Skip to content Skip to footer

Outsourced Intelligence: How the FBI and CIA Use Private Contractors to Monitor Social Media

(Photo: Resident on Earth / Flickr)

Right now, companies like Palantir Technologies Inc, Booz Allen Hamilton, and i2 are mining your Facebook and Twitter data in an effort to discern whether you’re a terrorist, have ties to terrorists or maybe just have the potential to someday become one. They also want to know if you have links to the Boston bombers, Kim Jong-un or Darth Vader, and they’ve been paid millions upon millions of dollars to do this on behalf of the US Special Operations Command, FBI, CIA, DIA (Defense Intelligence Agency), the Army, Marines and the Air Force. Initially a small start-up conveniently funded in part the CIA’s nonprofit venture capital firm In-Q-Tel, Palantir Technologies is now the leading embodiment of online Big Brother.

Not only is Palantir Technologies not part of the US government, they’d like you think they’re run by young, techy hipsters who are fond of stuffed Care Bears, My Little Ponies, hegdehogs and flip-flops, as the photos fronting their web site would indicate. In fact, this once “innocent” start-up – responsible for identifying the Chinese cyber espionage network Ghostnet – has become part and parcel to the intelligence failure leading up to the Boston and Watertown tragedies.

Also See: Part II – Security Wars: Inside the Military’s Big, Messy Fight With Palantir, the Company They Pay to Spy on You Online

The software employed by the FBI and CIA is a “Java-based platform for analyzing, integrating, and visualizing several types of data,” according to to Army Test and Evaluation Command (ETEC). It uses a provisioning database, where all modifications performed on database objects and entities are documented. The software allows for the plotting of current or historical targets of high-value individuals (HVI’s) taking into account time, location, transfer of funds history, as well as social media and other online communications. While this may seem super technologically, according to the Operational Assessment Report approved by US Army Brigadier General Laura J. Richardson, the software was so easy to use, it took participants less than one hour of training to learn how to perform program functions allowing completion of assigned duties.

The foundation of Palantir’s software was initially developed as part of PayPal’s fraud detection system, which taught computers to detect and flag suspicious money transfers so human analysts would be able to follow up. At issue was the software’s inability to keep up with ever-changing tactics employed by criminals and the increasing volume of fraudulent transactions. In response, PayPal’s computer scientists developed a system that would track the individual’s computer, whom they did business with, where those people were located and fit it all into a transaction history database. Now instead of looking at a boring spreadsheet, analysts were able to visualize networks using streamlined graphical user interfaces (GUI), allowing them to see patterns that the previous software had missed. Palantir’s government work remains classified, so we don’t know exactly what changes were made to transform a fraud detection program into something that the FBI and CIA use to track high-value targets, but we can certainly take a guess that it is empowered by the Patriot Act.

While the classified nature of surveillance data transmitted to Palantir is obviously very powerful in tracking potential terrorists, actual terrorists and everything in-between, open source intelligence (OSINT) plays – at the minimum – a very close secondary role to the infamous warrantless wiretapping and other forms of surveillance employed by the government. OSINT is comprised of print, radio, television, and online-based media; social media-based community interactions such as Facebook and Twitter; public data contained in government budgets, reports, demographics, and hearings; academic literature; as well as information gained from geospatial software such as GIS. Communication services such as Twitter, Facebook and Gmail are all accessible through voluntarily designed backdoors. These backdoors allow direct access to databases and servers that hold all of your information, not to mention direct access to your personal profile or account.

If you thought that the FBI and CIA were the only ones watching you online, think again. Undersecretary of Homeland Security Charles Allen gave testimony before the House Homeland Security Committee’s Intelligence, Information Sharing and Terrorism Risk Assessment Subcommittee that he had established a “Domestic Open Source Intelligence Enterprise” in support of the department’s antiterrorism efforts. DHS is not the only one; there is also the Defense Intelligence Agency, National Geospatial Intelligence Agency, US Army Foreign Military Studies Offices, US Special Operations Command, US Strategic Command, INTERPOL, EUROPOL, Scotland Yard, the Mounties in Canada and every other self-respecting form of law enforcement agency.

When contacted about Palantir’s stance on the use of open-source intelligence to track non-terrorists, and whether or not they considered this a privacy violation, Palantir failed to respond.

There are any number of reasons that you might end up on the FBI or CIA’s watch list, but primary reasons include having a criminal record for terrorist-related activity; actually knowing or communicating with known terrorists or terrorist organizations; and of course the catch-all: “material support” for terrorism. According to the Center for Constitutional Rights the material support statute, otherwise known as 18 U.S.C. Sec. 2339B, creates a broad definition that includes any kind of support for blacklisted groups, encompassing humanitarian aid, medical training, expert advice, other services in just about any form, and of course, political advocacy.

It’s this political advocacy portion of the statute that places communication on social media sites, and search engines queries, namely Google, at the top of the list for creating these data-driven networks. Simply looking at a questionable web site, or tweeting something about Syria, Yemen, or anything to do with “radical” subjects, is reason enough for the government to give you a second look. With the powerful software developed by private corporations, it is now much easier to track your day-to-day life, both online and off.

While the civil rights and civil liberties issues here are important – due to near-indiscriminate surveillance of ordinary individuals based on generalized algorithm specifications – there’s another issue at work here: consolidation of power and control. What we’re seeing in the partnership between the feds and companies like Palantir is the nearly complete union of corporation and state. This sets a stage for increasing corruption and consolidation of power into fewer and fewer hands.

It’s startling for many reasons, especially when you take into account the attacks on progressive organizations and (non-terrorist) individuals orchestrated by Palantir, and the series of security failures that have occurred on their watch. One such high-profile incident was put into motion by the US Chamber of Commerce, which contracted Palantir “to develop tactics for damaging progressive groups and labor unions, in particular, ThinkProgress, the labor coalition called Change to Win, the SEUI, US Chamber Watch, and”

If spying on unions wasn’t bad enough, then failing to put the pieces together leading up to the Boston Marathon bombings on April 15, 2013 would put into question the effectiveness of this type of surveillance and data-mining. It has been widely reported that the Russian Federal Security Service (FSB), successor to the KGB, contacted the CIA in 2011 with information suggesting that Tamerlan Tsarnaev was becoming more radicalized and might have been planning a trip overseas. In response, the CIA submitted a request to the National Counterterrorism Center to add Tsarnaev’s name to the Terrorist Identities Datamart Environment (TIDE) list, which functions as the main feeder list to other intelligence agencies. Months after this request was submitted, the FBI conducted an inquiry after it received information from Russian state security with nearly identical information. Palantir software employed by the FBI and CIA and designed to track potential terrorists movement failed to flag the seven-month-long trip Tsarnaev took to Russia. This is the exact scenario Palantir demonstrates to potential clients to exemplify how they structure unstructured data.


Cofounder and CEO of Palantir, Alex Karp explains that Palantir Technologies Inc. is only in the business of developing a “software analytic platform” for the analysis of data, and that they do not provide, “nor do we have any plans to develop,” offensive cyber capabilities. If there was ever a clear line between what was open source intelligence and what was considered private or classified information, it no longer exists. The US intelligence community now considers hackers, information security, cyber security and cyber threats top-tier national security threats and have employed private firms to take the fight online. The question is not whether online counter-surveillance techniques will develop to the point where people are once again safe from government scrutiny online, but how long it will take.