The Government Prepares to Argue that Transmitting Information *To* WikiLeaks Makes the Vault 7 Leak Different

In a long motion in limine yesterday, the government suggested that if Joshua Schulte had just been given a “prestigious desk with a window,” he might not have leaked all of CIA’s hacking tools in retaliation and caused what the government calls “catastrophic” damage to national security.

Schulte grew angrier at what he perceived was his management’s indifference to his claim that Employee-1 had threatened him. Schulte also began to complain about what, according to him, amounted to favoritism toward Employee-1, claiming, for example, that while the investigation was ongoing, Schulte was moved to an “intern desk,” while Employee-1 had been moved to a “prestigious desk with a window.”


The Leaks are the largest illegal disclosure of CIA information in the agency’s history and, as noted above, caused catastrophic damage to national security.

Along the way, the motion provides the most detailed description to date about how the government believes Schulte stole the Vault 7 files from CIA. It portrays him as an arrogant racist at the beginning of this process, and describes how he got increasingly belligerent with this colleagues at CIA leading up to his alleged theft of the CIA’s hacking files, leading his supervisors to recognize the threat he might pose, only to bollox up their efforts to restrict his access to CIA’s servers.

The motion, along with several other submitted yesterday, suggests that the government would like to argue that leaking to WikiLeaks heightens the damage that might be expected to the United States.

Along with laying out that it intends to argue that the CIA charges (stealing the files and leaking them to WikiLeaks) are intertwined with the MCC charges (conducting “information war” against the government from a jail cell in the Metropolitan Correction Center; I explained why the government wants to do so here), the government makes the case that cybersecurity expert Paul Rosenzweig should testify as a witness about WikiLeaks.

Rosenzweig will testify about (i) WikiLeaks’s history, technical and organizational structure, goals, and objectives; (ii) in general terms, prior leaks through WikiLeaks, in order to explain WikiLeaks’s typical practices with regard to receiving leaked classified information, its practices or lack thereof regarding the review and redaction of sensitive information contained in classified leaks, and certain well-publicized harms to the United States that have occurred as a result of disclosures by WikiLeaks; and (iii) certain public statements by WikiLeaks regarding the Classified Information at issue in this case.

Rosenzweig’s testimony would come in addition to that of classification experts (probably for both sides) and forensic experts (again, for both sides; Steve Bellovin is Schulte’s expert).

The expert witnesses were allowed to testify as to the background of the organization Wikileaks; how the U.S. Government uses certain markings and designations to identify information that requires special protection in the interests of national security; the meaning of certain computer commands and what they would do; how various computers, servers, and networks work; how data is stored and transferred by various computer programs and commands; and the examination of data that is stored on computers and other electronics.

The only motion in limine Schulte submitted yesterday objected to Rosenzweig’s testimony. Schulte argues that the government’s expert notice neither provides sufficient explanation about Rosenzweig’s intended testimony nor proves he’s an expert on WikiLeaks. More interesting is Schulte’s  argument that Rosenzweig’s testimony would be prejudicial. It insinuates that Rosenzweig’s testimony would serve to substitute for a lack of proof about how Schulte sent the CIA files to WikiLeaks (Schulte is alleged to have used Tor and Tails to transmit the files, which would leave no forensic trace).

In Mr. Schulte’s case, the government has no reliable evidence of how much information was taken from the CIA, how it was taken, or when it was provided to WikiLeaks. The government cannot overcome a lack of relevant evidence by introducing evidence from other cases about how much information was leaked or how information was leaked in unrelated contexts. The practices of WikiLeaks in other contexts and any testimony about alleged damage from other entirely unrelated leaks is completely irrelevant.

Schulte’s claimed lack of evidence regarding transfer notwithstanding, that’s not how the government says they want to use Rosenzweig’s testimony. They say they want to use his testimony to help prove that Schulte intended to injure the US.

The Government is entitled to argue that Schulte intended to harm the United States, by transmitting the stolen information to WikiLeaks, because he knew or had reason to know what WikiLeaks would do with the information. The fact that WikiLeaks’ prior conduct has harmed the United States and has been widely publicized is powerful evidence that Schulte intended or had reason to believe that “injury [to] the United States” was the likely result of his actions—particularly given that the Government will introduce evidence that demonstrates Schulte’s knowledge of earlier WikiLeaks disclosures, including his own statements.

It does so by invoking WikiLeaks’ past leaks and the damage those leaks have done.

Accordingly, proof that it was foreseeable to Schulte that disclosure of classified information to WikiLeaks could cause “injury [to] the United States” is a critical element in this case. Indeed, the Senate Select Committee on Intelligence has explicitly stated “that WikiLeaks and its senior leadership resemble a non-state hostile intelligence service.” S. Rep. 115-151 p. 10. In order to evaluate evidence related to this topic, the jury will need to understand what WikiLeaks is, how it operates, and the fact that WikiLeaks’ previous disclosures have caused injury to the United States. The Government is entitled to argue that Schulte intended to harm the United States, by transmitting the stolen information to WikiLeaks, because he knew or had reason to know what WikiLeaks would do with the information.

