by MICHAEL SHELLENBERGER, ALEX GUTENTAG, AND MATT TAIBBI
A whistleblower has come forward with an explosive new trove of documents, rivaling or exceeding the Twitter Files and Facebook Files in scale and importance. They describe the activities of an “anti-disinformation” group called the Cyber Threat Intelligence League, or CTIL, that officially began as the volunteer project of data scientists and defense and intelligence veterans but whose tactics over time appear to have been absorbed into multiple official projects, including those of the Department of Homeland Security (DHS).
The CTI League documents offer the missing link answers to key questions not addressed in the Twitter Files and Facebook Files. Combined, they offer a comprehensive picture of the birth of the “anti-disinformation” sector, or what we have called the Censorship Industrial Complex.
The whistleblower’s documents describe everything from the genesis of modern digital censorship programs to the role of the military and intelligence agencies, partnerships with civil society organizations and commercial media, and the use of sock puppet accounts and other offensive techniques.
“Lock your shit down,” explains one document about creating “your spy disguise.”
Another explains that while such activities overseas are “typically” done by “the CIA and NSA and the Department of Defense,” censorship efforts “against Americans” have to be done using private partners because the government doesn’t have the “legal authority.”
The whistleblower alleges that a leader of CTI League, a “former” British intelligence analyst, was “in the room” at the Obama White House in 2017 when she received the instructions to create a counter-disinformation project to stop a “repeat of 2016.”
Over the last year, Public, Racket, congressional investigators, and others have documented the rise of the Censorship Industrial Complex, a network of over 100 government agencies and nongovernmental organizations that work together to urge censorship by social media platforms and spread propaganda about disfavored individuals, topics, and whole narratives.
The US Department of Homeland Security’s Cybersecurity and Information Security Agency (CISA) has been the center of gravity for much of the censorship, with the National Science Foundation financing the development of censorship and disinformation tools and other federal government agencies playing a supportive role.
Emails from CISA’s NGO and social media partners show that CISA created the Election Integrity Partnership (EIP) in 2020, which involved the Stanford Internet Observatory (SIO) and other US government contractors. EIP and its successor, the Virality Project (VP), urged Twitter, Facebook and other platforms to censor social media posts by ordinary citizens and elected officials alike.
Despite the overwhelming evidence of government-sponsored censorship, it had yet to be determined where the idea for such mass censorship came from. In 2018, an SIO official and former CIA fellow, Renee DiResta, generated national headlines before and after testifying to the US Senate about Russian government interference in the 2016 election.
But what happened between 2018 and Spring 2020? The year 2019 has been a black hole in the research of the Censorship Industrial Complex to date. When one of us, Michael, testified to the U.S. House of Representatives about the Censorship Industrial Complex in March of this year, the entire year was missing from his timeline.
An Earlier Start Date for Censorship Industrial Complex
Now, a large trove of new documents, including strategy documents, training videos, presentations, and internal messages, reveal that, in 2019, US and UK military and intelligence contractors led by a former UK defense researcher, Sara-Jayne “SJ” Terp, developed the sweeping censorship framework. These contractors co-led CTIL, which partnered with CISA in the spring of 2020.
In truth, the building of the Censorship Industrial Complex began even earlier — in 2018.
Internal CTIL Slack messages show Terp, her colleagues, and officials from DHS and Facebook all working closely together in the censorship process.
The CTIL framework and the public-private model are the seeds of what both the US and UK would put into place in 2020 and 2021, including masking censorship within cybersecurity institutions and counter-disinformation agendas; a heavy focus on stopping disfavored narratives, not just wrong facts; and pressuring social media platforms to take down information or take other actions to prevent content from going viral.
In the spring of 2020, CTIL began tracking and reporting disfavored content on social media, such as anti-lockdown narratives like “all jobs are essential,” “we won’t stay home,” and “open America now.” CTIL created a law enforcement channel for reporting content as part of these efforts. The organization also did research on individuals posting anti-lockdown hashtags like #freeCA and kept a spreadsheet with details from their Twitter bios. The group also discussed requesting “takedowns” and reporting website domains to registrars.
CTIL’s approach to “disinformation” went far beyond censorship. The documents show that the group engaged in offensive operations to influence public opinion, discussing ways to promote “counter-messaging,” co-opt hashtags, dilute disfavored messaging, create sock puppet accounts, and infiltrate private invite-only groups.
In one suggested list of survey questions, CTIL proposed asking members or potential members, “Have you worked with influence operations (e.g. disinformation, hate speech, other digital harms etc) previously?” The survey then asked whether these influence operations included “active measures” and “psyops.”
These documents came to us via a highly credible whistleblower. We were able to independently verify their legitimacy through extensive cross-checking of information to publicly available sources. The whistleblower said they were recruited to participate in CTIL through monthly cybersecurity meetings hosted by DHS.
The FBI declined to comment. CISA did not respond to our request for comment. And Terp and the other key CTIL leaders also did not respond to our requests for comment.
But one person involved, Bonnie Smalley, replied over LinkedIn, saying, “all i can comment on is that i joined cti league which is unaffiliated with any govt orgs because i wanted to combat the inject bleach nonsense online during covid…. i can assure you that we had nothing to do with the govt though.”
Yet the documents suggest that government employees were engaged members of CTIL. One individual who worked for DHS, Justin Frappier, was extremely active in CTIL, participating in regular meetings and leading trainings.
CTIL’s ultimate goal, said the whistleblower, ”was to become part of the federal government. In our weekly meetings, they made it clear that they were building these organizations within the federal government, and if you built the first iteration, we could secure a job for you.”
