Forget Bellingcat. Meet a Real "Open Source" Watchdog
Jack Poulson has an insider's background, an outsider's perspective, and unique technical expertise, making him an invaluable resource for monitoring the world of national security contracting
Latest in a series of Q&As with other reporters and writers on Substack.
On September 11th of this year, on the third floor of the Nauticus museum in Norfolk, Virginia, defense and intelligence representatives gathered for the first and only unclassified meeting of a Naval Special Warfare Command “technology integration exercise,” called Trident Spectre 2024. What is Trident? The three-minute video above was unveiled for attendees. It pitched the program as a matchmaking forum for contractors and “defense leaders” who “tour the experimentation camp during the exercise, leading to technology transition or outright acquisition,” the contract-hungry crowd was told, in tantalizing narration.
“Our ultimate goal,” the Trident video summed up, “is to shorten the acquisition kill chain, and enable the special operations warriors of the future.”
What’s an “acquisition kill chain”? You likely wouldn’t get an answer to that question either from industry visitors, or the “defense leaders” present clutching strings to very heavy purses. There was however one person in attendance who could explain to the public who was there, and why.
The founder of a pair of web sites, “TechInquiry.Org” and Substack’s “All Source Intelligence Fusion,” Jack Poulson has a PhD in applied mathematics, is a former researcher for Stanford and Google, and has a backstory that makes him uniquely qualified to keep track of defense contractors and pass on information like his just-published list of 188 industry attendees to Trident Spectre. The backstory he’ll explain in his own words, below. First, an introduction to what his sites do:
Both “Tech Inquiry” and “All Source Intelligence Fusion” employ Poulson’s designs for combining open-source information with leaks, disclosures in books and memoirs, and other esoteric data. In addition to going to events like “Trident Spectre” to gather information in person, Poulson builds interactive maps and search engines allowing civilians to identify things like contracting relationships.
A typical “All Source Intelligence Fusion” article from a week ago published information about the Defense Counterintelligence and Security Agency’s program for identifying “inside threats,” i.e. whistleblowers. He also does the electronic version of undercover work, posing for instance as a customer to be pitched the chatroom-surveillance methods of a federal law enforcement contractor:
Poulson identifies companies like Flashpoint that do surveillance work and shows examples of how groups across the political spectrum, from anti-pipeline protestors to groups opposed to vaccine mandates, are being infiltrated and investigated by firms with longstanding ties to enforcement arms. He follows these actors closely. In a report after the public outing of so-called “Pentagon leaker” Jack Teixiera, for instance, he reminded readers that Flashpoint boasted as recently as recently as last November that it was the “best tool” for Bellingcat, the would-be “citizen journalist” organization that worked with the New York Times to out Teixiera.
The same release noted Bellingcat trained 20 journalists from Radio Free Europe/Radio Liberty in the use of Flashpoint’s Echosec technology, which they said was useful for investigating “the lives of the children of corrupt officials,” among other things. Bellingcat claimed its relationship with Flashpoint ended in 2015, saying it was “insanely expensive,” but Echosec wasn’t acquired by Flashpoint until 2022, so something about this picture is incongruous. Still, these associations likely wouldn’t have been made at all, without someone keeping tabs on the relevant players.
When he’s not following surveillance contractors, Poulson is building tools unlike anything found in the popular press, like an interactive map of “U.S. embassies, naval bases, FBI field offices, ICE ERO/HSI offices, all DEA regional/division offices, and border patrol sectors offices” that allows users to click any icon and access the site’s “data feed of procurement records and/or historical diplomatic cables associated with the particular location.” The example below shows what you get if you select the embassy in Kyiv, and then click through to “procurement” after being presented with a list of relevant records:
If Bellingcat is a quasi-partner of industry and the defense and intelligence communities in monitoring “threats” in the general public, Poulson’s sites represent a nearly opposite approach. He keeps eyes on the same issues, but big distinctions exist in that he doesn’t use any intrusive surveillance software like facial recognition, and doesn’t partner with national security agencies or contractors. Journalists who work in the national security space who aren’t aware of Poulson’s work would do well to take regular looks at his reports, and to get in the habit of using his databases as resources, as they offer unique context for investigations of secretive entities.
