The CDC has plunged into chaos. Dr. Susan Monarez, the newly minted CDC Director, a role she held for a matter of mere weeks, has been fired by the Trump administration. We actually wrote about Monarez previously, as she was engaged with both the CDC team that was the target of an attempted mass shooting in Atlanta, as well as the broader CDC staff, largely over their concerns that HHS Secretary RFK Jr. was both putting them in danger with his bullshit conspiracy theories and that Kennedy’s theories were completely at odds with good science. CDC, along with the broader HHS agencies, have gone through a large number of layoffs, firings, and resignations. I’ve joked before that Kennedy is responsible for more loss of brain matter at our nations health agencies than any worm could hope to achieve.
But this ultimately isn’t a joke. We traditionally staff agencies like CDC with very, very smart people for a reason. Life and death reasons. Pandemic reasons. Child safety reasons. And playing a cavalier game with these people is not smart. Nor is treating them like pawns in someone’s personal political agenda, which is exactly what Kennedy is doing.
Lawyers representing Dr Monarez said her sacking was illegal, and alleged she was targeted by Kennedy because she refused “to rubber-stamp unscientific, reckless directives”.
Other reports suggest that she was given an ultimatum directly from Kennedy: support the things I say about vaccines as well as our updated vaccination schedules, or resign. That’s not someone who is looking for “gold standard science,” a phrase Kennedy loves to use but clearly doesn’t understand. Instead, it’s someone who has a conclusion in mind and simply wants the science to be mocked up to make it look like he’s right.
The White House came pretty damned close to admitting as much in this hilarious back and forth.
On Wednesday, Dr Monarez’s lawyers issued a statement saying that she had chosen “protecting the public over serving a political agenda”.
The White House statement announcing the termination of her post said: “As her attorney’s statement makes abundantly clear, Susan Monarez is not aligned with the president’s agenda.”
Yes, you asshats, she made it clear that she wants to protect the public instead. Your response sure makes it sound like you’re acknowledging that she was asked to serve the political agenda instead of protecting the public.
And she isn’t the only one. Several high-ranking CDC staffers resigned in the wake of her firing in protest. CDC staff who didn’t resign lined the outside of CDC offices and clapped for their former colleagues as they exited the building.
Demetre Daskalakis, who was director of the National Center for Immunization and Respiratory Diseases, said recent policy changes surrounding the COVID vaccine threatened lives and there had been an “intentional eroding of trust in low-risk vaccines.” Other departing officials include CDC chief medical officer Debra Houry and Daniel Jernigan, director of the CDC’s National Center for Emerging and Zoonotic Infectious Diseases.
Daskalakis, responding to a question about what Kennedy should be asked if he were to appear at a Senate hearing, said: “Has he ever been briefed by a CDC expert on anything? Specifically, measles, COVID-19, flu? I think people should ask him that.
“The answer is no. No one from my center has ever briefed him on any of those topics. He’s getting information from somewhere, but that information is not coming from CDC experts, who really are the world’s experts in this area. Perhaps he has alternate experts that he may trust more than the experts at CDC that the rest of the world regards as the best scientists in these areas,” he said.
It’s hard to know how to even respond. We have the worst outbreak of measles in several decades… and Kennedy never sought or received a briefing on it from the CDC? Kennedy is radically altering the vaccine schedules for children and for COVID vaccines… and he never got a readout on the science of either from the CDC? This brain-wormed growl-monster ended half a billion dollars worth of federal funding for mRNA vaccines generally… and didn’t get any input from CDC on that decision?
I half expect this to turn out to be untrue and that briefings of some sort did in fact occur. If not, then holy shit, Congress needs to start firing up some hearings and get to the bottom of what is occurring at HHS, because all of this uninformed chaos is going to result in very real deaths.
By now, it is common knowledge that RFK Jr. had a brain worm that consumed a portion of his brain. It’s actually not as rare or crazy as it sounds at first blush, mind you, but it’s also not terribly common in the United States. And, at the end of the day, a worm ate part of his brain, resulting in some health and memory issues he had as a result of the loss of brain mass.
Kennedy appears to be doing something similar to the Health and Human Services Department he runs. A significant amount of brain power has left HHS and its child agencies. Some of those losses have been due to budget cuts. Some of them have come from RFK Jr. personally firing them, as he did with the vaccine advisory panel at the CDC, replacing them with a group that includes anti-vax lunatics.
But while those instances have grabbed most of the headlines, there is also an exodus of brainpower from HHS from those choosing to leave government services because they no longer believe in those running their departments. The most recent example of this is Dr. Fiona Havers.
Dr. Fiona Havers, who led the CDC’s tracking of hospitalizations from COVID-19 and RSV (respiratory syncytial virus), stepped down this week.
“Unfortunately,” she said in an email to colleagues, ” I no longer have confidence that these data will be used objectively or evaluated with appropriate scientific rigor to make evidence-based vaccine policy decisions.” The memo was obtained by The Washington Post. Havers worked at the CDC for 13 years. She presented hospitalization data at ACIP meetings.
