The most important story of the year

“Project Vigilant and the government/corporate destruction of privacy“, Glenn Greenwald, Salon, 2 August 2010. Especially the conclusion. {Update: on reflection, the headline is exaggerated. Still, it’s a big story)

This is how freedom goes away. Quietly. Step by step. The theft cloaked by lies and promises of protection from vague dangers. But whatever the end, we cannot claim that we did not know.

Especially pitiful is that we surrender our liberty in exchange from so small a threat. An elephant afraid of a mouse. Although the missile and bomber gaps were just info ops by our military against us, at least the USSR constituted a serious threat. What’s our excuse?

“They who would give up essential liberty to purchase a little temporary safety deserve neither liberty or safety.”
— From the title page of An Historical review of the Constitution and Government of Pennsylvania (1759); written by Richard Jackson and published by Benjamin Franklin

Update: About Project Vigilant. Does it exist?

“Secret group aids fight against terror“, Mark Albertson, San Francisco Examiner, 21 June 2010
“Big names help run Project Vigilant“, Mark Albertson, San Francisco Examiner, 22 June 2010
“‘A-Team’ of cyber sleuths ‘reveal mole in Wikileaks Afghan revelations‘”, Telegraph, 2 August 2010
“Secretive group seeks recruits at Defcon, finds skepticism“, IDG News Service, 2 August 2010
Project Vigilant Is a Publicity Stunt, Richard Bejtlich (bio), TaoSecurity, 3 August 2010
“Project Vigilant Is a Fraud“, CRYPTOME, 3 August 2010
“What Is Project Vigilant and Is It Violating the Law?“, Orin Kerr, 3 August 2010
Their website — with no useful information for non-members
A precedent for private secret spying: “Before the CIA, there was the Pond“, AP, 29 July 2010

The Telegraph says it’s real, based on what experts tell them.

Despite its unofficial status, experts say Vigilant is no amateur crime-fighting outfit. Its members reportedly include the ex-security chief for the New York Stock Exchange and former technology officials at the National Security Agency and the FBI.

The most detailed profile is Albertson’s, dated 22 June.

As referenced in this column yesterday, Project Vigilant has been operating in near total secrecy for over a decade, monitoring potential domestic terrorist activity and tracking various criminal activities on the Web. In a series of exclusive interviews with some of the group’s leaders, it’s clear that the people doing this work are among the most sophisticated and experienced experts in today’s rapidly moving world of Internet security.

Many of them are very recognizable names in technology circles, yet their public profiles, posted for all to see on sites such as LinkedIn, Facebook and even their own webpages, omit any reference to Project Vigilant. As one source explained, “These are known names in the industry, but they have stayed under the radar to help their law enforcement clients.”

Take Mark Rasch, Project Vigilant’s General Counsel. Rasch has been a guest on numerous TV programs, including the PBS program “Charlie Rose,” and is frequently quoted in the press on a variety of Internet crime matters. For over 9 years, Rasch led the Department of Justice computer crime unit. He’s been associated with Project Vigilant for approximately 18 months.
“It’s an exciting concept,” said Rasch. “We are using our unique talents to collect information about threats and vulnerabilities, but we will not do things that violate the law.”

Chet Uber, the group’s current director, is a founding member of InfraGard (a partnership between the FBI and the private sector) and a longtime participant in AFCEA (Armed Forces Communications and Electronics Association). He is considered by many to be one of the country’s leading experts in “attack attribution,” the complex ways in which computer code and the people behind it who create malicious attacks on the Internet can be tracked and identified. He’s frustrated by what he sees as a lack of security awareness on the part of computer users as the Internet has grown. “We wish people would quit leaking private matters because it’s making the country vulnerable,” said Uber.

One of Uber’s top lieutenants is Kevin Manson, who serves as Project Vigilant’s liaison with state and federal law enforcement groups. Manson recently retired after many years as the Senior Instructor at the Federal Law Enforcement Training Center, under the Department of Homeland Security. He also is a co-founder of Cybercop, a web portal used for the confidential exchange of information between groups such as Project Vigilant and authorities within the U.S. government. Manson likens Project Vigilant to the Civil Air Patrol, a civilian offshoot of the U.S. Air Force that got its start during World War II in an effort to keep the country safe. “This is a bit of a unique organization,” said Manson. “It’s built on a web of trust.”

George Johnson is the second in command for Project Vigilant. Johnson was handpicked by DARPA (the Defense Advanced Research Projects Agency – part of the U.S. Department of Defense) to develop secure tools for the exchange of sensitive information between federal agencies.

Another recent addition to the group is Ira Winkler. He is one of the world’s experts on Internet security and informational warfare. Winkler is president of the Internet Security Advisors Group and is a former employee of NSA (National Security Agency).

The limited list of members provided to this columnist reveals the depth of experience the group has been able to recruit to its ranks. It includes a former top cybersecurity official from the FBI and two previous high ranking managers from NSA. Suzanne Gorman, one of Project Vigilant’s top leaders, is a former security chief for the New York Stock Exchange and is widely viewed as one of the foremost experts on Web threats in the financial services world. Asked about her current involvement in the group, Gorman was clear in her support. “I admire every single thing that this organization has done,” she said.