Judicial Watch: Records Show Federal Agency ‘Real-Time Narrative Tracking’ to Take Down Social Media Posts During 2020 Election
By Judicial Watch staff
Judicial Watch announced today it received 44 pages of records in a Freedom of Information Act (FOIA) lawsuit from the U.S. Department of Homeland Security (DHS) that show a close collaboration between DHS’s Cybersecurity and Information Security Agency (CISA) and the leftist Election Integrity Partnership (EIP) to engage in “real-time narrative tracking” on all major social media platforms in the days leading up to the 2020 election.
The records discuss “takedowns” of social media posts and the avoidance of creating public records subject to FOIA.
The records also show that the EIP, which was initially called the Election Misinformation Partnership in the days leading up to the November 3, 2020, election, tasked staffers with monitoring online election content 24 hours a day with a priority being “disinfo that is going viral.”
Judicial Watch obtained the records thanks to a Freedom of Information Act (FOIA) lawsuit after DHS failed to respond to its October 5, 2022, request (Judicial Watch v. U.S. Department of Homeland Security (No. 1:22-cv-03560)). Judicial Watch is asking for:
- All records of communication between the CISA and the EIP. This includes all “tickets” or notifications to the Partnership regarding election-related disinformation on any social media platform.
- All records regarding the July 9, 2020, meeting between DHS officials and representatives of the EIP.
- All records of communication between the CISA and the University of Washington’s Center for an Informed Public and/or Stanford University’s Internet Observatory regarding any of the following:
- The Election Integrity Partnership
- The 2020 U.S. election
- Online misinformation and disinformation
- Any social media platform
The Election Integrity Partnership was created in July 2020, just before the presidential election. According to Just the News:
The consortium is comprised of four member organizations: Stanford Internet Observatory (SIO), the University of Washington’s Center for an Informed Public, the Atlantic Council’s Digital Forensic Research Lab, and social media analytics firm Graphika. It set up a concierge-like service in 2020 that allowed federal agencies like Homeland’s Cybersecurity Infrastructure Security Agency (CISA) and State’s Global Engagement Center to file “tickets” requesting that online story links and social media posts be censored or flagged by Big Tech.
Three liberal groups — the Democratic National Committee, Common Cause and the NAACP — were also empowered like the federal agencies to file tickets seeking censorship of content. A Homeland-funded collaboration, the Elections Infrastructure Information Sharing and Analysis Center, also had access.
The newly obtained records include an undated PowerPoint presentation titled “Election Misinformation Partnership.”
Several pages in the presentation discuss “takedowns,” including:
Example Flow 5: Sourced from Platform [formatting in original]
Days after 11/03, Facebook notifies EMP of an impending takedown of a group of pages exhibiting coordinated inauthentic behavior. Since the election, these pages have consistently pushed a narrative encouraging Americans in key states to call for invalidation of election results. Facebook will take these pages down in one hour, and is already briefing relevant state and local election officials.
***
Notes: Given that information is platform-verified, and Facebook has a direct relationship with local election officials, EMP’s involvement can be smaller with the initial dump. EMP should follow up with election officials and the platform in case either stakeholder wants for further research.
The presentation discusses the avoidance of creating public records subject to FOIA:
Best way to collaborate
What’s the best way to collaborate?
- CISA can’t create their own Slack channels, but can participate in others’.
- Listservs are bad (public records requirements).
- Jira is fine.
- CISA has privacy concerns: can’t monitor people’s individual accounts; ensure CISA doesn’t participate in discussions or notes concerning U.S. persons.
- Setup:
- SIO will have dedicated Slack, something like Jira or Salesforce (will ask for donation), separate from Stanford and destroyed once over.
- We’ll intake info by email, but direct people to private forms SIO and CISA have distributed.
- Info from there will go into queue -> be triaged, assigned SLA.
A slide in the presentation titled “Stanford Internet Observatory Calendar” details its monitoring plan: “November: Full Time, Election: 24/7 monitoring in shifts. Heightened monitoring during voting times. Emphasis on voter suppression tactics. Election November 3, 2020. December: Full Time, Post-Election: Full time monitoring continues, but not 24/7. Emphasis on narratives around election legitimacy (EX: mail in ballot theories). Release brief post-mortem.”
