Pentagon’s Secret Service Trawls Social Media for Mean Tweets About Generals

A document shows the Protective Services Battalion uses sophisticated surveillance tools that can pinpoint anyone’s location.

Joint Chiefs Chairman Gen. Mark Milley speaks during a media briefing at the Pentagon, July 20, 2022, in Washington.
Chair of the Joint Chiefs of Staff Gen. Mark Milley speaks during a media briefing at the Pentagon on July 20, 2022, in Washington. (AP Photo/Alex Brandon) Photo: Alex Brandon/AP

When the Chair of the Joint Chiefs of Staff Gen. Mark Milley enters into his scheduled retirement later this year, one of the perks will include a personal security detail to protect him from threats — including “embarrassment.” 

The U.S. Army Protective Services Battalion, the Pentagon’s little-known Secret Service equivalent, is tasked with safeguarding top military brass. The unit protects current as well as former high-ranking military officers from “assassination, kidnapping, injury or embarrassment,” according to Army records.

Protective Services’s mandate has expanded to include monitoring social media for “direct, indirect, and veiled” threats and identifying “negative sentiment” regarding its wards, according to an Army procurement document dated September 1, 2022, and reviewed by The Intercept. The expansion of the Protective Services Battalion’s purview has not been previously reported.

The country’s national security machinery has become increasingly focused on social media — particularly as it relates to disinformation. Various national security agencies have spent recent years standing up offices all over the federal government to counter the purported threat.

“The ability to express opinions, criticize, make assumptions, or form value judgments — especially regarding public officials — is a quintessential part of democratic society.”

“There may be legally valid reasons to intrude on someone’s privacy by searching for, collecting, and analyzing publicly available information, particularly when it pertains to serious crimes and terrorist threats,” Ilia Siatitsa, program director at Privacy International, told The Intercept. “However, expressing ‘positive or negative sentiment towards a senior high-risk individual’ cannot be deemed sufficient grounds for government agencies to conduct surveillance operations, even going as far as ‘pinpointing exact locations’ of individuals. The ability to express opinions, criticize, make assumptions, or form value judgments — especially regarding public officials — is a quintessential part of democratic society.”

Protective details have in the past generated controversy over questions about their cost and necessity. During the Trump administration, Education Secretary Betsy DeVos’s around-the-clock security detail racked up over $24 million in costs. Trump’s Environmental Protection Agency Administrator Scott Pruitt ran up over $3.5 million in bills for his protective detail — costs that were determined unjustified by the EPA’s inspector general. The watchdog also found that the EPA had not bothered to “assess the potential dangers posed by any of these threats” to Pruitt. 

Frances Seybold, a spokesperson for the Army Criminal Investigation Division, pointed The Intercept to a webpage about the office, which has been renamed the Executive Protection and Special Investigations Field Office. Seybold did not respond to substantive questions about social media monitoring by the protective unit.

The procurement document — published in redacted form on an online clearinghouse for government contracts but reviewed without redactions by The Intercept — begins by describing the Army’s need to “mitigate online threats” as well as identify “positive or negative sentiment” about senior Pentagon officials.

“This is an ongoing PSIFO/PIB” — Protective Services Field Office/Protective Intelligence Branch — “requirement to provide global protective services for senior Department of Defense (DoD) officials, adequate security in order to mitigate online threats (direct, indirect, and veiled), the identification of fraudulent accounts and positive or negative sentiment relating specifically to our senior high-risk personnel,” the document says.

The document goes on to describe the software it would use to acquire “a reliable social media threat mitigation service.” The document says, “The PSIFO/PIB needs an Open-Source Web based tool-kit with advanced capabilities to collect publicly available information.” The toolkit would “provide the anonymity and security needed to conduct publicly accessible information research through misattribution by curating user agent strings and using various egress points globally to mask their identity.”

The Army planned to use these tools not just to detect online “threats,” but also pinpoint their exact location by combining various surveillance techniques and data sources. 

The document cites access to Twitter’s “firehose,” which would grant the Army the ability to search public tweets and Twitter users without restriction, as well as analysis of 4Chan, Reddit, YouTube, and Vkontakte, a Facebook knockoff popular in Russia. Internet chat platforms like Discord and Telegram will also be scoured for the purpose of “identifying counterterrorism and counter-extremism and radicalization,” though it’s unclear what exactly those terms mean here.

