Protect the internet from “astroturfing”, aka “sockpuppets” (George Monbiot et al.)
“The need to protect the internet from ‘astroturfing’ grows ever more urgent” (George Monbiot’s blog, 23 – II – 2011)
The tobacco industry does it, the US Air Force clearly wants to… astroturfing – the use of sophisticated software to drown out real people on web forums – is on the rise. How do we stop it?
Every month more evidence piles up, suggesting that online comment threads and forums are being hijacked by people who aren’t what they seem.
The anonymity of the web gives companies and governments golden opportunities to run astroturf operations: fake grassroots campaigns that create the impression that large numbers of people are demanding or opposing particular policies. This deception is most likely to occur where the interests of companies or governments come into conflict with the interests of the public. For example, there’s a long history of tobacco companies creating astroturf groups to fight attempts to regulate them.
After I wrote about online astroturfing in December, I was contacted by a whistleblower. He was part of a commercial team employed to infest internet forums and comment threads on behalf of corporate clients, promoting their causes and arguing with anyone who opposed them.
Like the other members of the team, he posed as a disinterested member of the public. Or, to be more accurate, as a crowd of disinterested members of the public: he used 70 personas, both to avoid detection and to create the impression there was widespread support for his pro-corporate arguments. I’ll reveal more about what he told me when I’ve finished the investigation I’m working on.
It now seems that these operations are more widespread, more sophisticated and more automated than most of us had guessed. Emails obtained by political hackers from a US cyber-security firm called HBGary Federal suggest that a remarkable technological armoury is being deployed to drown out the voices of real people.
As the Daily Kos has reported, the emails show that:
- Companies now use “persona management software”, which multiplies the efforts of each astroturfer, creating the impression that there’s major support for what a corporation or government is trying to do.
- This software creates all the online furniture a real person would possess: a name, email accounts, web pages and social media. In other words, it automatically generates what look like authentic profiles, making it hard to tell the difference between a virtual robot and a real commentator.
- Fake accounts can be kept updated by automatically reposting or linking to content generated elsewhere, reinforcing the impression that the account holders are real and active.
- Human astroturfers can then be assigned these “pre-aged” accounts to create a back story, suggesting that they’ve been busy linking and retweeting for months. No one would suspect that they came onto the scene for the first time a moment ago, for the sole purpose of attacking an article on climate science or arguing against new controls on salt in junk food.
- With some clever use of social media, astroturfers can, in the security firm’s words, “make it appear as if a persona was actually at a conference and introduce himself/herself to key individuals as part of the exercise… There are a variety of social media tricks we can use to add a level of realness to fictitious personas.”
Perhaps the most disturbing revelation is this. The US Air Force has been tendering for companies to supply it with persona management software, which will perform the following tasks:
a. Create “10 personas per user, replete with background, history, supporting details, and cyber presences that are technically, culturally and geographically consistent… Personas must be able to appear to originate in nearly any part of the world and can interact through conventional online services and social media platforms.”
b. Automatically provide its astroturfers with “randomly selected IP addresses through which they can access the internet” (an IP address is the number which identifies someone’s computer), and these are to be changed every day, “hiding the existence of the operation”. The software should also mix up the astroturfers’ web traffic with “traffic from multitudes of users from outside the organisation. This traffic blending provides excellent cover and powerful deniability.”
c. Create “static IP addresses” for each persona, enabling different astroturfers “to look like the same person over time”. It should also allow “organisations that frequent same site/service often to easily switch IP addresses to look like ordinary users as opposed to one organisation.”
Software like this has the potential to destroy the internet as a forum for constructive debate. It jeopardises the notion of online democracy. Comment threads on issues with major commercial implications are already being wrecked by what look like armies of organised trolls – as you can sometimes see on guardian.co.uk.
The internet is a wonderful gift, but it’s also a bonanza for corporate lobbyists, viral marketers and government spin doctors, who can operate in cyberspace without regulation, accountability or fear of detection. So let me repeat the question I’ve put in previous articles, and which has yet to be satisfactorily answered: what should we do to fight these tactics?
“Revealed: US spy operation that manipulates social media” (The Guardian, 17 – III – 2011)
Military’s ‘sock puppet’ software creates fake online identities to spread pro-American propaganda.
The US military is developing software that will let it secretly manipulate social media sites such as Facebook and Twitter by using fake online personas to influence internet conversations and spread pro-American propaganda.
