Wednesday, June 28, 2023

THE WEAPONIZATION OF CISA: HOW A “CYBERSECURITY” AGENCY COLLUDED WITH BIG TECH AND “DISINFORMATION” PARTNERS TO CENSOR AMERICANS

 text after break

Interim Staff Report of the 

Committee on the Judiciary and the Select Subcommittee on the Weaponization of the Federal Government

U.S. House of Representatives


June 26, 2023


EXECUTIVE SUMMARY


“One could argue we’re in the business of critical infrastructure, and the most critical infrastructure is our cognitive infrastructure, so building that resilience to misinformation and disinformation, I think, is incredibly important.”
– CISA Director Jen Easterly, November 10, 2021.1


        The First Amendment recognizes that no person or entity has a monopoly on the truth, and that the “truth” of today can quickly become the “misinformation” of tomorrow. Labeling speech “misinformation” or “disinformation” does not strip it of its First Amendment protection.
As such, under the Constitution, the federal government is strictly prohibited from censoring Americans’ political speech. The government also may not use third parties to bypass the First Amendment and conduct censorship by proxy


        The Committee on the Judiciary and the Select Subcommittee on the Weaponization of the Federal Government have been conducting an investigation into government-induced censorship on social media. Although the investigation is ongoing, information obtained to date has revealed that the Cybersecurity and Infrastructure Security Agency (CISA)—an upstart agency within the Department of Homeland Security (DHS)—has facilitated the censorship of Americans directly and through third-party intermediaries.


        Founded in 2018, CISA was originally intended to be an ancillary agency designed to protect “critical infrastructure” and guard against cybersecurity threats.3 In the years since its creation, however, CISA metastasized into the nerve center of the federal government’s domestic surveillance and censorship operations on social media.4 By 2020, CISA routinely reported social media posts that allegedly spread “disinformation” to social media platforms.5 By 2021, CISA had a formal “Mis-, Dis-, and Malinformation” (MDM) team.6 In 2022 and 2023, in response to growing public and private criticism of CISA’s unconstitutional behavior, CISA attempted to camouflage its activities, duplicitously claiming it serves a purely “informational” role.7


This interim staff report details, among other things, that:

  • • CISA is “working with federal partners to mature a whole-of-government approach” to curbing alleged misinformation and disinformation.8
  • • CISA considered the creation of an anti-misinformation “rapid response team” capable of physically deploying across the United States.9
  • • CISA moved its censorship operation to a CISA-funded non-profit after CISA and the Biden Administration were sued in federal court, implicitly admitting that its censorship activities are unconstitutional.10
  • • CISA wanted to use the same CISA-funded non-profit as its mouthpiece to “avoid the appearance of government propaganda.”11
  • • Members of CISA’s advisory committee agonized that it was “only a matter of time before someone realizes we exist and starts asking about our work.”12


The Committee and the Select Subcommittee are responsible for investigating “violation[s] of the civil liberties of citizens of the United States.”13 In accordance with this mandate, this interim staff report on CISA’s violations of the First Amendment and other unconstitutional activities fulfills the obligation to identify and report on the weaponization of the federal government against American citizens. The work, however, is not done. CISA still has not adequately complied with a subpoena for relevant documents, and much more fact-finding is necessary. In order to better inform the Committee’s legislative efforts, the Committee and Select Subcommittee will continue to investigate CISA’s and other Executive Branch agencies’ entanglement with social media platforms.


TABLE OF CONTENTS


Executive Summary .......................................................................................................................1 Table of Contents ...........................................................................................................................3 Background ....................................................................................................................................4
CISA’s Mission Creep into Surveillance, Censorship, and Cover-ups .....................................9
I. CISA has transformed into a domestic intelligence and speech-police agency, far exceeding its statutory authority ..........................................................................................9
A. Switchboarding: CISA’s coordination with Big Tech to censor Americans ...............12
B. CISA’s MDM consultants rejected constitutional “limitations” on the surveillance and censorship of domestic speech ..............................................................................12
C. CISA considered creating an anti-MDM “rapid response team” to physically deploy across the United States. ..............................................................................................14
D. MDM “experts” wanted CISA to crack down on factual information ........................15
E. CISA is only one part of a “whole-of-government approach” to MDM ....................16
F. State election officials warned CISA to “remain within [its] operational and mission limits,” lest it should earn the public’s “distrust.” .......................................................17
G. DHS was eager to cement CISA as a domestic intelligence agency ...........................18
H. Social media companies mocked CISA’s MDM team and DHS’s Disinformation Governance Board .......................................................................................................19
I. CSAC members were concerned about the MDM Subcommittee ..............................20
II. CISA colludes with third parties to circumvent the First Amendment and conduct censorship by proxy ...........................................................................................................21
A. CISA’s external censorship arm: the EI-ISAC ............................................................22
B. State and local election officials used the EI-ISAC in an effort to silence critics and political opponents .......................................................................................................23
C. CISA admitted to outsourcing its surveillance operation to third parties ....................26
III. CISA has attempted to conceal its unconstitutional activities and remove evidence of wrongdoing ........................................................................................................................28
A. Fearing public pressure and legal risks, CISA outsourced its censorship operation to the EI-ISAC .................................................................................................................28
B. The MDM Subcommittee tried to disguise its recommendations by removing references to surveillance and censorship ....................................................................29
C. CISA’s MDM advisors fretted that it was “only a matter of time before someone realizes we exist and starts asking about our work.” ...................................................30
D. CISA purged its website of references to domestic MDM and its First Amendment violations in response to public pressure .....................................................................32
E. The Biden Justice Department interfered with records requests in order to shield CISA from public scrutiny of its unconstitutional practices ........................................34
Conclusion ....................................................................................................................................36


BACKGROUND


        The Committee on the Judiciary and the Select Subcommittee on the Weaponization of the Federal Government have been conducting oversight of the federal government’s work with non-government entities to censor speech online. The Select Subcommittee has also convened two hearings on the subject of social media censorship14 and published an interim staff report exposing the Federal Trade Commission’s (FTC) politically motivated harassment campaign against Elon Musk’s Twitter.15


        The First Amendment to the United States Constitution rests on the principle that no person or institution, including the government, has a monopoly on the truth, and that viewpoint-based suppression of speech by the government is dangerous and may even spell the death of a constitutional republic.16 Under the First Amendment, the “government has no power to restrict expression because of its message, its ideas, its subject matter, or its content.”17 As the Supreme Court has explained: “If there is any fixed star in our constitutional constellation, it is that no official, high or petty, can prescribe what shall be orthodox in politics, nationalism, religion, or other matters of opinion.”18


        Labeling speech “misinformation” does not strip it of First Amendment protection. That is so even if the speech is untrue, as “[s]ome false statements are inevitable if there is to be an open and vigorous expression of views in public and private conversation.”19 In refusing to carve out a First Amendment exception for “false” speech, the Framers of our Constitution recognized the significant danger in making the government the ultimate arbiter of truth.20 The First Amendment also protects the right to receive information, “an inherent corollary of the rights to free speech and press that are explicitly guaranteed by the Constitution” because “the right to receive ideas follows ineluctably from the sender’s First Amendment right to send them.”21


        It is “axiomatic,” in the words of the Supreme Court, that the government may not “induce, encourage, or promote private persons to accomplish what it is constitutionally forbidden to accomplish.”22 Moreover, the First Amendment prohibits the government from “abridging the freedom of speech”23—not “negating” or “abrogating,” but merely “abridging.” Thus, any law or administrative policy that impedes the ability of users to speak freely on privately owned social media platforms violates the First Amendment.24


        This interim report focuses primarily on the censorship efforts of the Cybersecurity and Infrastructure Security Agency (CISA), a component of the Department of Homeland Security (DHS), and its role in what one journalist and commentator has called the “censorship industrial complex.”25


The Cybersecurity and Infrastructure Security Agency


 

 

        Congress established CISA in 2018, redesignating the National Protection and Programs Directorate (NPPD) within DHS as CISA.26 CISA’s statutory mission included “lead[ing] cybersecurity and critical infrastructure security programs, operations, and associated policy,” and “carry[ing] out the requirements of the Chemical Facility Anti-Terrorism Standards Program.”27 In April 2019, Daniel Sutherland, CISA’s Chief Counsel, claimed: “We are a non-regulatory, non-law enforcement, non-intelligence community” agency.28


        As defined in 2003 by Homeland Security Presidential Directive 7, the term “critical infrastructure” was formerly used to describe “information technology; telecommunications; chemical; transportation systems, including mass transit, aviation, maritime, ground/surface, and rail and pipeline systems; emergency services; and postal and shipping.”29 It was not until 2017, shortly after the 2016 election, that President Obama’s DHS Secretary Jeh Johnson designated “election infrastructure” as a “critical infrastructure subsector.”30


        Ostensibly created to protect the electrical grid and other “critical infrastructure” sectors from cybersecurity threats,31 CISA, a little-known agency buried in the depths of DHS, soon expanded its mission to combat “foreign disinformation.”32 Not long thereafter, under the pretext of protecting “election infrastructure,” CISA began surveilling and censoring American citizens online, directly and by proxy.

