Five days ago, two members of Congress introduced a bill called the “Parents Decide Act.” The name suggests parental controls. The text suggests something else.

H.R. 8250 was filed on April 13, 2026, by Rep. Josh Gottheimer of New Jersey and Rep. Elise Stefanik of New York. It was referred to the House Committee on Energy and Commerce. The full text is now public.

What the Bill Actually Does

The bill would require every “operating system provider” to do three things:

Collect your birthday. Every user of every operating system must provide their date of birth to set up an account and to use the device. Not age. Not “over 18.” Your exact date of birth.

Verify minors through parents. If a user is under 18, a parent or legal guardian must verify the child’s date of birth. How? The bill does not say. It delegates that decision to the FTC, which has 180 days to figure it out.

Build a birthday API for app developers. This is the one that matters. Section 2(a)(3) requires operating system providers to “develop a system to allow an app developer to access any information as is necessary... to verify the date of birth of a user of an app.”

Read that again. Your operating system must build a pipeline that hands your birthday to any app that asks for it.

Your Birthday Identifies You

Most people do not think of their birthday as sensitive information. In 1997, a researcher named Latanya Sweeney demonstrated that just three data points can uniquely identify 87 percent of Americans: date of birth, ZIP code, and gender. Two of those three, most apps already have.

Your birthday is the missing key, and this bill hands it over.

Once an advertiser knows your birthday and your approximate location, they can cross-reference commercial databases to attach your name, your address, your purchase history, and your browsing habits. Not because they hacked anything. Because your operating system handed them the key and Congress told it to.

“Operating System Provider” Means Everyone

The bill defines “operating system” as “software that supports the basic functions of a computer, mobile device, or any other general purpose computing device.” It defines “operating system provider” as “a person that develops, licenses, or controls” such software.

That definition covers Apple and Google. It also covers:

Linux distributions. Ubuntu, Debian, Fedora, Arch. Built by volunteers, maintained by nonprofit foundations, downloaded by millions. Under this bill, every distribution maintainer is an “operating system provider” subject to FTC enforcement.

Raspberry Pi projects. The dad who builds a smart garage door opener. The teacher who sets up a classroom computer lab. The kid learning to code on a $35 board. All operating system providers.

Custom firmware. Anyone who installs a custom ROM on their phone, flashes firmware on a router, or modifies an embedded system.

Game consoles. Smart TVs. E-readers. Car infotainment systems. Smartwatches. Anything with software that “supports basic functions” of a “general purpose computing device,” a term the bill never defines.

The bill makes no distinction between Apple and a college student writing an operating system for a class project. The FTC enforcement applies equally.

No Protections on the Data

The bill instructs the FTC to create “data protection standards” for how birthday data is collected. It says the data must be collected “in a secure manner” and must not be “stolen or breached.”

It says nothing about selling it. Nothing about sharing it. Nothing about how long it can be retained. Nothing about what app developers can do with it once they receive it through the mandatory API.

The USIPS analysis puts it plainly: “The bill itself has no protections from the sharing or selling of the gathered data.”

Your web browser is an app. Under this bill, every website you visit through your browser could request your date of birth from your operating system. Advertisers would have a universal tracking identifier delivered by federal mandate.

The State-Level Wave

H.R. 8250 did not emerge in a vacuum. It follows a pattern of state legislation pushing the same concept:

Colorado SB26-051 requires operating systems to collect age information at account setup and provide “age-related signals” to applications. California AB 1043 mandates age-bracketing systems for operating systems and app stores beginning in 2027. Oregon has introduced similar legislation.

The Electronic Frontier Foundation criticized California’s version for “expanding the collection of sensitive age data and increasing privacy and censorship risks.” The federal bill goes further than any state version by requiring the exact date of birth rather than an age bracket, and by mandating a data-sharing API for app developers.

The Safer Path They Didn’t Take

California’s bill, for all its problems, at least attempts to limit what gets shared. Instead of broadcasting your exact birthday, it passes a simple signal: over 18, or not. Binary. Less useful for tracking.

H.R. 8250 chose the other path. Your exact date of birth. To every app. Through a mandatory API. With no restrictions on what happens to it next.

The bill’s sponsors call this “letting parents decide.” The infrastructure they are building lets advertisers decide, data brokers decide, and anyone who buys the data decide.

The Loophole

The Fourth Amendment says the government needs a warrant to track you. But there is a loophole big enough to drive a surveillance state through…

The government can just buy the data instead.

The legal theory is simple. You “voluntarily” shared your location with a weather app. You clicked “Allow” without reading the terms of service. A data broker bought your location data in bulk from the app developer. And because you “voluntarily” gave it up, the government argues it can purchase that data without a warrant, without a judge, without any of the constitutional protections that are supposed to constrain state surveillance.

Privacy lawyers call this “constitutionally indefensible.” Courts have let it slide for years.

The receipts are public. DHS signed a $1 billion contract with Palantir to build AI-powered surveillance systems using purchased commercial data. ICE has a $30 million contract with Palantir for “ImmigrationOS,” a platform that tracks people for deportation with “near real-time visibility.” The FBI signed a contract worth up to $27 million with Babel Street for 5,000 licenses to its Locate X product. When Senator Wyden asked FBI Director Kash Patel if he would commit to stop purchasing Americans’ location data, Patel declined. The FBI “uses all tools,” he said.

The Department of Defense purchased location data from a Muslim prayer app. Law enforcement used purchased data to track Black Lives Matter protesters. The IRS bought location data. Even the Secret Service is shopping at the data broker mall.

None of this required a warrant. None of it was reviewed by a judge.

Where Oracle Fits

Oracle is not just a database company. It is one of the largest consumer data brokers on the planet.

In 2014, Oracle acquired BlueKai, a company that tracks web browsing behavior across millions of sites. The same year, it acquired Datalogix, which aggregates data on over $2 trillion in consumer spending from loyalty card programs and retail transactions. These were merged into Oracle Data Cloud, a platform that connects your offline purchases to your online behavior and sells that composite profile to advertisers.

Oracle knows what you buy at the grocery store. It knows what websites you visit. It knows your age, your income bracket, your interests, and your purchase intent. It knows this for billions of consumer profiles across five billion unique IDs.

Now consider who Oracle’s strategic partner is.

Palantir. The company founded by Peter Thiel. The company with $1 billion in DHS contracts. The company building the AI surveillance infrastructure that ingests data from every source the government can legally buy.

Oracle and Palantir’s partnership page says they help “organizations increase efficiency, meet sovereignty requirements, and outpace adversaries.” Translated: Oracle collects the data, Palantir builds the analytics, and the government buys access to both. No warrant needed. No judge involved. No Fourth Amendment in sight.

Palantir claims it does not “own or broker access to data.” It just builds the software that makes other people’s data searchable, correlatable, and actionable at scale. The distinction is the kind of thing that sounds meaningful in a legal brief and evaporates the moment you understand what the software actually does.

The Connection

Stack the pieces.

Anthropic collects your face through Persona, a Thiel-funded verification company that runs 269 checks per user and files reports with federal agencies.

H.R. 8250 requires your operating system to collect your exact date of birth and hand it to any app through a mandatory API.

Oracle already has your purchase history, your browsing behavior, and your offline spending habits across billions of profiles.

Palantir builds the AI that correlates all of it into searchable, targetable, actionable intelligence.

And the government buys access to all of it without a warrant, because you “voluntarily” gave it to a weather app.

Each piece is harmless in isolation. Together, they form a composite identity that follows you everywhere you go, built not by hackers but by compliance departments following the law. Built not by conspiracy but by infrastructure.

Nobody needs to conspire when the incentives align.

The infrastructure connects itself.

In 1997, Latanya Sweeney proved that three data points could identify almost anyone. In 2026, Congress is writing the law that ensures those data points are collected, centralized, and available on demand.

The bill is called the “Parents Decide Act.” The parents did not ask for this. Neither did their children. But the data brokers, the advertisers, and the agencies who purchase commercial data without a warrant are deciding right now what this infrastructure will be used for.

Your birthday is not sensitive information. Until it is the last piece of a puzzle that somebody else is already assembling.

The Red String Wire investigates the convergence of corporate power, surveillance technology, and democratic erosion. It will remain free forever.

Sources: - H.R. 8250 Full Text, Congress.gov - USIPS: “The Parents Decide Act Will Dox You to Every Website” - Linuxiac: Federal Bill Would Bring OS-Level Age Verification to the Entire U.S. - Latanya Sweeney: Uniqueness of Simple Demographics (1997) - Colorado SB26-051 - California AB 1043 - EFF: California’s AB 1043 Age Verification Bill - State of Surveillance: The Data Broker Loophole - Lawfare: Data Broker Sales and the Fourth Amendment - EPIC: Government AI Is Coming for Your Data - Brennan Center: Closing the Data Broker Loophole - OPB: Your Data Is Everywhere, The Government Is Buying It - Oracle Acquires Datalogix, ZDNet - Oracle Acquires BlueKai, Data Center Knowledge - Privacy International: Oracle Profile - Oracle-Palantir Strategic Partnership - Palantir-Oracle Partnership Page

On Wednesday, Anthropic quietly rolled out identity verification for Claude users. Government photo ID. Live selfie. Processed by a company called Persona.

On Thursday at 2 AM, Congress voted to extend Section 702 of the Foreign Intelligence Surveillance Act until April 30. The warrantless surveillance program that allows the government to collect communications of foreign targets and, inevitably, millions of Americans caught in the net.

One event creates the identity database. The other creates the legal authority to search it.

What Persona Actually Is

Anthropic did not build its own verification system. It chose Persona Identities, a San Francisco company valued at $1.5 billion. Anthropic describes Persona as its “verification partner,” selected for “the strength of their technology, privacy controls, and security safeguards.”

Here is what Anthropic did not mention.

In February 2026, security researchers published an investigation that exposed Persona’s entire government dashboard codebase. 53 megabytes across 2,456 files, sitting unprotected on a FedRAMP-authorized government endpoint. No hacking required. No credentials used. The files were served publicly by Persona’s own web server.

What was inside those files rewrites the story Persona tells about itself.

269 Checks Per Selfie

When you verify your identity through Persona, the software does not simply confirm you are who you say you are. It performs 269 distinct verification checks. The exposed source code revealed:

Facial recognition watchlist matching. Your selfie gets compared against photos of politicians, public figures, and flagged individuals. A system called “SelfieSuspiciousEntityDetection” flags faces as suspicious based on undisclosed criteria.

Adverse media screening across 14 categories. Terrorism, espionage, money laundering, drug trafficking, etc.. Your name gets run against media databases looking for connections to any of these.

Cryptocurrency activity monitoring. Integrations with Chainalysis and TRM Labs scan for crypto wallet activity.

Sanctions list cross-referencing. Your identity checked against OFAC and international sanctions databases.

Social Security Administration lookups. Are you in the deceased-person database?

Automated re-screening. Cron jobs re-run these checks on users periodically. Not once. Ongoing.

All of this from a company that markets itself as an identity verification service. All of this triggered by uploading a selfie to use a chatbot.

Direct Line to the Feds

The exposed code revealed something most users would never expect. Persona files Suspicious Activity Reports directly with FinCEN, the U.S. Treasury’s Financial Crimes Enforcement Network, and FINTRAC in Canada. This is not speculation. Persona’s own help documentation includes instructions for filing SARs, complete with FinCEN submission workflows.

Banks file SARs when they suspect money laundering or fraud. Now an identity verification company for AI chatbots has the same capability.

The researchers also found internal references to “Project SHADOW” and “Project LEGION.” Unexplained intelligence program codenames embedded throughout the government codebase. Nobody has explained what these are.

Follow the Money

Persona’s Series C funding round of $150 million was led by Founders Fund. Peter Thiel’s venture capital firm. Founders Fund followed with Persona’s $200 million Series D. Combined, Thiel’s firm invested $350 million and acquired roughly ten percent of the company.

The same Peter Thiel who co-founded Palantir. The surveillance analytics company that holds billions in contracts with the CIA, NSA, FBI, and ICE. The company that built the ELITE targeting system for immigration enforcement. The company whose entire business model is turning identity data into intelligence products for government agencies.

The man who built the machine that watches what governments do with your data now owns a significant piece of the machine that collects your biometric identity when you use AI.

Three Years of Your Face

Persona retains your data for up to three years. Your selfie. Your government ID. Your IP address. Your browser fingerprint. Your device fingerprint. What is behind you in your selfie. All of it stored, all of it searchable, all of it available for those 269 checks to run against repeatedly.

Anthropic says Persona is “contractually limited” in how it uses your data. Anthropic says your data is “encrypted in transit and at rest.” Every technology company says these things, and yet every technology company at some point experiences data breaches. It’s not a matter of “if,” but instead “when.”

Discord learned this lesson. In October 2025, hackers accessed the government IDs of more than 70,000 Discord users through a verification vendor. Discord then tested Persona as a replacement. After the vmfunc investigation exposed Persona’s surveillance infrastructure, Discord dropped them within a month.

Anthropic looked at this history and chose Persona anyway.

The 2 AM Vote

While Anthropic was rolling out identity verification, Congress was voting in the middle of the night.

Section 702 of FISA was set to expire on April 20. GOP leaders tried and failed to pass a full reauthorization. Instead, the House voted shortly after 2 AM on April 17 to extend the program for ten days, pushing the deadline to April 30.

Section 702 allows the government to collect communications of foreign intelligence targets without individual warrants. In practice, the NSA’s collection sweeps up enormous volumes of American communications. The FBI then searches this data using identifiers of U.S. persons. No warrant required for the search. Only for the initial collection, which targets foreigners.

Now consider the pipeline. Persona collects your government ID, selfie, and biometrics when you verify your identity on an AI platform. Persona runs 269 checks against watchlists and government databases. Persona files SARs with FinCEN. Persona retains your data for three years on FedRAMP-authorized infrastructure.

Section 702 authorizes warrantless searches of data collected on government-authorized infrastructure.

Nobody needs to conspire. The infrastructure connects itself.

Who Gets Hurt

Enterprise customers will not be affected. They have contracts, SSO, legal departments.

Government agencies will not be affected. They have their own access.

Journalists, researchers, whistleblowers, activists, dissidents, and anyone who needs to think privately about dangerous questions. They get hurt. The people who need anonymous access to thinking tools the most are the ones who now face a biometric checkpoint to use them.

The EFF warned that mandatory verification undermines anonymous speech, affecting “LGBTQ+ youth, survivors of abuse, political dissidents” who rely on pseudonymity for safe participation online.

Anthropic says this applies to a “small number of cases” involving “potentially fraudulent or abusive behavior.” Today it is a small number. The infrastructure does not care about the scope of the policy. The infrastructure cares about the scope of the architecture. And the architecture is built to scale.

The Red String

Peter Thiel co-founded Palantir. Palantir processes intelligence data for the CIA, NSA, ICE, and FBI. Thiel’s Founders Fund invested $350 million into Persona. Persona processes identity verification for OpenAI, Anthropic, Roblox, Reddit, Lime, and Coursera. Persona runs 269 surveillance checks per user on FedRAMP government infrastructure. Persona files Suspicious Activity Reports with federal financial intelligence. Congress just extended the surveillance law that authorizes searching data on government infrastructure.

You hand over your face to ask a question. Your face enters a system funded by the architect of government surveillance, running on government infrastructure, filing reports with government agencies, protected by a surveillance law renewed in the middle of the night.

There is no conspiracy here, there doesn’t need to be one. The money flows, the data accumulates, the legal authority extends, and the infrastructure simply does the rest.

Five hundred years ago, Machiavelli observed that Ferdinand of Aragon “never preaches anything else but peace and good faith, and to both he is most hostile.” The cloak of safety still conceals the same things it always has.

The only difference now is that the cloak requires a selfie…

Sources

• Anthropic Identity Verification Support Page (updated April 17, 2026) -

• vmfunc: “The Watchers” — Persona/OpenAI Investigation (February 16, 2026) -

• State of Surveillance: Researchers Expose Persona (February 20, 2026) -

• Fortune: Discord Distances from Thiel-Backed Verification Software (February 24, 2026) -

• Engadget: Anthropic Will Ask Claude Users to Verify Their Identities (April 16, 2026) -

• Open Rights Group: Biometric ID System Backed by Palantir Co-founder (February 15, 2026) -

• NPR: Congress Extends Surveillance Powers for 10 Days (April 17, 2026) -

• NYT: House Votes to Extend FISA Surveillance Law (April 17, 2026) -

• The Register: Anthropic Starts Checking ID for Some Claude Users (April 16, 2026) -

• Persona Help: File a SAR

• Persona: OpenAI Customer Case Study

and the people who should be afraid aren’t paying attention.

The week of April 6th, 2026, somebody shot thirteen bullets into a city councilman’s front door in Indianapolis. They left a handwritten note under his doormat.

“No Data Centers.”

His eight-year-old son was inside.

That same night, forty miles east of Los Angeles, a twenty-nine-year-old warehouse worker named Chamel Abdulkarim lit a fire inside a 1.2-million-square-foot Kimberly-Clark distribution center. He live-streamed it on Facebook, and while on camera, surrounded by pallets of toilet paper already catching fire, he said:

“All you had to do was pay us enough to live.”

Then he texted a coworker: “I just cost these fuckers billions.”

When federal prosecutors asked about his motivations, Abdulkarim compared himself to Luigi Mangione.

Six hundred million dollars in damage. Total loss. A six-alarm fire that took twelve hours and a hundred and seventy-five firefighters to put out. The biggest single act of industrial arson in recent American history, committed by a guy making warehouse wages who filmed the whole thing on Facebook.

Two days later at four in the morning, a twenty-year-old named Daniel Moreno-Gama threw a Molotov cocktail at the front gate of Sam Altman’s twenty-seven-million-dollar San Francisco home. The OpenAI CEO was unscathed, however his gate was not. An hour later, Moreno-Gama showed up at OpenAI’s headquarters and threatened to burn that down too.

He was then arrested.

That same week: an Amazon warehouse in Ohio caught fire under suspicious circumstances. A man with a lighter set fires inside Ontario Mills mall, four days after the Kimberly-Clark warehouse burned in the same city. An abandoned warehouse in Bakersfield burned for the third time. Two separate five-alarm fires destroyed lumberyards in Queens and Apple Creek, Ohio on the same night, in different states.

That’s 7+ fires and a shooting across 5 different states in a 7 day period.

On social media, one phrase keeps circulating.

“They’re out of touch, not out of reach.”

The Pitch That Didn’t Land

Four days before someone threw a firebomb at his house, Sam Altman published a thirteen-page policy document titled “Industrial Policy for the Intelligence Age.” Robot taxes, a four-day workweek, Universal basic income funded by a public wealth fund, an automatic safety net triggers for when AI displaces workers.

In his Axios interview, Altman compared the scale of his vision to the New Deal.

Sit with that for a second.

This is the CEO of the world’s most valuable AI company. The same man who, three weeks earlier, told a room full of BlackRock investors:

“We see a future where intelligence is a utility like electricity or water and people buy it from us on a meter.”

Intelligence as a utility…

Metered, sold, and owned…

…by him.

At the same summit, he said something else. Something that got less attention:

“Capitalism has depended on at least something of a power balance between labor and capital. But if it’s hard in many of our current jobs to outwork a GPU, then that changes.”

Read that again. The man building what runs on the GPUs is telling you the power balance between workers and owners is about to collapse. He knows… He’s the one collapsing it.

His solution? A thirteen-page PDF.

A Carnegie Endowment analyst called it “comms work to provide cover for regulatory nihilism.” Because OpenAI was simultaneously lobbying against AI safety legislation while publishing this document.

The streets didn’t read the PDF. They answered with fire.

The History They Don’t Teach You

Here is what your high school textbook said about the Great Depression:

The economy collapsed. People suffered. Franklin Roosevelt, a compassionate leader, created Social Security and labor protections. The middle class grew. America prospered.

Here is what actually happened.

1892 - The Homestead Strike. Steel workers in Pennsylvania went on strike against Andrew Carnegie’s mills. Carnegie hired three hundred Pinkerton agents and shipped them up the Monongahela River on armed barges. Workers and Pinkertons exchanged gunfire for fourteen hours. Sixteen people died. The state militia occupied the town for ninety-five days.

Carnegie was on vacation in Scotland.

1914 - The Ludlow Massacre. Coal miners in southern Colorado had been on strike for months, living in tent colonies after being evicted from company housing. On April 20th, the Colorado National Guard opened fire on the tent colony with machine guns. Then they set the tents on fire.

Twenty-one people died. Eleven of them were children. Two were women. They suffocated in a pit they’d dug beneath their tent, trying to hide from the bullets. The youngest was four months old.

John D. Rockefeller Jr. owned the mine.

1921 - The Battle of Blair Mountain. Ten thousand armed coal miners marched on Logan County, West Virginia, to organize the mines. They were met by three thousand lawmen, strikebreakers, and company militia. Private planes dropped homemade bombs and leftover World War I poison gas on the miners. The US Army intervened by presidential order. Roughly a million rounds were fired over five days. Between fifty and a hundred miners were killed.

It was the largest armed uprising on American soil since the Civil War.

1934 - Minneapolis. The Teamsters went on strike. On July 20th, police opened fire on unarmed pickets with riot guns and buckshot. Two strikers died. Sixty-seven were wounded.

A public commission investigated. Their finding: “Police took direct aim at the pickets and fired to kill. Physical safety of the police was at no time endangered.”

One eyewitness described a man stepping on his own intestines in the street.

Henry Ness, a World War I veteran, was shot twice. The second time while he was already on the ground. A hundred thousand people came to his funeral.

1934 - The West Coast Waterfront Strike. Nine workers killed. A thousand injured. Five hundred arrested. San Francisco shut down completely when a hundred and fifty thousand workers walked off the job in solidarity. Every port on the Pacific coast went dark for eighty-three days.

1936 - Flint, Michigan. Auto workers occupied General Motors plants for forty-four days. Refused to leave. GM got a court order from a judge who owned three thousand shares of GM stock. Workers ignored it. Police attacked with tear gas and guns. Workers fought back with bolts, hinges, and bottles. Fourteen were shot.

