Contents
- Purpose
- Methodology
- Governance & Sensitive Documents
- Personnel & PII Exposure
- Financial Documents
- Wayback Machine Archive
- Certificate Transparency
- Funding & Contract Records
- Legal & Regulatory Records
- Infrastructure & Technical Surface
- Disaster & Environmental
- Media & Public Narrative
- Risk Summary
- Recommendations
- What This Means
Purpose
This audit maps the publicly indexed digital footprint of Connected Nation, Inc. across federal grant databases, IRS nonprofit filings, certificate transparency logs, the Wayback Machine archive, DNS records, FEMA disaster declarations, and the entity's own web properties.
What can anyone with a search engine learn about your organization in 30 minutes?
Connected Nation is a 25-year-old national nonprofit headquartered in Bowling Green, Kentucky, focused on broadband access, adoption, and digital inclusion. As an organization that operates at the intersection of federal broadband policy, state government contracts, and ISP partnerships, your digital footprint spans dozens of federal agency domains, state procurement records, and regulatory filings. This audit examines what that assembled picture looks like to anyone with an internet connection.
Methodology
The following public data sources were queried:
- Advanced search (dorking): Targeted searches for PDFs, CSVs, and sensitive file types across connectednation.org and federal agency domains
- Nonprofit registries: ProPublica Nonprofit Explorer, GuideStar/Candid, Charity Navigator, Instrumentl
- Wayback Machine CDX API: Historical archive of connectednation.org (2008-2026)
- Certificate Transparency (crt.sh): SSL/TLS certificate records for connectednation.org and subdomains
- DNS interrogation: A, MX, NS, TXT, CNAME records for connectednation.org
- USASpending API: Federal grant and contract award records
- NTIA grant archives: BTOP and SBI program records
- Court records: Justia, CourtListener, JudyRecords
- FEMA disaster declarations: Warren County, Kentucky
- EPA ECHO facility database: Environmental compliance records
- Media coverage: News articles, press releases, public statements (2024-2026)
Governance & Sensitive Documents
Queries used
"Connected Nation" filetype:pdf "confidential" OR "internal" OR "not for distribution"
"Connected Nation" filetype:pdf "agreement" OR "contract" OR "memorandum"
site:connectednation.org intitle:"index of"
site:connectednation.org inurl:backup OR inurl:admin OR inurl:config
site:connectednation.org intitle:"login" OR inurl:portal| # | Document | Hosted On | Risk | Notes |
|---|---|---|---|---|
| 1 | Memorandum of Agreement (Bettendorf, IA) | bettendorf.com | MEDIUM | Full executed MOA disclosing $730,506 contract value and payment terms. Hosted on city domain. |
| 2 | GIS Portal OAuth2 Sign-In | gis.connectednation.org | MEDIUM | ArcGIS Enterprise OAuth2 endpoint indexed by search engines with OAuth state token visible in URL. |
| 3 | AWS S3 Static Assets | connectednation.org | LOW | S3 pre-signed URLs with visible IAM access key ID prefix. Standard AWS behavior, not a credential leak, but fingerprints infrastructure. |
Assessment: MEDIUM
Summary: No confidential or internal documents were found exposed. A full executed contract with the City of Bettendorf is publicly hosted on a third-party municipal site. The GIS portal's OAuth2 endpoint is indexed with state tokens, which warrants review.
Personnel & PII Exposure
Queries used
"Connected Nation" filetype:csv OR filetype:xlsx "employee" OR "roster" OR "directory"
"Connected Nation" filetype:pdf "staff list" OR "phone directory" OR "org chart"| # | Document | Hosted On | Risk | Notes |
|---|---|---|---|---|
| 1 | ZoomInfo Company Profile | zoominfo.com | LOW | Third-party scrape listing ~78 employees. Behind paywall. |
| 2 | ContactOut Email Format | contactout.com | LOW | Third-party scraper inferring email patterns from public data. |
| 3 | LeadIQ Email Formats | leadiq.com | LOW | Sales intelligence platform with inferred email patterns. |
| 4 | Our Team page | connectednation.org | LOW | Official public team page -- intentional disclosure. |
Assessment: LOW
Summary: No employee rosters, org charts, or phone directories found exposed. Personnel information limited to third-party business intelligence scrapers.
