Posts

DOJ Put Someone Who Enabled Sidney Powell’s Lies — Jocelyn Ballantine — in Charge of Prosecuting the Proud Boys

/77 Comments/in , , , /by

Because of Joe Biggs’ role at the nexus between the mob that attacked Congress and those that orchestrated the mob, his prosecution is the most important case in the entire January 6 investigation. If you prosecute him and his alleged co-conspirators successfully, you might also succeed in holding those who incited the attack on the Capitol accountable. If you botch the Biggs prosecution, then all the most important people will go free.

Which is why it is so unbelievable that DOJ put someone who enabled Sidney Powell’s election season lies about the Mike Flynn prosecution, Jocelyn Ballantine, on that prosecution team.

Yesterday, at the beginning of the Ethan Nordean and Joe Biggs hearing, prosecutor Jason McCullough told the court that in addition to him and Luke Jones, Ballantine was present at the hearing for the prosecution. He may have said that she was “overseeing” this prosecution. (I’ve got a request for clarification in with the US Attorney’s office.)

Ballantine has not filed a notice of appearance in the case (nor does she show on the minute notice for yesterday’s hearing). In the one other January 6 case where she has been noticeably involved — electronically signing the indictment for Nick Kennedy — she likewise has not filed a notice of appearance.

Less than a year ago when she assisted in DOJ’s attempts to overturn the Mike Flynn prosecution, Ballantine did three things that should disqualify her from any DOJ prosecution team, much less serving on the most important prosecution in the entire January 6 investigation:

  • On September 23, she provided three documents that were altered to Sidney Powell, one of which Trump used six days later in a packaged debate attack on Joe Biden
  • On September 24, she submitted an FBI interview report that redacted information — references to Brandon Van Grack — that was material to the proceedings before Judge Emmet Sullivan
  • On October 26, she claimed that lawyers for Peter Strzok and Andrew McCabe had checked their clients’ notes to confirm there were no other alterations to documents submitted to the docket; both lawyers refused to review the documents

After doing these things in support of Bill Barr’s effort to undermine the Flynn prosecution (and within days of the Flynn pardon), Ballantine was given a confidential temporary duty assignment (it may have been a CIA assignment). Apparently she’s back at DC USAO now.

Three documents got altered and another violated Strzok and Page’s privacy

As a reminder, after DOJ moved to hold Mike Flynn accountable for reneging on his plea agreement, Billy Barr put the St. Louis US Attorney, Jeffrey Jensen, in charge of a “review” of the case, which DOJ would later offer as its excuse for attempting to overturn the prosecution.

On September 23, Ballantine provided Powell with five documents, purportedly from Jensen’s investigation into the Flynn prosecution:

I outlined the added date on the first set of Strzok notes here:

There was never any question that the notes could have been taken no earlier than January 5, because they memorialized Jim Comey’s retelling of a meeting that other documentation, including documents submitted in the Flynn docket, shows took place on January 5. Even Chuck Grassley knows what date the meeting took place.

But DOJ, while using the notes as a central part of their excuse for trying to overturn the Flynn prosecution, nevertheless repeatedly suggested that there was uncertainty about the date of the notes, claiming they might have been taken days earlier. And then, relying on DOJ’s false representations about the date, Sidney Powell claimed they they showed that Joe Biden — and not, as documented in Mary McCord’s 302, Bob Litt — was the one who first raised the possibility that Flynn may have violated the Logan Act.

Strzok’s notes believed to be of January 4, 2017, reveal that former President Obama, James Comey, Sally Yates, Joe Biden, and apparently Susan Rice discussed the transcripts of Flynn’s calls and how to proceed against him. Mr. Obama himself directed that “the right people” investigate General Flynn. This caused former FBI Director Comey to acknowledge the obvious: General Flynn’s phone calls with Ambassador Kislyak “appear legit.” According to Strzok’s notes, it appears that Vice President Biden personally raised the idea of the Logan Act.

During the day on September 29, Powell disclosed to Judge Sullivan that she had spoken to Trump (as well as Jenna Ellis) about the case. Then, later that night, Trump delivered a prepared attack on Biden that replicated Powell’s false claim that Biden was behind the renewed investigation into Flynn.

President Donald J. Trump: (01:02:22)
We’ve caught them all. We’ve got it all on tape. We’ve caught them all. And by the way, you gave the idea for the Logan Act against General Flynn. You better take a look at that, because we caught you in a sense, and President Obama was sitting in the office.

In a matter of days, then, what DOJ would claim was an inadvertent error got turned into a campaign attack from the President.

When DOJ first confessed to altering these notes, they claimed all the changes were inadvertent.

In response to the Court and counsel’s questions, the government has learned that, during the review of the Strzok notes, FBI agents assigned to the EDMO review placed a single yellow sticky note on each page of the Strzok notes with estimated dates (the notes themselves are undated). Those two sticky notes were inadvertently not removed when the notes were scanned by FBI Headquarters, before they were forwarded to our office for production. The government has also confirmed with Mr. Goelman and can represent that the content of the notes was not otherwise altered.

Similarly, the government has learned that, at some point during the review of the McCabe notes, someone placed a blue “flag” with clear adhesive to the McCabe notes with an estimated date (the notes themselves are also undated). Again, the flag was inadvertently not removed when the notes were scanned by FBI Headquarters, before they were forwarded to our office for production. Again, the content of the notes was not otherwise altered.

There are multiple reasons to believe this is false. For example, when DOJ submitted notes that Jim Crowell took, they added a date in a redaction, something that could in no way be inadvertent. And as noted, the January 5 notes had already been submitted, without the date change (though then, too, DOJ claimed not to know the date of the document).

But the most important tell is that, when Ballantine sent Powell the three documents altered to add dates, the protective order footer on the documents had been removed in all three, in the case of McCabe’s notes, actually redacted. When she released the re-altered documents (someone digitally removed the date in the McCabe notes rather than providing a new scan), the footer had been added back in. This can easily be seen by comparing the altered documents with the re-altered documents.

The altered January 5, 2017 Strzok notes, without the footer:

The realtered January 5, 2017 Strzok notes, with the footer:

The second set of Strzok notes (originally altered to read March 28), without the footer:

The second set of Strzok notes, with the footer.

The altered McCabe noteswith the footer redacted out:

The realtered McCabe notes, with the footer unredacted:

This is something that had to have happened at DOJ (see William Ockham’s comments below and this post for proof in the metadata that these changes had to have been done by Ballantine). The redaction of the footers strongly suggests that they were provided to Powell with the intention of facilitating their further circulation (the other two documents she shared with Powell that day had no protective order footer). In addition, each of these documents should have a new Bates stamp.

DOJ redacted Brandon Van Grack’s non-misconduct

On September 24, DOJ submitted a report of an FBI interview Jeffrey Jensen’s team did with an Agent who sent pro-Trump texts on his FBI-issued phone, Bill Barnett. In the interview, Barnett made claims that conflicted with actions he had taken on the case. He claimed to be unaware of evidence central to the case against Flynn (for example, that Flynn told Sergey Kislyak that Trump knew of something said on one of their calls). He seemed unaware of the difference between a counterintelligence investigation and a criminal one. And he made claims about Mueller prosecutors — Jeannie Rhee and Andrew Weissmann — with whom he didn’t work directly. In short, the interview was obviously designed to tell a politically convenient story, not the truth.

Even worse than the politicized claims that Barnett made, the FBI or DOJ redacted the interview report such that all reference to Brandon Van Grack was redacted, substituting instead with the label, “SCO Atty 1.” (References to Jeannie Rhee, Andrew Weissmann, and Andrew Goldstein were not redacted; there are probable references to Adam Jed and Zainab Ahmad that are not labeled at all.)

The result of redacting Van Grack’s name is that it hid from Judge Sullivan many complimentary things that Barnett had to say about Van Grack:

Van Grack’s conduct was central to DOJ’s excuse for throwing out the Flynn prosecution. Powell repeatedly accused Van Grack, by name, of engaging in gross prosecutorial misconduct. Yet the report was submitted to Judge Sullivan in such a way as to hide that Barnett had no apparent complaints about Van Grack’s actions on the Flynn case.

I have no reason to believe that Ballantine made those redactions. But according to the discovery letter she sent to Powell, she sent an unredacted copy to Flynn’s team, while acknowledging that the one she was submitting to the docket was redacted. Thus, she had to have known she was hiding material information from the Court when she submitted the interview report.

Ballantine falsely claimed Strzok and McCabe validated their notes

After some of these alterations were made public, Judge Sullivan ordered DOJ to authenticate all the documents they had submitted as part of their effort to overturn the Flynn prosecution. The filing submitted in response was a masterpiece of obfuscation, with three different people making claims while dodging full authentication for some of the most problematic documents. In the filing that Ballantine submitted, she claimed that Michael Bromwich and Aitan Goelman, lawyers for McCabe and Strzok, “confirmed” that no content was altered in the notes.

The government acknowledges its obligation to produce true and accurate copies of documents. The government has fully admitted its administrative error with respect to the failure to remove three reviewer sticky notes containing estimated date notations affixed to three pages of undated notes (two belonging to former Deputy Assistant Director Peter Strzok, and one page belonging to former Deputy Director Andrew McCabe) prior to their disclosure. These dates were derived from surrounding pages’ dates in order to aid secondary reviewers. These three sticky notes were inadvertently not removed when the relevant documents were scanned by the FBI for production in discovery. See ECF 259. The government reiterates, however, that the content of those exhibits was not altered in any way, as confirmed by attorneys for both former FBI employees. [underline original]

According to an email Bromwich sent Ballantine, when Ballantine asked for help validating the transcripts DOJ did of McCabe’s notes, McCabe declined to do so.

I have spoken with Mr. McCabe and he declines to provide you with any information in response to your request.

He believes DOJ’s conduct in this case is a shocking betrayal of the traditions of the Department of the Justice and undermines the rule of law that he spent his career defending and upholding. If you share with the Court our decision not to provide you with assistance, we ask that you share the reason.

We would of course respond to any request that comes directly from the Court.

And according to an email Goelman sent to Ballantine, they said they could not check transcriptions without the original copies of documents.

Sorry not to get back to you until now.  We have looked at the attachments to the email you sent yesterday (Sunday) afternoon.  We are unable to certify the authenticity of all of the attachments or the accuracy of the transcriptions.  To do so, we would need both more time and access to the original notes, particularly given that U.S. Attorney Jensen’s team has already been caught altering Pete’s notes in two instances.  However, we do want to call your attention to the fact that Exhibit 198-11 is mislabeled, and that these notes are not the notes of Pete “and another agent” taken during the Flynn interview.

Additionally, we want to register our objection to AUSA Ken Kohl’s material misstatements to Judge Sullivan during the September 29, 2020, 2020, [sic] telephonic hearing, during which Mr. Kohl inaccurately represented that Pete viewed himself as an “insurance policy” against President Trump’s election.

