Posts

Can Congress — or Robert Mueller — Order Facebook to Direct Its Machine Learning?

/7 Comments/in , , , , /by

The other day I pointed out that two articles (WSJ, CNN) — both of which infer that Robert Mueller obtained a probable cause search warrant on Facebook based off an interpretation that under Facebook’s privacy policy a warrant would be required — actually ignored two other possibilities. Without something stronger than inference, then, these articles do not prove Mueller got a search warrant (particularly given that both miss the logical step of proving that the things Facebook shared with Mueller count as content and not business records).

In response to that and to this column arguing that Facebook should provide more information, some of the smartest surveillance lawyers in the country discussed what kind of legal process would be required, but were unable to come to any conclusions.

Last night, WaPo published a story that made it clear Congress wanted far more than WSJ and CNN had suggested (which largely fell under the category of business records and the ads posted to targets, the latter of which Congress had been able to see but not keep). What Congress is really after is details about the machine learning Facebook used to identify the malicious activity identified in April and the ads described in its most recent report, to test whether Facebook’s study was thorough enough.

A 13-page “white paper” that Facebook published in April drew from this fuller internal report but left out critical details about how the Russian operation worked and how Facebook discovered it, according to people briefed on its contents.

Investigators believe the company has not fully examined all potential ways that Russians could have manipulated Facebook’s sprawling social media platform.

[snip]

Congressional investigators are questioning whether the Facebook review that yielded those findings was sufficiently thorough.

They said some of the ad purchases that Facebook has unearthed so far had obvious Russian fingerprints, including Russian addresses and payments made in rubles, the Russian currency.

Investigators are pushing Facebook to use its powerful data-crunching ability to track relationships among accounts and ad purchases that may not be as obvious, with the goal of potentially detecting subtle patterns of behavior and content shared by several Facebook users or advertisers.

Such connections — if they exist and can be discovered — might make clear the nature and reach of the Russian propaganda campaign and whether there was collusion between foreign and domestic political actors. Investigators also are pushing for fuller answers from Google and Twitter, both of which may have been targets of Russian propaganda efforts during the 2016 campaign, according to several independent researchers and Hill investigators.

“The internal analysis Facebook has done [on Russian ads] has been very helpful, but we need to know if it’s complete,” Schiff said. “I don’t think Facebook fully knows the answer yet.”

[snip]

In the white paper, Facebook noted new techniques the company had adopted to trace propaganda and disinformation.

Facebook said it was using a data-mining technique known as machine learning to detect patterns of suspicious behavior. The company said its systems could detect “repeated posting of the same content” or huge spikes in the volume of content created as signals of attempts to manipulate the platform.

The push to do more — led largely by Adam Schiff and Mark Warner (both of whom have gotten ahead of the evidence at times in their respective studies) — is totally understandable. We need to know how malicious foreign actors manipulate the social media headquartered in Schiff’s home state to sway elections. That’s presumably why Facebook voluntarily conducted the study of ads in response to cajoling from Warner.

But the demands they’re making are also fairly breathtaking. They’re demanding that Facebook use its own intelligence resources to respond to the questions posed by Congress. They’re also demanding that Facebook reveal those resources to the public.

Now, I’d be surprised (pleasantly) if either Schiff or Warner made such detailed demands of the NSA. Hell, Congress can’t even get NSA to count how many Americans are swept up under Section 702, and that takes far less bulk analysis than Facebook appears to have conducted. And Schiff and Warner surely would never demand that NSA reveal the extent of machine learning techniques that it uses on bulk data, even though that, too, has implications for privacy and democracy (America’s and other countries’). And yet they’re asking Facebook to do just that.

And consider how two laws might offer guidelines, but (in my opinion) fall far short of authorizing such a request.

There’s Section 702, which permits the government to oblige providers to provide certain data on foreign intelligence targets. Section 702’s minimization procedures even permit Congress to obtain data collected by the NSA for their oversight purposes.

Certainly, the Russian (and now Macedonian and Belarus) troll farms Congress wants investigated fall squarely under the definition of permissible targets under the Foreign Government certificate. But there’s no public record of NSA making a request as breathtaking as this one, that Facebook (or any other provider) use its own intelligence resources to answer questions the government wants answered. While the NSA does draw from far more data than most people understand (including, probably, providers’ own algorithms about individually targeted accounts), the most sweeping request we know of involves Yahoo scanning all its email servers for a signature.

Then there’s CISA, which permits providers to voluntarily share cyber threat indicators with the federal government, using these definitions:

(A) IN GENERAL.—Except as provided in subparagraph (B), the term “cybersecurity threat” means an action, not protected by the First Amendment to the Constitution of the United States, on or through an information system that may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system.

(B) EXCLUSION.—The term “cybersecurity threat” does not include any action that solely involves a violation of a consumer term of service or a consumer licensing agreement.

(6) CYBER THREAT INDICATOR.—The term “cyber threat indicator” means information that is necessary to describe or identify—

(A) malicious reconnaissance, including anomalous patterns of communications that appear to be transmitted for the purpose of gathering technical information related to a cybersecurity threat or security vulnerability;

(B) a method of defeating a security control or exploitation of a security vulnerability;

(C) a security vulnerability, including anomalous activity that appears to indicate the existence of a security vulnerability;

(D) a method of causing a user with legitimate access to an information system or information that is stored on, processed by, or transiting an information system to unwittingly enable the defeat of a security control or exploitation of a security vulnerability;

(E) malicious cyber command and control;

(F) the actual or potential harm caused by an incident, including a description of the information exfiltrated as a result of a particular cybersecurity threat;

(G) any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law; or

(H) any combination thereof.

Since January, discussions of Russian tampering have certainly collapsed Russia’s efforts on social media with their various hacks. Certainly, Russian abuse of social media has been treated as exploiting a vulnerability. But none of this language defining a cyber threat indicator envisions the malicious use of legitimate ad systems.

Plus, CISA is entirely voluntary. While Facebook thus far has seemed willing to be cajoled into doing these studies, that willingness might change quickly if they had to expose their sources and methods, just as NSA clams up every time you ask about their sources and methods.

Moreover, unlike the sharing provisions in 702 minimization procedures, I’m aware of no language in CISA that permits sharing of this information with Congress.

Mind you, part of the problem may be that we’ve got global companies that have sources and methods that are as sophisticated as those of most nation-states. And, inadequate as they are, Facebook is hypothetically subject to more controls than nation-state intelligence agencies because of Europe’s data privacy laws.

All that said, let’s be aware of what Schiff and Warner are asking for, however justified it may be from a investigative standpoint. They’re asking for things from Facebook that they, NSA’s overseers, have been unable to ask from NSA.

If we’re going to demand transparency on sources and methods, perhaps we should demand it all around?

The (Thus Far) Flimsy Case for Republican Cooperation on Russian Targeting

/27 Comments/in , , , , /by

A number of credulous people are reading this article this morning and sharing it, claiming it is a smoking gun supporting the case that Republicans helped the Russians target their social media, in spite of this line, six paragraphs in.

