Over the last 4 articles, I've developed a slow-burn look into the world of the private spy. The idea that in less than 4 years the industry wants to hire 3 million unlicensed, unbonded, and untrained experts to work both government and corporate Intel and spy gigs should scare the hell out of you.
Can you give me a reason why the US which already collects and analyzes every piece of data on the internet needs so many more of what amounts to interns working with state sized software packages?
That's 82 US citizens per new hire private sector OSINT agent. They have to literally spend 4 days on each person they investigate (82 per year including babies) just to get a full year's worth of work because of the existing DNI, FBI, CIA, DIA, DOD OSINT agents have the rest of the world covered.
How serious is the information I'm providing? The EU Computer Emergency Response Team (CERT-EU) sent the articles to the EU institutions, agencies and bodies as well as outside governments and agencies. This means the EU has real concerns about the practice, laws, and policies allowing the practice because of the inherent damage so-called bit-players in private Intel and Information Operations (IO) can do at home and abroad not to mention diplomatically.
After you grasp the magnitude of the problem and begin unwinding the moving parts it can become manageable again through lawfare. Legal and societal protections you take for granted no matter where you live went out the window as soon as these practices became the norm.
Even from street level, people can make large sweeping changes to the world. Before you poo-poo, the idea, look at the CERT-EU screenshot again. I believe this can be done because I have already done it.
Towards the bottom of the article, we'll get into the international policy for cyberwar and non-war situations. The same people that I've been writing about for the last 5 years exposing how they go after groups with protected status also wrote the policy for the US Government, all the agencies. While they didn't write international policy directly, people they trained or work with closely did.
Four years ago, I exposed a flaw that exposes them to justice in the Tallinn Manual and threatened to pursue it. I did this because to win, I needed that gap closed. Tallinn is about applying the laws of war to cyber. It is something that otherwise would get no mention at all because it's not considered a gap in any other context.
They closed that specific gap verbosely and gave me the opportunity to show how sordid this mess is. This also paves the way to provide a real resolution from private spies attacking civilians, social groups, political groups, journalists and other protected parties. Myrotvorets and Propornot should take note as should the other better and lesser-known companies and personalities.
No one has the right to use what they, themselves, rightfully label as Al Qaeda tactics on civilian populations, social activists, journalists, and other protected groups without assuming the legal definition of a terrorist, i.e. cyber terrorist.
Should lawfare (legal activism) fail to provide a remedy, the penalties for cyber assault (terrorism) and the right to a vigorous defense against perpetrators is what can make the laws change-FAST. Terrorism is terrorism is terrorism.
Once that fact is established anyone supporting them or hiring them in any way shape or form is guilty of material or direct support of terrorist activities against their own nation. Congressman, what say ye?
Law and policy makers fell in love with this power they never had before because it gives them the ability to shape policy they have no right to change for the sake of constituent and lobbyist cash and gift donations. They create loopholes in the cyber laws they write with the help of the companies and practitioners engaged in criminal behavior (under every other circumstance). Today, they hire the same criminals to help them with elections. Oppo-research, reputation management, Information Operations, and even projecting their (congressman's private) own foreign policy agenda into the international arena.
Imagine Congress asking a cybercriminal what kind of regulation or oversight their industry needed? What if Congress then asked the same societal deviants to write the laws that define the limit to what is legal they would agree to. Real criminals decided what the laws protecting their victims should be. They decided what the penalties should be if they got caught.
The tradeoff is this same Congress that was never allowed access to Top Secret information unless they have security clearance on their committee can get the actionable Intel before it's marked "secret" if it's gathered through OSINT by a private contractor working for US Intel agencies. That loophole makes it ok for anybody to move information before it's been vetted and resell it.