CISA’s Cybersecurity Advisory Committee (CSAC)


 

        DHS created the CISA Cybersecurity Advisory Committee (CSAC) in June 2021 “to advance CISA’s cybersecurity mission and strengthen the cybersecurity of the United States.”33 CSAC in turn established a “Protecting Critical Infrastructure from Misinformation & Disinformation” Subcommittee,34 commonly known as the “MDM Subcommittee.”35


        The MDM Subcommittee, which has since disbanded,36 brought together government, Big Tech, and academic misinformation “experts,” including:

  • • Dr. Kate Starbird, Associate Professor and Co-Founder of the University of Washington’s Center for an Informed Public (CIP).37 CIP was a member of both the Election Integrity Partnership (EIP)38 and the Virality Project (VP).39 Starbird served as the Chair of the MDM Subcommittee.40
  • • Vijaya Gadde, the former Chief Legal Officer of Twitter, who was “involved in censoring [the New York] Post’s Hunter Biden laptop” story.41 Gadde was also “behind the decision to permanently ban former President Trump from Twitter.”42 Shortly after Elon Musk completed his purchase of Twitter, Gadde was fired from the company in October 2022.43
  • • Suzanne Spaulding, a former assistant general counsel and legal adviser for the Central Intelligence Agency (CIA), who also served as the Under Secretary for the NPPD,



CISA’s predecessor within DHS.44 Spaulding is now the “director of the Defending Democratic Institutions project at the Center for Strategic International Studies (CSIS).”45


        MDM Subcommittee meetings also featured government participants, including Geoff Hale, who leads CISA’s “Election Security Initiative,”46 and Kim Wyman, the former Washington Secretary of State, who now serves as CISA’s Senior Election Security Advisor.47


        During its existence, the MDM Subcommittee issued two sets of formal recommendations: one set in June 2022,48 and another in September 2022.49 The Subcommittee’s June 2022 recommendations included, among other things, recommendations that “CISA should approach the [misinformation and disinformation] problem with the entire information ecosystem in view. This includes social media platforms of all sizes, mainstream media, cable news, hyper partisan media, talk radio, and other online resources.”50


The Center for Internet Security (CIS)

        The Center for Internet Security (CIS) is a nonprofit organization that operates the Multi-State Information Sharing and Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).51 According to a postmortem report covering social media activity related to the 2020 election cycle, “the EI-ISAC served as a singular conduit for election officials to report false or misleading information to platforms.”52 Put plainly, election officials around the country sent CIS purportedly false or misleading content, which CIS forwarded to the relevant social media platforms.53


        CISA funds CIS, including spending $27 million in FY 2024 on operating the EI-ISAC and the MS-ISAC.54 As illustrated by the diagram below from CIS’s website, the “EI-ISAC is federally funded by CISA and a division of the Center for Internet Security.”55


 



CISA’S MISSION CREEP INTO SURVEILLANCE, CENSORSHIP, AND COVER-UPS


        The Committee and Select Subcommittee have obtained previously undisclosed, non-public documents that reveal CISA expanded its mission to surveil Americans’ speech on social media, colluded with Big Tech and government-funded third parties to censor by proxy, and tried to hide its plainly unconstitutional activities from the public.


        Surveillance. CISA expanded its mission from “cybersecurity” to monitor foreign “disinformation” to eventually monitor all “disinformation,” including Americans’ speech. In one e-mail exchange obtained by the Committee and Select Subcommittee, the agency’s rapid mission creep surprised even a non-profit focused on foreign “disinformation.”


        Censorship. CISA exploited its connections with Big Tech and government-funded non-profits to censor by proxy, in order to circumvent the First Amendment’s prohibition against government-induced censorship. This included the creation of reporting “portals” which funneled “misinformation” reports from the government directly to social media platforms. Newly uncovered meeting minutes show that CISA was advised by a group Big Tech executives and academics who encouraged CISA’s unconstitutional behavior.


        Cover-ups. As CISA’s operational scope expanded further into unconstitutional territory, the agency and its advisors tried to cover their tracks and cover up CISA’s censorship of domestic speech and surveillance of American citizens’ social media activity. This included scrubbing CISA’s website of references to domestic “misinformation” and “disinformation.”


            I.     CISA has transformed into a domestic intelligence and speech-police agency, far exceeding its statutory authority


        CISA’s focus on “cybersecurity” quickly expanded into social media surveillance of real and perceived foreign actors. Shortly after CISA became its own agency, then-DHS Secretary Kristjen Nielsen created the “Countering Foreign Influence Task Force” (CFITF) within CISA “to focus on election infrastructure disinformation.”56 Following the unfounded claims by Democrats that foreign—particularly Russian—influence changed the outcome of the 2016 election,57 CISA expanded its “cybersecurity” role to include countering foreign malign influence operations. In its public materials, CISA emphasized at the time that it was primarily concerned with addressing foreign, rather than domestic, disinformation.58 Starting in January 2019, Brian Scully served first as the head of the CFITF and later as the head of the MDM team at CISA.59


        In January 2021, after President Biden took office, “CISA transitioned its [CFITF] to promote more flexibility to focus on general MDM,” or so-called “Mis-, Dis-, and Malinformation.”60 In so doing, CISA admitted that its focus was no longer exclusively on “countering foreign influence,” but was also targeting MDM originating from domestic sources. For example, according to a 2022 CISA pamphlet titled “Planning and Incident Response Guide for Election Officials,” “MDM also may originate from domestic sources aiming to sow divisions and reduce national cohesion.”61


        Although CISA’s efforts to police speech are highly troubling overall, one particularly problematic aspect is CISA’s focus on “malinformation.” According to CISA’s own definition, “[m]alinformation is based on fact, but used out of context to mislead, harm, or manipulate.”62 In other words, malinformation is factual information that is objectionable not because it is false or untruthful, but because it is provided without adequate “context”—context as determined by the government.


        In addition, what constitutes “misinformation” or “disinformation” is determined by government actors, whose evaluations of truth and falsity are necessarily subjective, and “inherently political,” as explained in the comments of a Google Doc by Starbird below.63


 

        CISA’s involvement in policing alleged mis- and disinformation, as well as malinformation—truthful information without “sufficient” context—is a direct and serious threat to First Amendment principles.