The governor sent the National Guard. Not to evict the strikers. To protect them from the police.

After Flint, UAW membership went from 30,000 to 500,000 within a single year.

1937 - Ford Motor Company maintained a private army of three thousand men under a thug named Harry Bennett, supplemented by Pinkerton agents. When UAW organizers tried to hand out leaflets at the River Rouge plant, Bennett’s men beat them on the overpass.

Walter Reuther, who would become the most important labor leader in American history: “Seven times they raised me off the concrete and slammed me down on it.”

Another organizer suffered a broken back.

A photographer by the name of James Kilpatrick captured everything, including the photo above where Ford Motor Company Servicemen beat Richard Frankensteen, a UAW organizer, during the “Battle of the Overpass.” Ford’s men tried to destroy the photo plates. Kilpatrick hid the real ones under his car seat, drove away, and got the pictures to every newspaper in the country. Public opinion turned overnight.

1937 - Memorial Day. Fifteen hundred people marched toward the Republic Steel mill in South Chicago. Striking workers, their families, their neighbors. Three hundred police blocked the road. The crowd turned to leave.

The police opened fire on their backs.

Ten dead. Sixty-seven wounded. Twenty-eight skulls fractured by police clubs. Nine permanently disabled.

Paramount News filmed the entire thing. Then a Paramount executive suppressed the footage because he thought it might cause “mass hysteria.”

The coroner ruled it justifiable homicide.

No officer was ever prosecuted.

This wasn’t a few isolated incidents. In 1937 alone, four hundred and seventy-seven sit-down strikes involved roughly four hundred thousand workers across the country. Over the course of the decade, more than a hundred workers were documented killed by police and corporate militias.

Workers occupied factories. Burned company property. Fought Pinkertons with baseball bats. Shut down entire cities. Died on picket lines and in tent colonies and on steel mill roads while their children watched.

This is the part of American history that doesn’t make the textbook.

The Deal

Franklin Roosevelt did not create the New Deal because he was a good person.

He created it because the alternative was a revolution.

The Wagner Act of 1935 gave workers the right to organize. The Social Security Act of 1935 created a safety net. The Fair Labor Standards Act of 1938 gave them the minimum wage, the forty-hour week, overtime pay, and banned child labor.

These were not gifts, they were concessions.

Roosevelt knew exactly what he was doing. When critics said Social Security’s payroll tax was economically regressive, he didn’t argue economics. He argued power:

“I guess you’re right on the economics. They are politics all the way through. We put those payroll contributions there so as to give the contributors a legal, moral, and political right to collect their pensions. With those taxes in there, no damn politician can ever scrap my social security program.”

Politics. Not compassion. A calculation. Giving workers something was cheaper than losing everything.

The American middle class. The weekends. The pensions. The 8 hour workday. The idea that a factory worker could own a house and send kids to college. None of it was built on a foundation of democratic values.

It was built on broken windows and occupied factories and the well-founded fear of the ownership class that if they didn’t share the table, the table would be flipped.

The Rhyme

History doesn’t repeat. But it rhymes. And the rhyme scheme right now is deafening.

The squeeze, then - Twenty-five percent unemployment. No safety net. Company towns. Child labor. Workers had nothing and owners had everything and nobody with power saw any reason to change that.

The squeeze, now - Forty years of stagnant wages. Housing that costs more than most people earn. A gig economy dressed up as freedom. And an AI industry whose CEO tells a room full of investment bankers that intelligence will be “a utility people buy from us on a meter.” Then, in the same speech, admits that the balance between labor and capital is about to break.

The violence, then - Factory occupations. Sit-down strikes. Running street battles between workers and private armies. Tent colonies machine-gunned. Picket lines shot from behind. A million rounds fired at Blair Mountain.

The violence, now - A healthcare CEO assassinated in Manhattan and turned into a folk hero overnight. Thirteen bullets through a politician’s front door over a data center vote. A six-hundred-million-dollar fire set by a man who filmed it, posted it, and invoked the assassin’s name. A firebomb at the gate of the most prominent AI executive on Earth.

The concession, then - The New Deal. Social Security. The minimum wage. The forty-hour week. A generation of shared prosperity purchased with the currency of fear.

The concession, now - A thirteen-page PDF proposing robot taxes and a four-day workweek. Published four days before the author’s house was firebombed. Written by the same company that was lobbying against safety legislation with the other hand.

There is one crucial difference.

In the 1930s, there was an FDR. A leader willing to stand between capital and labor and broker a deal. His motivations were self-preservation more than solidarity. But he was there. And he had the political power to force concessions from people who would never have offered them voluntarily.

Who is the FDR now?

The current administration’s policy engine is the Heritage Foundation. Its surveillance infrastructure is built by Palantir. Its data is managed by Oracle. The machine that should be brokering a new social contract IS the machine doing the squeezing.

There is no one in power positioned to negotiate on behalf of the people watching their jobs get automated, their housing get financialized, and their healthcare get denied by algorithms.

The Uncomfortable Truth

Nobody wants to say this. Saying it feels like endorsing it.

The pattern suggests that violence works.

Not morally. Not as a philosophy. Not as something any sane person should pursue. But historically. As a matter of documented, repeated, verifiable fact. The American middle class exists because workers made the cost of exploitation higher than the cost of compromise.

The sit-down strikes worked. The factory occupations worked. The threat of revolution worked. Not because burning things is good. Because the people who owned everything only shared when they became afraid of losing it all.

That’s not a call to action. It’s a history lesson.

And a warning.

Sam Altman is publishing his version of the New Deal from a twenty-seven-million-dollar house four days before someone shows up at his gate with a bottle of gasoline. His proposal sounds exactly like the concessions of 1935. Robot taxes. Shorter workweeks. A public wealth fund. Just enough to keep the table from flipping.

Chamel Abdulkarim already gave his answer. He filmed it. Posted it. Lit the fire.

“All you had to do was pay us enough to live.”

Somewhere in an archive, there’s a Paramount newsreel from Memorial Day, 1937. Suppressed for decades because a studio executive thought the footage of police shooting fleeing workers in the back might upset people.

They buried that film. But the workers still won.

The question isn’t whether the concessions will come. History says they always do.

The question is how much has to burn first.

Sources

The Week of Fire (April 2026) - Indianapolis data center shooting (Washington Post, Apr 6) - Kimberly-Clark warehouse arson (LA Times, Apr 8) - Abdulkarim cites Mangione (Guardian, Apr 10) - Abdulkarim federal charges (NYT, Apr 10) - Sam Altman molotov cocktail (NYT, Apr 10) - Amazon warehouse fire, Ohio (Columbus Dispatch, Apr 8) - Bakersfield warehouse fire (Bakersfield Now, Apr 11) - Queens lumberyard fire (CBS NY, Apr 11) - Ohio lumberyard fire (WKYC, Apr 11)

Sam Altman / OpenAI - “Intelligence as a utility” quote, BlackRock Summit (Fortune, Mar 12) - “Intelligence as a utility” video (YouTube, BlackRock Summit) - OpenAI “Industrial Policy for the Intelligence Age” (openai.com, Apr 7) - Full policy PDF (openai.com) - Altman compares to New Deal (Axios, Apr 6) - “Regulatory nihilism” critique (Fortune, Apr 6) - AI job displacement confirmation (Fortune, Feb 19)

Luigi Mangione / Folk Hero Phenomenon - Mangione as modern antihero (New Yorker, Dec 13, 2024) - Pop culture Robin Hood (El País, May 21, 2025) - Social media folk hero (Forbes, Dec 12, 2024)

1930s Labor History - Homestead Strike (1892) - Ludlow Massacre (1914) - Battle of Blair Mountain (1921) - Minneapolis Teamsters Strike (1934) - West Coast Waterfront Strike (1934) - Flint Sit-Down Strike (1936-37) - Battle of the Overpass (1937) - Memorial Day Massacre (1937) - Wagner Act (1935) - Fair Labor Standards Act (1938)

Anti-Data Center / Anti-AI Movement - 12 states with data center moratorium bills (Washington Post, Apr 8) - FBI Carahsoft raid (Nextgov/FCW, Sep 2024)

This episode exposes the mechanisms such as loyalty cards, invisible pixels, social sharing buttons, and cross-device tracking that built the largest commercial surveillance operation in history.

In this episode:

- The BlueKai data exposure: billions of records on an unprotected server

- How invisible tracking pixels follow you across the internet

- The AddThis share button: a Trojan horse on 15 million websites

- Cross-device identity resolution: linking your phone, laptop, and TV

- The $115 million class action settlement that covered every American adult

- Oracle’s ID Graph: one profile to rule them all

Read the full investigation with sources: [theredstringwire.com]

…then buys them.

This episode walks through the key acquisitions that built the surveillance empire, piece by piece, acquisition by acquisition, from PeopleSoft to BlueKai.

In this episode:

- The PeopleSoft hostile takeover and what it revealed about Oracle’s ambitions

- BEA Systems: buying the plumbing of the internet

- Sun Microsystems: Java, SPARC, and the hardware play

- Cerner: a quarter of America’s hospital records in one purchase

- BlueKai, Datalogix, AddThis: the data broker shopping spree

- How $110 billion in acquisitions created a surveillance machine no single company could have built alone

Read the full investigation with sources: [theredstringwire.com]

That kind of origin story explains the yachts and the $220 billion net worth. It doesn’t explain what Oracle became. This episode traces the man behind the machine. From a college dropout in Chicago to the architect of an empire that touches every layer of human activity.

In this episode:

- Ellison’s abandonment and the psychology of empire

- The NetSuite connection and the SEC’s uncomfortable questions

- Ellison’s private island in Hawaii and what it tells you about control

- The relationship with Elon Musk, Peter Thiel, and the billionaire network

- How personal insecurity became institutional surveillance

Read the full investigation with sources: [theredstringwire.com]

This episode traces Oracle’s origin from a CIA contract called “Oracle” to a company that named itself after the project and then spent the next decade building the database technology that would eventually power the global surveillance infrastructure.

In this episode:

- The CIA’s Project Oracle and the $50,000 contract that started everything

- How relational databases changed what surveillance could do

- Bob Miner, Ed Oates, and the technical genius behind the curtain

- The “Version 2” lie and why Oracle’s first product was called Version 2

- Early Pentagon contracts and the pattern that would define the company

Read the full investigation with sources: [theredstringwire.com]

…in 2020.

In this introductory episode, we lay out the scope of The Red String Wire investigation: How did a CIA database contract from 1977 become the foundation of a company that tracks five billion people? Why does one man now control a quarter of America’s hospital records, classified Pentagon infrastructure, and a $500 billion AI system built at the request of the White House?

This is the overview, the map before the territory. Start here.

In this episode:

- Oracle’s five billion dossiers and what’s in them

- The Ellison family media empire: CBS, Paramount, CNN, HBO, Warner Bros.

- The $500 billion Stargate AI project

- How surveillance became infrastructure

- Why not enough people are paying attention
Five billion people. That’s how many human beings Oracle Corporation claimed to have detailed dossiers on...In 2020.

In this introductory episode, we lay out the scope of The Red String Wire investigation: How did a CIA database contract from 1977 become the foundation of a company that tracks five billion people? Why does one man now control a quarter of America’s hospital records, classified Pentagon infrastructure, and a $500 billion AI system built at the request of the White House?

This is the overview, the map before the territory. Start here.

In this episode:

- Oracle’s five billion dossiers and what’s in them

- The Ellison family media empire: CBS, Paramount, CNN, HBO, Warner Bros.

- The $500 billion Stargate AI project

- How surveillance became infrastructure

- Why not enough people are paying attention

Read the fully sourced investigation: [theredstringwire.com]

Oracle knew you bought prenatal vitamins at CVS.

Oracle knew you read parenting articles on BabyCenter.

Oracle knew you searched for cribs on your phone at 2 AM and then again on your laptop the next morning.

Oracle knew your home address. Your email. Your phone number. The name on your credit card.

And Oracle merged all of it into a single profile and put it up for sale.

Not to your doctor. Not to your insurance company. To anyone with a credit card and an advertising budget.

You never signed up for this. You never clicked "I agree." You never even knew Oracle had your name. But they did. They had your name, and your purchase history, and your browsing habits, and a probabilistic model of every device you owned, and they had packaged all of it into a neat little dossier that sat on a server alongside five billion others.

Five billion.

Not five billion data points. Five billion people. Five billion profiles, built from fifteen million data sources, updated continuously, sold on an open marketplace to anyone who wanted to buy a slice of someone's life.

That number comes from Oracle's own vice president of data cloud, Eric Roza, who told Computerworld in 2017 that Oracle Data Cloud maintained profiles on over five billion consumer IDs drawn from more than fifteen million data sources. He said it like it was a selling point. Because it was.

At its peak, Oracle's advertising data division generated over a billion dollars a year in revenue. A billion dollars, extracted from the digital exhaust of people who had no idea they were being watched, catalogued, and sold.

Part 3 of this series catalogued the acquisitions. Datalogix. BlueKai. AddThis. Crosswise. Moat. Grapeshot. The shopping spree that turned Oracle from a database company into a surveillance conglomerate.

Now it's time to talk about what all that machinery actually did.

How it worked. What it captured. What it revealed about you.

And why the company that built a global surveillance apparatus couldn't be bothered to put a password on its own database.

Mechanism #1: The Loyalty Card Pipeline

You have a loyalty card.

Maybe it's from CVS. Maybe Kroger. Maybe Target, or Walgreens, or any of the dozens of grocery chains and pharmacies that offer you a few cents off your toothpaste in exchange for a little plastic rectangle on your keychain.

You know, on some level, that the store tracks your purchases. That's the deal. You save twelve cents on dish soap, and they learn you buy dish soap every three weeks. Fine. It feels harmless. It feels local. It feels like a transaction between you and the store.

It wasn't.

Datalogix, the company Oracle acquired in 2014 for $1.2 billion, had spent years building relationships with those retailers. CVS. Kroger. Target. Walgreens. Hundreds of them. Datalogix had access to the purchase histories of what it described as "almost every U.S. household." Not a sample. Not a projection. Almost every household.

Here's how the pipeline worked.

When you swiped your loyalty card at the register, the store recorded your purchase. Product name. Price. Date. Time. Location. That record went into the store's database, tied to the loyalty card number, which was in turn tied to whatever information you'd provided when you signed up. Name. Address. Email. Phone number.

Datalogix ingested those records. Billions of them. The Electronic Frontier Foundation estimated that Datalogix processed purchase data representing over one trillion dollars in consumer transactions. One trillion. That's not a typo. That's every box of cereal, every prescription refill, every pregnancy test, every bottle of whiskey, every tube of hemorrhoid cream purchased by almost every household in America, flowing into Oracle's servers.

But purchase history alone wasn't the prize. The prize was matching it to online identities.

Datalogix took the email addresses and phone numbers from loyalty card signups and hashed them. Hashing is a one-way mathematical function that turns "john.smith@gmail.com" into a string of characters like "a4f2e8c1d..." The theory is that hashing protects privacy because you can't reverse the hash back to the original email.

The practice is different.

Facebook also had your email address. So did Google, and Twitter, and dozens of other platforms. They hashed their emails the same way. And when Datalogix's hash matched Facebook's hash, the two companies knew they were looking at the same person. No raw email ever changed hands. Just a wink and a nod between two databases that both knew exactly who you were.

In September 2012, Facebook announced a partnership with Datalogix. The stated purpose was to help advertisers measure whether Facebook ads led to in-store purchases. The unstated reality was that Facebook had just connected its billion-user social graph to the purchase histories of almost every American household.

Facebook didn't ask its users for permission. It didn't notify them. It automatically opted in every single user. All of them. If you had a Facebook account in September 2012, you were part of the Datalogix partnership whether you knew it or not.

The backlash was immediate but ineffective. The Electronic Privacy Information Center filed an FTC complaint. Privacy researchers screamed. Facebook responded by creating an opt-out page buried deep in its settings, accessible only if you knew it existed, which required you to first know that the partnership existed, which Facebook had never told you about.

The FTC investigated. It found that Datalogix's privacy practices were questionable but technically legal. No enforcement action was taken. The partnership continued.

It took Cambridge Analytica to kill it. When that scandal erupted in 2018, Facebook frantically shut down its third-party data marketplace, cutting off Datalogix and its competitors from direct access to Facebook's user graph. But by then, the data had been flowing for six years. And Datalogix was already inside Oracle, where the purchase histories continued to be matched, merged, and sold through Oracle's own channels.

The loyalty card in your wallet was never just a loyalty card. It was an intake form for one of the largest consumer surveillance operations ever constructed. And the twelve cents you saved on dish soap was the price they paid you for your entire purchase history.

Mechanism #2: The Invisible Pixel

If Datalogix watched what you bought, BlueKai watched what you read.

You already know from Part 3 that Oracle acquired BlueKai in 2014. What matters now is understanding the mechanism. Because BlueKai's tracking technology was both brilliantly simple and profoundly invasive, and it was hiding in plain sight on websites you visited every day.

The core technology was the tracking pixel.

A tracking pixel is a 1x1 image, one pixel by one pixel, embedded in a webpage. It's invisible. You can't see it. Your browser loads it automatically as part of rendering the page, and you never know it's there. But when your browser requests that tiny image from BlueKai's server, it sends along information. Your IP address. Your browser type. Your operating system. And critically, the referrer URL, which is the full address of the page you're currently viewing.

That referrer URL is where the surveillance happens.

If you're reading an article on WebMD about diabetes symptoms, the referrer URL contains "webmd.com/diabetes/symptoms." If you're browsing mortgage rates on Bankrate, the URL contains "bankrate.com/mortgages." If you're reading about divorce lawyers, or depression medication, or bankruptcy filing, or HIV testing centers, the URL tells BlueKai exactly what you were looking at.

One pixel. Invisible. Loaded automatically. And it captured the full content of your browsing session.

BlueKai's pixels were embedded on thousands of websites. According to whotracks.me, a project by the privacy company Ghostery that monitors web trackers, BlueKai's tracking infrastructure touched approximately 1.2 percent of all web traffic. That might sound small. It isn't. 1.2 percent of all web traffic is billions of page views per month. Billions of referrer URLs. Billions of data points about what real people were reading, researching, worrying about, planning for.

But BlueKai wasn't just collecting this data for Oracle's internal use. BlueKai operated a data marketplace. A literal marketplace where advertisers could browse and purchase behavioral profiles based on web activity.

Want to target people who've been reading about luxury cars? BlueKai had a segment for that. People researching cancer treatment options? There was a segment for that too. People visiting pages about addiction recovery, or debt consolidation, or domestic violence resources? All available. All for sale.

The marketplace operated on a taxonomy of thousands of behavioral categories. Advertisers could slice and dice the browsing population by interest, intent, life stage, health concern, financial situation. And because BlueKai was matching this browsing data against other identity signals, including the hashed emails and device fingerprints flowing in from Oracle's other acquisitions, these weren't anonymous segments. They could be tied back to real people.

The invisible pixel was the intake valve. The marketplace was the cash register. And between them, BlueKai turned the simple act of reading a webpage into a transaction where you were the product, sold in real time to the highest bidder.

Mechanism #3: The Trojan Horse

AddThis was the most insidious one.

You've seen it a thousand times. Those little sharing buttons at the bottom of articles and blog posts. The row of icons: Facebook, Twitter, Pinterest, email. "Share this!" Friendly. Helpful. A public service, really, making it easy to pass along interesting content to your friends.

It was surveillance infrastructure.

AddThis provided its sharing toolbar to website publishers for free. Completely free. No charge. And publishers loved it, because it was easy to install, it looked professional, and it encouraged social sharing, which drove traffic. By the time Oracle acquired AddThis in 2016, the toolbar was installed on more than fifteen million websites and reached 1.9 billion unique users per month.

Let that number settle. 1.9 billion monthly uniques. That's not a typo. That's roughly a quarter of everyone on the internet, every month, interacting with pages that contained AddThis code.

But the sharing buttons were the candy coating. The real payload was the JavaScript that loaded alongside them.

When a webpage included the AddThis toolbar, it loaded a JavaScript file from AddThis's servers. That script did more than render sharing buttons. It tracked the user's behavior on the page. What they scrolled past. What they clicked. How long they stayed. And it reported all of that back to AddThis, along with the same referrer URL data that BlueKai was harvesting.

In July 2014, ProPublica published an investigation that revealed something even more troubling. AddThis was using a technique called canvas fingerprinting to track users across websites, even when they blocked cookies.

Canvas fingerprinting works like this. The JavaScript instructs your browser to draw a hidden image using the HTML5 canvas element. The way your browser renders that image depends on your operating system, your graphics card, your installed fonts, your screen resolution, and dozens of other variables unique to your specific machine. The resulting image is converted to a string of characters that serves as a fingerprint. Your fingerprint. Unique to your device. Persistent across browsing sessions. Nearly impossible to block.

ProPublica found AddThis's canvas fingerprinting code running on thousands of major websites. The White House website. YouPorn. Government agencies. Health information sites. News organizations. All of them, simultaneously feeding behavioral data back to AddThis through a piece of code that most of them had installed thinking it was just a sharing toolbar.

The YouPorn revelation was particularly telling. When ProPublica contacted the company, a spokesperson said YouPorn was "completely unaware that AddThis contained tracking software." They had installed it for the sharing buttons. They didn't know it was fingerprinting their users and sending the data to a third party. They pulled it immediately.

But YouPorn was one site among fifteen million. How many other publishers knew what was running on their pages? How many had read the AddThis terms of service closely enough to understand that "free" meant "we track your visitors and sell the data"?

The answer, based on the reaction to ProPublica's investigation, was almost none.

After Oracle acquired AddThis, the tracking continued. The data flowed into Oracle Data Cloud alongside the purchase histories from Datalogix and the browsing profiles from BlueKai. Fifteen million websites' worth of user behavior, merged into Oracle's growing surveillance apparatus.

AddThis had one problem. It couldn't survive GDPR.

