Jacob Appelbaum

DOJ Continues Its “Multi-Subject” Investigation of WikiLeaks

As I noted some weeks ago, the judge in EPIC’s FOIA for materials on the investigation into supporters of WikiLeaks asked for an update. The government provided that update last night.

It said it still must withhold all documents responsive to EPIC’s FOIA because two investigations pertaining to WikiLeaks are ongoing: Chelsea Manning’s appeal, and the investigation into WikiLeaks proper.

There are at least two separate categories of “enforcement proceedings” relevant to defendants’ Exemption 7(A) analysis, and those two separate categories of law enforcement proceedings are progressing on different tracks. One set consists of those enforcement proceedings directly related to the military prosecution of Army Pfc. Manning, which falls within the jurisdiction of the Department of Defense (“DoD”). Since this case was originally briefed, Manning was tried and convicted by a military court, as noted above. The court-martial remains ongoing, in the appellate phase.

The second type of enforcement proceeding, generally, is the DOJ’s civilian criminal/national security investigation(s) into the unauthorized disclosure of classified information that was published on the WikiLeaks website. The investigation of the unauthorized disclosure is a multi-subject investigation and is still active and ongoing. While there have been developments in the investigation over the last year, the investigation generally remains at the investigative stage. It is this second category of enforcement proceeding that is actually more central to defendants’ Exemption 7(A) withholdings in this case.

Note, DOJ says the investigation is “multi-subject.” Further, it describes it as an “civilian criminal/national security” investigation. It’s worth noting that the sealed declaration providing more detail on the investigation comes from Mark Bradley, in DOJ’s National Security Division, not from FBI. (I take my observation that the sealed declaration is from Bradley back: the motion is inconsistent on whom the sealed declaration is from. While the table on page 4 lists Bradley, it says the declaration is from FBI. The reference to a fourth declaration from David Hardy on page 9 suggests the declaration is from him.)

I’ll have a bit more to say about this later.

Update: One more observation: the description says there are “at least two” separate categories, suggesting there may be still another investigative matter.

Between Two Ends of the WikiLeaks Investigation: Parallel Constructing the FBI’s Secret Authorities

Two pieces of news on the government’s investigation of WikIleaks came out yesterday.

At the Intercept, Glenn Greenwald reported:

  • In 2010, a “Manhunting Timeline” described efforts to get another country to prosecute what it called the “rogue” website
  • In a targeting scenario dating to July 25, 2011, the US’ Targeting and General Counsel personnel responded to a question about targeting WikiLeaks’ or Pirate Bay’s server by saying they’d have to get back to the questioner
  • In 2012, GCHQ monitored WikiLeaks — including its US readers — to demonstrate the power of its ANTICRISIS GIRL initiative

Screen Shot 2014-02-19 at 9.42.54 AM
Also yesterday, Alexa O’Brien reported (and contextualized with links back to her earlier extensive reporting):

  • The grand jury investigation of WikiLeaks started at least as early as September 23, 2010
  • On January 4, 2011 (21 days after the December 14, 201 administrative subpoena for Twitter records on Appelbaum and others), DOJ requested Jacob Appelbaum’s Gmail records
  • On April 15, 2011, DOJ requested Jacob Appelbaum’s Sonic records

Now, as O’Brien lays out in her post, at various times during the investigation of WikiLeaks, it has been called a Computer Fraud and Abuse investigation, an Espionage investigation, and a terrorism investigation.

Which raises the question why, long after DOJ had deemed the WikiLeaks case a national security case that under either the terrorism or Espionage designation would grant them authority to use tools like National Security Letters, they were still using subpoenas that were getting challenged and noticed to Appelbaum? Why, if they were conducting an investigation that afforded them all the gagged orders they might want, were they issuing subpoenas that ultimately got challenged and exposed?

Before you answer “parallel construction,” lets reconsider something I’ve been mulling since the very first Edward Snowden disclosure: the secret authority DOJ and FBI (and potentially other agencies) used to investigate not just WikiLeaks, but also WikiLeaks’ supporters.

Back in June 2011, EPIC FOIAed DOJ and FBI (but not NSA) for records relating to the government’s investigation of WikiLeaks supporters.

