Apple, Google, Disney implicated in a US-led mass surveillance apparatus designed to spy and mine data from social media sources in the Arab world.

A crowd sourced investigation dubbed Project PM has probed reams leaked emails involving US intelligence companies and uncovered a massive spy operation targeting social media and telecommunications in the Arab world.

The allegations, derived from 70,000 emails stolen from HBGary earlier this year, detailed a project dubbed Romas/COIN, to be proceeded by Odyssey, which could automatically analyse millions of conversations.

The following report has been republished with permission from Barrett Brown, Project PM.

COIN

For at least two years, the US has been conducting a secretive and immensely sophisticated campaign of mass surveillance and data mining against the Arab world, allowing the intelligence community to monitor the habits, conversations, and activity of millions of individuals at once.

And with an upgrade scheduled for later this year, the top contender to win the federal contract and thus take over the program is a team of about a dozen companies which were brought together in large part by Aaron Barr – the same disgraced CEO who resigned from his own firm earlier this year after he was discovered to have planned a full-scale information war against political activists at the behest of corporate clients.

The new revelation provides for a disturbing picture, particularly when viewed in a wider context. Unprecedented surveillance capabilities are being produced by an industry that works in secret on applications that are nonetheless funded by the American public – and which in some cases are used against that very same public.

Their products are developed on demand for an intelligence community that is not subject to Congressional oversight and which has been repeatedly shown to have misused its existing powers in ways that violate US law as well as American ideals.

And with expanded intelligence capabilities by which to monitor Arab populations in ways that would have previously been impossible, those same intelligence agencies now have improved means by which to provide information on dissidents to those regional dictators viewed by the US as strategic allies.

Barr’s project MAGII (Magnify Personal Identifying Information).

The nature and extent of the operation, which was known as Romas/COIN and which is scheduled for replacement sometime this year by a similar program known as Odyssey, may be determined in part by a close reading of hundreds of e-mails among the 70,000 that were stolen in February from the contracting firm HBGary Federal and its parent company HBGary.

Other details may be gleaned by an examination of the various other firms and individuals that are discussed as being potential partners.

Of course, there are many in the US that would prefer that such details not be revealed at all; such people tend to cite the amorphous and much-abused concept of “national security” as sufficient reason for the citizenry to stand idly by as an ever-expanding coalition of government agencies and semi-private corporations gain greater influence over US foreign policy.

That the last decade of foreign policy as practiced by such individuals has been an absolute disaster even by the admission of many of those who put it into place will not phase those who nonetheless believe that the citizenry should be prevented from knowing what is being done in its name and with its tax dollars.

To the extent that the actions of a government are divorced from the informed consent of those who pay for such actions, such a government is illegitimate. To the extent that power is concentrated in the hands of small groups of men who wield such power behind the scenes, there is no assurance that such power will be used in a manner that is compatible with the actual interests of that citizenry, or populations elsewhere.

The known history of the US intelligence community is comprised in large part of murder, assassinations, disinformation, the topping of democratic governments, the abuse of the rights of US citizens, and a great number of other things that cannot even be defended on “national security” grounds insomuch as that many such actions have quite correctly turned entire populations against the US government.

This is not only my opinion, but also the opinion of countless individuals who once served in the intelligence community and have since come to criticize it and even unveil many of its secrets in an effort to alert the citizenry to what has been unleashed against the world in the name of “security.”

Likewise, I will here provide as much information as I can on Romas/COIN and its upcoming replacement.

Although the relatively well-known military contractor Northrop Grumman had long held the contract for Romas/COIN, such contracts are subject to regular recompetes by which other companies, or several working in tandem, can apply to take over.

In early February, HBGary Federal CEO Aaron Barr wrote the following email to Al Pisani, an executive at the much larger federal contractor TASC, a company which until recently had been owned by Northrop and which was now looking to compete with it for lucrative contracts:

“I met with [Mantech CEO] Bob Frisbie the other day to catch up. He is looking to expand a capability in IO related to the COIN re-compete but more for DoD. He told me he has a few acquisitions in the works that will increase his capability in this area.So just a thought that it might be worth a phone call to see if there is any synergy and strength between TASC and

ManTech in this area. I think forming a team and response to compete against SAIC will be tough but doable.”