The European Union's General Data Protection Regulation, which took effect in May 2018, required explicit, informed consent before tracking users. AddThis's entire business model was built on tracking users without their knowledge. The sharing buttons were designed to be installed by publishers who didn't understand what the code actually did. Getting informed consent from 1.9 billion monthly users for covert tracking was not a technical challenge. It was a logical impossibility.

Oracle tried to make it work. They tried consent frameworks, modified code, regional restrictions. None of it could square the circle. You cannot get informed consent for a system that was specifically designed to operate without anyone's knowledge.

On May 31, 2023, Oracle shut down AddThis. The sharing buttons disappeared from fifteen million websites. The Trojan Horse was finally wheeled out of the city.

But by then, Oracle had been collecting data through AddThis for seven years. That data didn't disappear with the toolbar.

Mechanism #4: The Device Stitcher

There was a problem with all of this data, and the problem was fragmentation.

Datalogix knew what you bought at the store. BlueKai knew what you read on your laptop. AddThis knew what you shared on your phone. But they didn't always know that the person buying prenatal vitamins at CVS was the same person reading BabyCenter articles on a MacBook and sharing nursery design ideas on an iPhone.

Different devices. Different browsers. Different IP addresses. Different cookies. To a tracking system, you looked like three or four different people.

Crosswise solved that problem.

Founded in Tel Aviv in July 2014, Crosswise was built by veterans of Unit 8200, the Israeli military's elite signals intelligence division. The same unit that produced the founders of NSO Group, Cellebrite, and dozens of other surveillance technology companies. The founders of Crosswise had spent their military careers learning how to identify and track targets across fragmented communications channels. They applied those skills to advertising.

Crosswise's technology was called probabilistic device matching, and it worked without requiring any login data at all.

Here's the concept. Your phone and your laptop are different devices, but they share certain behavioral patterns. They connect to the same WiFi networks. They're active at the same times of day. They visit the same IP addresses. They're in the same geographic location. They access some of the same apps and websites.

Crosswise's algorithms analyzed these signals across billions of devices and identified clusters of devices that appeared to belong to the same person. No login required. No email matching. No cookies. Just pattern analysis on network behavior, location data, temporal usage patterns, and other signals that, taken individually, meant nothing, but taken together could identify you with startling accuracy.

Oracle acquired Crosswise in 2016. It was not a large acquisition. There were no splashy press releases. But it was arguably the most important piece of the puzzle.

Because Crosswise was the bridge.

Without Crosswise, Oracle had islands of data. Purchase histories here. Browsing profiles there. Social sharing data somewhere else. With Crosswise, Oracle could connect those islands. The person buying prenatal vitamins at CVS (Datalogix) was now linked to the person reading BabyCenter on a laptop (BlueKai) and sharing nursery ideas on a phone (AddThis).

All without the person ever logging in to anything Oracle operated. All without consent. All invisible.

Unit 8200 built surveillance tools for national security. Their alumni built one for selling diapers.

Mechanism #5: The Oracle ID Graph

Now put it all together.

Oracle called it the Oracle ID Graph, and it was exactly what it sounds like: a massive graph database that merged every data source Oracle had acquired into unified consumer profiles.

The ID Graph used two types of matching.

Deterministic matching was the straightforward kind. If Datalogix had your email address from a loyalty card signup, and BlueKai had the same email address from a website registration, that was a deterministic match. Same email, same person. High confidence. Oracle also matched on phone numbers, names, and physical addresses.

Probabilistic matching was Crosswise's contribution. When Oracle couldn't find a deterministic link between two data points, it used Crosswise's device graph to make a probabilistic connection. Your laptop and your phone shared WiFi patterns and location signals, so they probably belonged to the same person. Probability: 94%. Close enough.

Between deterministic and probabilistic matching, Oracle could stitch together data from sources that had no direct connection to each other. The loyalty card from CVS had your email. The tracking pixel on WebMD had your browser fingerprint. The AddThis toolbar on a parenting blog had your device ID. And Crosswise connected your devices even when none of those identifiers overlapped.

The result was a profile that contained more about you than any single company, or possibly any government agency, had ever assembled.

A single Oracle ID Graph profile could include your full name, your email addresses, your phone numbers, your physical address and mailing address. It could include your complete web browsing history across every site running BlueKai pixels. Your in-store purchase history from every retailer feeding data to Datalogix. Every website where you clicked a share button powered by AddThis. Every device you owned, linked through Crosswise's probabilistic matching. Your inferred income bracket. Your estimated political affiliation. Your probable health conditions. Your likely life stage.

Oracle also partnered with PlaceIQ, a location data company that tracked GPS movements from mobile apps. Through that partnership, Oracle could add physical movement patterns to its profiles. Where you went. How long you stayed. How often you visited. Your commute pattern. Your shopping habits. Whether you went to church on Sundays or a bar on Fridays.

Let's go back to the prenatal vitamins.

You bought prenatal vitamins at CVS using your loyalty card. Datalogix captured that purchase and matched it to your email address from the card signup. BlueKai's pixel on BabyCenter captured your browsing session about first-trimester nutrition, linked to a browser cookie. AddThis's toolbar on a pregnancy forum captured your sharing activity and canvas-fingerprinted your device. Crosswise connected your phone, your laptop, and your work computer as belonging to the same person. PlaceIQ recorded your phone visiting a Babies "R" Us location for forty-five minutes on a Saturday.

Oracle's ID Graph merged all of this into a single profile. Your profile. With your name on it.

And then Oracle put that profile on the marketplace.

An advertiser selling baby products could now target you with ads. So could a health insurance company looking for expectant mothers. So could an employer looking for employees who might be about to take maternity leave. So could a data broker purchasing Oracle segments for resale to anyone with a checkbook.

You didn't know this was happening. You never consented to it. You never even knew Oracle had your name.

But Oracle had five billion profiles just like yours. And every single one of them was for sale.

The Server Without a Password

In 2020, a security researcher named Anurag Sen found something that would have been funny if it weren't so horrifying.

He found an Oracle BlueKai server sitting on the open internet, completely unsecured. No password. No authentication. No encryption. Nothing. Just a database containing billions of records of consumer tracking data, accessible to anyone who knew the IP address.

Sen reported his findings to Zach Whittaker at TechCrunch, who verified the exposure and published the story in June 2020.

The exposed data was staggering. Billions of records containing web browsing activity tied to real people. Names. Home addresses. Email addresses. The full referrer URLs that revealed exactly what people had been reading online. All of it sitting on a server that anyone could access.

Whittaker's reporting highlighted specific records that illustrated the scope of the exposure.

There was a German man whose record showed he had placed a ten-euro bet on an esports match. The record contained his full name, his home address, his email, and the details of the bet. A ten-euro wager, and Oracle had captured it, linked it to his identity, and then left it on an unsecured server for the world to see.

There was a Turkish investment company that appeared to be using BlueKai data to track the online behavior of its own users, with the tracking data exposed alongside personal details.

There were records showing people's browsing habits on health sites, financial sites, dating sites. Records that, if made public, could destroy careers, end relationships, alter insurance rates.

The company that had built the most comprehensive commercial surveillance apparatus in history, the company that sold data security as one of its core enterprise products, the company whose founder Larry Ellison had spent decades positioning as the gold standard of database technology, couldn't be bothered to put a password on its own surveillance database.

Oracle's response was muted. The company acknowledged the exposure, secured the server, and said it was "aware of a report regarding certain BlueKai records that may have been exposed on the internet." May have been. As if there were any ambiguity. The server was wide open.

No one knows how long the server was exposed. No one knows who accessed it. No one knows how many of those billions of records were copied, sold, or used. Oracle didn't say, and no regulator forced them to.

The irony was thick enough to choke on. Oracle had spent billions of dollars building a system to collect and monetize the most intimate details of people's lives. And then it left the back door open.

And it wasn't just the BlueKai server. Our own OSINT research found that documents stamped "Confidential, Oracle Internal" and "Oracle Restricted" are currently sitting on public-facing pages at docs.oracle.com, fully indexed by Google. Not leaked by a whistleblower. Not exfiltrated by a hacker. Just... there. Findable by anyone with a search engine and five minutes of curiosity. The company that built a global surveillance machine to track your every digital movement cannot secure its own confidential documents from a basic Google search.

This is the entity that wants you to trust it with your data. This is the company that governments and Fortune 500s pay to secure their most sensitive information. It stamps things "Confidential" and then publishes them on the open web. It's not negligence at this point. It's a pattern.

The Reckoning That Came Too Late

On August 19, 2022, a class action lawsuit was filed in the Northern District of California. The case was called Katz-Lacabe v. Oracle America Inc., and the complaint did not mince words.

The plaintiffs described Oracle Data Cloud as a "worldwide surveillance machine" that had compiled dossiers on approximately five billion people. The complaint alleged violations of the federal Electronic Communications Privacy Act, various state privacy laws, and common law privacy rights.

The core argument was simple. Oracle had intercepted, collected, and sold people's communications and personal data without their knowledge or consent. The tracking pixels captured web browsing activity in transit. The purchase history matching linked offline behavior to online identities. The device stitching connected data sources that users had never authorized to be connected. All of it happened invisibly, automatically, and at a scale that dwarfed any previous commercial surveillance operation.

The language in the complaint deserves to be read directly. The plaintiffs' attorneys described Oracle's operation as "deliberate and purposeful surveillance of the general population via their digital and online existence." Not incidental data collection. Not a byproduct of service delivery. Deliberate. Purposeful. Surveillance. Of the general population. The complaint further alleged that Oracle "tracks in real-time and records indefinitely." Real-time tracking. Indefinite retention. That's not an advertising platform. That's an intelligence operation with a marketing department.

The complaint detailed how Oracle's system worked in language that would have been illuminating for anyone who hadn't been following this series. The plaintiffs' lawyers had done their homework. They traced the data flows from loyalty cards through Datalogix, from tracking pixels through BlueKai, from sharing buttons through AddThis, from device fingerprinting through Crosswise, all converging in the Oracle ID Graph.

The case was strong enough that Oracle decided to settle rather than risk a trial.

In August 2024, Oracle agreed to pay $115 million to settle the class action. The settlement class covered anyone in the United States whose data had been collected from August 19, 2018 onward. Think about that date range for a moment. Six years of surveillance, covering essentially every human being with an internet connection. The settlement only covered American Adults, however their tracking covered everyone. The company also agreed to stop capturing referrer URLs and form text through its tracking systems.

One hundred and fifteen million dollars. That sounds like a lot of money.

It isn't.

Oracle's market capitalization at the time was over $300 billion. Its annual revenue exceeded $50 billion. $115 million represented approximately 0.23 percent of the company's annual revenue. Not two percent. Zero point two three percent.

To put that in perspective, if you made $50,000 a year, an equivalent fine would be $20. Twenty dollars. For running a worldwide surveillance machine that tracked five billion people without their consent.

But the settlement's real failure wasn't the dollar amount. It was what it didn't require.

The settlement did not require Oracle to delete the data.

Read that again. Oracle built profiles on five billion people without their consent. A federal court agreed that this was serious enough to warrant a $115 million settlement. And the settlement did not require Oracle to delete a single profile.

The five billion dossiers stayed right where they were.

Oracle agreed to stop certain collection practices going forward. No more capturing referrer URLs. No more grabbing form text. These were meaningful concessions in theory. In practice, Oracle had already collected years' worth of referrer URLs and form text. That historical data remained in Oracle's systems, fully intact, fully usable.

The settlement was a parking ticket on a getaway car. The car kept driving. The stolen goods stayed in the trunk.

Mechanism #6: The Name Change

The settlement did something else, though. Something Oracle would never publicly admit was connected.

In the months following the $115 million payout, Oracle announced that it was winding down Oracle Data Cloud and shutting down the entire Oracle Advertising division. Not trimming it. Not restructuring it. Killing it. The division that had housed Datalogix, BlueKai, AddThis, Crosswise, and all the other surveillance acquisitions was being eliminated.

Headlines treated it as a victory. "Oracle exits advertising." "Oracle Data Cloud shutters." Privacy advocates nodded approvingly. Another surveillance merchant brought low by regulation and public pressure.

Except that's not what happened.

Oracle didn't delete the data. Oracle didn't destroy the profiles. Oracle didn't dismantle the ID Graph.

Oracle migrated the data into Oracle CX, its customer experience platform, and Oracle Unity CDP, its customer data platform. The same profiles, the same matching algorithms, the same behavioral data. New product names. New branding. New marketing materials.

Oracle Data Cloud became a feature inside Oracle's enterprise software suite instead of a standalone advertising product. The data that was once sold directly to advertisers through a marketplace was now packaged as "customer intelligence" for Oracle's enterprise clients. Different sales pitch. Same surveillance data.

And those enterprise clients? The contract terms governing their data are even worse than you'd guess. We obtained and analyzed Oracle's standard boilerplate. What we found deserves its own section. That's coming in Part 5.

This shouldn't surprise anyone who has been following this series from the beginning.

In Part 1, we documented how Oracle was born from a CIA contract for a database called "Oracle," then renamed the entire company after the product when the contract became embarrassing. In Part 2, we traced how Larry Ellison turned a government project into a commercial empire by changing labels and rewriting histories. Oracle has been renaming things to make them disappear for fifty years.

Oracle Data Cloud didn't die. It changed its name. The surveillance infrastructure didn't disappear. It just changed customers. More on that in Part 5.

Oracle is very good at that.

The profiles are still there. The matching algorithms are still running. The behavioral data, the purchase histories, the browsing records, the device graphs, all of it persists inside Oracle's enterprise cloud. It's just not called "Oracle Data Cloud" anymore.

If you had an Oracle dossier before the shutdown, you still have one. It just lives in a product with a different name on a slide deck aimed at a different buyer.

Who's Knocking

Knock knock. Oh, I wonder who's there?

To nobody's surprise, it's Oracle, and there's something they had hoped you wouldn't look at.

Oracle publishes transparency reports. Slim little documents that disclose how many times law enforcement agencies requested data from the company. Most people have never read them. We did. And then we read all of them, going back five years.

In the earliest available report, Oracle received 22 law enforcement requests. In the most recent, that number was 164. That's a 645% increase in five years. Not a gradual uptick. Not a slow creep. A near-vertical line on a graph that Oracle never wanted anyone to draw.

The categories of requests are where it gets interesting. There's a line item called "Misc Investigation Assistance," which is exactly as vague as it sounds. It could mean almost anything. Technical consultation. Data pulls. System access. Who knows. Oracle doesn't define it. In the earliest report, there were 4 such requests. In the most recent, 136. That's a 3,300% increase in the vaguest, least accountable category of law enforcement engagement Oracle tracks.

The compliance rate sits at 73%. Nearly three out of every four requests get fulfilled.

And here's the geographic wrinkle that should raise every eyebrow in Brussels. EMEA, which includes the European Union and its supposedly ironclad GDPR protections, leads the pack with 75 requests. North America comes in at just 26. The continent with the strongest privacy laws on paper generates nearly three times the law enforcement data requests. Either European law enforcement has discovered something extraordinarily useful inside Oracle's systems, or GDPR's bark is considerably worse than its bite. Neither explanation is comforting. And as we'll see in Part 5, Oracle's own contracts give American government data fewer protections than British or European data. The company founded by the CIA treats US government information as the least protected tier.

Nobody is alleging that Oracle broke the law by complying with valid legal requests. That's not the point. The point is the trajectory. Twenty-two requests to 164. Four miscellaneous assists to 136. The surveillance machine that Oracle built to sell diaper ads is becoming something law enforcement finds increasingly indispensable, and the fastest-growing category of that use is the one with the least public accountability.

The five billion files weren't just for advertisers.

They never were.

What It Means For You

Let's make this personal.

If you live in the United States, you almost certainly have an Oracle dossier. If you have ever used a loyalty card at a major retailer, Oracle has your purchase history. If you have ever visited a website running BlueKai tracking pixels, Oracle has your browsing activity. If you have ever loaded a page with AddThis sharing buttons, Oracle fingerprinted your device and logged your behavior. If you own more than one internet-connected device, Crosswise probably linked them.

Five billion profiles. The world has eight billion people. Accounting for children, the unconnected, and statistical overlap, Oracle built a file on a meaningful percentage of every adult human being who has used the internet.

You didn't consent to this.

Nobody asked you. Nobody told you. There was no terms of service agreement to click through, no privacy policy to skim past. The entire system was designed to operate invisibly. Tracking pixels are invisible by design. Canvas fingerprinting happens without any user interaction. Purchase history matching occurs through hashed data exchanges between corporate partners. Device stitching relies on passive signal analysis. Every component of Oracle's surveillance machine was specifically engineered to function without the subject's knowledge.

The settlement didn't fix this.

$115 million and a promise to stop capturing referrer URLs. No data deletion. No requirement to notify the five billion people whose data Oracle collected. No requirement to offer opt-outs for existing profiles. The court called it "deliberate and purposeful surveillance of the general population." The punishment was 0.23% of annual revenue. The dossiers remain intact.

The "shutdown" didn't fix this either.

Oracle Data Cloud was rebranded, not dismantled. The profiles migrated to new products. The algorithms kept running. The enterprise clients kept buying. The same contract terms, with zero privacy provisions, govern how your data gets handled whether Oracle is selling it to a retailer or a government agency. Nothing changed except the name on the invoice.

And here's the part that should keep you up at night.

Everything we've discussed in this article, every tracking pixel, every loyalty card pipeline, every device stitcher, every invisible fingerprinting script, was the commercial side of Oracle's surveillance operation. The part designed to sell you baby products and car insurance and political ads. The part that existed to make money from advertisers.

There was another side.

Oracle's relationship with the United States government didn't end when they renamed the CIA's database. It deepened. It grew. It evolved into something far more significant than selling advertisements.

The same company that built profiles on five billion people for advertisers was simultaneously building something else for a very different customer. A customer that wasn't interested in selling you diapers.

A customer that was interested in you.

Five billion dossiers are worth nothing if nobody buys them.

The Pentagon was already calling. And what they were buying wasn't ad impressions.

That's next.

We'll see you all at the next drop, but until then always remember to Follow The Red Threads.

Sources

Every claim is sourced. Feel free to check our work.

Oracle Data Cloud & Five Billion Profiles

• Eric Roza on 5 billion profiles and 15 million data sources: Computerworld (2017)

• Oracle ID Graph architecture and data matching: AdExchanger

• Oracle Advertising (Datalogix) Wikipedia entry and shutdown timeline: Wikipedia

Datalogix & The Loyalty Card Pipeline

• Oracle acquires Datalogix (December 2014), $2 trillion in consumer spending: Wired

• Oracle Datalogix acquisition press release: Oracle

• Datalogix $1 trillion+ in consumer transactions, almost every US household: TechCrunch (2013)

• Facebook–Datalogix partnership (September 2012): Search Engine Watch

• EPIC FTC complaint over Facebook–Datalogix data matching: EPIC

• EPIC formal complaint to FTC (2012): EPIC Archive

BlueKai & The Invisible Pixel

• Oracle acquires BlueKai (February 2014, ~$400 million): Oracle

• BlueKai acquisition details and price: AdExchanger

• BlueKai Wikipedia entry: Wikipedia

• BlueKai tracking prevalence (~1.2% of all web traffic): WhoTracks.Me / Ghostery

BlueKai Data Exposure (2020)

• Unsecured BlueKai server exposing billions of records, reported by Anurag Sen: TechCrunch (Zach Whittaker, June 2020)

• Additional reporting on the BlueKai exposure: Forbes

AddThis & Canvas Fingerprinting

• ProPublica investigation on canvas fingerprinting (July 2014): ProPublica

• Oracle acquires AddThis (January 2016): Oracle

• GDPR full text: GDPR Info

Crosswise & Device Stitching

• Crosswise founded by Unit 8200 veterans, sold to Oracle for ~$50M (2016): Calcalist Tech

• Unit 8200 alumni and Israeli startup ecosystem: Forbes

PlaceIQ Location Data Partnership

• PlaceIQ integration with Oracle BlueKai Marketplace (July 2016): MediaPost

• Oracle PlaceIQ partnership and physical-digital tracking: Privacy International

Katz-Lacabe v. Oracle Settlement

• Class action complaint filed August 19, 2022, N.D. Cal.: ClassAction.org

• $115 million settlement (August 2024): Top Class Actions

• Federal Electronic Communications Privacy Act: Cornell Law

Law Enforcement Transparency Reports

• Oracle data requests and transparency reports: Oracle

OSINT Findings

• Confidential Oracle documents publicly indexed on docs.oracle.com: Original research (March 2026)

• Oracle robots.txt and contract directory analysis: Original research (March 2026)

One hundred and forty-five.

That's the number. 145 acquisitions over two decades, totaling north of $110 billion in spent capital. Not invested. Spent. Because Oracle doesn't invest in innovation the way most technology companies understand the word. Oracle doesn't tinker in garages. Oracle doesn't fund moonshot research labs. Oracle doesn't cultivate the kind of reckless, caffeine-fueled creative chaos that produces the next Java or the next relational database or the next anything.

Oracle watches other companies do that. Then it buys them.

This is not a criticism. This is a business model. And it is one of the most successful business models in the history of American enterprise, measured purely in terms of market capitalization growth and competitive dominance.

Larry Ellison has never pretended otherwise. In boardrooms and on earnings calls, in interviews and keynotes, Oracle's leadership has been remarkably transparent about the strategy, if you know how to listen. They don't talk about "innovation pipelines." They talk about "strategic acquisitions." They don't announce new products born from internal R&D breakthroughs. They announce new products born from the carcasses of companies they consumed whole.

And here's the thing nobody noticed, or at least nobody said out loud until it was far too late: every single acquisition was a data play. Every one. Even the ones that looked like infrastructure deals. Even the ones that looked like enterprise software consolidation. Even the ones the business press covered as "Oracle strengthens cloud position" or "Oracle expands middleware offerings" or "Oracle enters hospitality market."

Strip away the press releases. Ignore the analyst calls. Forget the purchase price and the projected synergies. Look at what Oracle actually acquired in each deal. Not the software. Not the brand. Not the customer contracts. The data those systems touched. The data they generated. The data they stored. The data they moved.

When you do that, the pattern isn't subtle. It's screaming.

