The FBI Went to Microsoft, not Trump Organization, for Emails Incriminating Individual-1

I’m working on a post showing how slow the investigation into Donald Trump and his associates was, contrary to the President’s squeals. That led me to realize something about this August 1 search warrant application for Michael Cohen’s Trump Organization email.

Trump Organization used Microsoft to host their email.

54. On or about July 14,2017, the Federal Bureau of Investigation sent a request, pursuant to l8 U.S.C. $ 2703(f), to Microsoft, requesting that Microsoft preserve all content for all email accounts associated with the domain “,” which included the Target Account.

55. On or about July 20,2017 and again on or about July 25,2017,in response to a grand jury subpoena, Microsoft confirmed that the Target Account was an active account associated with the domain Microsoft also provided records indicating that email accounts associated with the domain “” are being operated on a Microsoft Exchange server. According to publicly available information on Microsoft’s website, Microsoft hosts emails for clients on Microsoft Exchange servers, while allowing customers to use their own domain (as opposed to the publicly available email domains supplied by Microsoft, such as According to information supplied by Microsoft, the domain continues to operate approximately 150 active email accounts through Microsoft Exchange, meaning that data associated with still exists on Microsoft’s servers.


62. On or about June 21, 2017, the Federal Bureau of Investigation sent a request, pursuant to 18 U.S.C. $ 2703(f), to Microsoft, requesting that Microsoft preserve all content associated with the Target Account.

That means Microsoft — and not (just) Trump Organization — controlled access to these accounts.

This is something that has long been an unrecognized problem. If the government wants your email and your business or university has Microsoft or Gmail host email for them, the tech giants will get and respond to a law enforcement request, not the entity that might make privilege or First Amendment legal challenges to the subpoena. For example, the government would have gotten Xiaoxiang Xi and Ally Watkins’ Temple University email from Google, not the University, preventing both from making a First Amendment challenge to the warrant.

Microsoft sued over the sheer number of gags on such subpoenas in 2016; few people realized that they were concerned primarily about businesses like Trump Organization, not individual customers. That suit settled on October 24, 2017 after DOJ agreed to provide Microsoft more leeway to notice its customers.

But that agreement would have come too late for Michael Cohen and anyone else at Trump Organization who might have been investigated by DOJ. Since June 21, 2017, Cohen’s emails were preserved, and since July 14, 2017 — just after the June 9 meeting arranged via what appears to be Don Jr’s Trump Organization email became public — all Trump Organization emails have been preserved.

In DOJ’s opposition to Michael Cohen’s efforts to get a restraining order on the materials seized in the April 9, 2018 raid on him, there was a redacted reference suggesting that some materials may have gotten destroyed.

Mueller didn’t subpoena documents from Trump Organization directly until March 2018. So if they discovered documents via email searches direct from Microsoft that were withheld in that March subpoena — such as the emails that Cohen received on Trump Tower Moscow — it might explain this redaction.

This is the kind of thing that Trump might make a big stink about, if he ever figures it out (or if it gets Trump Organization lawyer Alan Garten in trouble for blowing off subpoenas — they were already non-responsive in response to the May HPSCI subpoena). But it’s the kind of thing that businesses and universities everywhere are exposed by.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

36 replies
  1. MattyG says:

    Interesting information. And as far a “slow” goes, is your concern that Mueller may have intentionally dragged his feet? Or the investigation was slow in the traditional sense of “wheels of justice turn slowly…’?

  2. Dave says:

    Y’all better hurry up if you wanna save your nice pretty democracy here. Termites work fast…

  3. Joeff says:

    There is a Stored Communications ACt which places some restrictions on government searches of this kind, akin to the Right to Financial Privacy Act. Maybe the GJ subpoenas fit an an exception.

    • bmaz says:

      Eh, maybe. There are also modalities that are a bit beyond the SCA. Sooner or later, we shall see I guess. But don’t think that the SCA is always everything. It is not.

    • mm201 says:

      And given virtualization technology, the emails might reside on multiple different servers at different times of the day.

        • Rayne says:

          Yes — noting this bit in application’s footnote page 22: “…The government also seeks the disclosure of the physical location or locations where the information is stored.”

          So close but not quite.

          The one flaw in all the arguments made in US v Microsoft, the subsequent EDPA and EDWI decisions counter to Second Circuit, and the CLOUD Act that followed: Big Tech not only uses virtualization to treat data as if it is located anywhere/everywhere, but its business continuity systems surely rely on data outside any one country treated in the same virtualized manner. Perhaps the data isn’t usable without tools to unencrypt and decompress it, stored elsewhere only as a failsafe, but I doubt there’s just one copy of data inside a country.

          Shorter: Nobody mentions the backups, RAIDs or other redundant copies. And unlike the Bush White House, there are surely redundancies.

        • Old Antarctic Explorer says:

          Yes. And the backups are real time and several hundred miles away. Also there are/can be tape backups that record each server’s content, say weekly, and those go to repositories like Iron Mountain. Those get discarded based on the legal requirements for each type of information. The idea that emails only reside on one server doesn’t happen in corporate or government America.

        • Rayne says:

          I don’t know if a data center the scale Microsoft (or Google, or AWS) operates relies on tape backup. That’s almost too much tape. They may be running cloud to cloud backup with a set in offsite repository. Doesn’t include real-time redundancy, and I doubt that’s several hundred miles away. The Fortune 1000 company for which I worked in IT had real-time redundancy in a second data center +1500 miles away and another overseas. We still used tape in back then but I could run an entire small manufacturing and research facility on 2TB of storage at the time. Now? Pshaw. I’d have to give each research 1TB on their laptops.