Her resignation is the latest in a string of exits from the agency.
Indeed. The CDC specifically has also lost another high-ranking vaccine advisor, not to mention the five senior leaders that resigned earlier this year as a result of the new leadership put in place by the Trump administration. And you can be damned sure that there are many more that have left HHS and its child agencies without having generated any headlines.
It’s clear what is happening here. RFK Jr. is creating a climate inhospitable to the career experts and professionals who don’t align with his views on health and medicine. This is causing many of them to voluntarily leave, while Kennedy is then happy to terminate the employment of those who attempt to stick it out. Once HHS’ brain has been hollowed out by this Kennedy-worm, the cavity can be filled back in with the kind of problematic charlatans who give Kennedy the warm and fuzzies.
What’s important to understand about this is that the damage this is causing is immediate, as we’re seeing with the measles outbreak that is refusing to go away, but that it’s also long term. The harm done to our public health will echo for many years and, perhaps, even generations.
All because nobody is willing to stand up and demand Kennedy be removed from his post.
As RFK Jr. has presided over the decimation of the Health & Human Services department he runs, along with HHS’ child agencies, his anti-vaxxer stance has shown through. And, really, his appointment, confirmation, and subsequent actions should fully put to bed any question of the utility of congressional approval of cabinet positions. During those hearings, in which Kennedy spent most of the time either refusing to answer perfectly legitimate questions or else demonstrating that he had zero understanding how the programs he would be running actually work and are funded, Kennedy also voiced his support for vaccines generally, particularly for children. This flew in the face of the decades Kennedy has spent blaming vaccines for autism rates increasing, among other things. The consequences for what was a spectacular fail-job of a confirmation hearing was his appointment to Secretary of HHS.
Since his confirmation, Kennedy has helpfully put his incompetence on full display. He has bungled a measles outbreak that is the 2nd largest in three decades and still expanding, prattled on about chemtrails, committed to knowing the cause of autism this year only to walk that back, and at least attempted to pull back CDC guidance on COVID-19 vaccines for children and pregnant women. All of this should have laid to bare for government leaders that Kennedy is anti-science, anti-vaccine, and grossly incompetent to run a small medical clinic, never mind HHS.
But in case you needed an example the contrast turned all the way to 100%, Kennedy this week decided to fire every single member of the CDC’s immunization advisory panel. This decision was announced not in a press conference, nor in a congressional hearing, but by an op-ed in the Wall Street Journal.
In an opinion piece published Monday in The Wall Street Journal, Kennedy announced that he had cleared out the committee, accusing them of being “plagued with persistent conflicts of interest” and a group that has “become little more than a rubber stamp for any vaccine.”
“Without removing the current members, the current Trump administration would not have been able to appoint a majority of new members until 2028,” Kennedy added.
The committee—CDC’s Advisory Committee on Immunization Practices (ACIP)—meets periodically to publicly review, evaluate, debate, and make recommendations on immunization practices. The CDC typically adopts the committee’s recommendations. The CDC’s vaccination schedules and recommendations set clinical standards for the country and determine insurance coverage.
The group is pretty damned important, in other words, when it comes to how the CDC, clinicians, and insurance companies throughout the country organized their parts of various vaccination programs throughout the country. Programs that Kennedy has historically railed against, regularly engaging in conspiracy theories. And you really do have to couple this news with Kennedy’s rejection of the germ theory of disease, which has been powering modern medicine for the past century or so. Put more simply: a man who has spent decades railing against modern vaccine practices and who rejects the cornerstone of modern medicine conducted his own less directly violent version of the Comrade’s Massacre, with the public ouster of these experts coupled with a public declaration of their being unfit to serve.
If you think that comparison is too harsh, you aren’t paying attention to the authoritarian playbook, which Kennedy has obviously adopted. Worse than accusing ACIP members of being purposefully corrupt, Kennedy outlines why they simply can’t help but be corrupted. There’s no agency in any of this among those he ousted. They are corrupt by a combination of any connection Kennedy could draw to the medical industry and his own declaration that they are so.
In Kennedy’s article, he criticized ACIP and FDA advisors for being in the pocket of the pharmaceutical industry. However, he argued that the “problem isn’t necessarily that ACIP members are corrupt.”
“Most likely aim to serve the public interest as they understand it,” he wrote. “The problem is their immersion in a system of industry-aligned incentives and paradigms that enforce a narrow pro-industry orthodoxy.”
In Kennedy’s op-ed, he indicates that new ACIP members will be appointed who “won’t directly work for the vaccine industry. … will exercise independent judgment, refuse to serve as a rubber stamp, and foster a culture of critical inquiry.”
Read all of this any way you like, but it’s fairly straight forward. Kennedy thinks that ACIP was working for the big pharma industry against the interests of the American people and their health, particularly when it comes to all things vaccines. He purged them and will replace them with his own hand-picked advisors that will almost certainly be plagued by similar misguided views. And that group, currently populated by nobody at all, will meet in 2 weeks to talk about immunization programs according to Kennedy.