The most interesting part about his ventures, however, is the reason they came into being. Poulson answered a few questions for Racket about this, and about his recent visit to Norfolk:
MT: What’s the best way to describe your background, for readers who may not be familiar with the kind of work you’ve done over the years?
JP: I finished my PhD in computational applied math just before the Snowden revelations broke. I had just been thrown into contracting with DARPA on data analytics while transitioning into stints as an assistant professor at Georgia Tech and then Stanford. I quickly learned that my DARPA program manager wasn’t interested in any serious discussion of the ethics of mass surveillance, and he was later given a puff profile by 60 Minutes for funding tools for surveilling users of the anonymity platform Tor.
Beyond concerns over my complicity in government surveillance, I preferred spending most of my time writing open source software and preferred to only edit or submit to open access journals, which was starting to generate pushback from my colleagues. At the same time, deep learning was swallowing up research funding in my field, which historically focused on physics simulation and advanced mathematics rather than processing text or labeling images. So I moved “across the street” from Stanford to Google Research to apply my numerical analysis expertise towards developing custom recommender systems.
Two years later, news broke on both Google’s secretive involvement in the Pentagon’s artificial intelligence drone surveillance program, Project Maven, as well as its construction of a version of its eponymous search engine that was tailored to the Chinese government’s censorship and surveillance demands, Project Dragonfly. Through access to internal source code, it became apparent within the company that the search phrase “human rights” was on a potential censorship list, but management refused to clarify. Through a conditional resignation letter, I fought my way up to a one-on-one meeting with the head of Google’s AI, Jeff Dean, who didn’t dispute that the company might turn over information on Chinese citizens who searched for the phrase “human rights.” He argued that, for all I knew, Google was already providing that information to the U.S. government through Foreign Intelligence Surveillance Act (FISA) warrants.
I resigned the next day and reached out to a journalist about a week later to tell the story. I’d never spoken to a journalist before, and I was completely unprepared for the resulting frenzy, which I mostly ducked due to living in Canada at the time and not owning a smartphone.
MT: What are Tech Inquiry and All-Source Intelligence Fusion?
JP: Tech Inquiry‘s current main project is to reverse engineer government contracting feeds for every U.S. military installation around the world, then tie them together through their relationships with their associated military units and weapons and surveillance systems. The goal is to produce both map-based and graph-based interfaces for exploring them. We have built a similar system for monitoring the purchasing of every U.S. embassy around the world, alongside annotated copies of each embassy’s associated leaked diplomatic cables. We are also well on our way towards annotating each embassy with the publicly reported tenures of their CIA station chiefs and diplomats.
More broadly, the non-profit provides — ideally daily-updated — public access to annotated versions of government contracting records across more than 30 countries, spanning the so-called Five Eyes intelligence sharing alliance, the European Union, and — to the degree that it is possible — Israel.
About five months ago, I began separately publishing my independent journalism through my Substack, All-Source Intelligence Fusion. Perhaps as a result of overcorrecting from my previous experiences in advocacy, and the ease with which anyone investigating U.S. intelligence agencies is discredited as a conspiracist, I prefer my journalism to be as understated and fact-driven as possible, with the style of a Reuters wire article being a rough north star. But with a pointed focus on the surveillance industries supporting U.S. intelligence agencies and perhaps more aggressive reporting methodology.
MT: What do these sites cover, and why did you start doing this?
JP: In 2019 I was invited to what was referred to as a “Track II” discussion at Stanford’s Hoover Institution, semi-officially to be questioned by numerous high-level U.S. military and intelligence officials — including a four-star general — on why I thought tech workers had a right to not contribute to military surveillance or weapons systems. The meeting was under Chatham House rules, but suffice it to say I immediately began submitting numerous Freedom of Information requests for contracts between U.S. defense contractors and the myriad “defense innovation” organizations set up by the Pentagon, as part of their efforts to incorporate artificial intelligence into their weapons and surveillance systems.