Financial Documents
Queries used
"Connected Nation" filetype:pdf "audit" OR "financial statement" OR "annual report" OR "990"
"Connected Nation" site:projects.propublica.org| # | Document | Hosted On | Risk | Notes |
|---|---|---|---|---|
| 1 | ProPublica Nonprofit Explorer | propublica.org | LOW | Full IRS 990 filings (2011-2024). Standard 501(c)(3) transparency. |
| 2 | GuideStar/Candid Profile | guidestar.org | LOW | Standard nonprofit transparency profile. |
| 3 | Charity Navigator Rating | charitynavigator.org | LOW | 4-star rating (95%). Program expense ratio: 93.69%. |
| 4 | NTIA National Broadband Research Agenda | ntia.gov | LOW | CN position paper on federal agency domain. Public record. |
Assessment: LOW
Summary: Financial exposure limited to standard nonprofit transparency channels. No internal budgets or audit reports found on third-party domains.
Wayback Machine Archive
Domain queried: connectednation.org
| Metric | Value |
|---|---|
| Total unique pages archived | 33,325 |
| Total unique PDFs/documents archived | 1,684 |
| Earliest snapshot | 2008-02-25 |
| Most recent snapshot | 2026-04-06 |
| Hosting platform detected | Drupal (2008-2017) → WordPress Multisite (2018+) → Laravel/Vue.js (current) |
| Subdomains discovered | 17 (apps, att, attaspire, bead, cdn, connected, essentials, gis, impact, michigan, ohio, outreach, speedtest, surveys, training, utah, www) |
Notable archived paths
| # | Document | Type | Notes |
|---|---|---|---|
| 1 | Tribal Mobility Fund Policy Brief | FCC Tribal Mobility Fund policy brief (2013) | |
| 2 | CN IXP Target Location List | Internet exchange point target locations -- infrastructure planning document | |
| 3 | Mefford Congressional Testimony (2009) | House subcommittee testimony by former CEO Brian Mefford | |
| 4 | Standard NOFA NDA Template (2009) | Provider NDA template for broadband mapping data sharing | |
| 5 | Michigan Economic Impact Study | Broadband economic impact analysis for Michigan | |
| 6 | Connect K-12 Connectivity Report | National K-12 school connectivity report |
Assessment: MEDIUM-HIGH
Summary: Connected Nation has an 18-year Wayback archive spanning 33,325 unique pages and 1,684 unique PDFs. The corpus includes 123+ broadband policy briefs, congressional testimony, economic impact studies, and NDA templates. Many documents from the Drupal era are no longer on the live site but remain accessible via the archive.
Certificate Transparency
Domain analyzed: connectednation.org
| Property | Value |
|---|---|
| Total certificates found | 500+ |
| Certificate issuer(s) | Google Trust Services, Let's Encrypt, Amazon RSA, Sectigo, CloudFlare, COMODO |
| Earliest certificate | ~2020 |
| Most recent certificate | 2026-04-03 |
| Wildcard certs? | Yes (*.connectednation.org) |
| Renewal pattern | Mixed: 90-day automated (primary) + annual manual (subdomains) |
Subdomains Discovered via SANs
| # | Subdomain | Issuer | Notes |
|---|---|---|---|
| 1 | www.connectednation.org | Google Trust / Let's Encrypt | Standard web presence |
| 2 | surveys.connectednation.org | Sectigo (valid through 2027-03) | Survey platform (Alchemer) |
| 3 | remote.connectednation.org | Sectigo (valid through 2026-11) | Remote access gateway -- VPN or RDP |
| 4 | gis.connectednation.org | Sectigo (valid through 2026-06) | ArcGIS Enterprise GIS/mapping platform |
| 5 | bead.connectednation.org | Amazon RSA (expired 2025-12) | BEAD program portal -- may be inactive |
Assessment: MEDIUM
Summary: Connected Nation operates a multi-provider infrastructure with five distinct subdomains. The remote subdomain indicates an on-premises remote access gateway. The wildcard certificate means additional subdomains may exist not visible in CT logs.
