In 2009, Barrett Brown created Project PM, a collective investigation into the secret world of private intelligence. Longtime collaborator and supporter Kevin Gallagher, has produced a summary of the most important findings to emerge from the project.
In a post on ‘The Purpose of Project PM’, Barrett said he initially wanted “to conceive and put into play new dynamics by which to improve information flow on the internet, as well as to develop new methods of practical online collaboration.”
In early 2011, when I began working out of the Anonops server in support of OpTunisia and then other matters, Project PM (the chief venue of which was simply an IRC channel on the Freenode server) became an extension of those efforts. Eventually it fell to the wayside as I became more heavily involved with Anonymous itself. A few months later, as a number of us continued to investigate the large mass of information that had stemmed from the HBGary hack, we turned Project PM into our shared venue/banner and re-purposed it into an informal association that would do two things: (1) disseminate information about the intelligence contracting industry and what is now being increasingly termed the “cyber-industrial complex,” including specific firms/outfits known to be involved in one or more of certain activities we oppose, and (2) provide whatever support possible to other parties that wish to pursue these issues. The first objective is carried out in a number of ways, but chiefly through our wiki, Echelon2, which serves as a repository of info on the subjects we deal with, or by providing tips to journalists and other activists on those subjects. We now work chiefly out of an IRC server, irc.project-pm.org, in one main channel called #projectpm.
For the first objective, the group created a wiki “in order to provide a centralized, actionable data set regarding the intelligence contracting industry, the PR industry’s interface with totalitarian regimes, the mushrooming infosec/’cybersecurity’ industry, and other issues constituting threats to human rights, civic transparency, individual privacy, and the health of democratic institutions.”
Romas/COIN and HBGary
In June 2011, Project PM released its report on Romas/COIN, after researching the programme by sifting through the HB Gary emails. Barrett’s report, which he announced at the Guardian, is reproduced below:
For at least two years, the U.S. has been conducting a secretive and immensely sophisticated campaign of mass surveillance and data mining against the Arab world, allowing the intelligence community to monitor the habits, conversations, and activity of millions of individuals at once. And with an upgrade scheduled for later this year, the top contender to win the federal contract and thus take over the program is a team of about a dozen companies which were brought together in large part by Aaron Barr – the same disgraced CEO who resigned from his own firm earlier this year after he was discovered to have planned a full-scale information war against political activists at the behest of corporate clients. The new revelation provides for a disturbing picture, particularly when viewed in a wider context. Unprecedented surveillance capabilities are being produced by an industry that works in secret on applications that are nonetheless funded by the American public – and which in some cases are used against that very same public. Their products are developed on demand for an intelligence community that is not subject to Congressional oversight and which has been repeatedly shown to have misused its existing powers in ways that violate U.S. law as well as American ideals. And with expanded intelligence capabilities by which to monitor Arab populations in ways that would have previously been impossible, those same intelligence agencies now have improved means by which to provide information on dissidents to those regional dictators viewed by the U.S. as strategic allies.
The nature and extent of the operation, which was known as Romas/COIN and which is scheduled for replacement sometime this year by a similar program known as Odyssey, may be determined in part by a close reading of hundreds of e-mails among the 70,000 that were stolen in February from the contracting firm HBGary Federal and its parent company HBGary. Other details may be gleaned by an examination of the various other firms and individuals that are discussed as being potential partners.
Of course, there are many in the U.S. that would prefer that such details not be revealed at all; such people tend to cite the amorphous and much-abused concept of “national security” as sufficient reason for the citizenry to stand idly by as an ever-expanding coalition of government agencies and semi-private corporations gain greater influence over U.S. foreign policy. That the last decade of foreign policy as practiced by such individuals has been an absolute disaster even by the admission of many of those who put it into place will not faze those who nonetheless believe that the citizenry should be prevented from knowing what is being done in its name and with its tax dollars.
To the extent that the actions of a government are divorced from the informed consent of those who pay for such actions, such a government is illegitimate. To the extent that power is concentrated in the hands of small groups of men who wield such power behind the scenes, there is no assurance that such power will be used in a manner that is compatible with the actual interests of that citizenry, or populations elsewhere. The known history of the U.S. intelligence community is comprised in large part of murder, assassinations, disinformation, the toppling of democratic governments, the abuse of the rights of U.S. citizens, and a great number of other things that cannot even be defended on “national security” grounds insomuch as that many such actions have quite correctly turned entire populations against the U.S. government. This is not only my opinion, but also the opinion of countless individuals who once served in the intelligence community and have since come to criticize it and even unveil many of its secrets in an effort to alert the citizenry to what has been unleashed against the world in the name of “security.”
Likewise, I will here provide as much information as I can on Romas/COIN and its upcoming replacement.