No evidence has emerged to link Kushner, Cambridge Analytica, or Manafort to the Russian election-meddling enterprise;

Not only is there not yet evidence supporting the claim that Republican party apparatchiks helped Russians target their social media activity, not only does the evidence thus far raise real questions about the efficacy of what Russia did (though that will likely change, especially once we learn more about other platforms), but folks arguing for assistance are ignoring already-public evidence and far more obvious means by which assistance might be obtained.

Don’t get me wrong. I’m acutely interested in the role of Cambridge Analytica, the micro-targeting company that melds Robert Mercer’s money with Facebook’s privatized spying (and was before it was fashionable). I first focused on Jared Kushner’s role in that process, which people are gleefully discovering now, back in May. I have repeatedly said that Facebook — which has been forthcoming about analyzing and sharing (small parts) of its data — and Twitter — which has been less forthcoming — and Google — which is still channeling Sargent Schultz — should be more transparent and have independent experts review their methodology. I’ve also been pointing out, longer than most, of the import of concentration among social media giants as a key vulnerability Russia exploited. I’m particularly interested in whether Russian operatives manipulated influencers — on Twitter, but especially in 4Chan — to magnify anti-Hillary hostility. We may find a lot of evidence that Russia had a big impact on the US election via social media.

But we don’t have that yet and people shooting off their baby cannons over the evidence before us and over mistaken interpretations about how Robert Mueller might get Facebook data are simply degrading the entire concept of evidence.

The first problem with these arguments is an issue of scale. I know a slew of articles have been written about how far $100K spent on Facebook ads go. Only one I saw dealt with scale, and even that didn’t do so by examining the full scale of what got spent in the election.

Hillary Clinton spent a billion dollars on losing last year. Of that billion, she spent tens of millions paying a 100-person digital media team and another $1 million to pay David Brock to harass people attacking Hillary on social media (see this and this for more on her digital team). And while you can — and I do, vociferously — argue she spent that money very poorly, paying pricey ineffective consultants and spending on ads in CA instead of MI, even the money she spent wisely drowns out the (thus far identified) Russian investment in fake Facebook ads. Sure, it’s possible we’ll learn Russians exploited the void in advertising left in WI and MI to sow Hillary loathing (though this is something Trump’s people have explicitly taken credit for), but we don’t have that yet.

The same is true on the other side, even accounting for all the free advertising the sensationalist press gave Trump. Sheldon Adelson spent $82 million last year, and it’s not like that money came free of demands about policy outcomes involving a foreign country. The Mercers spent millions too (and $25 million total for the election, though a lot of that got spent on Ted Cruz), even before you consider their long-term investments in Breitbart and Cambridge Analytica, the former of which is probably the most important media story from last year. Could $100K have an effect among all this money sloshing about? Sure. But by comparison it’d be tiny, particularly given the efficacy of the already established right wing noise machine backed by funding orders of magnitude larger than Russia’s spending.

Then there’s what we know thus far about how Russia spent that money. Facebook tells us (having done the kind of analysis that even the intelligence community can’t do) that these obviously fake ads weren’t actually focused primarily on the Presidential election.

  • The vast majority of ads run by these accounts didn’t specifically reference the US presidential election, voting or a particular candidate.
  • Rather, the ads and accounts appeared to focus on amplifying divisive social and political messages across the ideological spectrum — touching on topics from LGBT matters to race issues to immigration to gun rights.
  • About one-quarter of these ads were geographically targeted, and of those, more ran in 2015 than 2016.

That’s not to say sowing discord in the US has no effect, or even no effect on the election. But thus far, we don’t have evidence showing that Russia’s Facebook trolls were (primarily) affirmatively pushing for Trump (though their Twitter trolls assuredly were) or that the discord they fostered happened in states that decided the election.

Now consider what a lot of breathless reporting on actual Facebook ads have shown. There was the article showing Russia bought ads supporting an anti-immigrant rally in Twin Falls, ID. The ad in question showed that just four people claimed to attend this rally in the third most Republican state. Another article focused on ads touting events in Texas. While the numbers of attendees are larger, and Texas will go Democratic long before Idaho does, we’re still talking relatively modest events in a state that was not going to decide the election.

To show Russia’s Facebook spending had a measurable impact on last year’s election, you’d want to focus on MI, WI, PA, and other close states. There were surely closely targeted ads that, particularly in rural areas where the local press is defunct and in MI where there was little advertising (WI had little presidential advertising, but tons tied to the Senate race) where such social media had an important impact; thus far it’s not clear who paid for them, though (again, Trump’s campaign has boasted about doing just that).

Additionally, empiricalerror showed that a number of the identifiably Russian ads simply repurposed existing, American ads.

That’s not surprising, as the ads appear to follow (not lead) activities that happened on far right outlets, including both Breitbart and Infowars. As with the Gizmo that tracks what it claims are Russian linked accounts and thereby gets credulous journalists to claim campaigns obviously pushed by Americans are actually Russian plots, it seems Russian propaganda is following, not leading, the right wing noise machine.

So thus far what we’re seeing is the equivalent of throwing a few matches on top of the raging bonfire that is the well established, vicious, American-funded inferno of far right media. That’s likely to change, but that’s what we have thus far.

But as I said, all this ignores one other key point: We already have evidence of assistance on the election.

Except, it went the opposite direction from where everyone is looking, hunting for instances where Republicans helped Russians decide to buy ads in Idaho that riled up 4 people.

As I reminded a few weeks back, at a time when Roger Stone and (we now know) a whole bunch of other long-standing GOP rat-fuckers were reaching out to presumed Russian hackers in hopes of finding Hillary’s long lost hacked Clinton Foundation emails, Guccifer 2.0 was reaching out to journalists and others with close ties to Republicans to push the circulation of stolen DCCC documents.

That is, the persona believed to be a front for Russia was distributing documents on House races in swing states such that they might be used by Republican opponents. Some of that data could be used for targeting.

Now, I have no idea whether Russia would risk doing more without some figure like Guccifer 2.0 to provide deniability. That is, I have no idea whether Russia would go so far as take more timely and granular data about Democrats’ targeting decisions and share that with Republicans covertly (in any case, we are led to believe that data would be old, no fresher than mid-June). But we do know they were living in the Democrats’ respective underwear drawers for almost a year.

And Russia surely wouldn’t need a persona like Guccifer 2.0 if they were sharing stolen data within Russia. If the FSB stole targeting data during the 11 months they were in the DNC servers, they could easily share that data with the Internet Research Association (the troll farm the IC believes has ties to Russian intelligence) so IRA can target more effectively than supporting immigration rallies in Idaho Falls.

Which is a mistake made by many of the sources in the Vanity Fair article everyone keeps sharing, the assumption that the only possible source of targeting help had to be Republicans.