Critics of this purge abound, as you would expect. And, because they come from the very medical experts and industries that Kennedy claims are conspiring against us all in order to, I guess, sell vaccines, they can be easily dismissed by his cadre of sycophants.
Kennedy’s move was quickly rebuked by a number of doctors groups. A statement released by the American Medical Association said it “upends a transparent process that has saved countless lives.” The American Academy of Pediatrics called it part of an “escalating effort by the Administration to silence independent medical expertise and stoke distrust in lifesaving vaccines.”
“This is horrifying,” a CDC official said of Kennedy’s move.
The American Public Health Association denounced it as an undemocratic “coup” of the process. The Infectious Disease Society of America called it “reckless, shortsighted and severely harmful.” The American College of Physicians accused Kennedy of having “circumvented the standard, transparent vaccine review processes” at the CDC.
If you thought that Kennedy would be allowed to retain his position, one for which he is hopelessly unqualified, and the extent of the fallout from it would be a mere measles outbreak, conspiracy talk, and maybe a handful of dead bodies, it really could get so, so much worse than that. A change in the government’s immunization guidance that deviates from actual medical science can’t help but filter down to some percentage of doctors and the public.
And people will get sick, and indeed some will die, as a result. In fact, that has already started to happen. The only question now is just how large a body count Kennedy will manage to rack up.
When Thomas Fugate graduated from college last year with a degree in politics, he celebrated in a social media post about the exciting opportunities that lay beyond campus life in Texas. “Onward and upward!” he wrote, with an emoji of a rocket shooting into space.
His career blastoff came quickly. A year after graduation, the 22-year-old with no apparent national security expertise is now a Department of Homeland Security official overseeing the government’s main hub for terrorism prevention, including an $18 million grant program intended to help communities combat violent extremism.
The White House appointed Fugate, a former Trump campaign worker who interned at the hard-right Heritage Foundation, to a Homeland Security role that was expanded to include the Center for Prevention Programs and Partnerships. Known as CP3, the office has led nationwide efforts to prevent hate-fueled attacks, school shootings and other forms of targeted violence.
Fugate’s appointment is the latest shock for an office that has been decimated since President Donald Trump returned to the White House and began remaking national security to give it a laser focus on immigration.
News of the appointment has trickled out in recent weeks, raising alarm among counterterrorism researchers and nonprofit groups funded by CP3. Several said they turned to LinkedIn for intel on Fugate — an unknown in their field — and were stunned to see a photo of “a college kid” with a flag pin on his lapel posing with a sharply arched eyebrow. No threat prevention experience is listed in his employment history.
Typically, people familiar with CP3 say, a candidate that green wouldn’t have gotten an interview for a junior position, much less be hired to run operations. According to LinkedIn, the bulk of Fugate’s leadership experience comes from having served as secretary general of a Model United Nations club.
“Maybe he’s a wunderkind. Maybe he’s Doogie Howser and has everything at 21 years old, or whatever he is, to lead the office. But that’s not likely the case,” said one counterterrorism researcher who has worked with CP3 officials for years. “It sounds like putting the intern in charge.”
In the past seven weeks, at least five high-profile targeted attacks have unfolded across the U.S., including a car bombing in California and the gunning down of two Israeli Embassy aides in Washington. Against this backdrop, current and former national security officials say, the Trump administration’s decision to shift counterterrorism resources to immigration and leave the violence-prevention portfolio to inexperienced appointees is “reckless.”
“We’re entering very dangerous territory,” one longtime U.S. counterterrorism official said.
The fate of CP3 is one example of the fallout from deep cuts that have eliminated public health and violence-prevention initiatives across federal agencies.
The once-bustling office of around 80 employees now has fewer than 20, former staffers say. Grant work stops, then restarts. One senior civil servant was reassigned to the Federal Emergency Management Agency via an email that arrived late on a Saturday.
The office’s mission has changed overnight, with a pivot away from focusing on domestic extremism, especially far-right movements. The “terrorism” category that framed the agency’s work for years was abruptly expanded to include drug cartels, part of what DHS staffers call an overarching message that border security is the only mission that matters. Meanwhile, the Trump administration has largely left terrorism prevention to the states.
ProPublica sent DHS a detailed list of questions about Fugate’s position, his lack of national security experience and the future of the department’s prevention work. A senior agency official replied with a statement saying only that Fugate’s CP3 duties were added to his role as an aide in an Immigration & Border Security office.
“Due to his success, he has been temporarily given additional leadership responsibilities in the Center for Prevention Programs and Partnerships office,” the official wrote in an email. “This is a credit to his work ethic and success on the job.”
ProPublica sought an interview with Fugate through DHS and the White House, but there was no response.
The Trump administration rejects claims of a retreat from terrorism prevention, noting partnerships with law enforcement agencies and swift investigations of recent attacks. “The notion that this single office is responsible for preventing terrorism is not only incorrect, it’s ignorant,” spokesperson Abigail Jackson wrote in an email.