Funding & Contract Records
USASpending Recipient Profile: View Profile (UEI: SXA4D42KVYC3) — 10 grant awards totaling $45,141,566
Federal Grant Awards
| # | Award | Amount | Agency | Period | Notes |
|---|---|---|---|---|---|
| 1 | SBDD - Texas | $8,026,000 | Commerce/NTIA | 2010-2014 | ARRA State Broadband Data & Development |
| 2 | BTOP - OPAL II | $6,856,399 | Commerce/NTIA | 2010-2013 | Public Adoption through Libraries |
| 3 | SBDD - Alaska | $6,273,002 | Commerce/NTIA | 2010-2015 | ARRA SBDD |
| 4 | SBDD - Iowa | $5,646,890 | Commerce/NTIA | 2010-2015 | ARRA SBDD |
| 5 | SBDD - Michigan | $4,755,684 | Commerce/NTIA | 2009-2014 | ARRA SBDD |
| 6 | SBDD - Minnesota | $4,335,650 | Commerce/NTIA | 2009-2015 | ARRA SBDD |
| 7 | SBDD - Nevada | $3,990,690 | Commerce/NTIA | 2009-2015 | ARRA SBDD |
| 8 | SBDD - South Carolina | $3,930,538 | Commerce/NTIA | 2009-2015 | ARRA SBDD |
| 9 | SBDD - Kansas | $1,229,513 | Commerce/NTIA | 2009-2011 | Transferred to KS Dept of Commerce |
| 10 | RBDG | $97,200 | Agriculture/RBS | 2022-2024 | Rural Business Development Grant |
| 11 | Kansas IXP Grant | $5,000,000 | State of Kansas | 2024+ | State grant to CNIXP LLC for Internet Exchange Point |
IRS 990 Revenue Trend
| Year | Revenue | Expenses | Net Assets |
|---|---|---|---|
| 2024 | $7,932,625 | $10,495,007 | $5,157,406 |
| 2023 | $13,356,006 | $13,264,839 | $7,719,788 |
| 2022 | $13,314,360 | $10,302,434 | $8,118,185 |
| 2021 | $16,572,653 | $15,265,697 | $5,021,239 |
| 2020 | $5,579,915 | $4,180,613 | $3,775,236 |
Executive Compensation (2024): Tom Ferree (President): $350,879 | Chris Pedersen (EVP): $221,946 | Bernice Bogle (VP/Treasurer): $219,664
Subsidiary Entities
| # | Entity | Relationship | Notes |
|---|---|---|---|
| 1 | CNIXP LLC | 50/50 JV with Newby Ventures | 125+ carrier-neutral IXP facilities across 43 states |
| 2 | Connected Nation Exchange (CNX) | Strategy subsidiary | Macquarie Capital broadband P3 partnership (~2016) |
| 3 | ConnectKentucky | Origin entity | CN grew out of ConnectKentucky (2004) |
| 4 | Connected Tennessee | State affiliate | Separate entity for TN SBDD grant ($2.72M) |
| 5 | Connect K-12 | Program/product | School connectivity data platform |
Assessment: MEDIUM
Summary: Full federal funding portfolio ($45.1M) is reconstructable through USASpending. Cumulative revenue ~$134M, overwhelmingly from government. Five subsidiary entities identified. Revenue cycles with federal broadband funding programs.
Legal & Regulatory Records
Litigation: No indexed federal or state litigation found as plaintiff or defendant.
Regulatory Filings
| # | Filing | Source | Notes |
|---|---|---|---|
| 1 | BTOP/SBI - Texas ($8.03M) | ntia.doc.gov | 11 amendments, quarterly reports through Q4 2014 |
| 2 | BTOP/SBI - Iowa ($5.77M) | ntia.doc.gov | 14 regional planning teams, 14 amendments |
| 3 | BTOP/SBI - Michigan ($4.76M) | ntia.doc.gov | State designee for MI broadband data |
| 4 | BTOP/SBI - Minnesota ($4.47M) | ntia.doc.gov | 9 amendments, state designee for MN |
| 5 | DOC OIG Broadband Oversight | oig.doc.gov | Standard BTOP oversight indexing; no finding |
Documented Controversies (Public Record)
| # | Issue | Source | Period | Notes |
|---|---|---|---|---|
| 1 | Telco industry ties on board | Techdirt | 2008-2009 | Board included AT&T lobbyists and former Bell executives |
| 2 | Broadband mapping data opacity | Techdirt / DSLReports | 2009 | Critics alleged maps overstated incumbent coverage |
| 3 | Iowa no-bid contract ($730K) | The Gazette | 2014 | State contract issued without competitive bidding |
Assessment: LOW
Summary: Zero indexed litigation. Substantial regulatory footprint with $38M+ in BTOP/SBI grants. Documented controversy (2008-2010) centered on telecom industry board composition and mapping methodology but never escalated to enforcement.
