June 17, 2021 / by 

 

Charlie Savage’s Obfuscations in the Service of Claiming Julian Assange Is a Journalist

Everyone is fighting for press freedoms again, and therefore lots of people are misrepresenting the facts about Julian Assange’s prosecution in purported defense of press freedom again.

These are the paragraphs with which UK Judge Vanessa Baraitser distinguished what Julian Assange is accused of from what “ordinary investigative journalists” entitled to protection in the UK or European Union do.

99. As part of his assistance to Ms. Manning, [Assange] agreed to use the rainbow tools, which he had for the purpose of cracking Microsoft password hashes, to decipher an alphanumeric code she had given him. The code was to an encrypted password hash stored on a Department of Defence computer connected to the SIPRNet. It is alleged that had they succeeded, Ms. Manning might have been able to log on to computers connected to the network under a username that did not belong to her. This is the conduct which most obviously demonstrates Mr. Assange’s complicity in Ms. Manning’s theft of the information, and separates his activity from that of the ordinary investigative journalist.

100. At the same time as these communications, it is alleged, he was encouraging others to hack into computers to obtain information. This activity does not form part of the “Manning” allegations but it took place at exactly the same time and supports the case that Mr. Assange was engaged in a wider scheme, to work with computer hackers and whistle blowers to obtain information for Wikileaks. Ms. Manning was aware of his work with these hacking groups as Mr. Assange messaged her several times about it. For example, it is alleged that, on 5 March 2010 Mr. Assange told Ms. Manning that he had received stolen banking documents from a source (Teenager); on 10 March 2010, Mr. Assange told Ms. Manning that he had given an “intel source” a “list of things we wanted” and the source had provided four months of recordings of all phones in the Parliament of the government of NATO country-1; and, on 17 March 2010, Mr. Assange told Ms. Manning that he used the unauthorised access given to him by a source, to access a government website of NATO country-1 used to track police vehicles. His agreement with Ms. Manning, to decipher the alphanumeric code she gave him, took place on 8 March 2010, in the midst of his efforts to obtain, and to recruit others to obtain, information through computer hacking.

101. Mr. Assange, it is alleged, had been engaged in recruiting others to obtain information for him for some time. For example, in August 2009 he spoke to an audience of hackers at a “Hacking at Random” conference and told them that unless they were a serving member of the US military they would have no legal liability for stealing classified information and giving it to Wikileaks. At the same conference he told the audience that there was a small vulnerability within the US Congress document distribution system stating, “this is what any one of you would find if you were actually looking”. In October 2009 also to an audience of hackers at the “Hack in the Box Security Conference” he told the audience, “I was a famous teenage hacker in Australia, and I’ve been reading generals’ emails since I was 17” and referred to the Wikileaks list of “flags” that it wanted captured. After Ms. Manning made her disclosures to him he continued to encourage people to take information. For example, in December 2013 he attended a Chaos computer club conference and told the audience to join the CIA in order to steal information stating “I’m not saying don’t join the CIA; no, go and join the CIA. Go in there, go into the ballpark and get the ball and bring it out”.

Assange is not an “ordinary investigative journalist,” according to the judge who ruled that his extradition would not violate journalistic protections, because he allegedly:

  • Tried to help Manning hack a password
  • Solicited hacks of Iceland
  • Identified a vulnerability in a US server and encouraged people to use it
  • In a speech invoking WikiLeaks’ role in helping Edward Snowden to flee to what ended up being Russia, allegedly encouraged people to join the CIA with the express intent of stealing files from it

A key point for Baraitser is this was all happening at the same time, Assange was allegedly soliciting hacks in Iceland even as he attempted to help Manning crack a password, and Manning knew about the other hacking.

Charlie Savage mentions none of this in a story explaining that Julian Assange’s extradition and prosecution, “raised the specter of prosecuting reporters.” He doesn’t even mention the second superseding indictment at all, the one that lays out (among other things) the allegation that Assange entered in a conspiracy to hack Stratfor, a hack that at least six people on both sides of the Atlantic already did time for.

But the specter of prosecuting reporters returned in 2019, when the department under Attorney General William P. Barr expanded a hacking conspiracy indictment of Julian Assange, the WikiLeaks founder, to treat his journalistic-style acts of soliciting and publishing classified information as crimes.