A portion of the presentation labeled “Summarized notes” states:
Overview: CISA has limited capabilities to identify, track disinfo narratives + attempts to undermine confidence in elections
- SIO does = good partnership
- Major goal: prevent a crisis of confidence in 2020 elections
- E.g., where Russia doesn’t change any votes (or changes just a few), but claims they changed many more and hysteria is blown out of proportion
Scope: Keep scope narrow: focus on election-related disinfo that has the potential to impact the public’s voting patterns
Partnerships and Relationships SIO [Stanford Internet Observatory] would be the coordinators, working w/ Graphika [https://graphika.com], DFRLab [Digital Forensic Research Lab], and [redacted’s] team at UW [University of Washington].
- Mutual trust is key: don’t want to need NDAs, legal red tape.
- Need to build out workflow management system: JIRA/Slack/other communications channels, shared processes and definitions, etc.
- [Redacted] envisions Tier 1 and Tier 2 partners:
- Tier 1 is intake (of tips, disinfo reports, etc.): consisting of people either digging for narratives, or processing info received from other partners.
- Think students, election officials, etc. who are looking for disinfo.
- Workflow: check that info against protocols, do some initial data aggregation, triage it into the workflow management system.
- Tier 2 is the 4 orgs [redacted] I team at Stanford, Graphika, etc.
Workflow: take stuff off the workflow management queue, process it.
- Need to sketch that out.
- SLA for different times of the calendar based on the level of severity obtained by triage.
E.g., a report from the general public will have less priority than a report from an on-the-ground election official; a report for disinfo that is not popular will have less priority than disinfo that is going viral.
General public = more turnaround time, but election officials = less turnaround time: need to get back to them fast.
- SIO has good relationship w/ platforms who already care.
-
- See the Secondary Infektion (Russian disinfo op) report.
-
Think through all the platforms that might have been useful there (e.g., communicating with Twitter at stage x would have stopped the spread).
- Meanwhile, CISA has strong relationships w/ election officials.
- CISA is happy to introduce SIO to them, do outreach.
- Just keep CISA in the info-sharing pipeline.
***
CISA’s concern starts 45 days out operationally, when military/overseas voters start mailing.
- Start hunting, messaging at beginning of September.
- Lower SLA (higher turnaround time/less priority), but start looking for search terms and taking tips.
- The days leading up to/right after Election Day will be much more intense.
- It’ll be an effective SOC, maybe a physical one, but in a much larger space.
A July 10, 2020, email sent from a redacted sender to CISA officials Allison Snell, Brian Scully, Matthew Masterson, Geoffrey Hale, and several other persons whose names are redacted, states:
July will be big to get things going on both the CISA and SIO front, so we will be sure to keep open lines of communication. Thank you again for everyone’s help in getting this going, looking forward to getting to work here!
Action Items:
CISA (@ who I will be reaching out to).
- El-ISAC [https://www.cisa.gov/resources-tools/groups/join-ei-isac] connection: introduction to (redacted) heading social media reporting (@Masterson, Matthew)
- CFI plug-in: discussions how to best integrate reporting into CISA/CFI’s ops center and send tips back to SIO (@Scully, Brian).
- Legal: get an initial proposal for OCC (@ Snel, Allison).”
The presentation includes a slide regarding the Stanford Internet Observatory (SIO):
The Stanford Internet Observatory (SIO) is a cross-disciplinary program of research, teaching, and policy engagement for the study and abuse in current information technologies, with a focus on social media.
Key capabilities:
- Experienced disinformation research team of analytical and technical talent.
- Real-time narrative tracking capabilities for all major platforms (Facebook, Instagram, Twitter, Reddit, potential for TikTok).
- Additional API or historical access to ‘fringe’ platforms (Gab, Parler, 4Chan).
- Established and collaborative node within the third-party misinformation research ecosystem.”
