Oahe Data

Digital Footprint Audit

Turtle Mountain Band of Chippewa Indians
Date: 2026-04-10 Entity Type: Tribe Audit Type: Public Index Reconnaissance

Contents

Purpose

This audit maps the publicly indexed digital footprint of the Turtle Mountain Band of Chippewa Indians across federal agency databases (BIA, IHS, EPA, HHS, DOJ, USDA, HUD, NTIA, Treasury, FEMA), state records (North Dakota), certificate transparency logs, the Wayback Machine, and the entity's own web properties.

What can anyone with a search engine learn about your organization in 30 minutes?

For a sovereign tribal nation, the digital footprint extends far beyond the official website. Federal agencies, state governments, courts, and third-party databases publish governance documents, funding records, legal codes, environmental data, and disaster declarations — often without the tribe's awareness or control. This audit reveals the full scope of what is publicly discoverable.

Methodology

The following data sources were queried:

No authenticated or unauthorized access was performed or attempted.

Governance & Sensitive Documents

Queries used

"Turtle Mountain Band of Chippewa" filetype:pdf "confidential" OR "internal" OR "not for distribution"
"Turtle Mountain Band of Chippewa" filetype:pdf "resolution" OR "compact" OR "charter" OR "MOU"
"Turtle Mountain Band of Chippewa" site:bia.gov filetype:pdf
"Turtle Mountain Band of Chippewa" site:federalregister.gov OR site:govinfo.gov
site:tmchippewa.com filetype:pdf
#DocumentHosted OnRiskNotes
1Tribal Constitution 2015tmchippewa.comLowFull tribal constitution on own domain
2Title 32 TERO Ordinancetmchippewa.comLowEmployment rights ordinance on own domain
3Council Resolution 1042-03-24law.tmchippewa.comLowAdopted resolution via tribal law library
4Tribal-State Gaming Compact (2022)bia.govMediumFull Class III gaming compact with ND on BIA site
5Gaming Compact (1999 Original)bia.govMediumOriginal compact; notes confidential gaming records
6Constitution & Bylawsindianaffairs.nd.govMediumFull constitution on ND state domain
7BJA COSSAP Narrativebja.ojp.govMediumDOJ grant narrative detailing substance abuse operations
8Complete Tribal Code Indexnarf.orgLowFull 25+ title tribal legal code on NARF

Assessment: Medium

Significant governance documents are indexed across multiple third-party domains (bia.gov, indianaffairs.nd.gov, narf.org, govinfo.gov). The full tribal constitution, gaming compacts, and grant narratives are hosted on federal and state sites outside the tribe's control. No documents marked "confidential" or "not for distribution" were found exposed.

Personnel & PII Exposure

Queries used

"Turtle Mountain Band of Chippewa" filetype:csv OR filetype:xlsx "member" OR "enrollment" OR "employee"
"Turtle Mountain Band of Chippewa" filetype:pdf "staff list" OR "phone directory" OR "org chart"
#DocumentHosted OnRiskNotes
1WAU Landowner List (Feb 2020)tmchippewa.comHIGHNames and account numbers of landowners
2WAU Landowner List (Dec 2020)tmchippewa.comHIGHSecond WAU list with individual PII
3ContactOut Company Profilecontactout.comMediumThird-party scraper exposing staff data
4ContactOut Email Formatcontactout.comMediumReveals email format: {first_initial}{last}@tmchippewa.com
5UserTimesheet.pdftmchippewa.comMediumTimesheet template on public uploads

Assessment: HIGH

Two "Whereabouts Unknown" (WAU) landowner lists on the tribe's WordPress uploads directory contain individual names and account numbers. This is personally identifiable information exposed at publicly indexed, predictable URLs. The ContactOut scraper site has harvested the tribe's email naming convention, enabling targeted phishing.

Financial Documents

#DocumentHosted OnRiskNotes
1CRRSA 60-Day Reportacf.govMediumCOVID relief spending detail
2FTA Transit Profiletransit.dot.govMediumOperating expenditure: $242,324
3Treasury CRF Desk Reviewoig.treasury.govMedium$32.3M CRF expenditures; documentation questioned
4DOI OIG Auditoversight.govMedium$216,878 questioned; 2 open recommendations

Assessment: Medium

Financial exposure is primarily through federal spending reports and OIG reviews. No comprehensive tribal budget or CAFR documents were found.

Wayback Machine Archive

MetricValue
Total unique pages archived10,419
Total unique PDFs archived190
Earliest snapshot2018-06-30
Most recent snapshot2026-02-02
Hosting platformWordPress (Divi theme, 22 plugins)

The archive contains a near-complete set of the tribal code (Titles 1-58) as individual PDFs, plus constitutional documents, COVID-era emergency orders, ARPA subgrant forms, internal investigation statements, MOUs, and employment applications. Documents that may no longer be accessible on the live site remain permanently archived.