        Although the CFITF did not formally shed “foreign” from its name until January 2021, CISA’s efforts to curb domestic MDM had been ongoing for months, ramping up in advance of the 2020 election. An e-mail exchange on November 4, 2020 demonstrates that even non-profits focused on “disinformation,” such as the German Marshall Fund’s Alliance for Securing Democracy (ASD), were caught off guard by CISA’s expansion into the surveillance of domestic speech. In the exchange, an ASD employee emailed Robert Schaul, the Analysis and Resilience Policy Lead at CISA,64 writing: “Obviously, what we’re seeing domestically, particularly around mail-in fraud, is very concerning, but I know that’s outside your purview.”65 Schaul corrected the ASD employee: “Mail-fraud disinfo[rmation] is in-bounds for us this time, domestic or foreign; so if you see something you’re worried about let us know.”66


 

        Despite constituting a clear departure from its statutory mandate, CISA’s MDM team has, at its peak, been comprised of “a total of 15 dedicated part- and full-time staff,” who focus on “disinformation activities targeting elections and critical infrastructure.”67 Jen Easterly, the current Director of CISA, justified CISA’s MDM-related activities by saying: “One could argue we’re in the business of critical infrastructure, and the most critical infrastructure is our cognitive infrastructure, so building that resilience to misinformation and disinformation, I think, is incredibly important.”
68


A. Switchboarding: CISA’s coordination with Big Tech to censor Americans


        CISA’s Director, Jen Easterly, claimed in her March 28, 2023 testimony before Congress that “we don’t flag anything to social media organizations at all. We are focused on building resilience to foreign influence and disinformation.”69 Despite Easterly’s assurances, however, the DHS Office of Inspector General (OIG) has reported that CISA began “notifying social media platforms or appropriate law enforcement official when voting-related disinformation appeared in social media” as early as 2018.70


        When deposed as part of ongoing litigation in federal court, Brian Scully, the head of CISA’s MDM team, confirmed that CISA has historically flagged disinformation to social media platforms, in a process known as “switchboarding.”71 Scully further described switchboarding as a “resource intensive”72 process whereby CISA officials received alleged “misinformation” reports from election officials and forwarded those reports to social media companies so that they could take enforcement measures against the reported content.73


        CISA has sought to disclaim any responsibility in affecting social media companies’ decisions on content moderation. In reporting content to social media platforms, CISA officials, including Scully, often appended a disclaimer to their e-mails, claiming, “CISA affirms that it neither has nor seeks the ability to remove or edit what information is made available on social media platforms.”74 However, when deposed as part of ongoing federal litigation, Scully admitted that CISA was aware that its outreach to social media companies about alleged disinformation would trigger content moderation.75


B. CISA’s MDM consultants rejected constitutional “limitations” on the surveillance and censorship of domestic speech


        Originally created to protect critical infrastructure such as dams and pipelines from foreign malign actors, CISA has ventured well beyond its founding mandate and began targeting constitutionally protected domestic speech for censorship on social media platforms. By 2020, just two years after its creation, CISA had unilaterally expanded its authorities from countering foreign influence operations to curtailing domestic speech. In 2021, CISA created an advisory committee, including the MDM Subcommittee, in order to receive input from Big Tech and “disinformation” experts. According to documents produced to the Committee and Select Subcommittee, 76 members of the MDM Subcommittee, while serving in this advisory role, pushed aside legitimate criticism and urged CISA to continue on its unconstitutional trajectory.


        On August 30, 2022, MDM Subcommittee members discussed the propriety of DHS “identifying domestic actors” spreading alleged disinformation.77 According to notes of the meeting that day, Suzanne Spaulding, a former CIA legal advisor, “urged Dr. Starbird not to solely focus on addressing foreign threats.”78 Spaulding also “encouraged Dr. Starbird to emphasize that domestic threats remain and while attribution is sometimes unclear, CISA should be sensitive to domestic distinctions, but cannot focus too heavily on such limitations.”79 In the same meeting, the director of CISA’s Election Security Initiative “[Geoff] Hale reflected that these discussions of scoping authority relate to the Subcommittee’s initial deliberations urging CISA to be actor-agnostic in their work combating mis- and dis-information.”80 In other words, Hale, a federal government employee, observed that the Subcommittee’s work addressing alleged mis- and dis-information should not distinguish between foreign and domestic sources.


 

        Other documents produced to the Committee and Select Subcommittee suggest that Hale and the MDM Subcommittee urged action in the domestic space, even in the face of opposition from state and local election administration officials. In particular, during the MDM Subcommittee’s August 8, 2022 meeting, Twitter’s Chief Legal Officer Vijaya Gadde “reflected on the group’s previous meeting with the National Association of Secretaries of State (NASS) and the National Association of State Election Directors (NASED) and noted in their feedback that CISA should not be involved in this mission space, except when a foreign adversary is at play.”81 Gadde doubted that this distinction could serve as a meaningful limit for CISA because “it is difficult to determine whether a foreign adversary is involved.”82 Later in the same meeting, Starbird “noted that because mis- and disinformation is universal, CISA must play a role on the national level.”83

 

C. CISA considered creating an anti-MDM “rapid response team” to physically deploy across the United States

        In one particularly notable departure from its legal authority, during the MDM Subcommittee’s June 14, 2022 meeting, participants “explore[d] the idea of how CISA could develop a rapid response team to deploy . . . in-person to local election officials’ jurisdictions struggling with specific informational threats.”84 The CISA officials present at the meeting seemed receptive to the idea, with Geoff Hale, the director of CISA’s Election Security Initiative, commenting that “this is a fascinating idea that takes CISA’s existing operational responsibilities to consider MDM as part of its core mission set.”85


 



        Starbird, the chair of the MDM Subcommittee, also “commented that the rapid response team would need to surge for short periods of time around elections.”86 Hale then “noted the possibility to stand up this team in the short term by encouraging the communications team to consider MDM equities.”87


        Subcommittee members then abandoned any pretext of operating within CISA’s legal authority, with Twitter’s Vijaya Gadde noting “that the idea of a rapid response team must include the ability to engage whether or not a cyber component is present.”88 “Dr. Starbird agreed with Ms. Gadde’s point that threats to critical infrastructure are not limited to cyber threats.”89

 

D. MDM “experts” wanted CISA to crack down on factual information


        Even so-called “malinformation”—truthful information that, according to the government, may carry the potential to mislead—could not escape the scrutiny of CISA’s MDM “experts.”90 In an e-mail exchange between MDM Subcommittee members Starbird and Spaulding, Spaulding wrote: “As I’ve read more about malinformation, I think you’re right that it could fit the kinds of risks we are concerned about. The challenge may be that because it is not false, per se . . . it is much trickier from a policy perspective.”91 Spaulding proposed a “compromise”: “that [malinformation] is part of CISA’s current scope but that our recommendations, at least at this stage, are focused primarily on countering false information.”92


 


        Starbird responded that “malinformation is perhaps the hardest challenge in this space.”93 Starbird then lamented that “unfortunately current public discourse (in part a result of information operations) seems to accept malinformation as ‘speech’ and within democratic norms” and that CISA may face “bad faith criticism” for censoring content that is true.94


E. CISA is only one part of a “whole-of-government” approach to MDM

 


        Documents obtained by the Committee and Select Subcommittee establish that CISA and the MDM Subcommittee considered CISA to be only one part of a grander, “whole-of-government” approach to tackling disfavored speech. For example, according to the MDM Subcommittee’s “Subcommittee Overview & Update,” “CISA is bringing on staff to address MDM related to the pandemic . . . as well as improving our ability to do analytics on narrative intervention. We are also working with federal partners to mature a whole-of-government approach to mitigating risks of MDM, framing which . . . interventions are appropriate to the threats impacting the information environment.”95




        As another example, during a March 1, 2022 meeting of the MDM Subcommittee, Laura Dehmlow of the FBI’s Foreign Influence Task Force (FITF), who had been invited to brief the MDM Subcommittee, claimed that the “FBI does not perform narrative or content-based analysis.”96 According to the meeting notes, Starbird, the chair of the MDM Subcommittee, then offered CISA to fill this perceived gap in the government’s censorship efforts, suggesting that “CISA might have a role based on the Subcommittee helping to define the narrative so the ‘whole of government’ approach could be leveraged.”97


 

F. State election officials warned CISA to “remain within [its] operational and mission limits,” lest it should earn the public’s “distrust.”