What emerges is not a technology company expanding its product line. What emerges is something closer to an intelligence apparatus assembling its collection infrastructure, one acquisition at a time, each deal adding a new data type to the pile. HR records. Customer databases. Point-of-sale transactions. Web browsing behavior. Health records. Financial statements. Device fingerprints. Offline purchase histories.

Layer by layer. Year by year. Deal by deal.

Nobody builds a stack like this by accident. Nobody spends $110 billion without knowing exactly what they're buying. And nobody assembles a data collection apparatus this comprehensive without having a very clear idea of who's going to use it.

So let's walk through it. Chronologically. Acquisition by acquisition. And watch the surveillance machine assemble itself in real time.

Acquisition #1 - PeopleSoft: The Hostile Beginning ($10.3 Billion, December 2004)

It started with a fight. The ugliest kind of fight. The kind that ends up in federal court with the Department of Justice trying to stop you.

In June 2003, Oracle launched an unsolicited, hostile takeover bid for PeopleSoft, the dominant provider of human resources and enterprise management software in the United States. PeopleSoft wasn't just any company. It was the HR backbone of American institutional life. Universities ran on PeopleSoft. Hospital systems ran on PeopleSoft. Fortune 500 companies entrusted PeopleSoft with the most sensitive details of their workforce management. The Department of Defense ran PeopleSoft.

PeopleSoft's board rejected the offer immediately. Its CEO, Craig Conway, called Ellison's bid "atrociously bad behavior" and compared Oracle's tactics to those of a hostile nation-state. Conway publicly accused Ellison of trying to destroy a competitor rather than genuinely acquire one.

He wasn't entirely wrong about the hostility. He was entirely wrong about the motive.

What followed was an eighteen-month war that played out across courtrooms, regulatory agencies, and the pages of the Wall Street Journal. PeopleSoft adopted a poison pill defense. Oracle raised its bid. PeopleSoft rejected it again. Oracle raised it again. PeopleSoft's board launched a public campaign to rally customers against the acquisition, warning that Oracle would sunset PeopleSoft's products and force customers onto Oracle's own platform.

Then the Department of Justice stepped in.

The DOJ filed an antitrust lawsuit to block the deal, arguing that combining Oracle and PeopleSoft would create a dangerous monopoly in the enterprise application software market. The case was built on the premise that the merger would eliminate meaningful competition for large-scale HR and financial management systems, ultimately harming customers through higher prices and reduced innovation.

The attorney general who oversaw the DOJ during this period was John Ashcroft. Hold that name in your head. Write it on a napkin. Tattoo it on your forearm if that helps. Because the AG who tried to stop Oracle's first major data grab would, years later, end up on Oracle's payroll. The revolving door between government enforcement and corporate compliance is a well-worn path in American life, but this particular rotation has a stench to it that we'll examine closely in Part 5.

The DOJ's case went to trial in June 2004. And in September 2004, U.S. District Judge Vaughn Walker threw it out. Entirely. He ruled that the government had failed to prove the merger would substantially lessen competition, partly because he accepted Oracle's argument that the relevant market was broader than the DOJ had defined it. The government didn't appeal.

Oracle raised its offer one final time to $26.50 per share, a significant premium over its original bid. PeopleSoft's board, exhausted and legally outgunned, finally accepted in December 2004.

The deal cost $10.3 billion. It was, at the time, the largest hostile takeover in technology history. And the manner in which it was executed, the relentless escalation, the legal warfare, the willingness to fight the federal government and win, established a template that Oracle would follow for the next two decades. If you have something Oracle wants, Oracle will get it. The only question is the price.

The press covered the deal as a software consolidation play. Two enterprise giants becoming one. Market share. Synergies. The usual vocabulary of corporate mergers that makes analysts nod approvingly and investors calculate earnings-per-share accretion.

But look at what Oracle actually acquired.

PeopleSoft's Human Capital Management suite was the backbone of HR operations for roughly half the Fortune 500, along with hundreds of universities, hospital systems, and government agencies at every level. The software managed employee records at a granular level that most people outside of HR departments never think about. Social Security numbers. Salary histories. Tax withholding data. Benefits elections, including health insurance selections that reveal family structure, medical conditions, and risk profiles. Performance reviews. Disciplinary records. Home addresses. Emergency contacts. Bank account numbers for direct deposit. Immigration status for international workers. Security clearance levels for defense employees.

This wasn't customer data. This was employee data. The most intimate financial and personal information that American workers entrust to their employers, processed and stored and managed by PeopleSoft's systems across thousands of organizations.

Oracle didn't just buy a software company. It bought the HR nervous system of American institutional life. Every major university running PeopleSoft for its faculty and staff records. Every hospital system using it for physician credentialing and nurse scheduling. Every defense contractor relying on it to manage the clearances and compensation of workers with access to classified information.

One acquisition. Tens of millions of employee records. The most personal data most people will ever generate in the course of their working lives.

The foundation was laid. And nobody talked about the data.

Acquisition #2 - Siebel Systems: The Customer File ($5.85 Billion, September 2005)

Nine months after swallowing PeopleSoft, Oracle was hungry again. The digestion period was barely over before the next course arrived.

Siebel Systems was the undisputed king of Customer Relationship Management software, commanding roughly 45 percent of the CRM market at its peak. Tom Siebel, the company's founder, was himself a former Oracle executive who had built his company into the dominant platform for managing customer interactions across sales, marketing, and service. There was a personal dimension to this acquisition that the technology press loved to emphasize. The protégé, consumed by the mentor. But the personal drama was a sideshow.

Unlike PeopleSoft, this wasn't a hostile deal. Siebel's market position had eroded under pressure from Salesforce.com's cloud-based upstart model, and the company was receptive to acquisition. The board voted. The shareholders approved. The deal closed in January 2006 for $5.85 billion. Clean and quiet.

And again, the business press told a clean story. Oracle was consolidating enterprise software. Building a complete suite. Competing with SAP. Industry analysts published notes about market share percentages and total addressable markets.

And again, the data story was entirely different.

CRM systems are, at their core, customer surveillance platforms. That's not a conspiracy theory. That's not hyperbole. That's literally what they're designed to do. The entire value proposition of a CRM system is to give a company comprehensive visibility into its relationships with its customers and prospects. Every email sent and received. Every phone call logged. Every sales meeting noted. Every demo delivered. Every complaint filed. Every purchase made. Every contract renewed or lost. Contact information, communication preferences, buying patterns, service histories, account values, churn risk scores.

Siebel's clients were among the largest companies and government agencies in the world. The systems held detailed behavioral and transactional records for hundreds of millions of individual consumers and business contacts. These weren't abstract data points. These were intimate portraits of commercial relationships. How often does a customer call? What are they angry about? What's their spending trajectory? Are they a flight risk? What offer would keep them?

Now step back and look at what Oracle had assembled in less than two years.

PeopleSoft gave them the employer side. Every detail about how people earn their money. Where they work, what title they hold, what they're paid, what benefits they carry, where they live, who their emergency contacts are.

Siebel gave them the customer side. Every detail about how people spend their money. What they buy, how often, through which channels, how much they complain, how loyal they are, what their lifetime value is to the companies that serve them.

Employer data and customer data. Two halves of the same coin. Two views of the same human being, seen from opposite sides of the transaction. The worker and the consumer. The earner and the spender.

Oracle now held both views. For hundreds of millions of people. Across thousands of organizations worldwide.

Two acquisitions. Two data types. One increasingly complete picture of human economic life.

Acquisition #3 - BEA Systems: The Plumbing ($8.5 Billion, January 2008)

This one confused people. And that confusion was itself instructive.

BEA Systems made middleware. Specifically, it made WebLogic, the application server platform that sat between databases and user-facing applications, routing data, managing transactions, handling the invisible computational plumbing that made enterprise software actually work. BEA also made Tuxedo, a transaction processing system used by banks and telecommunications companies to handle millions of simultaneous operations.

Middleware is not glamorous. It doesn't show up in consumer-facing products. It doesn't generate headlines or inspire TED talks. When Oracle announced the $8.5 billion acquisition in January 2008, most coverage focused on the competitive dynamics with IBM, which made competing middleware products, and debated whether Oracle had overpaid.

Nobody talked about what middleware actually does.

Middleware is where data moves.

Think of it this way. If databases are the vaults where information is stored, middleware is the highway system that connects them. Every request a user makes to an enterprise application, every transaction that gets processed, every query that moves between a browser and a database, passes through the middleware layer. It's the nervous system of enterprise computing. The connective tissue. The central switchboard.

Controlling the middleware means controlling the flow. It means understanding the architecture of information movement at the deepest level. It means knowing where every pipe leads, which systems talk to which other systems, how data moves between applications, and where the integration points are.

This is a pattern that intelligence agencies have understood for decades. You don't need to open every letter if you control the post office. You don't need to tap every phone if you own the switching station. The most efficient form of surveillance has always been infrastructure-level access, positioning yourself at the chokepoints where information naturally flows.

Oracle didn't buy BEA for the data it contained. Oracle bought BEA for the data it touched. For the position it occupied in the enterprise architecture. For the pipes. For the knowledge of how enterprise data moves, where it goes, and how it connects.

After BEA, Oracle didn't just have vaults full of HR records and customer files. It had the plumbing that connected those vaults to everything else in an enterprise's technology stack. It could see the architecture from the inside.

Three years. Three acquisitions. Vault. Contents. Pipes. Three layers of the same machine, each one making the others more valuable.

Acquisition #4 - Sun Microsystems: The Ecosystem ($7.4 Billion, April 2009)

IBM wanted Sun Microsystems. Badly.

In early 2009, as the financial crisis was gutting the technology sector and valuations were collapsing across the board, IBM entered negotiations to acquire Sun for approximately $7 billion. The talks leaked to the press. And then they collapsed, reportedly over price disagreements and IBM's plans for Sun's workforce.

Oracle swooped in like a raptor spotting a wounded animal on a highway. In April 2009, Ellison announced the acquisition for $7.4 billion, outbidding IBM for a company that was, on the surface, a hardware manufacturer in terminal decline. Sun's server and workstation business had been hemorrhaging market share for years. Its stock had cratered from a peak of over $250 during the dot-com bubble to single digits.

The business press was genuinely baffled. Oracle was a software company. A database company. What did it want with Sun's struggling server and workstation business? What did a company that sold enterprise software need with manufacturing facilities and a hardware supply chain?

The answer was not in the hardware. The hardware was the wrapping paper. The answer was in what Sun had built and given away for free over the preceding decades, embedding itself so deeply into the global computing infrastructure that it had become impossible to remove.

Java). The programming language running on more than one billion devices worldwide. The language that powered Android applications, enterprise banking systems, ATMs, Blu-ray players, parking meters, smart cards, and an unknowable number of government and military systems. Java was everywhere, woven into the fabric of global computing like rebar in concrete. Removing it would mean demolishing the building.

MySQL. The most widely used open-source database in the world. The default data store for millions of websites, startups, and small businesses. The database running underneath WordPress, which at the time powered roughly a quarter of the entire internet. The database trusted by companies that couldn't afford Oracle's enterprise pricing but still needed reliable data storage.

Solaris. The enterprise-grade Unix operating system trusted by banks, telecommunications companies, and government agencies for their most mission-critical workloads. The operating system you run when downtime isn't just expensive but catastrophic.

Oracle didn't buy Sun for its rack-mounted servers gathering dust in data centers. Oracle bought Sun for ecosystem control. For developer dependency. For the ability to shape the platforms that hundreds of millions of applications and billions of devices depended on, and for the leverage that comes with that position.

Java alone was worth the price of admission. Not because of the licensing revenue, which under Sun's stewardship had been modest by design, but because of the leverage. When you own the language, you own the terms of engagement for every developer who writes in it. You own the runtime environment. You own the update cycle. You own the compatibility certifications. You decide what's compliant and what isn't.

And you own a certain kind of visibility into the technology stack of every organization that depends on your platform. You know who's running what versions. You know who's behind on patches. You know, at a high level, the shape of the technology footprint for every entity that depends on Java, MySQL, or Solaris to function.

Oracle proved what this leverage meant almost immediately. Within years of acquiring Sun, Oracle launched aggressive litigation against Google over Android's use of Java APIs, seeking billions in damages. The message was clear. Java is ours now, and if you've built something on top of it, you owe us.

The Sun acquisition wasn't a data grab in the traditional sense. It was an infrastructure grab. And in the world Oracle was building, piece by piece, acquisition by acquisition, infrastructure and data were becoming the same thing.

There's a postscript to the Sun deal that tells you everything about how Oracle treats the things it buys.

Run a reverse DNS lookup on IP address 138.1.33.162. Go ahead. Anyone can do this. It's public information, sitting right there on Shodan for anyone who bothers to look.

That single IP address hosts over eighty domain names. mysql.com is there. java.com is there. sun.com is there. opower.com. bigmachines.com. crowdtwist.com. push.io. The domain names of dozens of acquired companies, the digital headstones of once-independent technology firms, all pointing to the same single address. Eighty-plus domains.

One IP. A mass grave with a 301 redirect.

And it gets better. Sitting on that same IP, right alongside the production domains for some of the most important open-source projects in computing history, are staging and disaster recovery endpoints. ocomtld-stage.appoci.oracle.com. ocomtld-dr.appoci.oracle.com. Staging environments. On the same IP as production. The kind of configuration that would get a junior DevOps engineer fired on their first day at any company that takes infrastructure seriously.

This is how the acquisition machine works in practice. Buy the company. Strip the data. Park the domain on a shared IP with eighty other corpses and a staging server. Move on to the next meal.

Acquisition #5 - MICROS Systems: The Hidden Gem ($5.3 Billion, June 2014)

If you've eaten at a restaurant in the United States in the last fifteen years, there's a good chance MICROS handled your transaction. If you've checked into a hotel, there's an even better chance.

MICROS Systems was the dominant provider of point-of-sale technology for the hospitality industry, holding roughly 35 percent of the restaurant POS market and a commanding position in hotel property management systems. The numbers were staggering in their reach. Over 330,000 customer sites. 180 countries. The terminals and software that processed your credit card when you paid for dinner. The systems that managed your hotel reservation, tracked your room charges, catalogued your minibar consumption, scheduled your spa appointments, and recorded what you ordered from room service at 2 AM.

Oracle's $5.3 billion acquisition of MICROS in June 2014 was covered primarily as a vertical expansion into the hospitality technology market. "Oracle Enters Restaurant Tech," the headlines read. Oracle expanding its cloud strategy. Moving into new verticals. Nothing to see here.

Everything to see here.

MICROS gave Oracle something that none of the previous acquisitions had provided: real-world, physical-world transaction data at massive scale. Not what people did at work. Not what they bought through enterprise procurement channels. Not what they clicked on a website. What they did with their physical bodies and their physical credit cards in physical locations on specific dates and times.

Which restaurants they ate at and how often. What they ordered. What they drank. How much they tipped. Which hotels they stayed in, in which cities, on which dates, with how many guests in the room. Whether they used the minibar. Whether they ordered room service. Whether they visited the hotel spa or the hotel bar or both.

This is behavioral data of the most intimate kind. It tells you where a person is, what they're doing, and often who they're with. It captures the patterns of daily life in a way that digital data alone never can. Your web browsing history might reveal your interests. Your MICROS transaction history reveals your life.

And here's why 2014 matters so much. Because MICROS wasn't the only thing Oracle acquired that year. In the same twelve-month period, Oracle also bought the two companies that would complete the digital-to-physical tracking loop.

The timing was not coincidental. It was strategic. And it was brilliant in its ruthlessness.

Acquisitions #6 and #7 - The Surveillance Stack: BlueKai and Datalogix (2014)

In the same year Oracle acquired MICROS, it also quietly absorbed two companies that would form the backbone of what Oracle would eventually brand as its "Data Cloud." These acquisitions received a fraction of the press coverage that MICROS or PeopleSoft generated. They deserve ten times more. Maybe a hundred times more.

BlueKai was a data management platform, a DMP in industry jargon, that specialized in collecting and categorizing web browsing behavior at industrial scale. Every website you visited, every ad you clicked, every product page you lingered on, every search term you entered. BlueKai's tracking technology was embedded across thousands of websites through cookies and tracking pixels, silently hoovering up behavioral data and sorting it into targetable audience segments for the advertising industry. Oracle acquired it for approximately $400 million.

In 2020, a security researcher would discover that BlueKai had been exposing a massive database of this user tracking data on a server accessible to anyone on the internet. No password. No authentication. No encryption. Billions of records of intimate web browsing activity, just sitting there, readable by anyone who knew where to look. Oracle quietly acknowledged the breach. The press covered it for approximately one news cycle. Then everyone moved on to the next thing.

We'll revisit that breach, and what it revealed about Oracle's data hygiene, in Part 4.

Datalogix was something different and, in many ways, considerably more disturbing than BlueKai. While BlueKai tracked what people did online, Datalogix tracked what people bought offline. Its business model was built on partnerships with major grocery chains, pharmacies, retailers, and data brokers that gave it access to purchase records covering an estimated $2 trillion in annual consumer spending. Loyalty card swipes. Pharmacy transactions. Grocery purchases. The physical-world buying behavior of more than a hundred million American households.

Oracle acquired Datalogix for approximately $1.2 billion and merged it into the same Data Cloud infrastructure as BlueKai.

Now connect the dots.

MICROS gave Oracle real-time point-of-sale data from restaurants and hotels across 180 countries. Datalogix gave Oracle historical offline purchase data from grocery stores and pharmacies. BlueKai gave Oracle web browsing behavior across thousands of websites.

Three acquisitions in the same year. Three layers of tracking. Digital behavior. Physical purchases. Real-time location. Combined together, they gave Oracle the ability to track a person from their morning web browsing through their afternoon grocery run to their evening restaurant dinner. Online to offline. Digital to physical. Click to purchase.

We'll go deep on exactly what Oracle built with these pieces, how the Data Cloud actually operates, and what the "five billion profiles" number really means, in Part 4. For now, just understand what the pieces are. Understand what they do individually. And understand that Oracle bought them all within months of each other in a coordinated acquisition spree that nobody in the press connected into a coherent strategy.

That's not coincidence. That's architecture.

Acquisitions #8 and #9 - AddThis and Crosswise: The Web and The Thread (2016)

By 2016, Oracle's appetite for tracking infrastructure had become almost comically brazen. The acquisitions were no longer disguised as enterprise software consolidation or cloud strategy plays. They were, transparently, surveillance infrastructure purchases. And the market barely blinked.

AddThis was a social sharing widget company. You've seen their product a thousand times even if you've never heard the name. Those little rows of share buttons at the bottom of news articles and blog posts. The Facebook icon, the Twitter bird, the Pinterest pin, the email forward button. The ubiquitous social sharing toolbar that seemed to appear on every website on the internet. AddThis provided those widgets, free of charge, to approximately 15 million websites, reaching an estimated 1.9 billion unique users every single month.

Fifteen million websites. Let that number settle.

What most publishers and website operators didn't fully grasp, or perhaps chose not to think about too carefully, was that AddThis widgets weren't just share buttons. They were tracking pixels with a user interface bolted on top. Every time a web page loaded with an AddThis widget embedded in it, the widget fired a tracking beacon back to AddThis servers, recording the visit. The user's browser fingerprint. Their device characteristics. Their approximate location. Their browsing path across every website running AddThis code. The share buttons were the bait. The tracking was the product.

The client list was staggering in its ideological range. WhiteHouse.gov ran AddThis widgets. So did YouPorn.com. Government websites and pornography sites, news organizations and conspiracy forums, health information portals and gambling sites, all instrumented by the same tracking infrastructure, all reporting user behavior back to the same servers.

Oracle acquired AddThis and folded it directly into the Data Cloud alongside BlueKai and Datalogix.

In the same year, Oracle made another acquisition that received even less attention but arguably mattered more. Crosswise was a tiny Israeli startup, barely a blip on the radar of the technology press, that specialized in what the industry euphemistically calls "cross-device identity resolution." In language that doesn't require a marketing degree to understand, Crosswise's technology could determine that the phone browsing Instagram at a coffee shop, the laptop checking email at an office across town, and the tablet streaming Netflix on a living room couch at 10 PM all belonged to the same human being.

This is the stitching technology. The thread that ties disparate data points into a single identity. Without cross-device resolution, Oracle's data was fragmented. A phone profile here, a laptop profile there, a tablet profile somewhere else. Three anonymous devices doing different things. With Crosswise, those three anonymous devices became one named person with a complete behavioral pattern spanning every screen they owned.

Crosswise was founded by veterans of Unit 8200, the Israeli military's elite signals intelligence division. The same unit that produced the founders of NSO Group, Checkpoint, and dozens of other companies operating at the intersection of intelligence and technology. This detail was mentioned in trade press coverage at the time without much comment, as though the intelligence community pedigree of the founders was merely a credential, a resume line, rather than a signal worth investigating.

One acquisition. A tiny Israeli startup founded by signals intelligence veterans. It would connect Oracle to something much larger, a web of relationships between Silicon Valley, the Israeli intelligence establishment, and the global surveillance industry that stretches far beyond anything we can cover here. We'll pick up that thread in Part 6.

For now, register what Oracle had assembled by the end of 2016. Not just data about individuals, but the ability to follow those individuals across every device they own. Your phone, your laptop, your tablet, your work computer. All stitched together into a single identity profile by technology built by people who learned their craft in military signals intelligence. Feeding into a data cloud that already contained your web browsing history, your offline purchase records, your restaurant meals, and your hotel stays.

The walls were going up. And there was nowhere to hide.

Acquisition #10 - NetSuite: The Books ($9.3 Billion, July 2016)

NetSuite was the leading cloud-based Enterprise Resource Planning platform, providing accounting, financial management, inventory tracking, order processing, and e-commerce capabilities to tens of thousands of small and mid-sized businesses worldwide. It was the QuickBooks of the cloud era, if QuickBooks handled a hundred times more complexity and served companies doing tens of millions in annual revenue.

Oracle acquired it for $9.3 billion in July 2016.

There was a problem with this deal that everyone acknowledged and nobody seemed willing to do anything about.