I was also beginning to build a nonprofit for carefully supporting rank-and-file tech workers who were compelled to speak out on human rights issues relating to the militarization of U.S. companies and their complicity in government censorship around the world. Over time I learned how naive I had been, on multiple fronts:
(1) Largely due to narratives encouraging the need for more content moderation, prominent tech whistleblowers became increasingly friendly with U.S. spy agencies. On a whistleblowing panel hosted by my close colleagues, former CIA Senior Intelligence Officer turned Facebook whistleblower Yael Eisenstat promoted the CIA as a place that “speaks truth to power.” And both Eisenstat and fellow Facebook whistleblower Frances Haugen joined a formal council with former CIA Directors Leon Panetta and Porter Goss as well as former NSA Director Michael Rogers. Well-funded nonprofits which are supportive of these narratives now largely dominate the tech whistleblowing side of U.S. civil society.
(2) Through reading U.S. diplomatic cables published by WikiLeaks, I learned that at least two of the small human rights organizations I worked with had a history of secretly informing to the U.S. embassy in Beijing. And even the more radical groups insisted that our collaborations be funded by U.S. billionaires, particularly Pierre Omidyar. More broadly, I found that the discussions about the interplay between U.S. corporations and the Chinese government were so propagandized and selectively filtered or amplified by U.S. media and politicians that speaking out on the subject felt more destructive than helpful.
(3) Just as I completed a year-long project mapping out contracts between U.S. cloud computing giants and governments around the world, both of the funders demanded censorship of inconvenient findings. The international labor training affiliate of the Communications Workers of America (CWA) demanded that I remove all discussion of Microsoft’s military and intelligence contracts because CWA had recently signed a labor neutrality deal with the company. And the foundation for the German Social Democratic Party, Friedrich-Ebert-Stiftung, made it known that both their D.C. and Israel offices demanded that I remove all discussion of Google and Amazon’s billion dollar “Nimbus” cloud contract supporting the Israel Defense Forces. As a result of me making these censorship demands public, my board member from the labor community angrily resigned — and now works in partnership with CWA.
Long story short, as someone who wants to expose intelligence agencies and billionaires rather than become friends with them, I shifted into work that I could do on a shoe-string budget, particularly analyzing international government contracting records to guide investigative reporting on the broader “all-source intelligence” context of Project Maven. One of my major interests has become how the two narratives of counter-disinformation and counter-human trafficking are used as the primary public justifications for the social media surveillance, cellphone location-tracking, facial recognition, and modernized human intelligence industries which cropped up during the Global War on Terror and then amplified as the U.S. shifted into “Great Power” competition with China.
Some of the findings I’ve been most proud of depended on whistleblowers, but there isn’t enough appreciation for what can be gleaned from carefully analyzing what governments and companies already make public. This was essentially the thesis of legendary outsider investigative journalist I.F. Stone.
Beyond using public records analysis to guide hundreds of Freedom of Information requests each year, it can also inform which surveillance industry conferences are most useful to attend — discretely, when necessary.
I was shocked to learn this morning that my investigation into the U.S. cellphone location-tracking firm Anomaly Six last year is being cited today by the Chinese Ministry of State Security as part of their newly published report on U.S. intelligence agency surveillance. Being comfortable with both being directly cited by Chinese intelligence and with blowing the whistle on secret surveillance agreements between U.S. tech companies and the Chinese government is perhaps representative of the scope of my commitment to objective reporting.
MT: What is Trident Spectre?