        MDM Subcommittee meeting notes and other documents obtained by the Committee and Select Subcommittee reveal that those engaging with CISA, and even election officials, were critical of CISA’s efforts to crack down on domestic speech related to elections. On August 2, 2022, Leslie Reynolds of the National Association of Secretaries of State (NASS) cautioned the MDM Subcommittee “that it is important for CISA to remain within their operational and mission limits. CISA specifically should stick with misinformation and disinformation as related to cybersecurity issues.”98 Unfazed by the admonishment, Starbird promptly “sought to clarify how CISA can assist with matters outside their direct mission scope.”99




        Lindsey Forson, also affiliated with NASS, similarly “cautioned that the public could grow to distrust government agencies if they are not careful in the ways they interact with election related issues.” 100


 

G. DHS was eager to cement CISA as a domestic intelligence agency


        In May 2021, Brian de Vallance, a former DHS Assistant Secretary for Legislative Affairs,101 sent an e-mail to Jen Easterly—who would later become CISA’s director —among others, about the National Defense Authorization Act (NDAA) provision establishing a Social Media Data and Threat Analysis Center to address disinformation within the Office of the Director of National Intelligence (ODNI). He relayed to Easterly, “off the record, some at ODNI are not big fans of CISA . . . More on this by phone, but I personally think that [the Social Media Data and Threat Analysis Center] SHOULD move to DHS [because] of the connectivity to the (domestic) social media companies.”102




H. Social media companies mocked CISA’s MDM team and DHS’s Disinformation Governance Board

        CISA’s “connectivity to the (domestic) social media companies” did not, however, prevent it from being criticized by these social media companies. In May 2022, following public backlash concerning DHS’s Orwellian Disinformation Governance Board,103 Brian Scully, the head of CISA’s MDM team, e-mailed several LinkedIn employees, writing, “[g]iven the confusion around last week’s announcement of a DHS disinformation governance board, I want to make sure you know that LinkedIn can always reach out to CISA should you have any questions.”104


        A LinkedIn employee then forwarded Scully’s e-mail to another LinkedIn employee, who responded internally, mocking Scully: “Hey LinkedIn friends, if you ever want to know what the Regime considers to be true or false, just drop a line. We have connections…”105


 

I. CSAC members were concerned about the MDM Subcommittee


        Other members of the broader CSAC also exhibited discomfort at CISA’s and the MDM Subcommittee’s efforts related to MDM. During a closed session of the CSAC at its June 2022 Quarterly meeting, Cloudflare CEO Matthew Prince “flagged his concerns with the MDM Subcommittee and the perception that CISA is influencing narratives.”106


 

        Nicole Perlroth, another CSAC member, also “recommended that CISA establish an independent equivalent of a Facebook oversight board with people who are not vocal on Twitter, nor are they politically active, to give honest feedback. She expressed concern that since Director Easterly is serving under a political administration, this will put the recommendations at a higher risk.”107
105 E-mail from LinkedIn employee to LinkedIn employees (May 2, 2022, 7:47 PM) (on file with the Comm.).




    II. CISA colludes with third parties to circumvent the First Amendment and conduct censorship by proxy


        For the same reasons that the federal government may not censor Americans’ speech, the federal government is also prohibited from using third parties to censor speech on its behalf. Under the First Amendment, the government may not “abridg[e] the freedom of speech.”108 The Constitution thus forbids the government from engaging in conduct that prevents or hampers speech on private social media platforms because of its content or the viewpoint that it expresses.109


        Challenges to government involvement in the suppression of speech on social media are all relatively recent. As such, courts have had little opportunity to address the matter. However, a federal court recently found that this type of conduct gave rise to a plausible First Amendment claim: “Plaintiffs have clearly and plausibly alleged that [the government] engaged in viewpoint discrimination and prior restraints,”110 the court declared, citing the plaintiffs’ allegations of “extensive and highly effective efforts of government officials to silence or muffle the expression of disfavored viewpoints.”111 The court concluded that the plaintiffs had “plausibly alleged state action under the theories of joint participation, entwinement, and the combining of factors such as subsidization, authorization, and encouragement.”112


        In a draft of its June 2022 recommendations, the MDM Subcommittee refers to this pattern of unconstitutional outsourcing, writing, “CISA should also engage in content- and narrative-specific mitigation efforts . . .. CISA should support these efforts . . . through funding outside organizations to assist in this work.”113





A. CISA’s external censorship arm: the EI-ISAC


        The CISA-funded EI-ISAC was used by CIS during the 2020 election cycle as “a single point of reporting and tracking for misinformation across all channels and platforms.”114 As described in a slide from a CIS presentation titled, “2020 CIS Election Infrastructure Misinformation Reporting Summary,” the EI-ISAC was intended to “[s]treamline and simplify misinformation reporting for election officials by eliminating multiple interactions to submit and follow up on reports.”115 In so doing, CIS boasted that it “leverage[d] DHS CISA’s relationship with social media organizations to ensure priority treatment of misinformation reports.”116


 

        CISA also became involved with the Election Integrity Partnership (EIP). CIS and the EI-ISAC, as well as CISA itself, all served as “external stakeholders” of the project.117 During the 2020 election cycle, the CISA-funded entities could—and did—send in reports of alleged misinformation to the EIP. Members of EIP, such as Alex Stamos, the director of the Stanford Internet Observatory, would send purportedly problematic content directly to social media platforms with recommendations on what content moderation steps the platforms should take.


        Brian Scully, CISA’s MDM lead, confirmed in his deposition, that CISA did not directly engage in switchboarding for the 2022 election cycle, unlike in the 2020 election cycle.118 Rather, CISA transferred the “switchboard function” to the EI-ISAC.119




B. State and local election officials used the EI-ISAC in an effort to silence critics and political opponents


        CIS had previously claimed that “Election Infrastructure Misinformation and Disinformation does NOT include: “content that is polarizing, biased, partisan or contains viewpoints expressed about elections or politics”; “inaccurate statements about an elected or appointed official, candidate, or political party”; or “broad, non-specific statements about the integrity of elections or civic processes that do not reference a specific current election administration activity.”120


        But, in practice, state and local election officials used the CISA-funded EI-ISAC in an effort to silence criticism and political dissent of the nature allegedly “NOT include[d]” in CIS’s definition of “Election Infrastructure Misinformation and Disinformation.” For example, in August 2022, a Loudoun County, Virginia, government official reported a Tweet featuring an unedited video of a county official “because it was posted as part of a larger campaign to discredit the word of” that official.121 The Loudon County official’s remark that the account she flagged “is connected to Parents Against Critical Race Theory” reveals that her “misinformation report” was nothing more than a politically motivated censorship attempt.122




 

        The EI-ISAC then forwarded the report from the Loudoun County government to Twitter.123


 

        The CISA-funded EI-ISAC also facilitated a Democratic state government official’s attempt to censor core political speech by a sitting Republican U.S. Senator. As demonstrated below, a state government official working for Pennsylvania’s Secretary of State reported to the EI-ISAC posts on Twitter and Facebook from Senator Ted Cruz’s accounts,124 in which Senator Cruz asked: “Why is it only Democrat blue cities that take ‘days’ to count their votes? The rest of the country manages to get it done on election night.”125




C. CISA admitted to outsourcing its surveillance operation to third parties


        On numerous occasions, CISA officials and MDM Subcommittee members acknowledged, both implicitly and explicitly, that CISA was not authorized to conduct the kind of surveillance and censorship it was conducting. Instead of calling for an end to CISA’s unconstitutional activity, however, those involved routinely attempted to conceive methods by which CISA could surreptitiously outsource its surveillance and censorship to non-governmental third parties.


        For example, during a March 15, 2022 meeting of the MDM Subcommittee, Starbird “asked what are, or what should be, the limitation of CISA’s work regarding monitoring, such as social media.”127 Starbird then “addressed the highly limited scope for government in terms of social media monitoring . . .. She also posed how CISA could work with or otherwise support external groups, such as researchers and non-profits, to support MDM response and how this work would be funded in the future.”128 According to Starbird later in the meeting, “[t]hese limitations provide an opportunity for this subcommittee to inform gaps in this information.”129


 

        Twitter’s Chief Legal Officer, Vijaya Gadde, then “highlighted the many sensitivities, beyond legal ones, in terms of the relationship between social media companies and government concerning media monitoring and the perception this plays globally,” as well as the need to ensure that this government-social media relationship did not result in “any form of surveillance.”130 Starbird responded that “this work should come from outside of government due to the sensitivities in this relationship.”131




        Rather than abandon the consideration of surveilling Americans, Starbird and Gadde attempted to find ways to circumvent the First Amendment’s strictures by outsourcing the “monitoring” activity from the government to private entities.