Larry Ellison personally owned approximately 40 percent of NetSuite. He had been an early and significant investor. His ownership stake was not a secret. It was public knowledge, documented in SEC filings, mentioned in every piece of coverage about the deal. When Oracle announced its intention to acquire NetSuite, the conflict of interest was so glaringly obvious that even Oracle's own board, a body not historically known for its independence from Ellison's influence, had to form a "special committee" of independent directors to evaluate whether the deal was fair to Oracle's shareholders.

The fundamental question was simple. Was Oracle paying $9.3 billion for a company worth $9.3 billion? Or was Oracle paying $9.3 billion because its co-founder and largest shareholder stood to personally pocket billions from the transaction?

The special committee retained independent financial advisors. They evaluated the deal. They approved it. The acquisition closed. Ellison's personal NetSuite stake was worth billions. And the corporate governance questions that should have prompted serious regulatory scrutiny were instead resolved by the thinnest possible veneer of procedural compliance.

We'll examine the full implications of this transaction, and the broader pattern of Ellison's personal financial entanglements with Oracle's corporate strategy, in Part 7. For now, put the governance issues aside and focus on the data. Because the data story is where this acquisition fits into the larger pattern.

ERP systems are the complete financial nervous system of a business. They contain everything a company knows about its own economic existence. Revenue figures. Cost structures. Profit margins. Vendor relationships and payment terms. Customer invoicing and payment histories. Inventory levels and supply chain dependencies. Payroll integrations. Tax filings and compliance records. Cash flow projections. Accounts receivable and accounts payable.

If you wanted to understand a company, truly understand it at the level of its financial DNA, you would want access to its ERP system. And if you wanted to understand tens of thousands of companies simultaneously, you would want access to a cloud ERP platform that served them all.

NetSuite's customers were primarily small and mid-sized businesses, the segment of the American economy that collectively employs the majority of the workforce and generates a significant share of GDP. These weren't Fortune 500 companies with armies of lawyers and dedicated data governance teams and the negotiating leverage to demand favorable contract terms. These were companies with a few hundred employees, maybe a few thousand, companies that trusted their cloud ERP provider with their complete financial lives because they didn't have the resources or the expertise to build and maintain their own systems.

Oracle now had their books. All of them. Revenue, expenses, margins, cash flow, vendor dependencies, customer concentrations. The complete financial anatomy of tens of thousands of American businesses.

Combined with PeopleSoft's HR data for their employees. Combined with Siebel's CRM data for their customers. Oracle could now see an organization from every angle simultaneously. How it paid its people. How it served its customers. How much money it made doing both. Where it was vulnerable. Where it was growing. Where it was dying.

Three dimensions of the same target. Workforce. Customers. Finances. One company holding all three views.

Acquisition #11 - Cerner: The Health Files ($28.3 Billion, June 2022)

Then came the big one.

Not the most expensive acquisition in Oracle's history, though it was that too. Not the most strategically significant, though it was arguably that as well. The most consequential. The one that completed the picture in a way that should have triggered alarm bells in every regulatory body, privacy organization, and congressional oversight committee in the country.

Cerner Corporation was one of the two dominant electronic health record companies in the United States, alongside Epic Systems. Cerner held approximately 25 percent of the hospital EHR market. Its systems processed patient records, clinical data, lab results, imaging orders, medication lists, and care documentation for roughly one in every four American hospitals. Major health systems. Regional hospitals. Community clinics. Urgent care centers.

But the real prize wasn't the private sector hospitals. The private sector was the appetizer.

Cerner held the contract for the Department of Veterans Affairs electronic health record system. The VA health system is the largest integrated healthcare system in the United States, serving approximately nine million enrolled veterans. Their medical records. Their psychiatric evaluations. Their disability ratings and the medical evidence supporting them. Their substance abuse treatment histories. Their prescription records, including controlled substances. Their PTSD diagnoses. Their traumatic brain injury assessments. The complete medical histories of the men and women who fought America's wars and came home carrying the wounds, visible and invisible.

Cerner also held contracts with the Department of Defense for military health record systems. Active duty service members. The people who currently hold security clearances, operate weapons systems, fly aircraft, command units, and have access to the nation's most sensitive military information. Their annual physicals. Their fitness-for-duty evaluations. Their mental health screening results.

Oracle acquired Cerner for $28.3 billion in June 2022. It was the largest acquisition in Oracle's history by a factor of three. Larger than PeopleSoft. Larger than Sun. Larger than any of the data broker acquisitions combined. The company was promptly renamed Oracle Health, because apparently in Silicon Valley, you can rebrand a surveillance capability as a healthcare initiative just by changing the name on the door.

The business press covered this as Oracle's ambitious entry into healthcare IT. A cloud transformation play. The modernization of legacy health systems. The future of digital health. Exciting new product roadmaps.

Read that framing one more time and try not to laugh.

Or cry.

Whichever feels more appropriate.

Oracle, the company that had spent two decades quietly assembling the largest commercial data aggregation infrastructure in the history of capitalism, just acquired the health records of approximately 25 percent of American hospital patients. Plus nine million veterans. Plus active duty military personnel.

Diagnoses. Prescriptions. Mental health evaluations. Substance abuse treatment records. Genetic test results. Reproductive health data. STI testing. HIV status. Cancer screenings. Psychiatric medication histories. Therapy notes. Every intimate detail that a person reveals to their physician under the assumption that it is protected by the most sacred confidentiality principles in American medical ethics and law.

HIPAA exists for a reason. Medical confidentiality exists for a reason. These protections were established because health data is uniquely dangerous. It is the data type that can destroy a person's career, their insurance coverage, their relationships, their custody arrangements, their security clearance, and their reputation with a single unauthorized disclosure.

Oracle now held this data for millions of Americans. Including the nine million who served their country and trusted the VA with their most vulnerable moments. Including the active duty service members whose mental health status is directly relevant to national security operations.

And Oracle renamed the whole thing "Oracle Health," slapped a fresh logo on the website, and carried on as though this were just another product launch.

Here's how seriously Oracle took the integration of its biggest acquisition ever.

Three years after closing the $28.3 billion Cerner deal, a Cerner application domain called khapps.com is still running on Cerner's old DNS nameservers. Not Oracle's nameservers. Not OracleCloud DNS. The nameservers at ns3.cernerns.com and ns4.cernerns.com. The dead company's infrastructure, still running, still resolving, still serving the health applications that touch veteran medical records. Anyone with a terminal and the dig command can verify this in thirty seconds.

This isn't an obscure technical footnote. Oracle's own Corporate Security Practices document, version 3.6, states that "companies that Oracle acquires are required to align with these security practices as part of the integration process." Three years and $28.3 billion later, they haven't even migrated the DNS. The nameservers still say "cerner" in the domain name. That's not a delayed integration timeline. That's abandonment with a purchase receipt.

And while we're poking around Oracle's DNS, here's a fun one. Oracle maintains four separate Amazon SES verification records in its DNS. Amazon Simple Email Service. The transactional email platform built and operated by Amazon Web Services. Oracle, a company that spends billions of dollars a year trying to convince enterprises that Oracle Cloud Infrastructure is a viable alternative to AWS, sends its own email through Amazon's infrastructure. The company that wants your cloud budget can't even trust its own cloud to deliver a password reset email.

You genuinely cannot make this up.

Five Billion Dossiers

Let's stop.

Let's stop adding acquisitions to the list and instead look at what we've built. Not what Oracle says it built. Not the version on the investor relations page with the clean infographics and the upward-trending revenue charts. Let's look at the actual data stack, assembled acquisition by acquisition, layer by layer, over twenty years of relentless and methodical consumption.

Start with PeopleSoft. You have a person's employment record. Where they work. What their title is. What they're paid. Their Social Security number. Their tax withholdings. Their health insurance elections. Their 401(k) contributions. Their home address. Their emergency contacts. Their performance reviews. Their disciplinary history. Their security clearance level.

Add Siebel. Now you have their customer record too. What they buy from the companies that serve them. How often they buy. Through which channels. Their communication preferences. Their complaint history. Their account value. Their loyalty score. Whether they're a flight risk.

Add BEA. Now you understand how all of this data moves through the enterprise systems that generate it. You know the architecture. You know the pipes. You know the integration points.

Add Sun. Now you own the platforms those enterprise systems are built on. Java. MySQL. Solaris. The programming language, the database, and the operating system. The foundation layer beneath the application layer beneath the data layer.

Add MICROS. Now you have their physical transactions. Which restaurants they eat at. Which hotels they stay in. What they order. What they drink. What they tip. Where they were, physically, on a given Tuesday evening in a specific city.

Add Datalogix. Now you have their grocery receipts. Their pharmacy purchases. Their retail transactions. Two trillion dollars in annual consumer spending, mapped to individual identities.

Add BlueKai. Now you have their web browsing. Every site they visited. Every ad they clicked. Every product page they lingered on. The digital trail of their curiosity, their desires, their anxieties, their fears.

Add AddThis. Now you have their content consumption across 15 million websites. Which news articles they read. Which political content they engaged with. Which health information they searched for. Including the sites they would never admit to visiting. All captured by share buttons they never clicked.

Add Crosswise. Now stitch all of it together across every device they own. Their phone. Their laptop. Their tablet. Their work computer. One identity. One thread. Pulling everything into a single, unified profile.

Add NetSuite. Now you have their business finances, if they run a company. Revenue. Costs. Margins. Vendors. Cash flow. The complete financial anatomy of their enterprise.

Add Cerner. Now you have their health records. Diagnoses. Prescriptions. Mental health treatment history. Substance abuse records. Genetic markers. Reproductive health data. The things they told their doctor that they've never told another living soul.

Stack it. All of it. One layer on top of another on top of another on top of another. Employment. Purchasing. Location. Browsing. Content. Devices. Finances. Health.

All connected. All in one company's infrastructure. All under one roof.

Oracle's own marketing materials, in the years before public scrutiny forced a retreat into vague language, referenced a data asset covering approximately five billion consumer profiles worldwide. Five billion. On a planet of eight billion people. That is not a customer database. That is not a marketing tool. That is not a cloud service.

That is a census. A private census, built and maintained by a corporation with no democratic mandate, no electoral accountability, no constitutional constraints on its data practices, and a direct financial pipeline to the defense and intelligence communities of the most powerful nation on earth.

No government agency in a democratic society could have built this. Not legally. The constitutional constraints, the congressional oversight requirements, the Fourth Amendment protections that nominally prevent the government from assembling comprehensive dossiers on its own citizens without probable cause or judicial warrant, all of that would have stopped a government program dead in its tracks. The Church Committee reforms of the 1970s were specifically designed to prevent American intelligence agencies from doing exactly what Oracle has done.

But Oracle isn't the government. Oracle is a private company. And private companies operate under an entirely different set of rules. They can buy data. They can combine data. They can sell data. They can share data with government agencies through commercial contracts that never require a warrant, never trigger Fourth Amendment protections, and never face meaningful congressional oversight.

The acquisition machine wasn't building a product. It was building a capability. A capability that the government couldn't build for itself. A capability that, once built, the government could simply purchase as a service.

And that is exactly what happened.

The Pentagon Is Calling

Five billion files.

That's what 145 acquisitions add up to when you connect them. Not software products. Not cloud services. Not enterprise solutions. Not market share. Files. On people. On their employment, their health, their spending, their browsing, their location, their devices, their finances, their content consumption, their restaurant habits, their pharmacy purchases, their hotel rooms, their secrets.

Oracle built the most comprehensive commercial surveillance infrastructure ever assembled by a private corporation, and it did it in plain sight. Every acquisition announced in a press release. Every deal covered by business journalists who dutifully reported the purchase price and the strategic rationale and the analyst consensus without once asking the obvious question: what happens when you connect all of this together? What does it look like when one company holds the employment records, the customer records, the physical transactions, the web browsing, the device fingerprints, the financial statements, and the health records of billions of people simultaneously?

Nobody asked. So nobody had to answer.

We're asking now.

Because Oracle wasn't just building profiles. It was building profiles for someone specific. The pattern of acquisitions doesn't make rational sense as a pure commercial play. The data types are too varied. The coverage is too comprehensive. The investment, $110 billion over two decades, is too large to justify on advertising revenue and enterprise software licensing alone.

This machine was built for a customer. A customer with deep pockets, vast appetites for information, and an insatiable institutional need to know everything about everyone. A customer that can't legally build this kind of capability itself but can legally buy access to it.

The Pentagon was already calling. Had been calling for years, in fact. The intelligence community was already at the door. And the revolving door between Oracle's executive suites and the highest levels of government power was already spinning so fast it was generating its own gravitational field.

The attorney general who once tried to stop Oracle's very first acquisition? He was about to switch sides. But that's Part 5.

Next in The Red String Wire: Part 4, "Five Billion Files," where we crack open Oracle's Data Cloud and show you exactly what it does with everything it collected. The machine is built.

Now watch it run.

We'll see you all at the next drop, but until then always remember to Follow The Red Threads.

Sources

Every claim is sourced. Feel free to check our work.

Acquisition Count & Total Spend

• Oracle's 145 acquisitions, total deal count and sector breakdown: Tracxn — Acquisitions by Oracle

• Complete list of Oracle acquisitions with dates and values: Wikipedia — List of Acquisitions by Oracle

PeopleSoft Hostile Takeover ($10.3B, 2004)

• PeopleSoft CEO Craig Conway calling the bid "atrociously bad behavior": CBS News — PeopleSoft CEO Conway Ousted

• DOJ antitrust lawsuit and Judge Vaughn Walker's ruling: CNET — Oracle Wins Antitrust Case

• Judge Walker ruling Oracle could proceed with hostile bid: New York Times — Judge Allows Oracle to Bid for PeopleSoft

• FTC lessons learned from the DOJ case: FTC — Lessons Learned from United States v. Oracle Corp.

• Oracle's press release on the PeopleSoft acquisition: Oracle — Oracle Buys PeopleSoft

John Ashcroft and the Revolving Door

• Ashcroft's consulting firm hired by Oracle, paid $220,000 for antitrust lobbying: ZDNet — Ashcroft Firm Lobbies for Tech Titans

• The Ashcroft Group consulting on antitrust and homeland security for Oracle: Chicago Tribune — Ashcroft Turns Into Hired Gun

• Ashcroft's lobbying disclosure details: Washington Technology — Homeland Watch

Siebel Systems ($5.85B, 2005)

• Siebel's CRM market dominance (~45% market share at peak): Wikipedia — Siebel Systems

• Oracle acquisition of Siebel for $5.85 billion: New York Times — Oracle to Acquire Siebel Systems

BEA Systems ($8.5B, 2008)

• Oracle's $8.5 billion acquisition of BEA and WebLogic middleware: ZDNet — Oracle Buys BEA Systems

Sun Microsystems ($7.4B, 2009)

• IBM's failed $7 billion bid for Sun: CNBC — IBM Withdraws $7 Billion Offer for Sun

• Oracle swooping in with $7.4 billion acquisition: Computerworld — Oracle Buying Sun in $7.4B Deal

• Java programming language, over 1 billion devices: Wikipedia — Java)

• MySQL, most widely used open-source database: Wikipedia — MySQL

• Oracle v. Google Java API lawsuit, seeking $8.8 billion in damages: Wikipedia — Google LLC v. Oracle America, Inc.

• Supreme Court ruling in Google's favor on fair use: The Verge — Supreme Court Sides with Google

MICROS Systems ($5.3B, 2014)

• Oracle's acquisition of MICROS, 330,000+ customer sites in 180 countries: Oracle Press Release — Oracle Buys MICROS Systems

• MICROS background, hospitality POS market dominance: Wikipedia — Micros Systems

• Washington Post coverage of the $5.3 billion deal: Washington Post — Oracle to Acquire MICROS Systems

BlueKai (~$400M, 2014)

• BlueKai acquisition, data management platform background: Wikipedia — BlueKai

• 2020 data breach exposing billions of tracking records: TechCrunch — Oracle's BlueKai Tracks You Across the Web

• Forbes coverage of the "billions of records" breach: Forbes — Oracle's BlueKai Spilled Billions of Records

Datalogix (~$1.2B, 2014)

• Oracle paid over $1.2 billion for Datalogix: Forbes — Here's Why Oracle Paid Over $1.2 Billion for Datalogix

• Datalogix tracked $2 trillion in annual consumer spending across 110 million households: Wired — Oracle Buys the Company Facebook Uses to Track Your Offline Purchases

• Oracle's press release on Datalogix acquisition: Oracle — Oracle Buys Datalogix

• Privacy International analysis of the Datalogix deal: Privacy International — Oracle Acquires Datalogix

AddThis (~$200M, 2016)

• AddThis acquisition, 15 million websites, 1.9 billion monthly users: TechCrunch — Oracle Buys Audience Tracking Firm AddThis

• AddThis background and reach: Wikipedia — AddThis

• Deal value estimate between $100M-$200M: Business Insider — Oracle Acquiring Web Tracking Company AddThis

Crosswise (~$50M, 2016)

• Oracle acquires Crosswise, Israeli cross-device tracking startup: Times of Israel — Oracle Acquires Israeli Big Data Firm Crosswise

• Crosswise founders' military intelligence background, Oracle's Israel shopping spree: Jewish Telegraphic Agency — Oracle Buys Army Vets' Big-Data Firm

• Cross-device identity resolution technology details: AdExchanger — Oracle Acquires Crosswise

• Unit 8200 background, Israel's signals intelligence unit: Wikipedia — Unit 8200

• NSO Group, another Unit 8200-connected company: Wikipedia — NSO Group

NetSuite ($9.3B, 2016)

• Oracle's $9.3 billion acquisition of NetSuite: Oracle Press Release — Oracle Buys NetSuite

• Ellison's ~40% ownership stake, worth $3.5 billion from the deal: Business Insider — Larry Ellison's NetSuite Stake Worth $3.5 Billion

• Conflict of interest and Ellison family's 40% stake: Los Angeles Times — Oracle Buying NetSuite in $9.3B Deal

Cerner ($28.3B, 2022)

• Oracle closes $28.3 billion Cerner acquisition: TechCrunch — Oracle Quietly Closes $28B Deal to Buy Cerner

• Cerner managed health records for ~25% of American hospitals: Business Insider — Inside Oracle's Deadly Gamble on Cerner

• VA signed $10 billion EHR contract with Cerner: VA.gov — VA Signs Contract with Cerner

• DoD shared electronic health record system: Military.com — Electronic Health Record System Unveiled

• Oracle acquisition announcement, key VA tech provider: FedScoop — Oracle to Acquire Key VA Tech Provider Cerner

• Cerner renamed Oracle Health, VA renegotiates contract: The Register — VA Reboots Oracle Health Records Project

• VA renegotiates $10B contract with stronger penalties: Fierce Healthcare — VA Renegotiates EHR Contract

• Cerner Corporation background: Wikipedia — Cerner

Intelligence Community & Legal Context

• Church Committee reforms limiting domestic intelligence gathering: Wikipedia — Church Committee

• Hundreds of Unit 8200 veterans working in Big Tech: Drop Site News — Former Israeli Spies in Big Tech

• Inside Israel's secret startup machine: Forbes — Inside Israel's Secret Startup Machine

DNS & Infrastructure Findings

• Shodan IP lookup for 138.1.33.162 (80+ Oracle-acquired domains on single IP): Shodan

• DNS verification of Cerner nameservers (ns3.cernerns.com, ns4.cernerns.com): Verifiable via dig khapps.com NS from any terminal

• Amazon SES records in Oracle's DNS: Verifiable via dig oracle.com TXT from any terminal

Larry Ellison was nine months old when his mother gave him away.

Florence Spellman was nineteen. Unmarried. Jewish. Living in New York City in 1944, which meant living under a specific kind of social pressure that doesn't require much imagination to understand. Her son caught pneumonia as an infant, badly enough to scare a teenage mother into making a permanent decision. She called her aunt and uncle in Chicago. Louis and Lillian Ellison agreed to raise the boy as their own.

His adoptive father, by most accounts, told him regularly that he would never amount to anything.

That kind of origin story explains a lot. It explains the yachts. It explains the $220 billion net worth. It explains the competitive fury, the pathological need to win not just market share but arguments, the decades-long obsession with being the biggest, the fastest, the most. Rejection is rocket fuel for a certain type of personality, and Larry Ellison is very much that type.

But it doesn't explain what we need to talk about today.

Because the yachts are a sideshow. The island is a footnote. What matters is the thing Larry Ellison has spent fifty years building, and the question no one in the mainstream press seems willing to ask out loud: what does the man who built the world's most powerful database infrastructure actually want to do with it?

The answer has been sitting in plain sight for decades. He keeps telling us. In interviews, in keynote speeches, in proposals to the federal government. He tells us over and over and over again.

We just keep not listening.

Let's fix that.

The Worst Programmer in the Room

Larry Ellison enrolled at the University of Illinois at Urbana-Champaign in the early 1960s. He was, by his own account, a decent but unmotivated student. When his adoptive mother Lillian died during his second year, he dropped out. He tried the University of Chicago for a single term. That didn't stick either. Then he did what a lot of restless, intelligent young men did in the late 1960s when the draft wasn't breathing down their necks.

He moved to California.

In the Bay Area, Ellison kicked around between programming jobs at technology companies that were building the infrastructure of what would eventually become Silicon Valley. He worked at Amdahl Corporation, a mainframe company founded by one of the architects of IBM's System/360. He worked at Ampex, the tape storage company, where he met two people who would change the trajectory of his life and, eventually, yours.

Their names were Bob Miner and Ed Oates.

Here's the thing about Ellison that gets sanitized out of the Forbes profiles and the fawning tech biographies: he was not a great programmer. He knew it. The people around him knew it. By his own cheerful admission in various interviews over the decades, he recognized early on that his talent wasn't in writing elegant code or solving deep technical problems. His talent was in selling things. In seeing where a market was going before the market itself knew it existed. In making people believe in a future that didn't exist yet.

So he became a salesman. And he was spectacular at it.

The founding of Software Development Laboratories in 1977 (later renamed Relational Software Inc., and then Oracle Corporation) was built on that division of labor. Miner wrote the code. Oates contributed the architecture. Ellison sold the vision, handled the clients, and set the strategic direction. And what a vision it was.

