[p2p-research] Fwd: Please read this long but CHILLING! (project vigilante and the private and volunteer market for data handed over to US government)

Michel Bauwens michelsub2004 at gmail.com
Wed Aug 4 03:56:43 CEST 2010


---------- Forwarded message ----------
From: Gordon Cook <cook at cookreport.com>
Date: Tue, Aug 3, 2010 at 11:47 PM
Subject: Please read this long but CHILLING!
To: Michel Bauwens <michelsub2004 at gmail.com>, Sepp Hasslberger <
sepp at lastrega.com>


i really really recommend incorporation in the wiki somewhere and wide
distribution


Monday, Aug 2, 2010 08:03 ET Project Vigilant and the government/corporate
destruction of privacy<http://www.salon.com/news/opinion/glenn_greenwald/2010/08/02/privacy/index.html>
By Glenn Greenwald

   -

 *Forbes*' technology writer Andy Greenberg
reports<http://blogs.forbes.com/firewall/2010/08/01/stealthy-government-contractor-monitors-u-s-internet-providers-says-it-employed-wikileaks-informant/>that
at the Defcon Security Conference yesterday, an individual named Chet
Uber appeared with revelations about the case of accused WikiLeaks leaker
Bradley Manning and government informant Adrian Lamo.  These revelations are
both remarkable in their own right and, more important, highlight some
extremely significant, under-examined developments unrelated to that case.
This is a somewhat complex story and it raises even more complex issues, but
it is extremely worthwhile to examine.

Uber is the Executive Director of a highly secretive group called Project
Vigilant <https://www.projectvigilant.us/>, which, as Greenberg
writes, *"monitors
the traffic of 12 regional Internet service providers" and "hands much of
that information to federal agencies."*  More on that in a minute.  Uber
revealed yesterday that Lamo, the hacker who turned in Manning to the
federal government for allegedly confessing to being the WikiLeaks leaker,
was a "volunteer analyst" for Project Vigilant; that it was Uber who
directed Lamo to federal authorities to inform on Manning by using his
contacts to put Lamo in touch with the "highest level people in the
government" at "three letter agencies"; and, according to a *Wired* report
this morning<http://www.wired.com/threatlevel/2010/08/lamo-classified-documents/>,
it was Uber who strongly pressured Lamo to inform by telling him (falsely)
that he'd likely be arrested if he failed to turn over to federal agents
everything he received from Manning.

   - Continue reading<http://www.salon.com/news/opinion/glenn_greenwald/2010/08/02/privacy/index.html>

 So, while Lamo has repeatedly denied (including in his interview with
me<http://www.salon.com/news/opinion/glenn_greenwald/2010/06/18/wikileaks>)
that
he ever worked with federal authorities, it turns out that he was a
"volunteer analyst" for an entity which collects private Internet data in
order to process it and turn it over to the Federal Government.  That makes
the whole Manning case all the more strange:  Manning not only abruptly
contacted a disreputable hacker out of the blue and confessed to major
crimes over the Interent, but the hacker he arbitrarily chose just happened
to be an "analyst" for a group that monitors on a massive scale the private
Internet activities of American citizens in order to inform on them to U.S.
law enforcement agencies (on a side note, if you want to judge what Adrian
Lamo is, watch him in this amazing *BBC*
interview<http://www.youtube.com/watch?v=OH9pGZAV18c>;
I've never seen someone behave quite like him on television before).

In terms of what they mean for the Manning case, those revelations require a
lot more analysis, but I want to focus on the much more important aspect of
these revelations:  namely, what Project Vigilant does as well as the
booming private domestic espionage industry of which they are a part.
There's very little public information about this organization, but what
they essentially are is some sort of vigilante group that collects vast
amount of private data about the Internet activities of millions of
citizens, processes that data into usable form, and then literally turns it
over to the U.S. Government, claiming its motive is to help the Government
detect Terrorists and other criminals.  From the *Forbes* report:

 According to Uber, one of Project Vigilant's manifold methods for gathering
intelligence includes *collecting information from a dozen regional U.S.
Internet service providers (ISPs).*  Uber declined to name those ISPs, but
said that because the companies included a provision allowing them to share
users' Internet activities with third parties in their end user license
agreements (EULAs), Vigilant was able to legally gather data from those
Internet carriers and use it to *craft reports for federal agencies.* A
Vigilant press release says that the *organization tracks more than 250
million IP addresses a day and can "develop portfolios on any name, screen
name or IP address."*