Through intermediaries, ProPublica sought to speak with CP3 employees but received no reply. Talking is risky; tales abound of Homeland Security personnel undergoing lie-detector tests in leak investigations, as Secretary Kristi Noem pledged in March.
Accounts of Fugate’s arrival and the dismantling of CP3 come from current and former Homeland Security personnel, grant recipients and terrorism-prevention advocates who work closely with the office and have at times been confidants for distraught staffers. All spoke on condition of anonymity for fear of reprisal from the Trump administration.
In these circles, two main theories have emerged to explain Fugate’s unusual ascent. One is that the Trump administration rewarded a Gen Z campaign worker with a resume-boosting title that comes with little real power because the office is in shambles.
The other is that the White House installed Fugate to oversee a pivot away from traditional counterterrorism lanes and to steer resources toward MAGA-friendly sheriffs and border security projects before eventually shuttering operations. In this scenario, Fugate was described as “a minder” and “a babysitter.”
DHS did not address a ProPublica question about this characterization.
Rising MAGA Star
The CP3 homepage boasts about the office’s experts in disciplines including emergency management, counterterrorism, public health and social work.
Fugate brings a different qualification prized by the White House: loyalty to the president.
On Instagram, Fugate traced his political awakening to nine years ago, when as a 13-year-old “in a generation deprived of hope, opportunity, and happiness, I saw in one man the capacity for real and lasting change: Donald Trump.”
Fugate is a self-described “Trumplican” who interned for state lawmakers in Austin before graduating magna cum laude a year ago with a degree in politics and law from the University of Texas at San Antonio. Instagram photos and other public information from the past year chronicle his lightning-fast rise in Trump world.
Starting in May 2024, photos show a newly graduated Fugate at a Texas GOP gathering launching his first campaign, a bid for a delegate spot at the Republican National Convention in Milwaukee. He handed out gummy candy and a flier with a photo of him in a tuxedo at Trump’s Mar-a-Lago estate. Fugate won an alternate slot.
The next month, he was in Florida celebrating Trump’s 78th birthday with the Club 47 fan group in West Palm Beach. “I truly wish I could say more about what I’m doing, but more to come soon!” he wrote in a caption, with a smiley emoji in sunglasses.
Posts in the run-up to the election show Fugate spending several weeks in Washington, a time he called “surreal and invigorating.” In July, he attended the Republican convention, sporting the Texas delegation’s signature cowboy hat in photos with MAGA luminaries such as former Cabinet Secretary Ben Carson and then-Rep. Matt Gaetz (R-Fla.).
By late summer, Fugate was posting from the campaign trail as part of Trump’s advance team, pictured at one stop standing behind the candidate in a crowd of young supporters. When Trump won the election, Fugate marked the moment with an emotional post about believing in him “from the very start, even to the scorn and contempt of my peers.”
“Working alongside a dedicated, driven group of folks, we faced every challenge head-on and, together, celebrated a victorious outcome,” Fugate wrote on Instagram.
In February, the White House appointed Fugate as a “special assistant” assigned to an immigration office at Homeland Security. He assumed leadership of CP3 last month to fill a vacancy left by previous Director Bill Braniff, an Army veteran with more than two decades of national security experience who resigned in March when the administration began cutting his staff.
In his final weeks as director, Braniff had publicly defended the office’s achievements, noting the dispersal of nearly $90 million since 2020 to help communities combat extremist violence. According to the office’s 2024 report to Congress, in recent years CP3 grant money was used in more than 1,100 efforts to identify violent extremism at the community level and interrupt the radicalization process.
“CP3 is the inheritor of the primary and founding mission of DHS — to prevent terrorism,” Braniff wrote on LinkedIn when he announced his resignation.
In conversations with colleagues, CP3 staffers have expressed shock at how little Fugate knows about the basics of his role and likened meetings with him to “career counseling.” DHS did not address questions about his level of experience.
One grant recipient called Fugate’s appointment “an insult” to Braniff and a setback in the move toward evidence-based approaches to terrorism prevention, a field still reckoning with post-9/11 work that was unscientific and stigmatizing to Muslims.
“They really started to shift the conversation and shift the public thinking. It was starting to get to the root of the problem,” the grantee said. “Now that’s all gone.”
Critics of Fugate’s appointment stress that their anger isn’t directed at an aspiring politico enjoying a whirlwind entry to Washington. The problem, they say, is the administration’s seemingly cavalier treatment of an office that was funding work on urgent national security concerns.
“The big story here is the undermining of democratic institutions,” a former Homeland Security official said. “Who’s going to volunteer to be the next civil servant if they think their supervisor is an apparatchik?”
Season of Attacks
Spring brought a burst of extremist violence, a trend analysts fear could extend into the summer given inflamed political tensions and the disarray of federal agencies tasked with monitoring threats.
