Part One of this series mentioned, in a single sentence whose significance the reader had no way of evaluating at the time, that Giant Oak's GOST platform — the Giant Oak Search Technology used by Immigration and Customs Enforcement — appears across the federal procurement record of six agencies: Immigration and Customs Enforcement, Customs and Border Protection, the Drug Enforcement Administration, the State Department, the Air Force, and the U.S. Treasury's Bureau of the Fiscal Service. A seventh channel of use operates outside the procurement ledger entirely — HUMINT sourcing within the intelligence community, where contracts are not itemized the same way and the platform's role has remained largely invisible to oversight.
Five of those six belong together. Enforcement, border control, narcotics interdiction, diplomatic security, the military. The sixth does not. The Bureau of the Fiscal Service is a Treasury payments office — it cuts checks. It carries no law-enforcement, intelligence, immigration, or border charter of any kind. Its appearance on the same vendor's customer list as ICE and the DEA is the anomaly this part of the series exists to resolve.
That anomaly is the seam. The U.S. Treasury's Bureau of the Fiscal Service is the one name on the list whose presence cannot be explained by its mandate — and explaining it means following a single platform from the agencies that hunt people to the office that pays them.
The Bureau of the Fiscal Service is the Treasury office that handles federal payments. It cuts the checks for Social Security. It processes federal tax refunds. It manages federal debt collection. It administers federal vendor disbursements. It is, by its formal charter, a back-office payments operation. It has no law enforcement function. It has no intelligence function. It has no immigration function. It has no border function.
It has no operational reason — none that any agency description, any congressional testimony, any executive order, or any public charter provides — to be a customer of an algorithmic social media surveillance platform whose advertised targeting feature is, per the Department of Homeland Security's own internal slides released under court order, the capacity to "filter various Arabic naming conventions."
And yet the Bureau of the Fiscal Service is, by federal procurement record and by FOIA-disclosed contracting documents, a paying customer of Giant Oak Search Technology.
That sentence is the seam.
This part of the series resolves what is on either side of it. The seam, as Part Five will show, is not an anomaly. It is the structural connection point between the DHS-side surveillance pipeline this series has mapped in Parts One through Three and the Treasury-side financial-intelligence regime that has, in parallel, been built by an overlapping cast of post-9/11 federal officials, run through a partly overlapping set of private vendors, and deployed against a partly overlapping set of vulnerable populations — including American banking customers, U.S. citizens subject to sanctions screening, and cross-border financial flows whose participants have no meaningful ability to know they are under algorithmic surveillance.
The seam is also the point at which the architecture this series describes becomes most clearly bipartisan. The men who built the Treasury side were Bush appointees. The man who built the DHS-side analytical tool was also a Bush appointee. The Brennan side of Part Four was an Obama appointee. The system they all built together is the system the Biden administration scaled, that the second Trump administration is now operating, and that no faction of either major American political tradition has shown any structural interest in dismantling.
Two men. Two firms. One algorithm. Many vulnerable populations.
Fiscal Service
The first man: Gary Shiffman
In May 2004, U.S. Customs and Border Protection Commissioner Robert C. Bonner announced the selection of Gary M. Shiffman as his Chief of Staff at the agency.
Shiffman's official biography, published on the U.S. Customs and Border Protection news service at the time of the announcement, captured a trajectory that the contemporary press treated as standard for the post-9/11 reorganization. Shiffman had been, immediately prior to the CBP appointment, Director of Governmental Affairs in the Washington, D.C. office of the lobbying firm Greenberg Traurig. He had previously worked in the United States Senate as a member of the leadership staff and Senior Policy Advisor to Senator Connie Mack. He had managed international issues focused on national security, trade, and export policies. While on active duty in the United States Navy, he had served on the staff of the Secretary of Defense and the Chief of Naval Operations. He was a Gulf War veteran with two Pacific Fleet deployments. He held a Ph.D. in economics from George Mason University.
The CBP Chief of Staff role placed Shiffman, as the agency's own announcement put it, in a position to "advise the Commissioner on a variety of policy, security, trade, and management issues" and to be "responsible for managing the day-to-day operations of the Commissioner's office and its interactions with the White House and other executive and legislative branches."
Shiffman served as Bonner's Chief of Staff for approximately two years.
In mid-2006, three weeks before the public announcement, Shiffman was quietly detailed from CBP to the Department of Homeland Security to work on what officials there were calling the Secure Border Initiative — the comprehensive review of U.S. border surveillance assets and the policy precursor to the SBInet contractor-driven virtual fence program. The detail was reported in trade press as a routine personnel rotation.
When Shiffman's CBP tenure formally ended, he did not return to a public-policy role. He moved instead to L-3 Communications, the defense contractor that produces passenger baggage and full-scale cargo X-ray examination systems for homeland security customers, among many other technologies. Shiffman became Senior Vice President of Global Security Solutions in L-3's Government Services Group, based in Alexandria, Virginia.
After L-3, Shiffman's trajectory took the turn that would, fifteen years later, place his company's software on the federal procurement record of six federal agencies.
