Project SpyLighter: Shining a light on spies
Project SpyLighter launched unofficially with the September 16, 2013 responsive documents on a FOIA of Vupen's contract with the NSA.
It has since coalesced around the core ideas of surveying technology
in use by the NSA and other agencies, confirming the identities of
corporations contracting with these agencies, and revealing how much
money they actually spend on private contracts. We intend to FOIA the
NSA and other agencies for their contracts with any companies which either manufacture and sell spy
technology to U.S. intelligence agencies, or companies which are forced
to install and use this technology on behalf of the spy agencies.
All of the documents posted are legally obtained through the FOIA process.
Who's behind this project?
Heather Akers-Healy is an activist and researcher based in California. She has a background in legal research and anthropology and is learning how to code. Her interests include civil rights, freedom of information, privacy, and examining how technology influences culture.
Jason Gulledge is a systems architect, programmer and researcher living in Paris, France.
He is focused on fighting censorship, defending press freedoms, and fighting for personal privacy.
Runa Sandvik is privacy and security researcher and sometimes Forbes
Scott Ainslie is an undergraduate. He is a Fellow of Free Software
Foundation Europe and harbours a specific interest in privacy-enhancing
technologies and use of strong cryptography as a mechanism for social
Our findings so far:
- The NSA contracted with Packet Forensics in 2012 for $500,000 and 2010 for $17,500. We will be appealing the NSA's redaction of what they purchased.
- The NSA contracted with French company Vupen for a year's subscription to their binary analysis and exploits service
- The NSA is not (yet) using the Netronome SSL interceptor, a piece of equipment highlighted in the WikiLeak's SpyFiles. Netronome was recently acquired by Blue Coat, a company for which we are currently waiting on FOIA results.
How you can help:
If you haven't already, please create an account. Anyone can participate in this project by filing a FOIA for spy tech or contracts through MuckRock's website and tagging it with "SpyLighter."Please check the link
below for existing FOIA requests before filing one on a specific company to make sure it hasn't already been requested. Please also do a search for the company name in the search box to the right as some requests may not be tagged properly and we need to avoid duplicate requests.
Tips on filing:
Make sure to include the full company name and address when seeking
company contracts, otherwise your request may be rejected as not
having enough information to complete the search. The FOIA office has
in the past processed some of our requests as “key word” searches when
we had clearly requested a search with the company name. Include as
much specific information about what you seek as possible.
- The language below was successful in obtaining the Vupen contract.
This can be a model for your request but please add the address of the
"Copies of contracts with VUPEN Security and any final reports
generated and delivered by VUPEN to the agency over the past 10 years.
If retrieving the contracts themselves is too burdensome please
provide a list of contracts."
- Publicize your requests and responses! Tweet them out, tweet at us
for retweets, blog them, write about them!
- Ask for help if you get a denial or redaction. You can also search at
Muckrock for how others have handled similar problems or submit a
question here: https://www.muckrock.com/questions/
- Get inspired! The following resources might spike your curiosity:
Telecomix Blue Cabinet
- Larger companies (like Raytheon, for example) will have a huge volume
of contracts with the NSA. We think asking for a list of invoices and
their associated contract numbers may be a good idea. If successful it
will allow you to review and select contracts that look interesting for
the purposes of doing a separate FOIA request.
- As far as we're able to tell, NSA contract numbers all start with one
of the following prefixes: MDA904, H98230-yy (where "yy" is the two
digit year, for example H98230-13-C) Prior to filing your request you
may want to search publicly available information for related contracts.
- From what we can tell, academic grants (usually focused around advanced mathematics/statistics) follow the format with a prefix of: H98230-yy-1
- The NSA apparently has a limited search capability that prevents them from doing keyword searches. Heather attempted to obtain contracts on FinFisher software and received a response stating that by DoD regulation FOIA requests for contracts must contain a company name, contract number, or date. She is appealing, but this keyword limitation is something to keep in mind when formulating your request.
- Again, please avoid submitting a request that has already been sent through the MuckRock website!
Click here for all requests associated with this project (tagged with "SpyLighter")