EPIC’s FOIA asked for information designed to expose whether innocent readers and supporters of WikiLeaks had been swept up in the investigation. It asked for:

  1. All records regarding any individuals targeted for surveillance for support for or interest in WikiLeaks;
  2. All records regarding lists of names of individuals who have demonstrated support for or interest in WikiLeaks;
  3. All records of any agency communications with Internet and social media companies including, but not limited to Facebook and Google, regarding lists of individuals who have demonstrated, through advocacy or other means, support for or interest in WikiLeaks; and
  4. All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks. [my emphasis]

In their motion for summary judgment last February, DOJ said a lot of interesting things about the records-but-not-lists they might or might not have and generally subsumed the entire request under an ongoing investigation FOIA exemption.

Most interesting, however, is in also claiming that some statute prevented them from turning these records over to EPIC, they refused to identify the statute they might have been using to investigate WikiLeaks’ supporters.

All three units at DOJ — as reflected in declarations from FBI’s David Hardy, National Security Division’s Mark Bradley, and Criminal Division’s John Cunningham – claimed the files at issue were protected by statute.

None named the statute in question. All three included some version of this statement, explaining they could only name the statute in their classified declarations.

The FBI has determined that an Exemption 3 statute applies and protects responsive information from the pending investigative files from disclosure. However, to disclose which statute or further discuss its application publicly would undermine interests protected by Exemption 7(A), as well as by the withholding statute. I have further discussed this exemption in my in camera, ex parte declaration, which is being submitted to the Court simultaneously with this declaration

In fact, it appears the only reason that Cunningham submitted a sealed declaration was to explain his Exemption 3 invocation.

And then, as if DOJ didn’t trust the Court to keep sealed declarations secret, it added this plaintive request in the motion itself.

Defendants respectfully request that the Court not identify the Exemption 3 statute(s) at issue, or reveal any of the other information provided in Defendants’ ex parte and in camera submissions.

DOJ refuses to reveal precisely what EPIC seems to be seeking: what kind of secret laws it is using to investigate innocent supporters of WikiLeaks.

Invoking a statutory exemption but refusing to identify the statute was, as far as I’ve been able to learn, unprecedented in FOIA litigation.

The case is still languishing at the DC District.

I suggested at the time that the statute in question was likely Section 215; I suspected at the time they refused to identify Section 215 because they didn’t want to reveal what Edward Snowden revealed for them four months later: that the government uses Section 215 for bulk collection.

While they may well have used Section 215 (particularly to collect records, if they did collect them, from Visa, MasterCard, and PayPal — but note FBI, not NSA, would have wielded the Section 215 orders in that case), they couldn’t have used the NSA phone dragnet to identify supporters unless they got the FISC to approve WikiLeaks as an associate of al Qaeda (update: Or got someone at NSA’s OGC to claim there were reasons to believe WikiLeaks was associated with al Qaeda). They could, however, have used Section 215 to create their own little mini WikiLeaks dragnet.

Continue reading

Alan Gross and Jacob Appelbaum

This AP story describing the backstory of USAID contractor Alan Gross’s imprisonment in Cuba is interesting in its own right. Past reporting had made it clear that Cuba had declared Gross a spy because he was setting up secure communications technology for Cuba’s Jewish community.

Gross’ company, JBDC Inc., which specializes in setting up Internet access in remote locations like Iraq and Afghanistan, had been hired by Development Associates International Inc. of Bethesda, Maryland, which had a multimillion-dollar contract with USAID to break Cuba’s information blockade by “technological outreach through phone banks, satellite Internet and cell phones.”

The AP story describes the vast array of telecom equipment Gross and some Jewish humanitarian groups he partnered with smuggled into Cuba, where some of it is explicitly prohibited:

12 iPods, 11 BlackBerry Curve smartphones, three MacBooks, six 500-gigabyte external drives, three Internet satellite phones known as BGANs, three routers, three controllers, 18 wireless access points, 13 memory sticks, three phones to make calls over the Internet, and networking switches.

And it explains what it was that finally got Gross arrested: his importation of a “discreet” SIM card that would make it impossible to track satellite phone transmissions.

On his final trip, he brought in a “discreet” SIM card — or subscriber identity module card — intended to keep satellite phone transmissions from being pinpointed within 250 miles (400 kilometers), if they were detected at all.