Shiffman moved to the Defense Advanced Research Projects Agency — DARPA — the U.S. military's classified research arm. The role was not publicly publicized at the time. In a subsequent 2017 interview with Forbes magazine, Shiffman would acknowledge the work directly. While at DARPA, Shiffman had worked on a program called Nexus 7.
What Nexus 7 was
Nexus 7 was a classified, contested, big-data intelligence program that DARPA pushed into Afghanistan as a war-zone surveillance and analytics effort. As Noah Shachtman, writing for Wired magazine's Danger Room, described the program when its existence first became public in July 2011: "The Pentagon's top researchers have rushed a classified and controversial intelligence program into Afghanistan. Known as 'Nexus 7,' and previously undisclosed as a war-zone surveillance effort, it ties together everything from spy radars to fruit prices in order to glean clues about Afghan instability."
The phrase "from spy radars to fruit prices" is the operational description. Nexus 7 was a data-fusion program. It ingested, in real time, signals intelligence from drone-mounted and ground-based sensors; surveillance radar tracks; mobile phone metadata; market price data; agricultural yields; tribal-network maps; and adjacent human-intelligence reporting. It applied machine-learning pattern detection across the entire fused dataset. Its operational goal was to predict where Taliban operations would emerge before they happened — to identify, in advance, which villages, which routes, which financial flows, and which individuals were the leading indicators of an upcoming insurgent action.
Nexus 7 was, in plain English, the prototype for what the U.S. military and intelligence community would later call algorithmic counterinsurgency. Predictive targeting in a war zone, executed by software, against a population the U.S. government had designated as hostile.
The program was contested inside the intelligence community when it was active. As Shachtman wrote: "Those efforts are drawing fire from some frontline intel operators who see Nexus 7 as little more than a glorified grad-school project, wasting tens of millions on duplicative technology that has nothing to do with stopping the Taliban."
The Nexus 7 program was, ultimately, what Shiffman would describe in subsequent interviews as the methodology he commercialized in the private sector.
The commercialization: Giant Oak (2009)
In 2009, while still associated with the DARPA work that would become Nexus 7, Shiffman founded Giant Oak, Inc. The firm's headquarters were in Arlington, Virginia — five miles from CBP headquarters and three miles from DARPA.
Giant Oak's product was the Giant Oak Search Technology, or GOST, pronounced "ghost." By Giant Oak's own corporate description on its current website and in its press materials, GOST is a SaaS platform that "allows its users to search the deep web and perform high-speed, large-scale, entity-specific screenings to discover, vet and continuously monitor security, law enforcement, compliance, fraud and other threats."
The customer description is the part to read closely. "GOST customers span government agencies and financial services institutions."
The "and" in that sentence is doing the structural work this entire part of the series is built to unpack.
GOST was not designed, at any point in its corporate lineage, as a specialized federal law-enforcement tool. It was designed from inception as a dual-use platform that screens identities, financial transactions, social media activity, and public-records data simultaneously — applied to immigration enforcement on the federal side and applied to bank customer screening, anti-money-laundering compliance, and sanctions-list adjacent-person screening on the private financial side.
The methodology — large-scale data fusion across multiple surveillance modalities, applied via machine-learning pattern detection to identify individuals matching adversarial profiles — is identical across both deployments. The only difference is the customer's stated purpose for the targeting.
By 2017, Shiffman was on the record describing the system to Forbes as capable of "continuous evaluation," which Shiffman defined as "where you want to see if there's a change in the pattern in their behavior over time." The same Forbes interview, in which Shiffman acknowledged the Nexus 7 lineage explicitly, paired the algorithmic-counterinsurgency origin story with the contemporary deployment against U.S. visa applicants. The journalist did not connect the dots.
The federal contract record connected them. By 2017, the same year as the Forbes interview, the Department of Homeland Security articulated a formal policy of collecting and studying the social media data of all immigrants. In September 2017, Giant Oak won nearly $3 million in ICE contracts. Privacy International, which has tracked Giant Oak's federal contracting since 2018, calculated that the firm has held federal contracts worth nearly $45 million across the U.S. government since 2014.
In February 2023, Edison Partners — a growth-equity firm — led a $10 million investment in Giant Oak. The investment announcement, on the Edison Partners blog, included a quote from General Partner Tom Vander Schaaff that captured the firm's commercial positioning with unusual clarity. "Government and commercial markets alike," Vander Schaaff said, "have increased need for big data and regulatory technologies that improve their screenings for risk. Gary Shiffman and team have capital-efficiently built a negative search platform that's smarter than Google, and are driving impressive growth in the government sector."
The phrase "negative search platform" is the operational description. Giant Oak's product, by its investor's own description, is built to find the negative — the derogatory information, the adversarial pattern, the suspicious signal — in any dataset to which it is pointed.
The same phrase — negative — appears, six federal contracts later, in the February 2025 ICE bid solicitation that opened this entire series.
