I resigned from The Intercept today in order to pursue a new kind of journalism here on Substack, one more hard-hitting than what’s possible in the corporate world. The Intercept has been taken over by suits who have abandoned its founding mission of fearless and adversarial journalism, and I can’t continue in an environment where fear of funders is more important than journalism itself. On a brighter note, though, I’m leaving DC to move back to Wisconsin, excited to embrace independence both in my journalism and from the Washington bubble.

The reason so much of the news media sucks is they aren’t writing for you. They’re writing for their sources in Washington, for the industries they cover, for rich people, and for fancy awards committees. Just take a look at the ads they run: for investment banks, defense contractors, oil companies. Unless you’re in the market for any of these products, they aren’t writing for you.

I want to write for you. 

I want to be an unabashed partisan for the vast majority of Americans who despise the people who run the country, putting my finger in the eye of the elites frog marching us through their managed decline of the American standard of living. 

The most effective way I can do this is through journalism that arms you with a better understanding of subjects elites don’t like the rabble meddling with, chief among them the national security state. But I also want to be able to write without fear of billionaires, wealth or Wall Street. And when I say journalism, I’m not talking about “democracy dying in darkness” or “holding power to account” or any of that sanctimonious bullshit. I’m talking about being a thorn in the side of our self-appointed betters. 

At its most basic level, I want to help you understand what’s actually going on in the world. But not how the mainstream media does it, with their sanctioned leakers and their endless handjobs of retired generals and the other celebrity architects of our decline. Whenever something important happens, take for example Iran’s drone and missile attack on Israel, you can find dozens of articles on it, but they’re all variations on the same story the White House disseminates. I’m not interested in Washington’s spin or the view from someone’s desk. (Who do you think is more familiar with the conditions of Amazon warehouses: Jeff Bezos or a rank-and-file employee?)

My best stories will be your story: how they want your acquiescence for the war party, how they want your money to pay for their follies, how they want to limit the information you receive, how they want to bee up your ass controlling every aspect of your life. 

I want to take it to the billionaires, expose the fraud and avarice of the national security state and the corporation, and explore a concept I have of a Journalism 2.0. I am not going to bother clearing my reporting with so-called “experts” at think tanks bankrolled by head-chopper authoritarian regimes like Saudi Arabia, by military contractors, or by billionaires. And I’m certainly not going to hide behind weasel words like experts say, journalism’s device for pretending like they’re being objective. No weird, disembodied voice of God narrating everything in the omniscient third person, either. For the first time in my career, I’ll be free to report without the straitjacket that is the dated norms of journalism 1.0. And I’ll be accurate, but I’m not going to pretend to be fair. If you want balance — the charade where journalism pretends to be interested in Both Sides and delivers the reasonable — turn on NPR. 

Here’s why you should read me here: I’m going after the rich, who hide their insatiable greed behind well-publicized, tax-deductible philanthropy. I’m going after the bureaucrats, who blather about public service and sacred oaths and then run for the corporate revolving door to cash in while manipulating the federal agencies they once ran. I’m going after the retired generals on TV and on the lecture circuit holding forth on every war despite their failure to ever win one. I’m going after anyone described as a “luminary,” the squeaky clean, feel-good types who spout platitudes while harboring deep, dark secrets. I’m going after the journalistic priesthood, like Judith Miller’s editor for her bogus Iraq WMD stories, whose punishment was being made editor-in-chief of ProPublica (salary: $480,000) and chair of the Pulitzer Prize Board. And any public figure confused about what young people are so mad about or how people could be dissatisfied with an economy where most Americans can’t afford to own a home.

My decision to go independent was a long time coming, but the final, precipitating event was the corporatization of The Intercept over the past few months.

In my time at The Intercept, I’ve watched the newsroom increasingly become dominated by management and bureaucrats whose numbers continue to swell as the number of people who actually produce news dwindles. While the Intercept now has one poor copy editor for the entire website, it employs two staff attorneys, as well as a legal fellow, a chief strategy officer, a chief digital officer, a business coordinator, a senior director of development and an associate director of development, a product manager, a senior director of operations, a chief of staff, and a chief operating officer. And for the first time in The Intercept’s history, as of Monday, the new editor-in-chief now answers to the CEO.

The company’s org chart, pictured below, provides a sense of how top-heavy it has become with business hires (basically the entire left half).