In April, an arson attack targeted Pennsylvania Gov. Josh Shapiro, a Democrat, who blamed the breach on “security failures.” Four days later, a mass shooter stormed onto the Florida State University campus, killing two and wounding six others. The alleged attacker had espoused white supremacist views and used Hitler as a profile picture for a gaming account.
Attacks continued in May with the apparent car bombing of a fertility clinic in California. The suspected assailant, the only fatality, left a screed detailing violent beliefs against life and procreation. A few days later, on May 21, a gunman allegedly radicalized by the war in Gaza killed two Israeli Embassy aides outside a Jewish museum in Washington.
June opened with a firebombing attack in Colorado that wounded 12, including a Holocaust survivor, at a gathering calling for the release of Israeli hostages. The suspect’s charges include a federal hate crime.
If attacks continue at that pace, warn current and former national security officials, cracks will begin to appear in the nation’s pared-down counterterrorism sector.
“If you cut the staff and there are major attacks that lead to a reconsideration, you can’t scale up staff once they’re fired,” said the U.S. counterterrorism official, who opposes the administration’s shift away from prevention.
Contradictory signals are coming out of Homeland Security about the future of CP3 work, especially the grant program. Staffers have told partners in the advocacy world that Fugate plans to roll out another funding cycle soon. The CP3 website still touts the program as the only federal grant “solely dedicated to helping local communities develop and strengthen their capabilities” against terrorism and targeted violence.
But Homeland Security’s budget proposal to Congress for the next fiscal year suggests a bleaker future. The department recommended eliminating the threat-prevention grant program, explaining that it “does not align with DHS priorities.”
The former Homeland Security official said the decision “means that the department founded to prevent terrorism in the United States no longer prioritizes preventing terrorism in the United States.”
Forget Mars colonies and self-driving cars. Elon Musk’s greatest challenge yet? Defeating Twitter’s relentless ‘pussy in bio’ spam army. And let’s just say, it’s not going well.
It has really been quite incredible to watch Elon rediscover some of the basics of trust & safety best practices (though while consistently messing it up) as ExTwitter just gets worse and worse. Before he had even taken over Twitter, he insisted he had two priorities: stopping spam and restoring free speech. Of course, some of us pointed out that those two things were in conflict.
Spam fighting is a core part of trust & safety, but Elon insisted that he knew better, fired basically everyone with any knowledge on the subject, and then repeatedly suggested that he had figured out how to solve it, only to see spam get worse and worse on ExTwitter, to the point that users are getting really frustrated.
Most recently, the spam has been in the form of posts with the following, or some variation on this: “░M░Y░P░U░S░S░Y░I░N░B░I░O░.” It’s been so unavoidable on ExTwitter that it’s become a meme.
John Herrman, over at New York Mag’s Intelligencer, has a ridiculously long investigation determining who is behind all that spam (basically a company doing the modern equivalent of an old phone sex line). But the reason the article caught my attention was that Herrman kicks off the article by highlighting Elon’s evolution on fighting spam. It’s kinda glorious:
If our twitter bid succeeds, we will defeat the spam bots or die trying,” wroteElon Musk in May 2022. “The bots are in for a surprise tomorrow,” he threatened shortly after the purchase closed. A new subscription service, he claimed, would “destroy the bots” with his new “anti-bot bots.” In 2023, the threat seemed to evolve. “We’re trying hard to stop bots & trolls on this platform,” he wrote in July. “Fighting bot and troll farms is hard,” he conceded. “The bot wars continue,” he posted in an August update. January of this year brought a shift in tone: “Bots are the devil (sigh).” In March, more signals of an extended, brutal campaign: “Stopping crypto/porn spam bots is not easy, but we’re working on it.”
Yeah, so, that was kinda the point of my old speed run post. One of the things that you often learn regarding trust & safety is that there are often good reasons why things are done, even if the end results are messy, and assuming you can magically do better with none of the experience or understanding of the tradeoffs means you’re going to make a ton of mistakes.
Now, it’s no surprise that Musk has failed to stop spam on the platform. Or even that it’s gotten significantly worse of a problem. Content moderation at scale remains impossible to do well.
But, you know, Musk might have done a better job if he hadn’t fired everyone at the company who actually understood how to fight spam and replaced them with his own highly misguided “intuition” on where the spam was coming from. Content moderation is a constant struggle, and spam is a part of that. If Musk could reflect for just one moment, it might be nice if he realized how stupidly over confident he was that he would be able to solve it. And also, how wrong he was to insist that the previous management wasn’t taking the issue seriously.
Rudy Giuliani may have built up a reputation for himself as “America’s Mayor” but the latest chapters in his life seem to be a mad dash to undo whatever shred of goodwill or credibility he might have left. Politics watchers will know that he’s been acting as the President’s lawyer, in which (as far as I can tell) his main job is to go on TV news programs and reveal stuff no lawyer should reveal. But, we shouldn’t forget Giuliani’s previous jobs. His earlier firm, Giuliani Partners, had a subsidiary called Giuliani Security that at least at one time claimed to do “cybersecurity.” Of course, when the press explored what that actually meant, it was fairly limited.
