Earlier this year , it was reported that Elliott Broidy, previously known for his conviction in a state bribery case and his role as a top Donald Trump fundraiser, proffered meetings with the president to foreign regimes who were also potential clients of his defense firm Circinus. Little is known about Circinus, but purported company documents obtained by The Intercept contain plans to peddle social media surveillance software to repressive regimes. The Circinus website paints the contractor as a red-blooded defender of U.S. national security: “Are you a patriot determined to keep our country — both government and private industry — safe?” its careers page reads. Circinus’s executive roster boasts experience in U.S. special forces, Homeland Security, and military intelligence. But the documents, a series of pitch decks, indicate that the company was prepared to sell what’s described as a suite of sophisticated internet-mining tools to the governments of Cyprus, Romania, Tunisia, and the United Arab Emirates, touting the ability to detect and identify online “detractors.” The recent histories of Tunisia and the UAE are rife with human rights abuses, including crackdowns against political dissent.

It is not clear if the pitches were actually presented to any or all of the countries in question, but the New York Times in March identified Romania, Tunisia, and the UAE as prospective Circinus clients. The newspaper described meetings between Broidy and officials from Romania and Tunisia, as well as reporting that Broidy wrote to others about efforts to win business from the UAE.

The Tunisian pitch claimed that Circinus’s software could detect online “detractors” of the state.

The presentations obtained by The Intercept, dated 2016 and 2017, focus on the collection of so-called open source intelligence, referred to as “OSINT” throughout. This is a flashy way of describing information that can be freely accessed online, such as tweets, blog posts, and any other content not locked behind a password. Although typically not as sensitive as the content people keep stored privately, internet users frequently leave trails of “open source” breadcrumbs across the web that can be used for compromising purposes. Harvesting social media sites like Facebook and LinkedIn en masse is generally frowned upon as invasive by users and web companies alike, especially given how difficult it is for most people to properly configure the privacy settings on a service like Facebook. But this is no issue, according to the documents: “If it is on the World Wide Web,” reads a pitch to the government of Cyprus, “it can be ingested by the Circinus Open Source Analytics Center’s analytical platform.” According to the materials, Circinus’s ingestion of online information often involved a process known as scraping, in which content is anonymously downloaded and information of interest is filtered from it. The documents further claimed Circinus could “scrape the entire web, including blogs, newsfeeds, video, comments on news sites and a range of other sources in all languages and from all countries.” But, unlike the myriad marketing firms that advertise their ability to scrape Twitter and sell you some sort of “insight,” Circinus is a defense contractor and in the documents is positioned as a potential partner to intelligence agencies and policymakers, both foreign and domestic.

In a lawsuit filed this past March, Broidy alleged that he is the victim of a politically motivated hacking campaign executed by the government of Qatar and that files stolen from him by the hackers were subsequently distributed to members of the press. The suit alleges the hackers have “doctored or wholly forged” some of these documents, though it cites zero examples, nor have any faked or altered materials been reported by the press. Circinus would not comment on the authenticity of the documents without being provided with full copies, but did characterize the pitches as having been “stolen.” The Intercept was unable to verify the authenticity of the documents, but the services described are exactly the sort of offerings Circinus markets publicly. A company spokesperson also answered questions about the substance of the documents without dispute, confirming that “three of the countries listed received capabilities briefs based on interest,” but that “the other one was built for consideration to determine if there was a compelling case but never gained interest.” The spokesperson also said that the aforementioned countries “had key events in their recent past that clearly could benefit from the analysis of Publicly Available Information,” and that such analysis “could be tailored to the customer’s interest.” The embassies of Cyprus, Tunisia, Romania, and the UAE did not return requests for comment. The buzzword-laden presentations are at once ominous and vague: The Cypriot pitch claims Circinus could help that government’s “influence” and “targeting” abilities, while a social media geolocation feature could help at a “tactical level” by letting “agents in the field [identify] Social Media traffic in real-time, on the street where they are operating.” The Tunisian pitch went further, claiming that Circinus’s software could detect online “detractors” of the state, as well as “identify not just the nature of the Information but also significant information about the individual from whom the relevant Open Source Information originated.” Elsewhere, that same document expands on this “identity resolution” feature, what it defines as “the ability to resolve multiple online identities or personas to assist the government in conducting background investigations and for vetting applicants seeking legal immigration status”: A government will be able to use meta-data and a complex “fuzzy matching” process to match online personas, both real and alias, to provide a quantifiable level of confidence that two “data-supported” identities are the same. By accumulating identity context over time, a government will be able to use various sources of information to determine whether individuals really are who they say they are. Once identified, Circinus’ software can determine the links between individuals and organizations. Linking individuals, organizations and addresses enables the discovery and analysis of both loosely and tightly-coupled networks, providing a more complete intelligence view that multiplies the effectiveness of conventional Open Source Information collection and analysis. These capabilities were ostensibly offered in service of what remains an oppressive state. Tunisian civil liberties have changed radically since the overthrow of dictator Zine El-Abidine Ben Ali in 2011, but as recently as last year, a Tunisian blogger was imprisoned for making “defamatory” statements against the government on Facebook. The human rights watchdog Freedom House rates the country’s internet policies as only “partly free,” owing to concerns over anti-dissent crackdowns. “Torture and other ill-treatment of detainees continued in an environment of impunity,” Amnesty International wrote of the country, heading into 2018. “Prosecutions of peaceful protesters increased in several regions.” The contents of the presentation made for the government of the UAE are unknown; The Intercept was provided with only a cover page. But the formatting and file name of this document suggests it contained similar services related to the processing of online information. Dissent of any kind, whether online or off, is even more brutally punished in the UAE than in Tunisia: In March 2017, the same date as the UAE pitch document, Emirati academic Nasser bin Ghaith was sentenced to a 10-year prison term for comments he made on Twitter. Earlier this month, the award-winning Emirati human rights advocate Ahmed Mansoor was sentenced to his own 10-year term for “insulting the UAE and its leaders” online, reported The National, a newspaper based in Abu Dhabi.

“Whether Circinus is selling advanced analytics or snake oil, it still raises a number of serious concerns.”