As we covered in Part 1, that vision included telling the CIA that they had a finished Version 2 of their relational database software when no such finished product existed. Ellison sold vapor, collected the contract, and then scrambled to make reality catch up with the pitch.

The pattern was set in concrete from day one: promise first, deliver later, and never let the truth get in the way of the sale.

This is not a man who stumbled into power. This is a man who understood, from the very beginning, that the person who controls the narrative controls the outcome. Code was a means. The database was a means. The real product was always leverage.

Ellison wasn't building software. He was building an empire. And empires don't tolerate internal dissent for long.

The only person who ever consistently told him to slow down was about to die.

The Conscience That Died in 1994

Bob Miner was the thing Larry Ellison needed and, by all evidence, never bothered to replace.

Where Ellison was flash and fury, media tours and magazine covers and ever-escalating claims about what Oracle could do, Miner was quiet. Methodical. Grounded in the actual work of building software that functioned. He didn't give keynotes. He didn't buy yachts. Colleagues who worked with both men in Oracle's early years described Miner as someone who was loyal to people before he was loyal to the company. That distinction sounds small. In practice, it was the difference between a company that pushed boundaries and a company that obliterated them.

Miner was Ellison's co-founder. He was Oracle's chief architect. And he was, functionally, the company's conscience.

Throughout the 1980s, as Oracle grew at a pace that Wall Street analysts called "aggressive" and former employees called "reckless," Miner served as the internal counterweight. When Ellison wanted to cut corners on product delivery to close a sale, Miner pushed back on engineering integrity. When the sales organization began booking revenue from deals that hadn't actually closed, a practice called "channel stuffing" that nearly brought the company to its knees in 1990, Miner represented the faction inside Oracle that believed you should probably build something real before you sold it to the federal government.

He was the friction in the machine. And friction, in any mechanical system, is what prevents catastrophic overheating.

Not everyone appreciated the friction. Ellison's management style was, to put it charitably, not collaborative. Multiple accounts from Oracle's early years describe a culture of dominance and confrontation, driven from the top. But Miner had standing. He was there at the beginning. He wrote the first code. He had a co-founder's equity and a co-founder's moral authority, and he used both to pump the brakes when the brakes needed pumping.

On November 11, 1994, Bob Miner died.

He was fifty-two years old. The cause was pleural mesothelioma, a cancer of the membrane lining the lungs, caused almost exclusively by asbestos exposure. It is a slow, suffocating, brutal disease. It is almost always fatal.

What happened to Oracle after 1994 is not subtle if you know where to look.

The company became more aggressive in its government contracting. More acquisitive, swallowing competitor after competitor in a series of hostile takeovers that would define the next two decades. More willing to pursue contracts that pushed against the boundaries of what a private technology company should be doing with public data. The internal culture shifted further toward Ellison's will, unchecked, unquestioned, unmoderated by the one person who had earned the right to say "Larry, this is a bad idea."

That voice was gone.

There would be no replacement. There would be no new conscience hired, no independent board member empowered to serve the same function. The machine would run without a governor from that point forward, and it would accelerate every single year.

Seven years later, a Tuesday morning in September would give Larry Ellison exactly what he'd been waiting for: a reason that no one could argue with.

September 12th

On September 11, 2001, nineteen hijackers killed nearly three thousand Americans, and the world broke along a fault line that has never fully healed.

On September 12, Larry Ellison had a proposal.

Not September 20th. Not after a period of reflection or consultation or careful legal review. The next day. He went on television and proposed a national identification card system for every person in the United States. The system would combine biometric data (fingerprints, photographs, iris scans) with existing government databases. It would merge Social Security records, law enforcement databases, immigration and naturalization files, and federal employee records into a single, centralized, searchable system.

And he offered Oracle's software to build it.

For free.

Let that sit for a moment. Roll it around. Feel the weight of it.

The CEO of the world's largest database company watched the worst terrorist attack in American history, and his immediate, next-morning response was to propose that the United States government consolidate all citizen identification data into a single unified system. Using his product. At no charge.

When something is offered for free, the question you should always ask is: what does the person offering it actually get in return?

Oracle would get integration. Oracle would get standardization. Once every federal agency is running on your platform to manage a national ID system, those agencies don't switch vendors. The switching costs alone would be astronomical. The integration would touch every department, every workflow, every piece of infrastructure. The lock-in would be total and permanent. The "free" offer was actually the most expensive sales pitch in American history, aimed at a nation too shellshocked and too furious to read the fine print.

The ACLU condemned the proposal almost immediately. Civil liberties organizations across the political spectrum pointed out the obvious: a centralized database of every American's biometric and personal data, built and maintained by a private corporation, was a surveillance architecture waiting to be activated. It didn't matter whether the intent was benign. The capability itself was the danger. You don't build a loaded weapon and then assure everyone it's only for decoration.

Conservative libertarians objected on principle. Liberal civil rights groups objected on precedent. Editorial boards from the New York Times to the Wall Street Journal expressed skepticism. Almost nobody, though, asked the question that mattered most.

Why was this his first instinct?

Not grief. Not solidarity. Not "how can we help the victims' families?" The immediate, reflexive, next-morning move was: let me build a database that tracks every person in this country. And I'll do it for free.

The national ID card didn't happen. Congress balked. The political will wasn't there in 2001. But the proposal itself is a Rosetta Stone for understanding everything Larry Ellison has done in the quarter century since. The goal was never the ID card. The goal was the architecture. And if the federal government wouldn't let him build it in 2001, he would spend the next two decades building it himself, contract by contract, acquisition by acquisition, cloud deployment by cloud deployment.

He just needed a different sales pitch each time. And as we'll see, he found one for every era.

Absolutely Essential

Twelve years later, a contractor named Edward Snowden walked out of an NSA facility in Hawaii with a thumb drive full of classified documents that proved what privacy advocates had suspected for years: the United States government was conducting mass surveillance on its own citizens at a scale previously thought impossible.

The world reacted with outrage. Congressional hearings were convened. Allied governments expressed shock and betrayal. The technology industry issued carefully worded statements about user privacy and government overreach that they did not actually believe and would not actually act on.

Larry Ellison called the NSA's surveillance programs "absolutely essential."

In a CBS News interview in August 2013, Ellison defended the agency's bulk data collection with a directness that was almost refreshing in its total lack of pretense. He argued that the NSA's programs were necessary for national security. He dismissed Snowden not merely as misguided but as a traitor. He expressed no concern whatsoever about the implications of a government agency collecting phone metadata, email records, and internet communications on hundreds of millions of people who were not suspected of any crime.

When the interviewer pushed on privacy concerns, Ellison was dismissive. The government already has your data, he argued. What's the difference if they're using it to keep you safe?

He'd said it even more plainly before. "The privacy you're concerned about is largely an illusion." Not a gaffe. Not taken out of context. A thesis statement. The man who built the world's most powerful data infrastructure looked at the concept of human privacy and called it a fantasy. Not a right to be defended. Not a value to be weighed against security. An illusion that grown-ups should stop pretending exists.

When someone who controls the database tells you privacy is imaginary, that's not philosophy. That's a product roadmap.

This was not a CEO carefully hedging to protect a government contract. This was not corporate spin or legal caution. This was a man stating his actual worldview, plainly, on camera, for anyone who cared to listen.

Now think about what we covered in Part 1. Oracle's first customer was the Central Intelligence Agency. The company was built, from its very first dollar of revenue, on the premise that intelligence agencies needed powerful relational database tools to store, organize, and search large volumes of information about people and events. That origin wasn't an accident of history. It wasn't a quirk of timing. It was the founding purpose of the company.

When Ellison defended the NSA in 2013, he wasn't breaking character. He was being completely, utterly, almost painfully consistent. Surveillance, in his worldview, isn't a necessary evil tolerated in exchange for safety. It's a necessary good. The more data you collect on people, the safer everyone becomes. The people who object to collection are either naive about the threats or have something to hide. Privacy is a luxury that the pre-9/11 world could afford and the post-9/11 world cannot.

This is the logic of every surveillance state in human history. And it has never once been true. But it doesn't have to be true to be profitable.

What Ellison understood, and what the Snowden revelations made visible to anyone paying attention, was that the infrastructure for total surveillance was no longer something only governments could build. Private technology companies had surpassed government capability in data storage, data processing, and data analysis years ago. The NSA wasn't building its own tools from scratch. It was using tools built by companies like Oracle, companies that sold the infrastructure and then watched as governments filled it with the most intimate details of their citizens' lives.

He built the machine to do it at scale no government could match on its own.

We'll get into exactly what that machine looks like in Part 4. For now, just understand the trajectory and feel its gravity. 2001: let me build a national identification database. 2013: mass surveillance is absolutely essential. The line between those two positions isn't a line at all. It's a single, unbroken vector, aimed at the same destination.

And he wasn't done.

All Answers to All Questions

In September 2024, Larry Ellison stood before financial analysts at Oracle's annual analyst meeting and described his vision for the company's future.

It wasn't subtle. It wasn't hedged. It wasn't buried in corporate doublespeak.

Ellison outlined a system in which every citizen's health data, genomic information, and complete medical records would be unified into a single, AI-powered platform. Oracle's cloud infrastructure would house the data. Oracle's artificial intelligence tools would analyze it. Oracle's systems would generate insights, recommendations, and predictions based on the most intimate biological information a human being possesses.

The pitch was framed in the language of healthcare innovation. Better diagnostics. Personalized medicine. Breakthrough treatments discovered by AI systems parsing millions of genomes simultaneously. It sounded wonderful. It sounded humanitarian. It sounded like the future.

But the architecture Ellison described wasn't a medical system. It was a surveillance system with a healthcare user interface bolted on top.

Think about what a unified health and genomic database actually contains. Your complete DNA sequence. Every hereditary disease you carry or might develop. Your mental health history. Your reproductive history. Every prescription you've ever filled, which tells anyone with access what conditions you've been treated for, what substances you depend on, what vulnerabilities you carry. Every specialist referral, every lab result, every imaging scan. The complete biological record of who you are, what you're made of, and what you're likely to die from.

Now connect that to the financial, identity, and employment data Oracle already manages through its enterprise software and government contracts worldwide.

Now make all of it searchable by artificial intelligence.

That's not healthcare. That's a dossier on every living person, deeper and more revealing than anything the Stasi or the KGB ever dreamed of building.

By early 2025, Ellison had expanded the vision even further, describing a future in which all citizen data would exist in AI-accessible repositories. Not just health data. Not just genomic data. All data. Everything. He framed it as inevitable, a natural consequence of technological progress. He framed it as beneficial, something that would improve outcomes for everyone. And he framed it as something Oracle was uniquely positioned to deliver, given its decades of experience managing sensitive government and corporate data.

Here is the thread you need to follow. This is the red string we're pulling.

2001: National ID card. Every citizen's biometric and identity data in one database. Offered for free.

2013: Mass surveillance is absolutely essential. The people who exposed it are traitors.

2024: Every citizen's health and genomic data in an AI-accessible Oracle system.

2025: All citizen data. Everything. In one place. Searchable by artificial intelligence.

The mission never changed. Not once. Not in twenty-three years. The only thing that changed was the packaging. In 2001, the wrapping paper was national security. In 2013, it was counterterrorism. In 2024, it was healthcare innovation. In 2025, it was the AI revolution.

Different box. Same product inside.

The destination was always the same: all answers to all questions about all people, stored in systems that Larry Ellison built, manages, and controls.

When someone tells you who they are for twenty-three consecutive years, at some point you have to stop making excuses and start believing them. Larry Ellison is not hiding. He never was. He's been telling us the whole time. We just kept assuming he was speaking metaphorically.

He wasn't.

Ninety-Eight Percent

To understand the scale of Larry Ellison's personal power, and to understand why that power matters when we talk about surveillance infrastructure, you need to understand Lanai.

Lanai is the sixth-largest Hawaiian island. It has roughly three thousand full-time residents. For most of the twentieth century, it was a pineapple plantation owned by the Dole family. When that industry declined, the island was developed for tourism. Two luxury hotels, a few thousand acres of relatively undeveloped land, and a small, tight-knit community.

In 2012, Larry Ellison purchased approximately 98% of the island for a reported $300 million. He bought the hotels. He bought the golf courses. He bought the land. He bought the utility infrastructure. He effectively purchased the economy of an entire island and, by direct extension, control over the livelihoods of nearly every person who lives on it.

His net worth, as of this writing, sits at approximately $220 billion. Roughly 42% of that is Oracle stock, which means his personal fortune rises and falls with the value of the company he founded, still controls, and whose strategic direction he continues to set as chairman and chief technology officer.

These numbers matter not because wealth itself is interesting. Billionaire profiles are boring. These numbers matter because they illustrate something specific about the type of person we're examining. A man who buys 98% of an island isn't making a real estate investment. He's making a statement about what he believes his relationship to other people should be. Three thousand human beings wake up every morning on land Larry Ellison owns, work in businesses Larry Ellison controls, and send their children to schools that exist at Larry Ellison's pleasure.

That's not wealth. That's dominion.

And his personal relationships mirror that appetite for control and influence at the highest levels.

Benjamin Netanyahu, the Prime Minister of Israel, is a close personal friend. Ellison reportedly offered Netanyahu a seat on Oracle's board of directors. He has hosted Netanyahu on Lanai. The relationship between the two men is not casual, not ceremonial, and not limited to the kind of polite diplomatic engagement that most corporate executives maintain with foreign leaders.

It is deep, personal, and politically significant in ways we need to examine carefully. When the man who wants to build the world's most comprehensive citizen database is personally close with a head of state who presides over one of the most sophisticated digital surveillance apparatuses on the planet, that's not a social connection. That's a convergence of interests.

How convergent? In September 2025, Netanyahu briefed a group of American influencers and told them the quiet part at full volume. "Weapons change over time," he said. "The most important ones are the social media. The most important purchase that is going on right now is, class? TikTok." He called it "consequential." He was right. Oracle now owns 80% of TikTok's U.S. joint venture. The algorithm that decides what 170 million Americans see every day now runs on servers built by the CIA's first database contractor, whose chairman is personal friends with the man who called TikTok a weapon.

We'll pull that thread in Part 10. But pin it here. Remember the word he used. Weapon.

Words of Iron

Oracle under CEO Safra Catz has cultivated a very specific internal culture when it comes to Israel. And that culture is not quiet, not optional, and not particularly interested in dissent.

The message from leadership was unambiguous, according to employees who spoke to reporters: if you weren't for America or Israel, Oracle wasn't for you.

This wasn't the kind of vague cultural tendency you find at a lot of American companies, where support for an ally is generally assumed but rarely tested. At Oracle, it manifested in concrete, documented, career-ending ways.

In late 2023, following the October 7th Hamas attack on southern Israel and Israel's subsequent military operation in Gaza, Oracle's internal environment became, by multiple employee accounts, openly hostile to anyone who expressed sympathy for Palestinian civilians or questioned the scale of the military response. Internal communication channels were monitored. Social media posts made by employees outside of work were scrutinized.

Reports surfaced of an Oracle employee being terminated for posting a watermelon emoji on an internal communication platform. The watermelon, for those who don't follow the symbology, has become a widely recognized expression of Palestinian solidarity because its colors (red, black, white, green) mirror those of the Palestinian flag. It is not a call to violence. It is not an endorsement of terrorism. It is a fruit.

An employee was fired for posting a picture of a fruit.

The culture extended beyond Oracle's own walls. The company became closely associated with "Words of Iron," a coordinated social media campaign tool developed by Israeli tech workers and designed to amplify pro-Israel messaging across platforms like X, Instagram, and TikTok. The tool organized volunteer users to mass-report social media posts critical of Israel, flood comment sections with pre-written pro-Israel talking points, and coordinate messaging campaigns designed to dominate algorithmic feeds. It was information warfare with a volunteer army, dressed up as grassroots digital advocacy.

Sixty-eight Oracle employees eventually signed an open letter that described what they called an "environment of fear" inside the company. They described being afraid to express any opinion about the conflict that deviated from the company line. They described watching colleagues targeted for social media posts made on personal accounts, on personal time, having nothing to do with Oracle or their professional responsibilities. They described a corporate culture that had moved well beyond "supporting Israel as a geopolitical ally" and into territory that looked a lot like enforced ideological conformity.

This is the internal culture of a company that manages critical data infrastructure for dozens of governments around the world. A company that wants to house every citizen's health records, genomic data, and personal information in AI-accessible systems. A company where posting the wrong emoji on an internal chat platform can end your career.

Think about that. Really think about it. Not as an abstract principle about corporate governance, but as a practical question about power. If this is how they treat their own employees for expressing the wrong opinion about a foreign conflict, what happens when they disagree with you? When your data is in their system and your politics don't align with their leadership's?

We'll pull this thread much harder in Part 6. Because while Ellison was publicly positioning Oracle as a patriotic American enterprise and attacking Google for its artificial intelligence work in China, his own company was doing something far worse, closer to home, with far less scrutiny. But that thread needs its own article to unspool properly.

The Red Thread

Larry Ellison used to be a Democrat.

This surprises people, but it shouldn't. Most Silicon Valley founders of his generation were Democrats. The Bay Area in the 1970s, 80s, and 90s was culturally liberal, and the technology industry's early political identity was shaped by a general optimism about government-industry collaboration, investment in research, and the kind of cosmopolitan internationalism that the Democratic Party represented. In the 1990s, Ellison donated at least $120,000 to the Democratic National Committee. He was part of the Clinton-era tech establishment, comfortable at fundraisers, welcome in the White House.

The shift started with Barack Obama.

When the Obama administration raised taxes on high earners and began publicly discussing increased regulation of the technology sector, Ellison's political orientation started to migrate rightward. It wasn't ideological in the traditional sense. Larry Ellison didn't become a conservative because he read Edmund Burke or discovered a passion for originalist constitutional interpretation. He became a conservative because the Democratic Party wanted a larger percentage of his money, and he took that personally.

This is a common pattern among billionaire political conversions, and it deserves to be named plainly. The ideology follows the tax bill. The principles arrive after the accountant.

By 2020, the transformation was complete and public.

In February of that year, Ellison hosted a fundraiser for Donald Trump's re-election campaign at his estate in Rancho Mirage, California. Tickets were reportedly priced at $100,000 per person, the kind of price point that filters your guest list down to the very specific subset of Americans who have that kind of money and are willing to spend it on proximity to political power.

Ellison later made the remarkable, almost artistically implausible claim that while he hosted the event at his property, he didn't actually attend it.

Read that again. Slowly.

A man hosted a $100,000-per-ticket fundraiser for the sitting president of the United States. At his own house. On his own property. And then claimed he wasn't there.

This is either the most absurd denial in the history of American political fundraising or a window into the kind of compartmentalized thinking that allows a man to build surveillance infrastructure for governments and then claim he cares about individual privacy. Perhaps it is both. Either way, it tells you everything you need to know about how this man processes the relationship between truth and convenience.

The financial commitments escalated from there. And they escalated in a very specific direction.

In the 2022 midterms, Ellison funneled $20 million into Opportunity Matters Fund, a super PAC that spent $9.9 million supporting nineteen Republican candidates for House and Senate. Four of those candidates had publicly cast doubt on the 2020 election results. Not "questioned the process." Not "expressed concerns about election integrity." These were candidates who looked at a certified democratic election and said it was stolen. Ellison wrote them a twenty-million-dollar check.

Then he contributed approximately $35 million to support Senator Tim Scott's presidential campaign in 2023, money funneled through a super PAC. The Tim Scott investment is interesting not because of Scott himself, who was never a serious contender for the nomination and whose campaign fizzled quickly, but because of what it reveals about Ellison's political strategy. He wasn't backing a winner. He was distributing influence across the Republican landscape, buying access and goodwill and future leverage the way a sophisticated investor diversifies a portfolio.

And then there's November 14, 2020.

Ten days after the presidential election, while votes were still being counted in several states and "stop the steal" was transitioning from a social media hashtag into a political movement that would culminate in the storming of the United States Capitol, Larry Ellison participated in a phone call. On that call were Senator Lindsey Graham, Fox News host Sean Hannity, and Jay Sekulow, one of Donald Trump's personal attorneys. The purpose of the call, according to Washington Post reporting, was to discuss strategies for contesting the election results.

Read the names again. A sitting United States senator. A prime-time propaganda broadcaster. The president's personal lawyer. And the third-richest man in America, whose company manages critical data infrastructure for the U.S. government and dozens of allied nations.

On a call about overturning an election.

We'll pull this entire political thread much harder in Part 7, where the campaign finance records, the lobbying apparatus, the revolving door between Oracle's executive suite and the federal government, and the specific policy outcomes that followed all deserve full, documented treatment. For now, understand the arc and hold it in your mind. A reliable Democrat in the 1990s. A politically opportunistic billionaire in the 2010s. An active participant in efforts to contest the results of a democratic election in November 2020.

The red thread runs straight through all of it.

What We Know So Far

The yachts are a distraction. The island is a trophy. The net worth is a scoreboard that impresses people who measure their lives in numbers.

What matters, what actually matters, is this: Larry Ellison spent fifty years building infrastructure designed to store every piece of information about every human being on Earth. At every inflection point, at every moment when the question was "should we build this capability?", he said yes. And then he added: "And it should be me who builds it."

In 2001, he offered to build it for free. In 2013, he defended the people already doing it. In 2024, he pitched it as healthcare. In 2025, he called it the AI revolution.

Same destination. Different brochure every time.

Bob Miner died in 1994 at the age of fifty-two, taken by a disease that eats the lining of your lungs while you're still trying to breathe. The conscience left the building thirty years ago. Nobody replaced him. Nobody tried. Nobody could.

In Part 3, we look at what that machine actually does. We examine Oracle's cloud infrastructure in detail: what it contains, who it serves, how it's architected, and why the technical design itself is the story that everyone else in the press is missing while they write another fawning profile about a billionaire's yacht.

The machine is running. It has been running for thirty years without a conscience, without a counterweight, without anyone in the room willing to say "stop."

