that the company is, in fact, concerned about the issue, and has been having a high-level internal debate since May about how the network approaches its role as the largest news distributor in the US. The debate includes questions over whether the social network has a duty to prevent misinformation from spreading to the 44 percent of Americans who get their news from the social network.

According to two sources with direct knowledge of the company’s decision-making, Facebook executives conducted a wide-ranging review of products and policies earlier this year, with the goal of eliminating any appearance of political bias. One source said high-ranking officials were briefed on a planned News Feed update that would have identified fake or hoax news stories, but disproportionately impacted right-wing news sites by downgrading or removing that content from people’s feeds. According to the source, the update was shelved and never released to the public.

It’s unclear if the update had other deficiencies that caused it to be scrubbed.

“They absolutely have the tools to shut down fake news,” said the source, who asked to remain anonymous citing fear of retribution from the company. The source added, “there was a lot of fear about upsetting conservatives after Trending Topics,” and that “a lot of product decisions got caught up in that.”

A similar effect is happening as we speak, spreading the false claim that Trump won the popular vote.

We actually don’t know what the media diet of the average person who normally would have voted Democratic is — I sincerely hope it’s something we get a handle on. But we need to understand that we would be lucky if the dead tree NYT is what we need to worry about.

And given that Trump is likely to overturn net neutrality, it is likely to get worse before it gets better.

Update: Fixed the Buzzfeed blockquote.

Friday: Sinnerman

In this roundup: A look outside the U.S.’ borders — TTIP’s end, Turkey at risk, Chile and women’s reproductive rights, more.

Featured jazz artist today is Eunice Waymon, known best by her stage name Nina Simone. Recognized for her powerful political work, Mississippi Goddamn, Simone was an incredibly gifted pianist trained at Juilliard with a predilection for the works and method of Johann Sebastian Bach. She became a singer only after nightclubs for which she performed insisted she must sing and play piano together.

Two of my favorites apart from Sinnerman shared here are Feeling Good and I Put a Spell on You. I’ll always have a warm, fuzzy place for Ain’t Got No/I Got Life medley, a variation of the song from the 1960s Broadway musical Hair. I can remember singing along to this recording during long road trips.

Why Nina Simone today? Because of Sinnerman, which seems particularly appropriate during this election season.

Looking away from our nation’s navel

  • Op-ed: Is Turkey nearing civil war? (Süddeutsche Zeitung) — Guest contributor Yavuz Baydar reviews developments in Turkey after the so-called coup attempt, including calls to arm citizens, reestablish an Ottoman caliphate, and create militarized youth groups attached to mosques. Turkish media, operating with the blessing of President Tayyip Erdoğan, has shown maps featuring Mosul and parts of northern Greece as part of a Turkish empire.
  • TTIP may be in death throes, but resuscitation attempted (euronews) — This article quotes a Spanish automotive partmaker who complains the need to inspect parts both on export and import is expensive, and the Transatlantic Trade and Investment Partnership (TTIP) agreement would eliminate the costly redundancy. Except the existing duplicative inspections didn’t prevent Volkswagen Group and its vendor Bosch from shipping fraudulent vehicles and parts, did it? Yeah. Not so much…in spite of TTIP’s near-death, the US and EU met earlier this month to regroup and try to force TTIP through before the end of President Obama’s term.
  • Chile’s president aims to change restrictive anti-abortion laws (NPR) — Chile is among the five most restrictive countries in the world, outlawing abortion even to save the life of the mother. President Michelle Bachelet made it her goal to change the laws; the country’s lower house has already approved legislation to allow abortion in case of rape, to save the mother, or in case of mortal fetal defect. Chile’s senate must yet vote to approve this legislation before it becomes law. In the mean time, women must travel abroad to obtain abortions or risk jail if they attempt it in Chile on their own.
  • Radical Ukrainian nationalists rising (euronews) — Members of far-right groups Azo regiment and the Right Sector recently marched through Kyiv to celebrate Ukrainian patriotism while protesting pro-Russian separatists.

Tech Debris
Here’s a collection of odd technology bits I’ve run across recently worth a read:

  • Dutch researchers working on anti-hacking technology (euronews) — They’re working on unique identifiers for devices attached to the internet, like the myriad Internet of Things (webcams, baby monitors, so on). This seems like a waste of time given every device should already have an ID assigned by a network. Keep an eye on this; it’d certainly make surveillance easier. Ahem.
  • Troubling case of Facebook v. Vachani (NPR) — Fluffy overview of the suit filed against Steven Vachani whose portal site product pissed off Facebook greatly. But you should read the op-ed from July by Orin Kerr about this case — brace yourself for your freak out.
  • From the archives: Interview with John Arquilla on cyberwarfare (FRONTLINE) — Perspective on the origins of current cyberwarfare policies arising from Bush administration post-9/11. As you read this, keep in mind Arquilla is a proponent of preemptive warfare and the use of cyberwarfare against terrorism.
  • Twitter as a government tool against the people (Bloomberg) — We take for granted we can type anything we want in social media. Not so in much of the rest of the world, and Twitter is an example of social media with both great potential to inform while putting users at risk where speech is not free. Although after the recent revelations Twitter sold data to a U.S. intelligence front, speech isn’t exactly free on Twitter for U.S. citizens, either.

