'The Apps Are Not What They Seem'

A video interview with Byron Tau on his new book mapping the rise of post-9/11 data brokers, from DARPA's Total Information Awareness to JSOC using ad-tech to turn phones into wireless survey devices.

Means of Control was released through Penguin Random House on February 27 and documents the role of four broad categories of data brokers central to the U.S. counterterrorism response to the attacks of 9/11. Many of the programs were both exposed and ended as a result of the underlying reporting, most of which was done at The Wall Street Journal.

Byron Tau’s book on the evolution of the relationship between corporate data brokers and the U.S. Government in the name of counter-terrorism is in many ways a sequel to Robert O’Harrow’s 2006 book, No Place To Hide. Means of Control is rooted in Tau’s numerous significant scoops while at The Wall Street Journal, such as on U.S. Customs and Border Patrol secretly using cellphone location-tracking data to uncover undeground tunnels between the U.S. and Mexico, and on an obscure gig worker app ostensibly geared towards taking pictures of consumer goods which was also covertly a human and signals intelligence tool of U.S. Special Operations Forces in Afghanistan.

Means of Control — which pulls its title from Thomas Pynchon’s Gravity’s Rainbow — tells us what happened in the 17 or so years since the post-9/11 consumer and demographic data broker era of No Place to Hide, which saw former drug trafficker Hank Asher and the President Clinton-connected Arkansas demographics company Acxiom selling terrorism-flagging software to the Federal Bureau of Investigation which they admitted heavily relied on ethnicity and age (beyond who you lived near).

Further building on his former colleague Sharon Weinberger’s history of the Defense Advanced Research Projects Agency, The Imagineers of War, Tau demonstrates how a widely used “Publicly Available Information” surveillance tool cryptically known as the “Berber Hunter Toolkit” was developed by a company whose roots were in the classified National Security Agency continuation of DARPA’s infamous Total Information Awareness program.

Perhaps the most significant scoop of the book, which he recently recounted in WIRED, was on how Joint Special Operations Command covertly acquired mass amounts of cellphone location-tracking data, as well as wireless surveys, through a chain of secretive relationships with ad exchanges and smartphone software development kit producers that originated under cover as a humanitarian project. The project, originally known as ‘Locomotive’ and later renamed ‘VISR’ — for Virtual Intelligence, Surveillance, and Reconnaissance — began with a contractor named PlanetRisk, which, at the same time, was being payed more than a million dollars by the Southern Poverty Law Center to, among other things, trace the movements of all the cellphones which were deemed to have been at the 2017 Unite the Right rally in Charlottesville, Virginia.

Tau attributes the exposure of VISR to backstabbing from a competing executive in the cellphone location-tracking data broker market, Jeffrey White of Gravy Analytics, whose company was purchased by the Norwegian company Unacast in November. Tau further humbly documents in a footnote that one of the central ad-tech data brokers fueling VISR, UberMedia, was kicked out of all four ad exchanges that he reached out to for comment.

Despite the intersection of classified counter-terrorism programs and high-tech companies involving a surprisingly small number of people, there are practically as many companies as there are people, and the companies continually merge, rename, and go out of business. The result of the ever-continuing corporate shell game is that — despite the significant political and civil liberties implications — individual reports often come across as highlighting the misdeeds of obscure, no-name companies, which readers may justifiably discount the importance of.

As a case in point, consider the ground-breaking all-source intelligence analysis company Spatial Data Analytics Corporation, or SPADAC, which was central to the National Geospatial-Intelligence Agency and U.S. Special Operations Command collaboration to support raids in Iraq in the mid-2000’s. Since then, SPADAC was acquired by GeoEye in December 2010, which was in turn acquired by DigitalGlobe in July 2012, which was then merged with MDA to form Maxar in 2017. And the former CEO of SPADAC, Mark Dumas, became the CEO of PlanetRisk during the VISR era, then PlanetRisk had its federal assets purchased by Culmen International, but some of its other assets were sold to EverBridge. (The successor to PlanetRisk in VISR, SignalFrame, was purchased by Big Four accounting firm PricewaterhouseCoopers in early 2021.)

I sat down with Tau for a roughly 90-minute interview this afternoon to discuss the evolution of the ecosystem of counter-terrorism data brokers, which, along with his book, he bins into the four categories of consumer, social media, ad-tech/location-tracking, and ‘gray data’. We also discuss how he has provided a sort of prequel to the history of the all-source intelligence infrastructure of the Pentagon’s first flagship operational artificial intelligence program, widely known as Project Maven, which continues to make headlines seven years into its existence.

Note: Though the author created this in a separate capacity, you can find his ongoing curation of which entities are salient to each chapter of ‘Means of Control’ over at Tech Inquiry.