Assessment: Medium-High

Certificate Transparency

PropertyValue
Certificate issuer(s)Let's Encrypt (E7), Amazon RSA 2048 M02
Earliest certificate2018
Most recent certificate2026-04-06
Wildcard certsYes — *.law.tmchippewa.com + sub-environment wildcards

Subdomains Discovered

#SubdomainPurposeNotes
1www.tmchippewa.comMain siteWordPress.com / Automattic
2law.tmchippewa.comTribal court / legal systemAWS CloudFront, Open Law Library
3analytics.law.tmchippewa.comLegal platform analyticsGoatCounter (privacy-respecting)
4*.beta.law.tmchippewa.comBeta environmentSDLC environment for legal platform
5*.development.law.tmchippewa.comDevelopment environmentSDLC environment for legal platform
6*.preview.law.tmchippewa.comPreview/QA environmentSDLC environment for legal platform

Assessment: Low

Certificate data reveals a competent split-infrastructure approach with WordPress.com for the public site and a professionally engineered Open Law Library deployment on AWS. Self-hosted GoatCounter analytics indicates intentional data governance. The .com domain lacks the trust signal of .gov or .nsn.gov.

Funding & Contract Records

USASpending Recipient Profile

Parent: $63,773,482 across 277 transactions
Child: $45,758,180 across 162 transactions
HHS TAGGS: Dedicated recipient profile

Major Awards

#ProgramAmountAgency
1Water Line Replacement$12,789,040DOI/Bureau of Reclamation
2Water Infrastructure (BIL)$5,100,000USDA
3Public Utilities Commission$4,000,000USDA
4Head Start$3,256,259HHS/OHS
5Tribal Broadband Connectivity$2,713,979DOC/NTIA
6Heritage Center$1,550,000USDA/RD
7EPA Brownfields (IIJA)$1,000,000EPA
8EPA Brownfields (Dunseith)$500,000EPA
9Proposed: Rural Water System$98,000,000DOI/BOR

Subsidiary Entities (12+)

#EntityUSASpending TotalNotes
1Turtle Mountain College$17,943,661Tribal land-grant institution
2TM Housing Authority$11,312,610IHBG + HUD-VASH
3TM Public Utilities Commission$1,474,776Water/wastewater
4TM Recovery Center$173,800Behavioral health
5TM Manufacturing Company100-160 employees
6Sky Dancer Casino & Resort700 slots, 300 employees

Assessment: HIGH

The tribe's entire federal funding portfolio ($63.8M+ across 277 awards) is fully reconstructable via publicly available USASpending data. A network of 12+ subsidiary entities — each with independent UEIs — creates substantial additional surface area. Funding sources span 8+ federal agencies.

Legal Code Exposure

#ResourceSourceScope
1Complete Tribal Codenarf.org25+ titles: criminal, civil, evidence, elections, gaming, housing, etc.
2Tribal Constitution (14 articles)narf.orgAmended 2015; also on tmchippewa.com
3Court of Appeals Opinionsnarf.orgSpanning 1989-2012

Significant Litigation

#CaseForumStatusNotes
1TMBCI v. Howe (VRA)U.S. Supreme CourtCert petition Sept 2025Landmark VRA private right of action
2Peltier v. HaalandD.D.C.Resolved$59M Pembina settlement; TMBCI share $6.85M
3Brakebill v. JaegerD.N.D.Settled 2020Consent decree for tribal ID acceptance

Regulatory Filings

#FilingSourceNotes
1NIGC Enforcement (2023)nigc.govGaming licensing violations; settled June 2023
2USDA Hemp Planams.usda.govApproved tribal hemp regulation
3Gaming Compactbia.govClass III compact with ND
4NAGPRA Repatriationfederalregister.govSacred objects from UND

Assessment: Medium-High

One of the most complete publicly readable legal frameworks of any tribe. The tribe is lead plaintiff in a potentially landmark SCOTUS case on VRA enforcement. The 2023 NIGC enforcement action was resolved via settlement.

Infrastructure & Technical Surface

DNS Configuration

RecordValueSignificance
A192.0.78.239, 192.0.78.163Automattic (WordPress.com)
MXtmchippewa-com.mail.protection.outlook.com (pri 0), aspmx.l.google.com (pri 1-10)Dual email: Microsoft 365 + Google
NSns1/ns2/ns3.wordpress.comDNS delegated to WordPress.com
SPFv=spf1 include:spf.protection.outlook.com include:_spf.wpcloud.com -allGoogle not authorized in SPF
DMARCv=DMARC1;p=noneMonitor-only, no enforcement
DKIMSelectors CNAME to apexMisconfigured — not functional

Infrastructure Profile

PropertyValue
Hosting platformWordPress.com (Automattic managed hosting)
Domain type.com (not .gov or .nsn.gov)
Email providerMicrosoft 365 (primary) + Google Workspace (secondary)
Legal platformOpen Law Library on AWS CloudFront
AnalyticsGoatCounter (privacy-respecting)
Security headersPartial — HSTS present; no CSP, no X-Frame-Options

Assessment: Medium

DKIM selectors are misconfigured, DMARC is unenforced (p=none), and dual MX records with an SPF that only authorizes Outlook create risk of the domain being spoofable.

