



Documents from a “crisis management” report produced by the cybersecurity firm ZeroFox indicate that the firm monitored Black Lives Matter protesters during the Freddie Gray protests in Baltimore earlier this year. The documents, which surfaced online last Wednesday, also state that the firm “protected” the online accounts of Maryland and Baltimore officials and members of the Baltimore Police Department and Maryland National Guard.

The report identifies DeRay McKesson and Johnetta Elzie, two prominent Black Lives Matter organizers who took part in the Baltimore protests, as “threat actors” for whom “immediate response is recommended.” It describes McKesson and Elzie as “high” severity, “physical,” and “#mostwanted” threats and notes both have a “massive following” on social media. It says that ZeroFox was engaged in “continuous monitoring” of their social media accounts and specifies their geographical locations at the time of the report. The report does not suggest that the pair were suspected of criminal activity but were “main coordinators of the protests.”

McKesson and Elzie both tell Mother Jones they were “not surprised” that they were being watched. “It confirms that us telling the truth about police violence is seen as a threat,” McKesson says. Both activists say they do not know why they were identified as physical threats. McKesson and Elzie live in Missouri, where they helped organize the Ferguson protests. They traveled together to Baltimore for a week and a half during the Freddie Gray protests.

A link to the ZeroFox report first circulated on Twitter last Wednesday. ZeroFox did not respond to a request to confirm the authenticity of the documents. (See update below.) The Baltimore Police Department and the mayor’s chief of staff did not respond to request for comment. The Maryland governor’s office says that the state does not have a contract with ZeroFox.

In emails exchanged in April, ZeroFox’s CEO, Baltimore Mayor Stephanie Rawlins-Blake’s chief of staff, and the president of the Maryland chapter of an FBI intelligence partnership program discussed ZeroFox’s potential surveillance “help” for Baltimore. These emails were released to the Baltimore Sun last week following a public records request. The emails also indicate that ZeroFox “briefed our classified partners” at the Fort Meade Army base in Maryland on “intelligence” it had collected during the Gray protests. Other emails from the Baltimore Police Department indicate the department had collected “intelligence regarding potentially violent agitators.”

The report on the Black Lives Matter organizers is dated the day after the Fort Meade briefing. It states that ZeroFox intended to “alert Baltimore PD on all monitoring threat actors and influencers.”

According to the leaked report, ZeroFox monitored 62 “threat actors” and 187 “threat influencers,” including a Twitter user who was “a main local protest organizer” and another who was “sending supplies from New Jersey.” The report also identifies people, organizations, and systems for “asset protection,” including Baltimore Mayor Stephanie Rawlins-Blake, Maryland Governor Larry Hogan, Baltimore Police Department Captain Eric Kowalczyk, and other members of the Baltimore police and Maryland National Guard.

This report has emerged amid growing evidence of federal, state, and local government monitoring of Black Lives Matter protests. Last month, the Intercept published Department of Homeland Security emails showing that the department had closely tracked Black Lives Matter protesters in Washington, DC in April. Since protests started in Ferguson, Missouri, last August, the department has also monitored non-protest events such as cultural events and prayer vigils in DC, Atlanta, Oakland, Chicago, Baltimore, New York City, Philadelphia, and elsewhere.

The emails obtained by the Baltimore Sun also say that ZeroFox performed surveillance for the New York Police Department during protests over the death of Eric Garner. ZeroFox also has a contract to provide equipment to the State Department.

McKesson says that during last year’s protests in Ferguson, he and other prominent organizers became suspicious that they were being monitored by local police officials there as well. On numerous occasions, he says, they interacted with police officers that knew their names and Twitter accounts. “The police officers in St. Louis knew us. They knew many of us by Twitter handle. It was clear they read our Twitter feed. It was clear they watched the live streams [of protests],” he says. But the ZeroFox documents mark the first time he has seen written evidence that his activity was being tracked.

Elzie, too, says she already knew she was being watched. “I never needed a paper confirmation. But I guess it made it real for other people who just didn’t think that it was possible.”

Update: In a statement to the Baltimore Business Journal, ZeroFox’s CEO said the firm assembled the crisis management report for the city pro-bono. “Our intent was to offer help and it was taken,” he said. “We thought we could make a difference.”

And in an email to Mother Jones, a spokesperson for Baltimore Mayor Stephanie Rawlins-Blake said, as the time of the Freddie Gray protests, several of the city’s official systems were targeted by cyberattacks, but that “Due to the existence of confidentiality agreements, I am not permitted to comment any further on specific firms or their involvement in assisting the city.” He also declined to comment on specific security techniques that the city employs, or sites that may or may not have been monitored.

On Tuesday, ZeroFox’s CEO told Technical.ly that McKesson and Elzie’s identification as a “physical” threat meant that they were acting in the real world, and not just in cyberspace. He also confirmed that the report was received by Baltimore city officials.

This piece has been updated.