We already know the Russians had help: they got it by helping themselves to campaign data in Democratic servers. It’s not clear they would need any more. Nor, absent proof of more effective targeting, is there any reason to believe that the dated information they stole from the Democrats wouldn’t suffice to what we’ve seen them do. Plus, we’ve never had clear answers whether or not Russians weren’t burrowed into far more useful data in Democratic servers. (Again, I think Russia’s actions with influencers on social media, particularly via 4Chan, was far more extensive, but that has more to do with HUMINT than with targeting.)

So, again, I certainly think it’s possible we’ll learn, down the road, that Republicans helped Russians figure out where to place their ads. But we’re well short of having proof of that right now, and we do have proof that some targeting data was flowing in the opposite direction.

Update: This post deals with DB’s exposure of a FB campaign organizing events in FL, which gets us far closer to something of interest. Those events came in the wake of Guccifer 2.0 releasing FL-based campaign information.

Facebook Doesn’t Need a Probable Cause Search Warrant to Turn Over Ad Data to Robert Mueller

/6 Comments/in , /by

People are shooting off their baby cannons in excitement with the news that Facebook turned over information to Robert Mueller that they didn’t turn over to Congress. The excitement comes, apparently, from the perception that if Mueller got more stuff than Congress, he must have gotten a probable cause search warrant, something implied — but not at all stated affirmatively — in this WSJ article.

Facebook Inc.  has handed over to special counsel Robert Mueller detailed records about the Russian ad purchases on its platform that go beyond what it shared with Congress last week, according to people familiar with the matter.

The information Facebook shared with Mr. Mueller included copies of the ads and details about the accounts that bought them and the targeting criteria they used, the people familiar with the matter said. Facebook policy dictates that it would only turn over “the stored contents of any account,” including messages and location information, in response to a search warrant, some of them said.

A search warrant from Mr. Mueller would mean the special counsel now has a powerful tool in his arsenal to probe the details of how social media was used as part of a campaign of Russian meddling in the U.S. presidential election. Facebook hasn’t shared the same information with Congress in part because of concerns about disrupting the Mueller probe, and possibly running afoul of U.S. privacy laws, people familiar with the matter said.

CNN similarly asserts that Mueller would need a warrant, without actually reporting any confirmation from Facebook that that’s what has happened.

Facebook gave Mueller and his team copies of ads and related information it discovered on its site linked to a Russian troll farm, as well as detailed information about the accounts that bought the ads and the way the ads were targeted at American Facebook users, a source with knowledge of the matter told CNN.

The disclosure, first reported by the Wall Street Journal, may give Mueller’s office a fuller picture of who was behind the ad buys and how the ads may have influenced voter sentiment during the 2016 election.

Facebook did not give copies of the ads to members of the Senate and House intelligence committees when it met with them last week on the grounds that doing so would violate their privacy policy, sources with knowledge of the briefings said. Facebook’s policy states that, in accordance with the federal Stored Communications Act, it can only turn over the stored contents of an account in response to a search warrant.

“We continue to work with the appropriate investigative authorities,” Facebook said in a statement to CNN.

Even in the criminal context, it’s not at all clear Mueller would need a probable cause search warrant. Here’s what WSJ and CNN said Facebook gave Mueller:

  • Copies of ads (which according to some reports, Facebook showed, but did not leave, with Congress)
  • Details about the accounts that bought them
  • Targeting criteria used to buy them

Both WSJ and CNN take from these details that Facebook treats these things — which are what the Internet Research Association and other fake subscribers included in their communications conducting an advertising transaction with Facebook — as “stored contents of an account” or “messages and location information.”

Given that these are communications with Facebook, not with the fake subscribers’ fake friends, it’s not at all clear that’s this would count as content. Here’s what Facebook gets asked for (and presumably delivers) in response to a 2703(d) order on an average real American, like Reality Winner.

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Intemet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Intemet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Intemet Protocol addresses;
2. Information about each communication sent or received by tbe Account, including tbe date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers). Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address as either of the accounts listed in Part I; and
3. Records of any accounts that are linked to either of the accounts listed in Part I by machine cookies (meaning all Facebook/Instagram user IDs that logged into any Facebook/Instagram account by the same machine as either of the accounts in Part I).

What would “all records and other information” relating to the account entail for an ad purchaser? After all, the fake account is not posting the ad, Facebook is. The fake account is using Facebook targeting criteria — again, communicating with Facebook, not its fake friends.

And if this is how Mueller got the Facebook data, it would be available with approval from a grand jury (and we know he’s got several grand juries lying around), with a relevance — not a probable cause — standard.

And that’s only if you’re talking criminal context. WSJ and CNN refer to Facebook’s privacy policy, which for legal reasons doesn’t cite all the ways they turn over data. In assuming that Mueller had to use a search warrant, both outlets are ignoring another obvious authority: Section 702.

We’re talking accounts believed (by both Facebook and the government) to be run by the Internet Research Association. The Intelligence Community Assessment on Russian tampering states, even in the unclassified version, that they believe IRA has ties to Russian intelligence.

  • The likely financier of the so-called Internet Research Agency of professional trolls located in Saint Petersburg is a close Putin ally with ties to Russian intelligence.

But even without that, we’re talking a foreign corporation engaging in activity that everyone involved agrees has foreign intelligence value, with most people claiming that they knowingly took part in an intelligence influence operation run by Russian spooks.

That’s solidly in the realm of what gets tasked, all the time, under Section 702’s Foreign Government certificate. Hell, using 702, Mueller could get the contents of the messages sent by the fake accounts to their fake friends, as well as anything else private in their accounts (and a whole lot more).

And the standard for 702 is not probable cause, it is foreigner (including foreign corporation) located overseas of foreign intelligence purpose.

I know everyone badly wants to assume Mueller has indictments in his back pocket, and so therefore are seeing criminal probable cause where there may be none (and where none is required). But both of these articles make certain assumptions about how Facebook treats ad transactions and, making those assumptions, rule out the 2703(d) order. And both of these articles are ignoring the availability of everything in IRA’s accounts — content or no — under Section 702.

Update: I believe these misleading leaks are coming from Congress, rather than from Facebook or Mueller. Note, for example, this WSJ explanation for why Facebook gave Mueller more than they gave Congress:

Facebook hasn’t shared the same information with Congress in part because of concerns about disrupting the Mueller probe, and possibly running afoul of U.S. privacy laws, people familiar with the matter said.

The concern about disrupting the Mueller probe would not be Facebook’s. It’d be Mueller and Congress’.

With that in mind, consider this article, from Bloomberg, which I also found sketchy. It claims that Mueller’s investigation has a “red-hot” focus on social media.

Russia’s effort to influence U.S. voters through Facebook and other social media is a “red-hot” focus of special counsel Robert Mueller’s investigation into the 2016 election and possible links to President Donald Trump’s associates, according to U.S. officials familiar with the matter.

Mueller’s team of prosecutors and FBI agents is zeroing in on how Russia spread fake and damaging information through social media and are seeking additional evidence from companies like Facebook and Twitter about what happened on their networks, said one of the officials, who asked not to be identified discussing the ongoing investigation.

It relies on two US officials, a common moniker for members of Congress or their staffers. And the article goes on to quote both Richard Burr and Mark Warner.