“If you hired them on a cyber engagement, they are going to tell you what your legal obligations are and how to manage the legal risk related to cyber,” a cybersecurity executive in New York who has experience with Giuliani Security and Safety and requested to remain anonymous told Motherboard. “Basically, not to prevent a Target [breach], but how to prevent a Target CEO being fired.”
Yesterday, Giuliani made clear just how incredibly ignorant he is of the basic functioning of the internet. As I type this these tweets are still up, but I’ll post a screenshot on the assumption that someday, someone with actual knowledge will get to Giuliani and convince him to take these tweets down:
There’s a lot going on here, so if you haven’t been following all of this, it may take a bit to unpack. The first tweet references Mueller’s recent filings against Paul Manafort, Trump’s former campaign boss, for lying (again) to the Special Counsel’s Office. Giuliani is making a weird unfounded claim that Mueller is specifically timing his indictments to times when the President is about to leave town for international gatherings. Considering the number of indictments that Mueller drops — most of which don’t happen when Trump is about to travel to meet foreign world leaders — this already feels like ridiculous conspiracy mongering.
Within that tweet, Giuliani appears to make a few typos — specifically forgetting to put a space after the period of a couple of sentences. The first time this happened, the sentence ended with “G-20.” The next sentence begins “In”. However, because (1) the lack of a period mushes these together as “G-20.In” and (2) because “.in” is the top level domain for India, Twitter interpreted that as a link to the website g-20.in. Some bright, enterprising person then registered such a website and posted an anti-Trump message to it, specifically this:
Whoever set up that site has since added a news update concerning Mueller’s recent sentencing recommendations for Trump’s former National Security Advisor Michael Flynn, who was among the first brought down by Mueller.
Lots of people were mocking supposed “cybersecurity expert” Giuliani for accidentally posting such a link and opening himself up to such a thing. But last night Giuliani decided to take the nonsense to extreme levels of nonsense, accusing “cardcarrying anti-Trumpers” at Twitter of allowing “someone to invade” his tweet to insert that link. His “evidence” for this was the fact that the second time in that same tweet where he made the same “no space after a period” typo — creating “Helsinki.Either” — it did not turn into a link. And… as basically anyone who has even the most rudimentary understanding of the internet (clearly not including cybersecurity expert Rudy Giuliani), the reason there is no link for that is because “.either” is not (yet) a top level domain, and thus Twitter’s systems don’t see it as a link and don’t automatically link it.
The rest of the internet has been having lots of fun with this, mocking Giuliani, and I’m amazed that the tweet has stayed up for as long as it has. Twitter was even forced to issue a statement denying any foul play:
A spokesperson told Fortune that the company?s ?service worked as designed.? The spokesperson added that whenever someone tweets a Web address, a clickable link is automatically created.
?Any suggestion that we artificially injected something into the user?s account is false,? the spokesperson said.
And while it may be fun to mock such utter incompetence put on display for the world, this really does highlight a serious problem. The lack of knowledgeable people about real online security issues in the government — especially when computer security issues are so vital to almost everything these days — is a real problem. We can laugh about “cybersecurity advisor” and “expert” Rudy Giuliani not understanding how top level domains and links work, but then we should be terrified to think that… who the hell is actually advising the administration on very serious issues regarding internet security, at a time when tons of entities, from lowly criminals to aggressive nationstates, are using the network to mount various attacks.
And, yes, there are actually a number of other people in the government who do truly understand this stuff. But over and over again it appears that the people appointed to the highest levels concerning these things have no clue. And that’s a big deal, because computer security issues aren’t something you just pick up with a crash course. They’re complex and challenging and require a pretty deep level of knowledge to actually understand both the threats and the possible remedies. And, when the administration’s top cybersecurity adviser freaks out because he doesn’t know what a top level domain is… that should worry us all.
Everyone in government is talking cyber-this and cyber-that, even though a majority of those talking don’t have the technical background to back up their assertions. This leads to dangerous lawmaking. The CFAA, easily one of the most abused computer-related laws, came into being thanks to some skittish legislators who’d seen one too many 80’s hacker films. (“WarGames,” to be specific.)
Faulty analogies have led to other erroneous legislative conclusions — like the comparison of email to snail mail — which has led to the government treating any unopened email as “abandoned” and accessible without a warrant.
But the problem goes further than the legislative branch. The executive branch hasn’t been much better in its grasp of technical issues, and the current slate of presidential candidates guarantees this won’t change for at least another four years.
The judicial branch has its own issues. On both sides of the bench, there’s very little technical knowledge. As more and more prosecutions become reliant on secretive, little-understood technical tools like cell tower spoofers, government-deployed malware, and electronic device searches, unaddressed problems will only multiply as tech deployment ramps up and infusions of fresh blood into the judicial system fail to keep pace.
