What the US DoJ announcement means for ExpressVPN users and an exclusive comment from the company’s co-founder.
ExpressVPN’s executive Daniel Gericke made news last week as one of three former US intelligence and military personnel who have altogether been fined more than $1.6 million by the US Department of Justice (DoJ) to resolve alleged charges around « Project Raven ». Exactly what happened is a complicated story, especially when there are multiple parties involved, several three-letter acronyms and a couple of legal terms thrown in the mix. TechRadar Pro breaks down the key facts, how Edward Snowden got involved and whether ExpressVPN users should be worried about the incident. The DoJ revealed that three former U.S. intelligence operatives – including current ExpressVPN executive Daniel Gericke – were facing federal charges in connection with their work for DarkMatter, a company based in the United Arab Emirates (UAE). The men were allegedly part of a secretive operation called “Project Raven” that ran from 2016 to 2019. The programme enabled the UAE government to spy on various targets, ranging from suspected terrorists and critics of its regime, according to a Reuters report. The three men have since reached a deferred prosecution agreement (DPA) with the US government. It is important to note that contrary to popular belief, a DPA is not a conviction or a plea, but an agreement between the prosecutor and defendant to resolve the matter without going to court. Were the actions of the defendants considered to be gravely detrimental to U.S. national security interests, it is unlikely that the case could have been resolved without a trial or guilty plea. As part of the DPA, the three also agreed not to dispute any of the facts alleged by prosecutors – which is probably the main reason why we have not heard directly from any of them so far. TechRadar understands that Gericke has been advised by his lawyers to not speak to the media about this matter. Acting Assistant Attorney General Mark J. Lesko for the Justice Department’s National Security Division described this agreement as “the first-of-its-kind resolution”. While the parties named in the DPA are unlikely to be able to shed more light on the matter, previous Reuters reporting says Raven operatives believed “the mission was blessed by the U.S. government” as they were told the NSA were being regularly briefed and had approved of the project. However, the DoJ release asserts that the men “chose to ignore warnings” that their work required a license from the US State Department. ExpressVPN said in a public statement on 15 September that they knew “the key facts relating to Daniel’s employment history” before hiring him. In a response to TechRadar Pro’s queries, ExpressVPN confirmed that at the time of Daniel Gericke’s hire in December 2019, the company was aware that Gericke had previously worked at CyberPoint and DarkMatter but had no knowledge of his association in Project Raven. CyberPoint is an American defense contractor that had the US government’s authorization to work with the UAE in what is described as a counter-terrorism mission. When Project Raven transferred from CyberPoint to DarkMatter, prosecutors say the latter company failed to seek these approvals. Former operatives described Project Raven to Reuters as having helped the UAE break up an ISIS network as well as assess the risk of terrorist attacks. However, whistleblower Lori Stroud said she eventually discovered that the UAE’s “national security targets” included not only terrorists, but also dissidents and human rights activists. While the Reuters report in January 2019 disclosed DarkMatter’s involvement in Project Raven, ExpressVPN told TechRadar that it was not made known to the company at the time of Gericke’s hire that he was in any way associated with Project Raven, which was classified.