Intelligence Committee Chairman Richard Burr, a North Carolina Republican, said Tuesday that it’s “probably more a question of when” than if there will be a hearing with Facebook officials as part of his panel’s probe. Mark Warner, the committee’s top Democrat and a former telecommunications company founder, said Facebook’s revelation appears to be “the tip of the iceberg. I think there’s going to be much more.”

“This is the Wild, Wild West,” Warner said.

Warner has made no secret, for weeks, he wants more focus on the social media side of this. But Burr, here, seems to be reflecting the same considerations he does elsewhere: timing, which for him has been driven by ensuring the committee collects enough evidence to prepare before speaking to witnesses, and deference to Mueller’s investigation.

But consider the rest of the article, which suggests that Mueller’s investigation is going full steam after social media.

That’s pretty hard to square with the fact that Twitter hadn’t even considered doing a report until Facebook delivered theirs, which was provided voluntarily. And Google has done nothing yet, in spite of concerns about Russians exploiting YouTube.

Twitter Inc. is also expected to speak to congressional investigators in the coming weeks about Russian activity on its platform, said Sen. Mark Warner of Virginia, the top Democrat on the Senate Intelligence Committee last week. A spokeswoman for Twitter declined to comment on whether the company had received any warrants or handed anything over related to possible Russian ad buys.

Alphabet Inc.’s Google unit said in a statement, “We’re always monitoring for abuse or violations of our policies and we’ve seen no evidence this type of ad campaign was run on our platforms.” A person familiar with the matter said the company hasn’t been called to testify on the topic.

In other words, if Mueller is interested in social media, that interest is no longer than 10 days old, and did not drive Facebook’s reporting (though Mueller would have intelligence from the intelligence community, on top of whatever Facebook provided).

I think Warner wants Burr’s agreement to subpoena these providers now, which would permit SSCI to obtain the same stuff Mueller did. And if, in an effort to apply that pressure, Warner or his minions are telling journalists that Mueller got more because he used legal process, it would leave it to journalists to interpret what kind of (legally gagged, probably) process Mueller used. Which might result in precisely the kind of story we got: journalists reporting it involved a warrant based on their interpretation of how Facebook treats ad purchases.

Twitter Asked to Tell Reality Winner the FBI Had Obtained Her Social Media Activity

/2 Comments/in , /by

Last week, the Augusta Chronicle reported that the government had unsealed notice that it had obtained access to Reality Winner’s phone and social media metadata. Altogether, the government obtained metadata from her AT&T cell phone, two Google accounts, her Facebook and Instagram accounts, and her Twitter account. Of those providers, it appears that only Twitter asked to tell Winner the government had obtained that information. The government obtained the 2703(d) order on June 13. On June 26, Twitter asked the FBI to rescind the non-disclosure order. In response, FBI got a 180-day deadline on lifting the gag; then on August 31, the FBI asked the court to unseal the order for Twitter, as well as the other providers.

The applications all include this language on Winner’s use of Tor, and more details about using a thumb drive with a computer last November.

During the search of her home, agents found spiral-bound notebooks in which the defendant had written information about setting up a single-use “burner” email account, downloading the TOR darkweb browser at its highest security setting, and unlocking a cell phone to enable the removal and replacement of its SIM card. Agents also learned, and the defendant admitted, that the defendant had inserted a thumb drive into a classified computer in November 2016, while on active duty with the U.S. Air Force and holding a Top Secret/SCI clearance. The defendant claimed to have thrown the thumb drive away in November 2016, and agents have not located the thumb drive.

Given that the FBI applied for and eventually unsealed the orders in all these cases, it provides a good way to compare what the FBI asks for from each provider — which gives you a sense of how the FBI actually uses these metadata requests to get a comprehensive picture of all the aliases, including IP addresses, someone might use. The MAC and IP addresses, in particular, would be very valuable to identify any of her otherwise unidentified device and Internet usage. Note, too, that AT&T gets asked to share all details of wire communications sent using the phone — so any information, including cell tower location, an app shares with AT&T would be included in that. AT&T, of course, tends to interpret surveillance requests broadly.

Though note: the prosecutor here pretty obviously cut and paste from the Google request for the social media companies, given that she copied over the Google language on cookies in her Twitter request.

AT&T

AT&T Corporation is required to disclose the following records and other information, if available, to the United States for each Account listed in Part I of this Attachment, for the time period beginning June 1, 2016, through and including June 7, 2017:

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses. Electronic Serial Numbers (“ESN”), Mobile Electronic Identity Numbers (“MEIN”), Mobile Equipment Identifier (“MEID”), Mobile Identification Numbers (“MIN”), Subscriber Identity Modules (“SIM”), Mobile Subscriber Integrated Services Digital Network Number (“MSISDN”), International Mobile Subscriber Identifiers (“IMSl”), or International Mobile Equipment Identities (“IMEI”));
7. Other subscriber numbers or identities (including the registration Internet Protocol (“IP”) address); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to wire and electronic communications sent from or received by the Account, including the date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers), and including information regarding the cell towers and sectors through which the communications were sent or received.

Records of any accounts registered with the same email address, phone number(s), or method(s) of payment as the account listed in Part I.

Google

Google is required to disclose the following records and other information, if available, to the United States for each account or identifier listed in Part 1 of this Attachment (“Account”), for the time period beginning June 1, 2016, through and including June 7,2017:

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Internet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Internet Protocol addresses;
2. Information about each communication sent or received by the Account, including the date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers);
3. Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address as either of the accounts listed in Part 1; and Records of any accounts that are linked to either of the accounts listed in Part 1 by machine cookies (meaning all Google user IDs that logged into any Google account by the same machine as either of the accounts in Part

Facebook/Instagram

Facebook, Inc. is required to disclose tbe following records and other information, if available, to the United States for each account or identifier listed in Part 1 of this Attachment (“Account”),
for the time period beginning June 1, 2016, through and including June 7, 2017:

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Intemet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Intemet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Intemet Protocol addresses;
2. Information about each communication sent or received by tbe Account, including tbe date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers). Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address as either of the accounts listed in Part I; and
3. Records of any accounts that are linked to either of the accounts listed in Part I by machine cookies (meaning all Facebook/Instagram user IDs that logged into any Facebook/Instagram account by the same machine as either of the accounts in Part I).

Twitter

Twitter, Inc. is required to disclose the following records and other information, if available, to the United States for each account or identifier listed in Part 1 of this Attachment (“Account”), for the time period beginning June 1,2016, through and including June 7,2017:

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Internet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Internet Protocol addresses;
2. Information about each communication sent or received by the Account, including the date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers).
3. Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address the account listed in Part I; and
4. Records of any accounts that are linked to the account listed in Part I by machine cookies (meaning all Google [sic] user IDs that logged into any Google [sic] account by the same machine as the account in Part I).

Facebook’s Global Data: A Parallel Intelligence Source Rivaling NSA

/46 Comments/in , , /by

In April, Facebook released a laudable (if incredible) report on Russian influence operations on Facebook during the election; the report found that just .1% of what got shared in election related activity go shared by malicious state-backed actors.