I have no reason to believe the content was altered, though I suspect other things were done to McCabe’s notes to misrepresent the context of a reference in his notes to Flynn. But not only had McCabe and Strzok not validated their notes, but they had both pointedly refused to. Indeed, during this same time period, DOJ was refusing to let McCabe see his own notes to prepare for testimony before the Senate Judiciary Committee. Nevertheless, Ballantine represented to Judge Sullivan that they had.

It baffles me why DOJ would put Ballantine on the most important January 6 case. Among other things, the conduct I’ve laid out here will make it easy for the defendants to accuse DOJ of similar misconduct on the Proud Boys case — and doing just that happens to be Nordean’s primary defense strategy.

But I’m mindful that there are people in DC’s US Attorney’s Office (not Ballantine) who took actions in the past that may have made the January 6 attack more likely. In a sentencing memo done on Barr’s orders, prosecutors attempting to minimize the potential sentence against Roger Stone suggested that a threat four Proud Boys helped Roger Stone make against Amy Berman Jackson was no big deal, unworthy of a sentencing enhancement.

Second, the two-level enhancement for obstruction of justice (§ 3C1.1) overlaps to a degree with the offense conduct in this case. Moreover, it is unclear to what extent the defendant’s obstructive conduct actually prejudiced the government at trial.

Judge Jackson disagreed with this assessment. In applying the enhancement, she presciently described how dangerous Stone and the Proud Boys could be if they incited others.

Here, the defendant willfully engaged in behavior that a rational person would find to be inherently obstructive. It’s important to note that he didn’t just fire off a few intemperate emails. He used the tools of social media to achieve the broadest dissemination possible. It wasn’t accidental. He had a staff that helped him do it.

As the defendant emphasized in emails introduced into evidence in this case, using the new social media is his “sweet spot.” It’s his area of expertise. And even the letters submitted on his behalf by his friends emphasized that incendiary activity is precisely what he is specifically known for. He knew exactly what he was doing. And by choosing Instagram and Twitter as his platforms, he understood that he was multiplying the number of people who would hear his message.

By deliberately stoking public opinion against prosecution and the Court in this matter, he willfully increased the risk that someone else, with even poorer judgment than he has, would act on his behalf. This is intolerable to the administration of justice, and the Court cannot sit idly by, shrug its shoulder and say: Oh, that’s just Roger being Roger, or it wouldn’t have grounds to act the next time someone tries it.

The behavior was designed to disrupt and divert the proceedings, and the impact was compounded by the defendant’s disingenuousness.

The people at DOJ who claimed that this toxic team was not dangerous in the past may want to downplay the critical role that Stone and the Proud Boys played — using the same kind of incendiary behavior — in the January 6 assault.

Whatever the reason, though, it is inexcusable that DOJ would put someone like Ballantine on this case. Given Ballantine’s past actions, it risks sabotaging the entire January 6 investigation.

DOJ quite literally put someone who, less than a year ago, facilitated Sidney Powell’s lies onto a prosecution team investigating the aftermath of further Sidney Powell lies.

Update: DC USAO’s media person refused to clarify what Ballantine’s role is, even though it was publicly acknowledged in court.

We are not commenting on cases beyond what is stated or submitted to the Court. We have no comment in response to your question.

Update: Added links to William Ockham’s proof that Ballantine made the realteration of the McCabe notes.

Update: One more point on this. I am not claiming here that anyone at DOJ is deliberately trying to sabotage the January 6 investigation, just that putting someone who, less than a year ago, made multiple representations to a judge that could call into question her candor going forward could discredit the Proud Boys investigation. I think it possible that supervisors at DC USAO put her on the team because they urgently need resources and she was available (possibly newly so after the end of her TDY). I think it possible that supervisors at DC USAO who are also implicated in Barr’s politicization, perhaps more closely tied to the intervention in the Stone case, put her there with corrupt intent.

But it’s also important to understand that up until February 2020, she was viewed as a diligent, ruthless prosecutor. I presume she buckled under a great deal of pressure after that and found herself in a place where competing demands — her duty of candor to the Court and orders from superiors all the way up to the Attorney General — became increasingly impossible to square.

Importantly, Lisa Monaco’s chief deputy John Carlin, and probably Monaco herself, would know Ballantine from their past tenure in the National Security Division as that heretofore ruthless national security prosecutor. The only mainstream outlet that covered anything other than DOJ’s admission they had added post-its to the notes was Politico. And the instinct not to punish career employees like Ballantine would mean what she would have avoided any scrutiny with the transition. So her assignment to the case is not itself evidence of an attempt to sabotage the prosecution.

DOJ Has Submitted Proof They Knew the January 5, 2017 Meeting Took Place on January 5, 2017

/9 Comments/in , , /by

I’ve been harping on the process that facilitated Sidney Powell — and then President Trump — falsely blaming Joe Biden for raising the Logan Act in the context of the government’s response to Mike Flynn’s attempts to secretly undermine sanctions on Russia.

That process started on June 23, when prosecutor Jocelyn Ballantine sent an undated copy of Peter Strzok’s notes to Sidney Powell, explaining that they had been found as part of Jeffrey Jensen’s review. Using the royal “we,” she professed uncertainty about when those notes were written.

The enclosed document was obtained and analyzed by USA EDMO during the course of its review. This page of notes was taken by former Deputy Assistant Director Peter Strzok. While the page itself is undated; we believe that the notes were taken in early January 2017, possibly between January 3 and January 5.

Sidney Powell, referencing those notes, claimed they were believed to date from January 4 and asserted that they showed Joe Biden raising the Logan Act.

Strzok’s notes believed to be of January 4, 2017, reveal that former President Obama, James Comey, Sally Yates, Joe Biden, and apparently Susan Rice discussed the transcripts of Flynn’s calls and how to proceed against him. Mr. Obama himself directed that “the right people” investigate General Flynn. This caused former FBI Director Comey to acknowledge the obvious: General Flynn’s phone calls with Ambassador Kislyak “appear legit.” According to Strzok’s notes, it appears that Vice President Biden personally raised the idea of the Logan Act.

Then, on September 23, Ballantine sent Powell a set of Strzok’s notes with a different Bates stamp than the first. When it was submitted — by Powell — to the docket, it had a date on it that did not appear on the earlier set: 1/4-5/17.

Then, five days after Powell (who has had multiple conversations with Trump’s campaign lawyer, Jenna Ellis, including about this case) loaded the now-dated notes onto the docket, President Trump publicly accused Joe Biden of giving “the idea for the Logan Act against General Flynn” in their first debate.

President Donald J. Trump: (01:02:22)
We’ve caught them all. We’ve got it all on tape. We’ve caught them all. And by the way, you gave the idea for the Logan Act against General Flynn. You better take a look at that, because we caught you in a sense, and President Obama was sitting in the office.

Thus it happened that an error introduced into the Flynn proceeding got turned into a campaign prop.

The thing is, DOJ has abundant proof that Jeffrey Jensen knew (or should have known) there was no uncertainty about the date when those notes were handed over to Powell. Indeed, if he did not know, then the entire premise of their motion to dismiss falls apart.

In Timothy Shea’s motion to dismiss, he obliquely attributed the radical change in DOJ’s view of Mike Flynn’s prosecution to Jeffrey Jensen’s review of the case, citing three dockets where Powell uploaded information that Ballantine had shared with the explanation (one, two) that the material came out of Jeffrey Jensen’s review.

After a considered review of all the facts and circumstances of this case, including newly discovered and disclosed information appended to the defendant’s supplemental pleadings, ECF Nos. 181, 188-190,1 the Government has concluded that the interview of Mr. Flynn was untethered to, and unjustified by, the FBI’s counterintelligence investigation into Mr. Flynn—a no longer justifiably predicated investigation that the FBI had, in the Bureau’s own words, prepared to close because it had yielded an “absence of any derogatory information.”

1 This review not only included newly discovered and disclosed information, but also recently declassified information as well.

All the purportedly “newly discovered” information, then, comes from Jensen.

Bill Barr cited Jensen’s review even more explicitly in an interview with Catherine Herridge.

What action has the Justice Department taken today in the Michael Flynn case?

We dismissed or are moving to dismiss the charges against General Flynn. At any stage during a proceeding, even after indictment or a conviction or a guilty plea, the Department can move to dismiss the charges if we determine that our standards of prosecution have not been met.

As you recall, in January, General Flynn moved to withdraw his plea, and also alleged misconduct by the government. And at that time, I asked a very seasoned U.S. attorney, who had spent ten years as an FBI agent and ten years as a career prosecutor, Jeff Jensen, from St. Louis, to come in and take a fresh look at this whole case. And he found some additional material. And last week, he came in and briefed me and made a recommendation that we dismiss the case, which I fully agreed with, as did the U.S. attorney in D.C. So we’ve moved to dismiss the case.

So this decision to dismiss by the Justice Department, this all came together really within the last week, based on new evidence?

Right. Well U.S. Attorney Jensen since January has been investigating this. And he reported to me last week.

In other words, both Shea and Barr represented that the case laid out in the motion to dismiss is the case that Jensen made that persuaded Barr to drop the prosecution.

That means we should expect Jensen to have deep familiarity with all the documents that — the motion to dismiss claims — formed the basis of his review.

I put a list of those exhibits here (along with an explanation that virtually everything cited in it was already known when DOJ first charged Flynn, when Michael Horowitz concluded the investigation was properly predicated, and when Bill Barr’s DOJ called for prison time in January).

Among those documents that Timothy Shea — and before him, Jeffrey Jensen — relied on to claim that DOJ should drop Flynn’s prosecution is the 302 from Mary McCord’s July 17, 2017 interview with Mueller’s team. The motion to dismiss cites McCord at least 26 times, relying on her interview to understand details of what happened in early January 2017, after the government discovered Flynn’s calls that explained why Russia didn’t retaliate for sanctions. Of particular note, the motion to dismiss that arose from Jensen’s analysis cites McCord’s interview regarding the discussion about the Logan Act — including that the investigation remained a counterintelligence one after discussing the Kislyak description. McCord’s description of the Logan Acti discussion reveals precisely who first raised it: ODNI GC Bob Litt.

General Counsel at the Office of the Director of National Intelligence (ODNI) Bob Litt raised the issue of a possible Logan Act violation. McCord was not familiar with the Logan Act at the time and made a note to herself to look it up later.

DOJ should never have let Powell form the conclusion that Joe Biden first suggested the Logan Act, because they were relying on a document that made it clear that Litt had already raised it. That’s where Jim Comey got the idea, before he went into that January 5, 2017 meeting.

Another document Shea and Jensen relied on in arguing that DOJ should end the Flynn prosecution is the 302 from Sally Yates’ August 15, 2017 interview with Mueller’s team. Shea’s motion to dismiss — based off Jensen’s analysis — cites Yates’ 302 at least 20 times, including in its discussion of the Logan Act. What Shea didn’t cite, but what shows up in the first substantive paragraph of the 302, is a description of how Yates first learned of the Flynn-Kislyak calls at a meeting at the White House on January 5, 2017.