JP: After September 11th, the Central Intelligence Agency and the U.S. government’s elite counter-terrorism unit, Joint Special Operations Command (JSOC), were the first to invade Afghanistan. The two most famous components of JSOC are the U.S. Army’s Delta Force — which Chuck Norris famously portrayed in his 1986 movie of the same name — and the Navy’s SEAL Team 6, which famously invaded Pakistan on May 2, 2011 using stealth helicopters and executed Osama bin Laden.
Especially in the early days in Afghanistan, SEAL Team 6 was seen as the little brother to the more secretive Delta Force. But JSOC commander Dell Dailey began placing SEAL Team 6 in charge in Afghanistan as early as January 2002, partly to conserve Delta for what was certain to be a long war. After the U.S. began prioritizing Iraq surrounding its 2003 invasion, SEAL Team Six’s role in Afghanistan only solidified.
One of the main challenges for Team 6 at the time was precisely locating its “high-value targets,” which were primarily members of Al Qaeda. They realized that much of the surveillance technology and data that they wanted to use was available for sale from companies, but thought the Pentagon’s contracting bureaucracy was too slow for it to help. Trident Spectre claims to have been developed in 2005 by such “tactical operators” within Naval Special Warfare Command — the parent organization for all Navy SEALs and the more specialized SEAL Team 6 — to “shorten the acquisition killchain.” That is, to accelerate the purchase of weapons and surveillance to kill people more quickly.
JSOC has a long history of tracking cellphones, though the techniques have evolved over time from primarily direction-finding on radio emissions — which is how one of their Special Mission Units famously caught Pablo Escobar — into a worldwide surveillance network of cellphone GPS locations fueled by quasi-legally hoovering up information available to advertisers and app developers. And, as the Global War on Terror morphed into “Great Power” competition with China and Russia, the same cellphone surveillance companies continued working with Trident Spectre, albeit on tracking Russian and Chinese troop movements, often in concert with monitoring their social media accounts.
The three most infamous commercial cellphone location-tracking companies that I published as having attended Trident Spectre last week were Babel Street, Anomaly Six, and Outlogic (which was caught surveilling the locations of users of a popular Muslim Prayer application, Muslim Pro, before rebranding away from its old name, X-Mode Social).
MT: A lot of the companies you mentioned got their start as contractors during the War on Terror. How much crossover is there between the War on Terror and the anti-disinformation era in terms of defense or security contracting?
JP: Far more than most people realize. JSOC’s adoption of commercial surveillance technologies not only included cellphone location-tracking, but also tools for surveilling social media. Many readers will have heard of Open Source Intelligence, or “OSINT,” though, depending upon subtle details and who is talking, it is also referred to as the use of Publicly Available Information (PAI). Think of the types of techniques that Bellingcat is famous for, but practiced by JSOC to figure out who to execute.
The first article that I published on my Substack — which I was told by more than one person should have been edited down further — reported on a series of ongoing worldwide “Tactical Information Warfare” contracts between U.S. Special Operations Forces, including JSOC, with a little-known surveillance firm known as Two Six Technologies which was born out of a DARPA project run out of a Tiki bar outside of Jalalabad, Afghanistan in 2010, through a community which infamously promoted itself as an informal offshoot of Burning Man. The idea was to modernize military human intelligence networks from Cold War-era radio broadcasts into the era of smartphones, and to use the trusted networks formed through hacker communities and U.S. aid distribution to bootstrap it.
While publicly advertised as focused on “countering disinformation,” when I got copies of the actual contracts through Freedom of Information requests, I found that the U.S. military internally described the nominal counter-disinformation work as “Tactical Information Warfare” fueled by the combination of social media surveillance and cellphone location-tracking. In practice, this means helping U.S. Special Operations Forces ranging from JSOC to Army Green Berets and their Civil Affairs and Psychological Operations partners in both identifying informants and developing local narratives which will turn citizens against U.S. adversaries, such as China. More broadly, one can easily find public contracting summaries describing the development of anti-Chinese propaganda from both the cellphone location-tracking data broker Safegraph and the social media surveillance company Graphika.