Although the relatively well-known military contractor Northrop Grumman had long held the contract for Romas/COIN, such contracts are subject to regular recompetes by which other companies, or several working in tandem, can apply to take over. In early February, HBGary Federal CEO Aaron Barr wrote the following e-mail to Al Pisani, an executive at the much larger federal contractor TASC, a company which until recently had been owned by Northrop and which was now looking to compete with it for lucrative contracts:
“I met with Bob Frisbie the other day to catch up. He is looking to expand a capability in IO related to the COIN re-compete but more for DoD. He told me he has a few acquisitions in the works that will increase his capability in this area. So just a thought that it might be worth a phone call to see if there is any synergy and strength between TASC and ManTech in this area. I think forming a team and response to compete against SAIC will be tough but doable.” IO in this context stands for “information operations,” while COIN itself, as noted in an NDA attached to one of the e-mails, stands for “counter intelligence.” SAIC is a larger intelligence contractor that was expected to pursue the recompete as well. Bob Frisbie is the CEO of Mantech, a firm with which would later offer Barr a position under a new firm to be created for the purpose.
Pisani agreed to the idea, and in conjunction with Barr and fellow TASC exec John Lovegrove, the growing party spent much of the next year working to create a partnership of firms capable of providing the “client” – a U.S. agency that is never specified in the hundreds of e-mails that follow – with capabilities that would outmatch those being provided by Northrop, SAIC, or other competitors.
Several e-mails in particular provide a great deal of material by which to determine the scope and intent of Romas/COIN. One that Barr wrote to his own e-mail account, likely for the purpose of adding to other documents later, is entitled “Notes on COIN.” It begins with a list of entries for various facets of the program, all of which are blank and were presumably filled out later: “ISP, Operations, Language/Culture, Media Development, Marketing and Advertising, Security, MOE.” Afterwards, another list consists of the following: “Capabilities, Mobile Development, Challenges, MOE, Infrastructure, Security.” Finally, a list of the following websites is composed, many of which represent various small companies that provide niche marketing services pursuant to mobile phones.
More helpful is a later e-mail from Lovegrove to Barr and some of his colleagues at TASC in which he announces the following:
Our team consists of:
– TASC (PMO, creative services)
– HB Gary (Strategy, planning, PMO)
– Akamai (infrastructure)
– Archimedes Global (Specialized linguistics, strategy, planning)
– Acclaim Technical Services (specialized linguistics)
– Mission Essential Personnel (linguistic services)
– Cipher (strategy, planning operations)
– PointAbout (rapid mobile application development, list of strategic partners)
– Google (strategy, mobile application and platform development – long list of strategic partners)
– Apple (mobile and desktop platform, application assistance -long list of strategic partners)
We are trying to schedule an interview with ATT plus some other small app developers.
From these and dozens of other clues and references, the following may be determined about the nature of Romas/COIN:
1. Mobile phone software and applications constitute a major component of the program.
2. There’s discussion of bringing in a “gaming developer,” apparently at the behest of Barr, who mentions that the team could make good use of “a social gaming company maybe like zynga, gameloft, etc.” Lovegrove elsewhere notes: “I know a couple of small gaming companies at MIT that might fit the bill.”
3. Apple and Google were active team partners, and AT&T may have been as well. The latter is known to have provided the NSA free reign over customer communications (and was in turn protected by a bill granting them retroactive immunity from lawsuits). Google itself is the only company to have received a “Hostile to Privacy” rating from Privacy International. Apple is currently being investigated by Congress after the iPhone was revealed to compile user location data in a way that differs from other mobile phones; the company has claimed this to have been a “bug.”
4. The program makes use of several providers of “linguistic services.” At one point, the team discusses hiring a military-trained Arabic linguist. Elsewhere, Barr writes: “I feel confident I can get you a ringer for Farsi if they are still interested in Farsi (we need to find that out). These linguists are not only going to be developing new content but also meeting with folks, so they have to have native or near native proficiency and have to have the cultural relevance as well.”
5. Alterion and SocialEyez are listed as “businesses to contact.” The former specializes in “social media monitoring tools.” The latter uses “sophisticated natural language processing methodology” in order to “process tens of millions of multi-lingual conversations daily” while also employing “researchers and media analysts on the ground;” its website also notes that “Millions of people around the globe are now networked as never before – exchanging information and ideas, forming opinions, and speaking their minds about everything from politics to products.”
6. At one point, TASC exec Chris Clair asks Aaron and others, “Can we name COIN Saif? Saif is the sword an Arab executioner uses when they decapitate criminals. I can think of a few cool brands for this.”
7. A diagram attached to one of Barr’s e-mails to the group (http://imageshack.us/photo/my-images/7/pmo.png/) depicts MAGPII as interacting in some unspecified manner with “Foreign Mobile” and “Foreign Web.” MAGPII is a project of Barr’s own creation which stands for “Magnify Personal Identifying Information,” involves social networking, and is designed for the purpose of storing personal information on users. Although details are difficult to determine from references in Barr’s e-mails, he discusses the project almost exclusively with members of military intelligence to which he was pitching the idea.