Notably, the government motion invokes the Senate’s recognition that WikiLeaks resembles “a non-state hostile intelligence service.” That may well backfire in spectacular fashion. That statement didn’t come until over a year after Schulte is alleged to have stolen the files. And the statement was a follow-up to Mike Pompeo’s similar claim, which was a direct response to Schulte’s leak. If I were Schulte, I’d be preparing a subpoena to call Pompeo to testify about why, after the date when Schulte allegedly stole the CIA files, on July 24, 2016, he was still hailing the purported value of WikiLeaks’ releases.

The thing is, showing that the specific nature of the intended recipient of a leak is an element of the offense has never been required in Espionage leak cases before. Indeed, the government’s proposed jury instructions are based off the instruction in the Jeffrey Sterling case. While the government flirted with naming James Risen an unindicted co-conspirator in that case, they did not make any case that leaking to Risen posed unique harm.

Moreover, even before getting into Schulte’s statements about WikiLeaks (most of which have not yet been made public, as far as I’m aware), by arguing the CIA and MCC charges together, the government will have significant evidence not just about Schulte’s understanding of WikiLeaks, but his belief and that they would lie to harm the US. The government also has evidence that Schulte knew that WikiLeaks’ pretense to minimizing harm with the Vault 7 files was false, and that instead WikiLeaks did selective harm in its releases, though it doesn’t want to introduce that evidence at trial.

In other words, this seems unnecessary, superfluous to what the government has done in past Espionage cases, and a dangerous precedent (particularly given the way the government suggested that leaking to The Intercept was especially suspect in the Terry Albury and Reality Winner cases).

That’s effectively what Schulte argues: that the government is trying to argue that leaking to WikiLeaks is particularly harmful, and that if such testimony goes in, it would be forced to call its own witnesses to testify about how past WikiLeaks releases have shown government malfeasance.

This testimony could also suggest that the mere fact that information was released by WikiLeaks necessarily means that it was intended to—and did—cause harm to the United States. These are not valid evidentiary objectives. Instead, this type of testimony would create confusion and force a trial within a trial on the morality of WikiLeaks and the extent of damage caused by prior leaks. If the government is allowed to introduce this evidence, the defense will necessarily have to respond with testimony about how WikiLeaks is a non-profit news organization, that it has previously released information from government whistle-blowers that was vital to the public understanding of government malfeasance, and that any assertion of damages in the press is not reliable evidence.

The government, in a show of reasonableness, anticipates Schulte’s argument about the prejudice this will cause by stating that it will limit its discussion of prior WikiLeaks releases to a select few.

The Government recognizes the need to avoid undue prejudice, and will therefore limit Mr. Rosenzweig’s testimony to prior WikiLeaks leaks that have a direct relationship with particular aspects of the conduct relevant to this case, for example by linking specific harms caused by WikiLeaks in the past to Schulte’s own statements of his intent to cause similar harms to the United States or conduct. Those leaks include (i) the 2010 disclosure of documents provided to WikiLeaks illegally by Chelsea Manning; (ii) the 2010 disclosure of U.S. diplomatic cables; (iii) the 2012 disclosure of files stolen from the intelligence firm Stratfor; and (iv) the 2016 disclosure of emails stolen from a server operated by the Democratic National Committee.

The selected cases are notable, as all of them (with Manning’s leaks seemingly listed twice) involve cases the government either certainly (with the EDVA grand jury seeking Manning and Jeremy Hammond’s testimony) or likely (with ongoing investigations into Roger Stone) currently has ongoing investigations into.

As a reminder: absent an unforeseen delay, this trial will start January 13, 2020 and presumably finish in the weeks leading up to the beginning of Julian Assange’s formal extradition process on February 25. The government has maintained it can add charges up until that point, and US prosecutors told British courts it won’t provide the evidence against Assange until two months before the hearing (so around Christmas).

Schulte’s trial, then, appears to be the opening act for that extradition, an opening act that will undermine the claims WikiLeaks supporters have been making about the journalistic integrity of the organization in an attempt to block Assange’s extradition. Rosenzweig’s testimony seems designed, in part, to heighten that effect.

Which may be why this instruction appears among the government’s proposed instructions.

Some of the people who may have been involved in the events leading to this trial are not on trial. This does not matter. There is no requirement that everyone involved in a crime be charged and prosecuted, or tried together, in the same proceeding.