This orgy of management largesse has coincided with layoffs of the editor-in-chief, managing editor, national security editor, copy editor, photo editor, multiple senior editors, social media editor, as well as writers and reporters. There are passionate editors and writers left who still want to do news, like Ryan Grim and Ali Gharib, but they are toiling under the impossible odds of the new management regime.

After the initial layoffs in February realizing there wasn’t the bandwidth or the internal advocacy to get my stories through, I threatened to leave for somewhere interested in doing journalism. They hired an interim editor Bill Arkin, one I insisted on. Bill is a legendary national security analyst and reporter with a career going back to the Cold War, a splinter in the eye of every administration since Reagan. Not one for self-promotion, many don’t realize how many major news stories he’s been behind: first to report on the Bush administration’s top secret plan to invade Iraq, first person to reveal where all the nuclear weapons were, first to write about the above-top secret continuity of government system, first to report on the ground about civilian casualties and cluster bombs, first to reveal countless other secret programs and instances of government spying. Bill has worked at NBC News, The New York Times, The Washington Post, the LA Times, but as his frequent job moves attest, he’s not a corporate guy.

Bill laid out his philosophy: stop paying attention to the meltdown of The Intercept and report on American-centric national security topics. Help your readers understand a hidden world. Focus on the mal-practitioners, he insisted. And take no prisoners. 

We hit the ground running. My stories under Bill were a wild success for The Intercept, with one of the first — about the FBI’s attempts to root out so-called “extremist” gamers online — quickly becoming the site’s second most viewed article this year. 

But then we did a story on the billionaire founder of Amazon, Jeff Bezos.

It was a straightforward article detailing Bezos’s $50 million charity grant to the retired Admiral William McRaven (whose wife sits on the board of a charity linked to Bezos), calling the contribution a “racket.” The story seemed like vintage Intercept fare. One of our founders, Jeremy Scahill, made an excellent Academy Award nominated documentary about McRaven. My story was essentially a factual overview of McRaven’s own considerable wealth, and it noted the irony that the $100 million grant Bezos gave to McRaven and celebrity Eva Longoria was the exact same amount of money that the Bezos-owned Washington Post lost this past year. The story practically wrote itself.

Enter the Intercept’s general counsel David Bralow, who said he had problems with the article. He didn’t have legal concerns. Bralow instead thought it inopportune, saying that attacking Bezos might not sit well with the Intercept’s own billionaire donor, Pierre Omidyar, especially at a time when he was keeping the organization afloat.

“I confess on a first read that it gives me pause, particularly because the article waits until the back half to say that McRaven actually donated this money to other charities,” Bralow emailed Bill. “And how is that a racket?”

Bralow called the story “naive,” questioning our questioning of Bezos’ commitment to journalism. “A business, just like ours, has the obligation to remain sustainable,” he continued. “That it [the Washington Post] has net operating loss and its owner wants to make charitable contributions seems very different. Even more to the point, that Bezos does not want to subsidize the media anymore seems like we are ignoring our own story.” 

Bill updated the draft — which already said in the subheadline that it was a charity grant — to further stress that Bezos’ $100 million gift was for charity. Bill then sent it back to Bralow.

What happened next, Bralow did not commit to writing, instead calling Bill. 

During the call, Bill told me immediately after, Bralow said that Annie Chabel, the CEO, had concerns about how the story might come off to the Intercept’s donors. Bill said that that might be unfortunate but wouldn’t influence his decision to publish, and that if Bralow had any legal concerns — as opposed to editorial — he would be happy to address them.

After a heated back and forth, Bralow declared: “I’m killing the story.”

Bill replied that he would resign, prompting Bralow to back off (I had said I would leave if Bill didn’t edit me, the reason Bralow retreated.)

“I don’t see the point of the story,” Bralow then complained before Bill told him to fuck off (literally, lol). We published. 

The Washington Post journalists who privately thanked us for doing the story seemed to understand the point just fine — as did the people who read it, making it one of the top performing articles that month.

Subsequent stories that Bill edited were repeatedly held up. Chabel and Bralow also saw to it that Bill was not provided access to the company Slack or invited to staff meetings or even be publicly acknowledged, siloing him off. Bill toiled on, editing me and my colleague Dan Boguslaw. Under his tutelage, we went on to produce most of the top performing stories on the site.