The type of SIM card used by Gross is not available on the open market and is distributed only to governments, according to an official at a satellite telephone company familiar with the technology and a former U.S. intelligence official who has used such a chip. The officials, who spoke on condition of anonymity because of the sensitivity of the technology, said the chips are provided most frequently to the Defense Department and the CIA, but also can be obtained by the State Department, which oversees USAID.

So Gross was arrested for trying to make sure a subset of Cuba’s population could access the Internet in privacy.

Back when Alan Gross was “convicted,” the White House officially condemned the decision, as they’ve condemned his treatment repeatedly since.

Alan Gross has been unjustly detained and deprived of his liberty and freedom for the last 14 months. Instead of releasing Mr. Gross so he can come home to his wife and family, today’s decision by Cuban authorities compounds the injustice suffered by a man helping to increase the free flow of information, to, from, and among the Cuban people.

We remain deeply concerned for Mr. Gross’ well being and that of his family and reiterate our call for his immediate release.

Gross’ case would make you think the government inherently valued secure Internet communication.

But compare their treatment of Gross with the treatment they’ve given Jacob Appelbaum, the Tor researcher who they’ve treated like a suspected terrorist.

Tor, like the communications equipment Gross was installing, makes it easier for dissidents and other members of civil society to communicate freely.

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor’s hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.

Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they’re in a foreign country, without notifying everybody nearby that they’re working with that organization.

And like Gross, Appelbaum has traveled internationally to help foster such private communications. If you follow him on Twitter, you can even see him tracking and responding to attacks on secure networks in the Middle East.

So if Administration expressions of concern about the free flow of information were sincere, you’d think they’d be celebrating Appelbaum’s efforts.

Instead, partly because of his ties to WikiLeaks, they routinely harass him. Not only have they subpoenaed his Twitter IP information and a slew of other data as part of their WikiLeaks investigation, but every time he returns to the country, they temporarily detain him. Continue reading

Gulet Mohamed’s Interrogation without Counsel: Is this the New Miranda Policy?

Gulet Mohamed, the teen held in Kuwait, allegedly beaten, and interrogated by the FBI while in custody, is finally back in the United States. But before he reunited with his family, he was subjected to one more interrogation without his lawyer.

FBI agents have detained and are interrogating Gulet Mohamed, an American teen who was detained in Kuwait for a month, without counsel at Dulles International Airport outside Washington, DC, Mohamed’s lawyer said Friday morning.

[snip]

Mohamed’s family and lawyer claim that Mohamed has asked FBI officials for counsel multiple times during previous questioning. US legal and constitutional restrictions generally require that custodial interrogations stop when a subject asks for his lawyer. That rule does not seem to have been followed in this case. Mohamed traveled to Yemen and Somalia, two hotbeds of anti-American extremism, in 2009 (to visit family and learn Arabic, his family says). But he has not been charged with a crime in any country.

Now, Baumann points out that interrogations should stop once an American asks for counsel.

Or at least that’s the way things used to be.

But as Justin Elliot reported yesterday, the Administration has changed its Miranda policy. Only, it hasn’t explained what the change entails.

The Obama administration has issued new guidance on use of the Miranda warning in interrogations of terrorism suspects, potentially chipping away at the rule that bars the government from using information in court if it was gathered before a suspect was informed of his right to remain silent and to an attorney.

But the Department of Justice is refusing to publicly release the guidance, with a spokesman describing it in an interview as an “internal document.” So we don’t know the administration’s exact interpretation of Miranda, even though it may have significantly reshaped the way terrorism interrogations are conducted.

[snip]

Asked about the administration’s current stance on Miranda, Justice Department spokesman Dean Boyd sent along this statement about the new guidance that was sent to “relevant agencies”:

As demonstrated most recently after the attempted terrorist bombings last Christmas and in Times Square last spring, law enforcement has the ability to question suspected terrorists without immediately providing Miranda warnings when the interrogation is reasonably prompted by immediate concern for the safety of the public or the agents. Because of the complexity of the threat posed by terrorist organizations and the nature of their attacks — which can include multiple accomplices and interconnected plots — we have formalized guidance that outlines the appropriate use of the well-established public safety exception to providing Miranda rights. To ensure that law enforcement is aware of the flexibility that the law gives them in these circumstances, the guidance has been distributed to relevant agencies.