And there is no one left to turn it off.

We’ll see you all at the next drop, but until then always remember to Follow The Red Threads.

Sources

Every claim is sourced. Feel free to check our work.

Early Life & Education

• Ellison biography, adoption, University of Illinois, University of Chicago: Symonds, Matthew. Software: An Intimate Portrait of Larry Ellison and Oracle (Simon & Schuster, 2003)

• Wilson, Mike. The Difference Between God and Larry Ellison (William Morrow, 1997)

• Ellison profile and net worth: Forbes — Larry Ellison

Oracle's Sales Culture & 1990 Crisis

• Reckless growth and near-bankruptcy: New York Times — "Oracle's Troubles" (1990)

• Revenue recognition practices: CFO.com — "The Numbers Game at Oracle"

Bob Miner

• Death from pleural mesothelioma (November 11, 1994): New York Times — Obituary

• Biographical details: Wilson, The Difference Between God and Larry Ellison

September 12 National ID Card Proposal

• Ellison's national identification card proposal after 9/11: New York Times — "Oracle's Chief Makes a Case" (2001)

• ACLU condemnation: ACLU — Letter to Larry Ellison Regarding National ID Card

NSA Defense & Snowden

• Ellison calling NSA surveillance "absolutely essential" and criticizing Snowden: CBS News — "Larry Ellison Defends NSA, Criticizes Snowden"

2024–2025 Health Data & AI Vision

• Oracle's vision for AI-powered electronic health records: CNBC — "Oracle Lays Out Vision for AI-Powered Electronic Health Records" (2024)

• Ellison's "all citizen data" AI surveillance remarks: Fortune — "Larry Ellison Oracle AI Surveillance Health Records" (2025)

Lanai

• Purchase of approximately 98% of the Hawaiian island: The Guardian — "Larry Ellison Buys Hawaiian Island Lanai" (2012)

Netanyahu Relationship & TikTok

• Ellison described as "close personal friend" of Netanyahu; offered board seat: Times of Israel — "Larry Ellison Offered Netanyahu a Seat on Oracle Board"

Oracle Internal Culture & Israel

• Employee terminated for posting watermelon emoji: The Intercept — "Oracle Employee Fired Watermelon Emoji Palestine" (2024)

• Words of Iron tool: Haaretz — "Meet the Group of Israeli Tech Workers Fighting Anti-Israel Content Online" (2023)

• Oracle employees' open letter on company culture: Business Insider — "Oracle Employees Speak Out" (2024)

Political Shift & Campaign Finance

• $120,000 to Democratic National Committee: OpenSecrets — Donor Lookup: Larry Ellison

• Trump fundraiser at Rancho Mirage estate: Vox — "Larry Ellison Donald Trump Fundraiser Oracle" (2020)

• Ellison reportedly didn't attend his own fundraiser: Business Insider (2020)

• $20 million to Opportunity Matters Fund (election deniers): Forbes — "Tech Billionaire Larry Ellison's Record Political Giving" (2022)

• $35 million to Tim Scott's presidential campaign: CNBC — "Larry Ellison Donates $30 Million to Tim Scott Super PAC" (2023)

• Phone call during efforts to overturn 2020 election results: Washington Post — "Ellison Trump Election Call" (2021)

In the summer of 1977, three men pooled $2,000 and started a company in Santa Clara, California. One of them, a college dropout who had bounced between jobs the way a pinball bounces between bumpers, put in $1,200 of his own money. No venture capital. No angel investors. No Stanford connections pulling strings behind the curtain.

And their first real client was the Central Intelligence Agency.

That's not a punchline and it's not a conspiracy theory you found on a forum at 3 AM. That documented and verified fact has simply been hiding in plain sight for nearly fifty years.

The company those three men built is now worth over $400 billion and sits at the center of the global cloud infrastructure, processes financial transactions for most of the world's banks, manages healthcare records for entire nations, and runs the backend systems of militaries on four separate continents. In the last decade alone, it has spent over $110 billion buying its way to omniscience, swallowing companies the way a python swallows prey: slowly, completely, and with no intention of letting go.

That company is Oracle, and this is their villainous origin story.

Not the version you've read in Fortune profiles or heard in TED talks or seen dramatized in the kind of hagiographic business journalism that treats billionaires like folk heroes. This is the real version, the version with the NSA contractor and the coin flip and the dead man who actually wrote the code.

The Paper IBM Buried

Before Oracle was Oracle, before it was even a company, it was an idea. And the idea didn't belong to Larry Ellison.

It belonged to a dead Englishman named Edgar Frank Codd.

Edgar Frank "Ted" Codd was born in 1923 in the village of Fortuneswell on the Isle of Portland, in Dorset, England. He studied mathematics and chemistry at Oxford. He flew for the Royal Air Force during World War II, a decorated pilot who survived the kind of war that turned most young men into ghosts or drunks or both. After surviving the war, in 1948 he ended up at working at IBM. He was 25 years old, brilliant in the way that makes corporate managers deeply nervous, and already was developing a reputation for caring more about being right than being liked.

IBM in the late 1940s and 1950s was not the lumbering bureaucracy it would later become, it was the frontier. The machines were room-sized, the problems were genuinely unsolved, and for a mathematician with Codd's talent, it was the only game in town.

But Codd had principles, incredibly inconvenient principles.

In 1953, at the height of the McCarthy era, with Senator Joseph McCarthy's anti-communist hearings turning the American scientific community into a minefield of loyalty oaths and blacklists, Codd did something remarkable, he left. He packed up and moved to Ottawa, Canada, because he refused to live under the shadow of a political witch hunt. He was an Englishman who had fought fascism in the skies over Europe and was not about to bend the knee before a senator from Wisconsin who saw communists behind every chalkboard.

After the height of McCarthyism, Codd decided to return to IBM in 1957 after speaking with his former manager and in 1965, he earned his PhD in computer science from the University of Michigan, at the age of 42, because Codd did things on his own schedule and not a moment before he was ready. And then, in June of 1970, working out of IBM's San Jose Research Laboratory in California, he published a paper that would change the architecture of human knowledge.

The paper was called "A Relational Model of Data for Large Shared Data Banks." It appeared in Communications of the ACM, Vol. 13, No. 6. Twelve pages. Dense with mathematical notation, and abstract in a way that made most business executives' eyes glaze over within seconds. And it was absolutely, fundamentally revolutionary.

What Codd proposed was deceptively simple. Instead of storing data in rigid, hierarchical trees where every piece of information had to know its exact position in a predetermined structure, you could store it in tables. Rows and columns. Relations. And you could query those tables with formal logic, asking questions the original designers of the database never anticipated and never needed to anticipate.

Before Codd, if you wanted to ask a database a question it wasn't designed to answer, you were out of luck. You would have to rebuild the entire data structure from scratch. After Codd, you could ask anything, and the data would rearrange itself to answer you.

Think about what that means. Really think about it. A system where you could store everything, about everyone, and then ask any question about any of it, in any combination, at any time. Cross-reference a name with an address with a phone record with a travel itinerary with a bank transaction, and it would return you the answer instantly.

If you were in the business of selling widgets, that was a nice efficiency improvement.

If you were in the business of collecting information on people, on organizations, on governments, on entire populations, Codd's relational model wasn't just an improvement…

It was the Holy Grail.

IBM had this paper. IBM owned this paper. IBM employed the man who wrote it.

And IBM buried it.

Not maliciously, exactly. Not in some smoke-filled room with men in dark suits shredding documents. IBM buried it the way large corporations always bury things that threaten their existing revenue streams: through institutional inertia, internal politics, and the gravitational pull of quarterly earnings reports.

See, at IBM was making enormous money selling IMS, its hierarchical database system. IMS worked. IMS had customers. IMS had an entire sales force that understood it, could demo it, could explain it to procurement officers over steak dinners. Codd's relational model would render IMS obsolete, and every executive at IBM who had staked their career on IMS, who had hit their quarterly numbers selling IMS licenses, who had corner offices because IMS was printing money, knew it.

So they sat on it.

As Mike Wilson documented in his book The Difference Between God and Larry Ellison, IBM's internal response to Codd's paper was essentially to develop a research prototype called System R, staff it with people who had no connection to Codd, deliberately exclude Codd himself from the project, and then make absolutely certain it never shipped as a commercial product. They let Codd present at conferences. They let him publish follow-up papers. They let the academic world fall in love with the relational model. They let universities build teaching curricula around it. And then they locked the implementation in a drawer and went back to selling IMS.

This is how paradigm shifts get strangled in the crib. Not by ignorance. Not by malice, really, but simply because it threatened the bottom line.

The irony is exquisite. IBM had assembled, in one building, the theoretical breakthrough and the engineering talent to build the most important piece of software in the history of computing. They had the inventor. They had the blueprint. They had the money. And they chose, deliberately and repeatedly, to protect a product they already sold rather than build the product the world actually needed.

System R did produce one lasting artifact, though. The query language its developers created, called SEQUEL and later shortened to SQL, would become the universal language of relational databases. So IBM managed to invent the language without ever shipping the product. They wrote the dictionary for a country they refused to build.

Codd watched all of this happen. He watched his employer bury his work. He watched younger researchers at other institutions begin implementing his ideas. He watched the relational model escape IBM's gravitational field and begin taking root in universities, in government research labs, in the imaginations of programmers who read his 1970 paper and understood immediately what it meant.

Codd would eventually receive the Turing Award in 1981, the highest honor in computer science, for work his own employer refused to turn into a product. He died in 2003 at the age of 79, having watched from the sidelines as other people built empires on his ideas. The company that finally made his vision real, that took his twelve pages of mathematics and turned them into the most consequential database product in history, was not IBM.

It was three guys in Santa Clara with $2,000.

But we're getting ahead of ourselves.

Inside the Machine

To understand where Oracle came from, you have to understand Ampex, and to understand Ampex, you have to understand what America's intelligence apparatus was building in the 1960s and 1970s, when surveillance was not yet a consumer product you carried in your pocket but instead, was very much a government capability being refined behind classified walls.

Ampex Corporation was founded in 1944 by Alexander M. Poniatoff, a Russian emigre and engineer, in San Carlos, California.

The name was an acronym: (A)lexander (M). (P)oniatoff (Ex)cellence. The "Ex" was for excellence. Silicon Valley naming conventions have always been a little much.

The company's public reputation was built on audio and video recording technology. Bing Crosby was an early investor and adopter. They made the machines that recorded television broadcasts, the tape systems that let studios time-shift programming. Respectable work. Glamorous, even. The kind of company you'd be proud to tell your mother you worked for.

That was the front of the house.

The back of the house was the National Security Agency.

Ampex held classified contracts with the NSA to build systems for signals intelligence. SIGINT. The art and science of intercepting, recording, storing, and analyzing electronic communications. Two programs in particular matter for this story, and their code names have the distinctly American quality of being simultaneously absurd and chilling.

The first was code-named KETCHUP, later sanitized to KETCHUM. KETCHUM was a 42-track signal intercept system. Forty-two simultaneous tracks of recorded signals intelligence. In the 1960s. When most recording systems handled one or two tracks. When the average American home had a single-channel reel-to-reel if they had anything at all. Ampex was building machines that could drink from 42 firehoses at once.

The second program was code-named GOODMAN. Where KETCHUM captured the raw signal flood, GOODMAN was the replay and analysis system. The tool that let analysts go back through what KETCHUM had captured and actually make sense of it. Find the needle. Pull the thread. Connect the dot you didn't know existed to the dot you'd been staring at for six months.

During the Cuban Missile Crisis of 1962, KETCHUM/GOODMAN systems were deployed to help monitor Soviet communications. This is the level of work we're talking about. This is not a company making tape decks for recording studios. This is a company embedded in the most sensitive intelligence operations of the Cold War.

This is the environment Larry Ellison walked into.

Ellison arrived at Ampex in the early 1970s, a young programmer with an incomplete resume and an unfinished education. He was not yet Larry Ellison, billionaire yacht racer, island owner, sixth-richest person on Earth. He was Larry Ellison, guy who couldn't seem to finish anything. Born in 1944 on the South Side of Chicago to an unwed mother who gave him up at nine months old, raised by his great-aunt and great-uncle in a middle-class Jewish household, he had attended the University of Illinois at Urbana-Champaign and the University of Chicago without graduating from either. He drifted to California the way a lot of young people drifted to California in those years: because it was far away from where he'd been, and that seemed like enough of a reason.

But here's the thing about Ellison that gets lost in the dropout narrative. He wasn't stupid, in fact, he was the direct opposite of stupid. He was the kind of intelligent that institutions can't contain, the kind that chafes against curricula and deadlines and the particular indignity of being told to learn something at someone else's pace. He taught himself programming. He read voraciously. He had the specific, dangerous combination of extreme intelligence and extreme impatience that either produces founders or felons.

He did programming work at Fireman's Fund and a couple of other shops. Nothing that stuck. Nothing that suggested the trajectory to come. That all changed when he landed at Ampex.

At Ampex, Ellison was a programmer working on database-related projects. More specifically, he worked in an environment absolutely saturated with intelligence community contracts, security clearances, classified briefings, and the particular culture that develops when your employer's real customer is an agency whose budget is itself classified and whose very existence was, for decades, officially denied by the U.S. government.

This is where he met Bob Miner.

Miner was Ellison's manager at Ampex. And if Ellison was the unstable element, all kinetic energy and ambition and raw charisma bouncing off the walls, Miner was the ballast. The weight that kept the ship from capsizing. Born on December 23, 1941, in Cicero, Illinois, a working-class suburb of Chicago famous mainly for Al Capone having used it as a base of operations, Miner was the son of Iranian Assyrian immigrants whose family traced its roots to the village of Ada in the West Azerbaijan province of Iran. He earned a BS in Mathematics from the University of Illinois in 1963, came west to California, and built a quiet reputation as the kind of programmer who actually understood what he was building. Not just how to build it, but why. Not just the syntax, but the semantics.

The dynamic between Ellison and Miner at Ampex is one of those professional relationships that only makes sense in retrospect, when you can see where it led. Ellison was the mouth. Miner was the hands. Ellison could sell a vision of the future to anyone in any room, make them believe they were already living in it, make them reach for their checkbooks. Miner could make that vision actually function. Could turn the slideshow into software. Could sit at a terminal for sixteen hours and emerge with something that worked.

At Ampex, surrounded by NSA contracts and the quiet hum of classified machinery, they developed a shared understanding of what databases could do, what they were being used for, and where the real money was. They saw what the intelligence community wanted. They saw what Codd's paper had made theoretically possible. And they saw that IBM, the only company with both the paper and the resources to build it, was never going to ship it.

They also developed something else. A shared knowledge of exactly who was buying this technology and exactly what they intended to do with it.

When people tell the founding story of Oracle, they usually start with the garage. The dropout. The dream. The scrappy startup that took on IBM and won. They almost never start with the NSA signals intelligence contractor where the founders cut their teeth, building storage and retrieval tools for an intelligence community that wanted to record everything on Earth and then search all of it.

But that's where it started.

In the machine.

Three Men and a Coin Flip

On June 16, 1977, Software Development Laboratories was incorporated in Santa Clara, California. SDL. Three letters. The most boring, forgettable, deliberately anonymous name imaginable for what would become the most consequential database company in history.

The three founders: Larry Ellison, Bob Miner, and Ed Oates.

Oates is the one nobody talks about. The third man in a story that gets told as a two-man show. Born in 1946, he had come into the orbit of Ellison and Miner through one of those coincidences that Silicon Valley loves to claim as evidence of its meritocratic magic. He met the founders through a connection to a high school lab partner. That's it. Not a Stanford networking event. Not a venture capital introduction at a Palo Alto wine bar. A high school lab partner who happened to know the right people at the right time.

The total capitalization of Software Development Laboratories was $2,000. Ellison put in $1,200 of his own money. Miner and Oates split the remaining $800 between them. No outside investors. No angel round. No seed funding. They never took venture capital. Not at founding, not during growth, not ever.

This is a detail that gets glossed over constantly in the retelling of Oracle's origin story, and it shouldn't be, as it's genuinely unusual. Every other major technology company of that era, and nearly every one since, took outside money. Apple took Mike Markkula's $250,000 in 1977 and went on to raise millions more. Microsoft had a sweetheart licensing deal with IBM that functioned as a massive capital injection. Google took $25 million from Kleiner Perkins and Sequoia Capital in 1999. Facebook took $500,000 from Peter Thiel, then millions from Accel Partners.

SDL took $2,000 of its founders' own cash and told Wall Street to go find someone else.

But why?

Because they didn't need investors. They had something better.

They already had a big customer.

The Central Intelligence Agency.

The CIA contract was worth $50,000. Twenty-five times the company's total capitalization, and they already had a project name.

Oracle.

And the deliverable, described in language that should make the hair on the back of your neck stand up if you've been paying any attention at all to this story, was a system that could "answer any question about anything."

Pause on that. Roll it around in your mouth. "Answer any question about anything."

This wasn't a payroll application. This wasn't an inventory management system for tracking widgets in a warehouse. This wasn't a customer relationship database for a regional insurance company. This was a tool designed for the Central Intelligence Agency, an organization whose entire institutional reason for existing is the collection, correlation, analysis, and exploitation of information, and the specification called for a system that could answer any question about anything.

The relational database model that Ted Codd had published seven years earlier, the one IBM refused to build into a commercial product, was exactly the technology that could deliver on that promise. Tables of data that could be queried in any direction, joined in any combination, cross-referenced and interrogated in ways the original designers never imagined and never needed to imagine. The CIA didn't want a better filing cabinet. They didn't want a faster way to sort index cards.

They wanted an oracle.

And now you know where the name came from.

Here's the part that kills me every time I come back to it. According to Mike Humphries, a colleague who heard the story directly from Bob Miner, the decision to take the CIA contract instead of pursuing a different project, a compiler for the PDP-4 minicomputer, came down to a coin flip.

A literal coin flip.

Stay with me here. Three men standing in a room in Santa Clara, California, in the summer of 1977, flipping a coin to decide whether they'd spend their nascent company's first months building a compiler or building a database for the Central Intelligence Agency. Heads or tails. The coin comes up CIA. And the entire trajectory of global data infrastructure, of surveillance technology, of the relationship between Silicon Valley and the intelligence community, pivots on that moment.

You can choose to believe that's just how startups worked in 1977. Informal. Scrappy. Seat-of-the-pants decisions made over beers and coin flips because nobody had a business plan and nobody cared. And maybe that's all it was. Maybe the coin really did decide.

Or you can look at the fact that two of the three founders had just come from an NSA signals intelligence contractor. That they had spent years immersed in classified database projects for the intelligence community. That the CIA was ready with a $50,000 contract and an actual project code name before the company was barely incorporated, before it had an office or a product or even a second customer. That the project specification read like a wish list pulled directly from the intelligence community's deepest operational desires.

And you can ask yourself: how many coin flips are really coin flips?

I'm not saying the fix was in. I'm not saying the CIA recruited Ellison and Miner out of Ampex like a handler running an asset. I'm saying that the infrastructure was already there. The relationships were already there. The knowledge of what the intelligence community wanted, and the technical understanding of what Codd's model could deliver, was already there. The coin flip, if it happened at all, was a formality. The gravitational pull of the intelligence community had been drawing these men toward this moment for years.

Coincidence is a word people use when they don't want to draw the line between the dots.

SDL took the CIA contract. They built the system. They called it Oracle, after the project code name their client had given them. And they kept building.

Version 2 (There Was No Version 1)

The first version of Oracle that SDL shipped to an external customer was called Oracle Version 2.

There was no Version 1.

This was not an accident. This was not a numbering error. This was not the result of some internal prototype being counted as the first release. This was deliberate deception, and the reasoning behind it, reportedly attributed to Ellison himself, is both brazen and illuminating: "Who would buy Version 1 from four guys in California?"

Nobody blinked. Nobody said, "Wait, shouldn't we start at 1?" The lie was baked in from the very beginning, and it was so casual, so instinctive, that it barely registered as a lie at all. It was just how you did business.

Think about the psychology embedded in that single question. Before the product even existed in a shippable commercial form, the founders understood that perception mattered more than reality. That the appearance of maturity, of a track record, of having already been through one cycle of development and refinement, was more valuable to a buyer than the actual truth of the product's history. They weren't just selling software. They were selling confidence. Selling the illusion of institutional solidity. Selling a lie that said "we've been at this longer than we have."

This instinct, the willingness to bend the truth when the truth was inconvenient, to let the customer believe something that wasn't quite real, would define Oracle's corporate culture for the next five decades. It would infuriate competitors, regulators, and customers in roughly equal measure. And it would work spectacularly.

The fourth person in the room during those early days was Bruce Scott. Employee number four, hired at 24 years old. Scott wasn't a founder, but he was foundational. If Miner was the architect of Oracle's database engine and Ellison was the salesman who could convince a drowning man to buy a glass of water, Scott was the bricklayer. He wrote enormous quantities of the early Oracle code, the actual implementation of Codd's relational model that would become the foundation of a multi-billion-dollar empire.

Scott later described working with Ellison with a metaphor that has stuck with me since I first read it: "It was like working with a guy who kept hitting the product with a hammer to see what would break, and then telling the customer it was unbreakable."

That hammer. That's the Oracle story in a single image.

Scott is also responsible for one of the most enduring and ubiquitous artifacts in the entire history of database technology. Every Oracle DBA in the world, every database administrator who has ever installed Oracle, tested Oracle, troubleshot Oracle at 3 AM while their pager screamed, knows the default demonstration credentials: username SCOTT, password TIGER. Scott was Bruce Scott. Tiger was the name of his daughter's cat.

A cat named Tiger, belonging to the daughter of a 24-year-old programmer in Santa Clara, California, in the late 1970s, is now embedded in the muscle memory of hundreds of thousands of database administrators worldwide. Her name is typed into terminal windows in Tokyo and Frankfurt and São Paulo and Bangalore every single day. Security auditors have been flagging SCOTT/TIGER as a vulnerability for literally decades, and it still shows up in production databases with the regularity of a bad habit nobody wants to quit. That is either beautiful or terrifying, depending on how you feel about the security posture of systems that store your medical records and financial data. Which Oracle does. For most of the planet.