Yates first learned of the December 2016 calls between (LTG Michael) Flynn and (Russian Ambassador to the United States, Sergey) Kislyak on January 5, 2017, while in the Oval Office. Yates, along with then-FBI Director James Comey, then-CIA Director John Brennan, and the-Director of National Intelligence James Clapper, were at the White House to brief members of the Obama Administration on the classified Intelligence Community Assessment on Russian Activities in Recent U.S. Elections. President Obama was joined by his National Security Advisor, Susan Rice, and others from the National Security Council. After the briefing, Obama dismissed the group but asked Yates and Comey to stay behind. Obama started by saying he had “learned of the information about Flynn” and his conversation with Kislyak about sanctions. Obama specified he did not want additional information on the matter, but was seeking information on whether the White House should be treating Flynn any differently, given the information. At that point, Yates had no idea what the President was talking about, but figured it out based on the conversation. Yates recalled Comey mentioning the Logan Act, but can’t recall if he specified there was an “investigation.” Comey did not talk about prosecution in the meeting. It was not clear to Yates from where the President first received the information. Yates did not recall Comey’s response to the President’s question about how to treat Flynn. She was so surprised by the information she was hearing that she was having a hard time processing it and listening to the conversation at the same time.

That long paragraph that very clearly describes the meeting at the White House captured in Peter Strzok’s notes directly precedes one that Shea (and so by association, Jensen) rely on heavily. According to Yates, Jim Comey was the one who raised the Logan Act in that meeting, not Joe Biden. And McCord, which they also rely on, makes it clear Comey got the idea from Litt.

Finally, the Shea motion to dismiss based on Jensen’s analysis relies on Jim Comey’s HPSCI testimony — one of just two documents that DOJ may not already have reviewed before Mike Flynn’s guilty plea. It cites the Comey transcript 16 times, including for a paragraph on the Logan Act.

As Sally Yates did, Comey described that the meeting at the White House involving the two of them took place on January 5.

I had not briefed the Department of Justice about this, and found myself at the Oval Office on the 5th of January to brief the President on the separate effort that you all are aware of by the Intelligence Community to report on what the Russians had done during the election. And in the course of that conversation, the President mentioned this [redacted] And that was the first time the Acting Attorney General, Sally Yates, had heard about it.

In no place does the Timothy Shea motion to dismiss, based off Jeffrey Jensen’s analysis, raise any questions about the veracity of these witnesses. Indeed, the motion relies on those documents as reliable descriptions of what happened in January 2017.

That means that either the DC US Attorney’s Office and Jeffrey Jensen are very familiar with the documents they rely on heavily to argue that Judge Sullivan must dismiss Flynn’s prosecution, in which case they affirmatively misled the court when they claimed to have no idea on what date the meeting described by both Yates and Comey occurred. That would mean, though, that Jensen affirmatively misled the court about a detail three months before the President used that error to make a campaign attack. And somehow an exhibit got altered to match that affirmative misinformation.

Alternately, none of the people claiming that these documents justify dismissing Flynn’s prosecution really know what these documents say.

Certainly, all parties should be on the hook for an exhibit that got altered to suggest the meeting could have taken place on January 4.

The Logan Act Is Just the Cherry on Mike Flynn’s Foreign Agent Sundae

/85 Comments/in , , /by

There’s an ironic line in Billy Barr’s CBS interview this week, where he acknowledges that prosecutors can become too wedded to a particular outcome.

These are very smart people who were working in the special counsel’s office, and in senior levels of the FBI. So what drove them here?

Well, I think one of the things you have to guard against, both as a prosecutor and I think as an investigator, is that if you get too wedded to a particular outcome and you’re pursuing a particular agenda, you close your eyes to anything that sort of doesn’t fit with your preconception. And I think that’s probably the phenomenon we’re looking at here.

That’s because Barr and Sidney Powell have the frothy right chasing the Logan Act like six year olds after a soccer ball as if that was the only basis to interview Mike Flynn on January 24, 2017. It’s unclear whether frothy commenters have been duped by Barr’s guile, or they just haven’t read the record.

The record is crystal clear, however: When the investigation into Mike Flynn was opened on August 16, 2016, he was being investigated as a witting or unwitting Agent of a Foreign Power (Barr’s DOJ — and DOJ IG — have both made the same error in suggesting this was just about FARA, but the investigation was also predicated under 18 USC 951). Timothy Shea conceded in his motion to dismiss the prosecution that that investigation was never closed. And evidence from three different contemporaneous witnesses — Jim Comey, Mary McCord, and Bill Priestap — say that’s why the FBI interviewed Flynn on January 24, 2017.

Bill Priestap made clear that they did this interview to find out whether Flynn was acting as an agent for Russia.

The FBI’s provided rationale for doing the interview was that the existence of the investigation had already leaked, so Flynn was already aware that the information was being discussed publicly and there was no element of surprise. Priestap told the group the goal of the interview was whether to determine whether or not Flynn was in a clandestine relationship with the Russians.

That’s what Comey said, too.

MR. COMEY: To find out whether there was something we were missing about his relationship with the Russians and whether he would — because we had this disconnect publicly between what the Vice President was saying and what we knew. And so before we closed an investigation of Flynn, I wanted them to sit before him and say what is the deal?

The Priestap notes that the frothy right is pointing to as proof of abuse makes quite clear that the point of the interview was not to create a perjury trap, but to see whether Flynn would be honest about his relationship with the Russians.

Bob Litt, who (per these same records) was the first person to raise the Logan Act, analyzed the ways that Timothy Shea’s motion conflicts with the FBI’s DIOG. He described the interview to be, first and foremost, about counterintelligence.

The attorney general and his minions are making the astounding argument that when the FBI—aware of extensive Russian interference in U.S. politics in order to benefit the Trump campaign—learned that the incoming national security advisor requested that Russia not respond to the sanctions that were imposed in response to that interference and then lied to other government officials about that, it could not even “collect information or facts to determine” whether this created a counterintelligence threat. This cannot be right. Even if the prior investigation into Flynn had been closed, which it had not, these circumstances at a minimum justified an assessment under standard FBI policy.

In fact, the department’s motion virtually concedes the point. It dismisses Flynn’s lies to Pence and Spicer by saying that “[h]ad the FBI been deeply concerned about the disparities between what they knew had been said on the calls and the representations of Vice President Pence or Mr. Spicer, it would have sought to speak with them directly, but did not.” But that would be a kind of investigative activity, and under the DIOG, either the FBI has a basis to investigate or it doesn’t. If the facts justified talking to Pence about Flynn, they justified talking to Flynn.

Once you have a predicated investigation into 18 USC 951, adding another potential crime (the Logan Act) does not change that the investigation into 18 USC 951 remained, per Shea, ongoing.

In his interview, Barr misrepresents the record to claim what Flynn did — undermining the punishment imposed on a hostile foreign country after they attacked us — was “laudable.”

They did not have a basis for a counterintelligence investigation against Flynn at that stage, based on a perfectly legitimate and appropriate call he made as a member of the transition. So.

[snip]

Let me say that, at that point, he was the designated national security adviser for President-Elect Trump, and was part of the transition, which is recognized by the government and funded by the government as an important function to bring in a new administration. And it is very typical, very common for the national security team of the incoming president to communicate with foreign leaders.

And that call, there was nothing wrong with it whatever. In fact, it was laudable. He– and it was nothing inconsistent with the Obama administration’s policies. And it was in U.S. interests. He was saying to the Russians, you know, “Don’t escalate.” And they asked him if he remembered saying that, and he said he didn’t remember that.

There are several problems with this claim.

For starters, at first, Mary McCord agreed with this take. She dismissed the call for the same reasons Barr still does — that this was just the typical communication between an incoming national security team and foreign leaders.

Two things changed her mind.

The first was the evidence that Flynn was lying about what he did to others in the incoming Administration.

It seemed logical to her that there may be some communications between an incoming administration and their foreign partners, so the Logan Act seemed like a stretch to her. She described the matter as “concerning” but with no particular urgency. In early January, McCord did not think people were considering briefing the incoming administration. However, that changed when Vice President Michael Pence went on Face the Nation and said things McCord knew to be untrue. Also, as time went on, and then-White House spokesperson Sean Spicer made comments about Flynn’s actions she knew to be false, the urgency grew.

It is normal for officials in incoming Administrations to reach out to foreign leaders. But it is not the norm for incoming officials to freelance, to set policy that no one else in the Administration knows about. And the public evidence at the time the FBI interviewed Flynn was that he had done this on his own and was actively hiding it form his colleagues (as indeed the current record says he was).

The record that Barr distorted in this interview shows that FBI was in a holding pattern until there was public evidence that Flynn had lied to others in the Administration, which not only changed the calculus about warning the Administration, but created urgency to take an investigative step FBI might not otherwise have done.

The other thing that changed McCord’s mind about whether this was the normal pre-inauguration outreach was reading the transcript.

After reading them, she felt they were “worse” than she initially thought; she noted that her recollection of them is that Flynn proactively raised the issue of sanctions, and she feels it is hard to believe he would forget talking about something he raised himself.

Sally Yates described Flynn make a series of asks, some of which remain classified.

And McCord wasn’t the only one who responded that way. Once Mike Pence and Reince Priebus read the transcripts, Flynn was out the door the next day.

Notably, even though Ric Grenell is in the middle of a declassification spree, neither he nor Barr have chosen to declassify the actual transcripts here, even though Flynn has requested them repeatedly. Barr’s DOJ is also withholding other details that would describe the reaction of Administration officials to reading the transcript in the Buzzfeed FOIA. So it’s easy for Barr to claim this was normal, but a career prosecutor who read the transcripts said they weren’t, and Barr is deliberately withholding information that would let us test that claim.

This is why DOJ’s materiality argument fails, too. Had Flynn told the truth, the FBI might have had reason to treat this as the normal pre-inauguration contact. But once he lied, the FBI had more reason to continue investigating, to try to figure out why he lied. All the more so given that Flynn was hiding his other Foreign Agent relationship with Turkey at the time.

If Flynn’s behavior were, as Barr claims, “laudable,” then he would have simply admitted it. Once he lied about it, the FBI had more reason to suspect he had been freelancing, deliberately undermining American policy without the sanction and knowledge of others in the Trump Administration.

Only one thing explains Barr’s view, and it is damning. The FBI had reason to investigate anyway, and as Litt correctly lays out, these actions were solidly within the guidelines laid out in the FBI’s Domestic Investigations and Operations Guide. But the only way to conclude, as Barr has, that Flynn’s actions — calling up the Russian Ambassador and telling him not to worry about the sanctions imposed for helping Trump get elected — are not clear cut evidence that he was clandestinely operating as an Agent of Russia is if Trump told him to do it.

That doesn’t make it laudable. But it is as close as we’ve ever come to an admission that Flynn did this not just with the knowledge of, but on orders from, Trump. That’s probably why Trump is boasting about learning from Nixon right now: Because unlike Nixon, he got away with cheating to win an election.