Infrastructure & Technical Surface
Domain analyzed: connectednation.org
DNS Configuration
| Record | Value | Significance |
|---|---|---|
| A | 54.192.100.x (4 IPs) | AWS CloudFront CDN |
| MX | d301141a/b.ess.barracudanetworks.com | Barracuda email security gateway |
| NS | james/june.ns.cloudflare.com | Cloudflare DNS |
| TXT (SPF) | includes: outlook.com, barracuda, salesforce, act-on, campaign monitor | Multi-platform email auth |
| TXT (DMARC) | v=DMARC1; p=none; fo=1 | Monitoring mode only -- not enforcing |
Infrastructure Profile
| Property | Value |
|---|---|
| Hosting platform | AWS CloudFront CDN fronting Laravel/Vue.js application |
| Domain type | .org |
| Email provider | Microsoft 365 (via Barracuda ESS gateway) |
| CDN/Proxy | AWS CloudFront + Cloudflare DNS |
| Marketing stack | Salesforce, Act-On, Campaign Monitor |
| Security headers | Strong (HSTS preload, X-Content-Type-Options, X-Frame-Options) |
| DMARC enforcement | Not enforcing (p=none) |
Assessment: CLEAN
Summary: Mature, professionally managed infrastructure. Enterprise SaaS tools indicate a well-funded IT operation. The one gap is DMARC set to monitoring-only, meaning email spoofing protection is not active.
Disaster & Environmental
FEMA Declarations (Warren County, KY)
| # | Declaration | Date | Type | Notes |
|---|---|---|---|---|
| 1 | FEMA-4630-DR | 2021-12-12 | Tornadoes, Storms, Flooding | Dec 10-11 tornado outbreak; 400+ residential units damaged; $2.4M to Warren Rural Electric Coop |
| 2 | FEMA-4804-DR | 2024-07-23 | Storms, Tornadoes, Landslides | Warren County designated for Individual Assistance |
| 3 | FEMA-4864-DR | 2025-04-24 | Storms, Flooding, Landslides | 10+ inches rain on Warren County; DRC opened in Bowling Green |
EPA Records: No records found. No EPA-regulated facilities. Expected for a nonprofit broadband organization.
Assessment: MEDIUM
Summary: CN itself has no environmental exposure. However, Bowling Green/Warren County has experienced three major FEMA disaster declarations in four years, directly relevant to CN's broadband recovery mission.
Media & Public Narrative
Recent News Coverage
| # | Article | Date | Key Points |
|---|---|---|---|
| 1 | CN marks 25 years of service | 2026-02 | 25th anniversary; world record attempt for digital skills training |
| 2 | Internet pricing disparities study | 2026-02 | Analyzed 6,300 Louisville addresses; pricing varies by neighborhood |
| 3 | BEAD Tracker covers nearly 4M locations | 2025-12 | Tracker covers 96% of states/territories; $20B in BEAD funds |
| 4 | Statement on SUCCESS for BEAD Act | 2025-12 | Endorsed redirecting BEAD funds toward AI-enabling infrastructure |
| 5 | Rural internet insecurity report | 2025-09 | 30.6% of rural households internet insecure |
Leadership Identified
| # | Name | Role | Notes |
|---|---|---|---|
| 1 | Tom Ferree | Chairman & CEO | Active 2026. FCC BDAC member. Comp: $350,879 |
| 2 | Brent Legg | EVP, Government Affairs | Leads public policy agenda |
| 3 | Heather Gate | EVP, Digital Inclusion | Chair of FCC CEDC |
| 4 | Chris Pedersen | EVP, Development & Planning | Relationship manager for new programming |
| 5 | Frank Martinez | VP, Strategic Initiatives | Previously Digital Inclusion at Intel |
| 6 | Jessica Denson | Communications Director | Brand strategy and media relations |
Assessment: LOW
Summary: Well-established organization in steady-state-to-growth mode. Politically agile leadership praising both Biden and Trump administration initiatives. Influence through press statements and FCC advisory committee seats.