Facebook conducted research into overall civic engagement during this time on the platform, and determined that the reach of the content shared by false amplifiers was marginal compared to the overall volume of civic content shared during the US election.

[snip]

The reach of the content spread by these accounts was less than one-tenth of a percent of the total reach of civic content on Facebook.

Facebook also rather coyly confirmed they had reached the same conclusion the Intelligence Community had about Russia’s role in tampering with the election.

Facebook is not in a position to make definitive attribution to the actors sponsoring this activity. It is important to emphasize that this example case comprises only a subset of overall activities tracked and addressed by our organization during this time period; however our data does not contradict the attribution provided by the U.S. Director of National Intelligence in the report dated January 6, 2017.

While skeptics haven’t considered this coy passage (and Facebook certainly never called attention to it), it means a second entity with access to global data — like the NSA but private — believes Russia was behind the election tampering.

Yesterday, Facebook came out with another report, quantifying how many ads came from entities that might be Russian information operations. They searched for two different things. First, ads from obviously fake accounts. They found 470 inauthentic accounts paid for 3,000 ads costing $100,000. But most of those didn’t explicitly discuss a presidential candidate, and more of the geo-targeted ones appeared in 2015 than in 2016.

  • The vast majority of ads run by these accounts didn’t specifically reference the US presidential election, voting or a particular candidate.
  • Rather, the ads and accounts appeared to focus on amplifying divisive social and political messages across the ideological spectrum — touching on topics from LGBT matters to race issues to immigration to gun rights.
  • About one-quarter of these ads were geographically targeted, and of those, more ran in 2015 than 2016.
  • The behavior displayed by these accounts to amplify divisive messages was consistent with the techniques mentioned in the white paper we released in April about information operations.

Elsewhere Facebook has said some or all of these are associated with a troll farm, the Internet Research Agency, in Petersburg.

The Intelligence Community Report on the Russia hacks specifically mentioned the Internet Research Agency — suggesting it probably had close ties to Putin. But it also suggested there was significant advertising that was explicitly pro-Trump, which may be inconsistent with Facebook’s observation that the majority of these ads ran policy, rather than candidate ads.

Russia used trolls as well as RT as part of its influence efforts to denigrate Secretary Clinton. This effort amplified stories on scandals about Secretary Clinton and the role of WikiLeaks in the election campaign.

  • The likely financier of the so-called Internet Research Agency of professional trolls located in Saint Petersburg is a close Putin ally with ties to Russian intelligence.
  • A journalist who is a leading expert on the Internet Research Agency claimed that some social media accounts that appear to be tied to Russia’s professional trolls—because they previously were devoted to supporting Russian actions in Ukraine—started to advocate for President-elect Trump as early as December 2015.

The other thing Facebook did was measure how many ads that might have originated in Russia without mobilizing an obviously fake account. That added another $50,000 in advertising to the pot of potential Russian disinformation.

In this latest review, we also looked for ads that might have originated in Russia — even those with very weak signals of a connection and not associated with any known organized effort. This was a broad search, including, for instance, ads bought from accounts with US IP addresses but with the language set to Russian — even though they didn’t necessarily violate any policy or law. In this part of our review, we found approximately $50,000 in potentially politically related ad spending on roughly 2,200 ads.

Still, that’s not all that much — it may explain why Facebook found only .1% of activity was organized disinformation.

In its report, Facebook revealed that it had shared this information with those investigating the election.

We have shared our findings with US authorities investigating these issues, and we will continue to work with them as necessary.

Subsequent reporting has made clear that includes Congressional Committees and Robert Mueller’s team. I’m curious whether Mueller made the request (whether using legal process or no), and Facebook took it upon themselves to share the topline data publicly. If so, we should be asking where the results of similar requests to Twitter and Google are.

I’m interested in this data — though I agree with both those that argue we need to make sure this advertising gets reviewed in campaign regulations, and those who hope independent scholars can review and vet Facebook’s methodology. But I’m as interested that we’re getting it.

Facebook isn’t running around bragging about this; if too many people groked it, more and more might stop using Facebook. But what these two reports from Facebook both reflect is the global collection of intelligence. The intelligence is usually used to sell highly targeted advertisements. But in the wake of Russia’s tampering with last year’s election, Facebook has had the ability to take a global view of what occurred. Arguably, it has shared more of that intelligence than the IC has, and in the specific detail regarding whether Internet Research Agency focused more on Trump or on exacerbating racial divisions in the country, it has presented somewhat different results than the IC has.

So in addition to observing (and treating just as skeptically as we would data from the NSA) the data Facebook reports, we would do well to recognize that we’re getting reports from a parallel global intelligence collector.

Kushner’s Digital Armies and Facebook’s .1%

/65 Comments/in , /by

Back in May, I called attention to NYT’s mention of the importance of Jared Kushner’s successful reversal of his father-in-law’s digital targeting to cement their relationship.

Amid its larger narrative that Kushner and Trump actually haven’t been that close all that long, the NYT also reminds that Kushner got a lot of credit from his father-in-law for reviving the digital aspect of the campaign.

Mr. Kushner’s reported feeler to the Russians even as President Barack Obama remained in charge of American foreign policy was a trademark move by someone with a deep confidence in his abilities that critics say borders on conceit, people close to him said. And it echoes his history of sailing forth into unknown territory, including buying a newspaper at age 25 and developing a data-analytics program that he has said helped deliver the presidency to his father-in-law.

[snip]

Despite the perception that he is the one untouchable adviser in the president’s inner circle, Mr. Kushner was not especially close to his father-in-law before the 2016 campaign. The two bonded when Mr. Kushner helped to take over the campaign’s faltering digital operation and to sell a reluctant Rupert Murdoch, the chairman of Fox News’s parent company, on the viability of his father-in-law’s candidacy by showing him videos of Mr. Trump’s rally during a lunch at Fox headquarters in mid-2015.

There lots of reasons to look askance at Trump’s data program, even before you consider that it was so central in a year where Trump’s opponent got hacked. So I find it notable (which is where I’ll leave it, for now) that Kushner’s role in the digital side of the campaign was so central to his perceived closeness to Trump.

McClatchy reports that the Congressional investigation committees are looking into my suspicions: that Kushner’s digital targeting may have been assisted by Russian obtained data (though I hope someone considers whether Russians also hacked Hillary’s analytics programs, blinding her to problems in places like MI).

Investigators at the House and Senate Intelligence committees and the Justice Department are examining whether the Trump campaign’s digital operation – overseen by Jared Kushner – helped guide Russia’s sophisticated voter targeting and fake news attacks on Hillary Clinton in 2016.

Congressional and Justice Department investigators are focusing on whether Trump’s campaign pointed Russian cyber operatives to certain voting jurisdictions in key states – areas where Trump’s digital team and Republican operatives were spotting unexpected weakness in voter support for Hillary Clinton, according to several people familiar with the parallel inquiries.

