Revealed: US program to spy on Arab social media and mobile users
by Barrett Brown, author, online activist and founder of Project PM|
Jun 23, 2011 1:02PM |EMAIL|PRINT
For at least two years, the US has been conducting a secretive and immensely sophisticated campaign of mass surveillance and data mining against the Arab world, allowing the intelligence community to monitor the habits, conversations, and activity of millions of individuals at once.
And with an upgrade scheduled for later this year, the top contender to win the contract and thus take over the program is a team of about a dozen companies, which were brought together in large part by Aaron Barr — the CEO who resigned from his own firm earlier this year after he was discovered to have planned a full-scale information war against political activists at the behest of corporate clients.
Unprecedented surveillance capabilities are being produced by an industry that works in secret on applications that are nonetheless funded by the American public — and which in some cases are used against that very same public. Their products are developed on demand for an intelligence community that is not subject to Congressional oversight and which has been repeatedly shown to have misused its existing powers in ways that violate US law. And with expanded intelligence capabilities by which to monitor Arab populations in ways that would have previously been impossible, those same intelligence agencies now have improved means by which to provide information on dissidents to regional dictators viewed by the US as strategic allies.
The nature and extent of the operation, which was known as Romas/COIN (cointer-intelligence) and that is scheduled for replacement this year by a similar program known as Odyssey, may be determined in part by a close reading of hundreds of e-mails among the 70,000 that were stolen in February from the contracting firm HBGary Federal and its parent company HBGary. Other details may be gleaned by an examination of the various other firms and individuals that are discussed as being potential partners.
Although military contractor Northrop Grumman had long held the contract for Romas/COIN, such contracts are subject to regular “recompetes”. In early February 2010, HBGary Federal CEO Aaron Barr emailed Al Pisani, an executive at the much larger federal contractor TASC, a company that until recently had been owned by Northrop and that was now looking to compete with it for lucrative contracts:
“I met with [Mantech CEO] Bob Frisbie the other day to catch up. He is looking to expand a capability in IO [information operations] related to the COIN re-compete but more for DoD. He told me he has a few acquisitions in the works that will increase his capability in this area. So just a thought that it might be worth a phone call to see if there is any synergy and strength between TASC and ManTech in this area. I think forming a team and response to compete against SAIC [another contractor] will be tough but doable.”
Pisani agreed, and in conjunction with Barr and fellow TASC exec John Lovegrove, the growing party spent much of the next year working to create a partnership (TASC and HBGaryFederal’s NDA is here) of firms capable of providing the “client” — an unspecified US agency — with capabilities that would outmatch those being provided by Northrop, SAIC, or other competitors.
In a later e-mail from Lovegrove to Barr and some of his colleagues at TASC, he announces the following:
Our team consists of:
TASC (PMO, creative services)
HB Gary (Strategy, planning, PMO)
Archimedes Global (Specialised linguistics, strategy, planning)
PointAbout (rapid mobile application development, list of strategic partners)
Google (strategy, mobile application and platform development — long list of strategic partners)
Apple (mobile and desktop platform, application assistance — long list of strategic partners)
We are trying to schedule an interview with ATT plus some other small app developers.
From these and dozens of other clues and references, the following may be determined about the nature of Romas/COIN:
Mobile phone software and applications constitute a major component of the program.
There’s discussion of bringing in a “gaming developer”, apparently at the behest of Barr, who mentions that the team could make good use of “a social gaming company maybe like zynga, gameloft, etc”. Lovegrove elsewhere notes: “I know a couple of small gaming companies at MIT that might fit the bill.”
Apple and Google were active team partners, and AT&T may have been as well. The latter is known to have provided the Bush-era National Security Agency free reign over customer communications (and was in turn protected by a bill granting them retroactive immunity from lawsuits). Google itself is the only company to have received a “Hostile to Privacy” rating from Privacy International. Apple is currently being investigated by Congress after the iPhone was revealed to compile user location data in a way that differs from other mobile phones; the company has claimed this to have been a “bug”.
The program makes use of several providers of “linguistic services”. At one point, the team discusses hiring a military-trained Arabic linguist. Elsewhere, Barr writes: “I feel confident I can get you a ringer for Farsi if they are still interested in Farsi (we need to find that out). These linguists are not only going to be developing new content but also meeting with folks, so they have to have native or near native proficiency and have to have the cultural relevance as well.”
Alterion and SocialEyez are listed as “businesses to contact”. The former specialises in “social media monitoring tools” The latter uses “sophisticated natural language processing methodology” in order to “process tens of millions of multilingual conversations daily” while also employing “researchers and media analysts on the ground”; its website also notes that “Millions of people around the globe are now networked as never before — exchanging information and ideas, forming opinions, and speaking their minds about everything from politics to products”.
At one point, TASC exec Chris Clair asks Aaron and others, “Can we name COIN Saif? Saif is the sword an Arab executioner uses when they decapitate criminals. I can think of a few cool brands for this.”
A diagram attached to one of Barr’s e-mails to the group depicts “Magpii” as interacting with “Foreign Mobile” and “Foreign Web”. Magpii — “Magnify Personal Identifying Information” — is a project of Barr’s own creation involving social networking, and is designed for the purpose of storing personal information on users. Although details are difficult to determine from references in Barr’s e-mails, he discusses the project almost exclusively with members of military intelligence to which he was pitching the idea.
There are sporadic references such things as “semantic analysis”, “latent Semantic Indexing”, “specialised linguistics”, and OPS, a programming language designed for solving problems using expert systems.
Barr asks the team’s partner at Apple, Andy Kemp (whose signature lists him as being from the company’s Homeland Defense/National Programs division), to provide him “a contact at Pixar/Disney.”
The firms that had been assembled by Barr and TASC never got a chance to bid on the program’s recompete. In late September, Lovegrove told Barr and others that he’d spoken to the “CO [contracting officer] for COIN”. “The current procurement approach is cancelled, she cited changed requirements. They will be coming out with some documents in a month or two, most likely an updated RFI [request for information]. There will be a procurement following soon after. We are on the list to receive all information.”
On January 18 this year, Lovegrove provided an update: “I just spoke to the group chief on the contracts side (Doug K). COIN has been replaced by a procurement called Odyssey. He says that it is in the formative stages and that something should be released this year.” Another clue is provided in the ensuing discussion when a TASC executive asks, “Does Odyssey combine the Technology and Content pieces of the work?”
The unexpected change-up didn’t faze the partnership. Later e-mails indicate a meeting between key members of the group and the contracting officer for Odyssey at a location noted as “HQ”, apparently for a briefing on requirements for the new program, on February 3, 2011. But two days after that meeting, the servers of HBGary and HBGary Federal were hacked by a small team of Anonymous operatives; 70,000 e-mails were thereafter released onto the internet. Barr resigned a few weeks later.
It is inevitable that such capabilities as form the backbone of Romas/COIN and its replacement Odyssey will be deployed against a growing segment of the world’s population. The powerful institutions that wield them will grow all the more powerful as they are provided better and better methods by which to monitor, deceive, and manipulate. The informed electorate upon which liberty depends will be increasingly misinformed. No tactical advantage conferred by the use of these programs can outweigh the damage that will be done to mankind in the process of creating them.