8. There are sporadic references to such things as “semantic analysis,” “Latent Semantic Indexing,” “specialized linguistics,” and OPS, a programming language designed for solving problems using expert systems.
9. Barr asks the team’s partner at Apple, Andy Kemp (whose signature lists him as being from the company’s Homeland Defense/National Programs division), to provide him “a contact at Pixar/Disney.”
Altogether, then, a successful bid for the relevant contract was seen to require the combined capabilities of perhaps a dozen firms – capabilities whereby millions of conversations can be monitored and automatically analyzed, whereby a wide range of personal data can be obtained and stored in secret, and whereby some unknown degree of information can be released to a given population through a variety of means and without any hint that the actual source is U.S. military intelligence. All this is merely in addition to whichever additional capabilities are not evident from the limited description available, with the program as a whole presumably being operated in conjunction with other surveillance and propaganda assets controlled by the U.S. and its partners.
Whatever the exact nature and scope of COIN, the firms that had been assembled for the purpose by Barr and TASC never got a chance to bid on the program’s recompete. In late September, Lovegrove noted to Barr and others that he’d spoken to the “CO [contracting officer] for COIN.” “The current procurement approach is cancelled [sic], she cited changed requirements,” he reported. “They will be coming out with some documents in a month or two, most likely an updated RFI [request for information]. There will be a procurement following soon after. We are on the list to receive all information.” On January 18th of next year, Lovegrove provided an update: “I just spoke to the group chief on the contracts side (Doug K). COIN has been replaced by a procurement called Odyssey. He says that it is in the formative stages and that something should be released this year. The contracting officer is Kim R. He believes that Jason is the COTR [contracting officer’s technical representative].” Another clue is provided in the ensuing discussion when a TASC executive asks, “Does Odyssey combine the Technology and Content pieces of the work?”
The unexpected change-up didn’t seem to faze the corporate partnership, which was still a top contender to compete for the upcoming Odyssey procurement. Later e-mails indicate a meeting between key members of the group and the contracting officer for Odyssey at a location noted as “HQ,” apparently for a briefing on requirements for the new program, on February 3rd of 2011. But two days after that meeting, the servers of HBGary and HBGary Federal were hacked by a small team of Anonymous operatives in retaliation for Barr’s boasts to Financial Times that he had identified the movement’s “leadership;” 70,000 e-mails were thereafter released onto the internet. Barr resigned a few weeks later.
Along with clues as to the nature of COIN and its scheduled replacement, a close study of the HBGary e-mails also provide reasons to be concerned with the fact that such things are being developed and deployed in the way that they are. In addition to being the driving force behind the COIN recompete, Barr was also at the center of a series of conspiracies by which his own company and two others hired out their collective capabilities for use by corporations that sought to destroy their political enemies by clandestine and dishonest means, some of which appear to be illegal. None of the companies involved have been investigated; a proposed Congressional inquiry was denied by the committee chair, noting that it was the Justice Department’s decision as to whether to investigate, even though it was the Justice Department itself that made the initial introductions. Those in the intelligence contracting industry who believe themselves above the law are entirely correct.
That such firms will continue to target the public with advanced information warfare capabilities on behalf of major corporations is by itself an extraordinary danger to mankind as a whole, particularly insomuch as that such capabilities are becoming more effective while remaining largely unknown outside of the intelligence industry. But a far greater danger is posed by the practice of arming small and unaccountable groups of state and military personnel with a set of tools by which to achieve better and better “situational awareness” on entire populations while also being able to manipulate the information flow in such a way as to deceive those same populations. The idea that such power can be wielded without being misused is contradicted by even a brief review of history.
History also demonstrates that the state will claim such powers as a necessity in fighting some considerable threat; the U.S. has defended its recent expansion of powers by claiming they will only be deployed to fight terrorism and will never be used against American civilians. This is cold comfort for those in the Arab world who are aware of the long history of U.S. material support for regimes they find convenient, including those of Saddam Hussein, Hosni Mubarak, and the House of Saud. Nor should Americans be comforted by such promises from a government that has no way of ensuring that they will be kept; it was just a few months ago that a U.S. general in Afghanistan ordered a military intelligence unit to use pysops on visiting senators in an effort to secure increased funding for the war, an illegal act; only a few days prior, CENTCOM spokesmen were confidently telling the public that such other psychological capabilities as persona management would never be used on Americans as that would be illegal. The fact is that such laws have been routinely broken by the military and intelligence community, who are now been joined in this practice by segments of the federal contracting industry.
It is inevitable, then, that such capabilities as form the backbone of Romas/COIN and its replacement Odyssey will be deployed against a growing segment of the world’s population. The powerful institutions that wield them will grow all the more powerful as they are provided better and better methods by which to monitor, deceive, and manipulate. The informed electorate upon which liberty depends will be increasingly misinformed. No tactical advantage conferred by the use of these programs can outweigh the damage that will be done to mankind in the process of creating them.