        In the same March meeting, Spaulding warned that “the government cannot ask an outside party to do something the Intelligence Community cannot do.”132 But a few months later, MDM Subcommittee members were still considering how CISA could “rely upon third parties” rather than “monitor media for MDM” itself.133 In the comments of an outline for the MDM Subcommittee’s June 2022 recommendations, Spaulding wrote, “[CISA] relies on third parties to detect and notify it of malicious activity in non-government networks. Similarly, CISA may decide not to monitor media for MDM but, instead, to rely upon third parties to notify it of problems.”134




III. CISA has attempted to conceal its unconstitutional activities and remove evidence of wrongdoing


        April and May 2022 were difficult months for the censorship regime. President Biden’s DHS announced the formation of the Disinformation Governance Board on April 27, 2022, but had to pause its work on May 18,135 and subsequently disband it,136 following severe public outcry.137 On May 5, the Attorneys General of Missouri and Louisiana filed a federal lawsuit against the Biden Administration, including CISA, alleging government-induced viewpoint-based censorship.138 This lawsuit would soon reveal, among other things, direct pressure from the Biden White House to social media companies to censor vaccine-skeptical content.139


        Meeting notes of the MDM Subcommittee from this period demonstrate that its members and CISA were fully aware of these developments and discussed how CISA could outsource its MDM-related activities to third parties so as to bypass the First Amendment and “avoid the appearance of government propaganda.”140


A. Fearing public pressure and legal risks, CISA outsourced its censorship operation to the EI-ISAC


        In addition to outsourcing its censorship operation to the EI-ISAC, an MDM Subcommittee member and CISA official also suggested laundering its messaging through the EI-ISAC, thereby making the EI-ISAC the mouthpiece for “trusted information.”141 During the April 12, 2022 MDM Subcommittee meeting, “Subcommittee members . . . discussed designating a point of contact as a clearing house for trusted information. Ms. Spaulding and Mr. Hale suggested designating the ISACs as the clearing house for information to avoid the appearance of government propaganda.”142


 

        On July 26, 2022, CISA’s Kim Wyman made a particularly forthright admission about CISA’s attempts to launder its censorship operation to outside parties. According to the meeting notes, Wyman was discussing CISA’s “switchboard function to alert a media platform if a mis-or dis-information post is identified by another user.”
143 In that discussion, Wyman indicated that “CISA is currently transferring this work to the Information and Sharing and Analysis Centers (ISACs). She noted the concern over CISA operating this function given the current lawsuit filed by Louisiana and Missouri against CISA over perceived suppression of free speech.”144


 

B. The MDM Subcommittee tried to disguise its recommendations by removing references to surveillance and censorship


        Both CISA and its advisory subcommittee were keenly aware of and concerned about the political environment and legal risks that accompanied its surveillance and censorship activities. During the May 10, 2022 meeting of the MDM Subcommittee, “Dr. Starbird suggested refining the name of the subcommittee to ‘Informational Threats to Critical Infrastructure’ or ‘Informational Threats to Election Security’ so as not to conflate the group’s efforts with the work of the DHS Disinformation Governance Board.”145 Twitter’s Gadde then “affirmed this [suggestion] and cautioned the group against pursuing any social listening recommendations for the CSAC June Quarterly Meeting.”146




        A little over a week later, on May 19, Starbird sent an e-mail to the other members of the MDM Subcommittee, writing: “I made a few final changes this morning and am sending off our draft [of the MDM Subcommittee’s June 2022 recommendations] to the CISA team. I want to note that I removed ‘monitoring’ from just about every place where it appeared.”147


 

        These attempts to disguise the true nature of counter-MDM work are emblematic of the tactics employed by academics “studying” disinformation. According to recent reporting by the Washington Post, in response to the Committee’s request for documents from Stanford University, “lawyers at the institution warned researchers to be more thoughtful about what they said in emails. ‘It makes me more careful in my communications with colleagues and collaborators,’ said professor Jeff Hancock, the faculty director of the Stanford Internet Observatory.”148


C. CISA’s MDM advisors fretted that it was “only a matter of time before someone realizes we exist and starts asking about our work.”


        On May 20, Spaulding sent an e-mail to Starbird expressing her concerns about growing public attention. In an e-mail, Spaulding wrote: “It’s only a matter of time before someone realizes we exist and starts asking about our work. . .. I’m not sure this keeps until our public meeting in June.”



        Starbird responded to Spaulding, writing, “Yes. I agree. We have a couple of pretty obvious vulnerabilities.”150


 

        During a May 24 meeting of the MDM Subcommittee, Starbird “restated the Subcommittee’s commitment to transparency but expressed concern for the Subcommittee’s efforts and cautioned the group on how to communicate their ongoing work.”151



        In an apparent effort to conceal the full scope of CISA’s MDM-related efforts, Spaulding then “stressed that CISA should examine MDM beyond elections but suggested including in the recommendations that the Subcommittee is scoping their work around elections given the approaching election cycle.”152


 

        Spaulding’s and others’ proposal to “socialize” the MDM Subcommittee’s work was met with resistance from CISA’s Megan Tsuyi, who told Starbird that “[t]he Subcommittee should not be socializing its work with outside parties . . . as it’s pre-deliberative at this time. We also shouldn’t be soliciting feedback on the recommendations from outside parties.”153


 

D. CISA purged its website of references to domestic MDM and its First Amendment violations in response to public pressure


        Following increased public awareness of CISA’s role in government-induced censorship and the Committee’s issuance of subpoenas to Alphabet, Amazon, Apple, Microsoft, and Meta in February 2023, CISA scrubbed its website of references to domestic MDM. Prior to the cleansing, the domain “CISA.gov/mdm” was associated with a webpage titled “Mis, Dis, Malinformation,” as seen in the screenshot below, which shows the website as it appeared on February 12, 2023.154


 

        The website previously described the threats posed by both foreign and domestic MDM. For example, the section titled “What is MDM?” read, “Foreign and domestic threat actors use MDM campaigns to cause chaos, confusion, and division. These malign actors are seeking to interfere with and undermine our democratic institutions and national cohesiveness.”155




        Now, the same URL redirects to a different page titled “Foreign Influence Operations and Disinformation,” which omits any reference to “domestic” MDM.156


 

        As reported by the Foundation for Freedom Online, “between Friday, Feb. 24 at 4:37 p.m. and Sunday, Feb. 26 at 5:55 am., CISA’s once loud-and-proud declaration of long-arm jurisdiction over domestic opinions online seems to have been walked back.”157


E. The Biden Justice Department interfered with public records requests in order to shield CISA from public scrutiny of its unconstitutional practices


        The effort to cover up CISA’s malfeasance appears to be a joint effort across the Biden Administration, according to recent reporting by journalist Lee Fang. In the fall of 2022, several non-profits and journalists, including Fang, individually submitted record requests to the University of Washington for material about Starbird’s work with CISA.158 On September 26, 2022, Annalisa Cravens, an Assistant United States Attorney with the Department of Justice (DOJ), sent an e-mail to Starbird, writing, “Could we please see a copy of any relevant CISA documents that you may plan to produce? We’re also not sure when you received the records request, but we would ask to have an extension of time to review them and assess whether we’ll have to file suit to protect them from disclosure.”159




        As Fang subsequently explained, “[t]he stalling effort highlights not only the broad authority that the federal government has to shape the political content available to the public, but also the toolkit that it relies upon to limit scrutiny of its involvement in the regulation of speech.”160




CONCLUSION


“Silencing those who disagree with us is a sign of weakness, not strength, and it won’t lead to progress.”
– former President Barack Obama, April 6, 2023.161


        In 2019, CISA’s Chief Counsel claimed: “We are not law enforcement and we’re not the intelligence community.”162 In theory, the statement is accurate. CISA is not a law enforcement agency and is not authorized to act as an intelligence agency. But, in practice, that is how CISA has behaved, arrogating to itself the authority to conduct surveillance of Americans on social media. CISA expanded its unconstitutional practice by developing an elaborate social media censorship apparatus spanning multiple organizations, in order to facilitate the censorship of Americans’ political speech both directly and by proxy. There is no constitutionally viable legal authority that allows CISA to engage in this or any other kind of censorship. Thus, not only does CISA’s conduct violate the First Amendment, it also disregards the basic principle of the separation of powers, which prohibits agencies from acting outside of their congressionally delegated sphere.163


        As Suzanne Spaulding, the former CIA legal advisor and MDM Subcommittee member, presaged, it was “only a matter of time before someone realizes we exist and starts asking about”164 CISA’s repeated violations of the First Amendment. CISA’s attempts to cover up its surveillance and censorship operations will not rectify the damage inflicted on the American people by government-induced censorship. Neither CISA’s scrubbing of its website, nor the Biden Administration’s stalling of records requests can conceal the true nature of CISA’s work in “combating MDM.”