You may not draw any inference, favorable or unfavorable, towards the Government or the defendant from the fact that certain persons, other than the defendant, were not named as defendants in the Indictment. Do not speculate as to the reasons why other persons were not named. Those matters are wholly outside your concern and have no bearing on your function as jurors.

Whether a person should be named as a co-conspirator, or indicted as a defendant in this case or another separate case, is a matter within the sole discretion of the United States Attorney and the Grand Jury.

As noted, a number of different WikiLeaks supporters have admitted to me that they’re grateful Assange has not (yet) been charged in conjunction with the Vault 7 case, because even before you get to his attempt to extort a pardon with the files, there’s little journalistic justification for what it did, and even more reason to criticize WikiLeaks’ actions as the case against Schulte proceeded.

Yet the obscure proceedings before the EDVA grand jury suggests the government may be pursuing a conspiracy case that starts in 2010 and continues through the Vault 7 releases, with the same variety of Espionage and CFAA charges continuing through that period.

By arguing the CIA and MCC charges in tandem, the government can pretty compellingly make the case that WikiLeaks’ activities went well beyond journalism in this case. But it seems to want to use Rosenzweig’s testimony to make the case more broadly.

19 replies
  1. Troutwaxer says:

    This sounds a lot like “pounding the table” to me – “oh he’s a racist and oh that bad Wikileaks, and that bad man got jealous at work!” Do they actually have good evidence that Schulte did the deed? And if he was being harassed at work, can they prove that he’s the one who actually created whatever evidence they do have?

    • emptywheel says:

      The case against him is overwhelming. The reason the racism is relevant is bc the fight he got into that led up to this was with a colleague of color, and Schulte made some false claims about how race played into it.

      • Troutwaxer says:

        Thanks for cluing me in. This is not something I have been following carefully, so I appreciate the information.

  2. sproggit says:

    Apologies in advance if this is a silly question…

    In the article, there is a statement which reads, “The motion, along with several other submitted yesterday, suggests that the government would like to argue that leaking to WikiLeaks heightens the damage that might be expected to the United States.”

    I’m interested in the fact that this statement clearly expresses that this is about “probable harm” and not “actual harm”.

    Let’s get something out of the way first. I take no position on the merits of the case, but if there is a law that makes it a crime to use a computer in a way that does not come with approval, then it is possible that Schulte has a case to answer.

    But I’m interested in “probably harm”. We’ve heard this before: at least twice – with respect to both Edward Snowden and Chealsea Manning. In both instances arguments were put forward that the actions of the individuals, “put Americans lives at risk”, with the inference being that somehow the fact that there was risk to life and limb involved somehow made the actions of Snowden and Manning all the more abhorrent.

    But given that this is a case that the government is prosecuting, doesn’t that give them the burden to prove their case beyond reasonable doubt? “Heightens the damage”? Heightens it to what degree?

    Let’s play Devil’s Advocate for a moment, shall we? We’ve recently seen the administration make rapid-fire decisions with respect to US bases in Turkey. We’ve seen extremely antagonistic comments made relating to other nations (####hole countries), that might in all likelihood put the safety of a US citizen who happened to be traveling through one of said countries at the time at “heightened risk”. So where in the great scheme of things is it possible for the government to quantify that statement?

    Failing the ability to quantify it, how can the government use that as a plank in it’s argument for the prosecution?

    Let’s fall back on a comparative argument. Suppose this was a civil case and the information leaked in the Vault 7 instance happened to be blueprints of a new product prototype. Or software designs. Or something similar. A bit like the Waymo vs Uber case, over intellectual property. In such a case, the two parties would first have to convince a jury that a crime had been committed, then provide a justification to the jury for a claim of damages. Such a claim would likely have to be quantified – for example using things like sales projections, profit margins, evidence of actual dips in revenue and so on. In a civil case – with arguably a more subjective determination applied to it, it is unlikely that a Court would accept, “Your Honor, we think they owe us $5 billion” (pick an amount of your choice) without some form of justification for the amount.

    So I’m very interested in understanding how the government are going to apply such an inherently impossible element to their case. Unless they have forensically analyzed every element of the disclosed data and traced the use of that material across all use cases and sources and looked at the harm of each, and have calculated it out, I don’t see how they can stand before a Court and make a declarative claim of harm.

    (At this point, I dare say someone is going to tell me that they don’t have to…)

    But I’d very much like to get a layperson’s understanding of how the law should be applied in a scenario like this.

    Thank you

    • John Paul Jones says:

      “Let’s get something out of the way first. I take no position on the merits of the case, but if there is a law that makes it a crime to use a computer in a way that does not come with approval, then it is possible that Schulte has a case to answer.”

      I don’t understand the function of “come with approval” in that sentence. Could you clarify please?

      • sproggit says:

        I’ll try.