What Giant Oak is doing at the Bureau of the Fiscal Service
The Treasury's Bureau of the Fiscal Service is named, alongside ICE, Customs and Border Protection, the Drug Enforcement Administration, the State Department, and the Air Force, in the cache of Giant Oak records first reported by 404 Media's Joseph Cox on October 24, 2023. Those records reached the public through a Freedom of Information Act lawsuit filed in January 2019 by the ACLU and the ACLU of Northern California — the litigation that followed a 2018 FOIA request the agencies had refused to answer. By those records, the Department of Homeland Security has used GOST since 2014; ICE alone has paid Giant Oak in excess of $10 million since 2017; and the Bureau of the Fiscal Service is listed among the agencies that have paid for Giant Oak services across that period.
Where Giant Oak's federal work is itemized, the figures are public and exact. Federal contract records show a $5.2 million award to the company from the Federal Energy Regulatory Commission — contract no. 89603022C0001, for completion of a software system Giant Oak calls ATHENA, awarded March 28, 2022, a single-award definitive contract with one offer received and no set-aside, running a five-year term and already fully obligated against its $5.2 million ceiling. That is what a disclosed Giant Oak federal engagement looks like on the record: a contract number, an award date, a dollar value, a named deliverable. No comparable line item has ever been published for the Bureau of the Fiscal Service. It sits on the customer list — named in the FOIA cache, confirmed in the 404 Media reporting — with no disclosed contract identifier, period of performance, or dollar figure. The agency with the least obvious reason to be on the list is also the one whose engagement is documented in the least detail.
A word on what that FERC contract is, and is not — because the distinction is the whole point. ATHENA is not GOST, and it is not a window onto the power grid. The FERC office that buys analytics of this kind, the Office of Enforcement, does not watch electrons; it watches traders. Its Division of Analytics and Surveillance runs algorithmic screens over participant-level trading data to flag spoofing, wash trades, cross-market manipulation, and anomalous positions — and to map the concealed ownership and trading relationships behind them. That is the most plausible work for a Giant Oak build at FERC, and it is the same analytic act the company's engine performs everywhere else — surface the anomalous actor, resolve the hidden network — turned on energy markets rather than on visa applicants or payment recipients. There is no public evidence that ATHENA is a GOST instance, that it ingests social media for FERC, that it monitors how energy is physically distributed or consumed, or that it touches the Bureau of the Fiscal Service.
But the contract leaves larger questions hanging, and they are worth marking here even though the answers belong to a companion piece. Why does a firm built to map illicit human networks gravitate, again and again, to energy — the one market where finance, critical infrastructure, and national security converge in a single commodity? If a system can already resolve who secretly controls and finances the players, and read every anomaly in how energy is traded, how far is that from seeing how energy is distributed — by whom, to whom, and at what moment of demand — and why would that visibility be worth having? What does it mean to hold continuous, granular sight of the flows of the one resource every other system depends on to function? Is market-conduct surveillance the entire purpose of an engine like this inside the energy vertical, or simply the entry point? Those questions are the subject of a separate interlude on Giant Oak, GOST, and ATHENA. For the Bureau of the Fiscal Service, the question in front of us is narrower, and more immediate.
There are three plausible explanations for the Fiscal Service line item. The plausibility order matters less than the structural implication that none of them is benign.
One: bureaucratic plumbing. Federal procurement record-keeping is messy. The Bureau of the Fiscal Service may be the contracting officer of record on a contract whose actual end user is a different Treasury component — typically the Office of Foreign Assets Control, which administers U.S. economic sanctions, or the Financial Crimes Enforcement Network, which runs federal financial intelligence and anti-money-laundering, or Treasury's Office of Intelligence and Analysis, which is one of the eighteen formal members of the U.S. Intelligence Community. Treasury sometimes routes contracts through Fiscal Service for administrative reasons. If that is what happened, the story remains structurally significant: it means the procurement architecture obscures, at the level of public visibility, which Treasury intelligence component is actually buying the surveillance software.
Two: enforcement screening of federal payment recipients. The Bureau of the Fiscal Service handles federal disbursements — Social Security benefits, federal tax refunds, vendor payments, federal grants, federal contractor payments, federal employee paychecks. If Giant Oak's GOST platform is being used to screen the recipients of federal payments — particularly federal contractor payments and federal benefit recipients — for adverse social media signal, sanctions-list adjacency, or other algorithmic flags, that constitutes a financial-side enforcement mechanism that has never been publicly disclosed and operates outside the statutory authority of any Treasury component formally charged with such screening.
Three: cross-component intelligence sharing. The Bureau of the Fiscal Service sits inside Treasury alongside FinCEN, OFAC, and the Office of Intelligence and Analysis. If Giant Oak's outputs are accessible across Treasury components — meaning the agency that cuts checks can pull dossiers, screening outputs, or social-media profile data from the same GOST instance that the sanctions-enforcement and financial-intelligence components are also accessing — then GOST is functioning, at the structural level, as a cross-Treasury intelligence-sharing platform.
What the public FOIA cache does not resolve, in the records made available through the ACLU lawsuit, is which of these three explanations is correct. The contracting record says Bureau of the Fiscal Service. The actual operational deployment is invisible.
This is, in operational terms, the worked example of why the contractor architecture this series has been mapping is structurally unaccountable. Even with a federal court order forcing disclosure, the procurement vehicle reveals nothing about the actual customer's purpose.