I’m glad they are doing this, but I’m a bit troubled by the belief (based in part on what I consider unproven analysis that Congress has already mainlined) that all the trolls and bots were Russian.

By Election Day, an automated Kremlin cyberattack of unprecedented scale and sophistication had delivered critical and phony news about the Democratic presidential nominee to the Twitter and Facebook accounts of millions of voters. Some investigators suspect the Russians targeted voters in swing states, even in key precincts.

Russia’s operation used computer commands knowns as “bots” to collect and dramatically heighten the reach of negative or fabricated news about Clinton, including a story in the final days of the campaign accusing her of running a pedophile ring at a Washington pizzeria.

One source familiar with Justice’s criminal probe said investigators doubt Russian operatives controlling the so-called robotic cyber commands that fetched and distributed fake news stories could have independently “known where to specifically target … to which high-impact states and districts in those states.”

I say this for two reasons. First, because a lot of it was self-evidently coming from 4Chan. 4Chan would (and I suspect has been) willfully manipulated by Russians or their agents, but a lot of the actual activity was American.

And that instinct is backed by an entity that has far better data than the researchers Congress has heard from (publicly at least): Facebook. Facebook, which was ground zero for the sharing of fake stories during the campaign, maintains that just .1% of the “civic content” on Facebook during the campaign was malicious propaganda.

In a fascinating report on the use of the social media platform for Information Operations released yesterday, Facebook make a startling claim. Less than .1% of what got shared during the election was shared by accounts set up to engage in malicious propaganda.

Concurrently, a separate set of malicious actors engaged in false amplification using inauthentic Facebook accounts to push narratives and themes that reinforced or expanded on some of the topics exposed from stolen data. Facebook conducted research into overall civic engagement during this time on the platform, and determined that the reach of the content shared by false amplifiers was marginal compared to the overall volume of civic content shared during the US election.12

In short, while we acknowledge the ongoing challenge of monitoring and guarding against information operations, the reach of known operations during the US election of 2016 was statistically very small compared to overall engagement on political issues.

12 To estimate magnitude, we compiled a cross functional team of engineers, analysts, and data scientists to examine posts that were classified as related to civic engagement between September and December 2016. We compared that data with data derived from the behavior of accounts we believe to be related to Information Operations. The reach of the content spread by these accounts was less than one-tenth of a percent of the total reach of civic content on Facebook.

And they say this in a report that also coyly confirms they’ve got data confirming Russia’s role in the election.

But in the US election section, the report includes a coy passage stating that it cannot definitively attribute who sponsored the false amplification, even while it states that its data does not contradict the Intelligence Community’s attribution of the effort to Russian intelligence.

Facebook is not in a position to make definitive attribution to the actors sponsoring this activity. It is important to emphasize that this example case comprises only a subset of overall activities tracked and addressed by our organization during this time period; however our data does not contradict the attribution provided by the U.S. Director of National Intelligence in the report dated January 6, 2017.

That presents the possibility (one that is quite likely) that Facebook has far more specific forensic data on the .1% of accounts it deems malicious amplifiers that it coyly suggests it knows to be Russian intelligence. Note, too, that the report is quite clear that this is human-driven activity, not bot-driven.

All of which is my way of saying the Committees really ought to bring in Facebook’s engineers (in closed session so Facebook doesn’t freak customers out over the kinds of analytics it can do), to understand what this .1% really means, as well as to have a sense of how the .1% interacted with the far larger group of people spreading fake stories.

As I say over and over, some of this is definitely Russian. But the underlying activities — the ratfucking being led by people who were ratfucking while Putin was still in law school — are also things Republicans do and have been doing for decades.

Let’s understand if Kushner served as a pivot between data stolen by Russians and fake news targeted at Michigan (among other states). But let’s be clear that some of the trolling was done by red-blooded Americans.

The Blame the Media Movement

/38 Comments/in , /by

screen-shot-2016-11-14-at-10-10-55-amThere was an odd moment yesterday on Twitter when a bunch of people were RTing screen caps of NYT’s front page the day after Jim Comey’s October 28 letter, blaming the media for Hillary’s loss.

I think the idea behind their complaints is that because the media — as embodied by the NYT — spent so much time focusing on Hillary’s emails, she lost.

I agree that “the media’s” focus on Hillary’s email contributed significantly to the loss. But the way in which people were complaining about it betrays a lack of understanding of the problem.

First, consider what they were complaining about. The NYT’s print edition had a topline story that “New emails jolt Clinton campaign in race’s last days.” That is almost exactly the Hillary camp’s preferred explanation for why they lost, that the Comey announcement roiled her campaign right at the end. The NYT also focused on Comey’s inappropriate behavior. And also reported what Trump said about the emails — again, reporting what the opposing candidate actually said.

Here’s how Media Matters — which because of close ties between the campaign and the organization, should be considered a house organ for the campaign — dealt with this treatment in real time.

Over the past two days, The New York Times has devoted five of its six above-the-fold articles to FBI director James Comey’s letter to congressional leaders indicating that the Bureau is reviewing additional “emails that appear to be pertinent to the investigation” of Democratic presidential nominee Hillary Clinton’s use of a private server as secretary of state. By providing such prominent coverage, the Times has indicated that the letter is news of the highest possible significance — in spite of the Times’ own reporting that FBI agents have yet to read the emails and determine if they are significant and the letter “did not reopen” the investigation.

In his October 28 letter, Comey wrote that the FBI has “learned of the existence of emails that appear to be pertinent to the investigation” while investigating an unrelated case and is taking “appropriate investigative steps designed to allow investigators to review these emails to determine whether they contain classified information, as well as to assess their importance to our investigation.” He added that the “FBI cannot yet assess whether or not this material may be significant, and I cannot predict how long it will take us to complete.”

Despite the paucity of information Comey indicated was available, the letter triggered a firestorm of speculative media coverage.

The Times, which has both a responsibility as the leading national newspaper to put the story in appropriate context, and a long history of applying excessive and disproportionate scrutiny to news about Bill and Hillary Clinton, led the media’s feeding frenzy.

On Saturday, the entirety of the Times’ front page above the fold was dedicated to three separate articles about Comey’s letter. The lead story declared, “New Emails Jolt Clinton Campaign In Race’s Last Days; FBI Looks at Messages Found During Inquiry.” But as that article noted, it is not clear whether the emails are “new” or duplicates of emails previously reviewed by the FBI; the FBI “had not yet examined” the emails.

The front page also featured articles on Trump’s response to the news and on Republican and Democratic lawmakers’ criticism of Comey in light of the letter.

The Times front page drew criticism for providing such prominent coverage before it was clear whether the emails in question were even relevant to the investigation.

The MM piece does raise two absolutely fair content complaints: that the NYT said FBI “reopened” the investigation (though I’m not sure the distinction is as important as they make out, especially since the FBI had at least one other open investigation during this period), and that the headline said the emails were new when that was not yet clear.

Fair points. But.

MM is also absolutely obsessed with the way NYT has emphasized this on their front page. You know? A dead tree front page? Not just any dead tree, but the NYT’s dead tree?