        From what I understand of the case – just a layperson’s reading of the background – Schulte was a CIA employee. As part of his job, Schulte had access to the data which was subsequently released as part of the “Vault 7” leak.

        So because Schulte actually had legitimate access to the files that were leaked as part of his “day job”, the government could not argue that he “broke in” to the computer system[s] in question or that he “stole” the files. You cannot (I believe) legally steal something to which you have been given access. Therefore, and this is a narrow but crucial point that the government would need to make, they have to show that 1) the Vault 7 leaks were perpetrated by Schulte and that 2) in releasing the Vault 7 information to the general public, Schulte exceeded the access to which he was legitimately authorized.

        Its a narrow distinction, so I’m sorry if I’m not making it clear. Imagine I was a teller working in your local bank branch. If someone comes in with a check or asks to make a legitimate withdrawal, then I as a teller would be required to pay out the funds requested (account balance permitting, of course). So I would have the authority to hand over cash upon (legitimate) request. But if you came in and came to me and said, “Look, I’m hungry and I don’t have any money for food…” and I gave you $20 and said, “No problem, enjoy lunch as my treat”… then I would have exceeded the authority given to me, not because I paid out money, but because I did so without approval.

        That, I think, is the important distinction that the government will argue here.

        To be fair, they’ll be good at that part. You can be sure that Schulte’s terms and conditions of employment will spell out the restrictions that apply to him in plenty of detail. Uncle Sam got burned first with Chelsea and then with Edward – I don’t think they’ll make the same mistake again…

        • emptywheel says:

          He had his access removed. He basically broke in to restore it so he could steal it.
          He is charged with leaking stuff he both did and did not have the right to possess.
          But the larger issue is he signed a bunch of documents agreeing to treat secrets like secrets, so anything in violation of that reaches intent.

          • sproggit says:

            Thank you – that makes *all* the difference – and I am sorry I somehow missed that part… If he accessed a system to which he did not have authorization and that can be demonstrably proven to be done by Schulte, then that would on face value look to be a breach of the Computer Fraud and Abuse Act. As he was a government employee (CIA) then it is possible that there may be additional federal statutes. Lastly, the final piece of the puzzle might pivot around the Federal Government’s classification of Wikileaks. (I can’t find the reference now, but I recall hearing a government official make a claim that Wikileaks were equivalent to an “enemy combatant”, so it’s possible that someone who provides information to Wikileaks might attract additional risk as a result of the recipient of the data being an entity so classified.

            • emptywheel says:

              The latter part is what this post is about. I’m arguing that the government doesn’t establish the case, particularly not before Schulte did the leak, but that it doesn’t matter.
              But you also missed that this stuff is classified.

    • emptywheel says:

      Backing up, the way the law is written is if something is National Defense Information, then leaking it to someone who shouldn’t have it is a crime. The definition of NDI can get interesting in other cases, but not here, because he basically gave the government’s weapons away to someone with an adversarial relationship with the government. Not only can’t the US government use them anymore, but the adversary can.
      And no, they don’t actually have to quantify the damage, but one of the damages in this case is it interrupted the CIA’s efforts to spy on the Russians who had just hacked the US and probably made it clear precisely who the CIA had been spying on.

  3. Eureka says:

    (I have no idea what the screening devices don’t like about the brief comment on the post that I tried to submit — this happened to me last week: I again tried removing/adding words, this time per what I learned last time, though to no avail. It just boots me out, says “[Page] Not Found”.)

    Anyway, interesting juxtaposition with the gov’s selected case examples including the release of the DNC emails (your cautions re that gov argument duly noted), and potential defense Qs for Pompeo on the other end, later getting the top job at that.

    • bmaz says:

      I am not quite sure either. But you have no idea what we face, not just hourly, but often minute by minute. We are far from perfect, but do try.

      • Eureka says:

        Oh, I know bmaz — it is more than any of us can imagine, what you have to deal with constantly.

        Once I posted the “test” comment to un-gaslight myself things started to become clearer. (After, I was more reflexively stating proof-of-life, not making any sort of complaint.)

        Always remember that I appreciate everything each of you does, visible and behind the scenes, to keep this place fresh, hopping, and secure — Thank you!

        As a sidenote, I was going to add that once I figured out that it wasn’t “personal” personal, but was the machine vs me, the human, it still sort of hurts the feelings because of … being human. I mean, what’s worse than repeatedly failing some kind of pseudo-Turing test! Kind of like how those motion-activated sinks don’t seem to think I am alive. This (plus all the other data) doesn’t give me great confidence in the growing reliance on AI, especially as applied in legal contexts (and facial recognition, yikes).

  4. e.a.f. says:

    so I wonder who has done more damage to American security, trump or this guy? or this guy and Barr or this guy and the idiots who ran the state department. Understanding that isn’t a defense, but still I do wonder.

Comments are closed.