The Bureau of the Fiscal Service line item is the seam between the DHS-side surveillance pipeline and the Treasury-side financial-intelligence regime. The man on the DHS side of that seam is Gary Shiffman.
The man on the Treasury side is Juan Zarate.
The second man: Juan Zarate
Juan Carlos Zarate is, in the federal national-security architectural sense the term is meant in this series, the architect of the contemporary U.S. Treasury financial-intelligence regime.
Zarate is a 1997 Harvard Law School graduate. Before law school, at Harvard College, he won the John P. Reardon '60 Men's Award as the best male student-athlete; he had been a Rotary International Fellow at the Universidad de Salamanca in Spain. He is the son of a Mexican father and a Cuban mother. He grew up in Santa Ana, California.
Before September 11, 2001, Zarate served as a federal terrorism prosecutor in the Department of Justice. He worked on the prosecution teams in the 1998 East Africa embassy bombings and the 2000 USS Cole bombing.
In the years following the September 11 attacks, Zarate moved into the Treasury Department, where he was appointed — by the Bush administration — to a position that had never previously existed in the federal government: the first-ever Assistant Secretary of the Treasury for Terrorist Financing and Financial Crimes.
In that role, by his own published biographies and by the public record of his federal service, Zarate did the following.
He led, on behalf of the Treasury Department, the post-9/11 anti-money-laundering and economic-sanctions regime expansion in the United States.
He supervised the Financial Crimes Enforcement Network — FinCEN, the federal financial intelligence agency.
He supervised the Office of Foreign Assets Control — OFAC, the federal sanctions-enforcement agency.
He supervised the Treasury Executive Office for Asset Forfeiture — TEOAF.
He drove what his biographies describe as "the innovative use of the Treasury's national-security-related powers."
He led the establishment of the Office of Terrorism and Financial Intelligence — TFI — the umbrella Treasury entity that, since its 2004 establishment, has been one of the eighteen formal members of the U.S. Intelligence Community.
He led one of the largest asset-recovery efforts in U.S. history: the return of over $3 billion in assets from Iraq following the U.S.-led invasion.
In 2005, after his tenure at Treasury, Zarate moved to the White House, where he served as the Deputy Assistant to President George W. Bush and Deputy National Security Adviser for Combating Terrorism — the country's fifth post-9/11 "counterterrorism czar." He held that role from 2005 to 2009, the end of the Bush administration. His White House portfolio, by his official biography, included "coordinating the government's counterterrorism strategy and efforts against other transnational threats, such as maritime security, piracy, hostage-takings, organized crime and gangs."
He was awarded the Treasury Medal at the conclusion of his federal service.
Read that résumé as a single sentence. The federal official who built the post-9/11 Treasury financial-intelligence regime, who established the federal Office of Terrorism and Financial Intelligence, who supervised FinCEN and OFAC, who served as the country's counterterrorism czar at the close of the Bush administration, was — by the standards applicable to any senior intelligence-community officer leaving federal service — the single most consequential post-government figure in the federal financial-surveillance ecosystem.
In 2009, with the end of the Bush administration, Zarate left federal service.
He did not, in any meaningful sense, leave the financial-surveillance ecosystem.
The private sector (2009 — present)
After leaving the Bush White House in 2009, Zarate moved to the Center for Strategic and International Studies as a senior adviser. He also served, for a time, as CBS News' senior national security consultant and analyst.
In 2014, Zarate co-founded the Financial Integrity Network, or FIN, a private consultancy specializing in anti-money-laundering and counter-financing-of-terrorism compliance for global financial institutions. The firm's client base, by its own description and by subsequent reporting, included major U.S. and international banks; financial intelligence units in multiple jurisdictions; and a constellation of government and quasi-government clients.
In 2019, the Financial Integrity Network merged with K2 Intelligence — the corporate intelligence consultancy founded by Jules and Jeremy Kroll, the family whose Kroll Inc. had pioneered the contemporary corporate-intelligence industry. The merged entity took the name K2 Integrity. Zarate, as the senior post-government federal official inside the merged firm, became Global Co-Managing Partner and Chief Strategy Officer.
K2 Integrity is, at present, one of the world's largest private financial-intelligence consultancies. Its work includes corporate due-diligence investigations, sanctions-compliance program design for major banks, financial-crime risk assessments for governments and multilateral institutions, and what the firm calls "public-private financial information sharing partnerships."
In October 2020, K2 Integrity and Giant Oak together launched a joint fintech venture called Consilient.
The Consilient launch announcement on PRNewswire, dated October 29, 2020, named both founders: "Juan Zarate, chairman and co-founder of the Financial Integrity Network (FIN) and global co-managing partner and chief strategy officer at K2 Intelligence FIN, and Gary M. Shiffman Ph.D., founder and CEO of Giant Oak, today announced the launch of Consilient, a company dedicated to establishing the next generation AML/CFT system through the application of revolutionary technologies."
The first sentence of the Consilient launch announcement names the two men. The architectural sentence of this series, the sentence that resolves the seam between the DHS-side surveillance pipeline and the Treasury-side financial-intelligence regime, is the first sentence of the Consilient launch announcement.