Of the 100,000 or so people who decided this election, how many of them get their news from the NYT, much less the dead tree version of the NYT? In both the rural and urban areas where Hillary lost MI, you’d have to go to a store, and even then the Sunday Times might be the only thing you could get in dead tree form in timely fashion. I’m sure it’s easier to get the dead tree NYT in Philly, but not in Erie, PA, two other places where Hillary lost this election. So while the NYT’s coverage surely matters, its relative placement on the dead tree is not the thing you should focus on.

You want to track what caused the undue influence of the Comey letter on the election? A far better place to focus is on Bret Baier’s claim, a few days later, that two sources had told him with 99% certainty that Hillary was going to be indicted. MM did cover that, for several days straight, including showing that Fox kept reporting on the claim even after Baier retracted it.

screen-shot-2016-11-14-at-11-27-51-am

But that’s not the other thing you need to track.

Obviously, you need to track Breitbart, the Steve Bannon site that legitimized white supremacy.

Particularly given that the rural areas where Hillary underperformed have often lost their local press (which might otherwise have exposed them to the AP version) you also need to account for social media. It would be bad enough if that consisted solely of people consuming the conspiracy theories their buddies pass on. But, as has increasingly been discussed both during and since the election, those have been hijacked.

On both, people — even some without any stake in the election, such as kids in Macedonia — created false claims to generate clicks to make money.

“This is the news of the millennium!” said the story on WorldPoliticus.com. Citing unnamed FBI sources, it claimed Hillary Clinton will be indicted in 2017 for crimes related to her email scandal.

“Your Prayers Have Been Answered,” declared the headline.

For Trump supporters, that certainly seemed to be the case. They helped the baseless story generate over 140,000 shares, reactions, and comments on Facebook.

Meanwhile, roughly 6,000 miles away in a small town in the former Yugoslav Republic of Macedonia, a young man watched as money began trickling into his Google AdSense account.

[snip]

Most of the posts on these sites are aggregated, or completely plagiarized, from fringe and right-wing sites in the US. The Macedonians see a story elsewhere, write a sensationalized headline, and quickly post it to their site. Then they share it on Facebook to try and generate traffic. The more people who click through from Facebook, the more money they earn from ads on their website.

Earlier in the year, some in Veles experimented with left-leaning or pro–Bernie Sanders content, but nothing performed as well on Facebook as Trump content.

“People in America prefer to read news about Trump,” said a Macedonian 16-year-old who operates BVANews.com.

BuzzFeed News’ research also found that the most successful stories from these sites were nearly all false or misleading.

Far more troublingly, Facebook’s algorithm that influences what news people see not only doesn’t sort out fake news, but they purposely avoided fixing the problem during the election because that would have disproportionately affected conservative “news.”

[I]t’s hard to visit Facebook without seeing phony headlines like “FBI Agent Suspected in Hillary Email Leaks Found Dead in Apparent Murder-Suicide” or “Pope Francis Shocks World, Endorses Donald Trump for President, Releases Statement” promoted by no-name news sites like the Denver Guardian and Ending The Fed.

Gizmodo has learned that the company is, in fact, concerned about the issue, and has been having a high-level internal debate since May about how the network approaches its role as the largest news distributor in the US. The debate includes questions over whether the social network has a duty to prevent misinformation from spreading to the 44 percent of Americans who get their news from the social network.

According to two sources with direct knowledge of the company’s decision-making, Facebook executives conducted a wide-ranging review of products and policies earlier this year, with the goal of eliminating any appearance of political bias. One source said high-ranking officials were briefed on a planned News Feed update that would have identified fake or hoax news stories, but disproportionately impacted right-wing news sites by downgrading or removing that content from people’s feeds. According to the source, the update was shelved and never released to the public.

It’s unclear if the update had other deficiencies that caused it to be scrubbed.

“They absolutely have the tools to shut down fake news,” said the source, who asked to remain anonymous citing fear of retribution from the company. The source added, “there was a lot of fear about upsetting conservatives after Trending Topics,” and that “a lot of product decisions got caught up in that.”

A similar effect is happening as we speak, spreading the false claim that Trump won the popular vote.

We actually don’t know what the media diet of the average person who normally would have voted Democratic is — I sincerely hope it’s something we get a handle on. But we need to understand that we would be lucky if the dead tree NYT is what we need to worry about.

And given that Trump is likely to overturn net neutrality, it is likely to get worse before it gets better.

Update: Fixed the Buzzfeed blockquote.

Monday: A Border Too Far

/1 Comment/in , , , , /by

In this roundup: Turkey, pipelines, and a border not meant to be crossed.

It’s nearly the end of the final Monday of 2016’s General Election campaign season. This shit show is nearly over. Thank every greater power in the universe we made it this far through these cumulative horrors.

Speaking of horrors, this Monday’s movie short is just that — a simple horror film, complete with plenty of bloody gritty gore. Rating on it is mature, not for any adult content but for its violence. The film is about illegal immigrants who want more from life, but it plays with the concepts of alien identity and zombie-ism. Who are the illegals, the aliens, the zombies? What is the nature of the predator and their prey? Does a rational explanation for the existence of the monstrous legitimize the horror they perpetuate in any way?

The logline for this film includes an even shorter tag line: Some borders aren’t meant to be crossed. This is worth meditating on after the horrors we’ve seen this past six months. Immigrants and refugees aren’t the monsters. And women aren’t feeble creatures to be marginalized and counted out.

Should also point out this film’s production team is mostly Latin American. This is the near-future of American storytelling and film. I can’t wait for more.

Tough Turkey
The situation in Turkey is extremely challenging, requiring diplomacy a certain Cheeto-headed candidate is not up to handling and will screw up if he places his own interests ahead of that of the U.S. and the rest of the world.

  • Luxembourg’s foreign minister compares Erdoğan’s purge to Nazi Germany (Deutsche Welle) — Yeah, I can’t argue with this when a political party representing an ethnic minority and a group sharing religious dogma are targeted for removal from jobs, arrest and detention.
  • Op-Ed: Erdoğan targeting critics of all kinds (Guardian) — Yup. Media, judges, teachers, persons of Kurdish heritage or Gulenist religious bent, secularists, you name it. Power consolidation in progress. Democracy, my left foot.
  • HDP boycotts Turkish parliament after the arrest of its leaders (BBC) — Erdoğan claimed the arrested HDP leaders were in cahoot with the PKK, a Kurdish group identified as a terrorist organization. You’ll recall HDP represents much of Turkey’s Kurdish minority. But Erdoğan also said he doesn’t care if the EU calls him a dictator; he said the EU abets terrorism. Sure. Tell the cities of Paris and Brussels that one. Think Erdoğan has been taking notes from Trump.
  • U.S. and Turkish military leaders meet to work out Kurd-led ops against ISIS (Guardian) — Awkward. Turkish military officials were still tetchy about an arrangement in which Kurdish forces would act against ISIS in Raqqa, Syria, about 100 miles east of Aleppo. The People’s Protection Units (YPG) militia — the Kurdish forces — will work in concert with Arab members of Syrian Democratic Forces (SDF) coalition in Raqqa to remove ISIS. Initial blame aimed at the PKK for a car bomb after HDP members were arrested heightened existing tensions between Erdoğan loyalists and the Kurds, though ISIS later took responsibility for the deadly blast. Depending on whose take one reads, the Arab part of SDF will lead the effort versus any Kurdish forces. Turkey attacked YPG forces back in August while YPG and Turkey were both supposed to be routing ISIS.