IO in this context stands for ‘information operations’, while COIN itself, as noted in an NDA attached to one of the e-mails, stands for ‘counter intelligence’. SAIC is a larger intelligence contractor that was expected to pursue the recompete as well.

Pisani agreed to the idea, and in conjunction with Barr and fellow TASC exec John Lovegrove, the growing party spent much of the next year working to create a partnership of firms capable of providing the ‘client’ – a US agency that is never specified in the hundreds of emails that follow – with capabilities that would outmatch those being provided by Northrop, SAIC, or other competitors.

Several emails in particular provide a great deal of material by which to determine the scope and intent of Romas/COIN.

One that Barr wrote to his own email account, likely for the purpose of adding to other documents later, is entitled “Notes on COIN.” It begins with a list of entries for various facets of the program, all of which are blank and were presumably filled out later: “ISP, Operations, Language/Culture, Media Development, Marketing and Advertising, Security, MOE.”

Afterwards, another list consists of the following: “Capabilities, Mobile Development, Challenges, MOE, Infrastructure, Security.” Finally, a list of the following websites is composed, many of which represent various small companies that provide niche marketing services pursuant to mobile phones.

More helpful is a later e-mail from Lovegrove to Barr and some of his colleagues at TASC in which he announces the following:

“Our team consists of: – TASC (PMO, creative services) – HB Gary (Strategy, planning, PMO) – Akamai (infrastructure) – Archimedes Global (Specialized linguistics, strategy, planning) – Acclaim Technical Services (specialized linguistics) – Mission Essential Personnel (linguistic services) – Cipher (strategy, planning operations) – PointAbout (rapid mobile application development, list of strategic partners) – Google (strategy, mobile application and platform development – long list of strategic partners) – Apple (mobile and desktop platform, application assistance -long list of strategic partners) We are trying to schedule an interview with ATT plus some other small app developers.”

From these and dozens of other clues and references, the following may be determined about the nature of Romas/COIN:
1. Mobile phone software and applications constitute a major component of the program.

2. There’s a discussion of bringing in a “gaming developer,” apparently at the behest of Barr, who mentions that the team could make good use of “a social gaming company maybe like Zynga, Gameloft, etc.” Lovegrove elsewhere notes: “I know a couple of small gaming companies at MIT that might fit the bill.”

3. Apple and Google were active team partners, and AT&T may have been as well. The latter is known to have provided the NSA free reign over customer communications (and was in turn protected by a bill granting them retroactive immunity from lawsuits). Google itself is the only company to have received a “Hostile to Privacy” rating from Privacy International. Apple is currently being investigated by Congress after the iPhone was revealed to compile user location data in a way that differs from other mobile phones; the company has claimed this to have been a “bug.”

4. The program makes use of several providers of “linguistic services.” At one point, the team discusses hiring a military-trained Arabic linguist. Elsewhere, Barr writes: “I feel confident I can get you a ringer for Farsi if they are still interested in Farsi (we need to find that out). These linguists are not only going to be developing new content but also meeting with folks, so they have to have native or near native proficiency and have to have the cultural relevance as well.”

5. Alterion and SocialEyez are listed as “businesses to contact.” The former specializes in “social media monitoring tools.” The latter uses “sophisticated natural language processing methodology” in order to “process tens of millions of multi-lingual conversations daily” while also employing “researchers and media analysts on the ground;” its website also notes that “Millions of people around the globe are now networked as never before – exchanging information and ideas, forming opinions, and speaking their minds about everything from politics to products.”

6. At one point, TASC exec Chris Clair asks Aaron and others, “Can we name COIN Saif? Saif is the sword an Arab executioner uses when they decapitate criminals. I can think of a few cool brands for this.”

7. A diagram attached to one of Barr’s e-mails to the group depicts Magpii as interacting in some unspecified manner with “Foreign Mobile” and “Foreign Web.” Magpii is a project of Barr’s own creation which stands for “Magnify Personal Identifying Information,” involves social networking, and is designed for the purpose of storing personal information on users. Although details are difficult to determine from references in Barr’s emails, he discusses the project almost exclusively with members of military intelligence to which he was pitching the idea.