The man who built the Treasury financial-intelligence regime inside government, partnered, in his post-government private-sector role, with the man who built the Giant Oak surveillance methodology in DARPA's Afghan counterinsurgency program, to launch a fintech operating on the same algorithmic technology, sold to the same federal customers — including the Bureau of the Fiscal Service — and to a parallel stack of major banks.
What federated learning actually is
The Consilient technology platform is called Dozer. By Consilient's own corporate materials, Dozer is the product of what the firm calls "federated machine learning" — a technique that, by Shiffman's own description on his appearances on the Jo Ann Barefoot AML podcast in 2019, allows what he termed "the traveling algorithm."
It is worth being precise about what that phrase means.
Federated learning, as a technical concept, was developed in the broader machine-learning community as a method for training models across decentralized data without consolidating the data into a single repository. The textbook use case is mobile device personalization — Google's Gboard keyboard, for example, can train its autocomplete model across millions of phones without requiring the keyboard logs themselves to be uploaded to a central Google server. The algorithm trains locally on each device, the algorithm's updated parameters are sent back to the central server, and the central server aggregates the parameter updates across all devices to produce an improved global model. The data itself never leaves the local device.
Federated learning, in that conventional framing, is a privacy-preserving technique. The data stays where it lives.
The Consilient deployment uses the same technique. But it deploys it in a structurally different application: across financial institutions. Consilient's Dozer technology, by the firm's own February 2021 press release announcing its bank-trial results, "uses federated machine learning, a technique that trains algorithms to be shared across multiple financial institutions. Dozer leapfrogs the current systems for anti-money laundering and countering the financing of terrorism (AML/CFT) systems by sharing the algorithms and not the data."
The structural application matters. The Consilient deployment means that the targeting algorithm — the model that classifies which customers, which transactions, which patterns of financial behavior constitute suspicion — is being trained across a consortium of financial institutions. Each bank trains the model locally on its own customer data. The trained model parameters are shared back to the central Consilient platform. The central platform aggregates the updates and pushes an improved targeting model back out to all participating banks.
The data, in the formal sense, stays at each bank. The targeting model — the classification logic by which a banking customer is determined to be a suspicious actor — is shared across the entire participating sector.
This is, in operational structure, the same workaround Edward Snowden described in Part Two of this series when he characterized the formal Five Eyes alliance as "a supra-national intelligence organisation that does not answer to the known laws of its own countries." The data, in the FVEY structure, stays within each member country's jurisdictional protections. The intelligence product — the analytical conclusion drawn from the data — is shared across the alliance. The constitutional protection at the data-collection layer remains formally intact. The surveillance, at the operational layer, is universal.
Consilient applies the same architecture to American banking. The bank's customer data, in the formal sense, stays at the bank under its existing customer-privacy obligations. The targeting model — the rule by which a customer is determined to be suspicious — is shared across the entire consortium. The customer's privacy at the data-collection layer remains formally intact. The classification decision is made by an algorithm that has been trained across the entire participating banking sector.
The first partner bank, by the October 2020 launch announcement, was PNC. In the launch quote, PNC's Chief Bank Secrecy Act/Anti-Money Laundering Officer Jon Elvin said: "PNC looks forward to evaluating the practical application of federated learning technology and determining the extent to which it, in combination with the resources and experiences of other participating banks, will strengthen the industry's AML/CFT capabilities."
The technology partner was Intel, which provided the hardware-based trusted execution environment via Intel Software Guard Extensions — Intel SGX — to ensure, by Consilient's framing, that the federated learning could occur without exposing the underlying banking data to other participating institutions.
By February 2021, Consilient's own announced bank trial results claimed that Dozer had reduced false positives in financial-crime detection "from above 90% down to 12%" while increasing the true positive discovery rate. The number is internally generated by the firm; it has not been independently validated by federal regulators in any publicly released audit of which the present author is aware.
What the architecture does is share the targeting model across institutions while preserving the formal privacy of the data at each institution. What the architecture is, in plain English, is a workaround. The targeting decision — the act of being classified as a suspicious actor in the federal financial intelligence regime — has been delocalized from any single bank, any single regulator, and any single jurisdiction. The classification model is now shared property of the consortium, governed by Consilient, designed by Shiffman and Zarate.
Strip the architecture down to one citizen. A low-income Social Security recipient — or a federal contractor paid through the Bureau of the Fiscal Service — posts a comment critical of federal immigration policy, and later sends a wire transfer that a screening model reads as anomalous. On the DHS side, that profile is exactly what GOST was built to surface: the negative signal, the adversarial pattern, scored one to one hundred.
The same class of model that ICE uses to screen visa applicants — the one tuned, in DHS's own court-released slides, to “filter various Arabic naming conventions” — can now, through the Fiscal Service procurement, sit inside the Treasury payment-screening environment. No new rulemaking. No public notice. No warrant. The targeting model crosses; the citizen never learns a model was pointed at them at all.