Bralow, who resembles a Catholic priest caricatured in one of Martin Luther’s tracts, living well off the generosity of his modest parishioners, is the personification of what The Intercept has become. With his bloated salary (over $300,000, per the most recent nonprofit filing), bureaucrats like him who prevent journalism is what your money is paying for if you contribute to The Intercept these days.

It wasn’t just my stories getting held up. Dan obtained a leaked copy of the membership list for the secretive Bohemian Grove, a private gentlemen’s club that counts business tycoons and former top officials like the late Henry Kissinger among its members. Bill worked with Dan to recreate the membership list as a new document to obscure the source, but the Intercept would have none of it.

Enter Nikita Mazurov, the company’s PhD in “Cultural Studies” who for some reason serves as the manager of digital security. Though Dan had obtained the document over a year ago from a source who was confident it was safe to use, Mazurov acted as if it was the CIA’s family jewels, going on and on about how the protection of the source demanded more work before we could publish.

In a subsequent call that included Bralow, Mazurov peppered Dan and Bill with bizarre questions, like: ‘What if there exists another list, compiled the day before, and then another, compiled the day after, and those list are each different, and the Bohemian Grove went through all three lists to pinpoint the exact date of your list and then went through a list of all people who had access?’ And ‘what if there was CCTV footage in the office where the list was stored, footage that would reveal the person who accessed it and leaked it?’

“This isn’t the CIA!” Bill yelled, calling Mazurov a fucking idiot. 

“That’s an HR violation!” Mazurov shrieked.

With Dan’s agreement, Bill abandoned the story. (Dan said he was so happy to see an editor stand up to the officious bureaucrats that the pleasure was greater than the story’s publication ever would have been.) 

Such an incident happened once again when a source provided me with diplomatic cables revealing the Biden administration’s private attempts to pressure other countries to vote against a Palestinian statehood resolution at the UN. Having received the documents just days before the UN vote, I urgently needed to get the story out in time for it to inform public debate. But again, The Intercept had “legal concerns.” I pushed back, stressing the story’s time sensitive nature, that the documents were unclassified and the source confident they were safe to publish. 

But Mazurov didn’t see it that way. He emailed Bill a list of over 20 separate “source protection concerns” he believed needed to be answered before publication. This kind of security theater had emerged in the wake of the criminal prosecution of two Intercept sources; but they had leaked classified information, and this was unclassified. With the UN vote drawing near, it seemed to me that The Intercept’s solution to its past source protection fiascos was not to publish journalism.

Bill wrote to Bralow that Mazurov’s list was surely some kind of “joke,” and he forced publication the day before the vote. 

Predictably, the story touched off a firestorm of outrage over the Biden administration’s public support for a two-state solution while secretly backchanneling to kill it.

There were other examples, and I got a window into how the corporation — now in the guise of a billionaire anchored non-profit — tended to itself and its own survival, rather than to journalism. 

On Friday, Bill was informed that he was being let go.

I decided there and then that I had to leave. At a time when Israel’s war in Gaza had spread to the rest of the region, drawing in the Iranian superpower, my sources in the U.S. government were leaking more than ever to alert the public to looming catastrophe. I could not in good conscience remain at an outlet that can’t publish these disclosures, nor continue to live off of donor money that is not going toward its stated purpose, journalism, let alone “fearless” journalism that the Intercept was founded around.

The extent of the dysfunction at The Intercept is not publicly known in part because, for all management’s problems, they are very good at one thing: structuring hush money payments. Multiple outgoing Intercept staffers have been offered severance packages in exchange for signing non-disclosure agreements. Following Bill’s firing, I was also offered a “retention” agreement. I did not dignify the offer with a response. I don’t begrudge my colleagues taking the money — people need to pay rent — but I can no longer stay.

My decision to resign from The Intercept is something of a leap of faith. Unlike many reporters I’ve run into, I don’t get financial help from mommy and daddy, so my runway is limited. But what I do have is an abiding faith in the generosity of ordinary people.