Jay Sekulow Seems Worried that Trump’s “Collusion” Is Visible from Space

/38 Comments/in , /by

Donald Trump’s defense team must believe he’s in the clear, because they’ve gone back to their previous hobbies: Rudy Giuliani’s been engaging in international graft, and Jay Sekulow has been hunting for conspiracy theories in FOIA searches.

In one of two recent FOIA conspiracy efforts, Sekulow obtained documents pertaining to EO 12333 sharing rules passed in the last days of the Obama Administration. While the sharing rules explicitly prohibit disseminations “for the purpose of affecting the political process in the United States,” I did note at the time would enable the FBI to obtain more information on Russian targets.

One of the documents liberated by Sekulow includes a bullet point that reads,

The time spent by our staffs on crafting the document, the significance of these procedures to intelligence integration, and the level of public interest in their completion all contribute to my personal interest in having procedures signed by the Attorney General before the conclusion of the Administration.

Another is an email from James Clapper’s General Counsel, Bob Litt, saying, “Really really want to get this done .. and so does the Boss.”

From that, Sekulow claims that the sharing rules — an effort that started under Trump ally Michael Mukasey and which, as an EO, Trump could change at will — are part of a Deep State plot to spy on Trump.

Consider what we now know about the nature and degree of Deep State opposition to President Trump.

There have been public revelations about the infamous disgrace known as the Steele dossier, a report by a former British spy funded by the Hillary Clinton campaign that made false and baseless allegations against presidential candidate Trump.

There were also documented abuses of the Foreign Intelligence Surveillance Act that led to an FBI investigation – codenamed Crossfire Hurricane – of possible ties between the Trump presidential campaign and Russia. Special Counsel Robert Mueller later concluded after an exhaustive investigation lasting nearly two years that the Trump campaign did not conspire with Russia to advance Trump’s election chances.

We are also now aware of Director of National Intelligence Clapper’s open hostility to President Trump and intentional leaking by senior law enforcement and intelligence officials who were also hostile to Trump.

All of these facts point to a coordinated effort across agencies during the Obama administration to oppose the incoming Trump administration.

What’s utterly drop dead hysterical, however, is something else one document liberated by the Commander-in-Chief’s personal attorney reveals. It describes what agency is most anxious to start getting NSA’s data: the National Geospatial-Intelligence Agency.

Several Intelligence Community elements, including the Defense Intelligence Agency and the National Geospatial-Intelligence Agency, have identified missions that would benefit from access to NSA [redacted]. NSA also supports the procedures.

In other words, the changes that Sekulow are sure came about to spy on Trump were done, in large part, for the benefit of the agency that engages in our satellite collection.

Which must mean that the President’s personal defense attorney worries that his “collusion” is visible from space.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Why I Left The Intercept: The Surveillance Story They Let Go Untold for 15 Months

/112 Comments/in , , , , /by

The Intercept has a long, must-read story from James Risen about the government’s targeting of him for his reporting on the war on terror. It’s self-serving in many ways — there are parts of his telling of the Wen Ho Lee, the Valerie Plame, and the Jeffrey Sterling stories he leaves out, which I may return to. But it provides a critical narrative of DOJ’s pursuit of him. He describes how DOJ tracked even his financial transactions with his kids (which I wrote about here).

The government eventually disclosed that they had not subpoenaed my phone records, but had subpoenaed the records of people with whom I was in contact. The government obtained my credit reports, along with my credit card and bank records, and hotel and flight records from my travel. They also monitored my financial transactions with my children, including cash I wired to one of my sons while he was studying in Europe.

He also reveals that DOJ sent him a letter suggesting he might be a subject of the investigation into Stellar Wind.

But in August 2007, I found out that the government hadn’t forgotten about me. Penny called to tell me that a FedEx envelope had arrived from the Justice Department. It was a letter saying the DOJ was conducting a criminal investigation into “the unauthorized disclosure of classified information” in “State of War.” The letter was apparently sent to satisfy the requirements of the Justice Department’s internal guidelines that lay out how prosecutors should proceed before issuing subpoenas to journalists to testify in criminal cases.

[snip]

When my lawyers called the Justice Department about the letter I had received, prosecutors refused to assure them that I was not a “subject” of their investigation. That was bad news. If I were considered a “subject,” rather than simply a witness, it meant the government hadn’t ruled out prosecuting me for publishing classified information or other alleged offenses.

But a key part of the story lays out the NYT’s refusals to report Risen’s Merlin story and its reluctance — until Risen threatened to scoop him with his book — to publish the Stellar Wind one.

Glenn Greenwald is rightly touting the piece, suggesting that the NYT was corrupt for acceding to the government’s wishes to hold the Stellar Wind story. But in doing so he suggests The Intercept would never do the same.

That’s not correct.

One of two reasons I left The Intercept is because John Cook did not want to publish a story I had written — it was drafted in the content management system — about how the government uses Section 702 to track cyberattacks. Given that The Intercept thinks such stories are newsworthy, I’m breaking my silence now to explain why I left The Intercept.

I was recruited to work with First Look before it was publicly announced. The initial discussions pertained to a full time job, with a generous salary. But along the way — after Glenn and Jeremy Scahill had already gotten a number of other people hired and as Pierre Omidyar started hearing from friends that the effort was out of control — the outlet decided that they were going to go in a different direction. They’d have journalists — Glenn and Jeremy counted as that. And they’d have bloggers, who would get paid less.

At that point, the discussion of hiring me turned into a discussion of a temporary part time hire. I should have balked at that point. What distinguishes my reporting from other journalists — that I’m document rather than source-focused (though by no means exclusively), to say nothing of the fact that I was the only journalist who had read both the released Snowden documents and the official government releases — should have been an asset to The Intercept. But I wanted to work on the Snowden documents, and so I agreed to those terms.

There were a lot of other reasons why, at that chaotic time, working at The Intercept was a pain in the ass. But nevertheless I set out to write stories I knew the Snowden documents would support. The most important one, I believed, was to document how the government was using upstream Section 702 for cybersecurity — something it had admitted in its very first releases, but something that it tried to hide as time went on. With Ryan Gallagher’s help, I soon had the proof of that.

The initial hook I wanted to use for the story was how, in testimony to PCLOB, government officials misleadingly suggested it only used upstream to collect on things like email addresses.

Bob Litt:

We then target selectors such as telephone numbers or email addresses that will produce foreign intelligence falling within the scope of the certifications.

[snip]

It is targeted collection based on selectors such as telephone numbers or email addresses where there’s reason to believe that the selector is relevant to a foreign intelligence purpose.

[snip]

It is also however selector-based, i.e. based on particular phone numbers or emails, things like phone numbers or emails.

Raj De:

Selectors are things like phone numbers and email addresses.

[snip]

A term like selector is just an operational term to refer to something like an email or phone number, directive being the legal process by which that’s effectuated, and tasking being the sort of internal government term for how you start the collection on a particular selector.

[snip]

So all collection under 702 is based on specific selectors, things like phone numbers or email addresses.

Brad Wiegmann:

A selector would typically be an email account or a phone number that you are targeting.

[snip]

So that’s when we say selector it’s really an arcane term that people wouldn’t understand, but it’s really phone numbers, email addresses, things like that.

[snip]

So putting those cases aside, in cases where we just kind of get it wrong, we think the email account or the phone is located overseas but it turns out that that’s wrong, or it turns out that we think it’s a non-U.S. person but it is a  U.S. person, we do review every single one to see if that’s the case.

That PCLOB’s witnesses so carefully obscured the fact that 702 is used to collect cybersecurity and other IP-based or other code collection is important for several reasons. First, because collection on a chat room or an encryption key, rather than an email thread, has very different First Amendment implications than collecting on the email of a target. But particularly within the cybersecurity function, identifying foreignness is going to be far more difficult to do because cyberattacks virtually by definition obscure their location, and you risk collecting on victims (whether they are hijacked websites or emails, or actual theft victims) as well as the perpetrator.

Moreover, the distinction was particularly critical because most of the privacy community did not know — many still don’t — how NSA interpreted the word “facility,” and therefore was missing this entire privacy-impacting aspect of the program (though Jameel Jaffer did raise the collection on IP addresses in the hearing).

I had, before writing up the piece, done the same kind of iterative work (one, two, three) I always do; the last of these would have been a worthy story for The Intercept, and did get covered elsewhere. That meant I had put in close to 25 hours working on the hearing before I did other work tied to the story at The Intercept.

I wrote up the story and started talking to John Cook, who had only recently been brought in, about publishing it. He told me that the use of 702 with cyber sounded like a good application (it is!), so why would we want to expose it. I laid out why it would be questionably legal under the 2011 John Bates opinion, but in any case would have very different privacy implications than the terrorism function that the government liked to harp on.

In the end, Cook softened his stance against spiking the story. He told me to keep reporting on it. But in the same conversation, I told him I was no longer willing to work in a part time capacity for the outlet, because it meant The Intercept benefitted from the iterative work that was as much a part of my method as meetings with sources that reveal no big scoop. I told him I was no longer willing to work for The Intercept for free.

Cook’s response to that was to exclude me from the first meeting at which all Intercept reporters would be meeting. The two things together — the refusal to pay me for work and expertise that would be critical to Intercept stories, as well as the reluctance to report what was an important surveillance story, not to mention Cook’s apparent opinion I was not a worthy journalist — are why I left.

And so, in addition to losing the person who could report on both the substance and the policy of the spying that was so central to the Snowden archives, the story didn’t get told until 15 months later, by two journalists with whom I had previously discussed 702’s cybersecurity function specifically with regards to the Snowden archive. In the interim period, the government got approval for the Tor exception (which I remain the only reporter to have covered), an application that might have been scrutinized more closely had the privacy community been discussing the privacy implications of collecting location-obscured data in the interim.

As recently as November, The Intercept asked me questions about how 702 is actually implemented because I am, after all, the expert.

So by all means, read The Intercept’s story about how the NYT refused to report on certain stories. But know that The Intercept has not always been above such things itself. In 2014 it was reluctant to publish a story the NYT thought was newsworthy by the time they got around to publishing it 15 months later.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Five Reasons the 702 Reauthorization Transparency Provisions Are Bogus

/in /by

I thought that, after Bob Litt left the Office of Director of National Intelligence, we might stop pushing transparency measures in surveillance bills that don’t provide transparency.

Nope.

For the most part, the added transparency in the bill is either already being accomplished (like counts of individual FISA orders or published minimization procedures) or useless. The exception is language requiring a real count of Pen Registers, which would fix a problem in the USA Freedom Act transparency provisions, which only counted Pen Registers that targeted communications, but not that targeted things like location data.

I’ll deal with two others — a declaration tied to Section 309 and a Comptroller General review of classification — separately.

The truly insulting “transparency” provisions, however, are the ones that pretend to count US person impact but do anything but. There are two parts to them. First, the bill mandates semiannual reports from the FBI (which, remember, got exempted from everything meaningful in the USA Freedom Act transparency provisions).