There is a legitimate-purpose reading of all of this, and it deserves to be stated plainly. Anti-money-laundering and sanctions enforcement are real statutory mandates. Banks are legally obligated to detect illicit financing; Treasury is legally obligated to enforce sanctions. A technique that lets institutions share a fraud-detection model without pooling raw customer data is, on its face, a privacy-improving design — and its proponents can point to the false-positive reduction Consilient claims as a genuine public good.
The rebuttal is scale, opacity, and charter.Scale: a model trained across an entire participating banking sector and a federal customer base is not a fraud filter at one bank — it is a sector-wide classification authority with no single accountable owner. Opacity: even a federal court order compelling FOIA disclosure did not reveal which Treasury component is actually operating GOST, or for what purpose. Charter: the Bureau of the Fiscal Service has no law-enforcement, intelligence, or screening mandate of any kind. A privacy-preserving technique fielded by an agency with no statutory authority to screen anyone is not a safeguard. It is a workaround wearing the language of one.
Consilient is only one half of the mirror. Its commercial twin on the Treasury side — Babel Street, which reaches the same populations through the data-broker door rather than the bank-consortium door — is examined further below. But the workaround is not, in the end, a story about software. It is a story about the men who own the model. And the second of those men occupies more of the financial-intelligence map than any single biography has ever assembled in one place.
Zarate's adjacent positions
What makes the Consilient story structurally distinct, in the context of the Fifth Eye architecture this series has been mapping, is not the federated-learning technology in isolation. It is the constellation of adjacent positions Zarate occupies, simultaneously, across the global financial-intelligence ecosystem.
This is the part of the public record that no corporate American outlet has, to date, mapped in one place. Zarate's published biographies, on multiple institutional websites — K2 Integrity, the Foundation for Defense of Democracies, the Center for Strategic and International Studies, the National Endowment for Democracy, the Federalist Society — list a set of overlapping board positions, advisory roles, and institutional affiliations. The set, taken together, places Zarate at substantially every significant node of the contemporary international financial-intelligence ecosystem.
| Position | Institution | Since / Status |
|---|---|---|
| Global Co-Managing Partner & Chief Strategy Officer | K2 Integrity | 2019 |
| Co-founder & Board Chair | Consilient — with Gary Shiffman | 2020 |
| Treasurer & board member | National Endowment for Democracy (NED) | Jan 2024 |
| Director's Advisory Board | National Counterterrorism Center (NCTC) — the agency Brennan founded | Current |
| Chairman & co-founder, Center on Economic & Financial Power | Foundation for Defense of Democracies (FDD) | Current |
| Senior Adviser | Center for Strategic & International Studies (CSIS) | Current |
| Class of 1971 Senior Fellow | West Point Combating Terrorism Center | Current |
| Adviser, Group Risk Committee (fmr. Financial System Vulnerabilities Cmte, 7 yrs) | HSBC | Ongoing |
| Independent adviser | Coinbase — largest U.S. virtual-asset service provider | Since 2014 |
| Trustee, board member, Audit Committee Chair | Northwestern Mutual | Current |
| Board member (twice papal-appointed) | Vatican Supervisory & Financial Information Authority | Pope Francis |
| Board member | Guardian Space Technology Solutions | Current |
| Former board member | Boston Dynamics — Spot robots now in federal law-enforcement service | Former |
| Former board member | Cambridge Quantum Computing North America | Former |
| Adviser | National Security Institute · Harvard National Security Journal · FDD Center on Cyber & Technology Innovation | Current |
| Life member | Council on Foreign Relations | Life |
| Visiting Lecturer in Law (8 yrs) | Harvard Law School | Former |
| Author, Treasury's War | The definitive public account of the regime — written by the man who built it | 2013 |
This is one man. These are his concurrent or recent affiliations, by his own published biographies.
In Brennan's case, in Part Four, the structural significance was the rotation through a single foreign-controlled holding company — Luxembourg, GSG, TAC, the U.S. watchlisting infrastructure. The template was binary: one career, one architectural lineage, one return to the federal government.
In Zarate's case, the structural significance is the parallelism. He is, at the present moment, simultaneously: a private-sector consultancy executive (K2 Integrity); a co-founder of a federal-banking surveillance fintech (Consilient); an advisor to the largest U.S. cryptocurrency exchange (Coinbase); an advisor to one of the world's largest banks (HSBC); a board member of the federal democracy-promotion non-governmental organization (NED); a chair of the major U.S. counter-Iran-and-China economic-power center (FDD's CEFP); an advisor to the federal counterterrorism agency he founded inside the government (NCTC); a board member of the Vatican's financial regulator; and a former board member of the robotics firm now selling robots into U.S. law enforcement.
The map is no longer a map of a single template. It is a map of an entire constellation. And every point on the constellation, in the contemporary international financial-intelligence ecosystem, is occupied by the same man.
Babel Street and the OFAC contract
There is one more company in this ecosystem worth naming, because its trajectory closes the loop between the DHS-side surveillance pipeline and the Treasury-side financial-intelligence regime in a way that the Consilient story does not on its own.
