Mission creep is a serious problem in the federal government, and the ongoing investigations by House Republicans into "weaponization" of government misdeeds have shown how pervasive and deep the problem can be.
The FBI, Justice Department, CIA and even the Internal Revenue Service all look as we have seen, like tempting operatives for use against political opponents or to run interference for allies. But what about an agency that is supposed to protect us against cyber threats? A new interim report from the House Judiciary Committee highlights politically motivated mission creep where we might least have expected it: The Cybersecurity and Infrastructure Security Agency (CISA).
CISA, an agency of the Department of Homeland Security, was created in 2018 with a simple, non-political mission statement: "To prepare for, respond to, and mitigate the impact of cyberattacks." As reported here previously, CISA works to prevent state-sanctioned hackers from attacking and compromising America's digital infrastructure. The agency exists to warn companies and government entities of pending computer vulnerabilities. It also works to stop ransomware attacks on American companies and their computer networks, and to minimize damage from cyber exploits by foreign and domestic sources. In short, CISA's mission brief was to watch out for attacks on our digital "boxes and wires."
Instead, as the House Judiciary Committee report documents, CISA "has facilitated the censorship of Americans directly and through third-party intermediaries." The agency, under the administration of President Joe Biden and under the leadership of Jen Easterly, ramped up efforts to flag "misinformation and disinformation" on social media. According to documents the committee obtained only through subpoena, CISA considered the creation of an anti-misinformation "rapid response team" capable of physically deploying across the United States to stamp out what it would decide constituted such "misinformation." The agency went, for example, from ensuring the digital security of American voting systems to censoring criticism of those systems.
The internal communications of agency staff and members of its outside advisory group show they knew they were on thin legal ground. Members of CISA's advisory committee agonized that it was "only a matter of time before someone realizes we exist and starts asking about our work, " the report said.
After the Biden administration was sued in federal court, CISA outsourced its censorship operation to a non-profit group funded by CISA itself. The Judiciary Committee report charges that the outsourcing was an implicit admission that CISA knew that its censorship activities were unconstitutional. CISA, meanwhile, said that it outsourced material to another agency to "avoid the appearance of government propaganda."
Today, a look at the agency's website and Twitter accounts shows only its statutory activity – issuing warnings about ransomware attacks and "zero-day" exploits, warning about hardware vulnerabilities, and some educational advice for ordinary Americans on staying safe during their online activities. This is important work, as the US is under constant cyberattack from state-sanctioned, or state-tolerated, hackers operating from Russia, China, North Korea and Iran. These hackers extort millions of dollars from companies and institutions through overt attacks that can cripple their networks and computers. Cyber criminals go in hard, looking for cash, while cyber espionage attacks attempt to go in quietly, harvesting secrets without detection. Stopping them at the firewall is a matter of national security.
So, to dilute that mission with a politically motivated dive into censorship is unconscionable and dangerous. The Judiciary Committee is right to pursue this inquiry to prevent CISA from going off the rails again, as their own mission pledges.
There is more to see here, however, and more to root out than just a thwarted attempt by a government bureaucracy to police the political speech of the American people in violation of the First Amendment. It is the use of funded or politically affiliated non-profit groups to do the government's dirty work for it. Note that when pressed by a pending lawsuit over its actions, CISA offloaded its "election misinformation" activity to a non-profit organization called the Center for Internet Security (CIS). It was this group, CIS, that served as a singular conduit for election officials to report what they alone determined were false or misleading claims about elections to the large social media platforms of Facebook and Twitter, according to the report.
This parallels the behavior of the Justice Department under then Attorney General Eric Holder during the Barack Obama administration. The Government Accountability Institute did research into the DoJ's pattern of using "consent decrees" to force private companies with threats of anti-discrimination lawsuits to donate funds to one or more designated non-profit organizations on a list helpfully provided by the Justice Department. These groups were largely "social justice warriors" who would then use the money to exert political pressure. This practice was immediately banned by the Trump administration when it took office in 2017, but that ban was quietly reversed by Biden four years later.
CIS enjoyed government funds for its work, much of which is focused on anti-cyberattack activity, as it should be. But its actions in enforcing censorship of "election misinformation" were revealed in the now-famous dump of internal chatter known as "the Twitter files."
Not only that, but the woman who in October 2020 made the fateful decision for Twitter to censor the New York Post's 2020 scoop about Hunter Biden's laptop, Vijaya Gadde, became a member of CISA's "Protecting Critical Infrastructure from Misinformation and Disinformation" subcommittee after the Biden administration took office. Gadde, you may recall, was unceremoniously fired by Elon Musk on his first day of owning Twitter.
Gadde was a member of this subcommittee, known as the "MDM Subcommittee," which also counted Dr. Kate Starbird of the University of Washington, and Suzanne Spaulding, a former legal adviser for the CIA. According to a report in The Intercept, this committee in 2022 recommended that CISA closely monitor "social media platforms of all sizes, mainstream media, cable news, hyper partisan media, talk radio and other online resources."
The MDM committee's report urged the agency to take steps to halt the "spread of false and misleading information" and recommended that CISA stay up to date with the ongoing research on "debunking vs. pre-bunking" information that the committee tars as either unknowingly false (misinformation), deliberately planted by hostile foreign actors (disinformation), or what it termed "malinformation," defined in its report as "information that may be based on fact, but used out of context to mislead, harm, or manipulate."
What the Judiciary Committee's work so far has highlighted is the creation of "feedback loops": that an agency of the government can create and use advisory boards to go well beyond its statutory mission, giving it cover for exercising power Congress never meant it to have.
How many more federal agencies are doing similar things?