(d) SEMIANNUAL FBI REPORTS.—Together with the semiannual report submitted under subsection (a), the Director of the Federal Bureau of Investigation shall submit to the congressional committees specified in such sub-section, and make publicly available, a report containing, with respect to the period covered by the report, the number of queries made by the Federal Bureau of Investigation described in subsection (j)(1) of section 702 that resulted in communications being accessed or disseminated pursuant to such subsection.

The section requires the FBI Director to count how many queries are made under the new court order queries that — as I’ve already pointed out — are utterly meaningless. Whereas last year there was one equivalent count, in the future there will be none, because it will be a pain in the ass to get a criminal search order and it will remain easy as pie to treat any query as an assessment to use criminal evidence for foreign intelligence purposes. So this requirement is like dividing by zero: it doesn’t get you anywhere.

Then there’s the sham count of US persons sucked in by 702.

(c) INCIDENTALLY COLLECTED COMMUNICATIONS AND OTHER INFORMATION.—Together with the semi-annual report submitted under subsection (a), the Director of National Intelligence shall submit to the congressional committees specified in such subsection a report on incidentally collected communications and other information regarding United States persons under section 702. Each such report shall include, with respect to the 6-month period covered by the report, the following:

(1) Except as provided by paragraph (2), the number, or a good faith estimate, of communications acquired under subsection (a) of such section of known United States persons that the National Security Agency positively identifies as such in the ordinary course of its business, including a description of any efforts of the intelligence community to ascertain such number or good faith estimate.

(2) If the Director determines that calculating the number, or a good faith estimate, under paragraph (1) is not achievable, a detailed explanation for why such calculation is not achievable.

(3) The number of—

(A) United States persons whose information is unmasked pursuant to subsection (e)(4) of such section;

(B) requests made by an element of the Federal Government, listed by each such element, to unmask information pursuant to such subsection; and

(C) requests that resulted in the dissemination of names, titles, or other identifiers potentially associated with individuals pursuant to such subsection, including the element of the intelligence community and position of the individual making the request.

(4) The number of disseminations of communications acquired under subsection (a) of section 702 to the Federal Bureau of Investigation for cases not pertaining to national security or foreign intelligence.

(5) The number of instances in which evidence of a crime not pertaining to national security or foreign intelligence that was identified in communications acquired under subsection (a) of section 702 was disseminated from the national security branch of the Bureau to the criminal investigative division of the Bureau (or from such successor branch to such successor division).

Here’s why this is meaningless:

Under 702 precedent, it’s unclear whether the most intrusive collection is “incidental” or “intentional”

First, note what they call this? “Incidentally collected” communications.

One of the most concerning groups of Americans collected under 702 are, at least according to John Bates’ 2011 702 opinionnot incidental. Those are the entirely domestic communications believed to be foreign and targeted intentionally, such as the old MCT emails.

That’s important because what likely happens with a good deal of Americans communications — those collected under the 2014 exception — will mostly be purged in the post-tasking process. When NSA did a count of collections in 2011, they tried to hide how much they’re purging — and likely did hide a good bit even from the final count. The language of this provision, which only requires a count of Americans it “positively identifies as such in the ordinary course of its business,” would certainly invite NSA to do the same again.

At the very least, this provision should include both a definition of incidental and a definition of “ordinary course of business.”

An “ordinary course of business” at NSA will miss where most interaction with US person data occurs in the “ordinary course of business”

Then consider what it means that NSA — and not CIA or FBI, both of whom do a lot more searches on Americans collected under 702 — is asked to do this count. The other agencies are going to come across a lot more Americans because they’re looking for them, but that ordinary course of business exposure of Americans won’t ever be counted if the only count happens at NSA.

If DNI won’t be asked for a real count, don’t permit him to say a count is impossible

And even there, the DNI can balk and — as he and others have been saying for 6 years — claim they can’t come up with a number. This provision should either demand a real number and permit this cop out, or use the “ordinary course” number and demand a real number.

The obsession with unmasking represents an elite person’s focus on impact

Unsurprisingly, there’s several requirements on unmasking (as well as another entire section of this focusing on procedures for unmasking and a dedicated report on it, which I’m ignoring).

I know that certain Republicans have discovered the impact of surveillance by learning that they or their friends can be swept up having sensitive conversations with Russians. But the focus on unmasking really reflects an elite concern. That’s because the people who are most likely to be swept up in intercepts but masked because the political sensitivity of collecting on them outweighs the intelligence value are elites — people like Devin Nunes and Jeff Sessions, not people like Mohammed Mohamud or other brown people. Those non-elite people are the ones who’ll be prosecuted for being swept up in a 702 intercept, rather than warned off by the FBI.

So along with the boredom of having Republicans continue to pretend this is the most dangerous impact on Americans, understand that believing that is largely about elites worrying about elites.

Tracking disseminations that don’t happen

Finally, the transparency provisions track two kinds of sharing with FBI criminal investigators, that don’t track how Americans might be affected in criminal investigations.

First, it asks for “The number of disseminations of communications acquired under subsection (a) of section 702 to the Federal Bureau of Investigation for cases not pertaining to national security or foreign intelligence.” It doesn’t define “national security” (elsewhere, the bill invites the IC to define foreign intelligence). It doesn’t say “dissemination” from whom? Is this just crimes like kiddie porn (which can be a foreign intelligence if owned by a Boeing engineer, under the Gartenlaub precedent) identified by the NSA and handed over?

But the entire item is pretty meaningless, given that FBI gets raw data, which is where evidence of a crime is most likely to be IDed.

Then there’s the question about how much gets disseminated from FBI’s National Security Division to FBI’s criminal division. But at least as I understand it from Semiannual reports, access to FISA data has all been decentralized to the field office. Already, that creates problems for oversight, because ODNI and DOJ aren’t doing visits to all field offices (contrary to what was claimed in congressional testimony this year). But that also means it doesn’t (as far as I know) take a dissemination from NSD to criminal to result in the dissemination of information, because Agents with FISA clearance are going to be able to access that data from the comfort of their own office.

For both these counts, then, HJC seems to be pretending that no raw 702 data is shared with FBI. But it is. And that’s the stuff that matters.

Which is why that’s the stuff we’ll never be able to count.

Congress keeps pretending they want counts of the impact of this. The NSA count they’re refusing to do is one thing — they can at least claim privacy considerations.

But they biannual charade of pretending we’re getting FBI to examine the impact of their actions when in fact we’re letting them operate without any such metrics is getting old.

12333 Info Sharing Working Thread

/3 Comments/in /by

Last week, the government released the long-awaited procedures permitting the intelligence community to share raw 12333 collected information more widely. This will be a working thread on those procedures.

(1) The procedures bill themselves as procedures to govern the sharing of information under 2.3 of EO 12333, which basically permits the IC to share info so IC elements can see if they need the info.

(1) The procedures exclude NSA SIGINT activities, which I think has the effect of making sure those don’t operate with these limits.

(2) The procedures also exclude activities undertaken under NSCID-5 and NSCID-6, which I think has the effect of excluding joint NSA-CIA activities that already take place.

(2) Note the reference to PPD-28 (which reappears) refers to PPD-28 “and implementing procedures and any successor documents.” That suggests there may be a lot more about PPD-28 we’re not seeing, and that this Administration anticipates it will be changed.

(2-3) This section lays out what it claims to be limits on any info sharing agreements, which is basically a requirement that any entity getting NSA data must adopt procedures akin to those NSA adopts.

(3) Even if NSA tells another element of intelligence that would interest them, the element must make a formal request to get it. I suspect this is done so NSA can pretend it is not affirmatively giving away entire swaths of data.

(4) There’s an odd definition of “reasonableness,” which is the standard NSA always says it uses to comply with the Fourth Amendment. It includes these measures of impact on US persons:

e. (U) The likelihood that sensitive U.S. person information (USPI) will be found in the information and, if known, the amount of such information;

f. (U) The potential for substantial harm, embarrassment, inconvenience, or unfairness to U.S. persons if the USPI is improperly used or disclosed;

That is, the measure is not if information is improperly access, but if accessing it might cause the US person substantial embarrassment of inconvenience.

(4) After the long section on reasonableness, the procedures then say NSA doesn’t actually have to check the data set to make sure its measures of impact are valid.

(5) Those receiving NSA data are prohibited from tampering in politics.

Not engage in any intelligence activity authorized by these Procedures, including disseminations to the White House, for the purpose of affecting the political process in the United States.

(5) Sharing agreements are covered by memoranda of agreement that last 3 years. Given the discussion of whether or not this enables Trump, I think it worth noting that any data sharing can be expanded before Trump’s first term ends. Conversely, that implies that any president can impose new restrictions during a term.

(5) There’s a squabble resolution process that goes to Secretary of Defense, then DNI for military units, and DNI for non-military.

(5) The procedures provide 3 different options for data possession that can count as sharing (one that was laid out in the 5240.01 revision released last year): the data remains in NSA’s systems, it goes to the IC cloud, it goes to the receiving entity’s systems. The roll-out of the IC cloud in recent years was a technical precondition for this expanded sharing.

(6) Before the procedures talk about what the entities have to do with audits (that does come later), it has this to say about protecting audit records.

Auditing records. Protect auditing records against unauthorized access, modification, or deletion, and retain these records for a sufficient period of time to verify compliance with the requirements of these Procedures.

Did they need to include this because audit records have been altered in the past?

(6) I’ve written a lot about the times (especially at FBI) where elements choose not to mark the source for their data, which allows for a lot of negative outcomes (such as hiding evidence source from defendants). So this passage makes me really furious.

Marking o(files. Use reasonable measures to identify and mark or tag raw SIGINT files reasonably believed or known to contain USPI. Marking and tagging will occur regardless of the format or location of the information, or the method of storing it. When appropriate and reasonably possible, files and documents containing USPI will also be marked individually. In the case of certain electronic databases, if it is not reasonably possible to mark individual files containing USPI, a banner may be used before access informing users that they may encounter USPI.

There should be an initial requirement that all shared data retains its NSA SIGAD information, marking it both as NSA data and tracking how it was collected. But this only asks that recipients mark data if it includes USPI, and even there allows the requirement to slide.

(7) The section prohibiting the selection of domestic (that is, between entirely US persons) is worthwhile. Except they don’t tell you until later that metadata analysis (which for the purposes of this document is limited to contact chaining) is exempt from this. So this means law enforcement can use entirely NSA-collected raw data to do network analysis of entirely American communications.

(7) There are actually 3 different kinds of searches included in these procedures, which should get people to reconsider how they refer to “upstream” searches: searches on the identity of a communicant, searches mentioning a communicant, and searches on content (which comes a few pages later).  Also note, it all relies on a new definition of “foreign” communications to mean what “international” used to, meaning they can access communications of a US person via that US person identifier if it happens internationally.

(7) The procedures let IC elements use US person identifiers for “selection” (a term designed to avoid “search”) if that person is already approved for content spying with a FISA order, but not for metadata spying. Note they list 703 among the authorities in question, though at least until recently, they never used 703.