Babel Street is a privately held social-media-and-data-broker surveillance firm headquartered, like Carahsoft and like Anomaly Six, in Reston, Virginia. The firm was founded in 2012. Its flagship product is Babel X, a social-media-and-deep-web monitoring platform that offers, by its own published technical documentation, access to "over 25 social media sites, including Facebook, Instagram, and to Twitter's firehose," with sentiment analysis in over fifty languages, geofencing, identity-resolution, and computer-vision functionality.
Babel Street's customer roster is the structurally important part.
The FBI has a $27 million, 5,000-license Babel X contract awarded in 2022 for social-media surveillance across the bureau's operational divisions.
Customs and Border Protection has separately purchased Babel X licenses, by Privacy Threshold Analysis documents obtained through FOIA litigation by Vice's Motherboard, for use in border-screening operations against U.S. citizens, permanent residents, refugees, and asylum seekers.
The Internal Revenue Service — IRS — has a Babel Street contract, disclosed in November 2021 by The Intercept's reporting on Treasury-side digital surveillance, that gives the federal tax authority a data feed from the same social-media-and-location-data infrastructure.
The Office of Foreign Assets Control — OFAC — has a separate Babel Street contract. By the contract documents The Intercept obtained, OFAC's Office of Global Targeting now uses a Babel Street tool called Locate X for, in the contract's own language, "analysis of cellphone ad-tech data … to research malign activity and identify malign actors, conduct network exploitation, examine corporate structures, and determine beneficial ownership."
Locate X is, by separate reporting in 2020 by Protocol, a tool that provides clients with geolocational data extracted from mobile-phone advertising-identifier feeds — the same kind of commercial location data that, in Anomaly Six's leaked 2022 sales presentation, was demonstrated as capable of tracking the cell phones of U.S. intelligence officers and Department of Defense personnel as they traveled the world.
The OFAC contract therefore gives the U.S. sanctions-enforcement agency, by Treasury's own contract language, the operational capacity to track the physical locations of individuals — including, by the contract's explicit non-restriction, U.S. persons — without a search warrant, through the commercial-data-broker pipeline.
Babel Street has, in the eighteen months covered by Part Three's Palantir acceleration narrative, also expanded its senior leadership in ways that signal where the firm's growth is pointed. In November 2025, the firm hired former CIA Chief Operating Officer Maura Burns as a Strategic Advisor. In December 2025, the firm hired former Booz Allen Hamilton executive John Larson as President and Chief AI Officer.
Babel Street is, in operational structure, the Treasury-side mirror of the Giant Oak / Consilient platform. Different technical architecture; different ownership; different corporate history. Identical customer base. Identical workaround.
The constitutional stakes
Strip away the corporate names and the procurement vehicles, and what remains is a single sentence with constitutional weight. Ordinary American citizens and lawful residents — their bank accounts, their benefit payments, their tax refunds, their cross-border wires — can now be run through the same class of algorithmic negative search that was originally built for Afghan counterinsurgency and tuned for visa screening against Arabic naming conventions.
The legal architecture that makes this possible is the same one The Intercept identified in November 2021, when it reported that Treasury's Office of Foreign Assets Control had bought a Babel Street location-tracking tool — Locate X — that let the agency follow individuals without a warrant, in what critics described as buying a way past the Fourth Amendment. A June 2021 Brennan Center for Justice report had already warned that OFAC's enforcement reach extends to U.S. citizens inside U.S. borders. The privacy-preserving claim — the data stays at each bank, each agency, each jurisdiction — is the legal fig leaf. The targeting model is shared. That is the entire design: the constitutional protection is left formally intact at the layer where data is collected, and left constitutionally unreviewed at the layer where the decision is actually made. This is the domestic extension of the architecture this series has been mapping.
What the seam is
This is the seam.
On the DHS side: a Bush-era CBP Chief of Staff, who detailed to the Department of Homeland Security to work on the Secure Border Initiative, who then moved to a Defense Department defense-contractor role at L-3, who then moved to DARPA's classified Afghan war-zone counterinsurgency research, who then commercialized that war-zone methodology as the founder of a federal surveillance firm whose software ICE has been paying for since 2014 to deploy against U.S. visa applicants and the social-media speech of American citizens — with the targeting algorithm tuned, in DHS's own internal documents released under court order, to filter Arabic naming conventions.
On the Treasury side: another Bush-era senior federal official, the first-ever Assistant Secretary of the Treasury for Terrorist Financing, the architect of the Office of Terrorism and Financial Intelligence, the supervisor of FinCEN and OFAC, the country's fifth post-9/11 counterterrorism czar — who left federal service and built a private constellation that places him simultaneously at every node of the international financial-intelligence ecosystem, from major-bank risk committees to cryptocurrency-exchange advisory roles to Vatican financial regulation to the federal democracy-promotion non-governmental organization.
In 2020, the two men launched a joint fintech, sitting on top of the algorithmic methodology the first man brought from DARPA's Afghan war zone, applying federated learning to share the targeting model across American banks while preserving the formal privacy of each bank's customer data — and across a federal customer base that includes, by the FOIA-disclosed federal procurement record, the U.S. Treasury's Bureau of the Fiscal Service.
The Bureau of the Fiscal Service is the seam.