The presentation gives an example of a scenario the CISA-EIP collaborators could be faced with:
Example Flow 3: Stickier [formatting in original]
#BidenStoleMichigan is trending on Twitter on election day. Groups of seemingly-local accounts tweet @MISecofState to demand the Michigan election results be declared invalid, citing a fresh Epoch Times article alleging shady connections between Michigan’s SoS, Bill Gates, and Joe Biden. Their tweets are relatively few, but see high engagement shortly after posting and spread around right-leaning Twitter. Researchers trace the origin of the article to posts on 4chan and Parler encouraging Michiganders to confront @MlSecOfState on Twitter over the story and calling for the Michigan results to be declared invalid.
***
Notes: This scenario has a geographical component, but seems targeted to ideological groups online. While particular election officials are targeted, the political nature of the content makes counter-messaging difficult. A government-only response would be even stickier however.
In a June 26, 2023 report, the Committee on the Judiciary and the Select Subcommittee on the Weaponization of the Federal Government writes about CISA:
Founded in 2018, CISA was originally intended to be an ancillary agency designed to protect “critical infrastructure” and guard against cybersecurity threats. In the years since its creation, however, CISA metastasized into the nerve center of the federal government’s domestic surveillance and censorship operations on social media. By 2020, CISA routinely reported social media posts that allegedly spread “disinformation” to social media platforms. By 2021, CISA had a formal “Mis-, Dis-, and Malinformation” (MDM) team. In 2022 and 2023, in response to growing public and private criticism of CISA’s unconstitutional behavior, CISA attempted to camouflage its activities, duplicitously claiming it serves a purely “informational” role.
“These records show the lengths to which a ‘Homeland Security’ Deep State agency went in its effort to censor and suppress Americans during and after the 2020 election,” said Judicial Watch President Tom Fitton. “That it took a federal lawsuit to extract these disturbing records should raise additional worries about what else this Biden administration is up to.”
Separately, in August 2023, Judicial Watch filed two FOIA lawsuits against the U.S. Department of Justice and other federal agencies for communications between the agencies and Facebook and Twitter regarding the government’s involvement in content moderation and censorship on the social media platforms.
In June 2023, Judicial Watch sued DHS for all records of communications tied to the Election Integrity Partnership. Based on representations from the EIP (see here and here), the federal government, social media companies, the EIP, the Center for Internet Security (a non-profit organization funded partly by DHS and the Defense Department) and numerous other leftist groups communicated privately via the Jira software platform developed by Atlassian.
In February 2023, Judicial Watch sued the U.S. Department Homeland Security (DHS) for records showing cooperation between the Cybersecurity and Information Security Agency (CISA) and social media platforms to censor and suppress free speech.
Judicial Watch in January 2023 sued the DOJ for records of communications between the Federal Bureau of Investigation (FBI) and social media sites regarding foreign influence in elections, as well as the Hunter Biden laptop story.
In September 2022, Judicial Watch sued the Secretary of State of the State of California for having YouTube censor a Judicial Watch election integrity video.
In May 2022, YouTube censored a Judicial Watch video about Biden corruption and election integrity issues in the 2020 election. The video, titled “Impeach? Biden Corruption Threatens National Security,” was falsely determined to be “election misinformation” and removed by YouTube, and Judicial Watch’s YouTube account was suspended for a week. The video featured an interview of Judicial Watch President Tom Fitton. Judicial Watch continues to post its video content on its Rumble channel (https://rumble.com/vz7aof-fitton-impeach-biden-corruption-threatens-national-security.html).
In July 2021, Judicial Watch uncovered records from the Centers for Disease Control and Prevention (CDC), which revealed that Facebook coordinated closely with the CDC to control the COVID narrative and “misinformation” and that over $3.5 million in free advertising given to the CDC by social media companies.
In May 2021, Judicial Watch revealed documents showing that Iowa state officials pressured social media companies Twitter and Facebook to censor posts about the 2020 election.
In April 2021, Judicial Watch published documents revealing how California state officials pressured social media companies (Twitter, Facebook, Google (YouTube)) to censor posts about the 2020 election.
From judicialwatch.org