Wednesday, August 24, 2022

Twitter Whistleblower Surfaces Presenting Challenge for U.S. Surveillance State, Enter CNN and The Washington Post


The background story behind Jack’s Magic Coffee Shop takes an interesting twist today, as a whistleblower deep inside the Twitter technology side of the platform begins to outline what CNN calls, “a threat to its own users’ personal information, to company shareholders, to national security, and to democracy.”

This discussion is where it becomes critical to remember the nature of stakeholders in media.

CNN is the national media firm protecting the interests of the U.S. State Dept.  The Washington Post is the national media firm protecting the interests of the U.S. intelligence apparatus.  The latest Twitter whistleblower information originates in,.. wait for it… “an explosive whistleblower disclosure obtained exclusively by CNN and The Washington Post.”

The whistleblower is a former technology expert who came from within the research farm of DARPA, the Defense Advanced Research Projects Agency.  Peiter “Mudge” Zatko, is a well-known cybersecurity expert who left government work, entered the public world, and eventually became the head of Twitter security, reporting directly to the CEO.

Peiter “Mudge” Zatko is now saying the background technology of Twitter is vulnerable to manipulation.  I’m not going to go into the granules of what Mudge is outlining, instead I prefer to focus on the bigger picture, a scenario we have been outlining for quite a while that could, emphasize *could*, become very explosive, especially considering the legal challenges between the social media platform and Elon Musk.

The nub of the bigger story is essentially that the database of Twitter, and likely other social media platforms, is integrated with the U.S. intelligence system.  The database of Twitter is not necessarily vulnerable to hacking by outside entities, although that is the framework used by media reporting this whistleblower issue.

The bigger risk to the surveillance state is discovery that Twitter and the U.S. intelligence community are in a public-private partnership. The Dept of Homeland Security has access by design, not flaw.  How the stakeholder media are reporting on the issue shows the nature of the risk, (emphasis mine):

[…] The scathing disclosure, which totals around 200 pages, including supporting exhibits — was sent last month to a number of US government agencies and congressional committees, including the Securities and Exchange Commission, the Federal Trade Commission and the Department of Justice. The existence and details of the disclosure have not previously been reported. CNN obtained a copy of the disclosure from a senior Democratic aide on Capitol Hill. The SEC, DOJ and FTC declined to comment; the Senate Intelligence Committee, which received a copy of the report, is taking the disclosure seriously and is setting a meeting to discuss the allegations, according to Rachel Cohen, a committee spokesperson. (link)

How would it damage the U.S. government if previous claims about the Chinese government having access to all user data on TikTok, are shown to be exactly identical to the U.S. government having access to all user data on Twitter?

Let that question settle in for a few moments, because that is exactly what I have been alleging since, well, 2011, when the U.S. State Dept first collaborated with Twitter in a joint public-private partnership to use the platform as a communication tool exploiting the Arab Spring uprising in Egypt, Libya and beyond.

The issue of Jack’s Magic Coffee Shop is an issue of financial viability.  The business model of Twitter just doesn’t exist as a free social media discussion platform while running the ultra-expensive data processing system needed for millions of simultaneous users.  A global chat that requires exponential database responses as an outcome of simultaneous users is just ridiculously expensive. {Go Deep} However, if the computing system and massive database were being subsidized by the U.S. government, then the viability of the ‘free coffee‘ business model makes sense.

“Cloud computing is one of the core components of the strategy to help the IC discover, access and share critical information in an era of seemingly infinite data.” … “A test scenario described by GAO in its June 2013 bid protest opinion suggests the CIA sought to compare how the solutions presented by IBM and Amazon Web Services (AWS) could crunch massive data sets, commonly referred to as big data.” … “Solutions had to provide a “hosting environment for applications which process vast amounts of information in parallel on large clusters (thousands of nodes) of commodity hardware” using a platform called MapReduce. Through MapReduce, clusters were provisioned for computation and segmentation. Test runs assumed clusters were large enough to process 100 terabytes of raw input data. AWS’ solution received superior marks from CIA procurement officials”… (MORE)

♦ Legal Stuff – The issue of American citizen privacy and U.S. constitutional limits against the government listening in on communication is functionally obsolescent.  The Foreign Intelligence Surveillance Act (FISA) prohibits communication intercepts on U.S. citizens without a valid search warrant.  However, if a U.S. citizen is engaged in a conversation with a foreign person, all privacy restrictions are essentially gone. [Insert example of Michael Flynn taking to Russian Ambassador Sergey Kislyak here]

Your phone calls can be intercepted by the government from the foreign side of the call.  The govt can freely monitor the calls that involve foreign actors.  The only rule is that your privacy must be maintained. If the foreign actor is in communication with a U.S. citizen, the U.S. citizen must be “minimized” or not identified in any intercept.