8. There are sporadic references such things as “semantic analysis,” “Latent Semantic Indexing,” “specialized linguistics,” and OPS, a programming language designed for solving problems using expert systems.

9. Barr asks the team’s partner at Apple, Andy Kemp (whose signature lists him as being from the company’s Homeland Defence/National Programs division), to provide him “a contact at Pixar/Disney.”

Odyssey
Altogether, a successful bid for the relevant contract was seen to require the combined capabilities of perhaps a dozen firms – capabilities whereby millions of conversations can be monitored and automatically analysed, whereby a wide range of personal data can be obtained and stored in secret, and whereby some unknown degree of information can be released to a given population through a variety of means and without any hint that the actual source is US military intelligence.

All this is merely in addition to whichever additional capabilities are not evident from the limited description available, with the program as a whole presumably being operated in conjunction with other surveillance and propaganda assets controlled by the US and its partners.

Whatever the exact nature and scope of COIN, the firms that had been assembled for the purpose by Barr and TASC never got a chance to bid on the program’s recompete.

In late September, Lovegrove noted to Barr and others that he’d spoken to the “CO [contracting officer] for COIN.”

“The current procurement approach is cancelled, she cited changed requirements,” he reported. “They will be coming out with some documents in a month or two, most likely an updated RFI [request for information]. There will be a procurement following soon after. We are on the list to receive all information.”

On 18 January this year, Lovegrove provided an update:

“I just spoke to the group chief on the contracts side (Doug K). COIN has been replaced by a procurement called Odyssey. He says that it is in the formative stages and that something should be released this year. The contracting officer is Kim R. He believes that Jason is the COTR [contracting officer's technical representative].” Another clue is provided in the ensuing discussion when a TASC executive asks, “Does Odyssey combine the Technology and Content pieces of the work?”

The unexpected change-up didn’t seem to phase the corporate partnership, which was still a top contender to compete for the upcoming Odyssey procurement.

Later emails indicate a meeting between key members of the group and the contracting officer for Odyssey at a location noted as “HQ,” apparently for a briefing on requirements for the new program, on 3 February. But two days after that meeting, the servers of HBGary and HBGary Federal were hacked by a small team of Anonymous operatives in retaliation for Barr’s boasts to Financial Times that he had identified the movement’s “leadership;” 70,000 emails were thereafter released onto the internet. Barr resigned a few weeks later.

Along with clues as to the nature of COIN and its scheduled replacement, a close study of the HBGary emails also provide reasons to be concerned with the fact that such things are being developed and deployed in the way that they are.

In addition to being the driving force behind the COIN recompete, Barr was also at the center of a series of conspiracies by which his own company and two others hired out their collective capabilities for use by corporations that sought to destroy their political enemies by clandestine and dishonest means, some of which appear to be illegal.

None of the companies involved have been investigated; a proposed Congressional inquiry was denied by the committee chair, noting that it was the Justice Department’s decision as to whether to investigate, even though it was the Justice Department itself that made the initial introductions. Those in the intelligence contracting industry who believe themselves above the law are entirely correct.

That such firms will continue to target the public with advanced information warfare capabilities on behalf of major corporations is by itself an extraordinary danger to mankind, particularly insomuch as that such capabilities are becoming more effective while remaining largely unknown outside of the intelligence industry.

But a far greater danger is posed by the practice of arming small and unaccountable groups of state and military personnel with a set of tools by which to achieve better and better “situational awareness” on entire populations, while also being able to manipulate the information flow in such a way as to deceive those same populations.

The idea that such power can be wielded without being misused is contradicted by even a brief review of history.

It is inevitable, then, that such capabilities as form the backbone of Romas/COIN and its replacement Odyssey will be deployed against a growing segment of the world’s population.

The powerful institutions that wield them will grow all the more powerful as they are provided better methods by which to monitor, deceive, and manipulate. The informed electorate upon which liberty depends will be increasingly misinformed.

No tactical advantage conferred by the use of these programs can outweigh the damage that will be done to mankind in the process of creating them.

Copyright © SC Magazine, Australia