A Californian corporation has been awarded a contract with United States Central Command (CENTCOM), which oversees US armed operations in the Middle East and Central Asia, to develop what is described as an “online persona management service” that will allow one US serviceman or woman to control up to 10 separate identities based all over the world.
The project has been likened by web experts to China’s attempts to control and restrict free speech on the internet. Critics are likely to complain that it will allow the US military to create a false consensus in online conversations, crowd out unwelcome opinions and smother commentaries or reports that do not correspond with its own objectives.
The discovery that the US military is developing false online personalities – known to users of social media as “sock puppets” – could also encourage other governments, private companies and non-government organisations to do the same.
The CENTCOM contract stipulates that each fake online persona must have a convincing background, history and supporting details, and that up to 50 US-based controllers should be able to operate false identities from their workstations “without fear of being discovered by sophisticated adversaries”.
CENTCOM spokesman Commander Bill Speaks said: “The technology supports classified blogging activities on foreign-language websites to enable CENTCOM to counter violent extremist and enemy propaganda outside the US.”
He said none of the interventions would be in English, as it would be unlawful to “address US audiences” with such technology, and any English-language use of social media by CENTCOM was always clearly attributed. The languages in which the interventions are conducted include Arabic, Farsi, Urdu and Pashto.
Once developed, the software could allow US service personnel, working around the clock in one location, to respond to emerging online conversations with any number of co-ordinated Facebook messages, blogposts, tweets, retweets, chatroom posts and other interventions. Details of the contract suggest this location would be MacDill air force base near Tampa, Florida, home of US Special Operations Command.
CENTCOM’s contract requires for each controller the provision of one “virtual private server” located in the United States and others appearing to be outside the US to give the impression the fake personas are real people located in different parts of the world.
It also calls for “traffic mixing”, blending the persona controllers’ internet usage with the usage of people outside CENTCOM in a manner that must offer “excellent cover and powerful deniability”.
The multiple persona contract is thought to have been awarded as part of a programme called Operation Earnest Voice (OEV), which was first developed in Iraq as a psychological warfare weapon against the online presence of al-Qaida supporters and others ranged against coalition forces. Since then, OEV is reported to have expanded into a $200m programme and is thought to have been used against jihadists across Pakistan, Afghanistan and the Middle East.
OEV is seen by senior US commanders as a vital counter-terrorism and counter-radicalisation programme. In evidence to the US Senate’s armed services committee last year, General David Petraeus, then commander of CENTCOM, described the operation as an effort to “counter extremist ideology and propaganda and to ensure that credible voices in the region are heard”. He said the US military’s objective was to be “first with the truth”.
This month Petraeus’s successor, General James Mattis, told the same committee that OEV “supports all activities associated with degrading the enemy narrative, including web engagement and web-based product distribution capabilities”.
CENTCOM confirmed that the $2.76m contract was awarded to Ntrepid, a newly formed corporation registered in Los Angeles. It would not disclose whether the multiple persona project is already in operation or discuss any related contracts.
Nobody was available for comment at Ntrepid.
In his evidence to the Senate committee, Gen Mattis said: “OEV seeks to disrupt recruitment and training of suicide bombers; deny safe havens for our adversaries; and counter extremist ideology and propaganda.” He added that Centcom was working with “our coalition partners” to develop new techniques and tactics the US could use “to counter the adversary in the cyber domain”.
According to a report by the inspector general of the US defence department in Iraq, OEV was managed by the multinational forces rather than CENTCOM.
Asked whether any UK military personnel had been involved in OEV, Britain’s Ministry of Defence said it could find “no evidence”. The MoD refused to say whether it had been involved in the development of persona management programmes, saying: “We don’t comment on cyber capability.”
OEV was discussed last year at a gathering of electronic warfare specialists in Washington DC, where a senior CENTCOM officer told delegates that its purpose was to “communicate critical messages and to counter the propaganda of our adversaries”.
Persona management by the US military would face legal challenges if it were turned against citizens of the US, where a number of people engaged in sock puppetry have faced prosecution.
Last year a New York lawyer who impersonated a scholar was sentenced to jail after being convicted of “criminal impersonation” and identity theft.
It is unclear whether a persona management programme would contravene UK law. Legal experts say it could fall foul of the Forgery and Counterfeiting Act 1981, which states that “a person is guilty of forgery if he makes a false instrument, with the intention that he or another shall use it to induce somebody to accept it as genuine, and by reason of so accepting it to do or not to do some act to his own or any other person’s prejudice”. However, this would apply only if a website or social network could be shown to have suffered “prejudice” as a result.
Aínda non hai comentarios.