The seam is the point at which the DHS-side surveillance pipeline that Parts One through Three of this series mapped, the corporate template that Part Four of this series described, and the Treasury-side financial-intelligence regime that this part of the series has just unpacked, all become operationally connected.
The same software. The same algorithmic methodology. The same architectural principle of "the data stays separate, the targeting model crosses." The same overlapping cast of post-9/11 federal officials, now in their private-sector roles, building the systems they will sell back to the agencies they came from. The same vulnerable populations — visa applicants, sanctions-list-adjacent persons, low-income American banking customers, immigrant communities, social-media commenters about federal immigration policy — caught in the algorithmic dragnet.
The architecture, mapped end-to-end, looks like this. ICE, CBP, the DEA, the State Department, the Air Force, and the Bureau of the Fiscal Service are buying GOST from Giant Oak. American banks, beginning with PNC, are buying Consilient's federated-learning AML platform from Shiffman and Zarate. The FBI, IRS, OFAC, and CBP are buying Babel X and Locate X from Babel Street. ICE, NGA, the FBI, the CIA, the IDF, the NHS, the Australian Department of Defence, and AUSTRAC are all running on Palantir. Carahsoft is the procurement reseller through which substantial parts of this software ecosystem flow into U.S. federal agencies. Barbaricum, with its $950 million USSOCOM IDIQ and its Palantir partnership, is the operational contractor on the contract that started this series.
This is the Fifth Eye.
It is not a country. It is a category of vendor. And the men who built it are, by the records of their own published biographies and the federal procurement record, the same men who built the post-9/11 federal national-security architecture inside the government, who left federal service for the private sector, and who are now selling that architecture, in privately held vehicles that no faction of the corporate American press has comprehensively mapped, back to the federal government — and increasingly, in parallel, to the broader American banking system, the international financial-intelligence ecosystem, and, as Part Six of this series will document, the emergent infrastructure of biometric identity and AI-compute concentration that Sam Altman is currently constructing at a scale unprecedented in American corporate history.
The map is no longer just a map of the contractors. It is a map of the contractor estate. The Fifth Eye was never a foreign alliance — it is a vendor estate, built inside the government, sold back to it, and extended, now, toward the bank account of every American.
- Joseph Cox, “Inside ICE's Database for Finding ‘Derogatory' Online Speech,” 404 Media, Oct. 24, 2023 — the GOST user-guide cache naming the Bureau of the Fiscal Service and the “filter various Arabic naming conventions” slide. 404media.co
- Federal contract award records, USAspending.gov / FPDS — Giant Oak, Inc. recipient profile and Federal Energy Regulatory Commission contract no. 89603022C0001 (“Completion of Development of ATHENA for FERC”), $5.2M, awarded Mar. 28, 2022 — cited as the transparency contrast to the undisclosed Fiscal Service line item. usaspending.gov
- ACLU & ACLU of Northern California FOIA litigation against DHS/ICE and others — filed January 2019 following a refused 2018 request; the lawsuit that forced disclosure of the Giant Oak records.
- Noah Shachtman, “Inside Darpa's Secret Afghan Spy Machine,” Wired (Danger Room), July 21, 2011 — the first public reporting on Nexus 7. Accessible reprint: brookings.edu
- “K2 Intelligence FIN and Giant Oak Collaborate with Intel to Launch Consilient,” PR Newswire, Oct. 29, 2020 — the launch release naming Zarate and Shiffman and partner bank PNC. prnewswire.com
- “Consilient Bank Trials Demonstrate Federated Machine Learning…,” PR Newswire, Feb. 10, 2021 — the false-positive reduction claim (above 90% to 12%) and the Intel SGX partnership. prnewswire.com
- Sam Biddle, “The U.S. Treasury Is Buying Private App Data to Target and Investigate People,” The Intercept, Nov. 4, 2021 — the OFAC and IRS Babel Street contracts (OFAC, dated July 15, 2021, $154,982; two Treasury contracts totaling more than $300,000; obtained via FOIA by Tech Inquiry). Article · Contract document
- Brennan Center for Justice, report on OFAC oversight, June 2021 — finding that OFAC's enforcement reach extends to U.S. persons inside the United States.
- Privacy International — tracking of Giant Oak federal contracting since 2018 (nearly $45 million across the U.S. government since 2014; nearly $3 million in ICE contracts in September 2017).
- Edison Partners blog, February 2023 — the $10 million Giant Oak investment and the “negative search platform … smarter than Google” quote from Tom Vander Schaaff.
- Forbes, 2017 — the Shiffman interview acknowledging the Nexus 7 lineage and describing GOST's “continuous evaluation.”
What's coming
Part Six — The Identity Layer
Sam Altman. Stargate's $500 billion Abu-Dhabi-sovereign-wealth-backed AI infrastructure buildout. The OpenAI Pentagon classified-network contract signed in February 2026, the same week Anthropic was designated a federal supply-chain risk for refusing the terms. World, formerly Worldcoin, the iris-scanning biometric identity primitive that has been banned, suspended, or investigated in nine countries and is now in partnership with Tinder, Zoom, Visa, and Docusign. One man. Three layers of the architecture. The compute. The inference. The identity.