(7) One of the key prongs (of three) under which an element can spy on an American w/AG approval is redacted. I’ll come back to this.

(8) Some of the reasons why the IC can spy on Americans are redacted. Given the items that appear on page 12, at least one of these is almost certainly a counterintelligence focus. The other may be counternarcotics or transnational crime.

(9) After having laid out how you can spy on Americans via their identifiers, the procedures now lay out how they might be swept up via their content. Remember that this may mean “content of headers,” and likely includes selectors for things like encryption keys. The selection term based collection permits the selection of US person communications (possibly, given the redaction, even between two US based US persons) if there will be significant FI or CI value.

(9) Minor point but the procedures explicitly use the phrase “defeat,” which is a concept often redacted.

(9) There are no explicit protections for Attorney Client communications here, just a “call NSD for guidelines” rule, which is alarming.

(9) I’ll come back to F, which is basically SPCMA on steroids, and probably a significant part of these sharing goals anyway. Effectively, this institutes SPCMA analysis, across IC elements, without some of the protections that have long been in place.

(10) Note, there seems to be flux in what metadata can be included as metadata (though there are reasonable definitions for metadata later). Also, ZERO of the oversight involves DOD.

(10) Retention is 5 years, so consistent with Section 309, which it cites.

(10) Note the reference to “data related to” communications to, from, or about US persons.

(10) The IC can only keep domestic communications in case of threat of death or bodily harm (but remember they include bodily harm to corporate persons in that).

(11) This is confusing. Right after saying it has to destroy domestic comms, it says that it can keep them if there is significant CI or FI value, and or anomalies showing a vulnerability to US comm service. This is sort of consistent with upstream 702, but not quite.

(11) The procedures treat government employee comes differently based on who they’re talking to, which is a tribute to how much this is about counterintelligence.

(11) The immediate notice of destruction incorporates a lesson they learned during 702, when such notices took time and US person stuff remained in the system in NSA even if destroyed at FBI.

(12) Note US person info can be disseminated for a non-exclusive list, though the list is quite extensive in any case.

(12) Info can be disseminated if someone is the target of hostile intelligence activities of a foreign power. This might make it easier for DHS to disseminate warnings.

(13) The auditing function described does not include an explicit exception for techs, whereas it would at NSA.

(14) Note the distinction between queries and retrievals. Added to selection, and we’ve got another set of not entirely sensical terms that are new.

(14) Note that throughout, the oversight mechanisms avoid any body that is statutorily independent, including both PCLOB and the IGs. So it should not be taken as credible.

(15) The first paragraph of VIII makes it clear they’re parallel constructing this. No notice to defendants basically makes this unconstitutional, but the ID doesn’t care.

(16) Throughout, there are designees allowed that will make it a cinch to put some of these sharing relationships in a box where no one will find them.

(16) The departures from procedures section doesn’t include any deadlines for how long until notifications have to go out. Again, another easily exploited loophole.

(17) They added language to Obama’s standard “does not create any rights” language to include “nor do they place any limitation on otherwise lawful investigative and litigative prerogatives of the United States.” Which sounds like even more parallel construction.

(17) As we’ll see, “contact chaining” is defined to mean two hops. But because it isn’t tied to anything, and because the definition of foreign power includes 3 degrees of separate for most things (engages in, aids or abets, or conspires), it really amounts to about 5 degrees of separation from any baddie.

(18) The definitions of metadata here are interesting (and different from the SPCMA one). First, on telephony metadata, they don’t comment about location. The Internet metadata description is more descriptive than any I’ve seen, including routers passed during delivery. But there’s so much that’s not addressed in the definition, because it pretends to be exclusively about email.

(19) The definition of contact chaining does not include, as USAF chaining does, connection chaining. This reinforces my belief that the latter primarily serves a complimentary function, that of IDing all associated identities known by a provider. The contact chaining definition only permits two hops, but there’s no limitation on target, which permits at least 5 and really an infinite number of hops.

(19) If just one recipient in a threat is not a USP, it does not count as domestic. Also, circumstances where someone doesn’t have a REOP, like Twitter, does not count as domestic either.

(19) There used to be two distinct definitions: International, which was one end US, and foreign, which is both-ends foreign. I’m not sure why they’ve changed it such that any end foreign counts as foreign, but that seems problematic.

(20) Public info includes that which is available on request, or by purchase, meaning this may includes a lot of brokered lists and the like (including advertising information).

(20) Definition of “selection” includes “cable address,” which seems like it could be very broadly interpreted.

(21) The definition of “selection term” is very useful (basically a boolean selection term), and should have been made public before.

(22) The USPI definition is notable both for its inclusions and exclusions. “Unique biometric records” is included, which seems like could be very broadly interpreted (and makes clear they’re throwing all the biometrics they have into this pot of analysis. There’s no specific mention of online identities (“names” and “unique titles” may incorporate that, but should be stated publicly). There’s also no mention of cookies or other session identifiers (which is especially notable given the silence about location data).

(22) The overhead reconnaissance language means they can use drone footage against us, so long as they don’t target it at us. Though some DirtBox uses would be problematic.

 

The Dragnet Donald Trump Will Wield Is Not Just the Section 215 One

/4 Comments/in , , /by

I’ve been eagerly anticipating the moment Rick Perlstein uses his historical work on Nixon to analyze Trump. Today, he doesn’t disappoint, calling Trump more paranoid than Nixon, warning of what Trump will do with the powerful surveillance machine laying ready for his use.

Revenge is a narcotic, and Trump of all people will be in need of a regular, ongoing fix. Ordering his people to abuse the surveillance state to harass and destroy his enemies will offer the quickest and most satisfying kick he can get. The tragedy, as James Madison could have told us, is that the good stuff is now lying around everywhere, just waiting for the next aspiring dictator to cop.

But along the way, Perlstein presents a bizarre picture of what happened to the Section 215 phone dragnet under Barack Obama.

That’s not to say that Obama hasn’t abused his powers: Just ask the journalists at the Associated Press whose phone records were subpoenaed by the Justice Department. But had he wanted to go further in spying on his enemies, there are few checks in place to stop him. In the very first ruling on the National Security Administration’s sweeping collection of “bulk metadata,” federal judge Richard Leon blasted the surveillance as downright Orwellian. “I cannot imagine a more ‘indiscriminate’ and ‘arbitrary’ invasion than this collection and retention of personal data,” he ruled. “Surely, such a program infringes on ‘that degree of privacy’ that the founders enshrined in the Fourth Amendment.”

But the judge’s outrage did nothing to stop the surveillance: In 2015, an appeals court remanded the case back to district court, and the NSA’s massive surveillance apparatus—soon to be under the command of President Trump—remains fully operational. The potential of the system, as former NSA official William Binney has described it, is nothing short of “turnkey totalitarianism.”

There are several things wrong with this.

First, neither Richard Leon nor any other judge has reviewed the NSA’s “sweeping collection of ‘bulk metadata.'” What Leon reviewed — in Larry Klayman’s lawsuit challenging the collection of phone metadata authorized by Section 215 revealed by Edward Snowden — was just a small fraction of NSA’s dragnet. In 2013, the collection of phone metadata authorized by Section 215 collected domestic and international phone records from domestic producers, but even there, Verizon had found a way to exclude collection of its cell records.

But NSA collected phone records — indeed, many of the very same phone records, as they collected a great deal of international records — overseas as well. In addition, NSA collected a great deal of Internet metadata records, as well as financial and anything else records. Basically, anything the NSA can collect “overseas” (which is interpreted liberally) it does, and because of the way modern communications works, those records include a significant portion of the metadata of Americans’ everyday communications.

It is important for people to understand that the focus on Section 215 was an artificial creation, a limited hangout, an absolutely brilliant strategy (well done, Bob Litt, who has now moved off to retirement) to get activists to focus on one small part of the dragnet that had limitations anyway and NSA had already considered amending. It succeeded in pre-empting a discussion of just what the full dragnet entailed.

Assessments of whether Edward Snowden is a traitor or a saint always miss this, when they say they’d be happy if Snowden had just exposed the Section 215 program. Snowden didn’t want the focus to be on just that little corner of the dragnet. He wanted to expose the full dragnet, but Litt and others succeeded in pretending the Section 215 dragnet was the dragnet, and also pretending that Snowden’s other disclosures weren’t just as intrusive on Americans.

Anyway, another place where Perlstein is wrong is in suggesting there was just one Appeals Court decision. The far more important one is the authorized by Gerard Lynch in the Second Circuit, which ruled that Section 215 was not lawfully authorized. It was a far more modest decision, as it did not reach constitutional questions. But Lynch better understood that the principle involved more than phone records; what really scared him was the mixing of financial records with phone records, which is actually what the dragnet really is.

That ruling, on top of better understanding the import of dragnets, is important because it is one of the things that led to the passage of USA Freedom Act, a law that, contrary to Perlstein’s claim, did change the phone dragnet, both for good and ill.

The USA Freedom Act, by imposing limitations on how broadly dragnet orders (for communications but not for financial and other dragnets) can be targeted, adds a check at the beginning of the process. It means only people 2 degrees away from a terrorism suspect will be collected under this program (even while the NSA continues to collect in bulk under EO 12333). So the government will have in its possession far fewer phone records collected under Section 215 (but it will still suck in massive amounts of phone records via EO 12333, including massive amounts of Americans’ records).

All that said, Section 215 now draws from a larger collection of records. It now includes the Verizon cell records not included under the old Section 215 dragnet, as well as some universe of metadata records deemed to be fair game under a loose definition of “phone company.” At a minimum, it probably includes iMessage, WhatsApp, and Skype metadata, but I would bet the government is trying to get Signal and other messaging metadata (note, Signal metadata cannot be collected retroactively; it’s unclear whether it can be collected with standing daily prospective orders). This means the Section 215 collection will be more effective in finding all the people who are 2 degrees from a target (because it will include any communications that exist solely in Verizon cell or iMessage networks, as well as whatever other metadata they’re collecting). But it also means far more innocent people will be impacted.

To understand why that’s important, it’s important to understand what purpose all this metadata collection serves.

It was never the case that the collection of metadata, however intrusive, was the end goal of the process. Sure, identifying someone’s communications shows when you’ve been to an abortion clinic or when you’re conducting an affair.

But the dragnet (the one that includes limited Section 215 collection and EO 12333 collection limited only by technology, not law) actually serves two other primary purposes.

The first is to enable the creation of dossiers with the click of a few keys. Because the NSA is sitting on so much metadata — not just phone records, but Internet, financial, travel, location, and other data — it can put together a snapshot of your life as soon as they begin to correlate all the identifiers that make up your identity. One advantage of the new kind of collection under USAF, I suspect, is it will draw from the more certain correlations you give to your communications providers, rather than relying more heavily on algorithmic analysis of bulk data. Facebook knows with certainty what email address and phone number tie to your Facebook account, whereas the NSA’s algorithms only guess that with (this is an educated guess) ~95+% accuracy.