Terp’s plan, which she shared in presentations to information security and cybersecurity groups in 2019, was to create “Misinfosec communities” that would include government.
Both public records and the whistleblower’s documents suggest that she achieved this. In April 2020, Chris Krebs, then-Director of CISA, announced on Twitter and in multiple articles, that CISA was partnering with CTIL. “It’s really an information exchange,” said Krebs.
The documents also show that Terp and her colleagues, through a group called MisinfoSec Working Group, which included DiResta, created a censorship, influence, and anti-disinformation strategy called Adversarial Misinformation and Influence Tactics and Techniques (AMITT). They wrote AMITT by adapting a cybersecurity framework developed by MITRE, a major defense and intelligence contractor that has an annual budget of $1 to $2 billion in government funding.
Terp later used AMITT to develop the DISARM framework, which the World Health Organization then employed in “countering anti-vaccination campaigns across Europe.”
A key component of Terp’s work through CTIL, MisinfoSec, and AMITT was to insert the concept of “cognitive security” into the fields of cybersecurity and information security.
The sum total of the documents is a clear picture of a highly coordinated and sophisticated effort by the US and UK governments to build a domestic censorship effort and influence operations similar to the ones they have used in foreign countries. At one point, Terp openly referenced her work “in the background” on social media issues related to the Arab Spring. Another time, the whistleblower said, she expressed her own apparent surprise that she would ever use such tactics, developed for foreign nationals, against American citizens.
According to the whistleblower, roughly 12-20 active people involved in CTIL worked at the FBI or CISA. “For a while, they had their agency seals — FBI, CISA, whatever — next to your name,” on the Slack messaging service, said the whistleblower. Terp “had a CISA badge that went away at some point,” the whistleblower said.
The ambitions of the 2020 pioneers of the Censorship Industrial Complex went far beyond simply urging Twitter to slap a warning label on Tweets, or to put individuals on blacklists. The AMITT framework calls for discrediting individuals as a necessary prerequisite of demanding censorship against them. It calls for training influencers to spread messages. And it calls for trying to get banks to cut off financial services to individuals who organize rallies or events.
The timeline of CISA’s work with CTIL leading up to its work with EIP and VP strongly suggests that the model for public-private censorship operations may have originated from a framework originally created by military contractors. What’s more, the techniques and materials outlined by CTIL closely resemble materials later created by CISA’s Countering Foreign Intelligence Task Force and Mis-, Dis-, and Maliformation team.
Over the next several days and weeks, we intend to present these documents to Congressional investigators, and will make public all of the documents we can while also protecting the identity of the whistleblower and other individuals who are not senior leaders or public figures.
But for now, we need to take a closer look at what happened in 2018 and 2019, leading up to the creation of CTIL, as well as this group’s key role in the formation and growth of the Censorship Industrial Complex.
“Volunteer” and “Former” Government Agents
Bloomberg, Washington Post and others published credulous stories in the spring of 2020 claiming that the CTI League was simply a group of volunteer cybersecurity experts. Its founders were: a “former” Israeli intelligence official, Ohad Zaidenberg; a Microsoft “security manager,” Nate Warfield; and the head of sec ops for DEF CON, a hackers convention, Marc Rogers. The articles claimed that those highly skilled cybercrime professionals had decided to help billion-dollar hospitals, on their own time and without pay, for strictly altruistic motives.
In just one month, from mid-March to mid-April, the supposedly all-volunteer CTIL had grown to “1,400 vetted members in 76 countries spanning 45 different sectors,” had “helped to lawfully take down 2,833 cybercriminal assets on the internet, including 17 designed to impersonate government organizations, the United Nations, and the World Health Organization,” and had “identified more than 2,000 vulnerabilities in healthcare institutions in more than 80 countries.”
At every opportunity the men stressed that they were simply volunteers motivated by altruism. “I knew I had to do something to help,” said Zaidenberg. ”There is a really strong appetite for doing good in the community,” Rogers said during an Aspen Institute webinar.
And yet a clear goal of CTIL’s leaders was to build support for censorship among national security and cybersecurity institutions. Toward that end, they sought to promote the idea of “cognitive security” as a rationale for government involvement in censorship activities. “Cognitive security is the thing you want to have,” said Terp on a 2019 podcast. “You want to protect that cognitive layer. It basically, it’s about pollution. Misinformation, disinformation, is a form of pollution across the Internet.”
Terp and Pablo Breuer, another CTIL leader, like Zaidenberg, had backgrounds in the military and were former military contractors. Both have worked for SOFWERX, “a collaborative project of the U.S. Special Forces Command and Doolittle Institute.” The latter transfers Air Force technology, through the Air Force Resource Lab, to the private sector.
It just needs to be remembered that only totalitarians need to rely on censorship. The fact that those who have lied about Russian collusion, Russian disinformation, the laptop, lockdowns, vaccines, Ukraine, Israel, the border, gun control, crime are who wants us to allow to be the arbiters of truth is a clear danger signal.
The Republicans may not be all we want them to be, but the Democrats are going full-bore fascist. We need a far greater majority of Republicans to stop this madness. As long as the DoJ is working for the DNC, who expects our rights to be preserved?
Oh, he’s in a LOT of trouble now, isn’t he? No doubt, Herr Obergruppenfuhrer Garland will have him in irons.
12/05023 – GOP blurring faces in Jan. 6 security tapes, says Speaker Johnson
Maybe in the future Trump rioters should consider wearing balaclavas like Hamas terrorists.
Kind of a shame that is the kind of Department of “Justice” we now have, huh?