The Army’s new toolkit goes far beyond social media surveillance of the type offered by private contractors like Dataminr, which helps police and military agencies detect perceived threats by scraping social media timelines and chatrooms for various keywords. Instead, Army Protective Services Battalion investigators would seemingly combine social media data with a broad variety of public and nonpublic information, all accessible through a “universal search selector.” 

These sources of information include “signal-rich discussions from illicit threat-actor communities and access to around-the-clock conversations within threat-actor channels,” public research, CCTV feeds, radio stations, news outlets, personal records, hacked information, webcams, and — perhaps most invasive — cellular location data. 

The document mentions the use of “geo-fenced” data as well, a controversial practice wherein an investigator draws a shape on a digital map to focus their surveillance of a specific area. While app-based smartphone tracking is a potent surveillance technique, it remains unclear how exactly this data might actually be used to unmask threatening social media posts, or what relevance other data categories like radio stations or academic research could possibly have.

The Army wasn’t just looking for surveillance software, but also tools to disguise the Army’s internet presence as it monitors the web.

The Army procurement document shows it wasn’t just looking for surveillance software, but also tools to disguise the Army’s internet presence as it monitors the web. The contract says the Army would use “misattribution”: deceiving others about who is actually behind the keyboard. The document says the Army would accomplish this through falsifying web browser information and by relaying Army internet traffic through servers located in foreign cities, obscuring its stateside origin. 

According to the document, “SEWP Solutions, LLC is the only vendor that allows USACID the ability to tunnel into specific countries/cities like Moscow, Russia or Beijing, China and come out on a host nation internet domain.”

The data used by the toolkit all falls under the rubric of “PAI,” or publicly available information, a misnomer that often describes not only what is freely available to the public, but also commercially purchased private information bought and sold by a wide constellation of shadowy surveillance firms and data brokers. Location data gleaned from smartphone apps and resold by the unregulated mobile ad industry provides nearly anyone — including the Army, it appears — with an effortless, unaccountable means of tracking the phone-owning public’s movements with pinpoint accuracy, both in the U.S. and abroad.

A recently declassified report from the Office of the Director of National Intelligence outlines the dramatic and invasive surveillance efforts conducted by the U.S. government through the purchase of data collected in the private sector. Through contracts with private entities, the government has skirted laws enshrining due process, allowing federal agencies to collect cellular data on millions of Americans without warrants or judicial oversight.

While the procurement document doesn’t name a specific product, it does show that the contract was awarded to SEWP Solutions, LLC. SEWP is a federal software vendor that has repeatedly sold the Department of Defense a suite of surveillance tools that closely matches what’s described in the Army project. This suite, marketed under the oddly named Berber Hunter Tool Kit, is a collection of surveillance tools by different firms bundled together by ECS Federal, a major federal software vendor. ECS and three other federal contractors jointly own SEWP, which resells Berber Hunter.


U.S. Marshals Spied on Abortion Protesters Using Dataminr

ECS also sells a PAI toolkit under the brand name Argos, whose three main features listed on the ECS website all feature prominently in the Army contracting document. It is unclear if Argos is a rebrand of the Berber Hunter suite, or a new offering. (Neither ECS nor SEWP responded to a request for comment.)

Job listings and contracting documents provide a rough sketch of what’s included in Berber Hunter. According to one job post, the suite includes software made by Babel Street, a controversial broker of personal information and location data, along with so-called open-source intelligence tools sold by Echosec and Zignal Labs. Last year, Echosec was purchased by Flashpoint Intel, an intelligence contractor that reportedly boasted of work to thwart protests and infiltrate private chat rooms. 

A 2022 FBI procurement memo obtained by the researcher Jack Poulson and reviewed by The Intercept mentions the bureau’s use of Flashpoint tools, with descriptions that resemble what the Army says in the procurement document about the monitoring of “extremist” chat rooms.

“In relation to extremist forums, Flashpoint has maintained misattributable personas for years on these platforms,” the FBI memo says. “Through these personas, Flashpoint has captured and scraped the contents of these forums.” The memo noted that the FBI “does not want to advertise they are seeking this type of data collection.”

According to the Protective Services Battalion document, the Army also does not want to advertise its interest in broad data collection. The redacted copy of the contract document, while public, is marked as CUI, for “Controlled Unclassified Information,” and FEDCON, meant for federal employees and contractors only.

“Left unregulated, open-source intelligence could lead to the kind of abuses observed in other forms of covert surveillance operations,” said Siatitsa, of Privacy International. “The systematic collection, storage, and analysis of information posted online by law enforcement and governmental agencies constitutes a serious interference with the right to respect for private life.”

Join The Conversation