To put it simply: U.S. Special Operations Forces have always heavily depended upon conducting surveillance to build up informant networks and to conduct (hopefully) effective propaganda campaigns. But they can now reframe their offensive infrastructure as defensive, by emphasizing the need for “boots on the ground” reporting to counter Russian and Chinese disinformation. We know from direct copies of contracts that this includes large-scale social media surveillance, cellphone location-tracking, and the development of informant networks through custom software and hardware for spamming text messages, known as the PULSE platform.
To some degree, the surveillance angles aren’t even hidden: the former head of all CIA spying operations, Elizabeth Kimber, became a Vice President at Two Six Technologies, the primary contractor for this global spying network. And former NSA Director Mike McConnell, who was also George W. Bush’s Director of National Intelligence for two years, is a board member and advocate.
The most widely and thoroughly exposed company in this space is Premise Data, a gigwork surveillance analogue of Two Six Technologies which I have extensively reported on in the past few months on my substack. As far back as June 2021, The Wall Street Journal exposed Premise’s covert intelligence work by publishing an internal slide deck pitching the company as a “Dynamically Re-taskable, Global Platform” to help the U.S. military, including special operations forces in Afghanistan, to conduct “Information Operations (IO)” as well as in collecting “Signals Intelligence (SIGINT)” and “Human Intelligence (HUMINT).” But, unlike Two Six, they would build their network by behaving more like Uber than a PR agency. One of the company’s employees allegedly blew the whistle to one of Premise’s major aid clients, the Bill & Melinda Gates Foundation, and is still defending himself against Premise in a lawsuit the company initiated against him more than four years ago.
Perhaps the other two major counter-disinformation intelligence contractors born out of the Global War on Terror are Babel Street and Flashpoint. While Babel is most infamous for its commercial cellphone location-tracking product Locate X, it got its start in standardizing the translation of Arabic names into English as part of the Global War on Terror. Both Locate X and its social media surveillance product, Babel X, are in active use by militaries and intelligence agencies around the world. In fact, during the Trident Spectre Industry Day last Monday, Babel employee Zachary Demer asked what his company could do to request SEAL Team 6 as a partner.
Whereas Flashpoint began as the online analogue of a group of anti-Muslim extremists who would covertly infiltrate community events. Flashpoint’s insight was that it is much more scalable, and profitable, to infiltrate chatrooms than in-person events, and that the FBI was an eager partner. In fact, Flashpoint’s surveillance platform is listed as a component of the global ‘counter-disinformation’ effort run by Two Six.
MT: Explain the “Reese’s Pieces” and “Viagra” metaphors that popped up at the Norfolk event.
JP: Trident Spectre is run through a sort of private LinkedIn for contractors with U.S. Special Operations, known as Vulcan. And the major theme is building teams that creatively combine technologies from different companies. One of the more revealing examples of this — which was perhaps accidentally revealed as part of a tech demo — was a past year’s Trident Spectre effort to identify ships that turned off their location beacons, known as the Automatic Identification System (AIS), which is essentially just GPS for boats. The idea was to combine the PROTEUS AIS data feed maintained by the Naval Research Laboratory with cellphone location-tracking data sourced from advertising data streams in order to detect AIS manipulations.
One obvious approach would be to look for cases where a phone’s GPS location matched that of a boat’s AIS signal, then to look for instances where the two diverged in the middle of the ocean. In the lingo of Trident Spectre, this is combining AIS “chocolate” with cellphone location-tracking “peanut butter” to make “Reese’s Pieces.” The next year, an analogous combination was tested using satellite-based Commercial Synthetic Aperture Radar instead of cellphone location-tracking data.
But the meeting closed with what one host referred to as the “moment of the meeting”. As part of explaining the types of technologies that Naval Special Warfare Command was looking for, a female staffer explained that what she was really looking for was “Viagra.” That is, approaches whose unintended side effects turn out to be more interesting than the original goal. In the case of Viagra, Pfizer had been searching for a cure for chest pain.