In the days after the Jan. 6 attack on the Capitol, an obscure arm of the U.S. Postal Service did some serious internet sleuthing.
On Jan. 11, the United States Postal Inspection Service’s Internet Covert Operations Program — better known as iCOP — sent bulletins to law enforcement agencies around the country on how to view social media posts that had been deleted. It also described its scrutiny of posts on the fringe social media network Wimkin.
Few Americans are aware that the same organization that delivers their mail also runs a robust surveillance operation rooted in an agency that dates back to the 18th century. And iCOP’s involvement raises questions about how broad the mandate of the Postal Service’s policing arm has grown from its stated mission of keeping mail deliverers safe.
The documents also point to potential gaps in the Jan. 6 select committee’s investigation by revealing concerns about a company it is not known to be scrutinizing. And those documents point to a new challenge for law enforcement in the post-Jan. 6 era: how to track extremist organizing across a host of low-profile platforms.
Two more previously unpublished government documents reviewed by POLITICO — one of which was reported on by ABC News — reveal more about the increasingly complex work of tracking extremism, and the concerns those efforts generate among civil liberties advocates. Property of the People, a watchdog group focused on national security, obtained the documents through open records requests as part of its investigation of the Jan. 6 attack. The group has also obtained records showing that hundreds of law enforcement officers planned ahead in case Jan. 6 became a mass casualty event, and that an FBI bomb analyst warned her coworkers that #StopTheSteal could turn violent.
Both iCOP bulletins are dated Jan. 11. They circulated through law enforcement circles, including to intelligence-sharing hubs called fusion centers that connect federal agencies with their state and local partners. One of the reports highlights tweets from two users about Jan. 6.
One of the tweets, from Czech Republic-based company Intelligence X, announced the creation of a system for people to share pictures and videos from the Capitol attack. Another tweet, from an account called “@donk_enby,” says it includes a link to every Parler post made during the riot.
Accessing those Parler posts was a focus for law enforcement, since the Jan. 6 attackers had extensive discussions on the platform before the attack about engaging in violence that day. But — as the iCOP bulletin noted — major tech companies stopped providing services to Parler in the wake of the attack because of violent content. As a result, the social network went offline.
The iCOP bulletin implied that the disappearance of all those posts could create a hurdle for law enforcement efforts to prevent future violence — and that the archive created by “@donk_enby” could be a useful resource.
“Although Parler is currently inactive and inaccessible, efforts fronted by ‘@donk_enby’, Intelligence X, and public contributions of data can assist law enforcement in the analysis and identification of parties involved in the US Capitol Protests,” the bulletin says. “The archived information can assist in the possible mitigation of future violent protests.”
Peter Kleissner, the CEO of Intelligence X, said he wasn’t aware the Postal Service had circulated information about his archive.
“Our intention behind the archive is to make sure that these important pictures and videos of this event aren’t lost and evidence is preserved,” he emailed. “This archive is not just important for the short-term use to hold rioters accountable, but also for the long-term for future generations.”
The second iCOP bulletin is titled “Nationwide coordination of Militia Groups and Threat to Nancy Pelosi.” It homed in on a website called givemebass.com and said a post “directly associated to the site founder [sic]” threatened House Speaker Nancy Pelosi. The bulletin included an image saying “DEMAND PELOSI BE EXECUTED SHE TRIED TO COME BETWEEN OUR POTUS THE NUCLEAR CODES [sic].”
The Postal Service bulletin raised concerns that someone was using givemebass.com to coordinate national militias.
“The Wimkin account ‘Vik Freeman’ has been promoting the website ‘givemebass[.]com’ as a portal for communication and coordination which has been posted to multiple militia pages on Wimkin,” the bulletin reads.
The bulletin added that iCOP analysts were “actively monitoring the website and Wimkin account” for new posts. It included information about who it believed had registered givemebass.com and when, along with details about its reach across other Wimkin pages. Wimkin bills itself as “The World’s Only Free Speech Social Media Platform,” but its terms of service say posts on the platform cannot contain “nudity, pornographic materials including cartoons, and cannot be threatening nor criminally harassing in any way shape or form.”
Chip Gibbons, the policy director of Defending Rights & Dissent, said the document points to the growing overlap between intelligence-gathering and law enforcement work — especially since the connection between the Jan. 6 attacks and the postal service appears to be tenuous at best.
“Law enforcement-intelligence apparatuses raise serious Constitutional questions, serious questions for our democracy,” he said. “It is outside their jurisdiction as I understand it.”