Disaster & Environmental

FEMA Declarations

#DeclarationDateTypeAssistance
1FEMA-4323-DR2017-07-12FloodingPA, HM
2FEMA-4444-DR2019-06-12FloodingIA, PA
3FEMA-4475-DR2020-01-21FloodingPA
4FEMA-4686-DR2023-02-05Winter stormPA
5FEMA-4717-DR2023-07-05FloodingIA, PA
6FEMA-4760-DR2024-02-15Winter stormIA, PA

Additional: May 2025 wildfire complex (~4,200 acres, ND National Guard deployed).

Environmental

#FacilityAgencyNotes
1Shell Valley AquiferUSGSSole drinking water; ~50% exceed secondary MCLs
2Gordon Lake monitoringTM Environmental OfficeBiological + nutrient data since 2001
3San Haven BrownfieldsEPA$2M+ cumulative cleanup; asbestos, lead, PCBs

Assessment: Medium-High

Six FEMA declarations since 2017 demonstrate persistent hazard exposure. The Shell Valley aquifer — sole drinking water source — has elevated contaminant levels. San Haven brownfields remediation is ongoing.

Media & Public Narrative

#CoverageDateSignificance
1Emergency plan amid shutdown2025-10T-SNAP for 4,100+ SNAP recipients
2$300M casino proposal2025-01800 jobs; inter-tribal opposition from Spirit Lake
3Leonard Peltier homecoming2025-02500+ people; national media attention
4SCOTUS VRA case2025-07Landmark voting rights — stay granted
5Autonomy push at G2G2025-06Chairman Azure advocating for less federal dependency

Leadership

NameRoleSource
Jamie AzureChairman (since Jan 2018)Native Governance Center
Darryl LaCounteEnrolled member; former BIA DirectorICT News

Assessment: Low

Active growth-and-defense posture: $300M casino project, autonomous T-SNAP program, SCOTUS voting rights case. Chairman Jamie Azure is the visible decision-maker.

Risk Summary

Scorecard

CategoryAssessment
Governance & DocumentsMedium
Personnel & PII ExposureHIGH
Financial DocumentsMedium
Wayback ArchiveMedium-High
Certificate TransparencyLow
Funding & ContractsHIGH
Legal & RegulatoryMedium-High
InfrastructureMedium
Disaster & EnvironmentalMedium-High
Media & NarrativeLow
Overall Footprint Assessment: EXTENSIVE

The Turtle Mountain Band of Chippewa Indians has one of the most comprehensive publicly indexed digital footprints of any tribal entity in the Northern Plains. Across federal databases, the tribe's governance structure, legal code, funding portfolio, environmental history, and litigation posture are fully discoverable and largely reconstructable from public sources.

Recommendations

Immediate Actions

  1. Remove or restrict WAU landowner lists — Two PDFs on tmchippewa.com contain individual names and account numbers at publicly indexed URLs.
  2. Fix DKIM configuration — The selector CNAME records loop to the apex domain instead of Microsoft's DKIM infrastructure.
  3. Enforce DMARC policy — Move from p=none to p=quarantine or p=reject to prevent domain spoofing.
  4. Request removal from ContactOut — The scraped email format enables targeted phishing.
  5. Reconcile dual MX records — SPF only authorizes Outlook, but Google MX records are present.

Ongoing Monitoring

  1. Audit WordPress uploads directory — Review all files under /wp-content/uploads/ for sensitive documents.
  2. Monitor USASpending and TAGGS profiles — Understand what competitors can reconstruct from public funding records.
  3. Track Wayback Machine crawls — 190 PDFs are permanently archived including draft documents and internal statements.

Strategic Considerations

  1. Evaluate .gov or .nsn.gov domain — A government domain provides stronger identity assurance for a sovereign entity.
  2. Consolidate legal code publishing — The Open Law Library platform appears to be the strategic direction; consolidating away from NARF and raw PDF uploads would improve version control.
  3. Data sovereignty posture — The tribe already demonstrates strong choices (GoatCounter, Open Law Library). Extending this to email and document hosting would strengthen the position.

What This Means

Data sovereignty is not only about what data you collect. It is about knowing where your data already lives, who else can find it, and what decisions it enables them to make.

The Turtle Mountain Band of Chippewa Indians' digital footprint spans federal agency databases, state records, certificate transparency logs, historical web archives, and third-party data aggregators. Much of this is the expected result of a large, active tribal government participating in federal programs. But the aggregation of these records — funding portfolios, legal codes, environmental compliance, disaster history, personnel information — creates a composite picture that no single disclosure was intended to reveal.

Understanding this footprint is the first step toward managing it.

Prepared by Oahe Data
This audit is provided as an informational assessment of publicly available data. No unauthorized access was performed or attempted.