And the habit never broke. In 2026, a casual scan of Oracle's own public certificate transparency logs turned up 2,669 subdomains broadcasting internal naming conventions to anyone with a browser and ten minutes of curiosity. Physical facility codes. Network topology hints. Device naming patterns that let you map the architecture like reading a blueprint left on a park bench. The company that built a system to "answer any question about anything" still can't stop answering questions about itself. Forty-eight years of the same reflex. SCOTT/TIGER all the way down.

The company changed names the way a con artist changes towns. Always moving, always rebranding, always shedding the last identity before anyone looked too closely at it. Software Development Laboratories became Relational Software Inc., RSI, in 1979. RSI became Oracle Systems Corporation in 1982. Oracle Systems Corporation became simply Oracle Corporation in 1983. Each name change shed a layer of origin story. Each new name was slightly grander, slightly more authoritative, slightly further from the reality of a handful of exhausted programmers working brutal hours in a rented office to make a database that wouldn't crash during demos.

But here's the thing that gets lost in all the chaos and hustle. Underneath the salesmanship, underneath the version numbering tricks and the name changes and Ellison's legendary, industry-defining capacity for creative truth-telling, the product was real. The technology actually worked. Codd's relational model, implemented by Miner and Scott and a growing team of engineers who were very, very good at what they did, was genuinely revolutionary. You could ask it questions no one had anticipated. You could combine data in ways that made hierarchical databases look like stone tablets. You could build applications on top of it that would have been architecturally impossible two years earlier.

The product was real. The salesmanship was often fiction. But the product was real.

And the CIA already knew it. They'd known it since 1977, when three guys in Santa Clara, two of them fresh from an NSA contractor, told Langley they could build a system to answer any question about anything. The agency didn't take that meeting because they were curious about startup culture. They took it because they understood, before almost anyone else in the world, what a working implementation of Codd's relational model would mean for intelligence operations.

Soon, the rest of the United States government would understand it too.

Government From Day One

Oracle's first commercial customer outside the intelligence community was not a bank. Not a hospital. Not a manufacturing company. Not a retailer.

It was the United States Air Force.

Wright-Patterson Air Force Base in Dayton, Ohio, signed on in 1979. Wright-Patterson, for those who don't track military installations, is one of the most important logistics and intelligence hubs in the entire U.S. defense infrastructure. It houses the Air Force Research Laboratory. It hosted Project Blue Book, the Air Force's UFO investigation program. It is not a backwater posting. It is a nerve center.

And it was Oracle's first paying commercial customer.

The same year SDL renamed itself Relational Software Inc. The same year the company started shipping Version 2 and pretending Version 1 had existed.

This is not coincidence. This is a pattern.

The company born from a CIA contract got its first paying commercial customer from the Department of Defense. Its second and third and fourth major customers were overwhelmingly government agencies, defense contractors, and intelligence-adjacent organizations. The federal government didn't just support Oracle in its early years. The federal government was Oracle's market in its early years. Without those contracts, without the government's willingness to bet on a tiny company with a product called Version 2 and no Version 1, there is no Oracle. Full stop. The company dies in a rented office in Santa Clara, and Ted Codd's relational model waits for someone else to commercialize it.

But Oracle didn't die, it grew.

And it grew fast.

By 1983, just six years after its founding, Oracle was the largest relational database company in the world. Six years. From a $2,000 capitalization and a single CIA contract to global market dominance in the time it takes some venture-backed startups to finish their Series A. That trajectory doesn't happen on product quality alone, though the product was good. It doesn't happen on sales talent alone, though Ellison could sell sand in a desert. It happens when your customer base has effectively unlimited budgets funded by the U.S. taxpayer, when your technology solves a problem that the most powerful institutions on Earth consider existential, and when the people evaluating your product have the security clearances to know exactly what it can do because they've seen it do it.

The IPO came on March 12, 1986. In one of those historical coincidences that's almost too perfect, Microsoft went public the very next day, March 13. Two companies that would come to define the global technology landscape, going public within 24 hours of each other. Oracle reported $55 million in annual revenue and had approximately 450 employees. It was, by any measure, already a major technology company.

But the IPO did something beyond raising capital. It made Oracle visible in a way it hadn't been before. It drew Wall Street analysts. It drew journalists. It drew attention. And with attention came the beginning of a transformation that would accelerate over the next four decades.

Oracle began building a revolving door between itself and the U.S. government that would spin with increasing speed for decades. Military officials retired from the Pentagon and joined Oracle's consulting division. Oracle executives took advisory positions in government agencies. Government procurement officers who had approved Oracle contracts showed up on Oracle's payroll a few years later. Consulting contracts flowed in both directions. Data migration projects multiplied.

The line between Oracle the private corporation and the government that had birthed it grew thinner and thinner until, in certain corridors of Washington, in certain Pentagon procurement offices, in certain intelligence community briefing rooms, it was effectively invisible.

A CIA director would sit on Oracle's board of directors. We will get to that story in detail in a later installment of this series. For now, just file that fact away. Let it sit in the back of your mind like a low electrical hum you can't quite place but can't quite ignore.

And decades later, the database built for the CIA would find new political patrons. A think tank with a plan. A project with a number. A personnel system designed to reshape the federal government from the inside out. Oracle would build that too. That story comes later.

The company that started with a CIA contract would end up with a CIA director helping to govern it. The company built to "answer any question about anything" would spend the next four decades embedding itself in every database, every cloud system, every government network where questions were being asked and answers were being stored.

From Day One, Oracle was a government company wearing a commercial mask. The mask got nicer over the years. More polished. The suit got more expensive. The lobbying operation got more sophisticated. The marketing got slicker. But underneath all of it, from that first $50,000 check signed at Langley to the multi-billion-dollar federal cloud contracts of today, the underlying relationship never changed.

It just scaled.

And scaled. And scaled.

Oracle went from databases to applications to middleware to cloud infrastructure. It bought PeopleSoft in a hostile takeover so brutal it became a Harvard Business School case study. It swallowed Sun Microsystems whole, acquiring Java and MySQL and Solaris and an entire hardware division in a single gulp. It bought over 130 companies in a two-decade acquisition spree that reshaped the entire enterprise technology landscape.

But all of that comes later. Right now, in the mid-1980s, Oracle is a publicly traded company with deep government roots, a product that works, a sales culture that would make a used car lot blush, and a void at its center that is about to become permanent.

The Ghost of Bob Miner

Bob Miner died on November 11, 1994. Veterans Day. He was 52 years old.

The cause was an aggressive and almost invariably fatal cancer of the tissue lining the lungs. It is a cancer caused, in the overwhelming majority of cases, by exposure to asbestos. The son of Assyrian immigrants from a village in the mountains of western Iran, the quiet mathematician from a working-class suburb of Chicago, the man who actually built the database that Larry Ellison sold to the world, was dead before Oracle's real story had even begun.

Miner never saw the cloud. Never saw the acquisition spree that would consume more than a hundred companies. Never saw Oracle become a surveillance infrastructure company masquerading as an enterprise software vendor. He built the engine. And then he was gone.

The people who knew him, who worked beside him in those early years, describe a person fundamentally different from the company he helped create. Where Ellison was bombastic, Miner was measured. Where Oracle's sales culture rewarded aggression and creative truth-telling and the willingness to promise features that didn't exist yet, Miner valued precision and honesty and the quiet satisfaction of code that actually worked. He was the conscience of the operation. The person in the room who would look at Ellison and say, "We can't promise that, Larry. That's not what the product does."

When he died, that voice went silent. And nobody replaced it.

It is impossible to know what Oracle would have become if Miner had lived another twenty or thirty years. Maybe nothing different. Maybe Ellison's gravitational pull was always too strong, the market forces too powerful, the government's appetite too insatiable for one quiet engineer to redirect the course of a company already moving at escape velocity. Maybe the machine was always going to become what it became.

But there's a version of the story where the man who actually understood the technology, who knew what it could do because he'd built it with his own hands at a keyboard, who had the moral weight and the institutional standing to push back against its worst possible applications, was still alive when the decisions that mattered most were being made.

We don't live in that version.

We live in the one where Bob Miner is a footnote in someone else's biography, where Larry Ellison is the main character of every telling, and where a company born from a CIA project called Oracle became a corporation called Oracle and nobody ever thought that was strange.

His grave is in the Hills of Eternity Memorial Park in Colma, California. The town of Colma has more dead residents than living ones. It's where San Francisco sends its cemeteries. Bob Miner, the man who built the database that knows where everyone is, rests in a town of the dead, surrounded by people who can no longer be queried.

The Red Thread

So that's where it started. A buried paper. An NSA contractor. Three guys, two thousand dollars, and a coin flip. A CIA project code-named Oracle that became a company called Oracle, selling a technology designed to answer any question about anything to the people most interested in asking questions about everyone.

In the next installment, we're going to follow the thread forward. We're going to look at what Ellison built in the years after Bob Miner's death. At the ideas about surveillance that would terrify civil libertarians if they understood the infrastructure already in place. And at the precise moment when Oracle stopped being a database company and started being something else entirely.

Something much bigger. Something much darker. Something that touches your medical records, your financial data, your government identity, and a network of contracts so vast and so interconnected that mapping them requires the very technology Oracle sells.

The database named itself. Think about that. A CIA project called Oracle became a product called Oracle became a company called Oracle. The code name stuck because it was never just a code name. It was a mission statement. It was a promise, made to the intelligence community in 1977, that this technology would see everything, know everything, and answer any question about anything.

That promise has been kept. In ways that Ted Codd never imagined, that Bob Miner never lived to see, and that the rest of us are only beginning to understand.

The red thread doesn't end here.

It’s just starting to unspool.

We'll see you all at the next drop, but until then always remember to Follow The Red Threads.

Sources

Every claim is sourced. Feel free to check our work.

Edgar Frank Codd & The Relational Model

• Codd, E.F. "A Relational Model of Data for Large Shared Data Banks." Communications of the ACM, Vol. 13, No. 6, June 1970. ACM Digital Library

• Codd biographical details and IBM history: Computer History Museum

• Codd's Turing Award (1981): ACM A.M. Turing Award

• IBM's System R and suppression of the relational model: Wilson, Mike. The Difference Between God and Larry Ellison (William Morrow, 1997)

Ampex Corporation & NSA Programs

• Ampex founding and history: Computer History Museum — Ampex

• KETCHUM/GOODMAN signal intercept programs: Declassified NSA history documents, National Security Archive at George Washington University

• Cuban Missile Crisis signals intelligence operations: NSA — The Cuban Missile Crisis

Oracle Founding

• SDL incorporation (June 16, 1977), $2,000 capitalization, CIA contract: Wilson, Mike. The Difference Between God and Larry Ellison (William Morrow, 1997)

• CIA "Oracle" project code name and "answer any question about anything" specification: Symonds, Matthew. Softwar: An Intimate Portrait of Larry Ellison and Oracle (Simon & Schuster, 2003)

• Coin flip anecdote attributed to Bob Miner via Mike Humphries: Wilson, The Difference Between God and Larry Ellison

• No venture capital funding: Oracle SEC filings, IPO prospectus (1986)

Larry Ellison Background

• Birth, adoption, education history: Symonds, Softwar (2003); Wilson, The Difference Between God and Larry Ellison (1997)

• Ellison at Ampex: Forbes profile

Bob Miner

• Biographical details, Iranian Assyrian heritage, University of Illinois: Wilson, The Difference Between God and Larry Ellison

• Death (November 11, 1994), pleural mesothelioma: Find a Grave — Bob Miner

• Hills of Eternity Memorial Park, Colma, CA: Public records

Bruce Scott & SCOTT/TIGER

• Employee #4 status, default credentials origin: Oracle Magazine interview archives

• "Hitting the product with a hammer" quote: Wilson, The Difference Between God and Larry Ellison

Ed Oates

• Third co-founder, high school lab partner connection: Symonds, Softwar

Version 2 (No Version 1)

• Deliberate version numbering decision: Symonds, Softwar; Wilson, The Difference Between God and Larry Ellison

Company Name Changes

• SDL → RSI (1979) → Oracle Systems Corporation (1982) → Oracle Corporation (1983): Oracle SEC filings; Oracle corporate timeline

Wright-Patterson Air Force Base

• First commercial customer (1979): Wilson, The Difference Between God and Larry Ellison

• Wright-Patterson history and mission: Wright-Patterson AFB official site

Oracle IPO

• March 12, 1986, $55M revenue, ~450 employees: Oracle IPO prospectus, SEC EDGAR filings

• Microsoft IPO March 13, 1986: SEC EDGAR

Certificate Transparency / OSINT

• 2,669 Oracle subdomains from public CT logs: Original research, crt.sh public database query (March 2026)

• Methodology: Certificate Transparency specification, RFC 6962

Five billion people.

That's how many human beings Oracle Corporation claimed to have detailed dossiers on, and all by 2020. Not profiles, not user accounts, not usernames, but full dossiers. We're talking names, addresses, browsing histories, purchase records, health data, location tracking, and even your political preferences. The digital exhaust of modern life, all collected, analyzed, and monetized.

On a planet of eight billion souls, Larry Ellison's machine had files on five billion of them, and that estimate was over half a decade ago.

Now he owns 15% of TikTok, a quarter of America's hospital records run on his systems, and his cloud hosts classified Pentagon secrets, his son just bought CBS News, Paramount Pictures, Nickelodeon, MTV, and Showtime, and at the time of writing, we have now received breaking news that Ellison's son's Skydance-Paramount has won the bid for Warner Bros. Discovery, beating out Netflix for CNN, HBO, and the entire Warner Bros. film library. All while Ellison is simultaneously building a $500 billion AI system, at the behest of the White House.

This isn't the story of another tech billionaire. This is the story of how surveillance became infrastructure, how one man built an empire that touches every layer of human activity, and why almost nobody is paying attention.

Except for us over here at The Red String Wire. We followed the money. We mapped the power. And we've wired the threads.

The CIA's Database Company

Every empire has an origin myth, and while most are sanitized, Oracle's isn't…it has simply been forgotten.

In 1977, a 33-year-old college dropout named Larry Ellison was working at the consulting firm Ampex when the CIA came calling. The agency had a project, code-named "Project Oracle," to build a special relational database, and the previous contract had just lapsed. Ellison and his colleague Robert Miner convinced the CIA to let them pick it up for $50,000.

They founded a company called Software Development Laboratories. Then Relational Software Incorporated. Then, finally, they named it after the thing that made them: Oracle Systems Corporation. Named directly after the CIA project.

The CIA was their first customer.

This isn't speculation buried in classified documents. Oracle's own defense and intelligence page states it plainly: "We started with the US Government as our first customer. Today, 1,000+ public sector organizations and 100% of federal cabinet agencies build, modernize, and innovate with Oracle."

One. Hundred. Percent. Of federal cabinet agencies.

The company was born from an intelligence agency's need to organize information about people, and 49 years later, it has never stopped doing exactly that. It just expanded the definition of "information" to include everything about everyone…

The Ideology

Most tech billionaires at least pay lip service to privacy and civil liberties, even as their companies hoover up user data. Ellison skips the pretense, and sees surveillance as a feature, not a bug.

Three weeks after September 11, 2001, while America was still processing the attack, Ellison called for a national identification card with biometric identifiers, thumbprints, iris scans, all linked to a centralized database merging Social Security records, law enforcement databases, and other government data. He offered to donate Oracle's software, for free.

When the ACLU pushed back and Congress eventually banned national ID systems in 2005, Ellison didn't give up. He pivoted. If the US wouldn't let him build a biometric database, he'd find other ways to collect the same information, and other countries that would.

By September 2024, during Oracle's Financial Analyst Meeting, the world's second-richest man was ready to say the quiet part out loud:

"Every police officer is going to be supervised at all times, and if there's a problem, AI will report that problem and report it to the appropriate person. Citizens will be on their best behavior, because we are constantly recording and reporting everything that's going on."

He also predicted AI-powered drones replacing police cars:

"You just have a drone follow the car. It's very simple in the age of autonomous drones."

This wasn't a slip. It wasn't taken out of context. It was a billionaire whose company was literally founded on a CIA database contract, who bought his way into tracking data on five billion people, who now owns a quarter of America's hospital records, telling investors that the future is total surveillance.

And he's excited about it.

The through-line is 23 years long, and perfectly straight. From volunteering to build the government a biometric database in 2001 to promising investors an AI panopticon in 2024.

The Empire

So what does the Ellison family touch, either directly or through Oracle, you ask?

Government and Intelligence. Every federal cabinet agency runs on Oracle infrastructure, and has since 1977. Top Secret/SCI cloud environments for the Defense Department and Intelligence Community. A $9 billion JWCC military cloud contract. A $222.53 million US Army cloud deal in 2025. An $88 million Air Force contract for Top Secret workloads in 2026.

Your Health. 25% of American hospitals run on Oracle Health, formerly Cerner, acquired for $28.3 billion. The entire Veterans Affairs medical system. Department of Defense medical records.

Your Data. Five billion dossiers compiled through BlueKai, Datalogix, AddThis, and Crosswise. The apparatus was "shut down" after a $115 million settlement in 2024, but databases don't disappear after a fine that's akin to a slap on the wrist.

Your Media. CBS News, Paramount Pictures, Nickelodeon, MTV, Showtime, UFC broadcast rights, all now owned through Larry Ellison's son David Ellison's Skydance acquisition. Fifteen percent of TikTok's US entity, with 170 million American users. And in February 2026, Skydance-Paramount won the bidding war for all of Warner Bros. Discovery, beating Netflix. That's CNN, HBO, and the entire Warner Bros. film library, all now under one family's umbrella.

Your Future. Stargate LLC, a $100 to $500 billion AI infrastructure project, announced by the Trump administration. A strategic partnership with Palantir for military and intelligence AI systems. $11 million in annual federal lobbying, with former lawmakers on the payroll.

And overseas? Marketing surveillance tools to Chinese police, including in Xinjiang, during what the US State Department calls a genocide. Building biometric ID systems for the UK, the same systems Congress banned domestically. Personal ties between Oracle's CEO and Benjamin Netanyahu. And underground data centers in Israel.

This is not a company. It's an infrastructure layer for modern life, that happens to be controlled by one man and his family.

The Gap Between Attention and Power

If one family holds so much power, why are they not household names like the other upper echelon in the US?

Elon Musk gets the congressional hearings. Mark Zuckerberg gets the regulatory scrutiny. And Larry Ellison gets the big, dark, shadow contracts.

Ellison doesn't need to buy Twitter. He has TikTok and CNN. He doesn't need to lobby against AI regulation, as he's building the government's entire AI infrastructure. He doesn't need to fight privacy laws, as he already has the data.

WIRED called him "a shadow president in Donald Trump's America," operating with "more stealth than Musk" in shaping the administration's technology agenda.

Traditional media focuses on the loud billionaires. The ones who buy social media platforms and launch rockets and get into Twitter feuds. They miss the quiet ones, who buy the systems that actually run society.

They follow the noise. We follow the money.

The concentration of data, infrastructure, defense contracts, media ownership, social media control, and political access in a single family, with a documented 49-year pattern of building surveillance tools for governments including authoritarian ones, represents a level of power concentration that should concern anyone who cares about how the future gets built.

The Series

This overview is a map, and over the coming days and weeks, we'll be walking through every inch of it.

Part 1: The Database That Named Itself. How a CIA side project became the foundation of a surveillance empire.

Part 2: The Man Behind the Machine. Larry Ellison's ideology, from national ID cards to AI-powered drone policing.

Part 3: The Acquisition Machine. How Oracle assembled the most comprehensive data pipeline in corporate history, one hostile takeover at a time.

Part 4: Five Billion Files. Inside Oracle's consumer surveillance apparatus. What they collected, how they got caught, and where the data went.

Part 5: The Government Pipeline. Top Secret clearances, $9 billion contracts, and the revolving door between Oracle and the Pentagon.

Part 6: The China File. Oracle's surveillance tools in the hands of Chinese police. In Xinjiang. During a genocide.

Part 7: The Political Bridge. Safra Catz, $11 million in lobbying, and the quiet art of influence without fingerprints.

Part 8: The Media Empire. CBS, TikTok, CNN. How one family is assembling control over what Americans see and hear.

Part 9: Stargate and The Network. $500 billion in AI infrastructure, a partnership with Palantir, and the convergence of surveillance and artificial intelligence.

Each part is sourced. Each claim is documented. And wherever the Red Threads lead, we will follow.

The Red Thread

The red string connects Larry Ellison to Peter Thiel, to the intelligence agencies, to the defense contractors, to the political donors, to the media owners. It's the same network, the same people, the same money, all flowing through different vessels toward the same end: control, through information.

You don't have an Oracle account. You've never bought Oracle stock. You probably couldn't name three Oracle products.

But Oracle knows you.

When you went to the hospital, your records went into Oracle's database. When you scrolled TikTok, your engagement patterns fed Oracle's algorithms. When your employer runs payroll through PeopleSoft, Oracle processes your salary. When you interact with government services running on Oracle infrastructure, the company founded on a CIA contract handles your information.

The surveillance state wasn't imposed by government decree. It was built through procurement. One contract at a time. One acquisition at a time. One database at a time.

Information is the opposite of helplessness.

We’ll see you all at the next drop, but until then always remember to Follow The Red Threads.

Sources

Every claim is sourced. Feel free to check our work.

• Oracle Defense & Intelligence (oracle.com)

• Oracle's CIA Origins (SFGate)

• Oracle Federal Lobbying (OpenSecrets)

• BlueKai Data Leak (TechCrunch)

• Oracle Tools for Chinese Police (The Intercept)

• Ellison's Surveillance Vision (Fortune)

• "Shadow President" (WIRED)

• TikTok Deal Structure (CNBC)

• WBD/Skydance-Paramount Deal (CNBC)

• Ellison National ID Proposal (CNN, 2001)

• JWCC Contract Award (CNBC)

• Paramount/Skydance Acquisition (Forbes)

• Oracle + Palantir Partnership (Oracle)

• Oracle $115M Privacy Settlement (CIO)