They're tracking 250 million IP addresses a day, compiling dossiers, and
then turning them over to federal agencies -- with the ability to link that
information to "any name."  As this June, 2010 article from the
*Examiner*<http://www.examiner.com/x-27653-SF-Technology-Examiner~y2010m6d22-Big-names-help-run-Project-Vigilant>--
one of the very few ever written about the group -- put it:

 Project Vigilant has been operating in near total secrecy for over a
decade, monitoring potential domestic terrorist activity and tracking
various criminal activities on the Web. In a series of exclusive interviews
with some of the group's leaders, it's clear that the people doing this work
are *among the most sophisticated and experienced experts in today's rapidly
moving world of Internet security.*

<http://3.bp.blogspot.com/_MnYI3_FRbbQ/TFccxvOnywI/AAAAAAAAChQ/H6SxHQTVP6U/s1600/vigilant.png>In
case you doubt the seriousness of this group, consider the list of its
officials, which includes Mark Rasch, who headed the DOJ's Internet
Crime Unit for 9 years; Kevin Manson, a retired Homeland Security official;
George Johnson, who "develop[ed] secure tools for the exchange of sensitive
information between federal agencies" for the Pentagon; Ira Winkler, a
former NSA official; and Suzanne Gorman, former security chief of the New
York Stock Exchange.  These are people with extensive, sophisticated
expertise in compiling highly invasive data about individuals' Internet
activities, and more so -- given their background -- how to package it in a
way that can be used by federal agencies.

* * * * *

Project Vigilant is but one manifestation of a booming and unaccountable
industry:  groups which collect vast amounts of highly informative data
about American citizens -- particularly their Internet activities -- and
then sell it or otherwise furnish it to the U.S. Government.  A separate *
Examiner* article
described<http://www.examiner.com/x-27653-SF-Technology-Examiner~y2010m6d21-Secret-group-aids-fight-against-terror>how
Project Vigilant is funded by
BBHC Global <http://www.bbhc-global.com/>, a highly secretive "information
security firm" -- see if you can find any information about it -- whose
Managing Director, Steven Ruhe, drapes himself in the same creepy,
vigilante-patriot language as the group which he funds:

 In the fight against terror, the U.S needs all the help it can get, even if
that assistance comes from unpaid volunteers.  For the past 14 years, a
significant volunteer group of U.S. citizens has been operating in near
total secrecy to monitor and report illegal or potentially harmful activity
on the Web.

Flying "under the radar" and carefully discouraging any press coverage that
focused on the group, Project Vigilant has quietly operated in the eddies
and whirlpools of Internet research, feeding tips and warnings to federal,
state and military agencies. The group claims over 500 current members,
although their names and identities are still mostly secret.  Their members
comprise some of the most knowledgeable experts in the field of information
security today and include current employees of the U.S. government, law
enforcement and the military. . . .

The group's collaboration with the U.S. Government is handled through
another highly secure web portal <https://cybercop.esportals.com/> which
supports protected email, chat and other features.

Project Vigilant is funded by BBHC Global, an information security firm
based in the Midwest, and private donations. Uber's boss is Steven Ruhe, the
Managing Member of BBHC Global. "I've always been a small town guy with big
dreams," said Ruhe who was born and raised in Nebraska and sells Amway
products on the side. "This work is for a really good cause."

Project Vigilant is organized and run on a structure not unlike that of the
military. Uber himself will serve only two more years in his "tour of duty"
as the Project's Director and then another member will take his place.

"This is the most rewarding thing I've ever done in my life," said Uber.
"I'm helping keep our country safer."

Uber told *Computer
World*<http://www.computerworld.com/s/article/9179998/Meet_the_man_who_helped_Lamo_turn_in_Manning_the_Wikileaker>that
he decided to divulge his group's role in directing Lamo to turn into
an informant because he thought that Lamo's patriotic act was being unfairly
disparaged.