However, what happens when the phone call is on a community line that is connected, and visible, to the entire world?   That’s the benefit of social media monitoring from a surveillance perspective. It is from that opaque and unresolved archaic legal perspective that surveillance authority of social media platforms, by the U.S. intelligence community, exists.   Now you see why the SSCI is taking an interest in the Twitter whistleblower, classic risk mitigation.

Hopefully, you can also see why the 200-page whistleblower document was leaked, by a Democrat staffer, to the Washington Post and CNN.

CNN defends the equity interests of the U.S. State Dept., and WaPo defend the Intelligence Community (CIA, DHS, etc).

Within the narrative as constructed you will note, “Zatko further alleges that Twitter’s leadership has misled its own board and government regulators about its security vulnerabilities, including some that could allegedly open the door to foreign spying or manipulation, hacking and disinformation campaigns.”

If the relationship between Twitter and the U.S. intelligence community is a public-private partnership, why would Twitter want to shut down the portals given to the Dept of Homeland Security?

Answer, they wouldn’t… Ergo the response from Twitter to the whistleblower complaint is (emphasis mine), “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context.

Put another way, the “lacks important context” is the nature of the security risk, which is structural to the relationship between the intelligence community and the platform.  See how that works?

The integration between Twitter and the United States Intelligence Community has been hiding in plain sight:

July 26, 2021, (Reuters) – A counterterrorism organization formed by some of the biggest U.S. tech companies including Facebook (FB.O) and Microsoft (MSFT.O) is significantly expanding the types of extremist content shared between firms in a key database, aiming to crack down on material from white supremacists and far-right militias, the group told Reuters.

Until now, the Global Internet Forum to Counter Terrorism’s (GIFCT) database has focused on videos and images from terrorist groups on a United Nations list and so has largely consisted of content from Islamist extremist organizations such as Islamic State, al Qaeda and the Taliban.

Over the next few months, the group will add attacker manifestos – often shared by sympathizers after white supremacist violence – and other publications and links flagged by U.N. initiative Tech Against Terrorism. It will use lists from intelligence-sharing group Five Eyes, adding URLs and PDFs from more groups, including the Proud Boys, the Three Percenters and neo-Nazis.

The firms, which include Twitter (TWTR.N) and Alphabet Inc’s (GOOGL.O) YouTube, share “hashes,” unique numerical representations of original pieces of content that have been removed from their services. Other platforms use these to identify the same content on their own sites in order to review or remove it. (more)

A shared hashing protocol is a form of data system integration.  The databases of the identified social media platforms are integrated with the U.S. intelligence system.

So, what is the angle here?  Peiter/CNN’s objective is to support Musk‘s part of the legal argument. That support helps Elon Musk exit from Twitter deal. That exit allows Twitter/IC to return to surveillance operations and intel gathering with exposure risk removed. That’s Peiter’s objective.

I shall leave on a happy note, which highlights the nature of the risk:

After this article was initially published, Alex Spiro, an attorney for Musk, told CNN, “We have already issued a subpoena for Mr. Zatko, and we found his exit and that of other key employees curious in light of what we have been finding.” (LINK)

Hello, fellas…


Now, for the pantomime, and to showcase the need for extreme control by the narrative engineers.  Notice how the directors of the CNN segment use alternative actors to shape the context of what Mr. Peiter “Mudge” Zatko is saying.  This is classic intelligence community media tradecraft.

Notice what is expressly attributed to Mudge in his own words, versus what is implied toward Mudge from alternative voices and faces that appear.  Once you see the strings on the marionettes, you can never return to that moment in the performance when you did not see them.  WATCH: