Special Operations Command applied data mining technologies to social media.
The military’s Special Operations Command and an agency of the Homeland Security Department engaged in an investigation of a $2.5 billion money laundering scheme that violated long-standing policies that preclude military forces from participating in law enforcement activities, a top civil liberties lawyer told Nextgov.
The Washington office of the Tampa-based SOCOM used sophisticated social media monitoring and data mining tools to aid the Immigration and Customs Enforcement's National Bulk Cash Smuggling Center in an investigation of money laundering activities conducted by several multi-national and U.S.-based companies, according to an internal SOCOM after action report obtained by Steven Aftergood of the Federation of American Scientists.
The report details a project called “Quantum Leap,” which SOCOM kicked off in August 2012. It says the command should take a “global view” of what it called counter threat finance operations that should have a “national priority.” The report said SOCOM derives its authority for such operations from an August 2010 Defense Department policy memo on the subject, which said Defense “shall work with other U.S. Government departments and agencies and with partner nations to deny, disrupt, or defeat and degrade adversaries’ ability to use global licit and illicit financial networks to negatively affect U.S. interests.” The memo names SOCOM as the “lead component for synchronizing DoD CTF activities.”
Mike German, senior counsel for the American Civil Liberties Union, said SOCOM’s participation in the investigation violates the 1878 Posse Comitatus Act, which bars the use of the military in law enforcement activities.
German made his comments based on the caveat that the document obtained and posted by Aftergood on his Secrecy News blog yesterday “was real, and accurately describes” the SOCOM operation and partnership with ICE. In an interview, Aftergood vouched for the legitimacy of the Quantum Leap report, but noted that it was a draft.
SOCOM spokesman Ken McGraw told Aftergood, “We cannot confirm the validity of any of the information listed in the [Quantum Leap] after action report. The only information we have received so far is the program is no longer in existence and the people who worked on the program are no longer there. We will provide you additional information when we get it.” McGraw is on furlough today and SOCOM did not respond to a query from Nextgov.
German said it was “entirely inappropriate” for the money laundering investigation to target U.S. companies, which, according to the report, were engaged in legal as well as illicit actives.
Industry Access Concerns
According to the SOCOM after action report, a dozen private companies, including defense industry giant Lockheed Martin Corp., participated in the Quantum Leap exercise. German expressed concern that personnel from these firms were provided access to “active law enforcement investigative files.”
The report said these companies signed non-disclosure agreements to “permit open sharing of proprietary and law enforcement sensitive information among the participants.”
The report names only one individual, ICE intelligence analyst John Clifton, who “provided background on the case, which included a wide range of examples and the tactics of advanced money laundering activity.”
Danielle Bennett, an ICE spokeswoman, declined to comment on the SOCOM report and money laundering investigation as it concerns an active case.
The SOCOM/ICE team used primarily open source technologies to identify and exploit the human, commercial and information networks associated with the case.
The team relied heavily on the Raptor X geospatial information system tool developed by the Energy Department’s Special Technology Laboratory. SOCOM has used it to provide a common operational picture in tactical operations centers.
Raptor X is an open architecture that relies on "plug-ins" to import and exploit data. ICE and SOCOM used a “Social Bubble” tool from Creative Radicals, LLC of Sausalito, Calif., to pull data from Twitter feeds and geo-locate Twitter users.
“This tool was heavily used to explore human networks associated with the CTF scenario and enabled identification of various entities: people, businesses and locations associated with the money laundering network,” the report said.
Twitter, which is currently the main source of public social media content, has grown from being used by only 8 percent of American Internet users in 2010 to being used by 18 percent of Americans in May, according to a report released this week by the Pew Internet and American Life Project.
Social Bubble appears to have mostly harvested information from Twitter’s application programing interface, a publicly available tool that allows developers to automatically pull selected tweets and information attached to them such as time and date stamps, location information and pictures into an external system or website. The API would not give SOCOM access to any private information such as Twitter users' direct messages.
German said the use of metadata -- such as telephone records harvested by the National Security Agency -- illustrates that privacy laws have not kept pace with profound changes in technology.
Aftergood said that in some ways the SOCOM/ICE operation is more disturbing to him than the NSA data collection operations as the money laundering investigation relied on open source data.
Creative Radicals offers a variety of product design and consulting services, according to its website, but doesn’t have a history of non-intelligence government contracts, according to the contracts repository at USASpending.gov. The company did not respond to a request for comment left by Nextgov on Tuesday.
Other Quantum Leap vendors mined deeper into the Internet, the report said. The firm Cybertap, for instance, used an “Ethernet tap” to recreate PDF and HTML files that had been exchanged over the Internet, while G. Intrusion Inc. pulled information and relationship data from the “deep Web,” meaning Internet data that isn’t indexed on the World Wide Web.
Other Quantum Leap vendors supplied tools that mined through open source financial and shipping data to spot connections between companies that weren’t readily apparent. Lockheed Martin was an observer at Quantum Leap but did not demonstrate any of its technology.
While social media is ripe for mining actionable intelligence, that could soon change, the report said. “We are currently in a ‘window’ of opportunity for exploitation of social media sources for application to CTF [counter threat finance] or other SOCOM NCR missions. This window could be as narrow as 18-24 months before the social media phenomenon transforms. This future transformation is unknown and could offer additional opportunities, or existing opportunities could be closed, but the only thing that is certain is that there will continue to be rapid change.”