This creation of dossiers is the same kind of analysis Facebook does, but instead of selling you plane tickets the goal is government scrutiny of your life.

The Section 215 orders long included explicit permission to subject identifiers found via 2-degree collection to all the analytical tools of the NSA. That means, for any person — complicit or innocent — identified via Section 215, the NSA can start to glue together the pieces of dossier it already has in its possession. While not an exact analogue, you might think of collection under Section 215 as a nomination to be on the equivalent of J Edgar Hoover’s old subversives list. Only, poor J Edgar mostly kept his list on index cards. Now, the list of those the government wants to have a network analysis and dossier on is kept in massive server farms and compiled using supercomputers.

Note, the Section 215 collection is still limited to terrorism suspects — that was an important win in the USA Freedom fight — but the EO 12333 collection, with whatever limits on nominating US persons, is not. Plus, it will be trivial for Trump to expand the definition of terrorist; the groundwork is already being laid to do so with Black Lives Matter.

The other purpose of the dragnet is to identify which content the NSA will invest the time and energy into reading. Most content collected is not read in real time. But Americans’ communications with a terrorism suspect will probably be, because of the concern that those Americans might be plotting a domestic plot. The same is almost certainly true of, say, Chinese-Americans conversing with scientists in China, because of a concern they might be trading US secrets. Likewise it is almost certainly true of Iranian-Americans talking with government officials, because of a concern they might be dealing in nuclear dual use items. The choice to prioritize Americans makes sense from a national security perspective, but it also means certain kinds of people — Muslim immigrants, Chinese-Americans, Iranian-Americans — will be far more likely to have their communications read without a warrant than whitebread America, even if those whitebread Americans have ties to (say) NeoNazi groups.

Of course, none of this undermines Perlstein’s ultimate categorization, as voiced by Bill Binney, who created this system only to see the privacy protections he believed necessary get wiped away: the dragnet — both that authorized by USAF and that governed by EO 12333 — creates the structure for turnkey totalitarianism, especially as more and more data becomes available to NSA under EO 12333 collection rules.

But it is important to understand Obama’s history with this dragnet. Because while Obama did tweak the dragnet, two facts about it remain. First, while there are more protections built in on the domestic collection authorized by Section 215, that came with an expansion of the universe of people that will be affected by it, which must have the effect of “nominating” more people to be on this late day “Subversives” list.

Obama also, in PPD-28, “limited” bulk collection to a series of purposes. That sounds nice, but the purposes are so broad, they would permit bulk collection in any area of the world, and once you’ve collected in bulk, it is trivial to then call up that data under a more broad foreign intelligence purpose. In any case, Trump will almost certainly disavow PPD-28.

Which makes Perlstein’s larger point all the more sobering. J Edgar and Richard Nixon were out of control. But the dragnet Trump will inherit is far more powerful.

The Story About Judicial Dysfunction Behind the Comey Whiplash

/58 Comments/in , , /by

I’ve been home from Europe for less than a day and already I’m thinking of sporting a neck collar for the whiplash I’ve gotten watching the wildly varying Jim Comey opinions.

I’m speaking, of course, of the response to Jim Comey’s highly unusual announcement to sixteen Chairs and Ranking Members of congressional committees (at least some of which Comey did not testify to) that the investigative team — presumably on the Clinton case — briefed him Thursday that FBI discovered additional emails in an unrelated case — now known to be the investigation into Anthony Weiner allegedly sexting a 15 year old — and he approved their request to take the steps necessary to be able to review those emails.

Effectively, the Weiner investigators, in reviewing the content from devices seized in that investigation, found emails from Huma Abedin, told the Hillary investigative team, and they’re now obtaining a warrant to be able to review those emails.

So of course the Republicans that had been claiming Comey had corruptly fixed the investigation for Hillary immediately started proclaiming his valor and Democrats that had been pointing confidently to his exoneration of Hillary immediately resumed their criticism of his highly unusual statements on this investigation. Make up your minds, people!

For the record, I think his initial, completely inappropriate statements made this inevitable. He excuses Friday’s statement as formally correcting the record of his testimony. The claim is undermined by the fact that not all recipients of the letter had him testify. But I think once you start the process of blabbing about investigations, more blabbing likely follows. I don’t mean to excuse this disclosure, but the real sin comes in the first one, which was totally inappropriate by any measure. I’m also very unsympathetic with the claim —  persistently offered by people who otherwise cheer Comey — that he released his initial statement to help Loretta Lynch out of the jam created by her inappropriate meeting with Bill Clinton; I think those explanations stem from a willful blindness about what a self-righteous moralist Comey is.

Of course I’ve been critical of Comey since long before it was cool (and our late great commenter Mary Perdue was critical years before that).

But I’d like to take a step back and talk about what this says about our judicial system.

Jim Comey doesn’t play by the rules

Jamie Gorelick (who worked with Comey when she was in DOJ) and Larry Thompson (who worked with Comey when Comey was US Attorney and he was Deputy Attorney General, until Comey replaced him) wrote a scathing piece attacking Comey for violating the long-standing prohibition on doing anything in an investigation pertaining to a political candidate in the 60 days leading up to an election. The op-ed insinuates that Comey is a “self-aggrandizing crusader[] on [a] high horse” before it goes on to slam him for making himself the judge on both the case and Hillary’s actions.

James B. Comey, put himself enthusiastically forward as the arbiter of not only whether to prosecute a criminal case — which is not the job of the FBI — but also best practices in the handling of email and other matters. Now, he has chosen personally to restrike the balance between transparency and fairness, departing from the department’s traditions. As former deputy attorney general George Terwilliger aptly put it, “There’s a difference between being independent and flying solo.”

But the real meat is that there’s a rule against statements like the one Comey made, and Comey broke it.

Decades ago, the department decided that in the 60-day period before an election, the balance should be struck against even returning indictments involving individuals running for office, as well as against the disclosure of any investigative steps. The reasoning was that, however important it might be for Justice to do its job, and however important it might be for the public to know what Justice knows, because such allegations could not be adjudicated, such actions or disclosures risked undermining the political process. A memorandum reflecting this choice has been issued every four years by multiple attorneys general for a very long time, including in 2016.

If Comey is willing to break this rule in such a high profile case, then what other rules is he breaking? What other judgements has Comey made himself arbiter of? Particularly given Comey’s persistent discussion of FBI’s work in terms of “good guys” and “bad guys” — as opposed to criminal behavior — that seems a really pertinent question.

As with James Clapper, Loretta Lynch can’t control Comey

Gorelick (who has been suggested among potential Clinton appointees) and Thompson go easier on Lynch, however, noting that she didn’t order him to stand down here, but ultimately blaming Comey for needing to be ordered.

Attorney General Loretta E. Lynch — nominally Comey’s boss — has apparently been satisfied with advising Comey but not ordering him to abide by the rules. She, no doubt, did not want to override the FBI director in such a highly political matter, but she should not have needed to. He should have abided by the policy on his own.

But since John Cornyn confronted Lynch in March about who would make decisions in this case — “Everyone in the Department of Justice works for me, including the FBI, sir,” Lynch forcefully reminded Cornyn — it has been clear that there’s a lot more tension than the org chart would suggest there should be.

The NYT provides more details on how much tension there is.

The day before the F.B.I. director, James B. Comey, sent a letter to Congress announcing that new evidence had been discovered that might be related to the completed Hillary Clinton email investigation, the Justice Department strongly discouraged the step and told him that he would be breaking with longstanding policy, three law enforcement officials said on Saturday.

Senior Justice Department officials did not move to stop him from sending the letter, officials said, but they did everything short of it, pointing to policies against talking about current criminal investigations or being seen as meddling in elections.

And it’s not just Lynch that has problems managing FBI.

In a response to a question from me in 2014 (after 56:00), Bob Litt explained that FBI’s dual role creates “a whole lot of complications” and went on to admit that the office of Director of National Intelligence — which is supposed to oversee the intelligence community — doesn’t oversee the FBI as directly.

Because FBI is part of the Department of Justice, I don’t have the same visibility into oversight there than I do with respect to the NSA, but the problems are much more complicated because of the dual functions of the FBI.

Litt said something similar to me in May when we discussed why FBI can continue to present bogus numbers in its legally mandated NSL reporting.

Now these are separate issues (though the Clinton investigation is, after all, a national security investigation into whether she or her aides mishandled classified information). But if neither the DNI nor the AG really has control over the FBI Director, it creates a real void of accountability that has repercussions for a whole lot of issues and, more importantly, people who don’t have the visibility or power of Hillary Clinton.

The FBI breaks the rules all the time by leaking like a sieve

Underlying this entire controversy is another rule that DOJ and FBI claim to abide by but don’t, at all: FBI is not supposed to reveal details of ongoing investigations.

Indeed, according to the NYT, Comey pointed to the certainty that this would leak to justify his Friday letter.

But although Mr. Comey told Congress this summer that the Clinton investigation was complete, he believed that if word of the new emails leaked out — and it was sure to leak out, he concluded — he risked being accused of misleading Congress and the public ahead of an election, colleagues said.

Yet the US Attorney’s Manual, starting with this language on prejudicial information and continuing into several more clauses, makes it clear that these kinds of leaks are impermissible.

At no time shall any component or personnel of the Department of Justice furnish any statement or information that he or she knows or reasonably should know will have a substantial likelihood of materially prejudicing an adjudicative proceeding.

Comey, the boss of all the FBI Agents investigating this case, had another alternative, one he should have exercised months ago when it was clear those investigating this case were leaking promiscuously: demand that they shut up, conduct investigations of who was leaking, and discipline those who were doing so. Those leaks were already affecting election year concerns, but there has been little commentary about how they, too, break DOJ rules.

But instead of trying to get FBI Agents to follow DOJ guidelines, Comey instead decided to violate them himself.

Again, that’s absolutely toxic when discussing an investigation that might affect the presidential election, but FBI’s habitual blabbing is equally toxic for a bunch of less powerful people whose investigative details get leaked by the FBI all the time.

[Update: Jeffrey Toobin addresses the role of leaks more generally here, though he seems to forget that the Hillary investigation is technically a national security investigation. I think it’s important to remember that, especially given Hillary’s campaign focus on why FBI isn’t leaking about the investigation into Trump’s ties to Russia, which would also be a national security investigation.]

Warrantless back door searches do tremendous amounts of damage

Finally, think about the circumstances of the emails behind this latest disclosure.

Reports are currently unclear how much the FBI knows about these emails. The NYT describes that the FBI seized multiple devices in conjunction with the Weiner investigation, including the laptop on which they found these emails.

On Oct. 3, F.B.I. agents seized several electronic devices from Mr. Weiner: a laptop, his iPhone and an iPad that was in large measure used by his 4-year-old son to watch cartoons, a person with knowledge of the matter said. Days later, F.B.I. agents also confiscated a Wi-Fi router that could identify any other devices that had been used, the person said.