        CISA must be reined in, as must the Biden Administration’s “whole-of-government” approach to social media censorship. Every American has the right to express his or her opinion online, and to receive information from others. Government classifications of opinions as “misinformation” or “disinformation” do not nullify the First Amendment’s guarantees. A free and democratic society is impossible under a government that acts as the ultimate arbiter of truth in political discourse. To better inform legislative efforts to end government censorship on the Internet and protect Americans’ rights guaranteed by the First Amendment, the Committee and Select Subcommittee will continue to investigate the extent of CISA’s and other Executive Branch agencies’ interactions with social media platforms.

 1 Maggie Miller, Cyber agency beefing up disinformation, misinformation team, THE HILL (Nov. 10, 2021).
2 See Norwood v. Harrison, 413 U.S. 455, 465 (1973) (“It is also axiomatic that a state may not induce, encourage or promote private persons to accomplish what it is constitutionally forbidden to accomplish.”).
3 See 6 U.S. Code § 652; Federal Government, CYBERSECURITY AND INFRASTRUCTURE SEC. AGENCY, https://www.cisa.gov/audiences/federal-government (last visited Jun. 23, 2023).
4 See Ken Klippenstein and Lee Fang, Truth Cops: Leaked Documents Outline DHS’s Plans to Police Disinformation, THE INTERCEPT (Oct. 31, 2022).
5 Scully Dep. 16:16–17:8, Missouri v. Biden, No. 3:22-cv-01213 (W.D. La. 2022), ECF No. 209.
6 DHS Needs a Unified Strategy to Counter Disinformation Campaigns, DEP’T OF HOMELAND SEC. OFFICE OF INSPECTOR GEN., at 7 (Aug. 10, 2022), https://www.oig.dhs.gov/sites/default/files/assets/2022-08/OIG-22-58-Aug22.pdf.
7 See, e.g., Scully Dep. 17:9–14, supra note 5

8 CISA CYBERSECURITY ADVISORY COMM., SUBCOMMITTEE OVERVIEW & UPDATE: PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION, at 1 (2022) (on file with the Comm.).
9 CISA CYBERSECURITY ADVISORY COMM., PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION SUBCOMMITTEE MEETING JUNE 14, 2022, at 2 (on file with the Comm.).
10 CISA CYBERSECURITY ADVISORY COMM., PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION SUBCOMMITTEE MEETING JULY 26, 2022, at 1 (on file with the Comm.).
11 CISA CYBERSECURITY ADVISORY COMM., PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION SUBCOMMITTEE MEETING APRIL 12, 2022, at 2 (on file with the Comm.).
12 E-mail from Suzanne Spaulding to Kate Starbird (May 20, 2022, 7:27 AM) (on file with the Comm.).
13 H. Res. 12 § 1(b)(E).

14 Hearing on the Weaponization of the Federal Government: Hearing Before the Select Subcomm. on the Weaponization of the Federal Government of the H. Comm. on the Judiciary, 118th Cong. (Mar. 9, 2023); Hearing on the Weaponization of the Federal Government: Hearing Before the Select Subcomm. on the Weaponization of the Federal Government of the H. Comm. on the Judiciary, 118th Cong. (Mar. 30, 2023).
15 STAFF OF SELECT SUBCOMM. ON THE WEAPONIZATION OF THE FEDERAL GOVERNMENT OF THE H. COMM. ON THE JUDICIARY, 118TH CONG., THE WEAPONIZATION OF THE FEDERAL TRADE COMMISSION: AN AGENCY’S OVERREACH TO HARASS ELON MUSK’S TWITTER (Comm. Print 2023).
16 See Wood v. Georgia, 370 U.S. 375, 388 (1962) (“Those who won our independence had confidence in the power of free and fearless reasoning and communication of ideas to discover and spread political truth.”).
17 Ashcroft v. ACLU, 535 U.S. 564, 573 (2002).
18 W.Va. State Bd. of Educ. v. Barnette, 319 U.S. 624, 642 (1943).
19 United States. v. Alvarez, 567 U.S. 709, 718 (2012) (plurality opinion).
20 See id. at 752 (Alito, J., dissenting) (“Even where there is a wide scholarly consensus concerning a particular matter, the truth is served by allowing that consensus to be challenged without fear of reprisal. Today’s accepted wisdom sometimes turns out to be mistaken.”).
21 Bd. of Educ., Island Trees Union Free Sch. Dist. No. 26 v. Pico, 457 U.S.853, 867 (1982).
22 Norwood v. Harrison, 413 U.S. 455, 465 (1973).

23 U.S. CONST. amend. I (emphasis added).
24 See Philip Hamburger, How the Government Justifies Its Social-Media Censorship, WALL STREET JOURNAL (Jun. 9, 2023).
25 Hearing on the Weaponization of the Federal Government: Hearing Before the Select Subcomm. on the Weaponization of the Federal Government of the H. Comm. on the Judiciary, 118th Cong. at 6 (Mar. 9, 2023) (statement of Michael Shellenberger).
26 6 U.S. Code § 652.
27 Id.
28 CISA and Cyber Threats: How Government and Private Sector Secure Our Networks and Infrastructure, THE FEDERALIST SOC’Y (Jun. 11, 2019).
29 Homeland Sec. Presidential Directive 7, 2. Pub. Papers 1739 (Dec. 17, 2003).
30 Press Release, Dep’t of Homeland Sec., Statement by Secretary Jeh Johnson on the Designation of Election Infrastructure as a Critical Infrastructure Subsector (Jan. 6, 2017).
31 6 U.S. Code § 652.
32 See, e.g., CYBERSECURITY AND INFRASTRUCTURE SEC. AGENCY, #PROTECT2020 STRATEGIC PLAN, at 20 (2020), https://www.cisa.gov/sites/default/files/publications/ESI_Strategic_Plan_FINAL_2-7-20_508.pdf.

 34 CISA CYBERSECURITY ADVISORY COMM., 2022 ANNUAL REPORT, at 2 (2022), https://www.cisa.gov/sites/default/files/2023-01/csac_annual_report_2023-01-18_508_0.pdf.
35 See, e.g., CISA CYBERSECURITY ADVISORY COMM., DECEMBER 6, 2022MEETING SUMMARY CLOSED SESSION, at 3 (On file with the Comm.).
36 CISA CYBERSECURITY ADVISORY COMM., DECEMBER 6, 2022MEETING SUMMARY OPEN SESSION, at 1, https://www.cisa.gov/sites/default/files/publications/CSAC_December-Quarterly-Meeting-Summary_508_01062023_0.pdf.
37 Kate Starbird, UNIVERSITY OF WASHINGTON, https://www.hcde.washington.edu/starbird (last visited Jun. 12, 2023).
38 ELECTION INTEGRITY P’SHIP, THE LONG FUSE:MISINFORMATION AND THE 2020 ELECTION, at vi (Eden Beck ed., 2021).
39 VIRALITY PROJECT,MEMES,MAGNETS, AND MICROCHIPS: NARRATIVE DYNAMICS AROUND COVID-19 VACCINES, at 1 (Eden Beck ed., 2022).
40 CISA CYBERSECURITY ADVISORY COMM., SUBCOMMITTEE FACTSHEET (2022), https://www.cisa.gov/sites/default/files/publications/CSAC_Subcommittee_Fact_Sheet_05192022_508c.pdf.
41 Victor Nava, Who is Vijaya Gadde, the Twitter exec involved in censoring Post’s Hunter Biden laptop bombshell?, NEW YORK POST (Dec. 3, 2022).
42 The Twitter executives fired after Elon Musk’s takeover, AXIOS (Oct. 28, 2022).
43 Id.