What's really going on here is that the ability to construct dossiers on
citizens' Internet activities has increased dramatically over the last
several years, as increasing parts of citizens' private lives take place
online.  Put another way -- and this isn't news -- online privacy has all
but evaporated.  Virtually every step anyone takes online -- from the
websites they visit to the transactions they engage in -- are not only now
stored and tracked by multiple companies, but are then compiled and made
available to a wide variety of groups.  As a *Wall St. Journal* article from
this weekend documents<http://online.wsj.com/article/SB10001424052748703977004575393173432219064.html?mod=ITP_pageone_0>,
the original impetus for this comprehensive tracking was a commercial
one:  the more websites and advertisers know about you, the more they can
make use of that knowledge, from auctioning you to various advertisers,
selling the data about you, and catering messages and ads to your profile.
As the ACLU's long-time privacy expert Chris Calabrese told me this morning,
"virtually every step you take online is now tracked by numerous mechanisms
and instantly processed."

But it's the re-packaging and transfer of this data to the U.S. Government
-- combined with the ability to link it not only to your online identity
(IP address), but also your offline identity (name) -- that has made this
industry particularly pernicious.  There are serious obstacles that impede
the Government's ability to create these electronic dossiers themselves.  It
requires both huge resources and expertise.  Various statutes enacted in the
mid-1970s -- such as the Privacy Act of 1974 -- impose transparency
requirements and other forms of accountability on programs whereby the
Government collects data on citizens.  And the fact that much of the data
about you ends up in the hands of private corporations can create further
obstacles, because the tools which the Government has to compel private
companies to turn over this information is limited (the fact that the FBI is
sometimes unable to obtain your "transactional" Internet data without a
court order -- *i.e.*, whom you email, who emails you, what Google searches
you enter, and what websites you visit --is what has caused the Obama
administration to demand that
Congress<http://www.washingtonpost.com/wp-dyn/content/article/2010/07/28/AR2010072806141.html?hpid=topnews>amend
the Patriot Act to vest them with the power to obtain all of that with
no judicial supervision).

But the emergence of a private market that sells this data to the
Government (or, in the case of Project Vigilance, is funded in order to hand
it over voluntarily) has eliminated those obstacles.  As a result, the
Government is able to circumvent the legal and logistical restrictions on
maintaining vast dossiers on citizens, and is doing exactly that.  While
advertisers really only care about your online profile (IP address) in order
to assess what you do and who you are, the Government wants your online
activities linked to your actual name and other identifying information.  As
Calabrese put it:  "it's becoming incredibly easy for these companies to
link your IP information to who you really are, by, for example, tracing it
to your Facebook page or other footprints you leave with your identifying
information."  As but one example, *The Washington Post* recently began
automatically linking any visitors -- without their knowledge or
consent<http://www.tuesdaynight.org/2010/05/07/facebook-washington-post-behavior-i-cannot-explain.html>--
to their
logged-in Facebook
page<http://newspaperpublishing.suite101.com/article.cfm/washington-post-facebook-join-to-make-reader-input-part-of-site>.
The information turned over to the Government is now easily linkable -- and
usually linked -- to the citizens' actual identity.

An incredibly prescient 2004 Report from the
ACLU<http://www.aclu.org/FilesPDFs/surveillance_report.pdf>documented
the flourishing problem back then.  This was its title:

<http://4.bp.blogspot.com/_MnYI3_FRbbQ/TFcCd4dv6XI/AAAAAAAAChI/BI4nvDRPGRE/s1600/aclu.png>

The Report documents how two early Bush era surveillance programs were
killed by Congress for overreaching:  one -- the Total Information Awareness
project from John Poindexter -- which would have data mined virtually all
online data to detect individuals of interest to the Government, and a
second -- the Terrorism Information and Prevention System (TIPS) -- which
was designed to recruit 1 million private citizens to inform the Government
of suspicious acts.  But as the ACLU Report warned, both projects ended up
being developed in alternative forms.  Indeed, a wide array of government
agencies have created countless programs to encourage and formally train
various private workers (such as cable installers, utilities workers and
others who enter people's homes) to act as government informants and report
any "suspicious" activity; see one example
here<http://www.denverpost.com/news/ci_9725077>.  Meanwhile,
TIA has been replicated, and even surpassed, as a result of private
industries' willingness to do the snooping work on American citizens which
the Government cannot do.