If you’ve received this letter as an email from me today, that means you’ve already subscribed to — and are currently on — my email list. My goal is to make everything I write available to all subscribers without a paywall. But I can only do that if I build a list of some 5,000 paid subscribers (At the time of this writing, I’m at 450, so we’re almost 10% of the way there.) That will generate enough income to pay me; to pay Bill, who will be the site’s editor; to hire my attorney and friend Beth Bourdon to help with FOIA requests; and to find administrative and research assistants, as well as some young journalists and freelancers to work alongside. If you want to support me and my work, please upgrade to a paid subscription or make a donation.

I’ve also created a GoFundMe account if you prefer to contribute there.

Join the fight and let’s take on the national security state and the monied elite. 

— Edited by William M. Arkin

Share

© Klip News, LLC

After firing its entire Supercharger team, Tesla has sent out an email to suppliers which shows just how chaotic the decisionmaking leading up to the firings must have been.

It’s almost laughable that these two stories happened so close to one another. The Australian government has just announced a pilot program to test an online age verification system:

And then, just hours later, it was reported that law enforcement is investigating an apparent breach of club and bar patrons’ personal data, which the venues are required to collect by law for people entering such establishments.

When we talk about the privacy and data risks of age verification, this is exactly the kind of thing we’re talking about. When you’re collecting that much sensitive private data, you become a target.

As the article linked above notes:

It is a legal requirement in NSW for licensed clubs to collect personal information from patrons on entry, under the state’s registered clubs legislation.

The information is required to be stored securely under federal privacy laws.

Sounds kinda like the age verification requirements for websites. You have to collect the info and then pinky promise to keep it secure. And it works until this happens:

An unauthorised website claims personal information of more than 1 million customer records from at least 16 licensed NSW clubs have been released online in a potential data breach.

Cybercrime detectives are investigating the reported breach with the website claiming to have records and personal information of senior government figures, including Premier Chris Minns, Deputy Premier Prue Car and Police Minister Yasmin Catley.

IT provider Outabox said in a statement it had become aware of the potential data breach of a sign-in system used by its clients by an “unauthorised” third party.

Hilariously, government officials are trying to play this down because it was just a breach rather than a hack. As if that makes a difference?

Gaming Minister David Harris said the government and police first became aware of the potential breach on Tuesday.

“We know that this is an alleged data breach of a third-party vendor, so it wasn’t a hack,” he said.

But this is exactly the concern regarding online age verification. Someone has to collect that information and then whoever is collecting the sensitive info becomes an immediate target, no matter how the data is accessed.

Incredibly, you might recall that just a few months ago we were giving the Australian government kudos for recognizing that age verification was a privacy and security nightmare. So, they knew that just last summer.

And yet, here we are with the latest announcement:

Despite those concerns from late last year, the government is now pushing ahead with a pilot to try and test some of those ideas.

Look, maybe head down to the nearest club in NSW to see how it’s working out before moving forward “despite these concerns”?

Meanwhile, if you think this breach isn’t that serious, well, for the million or so folks who visited one of those bars and clubs, things don’t look great:

Creator of the data breach tracking website haveibeenpwned.com, Troy Hunt, said the creators of the website had not released all of the information they had collected.

“Inevitably they do have the entire thing.”

He said the Outabox technology used by clubs scans patrons’ faces and matches them with their licence details.

Mr Hunt said people whose data has appeared on the site may need to replace their drivers licences.

“There are physical addresses, there are date of birth, there are names. That’s not good,” he said.

That’s not good at all.

So maybe let’s not repeat the mistake online?

Microsoft is making security its number one priority for every employee, following years of security issues and mounting criticisms. After a scathing report from the US Cyber Safety Review Board recently concluded that “Microsoft’s security culture was inadequate and requires an overhaul,” it’s doing just that by outlining a set of security principles and goals that are tied to compensation packages for Microsoft’s senior leadership team.

Last November, Microsoft announced a Secure Future Initiative (SFI) in response to mounting pressure on the company to respond to attacks that allowed Chinese hackers to breach US government email accounts. Just days after announcing this initiative, Russian hackers managed to breach Microsoft’s...

Continue reading…

Pokémon Go players are creating a headache for members of the open source map tool OpenStreetMaps by adding fake beaches where they don’t exist in hopes of more easily catching Wigletts, a Pokémon that only spawns on beaches. 

OpenStreetMaps is a free, open source map tool much like Google or Apple maps, but is maintained by a self-governing community of volunteers where anyone is welcome to contribute. An April 27 thread in the OpenStreetMap community forum first spotted the issue, flagging two users in Italy who began marking beaches in all sorts of locations where they don’t actually exist. 