So are the repeated interrogations of Mohamed without counsel a sign of what DOJ has permitted?

Mind you, today’s interrogation was probably something much more similar. As the experience of Wikileaks volunteer Jacob Appelbaum, who has been interrogated at the border on three different occasions, shows, our government maintains it can subject anyone crossing into our country to this treatment.

Yet that doesn’t explain the interrogations in Kuwait, coming after Mohamed says he was beaten.

So should we conclude the new Miranda policy allows beating and interrogations with no counsel so long as they take place in other countries?

Why Did Bradley Manning Allegedly Leak WikiLeaks Two Things before He Verified Assange’s Identity?

To return to the work I was doing yesterday, there’s something odd about the timeline of Bradley Manning’s alleged leaks to WikiLeaks: he appears to give WikiLeaks at least two things–the Rejkjavik 13 cable and the Collateral Murder video–before he verified Julian Assange’s identity.

In the chat logs, Manning explains he first started working with WikiLeaks after they released the 9/11 pager messages.

(12:46:17 PM) Adrian: how long have you helped WikiLeaks?

(12:49:09 PM) bradass87: since they released the 9/11 “pager messages”

(12:49:38 PM) bradass87: i immediately recognized that they were from an NSA database, and i felt comfortable enough to come forward

(12:50:20 PM) bradass87: so… right after thanksgiving timeframe of 2009

That would date it November 24 or 25. Interestingly, the government says Manning’s alleged activities began somewhat earlier, November 19. That may suggest they have reason to believe he may have first accessed materials he was not authorized to access on November 19.

There’s a curious break in the chat logs (where Lamo makes his first efforts to get Manning to talk about operation security, while Manning loses it), after which Manning seems to correct Lamo’s suggestion that he’s a WL volunteer. But that does lead Manning to discuss communicating directly with Assange.

(2:04:29 PM) Manning: im a source, not quite a volunteer

(2:05:38 PM) Manning: i mean, im a high profile source… and i’ve developed a relationship with assange… but i dont know much more than what he tells me, which is very little

(2:05:58 PM) Manning: it took me four months to confirm that the person i was communicating was in fact assange

(2:10:01 PM) Lamo: how’d you do that?

(2:12:45 PM) Manning: I gathered more info when i questioned him whenever he was being tailed in Sweden by State Department officials… i was trying to figure out who was following him… and why… and he was telling me stories of other times he’s been followed… and they matched up with the ones he’s said publicly

(2:14:28 PM) Lamo: did that bear out? the surveillance?

(2:14:46 PM) Manning: based on the description he gave me, I assessed it was the Northern Europe Diplomatic Security Team… trying to figure out how he got the Reykjavik cable…

(2:15:57 PM) Manning: they also caught wind that he had a video… of the Gharani airstrike in afghanistan, which he has, but hasn’t decrypted yet… the production team was actually working on the Baghdad strike though, which was never really encrypted

As I suggested yesterday, that would mean that Manning had not verified Assange’s identity until roughly March 24. That would coincide exactly with the Wikileak Twitter account’s discussion of US and Icelandic surveillance. Of potential note, on March 23, WL said, “We know our possession of the decrypted airstrike video is now being discussed at the highest levels of US command,” which might be information Manning had access to. While not definitive, all of that suggests the public discussion was one way Manning verified “that the person i was communicating was in fact assange.”

But there were at least two things Manning had already allegedly leaked to WikiLeaks: the Collateral Murder video and the Rejkjavik 13 cable. A possible third which I will not deal with here is the intelligence report naming WikiLeaks as a threat to the military, which was released March 18, 2010, but which is not definitely attributable even hypothetically to Manning.

Collateral Murder Timing

WL first reported getting what appear to be the Collateral Murder and Gharani videos on January 8, 2010.

Have encrypted videos of US bomb strikes on civilians http://bit.ly/wlafghan2 we need super computer time http://ljsf.org/

On February 20, it claimed to have cracked the encryption code of what appears to be the Collateral Murder video.

Finally cracked the encryption to US military video in which journalists, among others, are shot. Thanks to all who donated $/CPUs.

For his part, Manning describes just stumbling upon the Collateral Murder video, did some research into what it was, then stewed on it for a month and a half before forwarding to WL.