44 Suzanne Spaulding, CENTER FOR STRATEGIC & INT’L STUDIES, https://www.csis.org/people/suzanne-spaulding (last visited Jun. 23, 2023).
45 Id.
46 Geoff Hale, RSA CONF., https://www.rsaconference.com/experts/geoff-hale (last visited Jun. 23, 2023).
47 Kim Wyman, CYBERSECURITY AND INFRASTRUCTURE SEC. AGENCY, https://www.cisa.gov/about/leadership/kim-wyman (last visited Jun. 23, 2023).
48 CISA CYBERSECURITY ADVISORY COMM., JUNE 22, 2022MEETING SUMMARY OPEN SESSION, https://www.cisa.gov/sites/default/files/publications/CSAC_June_Quarterly_Meeting_Summary.pdf.
49 CISA CYBERSECURITY ADVISORY COMM., DECEMBER 6, 2022MEETING SUMMARY OPEN SESSION, https://www.cisa.gov/sites/default/files/publications/CSAC_December-Quarterly-Meeting-Summary_508_01062023_0.pdf.
50 CISA CYBERSECURITY ADVISORY COMM., REPORT TO THE CISA DIRECTOR PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION AND DISINFORMATION JUNE 22, 2022, at 2, https://www.cisa.gov/sites/default/files/publications/June%202022%20CSAC%20Recommendations%20%E2%80%93%20MDM_0.pdf.
51 EI-ISAC, CENTER FOR INTERNET SEC., https://www.cisecurity.org/ei-isac (last visited Jun. 23, 2023).
52 ELECTION INTEGRITY P’SHIP, supra note 38, at 13.
53 See id.

 54 DEP’T OF HOMELAND SEC., DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY BUDGET OVERVIEW FISCAL YEAR 2024 CONGRESSIONAL JUSTIFICATION, at 37 (2023).
55 EI-ISAC, supra note 51.

 56 DHS Needs a Unified Strategy to Counter Disinformation Campaigns, supra note 6 at 5.
57 See Gregory Eady et al., Exposure to the Russian Internet Research Agency foreign influence campaign on Twitter in the 2016 US election and its relationship to attitudes and voting behavior, 14:62 NATURE COMMUNICATIONS 1, at 8-9 (2023).
58 See, e.g., Resilience Series Graphic Novels, CYBERSECURITY AND INFRASTRUCTURE SEC. AGENCY, https://www.cisa.gov/topics/election-security/foreign-influence-operations-and-disinformation/resilience-series-graphic-novels (last visited Jun. 23, 2023).
59 See Scully Dep. 11:24–12:2, supra note 5.

 
60 DHS Needs a Unified Strategy to Counter Disinformation Campaigns, supra note 6 at 7.
61 CYBERSECURITY AND INFRASTRUCTURE SEC. AGENCY,MIS-, DIS-, AND MALINFORMATION PLANNING AND INCIDENT RESPONSE GUIDE FOR ELECTION OFFICIALS, at 1 (2022), https://www.cisa.gov/sites/default/files/2022-11/mdm-incident-response-guide_508.pdf.
62 Id.
63 E-mail from Suzanne Spaulding (Google Docs) to Kate Starbird (May 16, 2022, 6:27 PM) (on file with the Comm.).

 64 U.S.-Paris Tech Challenge, ATLANTIC COUNCIL, https://www.atlanticcouncil.org/event/u-s-paris-tech-challenge/ (last visited Jun. 23, 2023).
65 E-mail from German Marshall Fund employee to Robert Schaul (Nov. 4, 2020, 1:00 PM) (on file with the Comm.).
66 E-mail from Robert Schaul to German Marshall Fund employee (Nov. 4, 2020, 1:12 PM) (on file with the Comm.).
67 DHS Needs a Unified Strategy to Counter Disinformation Campaigns, supra note 6 at 7.

 68 Miller, supra note 1.
69 H. COMM. ON APPROPRIATIONS, Budget Hearing – Fiscal Year 2024 Request for the Cybersecurity and Infrastructure Security Agency, YOUTUBE (Mar. 28, 2023).
70 DHS Needs a Unified Strategy to Counter Disinformation Campaigns, supra note 6 at 5.
71 Scully Dep. 23:16–24:2, supra note 5.
72 Scully Dep. 62:15–22, supra note 5.
73 Scully Dep. 17:1–18:1, supra note 5.
74 See, e.g., e-mail from Brian Scully to Facebook employees (Oct. 28, 2020, 2:09 PM) (on file with the Comm.); e-mail from Brian Scully to Google employee (Oct. 1, 2020 9:01 PM) (on file with the Comm.).
75 Scully Dep. 17:15–18:1, supra note 5. See also Hearing on the Weaponization of the Federal Government: Hearing Before the Select Subcomm. on the Weaponization of the Federal Government of the H. Comm. on the Judiciary, 118th Cong. (Mar. 30, 2023).

 76 These documents include meeting minutes from the MDM Subcommittee. As Chair of the MDM Subcommittee, Dr. Kate Starbird reviewed and approved these meeting minutes before they were circulated. Transcribed Interview of Kate Starbird at 39 (on file with the Comm.).
77 CISA CYBERSECURITY ADVISORY COMM., PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION SUBCOMMITTEE MEETING AUGUST 30, 2022, at 1 (on file with the Comm.).
78 Id. at 2.
79 Id.
80 Id. at 1.
81 CISA CYBERSECURITY ADVISORY COMM., PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION SUBCOMMITTEE MEETING AUGUST 8, 2022, at 1 (on file with the Comm.).
82 Id.

 83 Id. at 2.
84 CISA CYBERSECURITY ADVISORY COMM., PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION SUBCOMMITTEE MEETING JUNE 14, 2022, at 2 (on file with the Comm.).
85 Id.

86 Id.
87 Id.
88 Id.
89 Id.
90 The First Amendment protects domestic speech, regardless of whether government actors consider it mis-, dis-, or malinformation. See United States. v. Alvarez, 567 U.S. 709, 718 (2012) (plurality opinion).
91 E-mail from Suzanne Spaulding to Kate Starbird (May 16, 2022, 6:02 PM) (on file with the Comm.).
92 Id. 

93 E-mail from Kate Starbird to Suzanne Spaulding (May 17, 2022, 9:47 AM) (on file with the Comm.).
94 Id.
95 CISA CYBERSECURITY ADVISORY COMM., SUBCOMMITTEE OVERVIEW & UPDATE: PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION, at 1 (2022) (on file with the Comm.).

 96 CISA CYBERSECURITY ADVISORY COMM., PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION SUBCOMMITTEE MEETING MARCH 1, 2022, at 1 (on file with the Comm.).
97 Id.
98 CISA CYBERSECURITY ADVISORY COMM., PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION SUBCOMMITTEE MEETING AUGUST 2, 2022, at 2 (on file with the Comm.).
99 Id.

 100 Id. at 1.
101 Brian de Vallance, DEP’T OF HOMELAND SEC., https://www.dhs.gov/archive/person/brian-de-vallance (last visited Jun. 23, 2023).
102 E-mail from Google Calendar on behalf of Brian de Vallance to Jen Easterly (May 7, 2021, 12:18 PM) (on file with the Comm.).