“The FBI has jurisdiction over domestic terrorism, whereas the Post Office — I don’t even know how they’re involved in this,” he added.
A spokesperson for the U.S. Postal Inspection Service said the agency reviews public social media posts as part of “a comprehensive security and threat analysis.”
“News report and social media listening activity helps protect the 644,000 men and women who work for the Postal Service by ensuring they are able to avoid potentially volatile situations while working to process and deliver the nation’s mail every day,” the spokesperson said.
The USPS’s covert operations program drew attention in April when Yahoo! reported on a bulletin it sent out in March about anti-lockdown and anti-5G protests. That bulletin, which cited social media posts, generated concerns on Capitol Hill. Members of the House Oversight Committee called on the Postal Service’s inspector general to probe the program and see if analysts there engaged in illegal surveillance, as Yahoo! also reported.
These new materials, along with two other documents, highlight the growing complexity of that work. A March 29 report from the Department of Homeland Security’s Office of Intelligence and Analysis said militia violent extremists are “actively disguising their online social media outreach” to promote violence, find fellow violent extremists and share tactics.
“In 2020, MVEs used or expressed interest in using a variety of more secure and often encrypted messaging applications — including Zello, Telegram, Signal, and Threema — to discuss operational activity, according to FBI and open source reporting,” the DHS report reads.
The report also said that social media companies focus on “overt threats of violence” when removing content. It added that if U.S. government officials worked with the private sector to develop indicators of “operational planning and recruitment,” it would help those companies understand how militia extremists skirted their terms of service. The report also said such engagement could help U.S. officials detect and disrupt extremists’ efforts.
The DHS report also references FBI reporting about posts that militia extremists made on social media in the months before the Jan. 6 attack. It specifically notes FBI reporting about posts that went up in July, August and October of 2020. After the Jan. 6 attack, FBI Director Chris Wray fielded multiple questions at congressional hearings about the FBI’s social media monitoring, as Lawfare has detailed. He and others have signaled that the FBI’s internal rules about monitoring social media contributed to their failure to predict the violence.
“We’re not allowed to … just sit and monitor social media and look at one person’s posts … just in case,” he said in one hearing.
But the DHS report indicates that the FBI has collected information that militia extremists posted in the months leading up to the Jan. 6 attack. This is notable since militia extremists were among those who attacked the Capitol. The DHS report does not say if the FBI collected these months-old social media posts before or after Jan. 6, and it does not say how the posts came to the FBI’s attention.
Mike German, a fellow at the Brennan Center for Justice and a former FBI agent focused on domestic terrorism, said he believes FBI counterterrorism efforts over-emphasize social media.
“A lot of people online say things that are really scary, and if law enforcement is using its resources to focus there, it might explain why so much of this violence that occurs on the streets is unpoliced, because they’re spending their resources searching out bad words online,” he said.
German said he thinks the FBI should focus more of its resources on investigating violent crimes committed by far-right extremists, rather than trying to predict which ones will turn violent based on their social media posts.
And those social media posts are still plentiful, despite the efforts by the biggest mainstream social media companies to purge extremist content. According to a Jan. 15 report from the Central Florida Intelligence Exchange, an intelligence-sharing hub, domestic extremists migrated to alternative platforms after Jan. 6.
“In an effort to avoid censorship and maintain their online presence, DVEs of varying ideologies began migrating to existing alternative platforms such as MeWe, Telegram, Gab, Clouthub, Minds, and TikTok,” the Florida report reads. “Popular message boards such as 4chan and 8kun also experienced an increase in users.”
The same report said people linked to the Boogaloo movement — a loosely organized movement of anti-government extremists who believe a civil war is near — “began migrating to alternative platforms, and can currently be found on Telegram, MeWe, Minds, and TikTok.” That migration came after social media networks began removing Boogaloo content in the wake of the arrests of multiple people linked to the movement. The report noted that the number of Boogaloo hashtags and accounts on Twitter was growing, and that Boogaloo-related accounts were still active on TikTok, though “more difficult to locate due to being shadowbanned.”
The report added detail on shadowbanning: “When a channel is shadowbanned, the content is blocked and a name and/or hashtag search will bring back no results,” it read. “The shadowbanning has no effect on subscribers of the channel. Additionally, new users are still able to locate and join these channels by clicking hashtags shared by other TikTok users they have subscribed to.”
A TikTok spokesperson said the platform removes Boogaloo accounts when it identifies them.