Last year, the FBI nearly destroyed the life of an innocent physicist. In May 2015, agents arrested Xi Xiaoxing, the chairman of Temple University’s physics department, and charged that he was sneaking Chinese scientists details about a piece of restricted research equipment known as a “pocket heater.” An illustrious career seemed suddenly to implode. A few months later, though, the Justice Department dropped all the charges and made an embarrassing admission: It hadn’t actually understood Xi’s work. After defense experts examined his supposed “leaks,” they pointed out that what he’d shared with Chinese colleagues wasn’t a restricted engineering design but in fact a schematic for an altogether different type of device.
It’s not just prosecutors. Graff notes that there’s no “pipeline” of lawyers who can read and understand code heading to either side of prosecutions, which means defendants will be at the mercy of judges’ interpretations of evidence and arguments. That’s bad news as well.
As documents have surfaced thanks to the Snowden leaks and the government being more forthcoming with FISA court decisions, it’s become apparent that judges issuing orders haven’t been fully apprised of the technical details of the NSA’s domestic surveillance programs.
The fallout from Edward Snowden’s revelations exposed numerous instances in which agency lawyers miscommunicated to courts about what the government was doing. There are two possible explanations: Either they willfully exploited judges’ lack of technical knowledge, or the lawyers themselves couldn’t fathom the programs they were trying to explain.
Irritated FISC judges have come down hard on the agency periodically, pointing out serious misrepresentations by the NSA’s lawyers. Unfortunately, these discoveries have always come well after the fact. In the periods between judicial benchslaps, the agency has acted with autonomy. Forgiveness is better than permission, especially when the person approving surveillance requests either doesn’t have all the information they need or is unable to interpret the information they’ve been provided.
The lack of expertise — and the lack of new talent flowing in — means this sort of thing will continue to happen far too often. Judges will be duped. Defendants will end up jailed because of the ignorance surrounding them. Bad analogies will shore up inadequate explanations. And, if you’re the sort who believes “accused” means “guilty,” the shortage of knowledgeable prosecutors will result in jaw-dropping “technicalities” returning suspected criminals to the streets.
In one recent prosecution of a security researcher accused of illegal hacking, an assistant U.S. attorney summarized the case to the court by saying, “He had to download the entire iOS system on his computer, he had to decrypt it, he had to do all of these things I don’t even understand.” The government ultimately lost the case.
So, what can be done to fix it? Not much. Only a few law schools offer classes in cybersecurity, coding, or other tech fields. Those that do have long waiting lists. The upside is that a technically-proficient law school grad should find plenty of opportunities awaiting them. The downside is that there’s not nearly as much money in the public sector as there is in the private. This may mean criminal defense will see a boost in knowledge, but that will only help those who can afford to hire top-tier lawyers.
The government, meanwhile, will likely continue to stumble over its own ignorance. Fortunately for government prosecutors, most judges are willing to cut government prosecutors a lot of slack, something only exacerbated by lawmakers pushing legislation targeting things they don’t even understand.
Three years ago, BestNetTech wrote about the Canadian government muzzling scientists and librarians, in a clear effort to prevent them from pointing out that some of Canada’s policies were scientifically stupid. That was a blatant attempt to censor those who had not just inconvenient opinions but also awkward facts that would have made life difficult for the Canadian government. The UK wants to do something similar, by forbidding scientists and academics from using their expertise to push for changes in policy — even in private. As The Guardian reported:
The proposal — announced by the Cabinet Office earlier this month — would block researchers who receive government grants from using their results to lobby for changes to laws or regulations.
For example, an academic whose government-funded research showed that new regulations were proving particularly harmful to the homeless would not be able to call for policy change.
Similarly, ecologists who found out that new planning laws were harming wildlife would not be able to raise the issue in public, while climate scientists whose findings undermined government energy policy could have work suppressed.
A new clause to be inserted into all new and renewed grant agreements will make sure that taxpayer funds are spent on improving people?s lives and good causes, rather than lobbying for new regulation or using taxpayers? money to lobby for more government funding.
That might sound reasonable, especially the last part about not being able to lobby for more funding. It is aimed mainly at organizations that receive government grants, but many academics believe that it is so loosely worded that it will also apply to them, and will prevent them from pushing for new regulations in any circumstances. Even if that is not the UK government’s intention, the mere existence of the policy is bound to have a chilling effect on the academics, since few will want to run the risk of having their grants taken away by inadvertently breaking the new rules.
The “anti-lobbying” clause to be inserted into new grant agreements will create a barrier to evidence-based policymaking and will have unintended effects on the work of [Parliament’s advisory] select committees.
Specifically, the politicians on the House of Commons Science and Technology Committee wrote:
We are concerned that the Cabinet Office’s announcement has created ambiguity, and that researchers will become reluctant to present to us the policy recommendations that arise from their work. Academics may also become unwilling to take on advisory positions in Government or Parliament, and may even feel uncomfortable speaking at conferences where policymakers are present, for fear of falling foul of this clause.
I don’t just want this ban overturned: I want to see more academics talking to policymakers, and I want the public to know what we do, so that they can decide if it’s good or bad.