103 The Disinformation Governance Board was an organ of DHS intended to “coordinate countering misinformation related to homeland security,” which was first announced on April 27, 2022. Eugene Daniels, Rachel Bade, and Ryan Lizza, POLITICO Playbook: Fauci pulls out of WHCD. Is Biden next?, POLITICO (Apr. 27, 2022). The Board’s inaugural (in fact, only) director was Nina Jankowicz. Prior to assuming the helm of the Board, Jankowicz falsely described the Hunter Biden laptop as a “Trump campaign product.” Roger Koppl and Abigail Devereaux, Biden Establishes a Ministry of Truth, WALL STREET JOURNAL (May 1, 2022). The Board was “met with an overwhelmingly negative response” and “[e]ven Democratic lawmakers were skeptical” of the initiative. Nicole Sganga, What is DHS’ Disinformation Governance Board and why is everyone so mad about it?, CBS NEWS (May 6, 2022). After significant public backlash, the Board was paused on May 18, 2022, with Jankowicz announcing her resignation. Rebecca Beitsch, DHS to pause work of disinformation board, THE HILL (May 18, 2022). The Board was formally terminated on August 24, 2022. Press Release, Dep’t of Homeland Sec., Following HSAC Recommendation, DHS terminates Disinformation Governance Board (Aug. 24, 2022), https://www.dhs.gov/news/2022/08/24/following-hsac-recommendation-dhs-terminates-disinformation-governance-board.
104 E-mail from Brian Scully to LinkedIn employees (May 2, 2022, 12:09 PM) (on file with the Comm.).

 106 CISA CYBERSECURITY ADVISORY COMM., JUNE 22, 2022MEETING SUMMARY CLOSED SESSION, at 5 (on file with the Comm.).
107 Id. at 6.

108 U.S. CONST. amend. I.
109 Ashcroft v. ACLU, 535 U.S. 564, 573 (2002). See also Hamburger, supra note 24.
110 Mem. Ruling re 128 Mot. to Dismiss at 70, Missouri v. Biden, No. 3:22-cv-01213 (W.D. La. 2022), ECF No. 224.
111 Id. at 63
112 Id. at 68.
113 E-mail from Kate Starbird to James Nash (May 10, 2022, 9:38 PM) (on file with the Comm.).

 114 Aaron Wilson, 2020 CIS Election Infrastructure Misinformation Reporting Summary, at 3 (presentation materials) (on file with the Comm.).
115 Id.
116 Id.
117 ELECTION INTEGRITY P’SHIP, supra note 38, at 12.
118 Scully Dep. 21:19–25, supra note 5.
119 CISA CYBERSECURITY ADVISORY COMM., PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION SUBCOMMITTEE MEETING JULY 26, 2022, at 1 (on file with the Comm.).

114 Aaron Wilson, 2020 CIS Election Infrastructure Misinformation Reporting Summary, at 3 (presentation materials) (on file with the Comm.).
115 Id.
116 Id.
117 ELECTION INTEGRITY P’SHIP, supra note 38, at 12.
118 Scully Dep. 21:19–25, supra note 5.
119 CISA CYBERSECURITY ADVISORY COMM., PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION SUBCOMMITTEE MEETING JULY 26, 2022, at 1 (on file with the Comm.).

 120 CENTER FOR INTERNET SEC., TERMS OF USE ELECTION INFRASTRUCTURE MISINFORMATION PORTAL, at 1–2 (2020) (on file with the Comm.).
121 E-mail from Loudoun County government official to misinformation@cisecurity.org (Aug. 4, 2022, 4:57 PM) (on file with the Comm.).
122 Id.

 123 E-mail from misinformation@cisecurity.org to Twitter employees (Aug. 18, 2022, 8:15 AM) (on file with the Comm.).
124 E-mail from Pennsylvania state government official to misinformation@cisecurity.org (Oct. 27, 2022, 4:55 PM) (on file with the Comm.).
125 Ted Cruz (@tedcruz), TWITTER (Oct. 27, 2022, 12:34 PM), https://twitter.com/tedcruz/status/1585671399133282304.
25
The EI-ISAC dutifully forwarded the report to Facebook.126
126 E-mail from misinformation@cisecurity.org to Meta employees (Oct. 27, 2022, 5:06 PM) (on file with the Comm.).

127 CISA CYBERSECURITY ADVISORY COMM., PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION SUBCOMMITTEE MEETING MARCH 15, 2022, at 2 (on file with the Comm.).
128 Id.
129 Id.
130 Id.
131 Id.

 132 Id.
133 E-mail from Suzanne Spaulding (Google Docs) to Kate Starbird (May 16, 2022, 6:27 PM) (on file with the Comm.).
134 Id.

 135 Beitsch, supra note 103.
136 Dep’t of Homeland Sec., supra note 103.
137 Sganga, supra note 103.
138 Missouri v. Biden, No. 3:22-cv-01213 (W.D. La. 2022), ECF No. 1 (Complaint).
139 See Letter from Rep. Jim Jordan, Chairman, H. Comm. on the Judiciary, to Robert Flaherty (Jun. 23, 2023).
140 CISA CYBERSECURITY ADVISORY COMM., PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION SUBCOMMITTEE MEETING APRIL 12, 2022, at 2 (on file with the Comm.).
141 Id.
142 Id.

143 CISA CYBERSECURITY ADVISORY COMM., PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION SUBCOMMITTEE MEETING JULY 26, 2022, at 1 (on file with the Comm.).
144 Id.
145 CISA CYBERSECURITY ADVISORY COMM., PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION SUBCOMMITTEE MEETING MAY 10, 2022, at 1 (on file with the Comm.).
146 Id.

 147 E-mail from Kate Starbird to Vijaya Gadde, Suzanne Spaulding, and Alicia Tate-Nadeau (May 19, 2022, 9:26 AM) (on file with the Comm.).
148 Naomi Nix and Joseph Menn, These academics studied falsehoods spread by Trump. Now the GOP wants answers, WASHINGTON POST (Jun. 6, 2023).

149 E-mail from Suzanne Spaulding to Kate Starbird (May 20, 2022, 7:27 AM) (on file with the Comm.).
150 E-mail from Kate Starbird to Suzanne Spaulding (May 20, 2022, 7:37 AM) (on file with the Comm.).
151 CISA CYBERSECURITY ADVISORY COMM., PROTECTING CRITICAL INFRASTRUCTURE FROM MISINFORMATION & DISINFORMATION SUBCOMMITTEE MEETING MAY 24, 2022, at 1 (on file with the Comm.).

 152 Id.
153 E-mail from Megan Tsuyi to Kate Starbird and James Nash (May 26, 2022, 3:49 AM) (on file with the Comm.).

 154 Mis, Dis, Malinformation, Cybersecurity and Infrastructure Sec. Agency, https://cisa.gov/mdm [https://web.archive.org/web/20230215235115/https://www.cisa.gov/mdm].
155 Id. (emphasis added).

 156 Foreign Influence Operations and Disinformation, CYBERSECURITY AND INFRASTRUCTURE SEC. AGENCY, https://www.cisa.gov/topics/election-security/foreign-influence-operations-and-disinformation (last visited Jun. 23, 2023).
157 Mike Benz, DHS Quietly Purges CISA “Mis, Dis and Malinformation” Website To Remove Domestic Censorship References, FOUNDATION FOR FREEDOM ONLINE (Mar. 16, 2023), https://foundationforfreedomonline.com/wp-content/uploads/2023/03/FFO-FLASH-REPORT.pdf.
158 Lee Fang, Biden Justice Dept. Intervened to Block Release of Social Media Censorship Docs, SUBSTACK (Jun. 6, 2023), https://www.leefang.com/p/biden-justice-dept-intervened-to.
159 Id.

160 Id.
161 Barack Obama (@BarackObama), TWITTER (Apr. 6, 2023, 10:20 PM), https://twitter.com/BarackObama/status/1644163255189774337.
162 CISA and Cyber Threats: How Government and Private Sector Secure Our Networks and Infrastructure, supra note 28.
163 Am. Hosp. Ass’n v. Azar, 410 F. Supp. 3d 142, 151 (D.D.C. 2019) (“[A]gency actions beyond delegated authority are ultra vires and should be invalidated.”).
164 E-mail from Suzanne Spaulding to Kate Starbird (May 20, 2022, 7:27 AM) (on file with the Comm.).

No comments:

Post a Comment