Risk Summary
| Category | Assessment | Key Finding |
|---|---|---|
| Governance & Documents | MEDIUM | Municipal contract on third-party domain; GIS OAuth endpoint indexed |
| Personnel & PII | LOW | Third-party scrapers only; no entity-caused exposure |
| Financial Documents | LOW | Standard 501(c)(3) transparency channels |
| Wayback Archive | MEDIUM-HIGH | 33K pages / 1,684 PDFs; 123+ policy briefs; legacy content persists |
| Certificate Transparency | MEDIUM | 5+ subdomains incl. remote access gateway |
| Funding & Contracts | MEDIUM | $45.1M reconstructable; 5 subsidiaries identified |
| Legal & Regulatory | LOW | Zero litigation; documented but resolved controversies |
| Infrastructure | CLEAN | Mature stack; strong security headers |
| Disaster & Environmental | MEDIUM | 3 FEMA declarations in 4 years at HQ jurisdiction |
| Media & Narrative | LOW | Stable leadership; bipartisan positioning |
Connected Nation's digital footprint is extensive and well-documented across federal grant databases, nonprofit registries, certificate transparency logs, and 18 years of web archives. The organization's entire funding history, executive compensation, subsidiary structure, and regulatory engagement are publicly reconstructable. This is largely expected for a 25-year-old nonprofit operating in federal broadband policy, but the volume and specificity of what's indexed means any prospective partner, competitor, or journalist can build a comprehensive profile with standard search tools.
Recommendations
Immediate Actions
1. Review GIS portal indexing. The ArcGIS Enterprise OAuth2 endpoint at gis.connectednation.org is indexed by search engines with OAuth state tokens in URLs. Add appropriate robots.txt rules or meta noindex directives to prevent further indexing of authentication endpoints.
2. Upgrade DMARC to enforcement. Current DMARC policy is p=none (monitoring only). Move to p=quarantine or p=reject to prevent email spoofing of the connectednation.org domain.
3. Audit BEAD subdomain. The bead.connectednation.org SSL certificate expired in December 2025. If the portal is still operational, renew the certificate. If consolidated, decommission the subdomain and remove DNS records.
4. Review Wayback Machine exposure. 1,684 unique PDFs are archived, including NDA templates, internal planning documents, and policy briefs no longer published on the live site. Consider whether any archived content warrants a removal request.
Ongoing Monitoring
1. Certificate transparency monitoring. Set up alerts for new certificates issued for connectednation.org to detect unauthorized subdomain creation.
2. USASpending profile review. Monitor the recipient profile for accuracy as new BEAD-era awards are issued.
3. Third-party data aggregator monitoring. Business intelligence scrapers will continue to aggregate employee data. Periodically review for accuracy.
Strategic Considerations
1. Subsidiary entity management. Five distinct entities each create additional digital footprint surface area. Ensure consistent branding and security posture.
2. Revenue concentration risk. 83% of FY2024 revenue came from government contributions. The 41% revenue decline and $2.5M operating deficit are publicly visible through 990 filings.
3. Historical controversy management. The 2008-2010 telco-ties controversy is documented by Techdirt and DSLReports and remains accessible via web archives.
What This Means
Donor and grant transparency means your funding portfolio, tax filings, and program outcomes are publicly assembled in ways that shape how funders and the public perceive your organization. For Connected Nation, the combination of $45M in traceable federal grants, detailed 990 filings showing executive compensation, documented historical controversies, and an 18-year web archive means that any prospective state broadband office, NTIA program officer, or investigative journalist can reconstruct your complete organizational history — financial trajectory, leadership changes, subsidiary structure, and policy positions — using nothing more than public search tools.