The OpenStreetMap user who noticed the fictitious beaches immediately connected the dots: Pokémon Go, the mega popular mobile game where players catch Pokémon and can engage in different activities depending on their geolocation, introduced different “biomes” like beach, city, forest, and mountains. Each of these have a different look, and critically, some specific Pokémon will only spawn at specific biomes. Wiglett, for example, only spawns at beaches. Some video game sites quickly noticed that Pokémon Go’s beaches were appearing in real world locations like golf courses, sports fields, and other places that are not real beaches. Pokémon Go uses OpenStreetMap for its map data, and is how the game knows players are near certain points of interest.

The OpenStreetMap user created a filter of OpenStreetMap that surfaced instances where “new mappers” added beaches to the map, revealing a number of clearly fake submissions. 

For example, in Egmating, a community in the Upper Bavarian district of Ebersberg in Germany, one user flagged a residential backyard as a beach, before another OpenStreetMap reverted the change. 

“Please stop adding this kind of nonsense,” the user who reverted the change said after making the correction. 

“Oh dear, a new Pokemone :(,” another user commented in German. 

A Pokémon Go subreddit also shows that the player community has figured out which OpenStreetMap tags cause Wiglett to spawn. 

“Wiglett should spawn in areas tagged as "natural=beach" or "natural=coastline" on OpenStreetMap (OSM). To quickly highlight any locations tagged with this we can use Overpass Turbo to query OSM and display any locations tagged this way,” one user wrote. “Keep in mind Wiglett is not a common spawn from what I gather, so I suspect some luck will be involved in their been an active spawn when you visit an area that can spawn them … As /u/MatDragonx has mentioned in the comments it appears "natural=coastline" can also spawn Wiglett. Wiglett have been noted spawning here in Hull, UK which is tagged as natural=coastline.”

It’s not clear how often Pokémon Go updates the game with data from OpenStreetMaps, but in theory the people who are manipulating the data would have easier access to the beach biome the next time it does. Pokémon Go developer Niantic did not immediately respond to a request for comment.

The OpenStreetMap thread goes on to identify one repeat offender who added dozens of fake beaches. Some are near bodies of water, like lakes, rivers, or docks, and others are landlocked schools, parking lots, and random strips of land. If there was any doubt that some of these changes are being made by Pokémon Go players, the same repeat offender also marked the map with his handle, as well as a poké ball. 

“Hello again, Thanks for your interest in OpenStreetMap,” an OpenStreetMap user who corrected dozens of these changes said in a comment on one of the fake beaches.  “OpenStreetMap is a real map used by thousands of people everyday for many purposes, including disaster response, navigation, business, and many other things. Please only add real information to the map that you know to be accurate.”

“I spent some time fixing up beaches last night,” another OpenStreetMap map user said in the thread. “There’s definitely way more new editors adding fake features than I have seen in any other Pokemon go update (I wasn’t around for the earlier ones shortly after release).”

Pokémon Go players have been finding ways to cheat in the game and find rare Pokémon without always putting in the legwork since the game’s memorable launch in 2016, mostly by spoofing their geolocation. In 2017, Pokémon Go started using OpenStreetMap for its map data, and quickly started manipulating data for its needs. The OpenStreetMap community is aware of the game’s influence and Reddit posts as old as seven years show contributors to the OpenStreetMap project asking Pokémon Go players adding false data. 

“[S]ome of you added parks in the backyard of your Grandmas home, every tree was a garden and every puddle a pond,” the old Reddit post says. “Please only map ‘Map what's on the ground.’"

The project’s wiki also has a page named “Tips for new (Pokemon Go) mappers” which asks players to “please [...] do map things that exist on the ground. The map is used by pedestrians, people with disabilities, cyclists, hikers, canoeists, drivers and others. Do not add things -such as footways- that do not exist.” 

This is all a pretty funny throwback to a time when Pokémon Go was wildly popular and cheating in it was a pretty big deal, but also another example of the very hard work the open source community does to maintain widely used tools online. Jason recently reported on a very elaborate supply chain attack that involved a bad actor elevating themselves to a position in maintaining an open source Linux tool so they could plant a backdoor in the code, which itself is an example of how bullying open source software developers is a massive security vulnerability.