As I keep saying, the fact that a government agency like the NSA has powerful tools doesn’t necessarily frighten me. Surveillance is a routine function of intelligence agencies struggling to maintain awareness of a big, fast-moving, and often dangerous world. But the private firms and corporations with access to those tools and information are absolutely terrifying to me because there are few, if any, checks on their activities. Congress has a well-defined oversight role with the CIA, FBI, Pentagon, etc., but who watches the contractors?
Thus I find Edward Snowden’s stolen PowerPoint slides less upsetting than his inexplicable access to them. USIS, the federal security contractor which ignored the gaping holes and red flags in Snowden’s resume when he was hired by the Booz Allen Hamilton firm, is a primary example of the damage inflicted on American national security by privatization advocates. In turn, Booz Allen was part of Team Themis, a joint project of tech and cyber security firms which existed solely to smear activists and journalists on behalf of the US Chamber of Commerce before it was exposed in February 2011. To date, there have been no Congressional hearings on Team Themis or the activities they planned to conduct.
Now comes the story of Tiversa, a cybersecurity firm which allegedly hacked into companies, framed identity thieves for the intrusion, then extorted the victims into hiring their services on that basis by threatening to turn them in to the Federal Trade Commission (FTC). Last week, a former Tiversa employee named Richard Wallace testified against the company in a Washington, DC courtroom, where one of their alleged victims is suing.
Wallace spoke of how Tiversa ruined a particular cancer testing center in Atlanta called LabMD. He admitted to breaking into the center’s computers to steal medical records. After that, Tiversa allegedly warned LabMD that it got hacked and offered its “incident response” services. When the clinic wouldn’t pay up, the cybersecurity firm reportedly threatened to notify the FTC of the (fake) security breach — and it did, since the center refused to give in. The FTC ended up taking LabMD to court in a lengthy legal battle that’s not even over yet, forcing the company to let go of all of its employees in 2014.
Of course, the FTC has nothing to do with American espionage agencies; they’re supposed to be watching out for American consumers. And as far as the agency knew, they were doing exactly that when they sued LabMD on the basis of what Tiversa had told them about a privacy breach. This underlines a subtle, disturbing shift in the power balance of corporate-government relations over the last two decades: the republic is no longer served by these entities so much as it serves them. Tiversa has allegedly used a United States government agency as their unwitting, predatory cat’s paw for at least seven years.
According to Wallace, Tiversa did this by using phony IP addresses — on the orders of Tiversa’s CEO, Bob Boback. The company, which works closely with law enforcement, would look up the Internet addresses that were used by known criminals or identity thieves, then claim that those IP addresses were sharing stolen files online. Wallace said it was a scare tactic that added “spread” to the supposed damage — and “wow factor.”
“So, to boil this down, you would make the data breach appear to be much worse than it actually had been?” FTC Administrative Judge Michael Chappell asked.
“That’s correct,” Wallace responded.
Almost uniquely among such scandals, the Tiversa matter has actually gained Congressional notice. Republican Congressman Darrell Issa, fearless leader of Benghazi witch-hunts, demanded that the FTC look into allegations of “corporate blackmail” and “unfair trade practices” last year (.PDF); this February, his committee formally made its accusations public.
The House Committee on Oversight & Government Reform said in its Dec. 1 report that, to all appearances, Tiversa kept back information contradicting what it told the FTC about the source and dissemination of a LabMD file. The FTC in August 2013 claimed LabMD failed to protect patient data, largely based on a file handed over by Tiversa, which the company claimed was outside LabMD’s internal network.
Tiversa’s failure to produce the requested documents “calls into question Tiversa’s credibility as a source of information for the FTC,” according to the committee, and the FTC “should no longer consider Tiversa to be a cooperating witness.
But if you were expecting the FTC to be portrayed as a victim in this scheme, you would be wrong. In 2013, LabMD CEO Michael J. Daugherty published a book titled The Devil Inside the Beltway: The Shocking Expose of the US Government’s Surveillance and Overreach Into Cybersecurity, Medicine and Small Business, which made expansive claims about Tiversa being an unofficial US government intelligence agency serving anti-business interests. The claims were so outrageous that Tiversa tried to sue Daugherty.
In his video ‘trailer’ for the book, available on Mr. Daugherty’s personal website, Mr. Daugherty highlights his position as LabMD’s president and CEO and Mr. Daugherty alleges that Tiversa is part of a ‘Government Funded Data Mining & Surveillance’ scheme that engages in ‘Psychological Warfare’ and helps to assist in ‘Abusive Government Shakedown[s].’ […] More specifically, Mr. Daugherty alleges Tiversa is conducting ‘300 Million Searches per day’ for ‘Homeland Security’ and the ‘Federal Trade Commission.’
Somewhat clarifying the true complexion of this convoluted story is the very close alliance between Daugherty and a ‘government watchdog’ organization called Cause of Action. Formerly known as the Freedom Through Justice Foundation, Cause of Action is in fact a right wing partisan nonprofit with abiding links to the Koch brothers and funding from the Franklin Center for Government and Public Integrity — as well as dark money from big, private donors. More attack dog than watchdog, the Franklin Center has always demonstrated a clear political agenda, especially when smearing the victims of Team Themis. The Koch brothers have long-running feuds with the Federal Trade Commission; so do their billionaire friends.
In other words, to Daugherty’s allies, the Tiversa story is an opportunity to further propagandize against the existence of a government agency that has sometimes checked their most abusive and toxic schemes. In a classic case of right wing triangulation, the advocates of privatized government project the resulting failures onto the government so they can further disestablish the agencies which protect consumers and free citizens from their pollution and exploitation. These efforts usually involve using small businesses as a cudgel against laws designed to reign in big business. For example, Cause of Action has supported a family-owned oyster farm against the Department of the Interior, but did so as a broader effort to push approval of the Keystone XL pipeline. Whereas LabMD ought to be a cautionary example of what’s wrong with ‘small government’ theology, its CEO has become just another partner in the relentless quest to drown government in a bathtub so that it can’t protect us from the next Tiversa.