In the background behind Erdoğan’s moves to consolidate power under the Turkish presidency and the fight to eliminate ISIS from Syria and neighboring territory, there is a struggle for control of oil and gas moving through or by Turkey.

Russia lost considerable revenue after oil prices crashed in 2014. A weak ruble has helped but to replace lost revenue based on oil’s price, Russia has increased output to record levels. Increase supply only reduces price, especially when Saudi Arabia, OPEC producers, and Iran cannot agree upon and implement a production limit. If Russia will not likewise agree to production curbs, oil prices will remain low and Russia’s revenues will continue to flag.

Increasing pipelines for both oil and gas could bolster revenues, however. Russia can literally throttle supply near its end of hydrocarbon pipelines and force buyers in the EU and everywhere in between to pay higher rates — the history of Ukrainian-Russian pipeline disputes demonstrates this strategy. Bypassing Ukraine altogether would help Russia avoid both established rates and conflict there with the west. The opportunities encourage Putin to deal with Erdoğan, renormalizing relations after Turkey shot down a Russian jet last November. Russia and Turkey had met in summer of 2015 to discuss a new gas pipeline; they’ve now met again in August and in October to return to plans for funding the same pipeline.

A previous pipeline ‘war’ between Russia and the west ended in late 2014. This conflict may only have been paused, though. Between Russia’s pressure to sell more hydrocarbons to the EU, threats to pipelines from PKK-attributed terrorism and ISIS warfare near Turkey’s southwestern border, and implications that Erdoğan has been involved in ISIS’ sales of oil to the EU, Erdoğan may be willing to drop pursuit of EU membership to gain more internal control and profit from Russia’s desire for more hydrocarbon revenues. In the middle of all this mess, Erdoğan has expressed a desire to reinstate the death penalty for alleged coup plotters and dissenters — a border too far for EU membership since death penalty is not permitted by EU law.

This situation requires far more diplomatic skill than certain presidential candidates will be able to muster. Certainly not from a candidate who doesn’t know what Aleppo is, and certainly not from a candidate who thinks he is the only solution to every problem.

Cybery miscellany

That’s it for now. I’ll put up an open thread dedicated to all things election in the morning. Brace yourselves.

Wednesday: Time Travel

/1 Comment/in , , /by

In this roundup: A short film about a mother’s time travel adventure, the Internet of Stupid Things, and more.

Read more

Wednesday: Wandering

/9 Comments/in , , /by

All that is gold does not glitter; not all those who wander are lost.

— excerpt, The Lord of the Rings by J. R. R. Tolkien

It’s a lovely summer day here, cool and dry. Perfect to go walkabout, which I will do straight away after this post.

Hackety-hack-hack, Jack

  • Spearphishing method used on HRC and DNC revealed by security firm (SecureWorks) — Here’s their report, but read this Twitter thread if you don’t think you can handle the more detailed version. In short, best practice: DON’T CLICK ON SHORTENED LINKS using services like Bitly, which mask the underlying URL.
  • Researchers show speakerless computers can be hacked by listening to fans (arXiv.org) — Air-gapping a computer may not be enough if hackers can listen to fan operation to obtain information. I’ll have to check, but this may be the second such study.
  • Another massive U.S. voter database breached (Naked Security) — This time 154 million voters’ data exposed, revealing all manner of details. 154M is larger than the number of voters in the 2012 general election, though smaller than the 191M voters’ records breached in December. At least this time the database owner slammed the breach shut once they were notified of the hole by researcher Chris Vickery. Nobody’s fessed up to owning the database involved in the the December breach yet.
  • Speaking of Vickery: Terrorism databased leaked (Reddit) — Thomson-Reuters’ database used by governments and banks to identify and monitor terrorism suspects was leaked (left open?) by a third party. Vickery contacted Thomson-Reuters which responded promptly and closed the leak. Maybe some folks need to put Vickery on retainer…
  • Different kind of hack: Trump campaign hitting up overseas MPs for cash? Or is he? (Scotsman) — There are reports that Trump’s campaign sent fundraising emails received by elected representatives in the UK and Iceland. Based on what we know now about the spearphishing of HRC and DNC, has anybody thought to do forensics on these emails, especially since government officials are so willing to share them widely? Using these kinds of emails would be a particularly productive method to spearphish government and media at the same time, as well as map relationships. Oh, and sow dissension inside the Trump family, urm, campaign. On the other hand, lack of response from Trump and team suggests it’s all Trump.

Makers making, takers taking

  • Apple granted a patent to block photo-taking (9to5Mac) — The technology relies on detecting infrared signals emitted when cameras are used. There’s another use for the technology: content can be triggered to play when infrared signal is detected.
  • Government suppressing inventions as military secrets (Bloomberg) — There’s merit to this, preventing development of products which may undermine national security. But like bug bounties, it might be worth paying folks who identify methods to breach security; it’s a lot cheaper than an actual breach, and a bargain compared to research detecting the same.
  • Google wants to make its own smartphone (Telegraph-UK) — This is an effort apart from development of the modular Ara device, and an odd move after ditching Motorola. Some tech industry folks say this doesn’t make sense. IMO, there’s one big reason why it’d be worth building a new smartphone from the ground up: security. Google can’t buy an existing manufacturer without a security risk.
  • Phonemaker ZTE’s spanking for Iran sanction violations deferred (Reuters) — This seems kind of odd; U.S. Commerce department agreed to a reprieve if ZTE cooperated with the government. But then think about the issue of security in phone manufacturing and it makes some sense.

A-brisket, a Brexit

  • EU health commissioner Andriukaitis’ response to Nigel Farage’s insulting remarks (European Commission) — Farage prefaced his speech to European Commissioners yesterday by saying “Most of you have never done a proper day’s work in your life.” Nice way to win friends and influence people, huh? Dr. Vytenis Andriukaitis is kinder than racist wanker Farage deserves.
  • Analysis of next couple years post-Brexit (Twitter) — Alex White, Director of Country Analysis at the Economist Intelligence Unit, offers what he says is “a moderate/constructive call” with “Risks definitely to the downside not to the upside.” It’s very ugly, hate to see what a more extreme view would look like. A pity so many Leave voters will never read him.

Follow-up: Facebook effery
Looks like Facebook’s thrown in the towel on users’ privacy altogether, opening personal profiles in a way that precludes anonymous browsing. Makes the flip-flop on users’ location look even more sketchy. (I can’t tell you anymore about this from personal experience because I gave up on Facebook several years ago.)

Happy hump day!