Oftentimes, private corporations simply turn over whatever information the
Government requests even in the absence of legal compulsion.  They do so due
to a variety of motives:  an eagerness to build profitable relationships
with the Government, fear of regulatory or legal reprisals if they resist,
or a belief that they are being patriotic.  Numerous large corporations,
such as airlines <http://news.cnet.com/2010-1029-5080339.html>, have been
caught *voluntarily* turning over to the Government vast amounts of invasive
information about their passengers.  And, of course, the illegal Bush
NSA spying program was accomplished by the voluntary (though highly
profitable) participation by most of the telecom industry, which literally
turned over unfettered access to the Government to their customers' calling
and Internet records and even communication content.

But it's the emergence of a private market for this data -- whereby the
Government pays corporations to collect, process and then furnish it -- that
has vastly elevated the Government's ability to collect such data about
citizens.  As the ACLU Report put it, this arrangement provides the best of
all worlds for the Government and the worst for citizens:

 *The use of private-sector data aggregators allows the government to
insulate surveillance and information-handling practices from privacy laws
or public scrutiny.* That is sometimes an important motivation in outsourced
surveillance.  Private companies are free not only from complying with the
Privacy Act, but from other checks and balances, such as the Freedom of
Information Act.  They are also insulated from oversight by Congress and are
not subject to civil-service laws designed to ensure that government
policymakers are not influenced by partisan politics. . . .

In light of this, it's not surprising that -- just as is true for all of
their surveillance
activities<http://www.salon.com/news/opinion/glenn_greenwald/2010/03/29/mcconnell>--
government officials have been actively developing ways to recruit
private corporations into spying on American citizens for them.  The FBI
created a particularly creepy program -- called
InfraGard<http://www.infragard.net/about.php?mn=1&sm=1-0>-- in
which 23,000 companies (including most of the Fortune
500)<http://www.progressive.org/node/6052/>are in an
information-sharing program with federal law enforcement agencies.
 From the ACLU Report:

 The program has more than 10,000 members organized into 79 local chapters;
the list of participating companies is kept secret. Members wishing to
participate fully must undergo a security check and obtain clearance by the
FBI.  *The Cleveland Plain Dealer* described it as a "a vast informal
network of powerful friends," a "giant group of tipsters" created by the FBI
under a "philosophy of quietly working with corporate America" in order to
"funnel security alerts away from the public eye and receive tips on
possible illegal activity."

But there is evidence that InfraGard may be closer to a corporate TIPS
program, turning private-sector corporations -- some of which may be in a
position to *observe the activities of millions of individual customers --
into surrogate eyes and ears for the FBI. . . .*

There is a long and unfortunate history of cooperation between government
security agencies and powerful corporations to deprive individuals of their
privacy and other civil liberties, and any program that institutionalizes
close, secretive ties between such organizations raises serious questions
about the scope of its activities, now and in the future.

Another option open to government agencies seeking information on
individuals is to simply purchase it on the open market.  *As private-sector
information-gathering has exploded in recent years, so has the amount of
data that is now available to the government (and any other customer)
willing to pay the price.*  Although government information-purchasing was
once a minor matter, the explosion of private-sector data collection has
begun to significantly undermine the laws meant to protect Americans from
government snooping.

Just to bring us full circle:  Chet Uber, the Executive Director of Project
Vigilant, was one of the founding members of
InfraGard<http://www.examiner.com/x-27653-SF-Technology-Examiner~y2010m6d22-Big-names-help-run-Project-Vigilant>(and
again:  how incredibly lucky for the U.S. Government that the alleged
WikiLeaks leaker, sitting in Iraq, just happened to pick one of Uber's
underlings as the total stranger to whom he allegedly confessed his grave
National Security crimes).

* * * * *

It's really beyond dispute that one has virtually no privacy from the
Government.  That's not just true in theory, but in practice, as
the Government seriously escalates the various ways it maintains dossiers on
citizens.  Many privacy advocates have long taken some comfort in the fact
that this data is too vast for the Government to figure out how to use, but
with the aid of private industry and these strangely well-funded and
sophisticated groups, there are clearly efforts to make this snooping far
more useful and manageable.