While searching the laptop, the agents discovered the existence of tens of thousands of emails, some of them sent between Ms. Abedin and other Clinton aides, according to senior law enforcement officials. It is not clear if Ms. Abedin downloaded the emails to the laptop or if they were automatically backed up there. The emails dated back years, the officials said. Ms. Abedin has testified that she did not routinely delete her emails.

Presumably, the warrant to seize those devices permits the FBI agents to go find any evidence of Weiner sexting women (or perhaps just the young woman in question).

And admittedly, the details NYT’s sources describe involve just metadata: addressing information and dates.

But then, Comey told Congress these emails were “pertinent” to the Clinton investigation, and other details in reports, such as they might be duplicates of emails already reviewed by the FBI, suggest the Weiner investigators may have seen enough to believe they might pertain to the inquiry into whether Clinton and her aides (including Huma) mishandled classified information. Moreover, the FBI at least thinks they will be able to prove there is probable cause to believe these emails may show the mishandling of classified information.

Similarly, there are conflicting stories about whether the Hillary investigation was ever closed, which may arise from the fact that if it were (as Comey had suggested in his first blabby statements), seeking these emails would require further approval to continue the investigation.

The point, though, is that FBI would have had no idea these emails existed were it not for FBI investigators who were aware of the other investigation alerting their colleagues to these emails. This has been an issue of intense litigation in recent years, and I’d love for Huma, after the election, to submit a serious legal challenge if any warrant is issued.

But then, in this case, Huma is being provided far more protection than people swept up in FISA searches, where any content with a target can be searched years into the future without any probable cause or even evidence of wrong-doing. Here, Huma’s emails won’t be accessible for investigative purpose without a warrant (in part because of recent prior litigation in the 2nd Circuit), whereas in the case of emails acquired via FISA, FBI can access the information — pulling it up not just by metadata but by content — with no warrant at all.

[Update: Orin Kerr shares my concerns on this point — with the added benefit that he discusses all the recent legal precedents that may prohibit accessing these emails.]

This is a good example of the cost of such investigations. Because the FBI can and does sweep so widely in searches of electronic communications, evidence from one set of data collection can be used to taint others unrelated to the crime under investigation.

All the people writing scathing emails about Comey’s behavior in this particular matter would like you to believe that this issue doesn’t reflect on larger issues at DOJ. They would like you to believe that DOJ was all pure and good and FBI was well-controlled except for this particular investigation. But that’s simply not the case, and some of these issues go well beyond Comey.

Update: Minor changes were made to this post after it was initially posted.

In Spying, “Things like phone numbers or emails” Turn Out to Be Far More

/2 Comments/in /by

According to Reuters, the Intelligence Community doesn’t intend to share any details of the Yahoo scan revealed several weeks back with anyone outside of the FISA oversight committees — the House and Senate Intelligence and Judiciary Committees.

Executive branch officials spoke to staff for members of the Senate and House of Representatives committees overseeing intelligence operations and the judiciary, according to people briefed on the events, which followed Reuters’ disclosure of the massive search.

But attempts by other members of Congress and civil society groups to learn more about the Yahoo order are unlikely to meet with success anytime soon, because its details remain a sensitive national security matter, U.S. officials told Reuters. Release of any declassified version of the order is unlikely in the foreseeable future, the officials said.

On its face, it’s a stupid stance, as I think the scan probably fits within existing legal precedents that have already been made public, even if it stretches those precedents from “packet content as content” to “email content as content” (and it may not even do that).

In addition, given that the scan was approved by a judge (albeit one working within the secret FISA court and relying on prior decisions that were issued in secrecy), by releasing more details about the scan the government could at least claim that a judge had determined the scan was necessary and proportionate to obtain details about the (as described to NYT) state-sponsored terrorist group targeted by the scan. This decision presumably relies on a long line of decisions finding warrantless surveillance justified by special needs precedents, which began to be laid out for FISC in In Re Sealed Case in 2002.

Nevertheless, even given the toll the government’s secrecy is having on Yahoo (and presumably on other providers’ willingness to cooperate with the IC), the government thus far has remained intransigent in its secrecy.

Which suggests that the IC believes it would risk more by releasing more data than by its continued, damaging silence.

I’ve already explained one of the risks they might face: that their quick anonymous description of this as a “state-sponsored terrorist group” might (this is admittedly a wildarsed guess) really mean they hacked all of Yahoo’s users to get to Iranian targets, something that wouldn’t have the same scare power as terrorists like ISIS, especially in Europe, which has a markedly different relationship with Iran than the US has.

But I also think ODNI risks losing credibility because it appears to conflict with what ODNI specifically and other spook officials generally have said in the past, both to the US public and to the international community. As I note here, the definition of “facility” has been evolving at FISC since at least 2004. But the privacy community just released a letter and a quote to Reuters that seems unaware of the change. The letter asserts,

According to reports, the order was issued under Title I of FISA, which requires the government to demonstrate probable cause that its target is a foreign power or an agent of a foreign power (such as a spy or a terrorist), and probable cause that the “facility” at which the surveillance is conducted will carry the target’s communications. If reports are true, this authority to conduct a particularized search has apparently been secretly construed to authorize a mass scan.

Traditional FISA orders haven’t been limited to particularized targets since 2007, when an order targeting Al Qaeda was used to temporarily give Stellar Wind legal sanction. If one order requiring a scan of traffic at  telecom switches could target Al Qaeda in 2007, then surely one order can target Iran’s Revolutionary Guard or a similar organization in 2016. The problem is in the execution of the order, requiring Yahoo to scan all its incoming email, but it’s not clear the legal issues are much worse than in the 2007 execution.

A Reuters source goes even further, suggesting that all of Yahoo is the facility, rather than the specific code tied to the targeted group.

The groups say that Title I of the Foreign Intelligence Surveillance Act, under which sources said the order was issued, requires a finding that the target of such a wiretap is probably an agent of a foreign power and that the facility to be tapped is probably going to be used for a transmission. An entire service, such as Yahoo, has never publicly been considered to be a “facility” in such a case: instead, the word usually refers to a phone number or an email account.

Never mind that under the phone dragnet, Verizon was counted as the targeted selector (which was used by terrorists and everyone else), though admittedly that was just for metadata. Had Yahoo been designed the “place” at which a physical search were conducted this usage might be correct (that said, we know very little about how physical searches, including for stored communication, work in practice), but as Semiannual reports have made clear (admittedly in the Section 702 context), facility has come to be synonymous with selector.

[T]argeting is effectuated by tasking communication facilities (also referred to as “selectors”), including but not limited to telephone numbers and electronic communications accounts, to Section 702 electronic communication service providers.

Facilities are selectors, and here FBI got a selector tied to a kind of usage of email — perhaps an encryption signature — approved as a selector/facility.

In spite of the fact that somewhere among 30 NGOs someone should have been able to make this argument (and ACLU’s litigation side surely could do so), there is good reason for them to believe this.

That’s because the IC has very deliberately avoided talking about how what are called “about” scans but really should be termed signature scans really work.

This is most striking in a March 19, 2014 Privacy and Civil Liberties Oversight Board hearing, which was one of the most extensive discussions of how Section 702 work. Shortly after this hearing, I contacted PCLOB to ask whether they were being fully briefed, including on the non-counterterrorism uses of 702, such as cyber, which use (or used) upstream selectors in a  different way.

Several different times in the hearing, IC witnesses described selectors as “selectors such as telephone numbers or email addresses” or “like telephone numbers or email addresses,” obscuring the full extent of what might be included (Snowden tweeted a list that I included here). Bob Litt did so while insisting that Section 702 (he was referring both to PRISM and upstream here) was not a bulk collection program:

I want to make a couple of important overview points about Section 702. First, there is either a misconception or a mischaracterization commonly repeated that Section 702 is a form of bulk collection. It is not bulk collection. It is targeted collection based on selectors such as telephone numbers or email addresses where there’s reason to believe that the selector is relevant to a foreign intelligence purpose.

I just want to repeat that Section 702 is not a bulk collection program.

Then-Deputy Assistant Attorney General Brad Weigmann said selectors were “really phone numbers, email addresses, things like that” when he defined selector.

A selector would typically be an email account or a phone number that you are targeting. So this is the, you get, you know, terrorists at Google.com, you know, whatever. That’s the address that you have information about that if you have reason to believe that that person is a terrorist and you would like to collect foreign intelligence information, I might be focusing on that person’s account.

[snip]

So that’s when we say selector it’s really an arcane term that people wouldn’t understand, but it’s really phone numbers, email addresses, things like that.

And when then-NSA General Counsel Raj De moved from describing Section 702 generally (“selectors are things like”), to discussing upstream, he mistakenly said collection was based on “particularly phone numbers or emails” then immediately corrected himself to say, “things like phone numbers or emails.”

So there’s two types of collection under Section 702. Both are targeted, as Bob was saying, which means they are both selector-based, and I’ll get into some more detail about what that means. Selectors are things like phone numbers and email addresses.

[snip]

It is also however selector-based, i.e. based on particular phone numbers or emails, things like phone numbers or emails. This is collection to, from, or about selectors, the same selectors that are used in PRISM selection. This is not collection based on key words, for example.

 

That language would — and apparently did — create the false impression that about collection really did just use emails and phone numbers (which is why I called PCLOB, because I knew they were or had also targeted cyber signatures).

Here’s how all that evasiveness appeared in the PCLOB 702 report:

Although we cannot discuss the details in an unclassified public report, the moniker “about” collection describes a number of distinct scenarios, which the government has in the past characterized as different “categories” of “about” collection. These categories are not predetermined limits that confine what the government acquires; rather, they are merely ways of describing the different forms of communications that are neither to nor from a tasked selector but nevertheless are collected because they contain the selector somewhere within them.

That certainly goes beyond the linguistic game the IC witnesses were playing, but stops well short of explaining that this really isn’t all about emails and phone numbers.

Plus, there’s one exchange from that March 2014 hearing that might be taken to rule out about collection from a PRISM provider. In reply to specific prodding from Elisabeth Collins Cook, De said about collection cannot be made via PRISM.

MS. COLLINS COOK: I wanted to ask one additional question about abouts. Can you do about collection through PRISM?

MR. DE: No.

MS. COLLINS COOK: So it is limited to upstream collection?

MR. DE: Correct. PRISM is only collection to or from selectors.

Of course, De was referring to warrantless collection under Section 702. He wasn’t talking at all about what is possible under Title I. But it may have left the impression that one couldn’t order a PRISM provider to do an about scan, even though in 2007 FISA ordered telecoms to do about scans.

Ultimately, though, the IC is likely remaining mum about these details because revealing it would make clear what publicly released opinions do, but not in real detail: that these about scans have gotten far beyond a collection of content based off a scan of readily available metadata. These scans likely replicate the problem identified in 2004, in that the initial scan is not of things that count as metadata to the provider doing the scan.

The IC may have FISC approval for that argument. But they also had FISC approval for the Section 215 dragnet. And that didn’t live up to public scrutiny either.