FBI Hired Firm That Labeled BLM Leaders “Threat Actors”

The FBI’s primary tool for monitoring social media threats is the same contractor that labeled peaceful Black Lives Matter protest leaders DeRay McKesson and Johnetta Elzie as “threat actors” requiring “continuous monitoring” in 2015.

The contractor, ZeroFox, identified McKesson and Elzie as posing a “high severity” physical threat, despite including no evidence that McKesson or Elzie were suspected of criminal activity. “It’s been almost a decade since the referenced 2015 incident and in that time we have invested heavily in fine-tuning our collections, analysis and labeling of alerts,” Lexie Gunther, a spokesperson for ZeroFox, told The Intercept, “including the addition of a fully managed service that ensures human analysis of every alert that comes through the ZeroFox Platform to ensure we are only alerting customers to legitimate threats and are labeling those threats appropriately.”

The FBI, which declined to comment, hired ZeroFox in 2021, a fact referenced in the new 106-page Senate report about the intelligence community’s failure to anticipate the January 6, 2021, uprising at the U.S. Capitol. The June 27 report, produced by Democrats on the Senate Homeland Security Committee, shows the bureau’s broad authorities to surveil social media content — authorities the FBI previously denied it had, including before Congress. It also reveals the FBI’s reliance on outside companies to do much of the filtering for them.

The FBI’s $14 million contract to ZeroFox for “FBI social media alerting” replaced a similar contract with Dataminr, another firm with a history of scrutinizing racial justice movements. Dataminr, like ZeroFox, subjected the Black Lives Matter movement to web surveillance on behalf of the Minneapolis Police Department, previous reporting by The Intercept has shown.

In testimony before the Senate in 2021, the FBI’s then-Assistant Director for Counterterrorism Jill Sanborn flatly denied that the FBI had the power to monitor social media discourse.

“So, the FBI does not monitor publicly available social media conversations?” asked Arizona Sen. Kyrsten Sinema.

“Correct, ma’am. It’s not within our authorities,” Sanborn replied, citing First Amendment protections barring such activities.

Sanborn’s statement was widely publicized at the time and cited as evidence that concerns about federal government involvement in social media were unfounded. But, as the Senate report stresses, Sanborn’s answer was false.

“FBI leadership mischaracterized the Bureau’s authorities to monitor social media,” the report concludes, calling it an “exaggeration of the limits on FBI’s authorities,” which in fact are quite broad.

It is under these authorities that the FBI sifts through vast amounts of social media content searching for threats, the report reveals.

“Prior to 2021, FBI contracted with the company Dataminr that used pre-defined search terms to identify potential threats from voluminous open-source posts online, which FBI could then investigate further as appropriate,” the report states, citing internal FBI communications obtained as part of the committee’s investigation. “Effective Jan. 1, 2021, FBI’s contract for these services switched to a new company called ZeroFox that would perform similar functions under a new system.”

The FBI has maintained that its “intent is not to ‘scrape’ or otherwise monitor individual social media activity,” instead insisting that it “seeks to identify an immediate alerting capability to better enable the FBI to quickly respond to ongoing national security and public safety-related incidents.” Dataminr has also previously told The Intercept that its software “does not provide any government customers with the ability to target, monitor or profile social media users, perform geospatial, link or network analysis, or conduct any form of surveillance.”

While it may be technically true that flagging social media posts based on keywords isn’t the same as continuously flagging posts from a specific account, the notion that this doesn’t amount to monitoring specific users is misleading. If an account is routinely using certain keywords (e.g. #BlackLivesMatter), flagging those keywords would surface the same accounts repeatedly.

The 2015 threat report for which ZeroFox was criticized specifically called for “continuous monitoring” of McKesson and Elzie. In an interview with The Intercept, Elzie stressed how incompetent the FBI’s analysis of social media was in her situation. She described a visit the FBI paid her parents in 2016, telling them that it was imperative she not attend the Republican National Convention in Cleveland — an event she says she had no intention of attending and which troll accounts on Twitter bearing her name claimed she would be at to foment violence. (The FBI confirmed that it was “reaching out to people to request their assistance in helping our community host a safe and secure convention,” but did not respond to allegations that they were trying to discourage activists from attending the convention.)

“My parents were like why would she be going to the RNC? And that’s where the conversation ended because they couldn’t answer that.”

“I don’t think [ZeroFox] should be getting $14 million dollars [from] the same FBI that knocked on my family’s door [in Missouri] and looked for me when it was world news that I was in Baton Rouge at the time,” Elzie told The Intercept. “They’re just very unserious, both organizations.”

The FBI was so dependent on automated social media monitoring for ascertaining threats that the temporary loss of access to such software led to panic by bureau officials.

“This investigation found that FBI’s efforts to effectively detect threats on social media in the lead-up to January 6th were hampered by the Bureau’s change in contracts mere days before the attack,” the report says. “Internal FBI communications obtained by the Committee show how that transition caused confusion and concern as the Bureau’s open-source monitoring capabilities were degraded less than a week before January 6th.”

One of the FBI communications obtained by the committee was an email from an FBI official at the Washington Field Office, lamenting the loss of Dataminr, which the official deemed “crucial.”

“Their key term search allows Intel to enter terms we are interested in without having to constantly monitor social media as we’ll receive notification alerts when a social media posts [sic] hits on one of our key terms,” the FBI official said.

“The amount of time saved combing through endless streams of social media is spent liaising with partners and collaborating and supporting operations,” the email continued. “We will lose this time if we do not have a social media tool and will revert to scrolling through social media looking for concerning posts.”

But civil libertarians have routinely cautioned against the use of automated social media surveillance tools not just because they place nonviolent, constitutionally protected speech under suspicion, but also for their potential to draw undue scrutiny to posts that represent no threat whatsoever.

While tools like ZeroFox and Dataminr may indeed spare FBI analysts from poring over timelines, the company’s in-house definition of what posts are relevant or constitute a “threat” can be immensely broad. Dataminr has monitored the social media usage of people and communities of color based on law enforcement biases and stereotypes.

A May report by The Intercept also revealed that the U.S. Marshals Service’s contract with Dataminr had the company relaying not only information about peaceful abortion rights protests, but also web content that had no apparent law enforcement relevance whatsoever, including criticism of the Met Gala and jokes about Donald Trump’s weight.

The FBI email closes noting that “Dataminr is user friendly and does not require an expertise in social media exploitation.” But that same user-friendliness can lead government agencies to rely heavily on the company’s designations of what is important or what constitutes a threat.

The dependence is mutual. In its Securities and Exchange Commission filing, ZeroFox says that “one U.S. government customer accounts for a substantial portion” of its revenue.

Additional reporting by Sam Biddle.