(03:07:53 PM) Manning: i watched that video cold, for instance

(03:10:32 PM) Manning: at first glance… it was just a bunch of guys getting shot up by a helicopter… no big deal… about two dozen more where that came from right… but something struck me as odd with the van thing… and also the fact it was being stored in a JAG officer’s directory… so i looked into it… eventually tracked down the date, and then the exact GPS co-ord… and i was like… ok, so thats what happened… cool… then i went to the regular internet… and it was still on my mind… so i typed into goog… the date, and the location… and then i see this http://www.nytimes.com/2007/07/13/world/middleeast/13iraq.html

(03:11:07 PM) Manning: i kept that in my mind for weeks… probably a month and a half… before i forwarded it to [WikiLeaks]

He dates uploading the video sometime in February.

(02:47:07 PM) Manning: the CM video came from a server in our domain! and not a single person noticed

(02:47:21 PM) Lamo: CM?

(02:48:17 PM) Manning: Apache Weapons Team video of 12 JUL 07 airstrike on Reuters Journos… some sketchy but fairly normal street-folk… and civilians

(02:48:52 PM) Lamo: How long between the leak and the publication?

(02:49:18 PM) Manning: some time in february

(02:49:25 PM) Manning: it was uploaded

(02:50:04 PM) Lamo: uploaded where? how would i transmit something if i had similarly damning data

(02:51:49 PM) Manning: uhm… preferably openssl the file with aes-256… then use sftp at prearranged drop ip addresses

(02:52:08 PM) Manning: keeping the key separate… and uploading via a different means

(02:52:31 PM) Lamo: so i myself would be SOL w/o a way to prearrange

(02:54:33 PM) Manning: not necessarily… the HTTPS submission should suffice legally… though i’d use tor on top of it…

Now, those are seemingly contradictory sets of dates: WL boasts it has Gharani, at least, in January, though the February reference to decrypting it seems to mean Collateral Murder was included in the January announcement. But note that if Manning had first accessed the Collateral Murder video on November 19, a month and a half might put it close to the New Year.

In any case, however, both WL and Manning seem to agree the video was in hand by February, a month before (assuming Manning’s description of the verification process is accurate) Manning verified Assange’s identity. Continue reading

Emptywheel Twitterverse
JimWhiteGNV RT @texasinafrica: This whole situation is so infuriating. Politics trump public health, fear wins out over science & reason.
34mreplyretweetfavorite
bmaz So, today @ESPN has had on air Frank Caliendo and Jon Gruden. Two of the worst people in human history at their jobs. Why is that so @ESPN?
36mreplyretweetfavorite
bmaz The Decline and Fall of the Bo Merlot Empire https://t.co/cJVxsDV434 … A major college football program that is toast, pasta its prime
59mreplyretweetfavorite
bmaz So @emptywheel says Pack gonna eat it in NOLA. I say RELAX...Aaron Rodgers has this. So, what sayeth professional sports reporter @erinscafe
1hreplyretweetfavorite
bmaz Uh Texas Dead Raider people, TCU has scored 82 POINTS on you. In a football game. Maybe you should send people on the field for defense?
2hreplyretweetfavorite
JimWhiteGNV Awesome! We got a table in the van tonight @satchelspizza http://t.co/9uYlcVKkL9
3hreplyretweetfavorite
JimWhiteGNV Hanging out in the gift shop @satchelspizza waiting for a table. Is it time for some enlightenment on a spring? http://t.co/m7wSZoVA0W
3hreplyretweetfavorite
emptywheel @B_D_Silver Stickum failure ends it.
4hreplyretweetfavorite
JimWhiteGNV Dak Prescott is a beast.
4hreplyretweetfavorite
JimWhiteGNV RT @DokteCoffee: To clarify.Ebola: No symptoms, no risk. Few symptoms, only a little risk. Very sick, oh-so-infectious. Risk, then, is to h…
4hreplyretweetfavorite
JimWhiteGNV RT @texasinafrica: Appalling behavior by New Jersey officials. Way to disincentivize health workers traveling to fight Ebola. http://t.co/c
4hreplyretweetfavorite
JimWhiteGNV @cherylrofer Yeah, but that's where the bad quarantines are, too.
4hreplyretweetfavorite
October 2014
S M T W T F S
« Sep    
 1234
567891011
12131415161718
19202122232425
262728293031