Indeed, he suggests that rather than forbidding academics from lobbying for new regulations, they should be encouraged and even trained to do so:
If you’re an academic who lobbies, then don’t be shy, and don’t be scared: you should share your experiences, and your techniques. If you want to waste even more time on activities with no credit and no hope of funding, then perhaps we could set up a course, or a forum, to pool knowledge on better ways to interact with [the UK government]. And lastly, if you?re a politician, and you really want to ban this activity, then shame on you. You’re a failure, an obstacle to good progress, and an outlier. But there’s one final piece of happier news. You won’t last long.
The FBI’s cyber-initiatives may be doomed to fail. While it seems to have little problem acquiring and deploying new technology and techniques, it’s finding it very hard to talk people into running all of it, as Alexander Martin at The Register points out.
The Federal Bureau of Investigation is struggling to hire computer scientists, according to a Department of Justice audit of the feeb’s attempts to implement its Next Generation Cyber Initiative.
A 34-page audit report (PDF) from the DoJ notes that, while making considerable progress, the FBI has “encountered challenges in attracting external participants to its established Cyber Task Forces”.
The Inspector General’s report provides additional details on how far behind the agency is falling on its hiring goals. Even the hiring process itself is holding the FBI back.
While the process may start with a recruitment event attended by 5,000 interested candidates, the inability of candidates to meet the FBI’s specific eligibility criteria reduces that number to approximately 2,000 eligible candidates. Subsequently he told us that only about 2 candidates out of such a group are actually hired by the FBI. Another FBI official told us that the FBI loses a significant number of people who may be interested because of the FBI’s extensive background check process and other requirements, such as all employees must be United States citizens and must not have used marijuana in the past 3 years, and cannot have used any other illegal drug in the past 10 years. Another factor may be that private sector entities are able to offer technically trained, cyber professionals higher salaries than the FBI can offer.
The whitehat hackers the FBI would like to hire are looking for more pay and a less-intrusive hiring process. The FBI’s hiring process and wage scale are unlikely to be responsive (though the latter is far more flexible than the former) to these demands. As long as coders can get better pay from employers that don’t subject them to this level of pre-hire intrusion, the FBI will always find its staffing trailing its capabilities.
While the Five Eyes partners mentioned in the report have expressed their support of the FBI’s cyber-focused joint task force, it’s clear the public has not. But that part of the equation isn’t mentioned in the OIG report. It may have been discussed off the record, but there’s no acknowledgment that the post-Snowden climate — combined with the exposure of FBI misconduct ranging from national security letter abuse to its series of entrapment-esque terrorism busts — have made the FBI a less-than-desirable employer. Its reputation isn’t entirely toxic, but it has managed to alienate a large portion of the tech crowd it wishes to hire. Director James Comey’s continued assault on encryption isn’t helping anything.
It’s doubtful the deployment of a G.I.-bill-but-for-coders will fix this, but that’s what the agency is looking to do.
One FBI official explained that the FBI is offering several incentives to recruit individuals including school loan repayment, reimbursement for continuing education, and hiring at higher salary levels on the general pay scale. He also added that the FBI is providing training opportunities for existing personnel including certifications and enrollment in the Carnegie Mellon University Master’s program in Information Technology as retention tools. In addition, in December 2014, the FBI announced to its employees a similar program at the New York University Polytechnic School of Engineering.
The good news is that once someone’s hired by the FBI, they tend to stay, despite more lucrative opportunities elsewhere. But that’s of little use when the problem is acquisition, rather than retention.
As of January 2015, however, 52 of the 134 Computer Scientist positions remained vacant and 5 of 56 field offices did not have at least 1 computer scientist, as planned.
Working for the FBI isn’t like working for another tech company. The job also has a social cost that won’t be addressed by student loan assistance and training opportunities. To work for the FBI, especially for someone who identifies as a “hacker,” is to say goodbye to a large number of your colleagues. While the private sector doesn’t lack for non-disclosure agreements, the FBI’s disapproval of “shop talk” with friends and family carries hefty federal weight behind it. Normal small talk starts to resemble a series of probative queries. This may only exist in the minds of those interacting with friends and colleagues who have taken jobs at the FBI, but it’s enough to make things uncomfortable.
The FBI may believe its problems are mostly of the pay scale variety, but there’s more to it than purely fiscal concerns. The agency may do good work, but it has engaged in questionable investigations and activities almost since its formation. Leaks and FOIA documents have done further damage to its reputation in recent years. The FBI, despite its technical prowess — appears to be anti-tech, at least in terms of fighting against any advances that impede its surveillance techniques. The agency, for the lack of a better word, is untrustworthy. The FBI appeals to candidates’ idealism during the recruitment process, but over the years, it has repeatedly acted without integrity. Because of that, it will always have a problem finding whitehats willing to work for an entity that often seems to be in the “blackhat” camp.
Elite schools aren’t getting any cheaper, and college tuition seems to be rising faster than a lot of other goods (though the net price may not be). So what are aspiring university students to do? Here are just a few interesting links on the future of education.