        • J R in WV says:

          I have a new laptop, with SSD of 1TB for the OS and another TB for my stuff.

          This is for home use, photos, music, browsing the innertubez, nothing scientific or engineering related at all.

          If I was still a software systems guy, I would have a couple of systems with multiple TBs of data on each one. Plus the network storage…

        • Rayne says:

          You have more storage in your laptop than I had to run an entire manufacturing plant — more than my two DEC VAX “pizza boxes” for the MRP system and the HP email server combined. I did have tape backup. What a pain in the butt.

        • bmaz says:

          Holy crap. It was not that many years ago that I paid, seriously, a small fortune to get a 512 SSD in an Apple laptop. Okay, has been a few years, but jeebus, 2 TB in a laptop??

        • P J Evans says:

          Probably not tape, now – a friend moved a tape rack from L.A. to Seattle a couple of years ago, and people didn’t recognize what it was. (It was going to a museum. And he did it while driving in a long-distance car rally.)

        • CJ says:

          Bizarrely, it’s not an entirely bad metaphor, though that’s probably accidental on his part. See, e.g., Andrew Blum’s “Tubes: A Journey to the Center of the Internet”.

  4. BobCon says:

    What’s the legal exposure of Trump Org people if there is evidence obtained via Microsoft which could help prove that Trump Org wasn’t complying with preservation orders, or didn’t turn over requested documents?

    Does Congress have the authority to bypass Trump and get access to documents from Microsoft? I’m sure Trump would add another suit to the pile, but it sounds like the courts aren’t too eager to issue injunctions when third parties are being subpoenaed.

    • emptywheel says:

      We may find that out. It’s clear that Trump Org didn’t comply with the original HPSCI subpoena relating to Michael Cohen.

      • BobCon says:

        Thanks. I assume there are state AGs with legitimate interests in some of this too, and it may be hard for MS to dodge all of them.

        • bmaz says:

          Bob, I do not know if that is true. This is a national enforcement and regulatory issue, not a state by state issue. And the more it becomes the latter, the weaker it all becomes.

        • BobCon says:

          Obviously I could be wrong, but I thought there was state and fed overlap on some of the Cohen and Trump Org issues.

          If so, I’d assume the states have legitimate reasons to demand emails and require document preservation, and bring charges if Trump Org doesn’t follow rules.

          I realize, though, that jurisdiction gets tricky and there isn’t an easy one-to-one correspondence between what the states might investigate and what the feds have been interested in.

      • timbo says:

        Clearly. ‘Where are the charges against lawyers and other individuals on that?’ is a gaping chasm of a question right now… nary a peep from Barr’s DoJ. Meanwhile, Barr is trying to investigate how the whole investigation got started… hmm.

  5. Anne says:

    I don’t get why stuff has to be declassified to serve Trump’s declared purpose. Please one of you lawyers explain for us.

    Let’s say the FBI had phone intercepts on Russians 1, 2, and 3 back in the spring of 2016 and picked up conversations with Individuals 2, 3, and 4 from Trumpworld, thereby freaking out Peter Strzok and his crew. Strzok then tried to find out what Individuals 2, 3, and 4 were up to. Barr/Trump claims this was illegal spying.

    Can’t Barr indict Strzok and his crew with all the names blacked out, in which the judge can see the details but the public (and the Russians) can’t? Bill Barr gets to see the classified information but doesn’t get to declassify it because he doesn’t need to. Doesn’t that work?

    If classified indictments work, then Trump and Barr’s goal isn’t indictment, it’s PR, sources and methods be damned.

    • P J Evans says:

      It’s all political – Tr*mp wants revenge for every slight and insult he thinks he’s gotten from anyone else. Strzok and his associates were investigated, and nothing illegal was found.

    • Ima says:

      Could it not be for another purpose? Our mole in the GRU (a pipe dream, but follow me) send word to the FBI about the ongoing attack; Strzok and crew freak out, begin the investigation. The mole, name, Joe Smole, is now declassified. “Russia, if you can hear me, our mole is named Smole,” might then say his Trumpiness. There were some defenestrations and a dramatic removal of a senior crypto-intelligence officer with a bag over his head from a meeting in Moscow, never to be seen again, to the best of my knowledge, following the publication of the Steele reports. Of course these may be dots without connections, but there sure are a lot of dots, these days.

      • Tom says:

        Not exactly a pipe dream. See report in New York Times for August 24, 2018 “Kremlin Sources go Quiet, Leaving CIA in the Dark About Putin’s Plans for Midterms”. The story refers to sources close to Putin tipping off American intelligence about “crucial details” regarding Russia’s plans to disrupt the 2016 election.

  6. Bay State Librul says:

    Why can’t Comey, McCabe, etc etc….sue the President and DOJ for libel and other assorted hanky-panky that has defamed their character.

    I don’t trust the IG for DOJ.

    The fucking DOJ in Boston is charging a judge in the Commonwealth for helping an immigrant escape.. Prosecutive discretion my arse.

    “This is about the rule of law” US Attorney Lelling barks out. “Everyone in the justice system should be held to a higher standard”

    Lelling go after your Boss Barr – “We expect judges to be fair and impartial”

    My goodness what hypocrisy

    How can we stop Barr!

  7. Emily says:

    I teach at a public college and all of my emails are public record and available to anyone under FOIA – at least, that’s what I’ve been told. Students have no reasonable expectation of privacy in their email either, due to the terms of service imposed by the college.

    • P J Evans says:

      I tended to assume that anything I sent via company e-mail was seen by someone. But they never actually said that we were watched that closely. (And a year or so before I retired, we got a new phone system that was using some version of Windows: I watched it booting, and I know it was connected to the network; they warned us not to disconnect that cable.)

Comments are closed.