Many people are indifferent to the disappearance of privacy -- even with
regard to government officials -- because they don't perceive any real value
to it.  The ways in which the loss of privacy destroys a society are
somewhat abstract and difficult to articulate, though very real.  A society
in which people know they are constantly being monitored is one that breeds
conformism and submission, and which squashes innovation, deviation, and
real dissent.

The old cliché is often mocked though basically true:  there's no reason to
worry about surveillance if you have nothing to hide.  That mindset creates
the incentive to be as compliant and inconspicuous as possible:  those who
think that way decide it's in their best interests to provide authorities
with as little reason as possible to care about them.  That's accomplished
by never stepping out of line.  Those willing to live their lives that way
will be indifferent to the loss of privacy because they feel that they lose
nothing from it.  Above all else, that's what a Surveillance State does:  it
breeds fear of doing anything out of the ordinary by creating a class of
meek citizens who know they are being constantly watched.

But even those who think that way should appreciate the real importance of
these developments. Consider the rage that has been directed over the last
week toward WikiLeaks.  They are predictably accused of being America's
Enemy<http://www.washingtonpost.com/wp-dyn/content/article/2010/08/02/AR2010080202627.html?hpid=opinionsbox1>,
in alliance with Al
Qaeda<http://www.abovetopsecret.com/forum/thread599129/pg1>,
a Terrorist group <http://twitter.com/nirrosen/status/20095766158>, etc.
etc.  One of their volunteers -- U.S. citizen Jacob Appelbaum -- was
detained for three hours at the airport
yesterday<http://www.nytimes.com/2010/08/02/world/02wiki.html?scp=1&sq=appelbaum&st=cse>when
re-entering the country from a foreign trip, denied access to a
lawyer,
had his cellphones seized and his laptop searched, and was told he'd likely
be subjected to this treatment every time he left the U.S. and tried to
re-enter.   Why has WikiLeaks provoked such animosity?  Because they
committed the gravest sin:  they breached the Absolute Wall of Secrecy
behind which our Government, and its private National Security
and Surveillance State partners, operate.  That's why WikiLeaks is so
despised, deemed such a threat:  because they are undermining in very modest
ways the absolute secrecy of these power factions, and many citizens have
been trained to believe in the justifiability of that pervasive secrecy as
well.

But while these factions demand total secrecy for their actions, they
simultaneously demand that you have none for yours.  They want to know
everything about what you do -- and are knowing all of that -- while you
know nothing about what they do.   The loss of privacy is entirely one-way.
Government and corporate authorities have destroyed most vestiges of privacy
for you, while ensuring that they have more and more for themselves.  The
extent to which you're monitored grows in direct proportion to the secrecy
with which they operate.  Sir Francis Bacon's now platitudinous observation
that "knowledge itself is power" is as true as ever.  That's why this severe
and always-growing imbalance is so dangerous, even to those who are
otherwise content to have themselves subjected to constant monitoring.


   -
      - Permalink<http://www.salon.com/news/opinion/glenn_greenwald/2010/08/02/privacy/index.html>
      - Short URL <http://salon.com/a/snQofAA==>


   =============================================================
The COOK Report on Internet Protocol, (PSTN) 609 882-2572 (Skype-in) 609
643-4067
Back Issues:
http://www.cookreport.com/index.php?option=com_docman&task=cat_view&gid=37&Itemid=61

 Cook's Collaborative Edge Blog http://gordoncook.net/wp/
 Subscription info:
http://www.cookreport.com/index.php?option=com_content&view=article&id=54&Itemid=65
=============================================================











-- 
P2P Foundation: http://p2pfoundation.net  - http://blog.p2pfoundation.net

Connect: http://p2pfoundation.ning.com; Discuss:
http://listcultures.org/mailman/listinfo/p2presearch_listcultures.org

Updates: http://del.icio.us/mbauwens; http://friendfeed.com/mbauwens;
http://twitter.com/mbauwens; http://www.facebook.com/mbauwens

Think tank: http://www.asianforesightinstitute.org/index.php/eng/The-AFI
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listcultures.org/pipermail/p2presearch_listcultures.org/attachments/20100804/d127ff93/attachment-0001.html>


More information about the p2presearch mailing list