Longread: Did newspapers screw up?
We’ve watched the decline of newspapers for over a decade as its analog business model met the reality of a digital age. Jack Shafer wrote about the possibility newspapers may have made a critical error during the generational shift to online media — perhaps the seasoned existing outlets should have remained firmly committed to print. Two key problems with this analysis: 1) printing and distribution remains as expensive as all other factors in producing a newspaper, and 2) the population consuming newspaper content is changing, from a print-only to digital-only audience. This must be acknowledged or newspapers will continue to struggle, and large papers will continue to pursue consolidation in order to reduce costs to operate.

With that in mind, I still don’t understand why The Washington Post, owned by Jeff Bezos, hasn’t opted to offer a Kindle to subscribers willing to pay for a full print subscription a year in advance. A low-level Kindle is cheaper than the cost to print. Ditto to The New York Times; why hasn’t it considered a tie up with Kobo or another e-reader manufacturer?

That’s it for this week; have a good weekend!

Why Is DOD Paying Dataminr $13M for Data It Claims to Believe Twitter Won’t Deliver?

Last week I did a post on John McCain’s promise, given in a Senate Armed Services Committee hearing, to “expose” Twitter for refusing to share you Tweets in bulk with intelligence agencies. Later in the hearing, Jeanne Shaheen returned to the issue of Twitter’s refusal to let Dataminr share data in bulk with the Intelligence Community. She asked Under Secretary for Intelligence Marcell Lettre what the committee needs to get more cooperation. Lettre responded by suggesting one-on-one conversations between Executive Branch officials and the private sector tends to work. Shaheen interrupted to ask whether such an approach had worked with Twitter. Lettre responded by stating, “the the best of my knowledge, Twitter’s position hasn’t changed on its level of cooperation with the US intelligence community.”

That’s interesting, because on August 26, 2016, DOD announced its intent to sole-source a $13.1 million one-year contract with Dataminr to provide alerting capability based off Twitter’s Firehose.

The Department of Defense (DoD), Washington Headquarters Services, Acquisition Directorate (WHS/AD), on behalf of the Office of the Under Secretary of Defense for Intelligence (OUSDI) intends to award a sole source contract pursuant to the requirements of 41 U.S.C. 3304(a)(1) Competition in Contracting Act of 1984 (CICA) as implemented by FAR Subpart 6.3, and IAW the requirements of FAR Subpart 6.303-1, Only One Responsible Source and No Other Supplies or Services will Satisfy Agency Requirements.

WHS/AD intends to issue this sole source contract to Dataminr, Inc located at 99 Madison Ave Floor 3, New York, NY 10016 (CAGE 6Q6Z6). The anticipated Period of Performance for 1500 license subscriptions are 12 months from the date of contract award. The estimated value of this procurement is approximately $13.1M.

This contract will address the requirements of OUSDI Technical Collection and Special Programs division. The award will be made for licenses, support, and maintenance which allows DoD to receive indication and warnings, situational awareness, and contextual analysis of social media data in order to provide actionable decision support in response to real-time information.

Salient Characteristics of the Data Analytics Software: The contractor shall deliver an alerting capability that, at a minimum, includes:

  • Alerting: Based on the algorithmic analysis of the complete Twitter Firehose, the Contractor shall deliver near-real time alerts on breaking developments relevant to military security.
  • Content: The Contractor’s platform shall generate data from the Twitter firehose. Alerts shall include from the original data source at least the text, embedded links, and associated metadata, to include the Tweet ID.

Perhaps the Under Secretary of Defense for Intelligence’s Technical Collection and Special Programs division doesn’t count as “intelligence community,” but it sure seems to qualify.

Or perhaps there are a number of loopholes in the policy that purports to keep Twitter customers’ data out of the hands of intelligence agencies.

John McCain Wants to “Expose” Twitter for Refusing to Sell Your Twitter Data in Bulk to CIA

John McCain just had a hearing on cybersecurity. The primary point of the hearing seems to have been to get Admiral Mike Rogers to say the nation would be less safe if we split CYBERCOM Commander from Director of NSA (that is, if we split his job into two). That’s in apparent contradiction to what Rogers said at an industry conference last week.

McCain’s secondary point seems to have been to raise concerns that an unsuccessful attempt by hackers to access Arizona voting data might affect his re-election effort.

His tertiary point seems to have been to attack Apple and Twitter for making efforts to protect their customers. After getting a witness to comment about Twitter’s long-term refusal to let Dataminr to sell Twitter data to the CIA, he suggested perhaps the response should be to “expose” the company.

So let me help Senator McCain in his efforts.

Breaking: Twitter Refuses to Sell Your Data in Bulk to the CIA

That is simply scandalous!

Of course, as I’ve reported in the past and a spox from Twitter reiterated again today, this is actually a (claimed) long-standing policy at Twitter. They will not let Dataminr or anyone else sell your data to any government agency for surveillance purposes.

Dataminr uses public Tweets to sell breaking news alerts to media organizations and government agencies, for non-surveillance purposes. Due to privacy concerns, we have not authorized Dataminr or any third party to sell data to a government or intelligence agency for surveillance purposes. This is a longstanding Twitter policy, not a new development. Twitter responds to valid legal process issued in compliance with applicable law, and our most recent transparency report shows over 5,000 U.S. government information requests in 2015 alone.

Breaking: Twitter Refuses to Sell Your Data to Government for Surveillance Purposes

Wow, this Expose Twitter campaign is getting exciting.

Of course, you might ask why McCain is demanding that our tech companies to make money off of surveillance of you. And why he considers Twitter such an exception.