From there, Charlie tells a narrative that WikiLeaks has been pushing as part of Assange’s extradition defense, a claim that because DOJ Public Affairs head Matthew Miller said, in November 2013, that DOJ could not distinguish Julian Assange from what the NYT does, that means that the Obama Administration continued to face that challenge for the remaining three years of the Obama Administration, long after Miller left, and right through the time WikiLeaks played a key role in a Russian intelligence-led attack on American democracy. As Charlie presents it — citing no sources or public records, and I asked him if he was relying on any and he didn’t respond — the decision to prosecute Julian Assange arose not so much from a subsequent investigation that came to distinguish Assange’s actions from those of journalists, but instead because the Trump Administration “was undeterred” about the prospect of damaging “mainstream news outlets.”

Obama-era officials had weighed charging Mr. Assange for publishing leaked military and diplomatic files, but worried about establishing a precedent that could damage mainstream news outlets that sometimes publish government secrets, like The Times. The Trump administration, however, was undeterred by that prospect.

For now, the First Amendment issues are on hold as Mr. Assange fights extradition from Britain. Soon after the Biden administration took office, the Justice Department pressed forward with that extradition effort in British court, leaving the charges in place.

But that was before Mr. Garland was sworn in — and before the latest uproar about the escalating aggression of the Justice Department’s leak investigation tactics prompted him to focus on drafting a new approach that, he testified, will be “the most protective of journalists’ ability to do their jobs in history.”

It’s Trump’s doing, not the result of further investigation, Charlie reports, as news.

The WikiLeaks narrative that Charlie repeats unquestioningly is inconsistent with an April 2017 report — one Assange’s journalism professor expert witness claims to have been unable to find with the magic of Google — that what came to distinguish Assange from other journalists was his role in helping Edward Snowden.

The US view of WikiLeaks and Assange began to change after investigators found what they believe was proof that WikiLeaks played an active role in helping Edward Snowden, a former NSA analyst, disclose a massive cache of classified documents.

We now know, four years later, that not just DOJ but even “mainstream news outlets” considered what WikiLeaks did to help Snowden something other than journalism.

Bart Gellman’s book (which was published before the most recent superseding indictment) not only lays out how WaPo’s lawyers told Gellman that he and Laura Poitras could not safely, under the law, play the role (which is referenced in the superseding indictment against Assange that Charlie doesn’t mention) that WikiLeaks would end up playing, helping Snowden get asylum in what ended up be an adversarial nation. Gellman even cites communications he and Poitras sent to Snowden in real time explaining that taking steps to help Snowden get asylum in what might be, and as it happens turned out to be, a hostile country was not journalism.

We had lawyered up and it showed. “You were clear with me and I want to be equally clear with you,” I wrote. “There are a number of unwarranted assumptions in your email. My intentions and objectives are purely journalistic, and I will not tie them or time them to any other goal.” I was working hard and intended to publish, but “I cannot give you the bottom line you want.”

Poitras wrote to him separately.

There have been several developments since Monday (e.g., your decision to leave the country, your choice of location, possible intentions re asylum), that have come as a surprise and make [it] necessary to be clear. As B explained, our intentions and objectives are journalistic. I believe you know my interest and commitment to this subject. B’s work on the topic speaks for itself. I cannot travel to interview you in person. However, I do have questions if you are still willing to answer them. [my emphasis]

In other words, WaPo’s own lawyers made it clear that helping an intelligence source obtain asylum in another country is not journalism and might, instead, be viewed by the US government as abetting espionage.

Given Charlie’s focus on the transition from the Trump to Biden Administration, there’s something else glaringly absent from his story: the official record on the government response to WikiLeaks’ role in the 2016 election attack. Admittedly, great swaths of that discussion remain redacted (which suggests there’s stuff we may not know), but the Senate Intelligence Committee’s report the Obama Administration’s response to the 2016 Russian interference campaign discussed how part of that process involved “develop[ing] a complete understanding of WikiLeaks.”

The executive branch struggled to develop a complete understanding of WikiLeaks. Some officials viewed WikiLeaks as a legitimate news outlet, while others viewed WikiLeaks as a hostile organization acting intentionally and deliberately to undermine U.S. or allies’ interests.

In other words, in 2016 — three years after the Miller quote that WikiLeaks has trained obedient journalists to parrot unquestioningly — the government came to some new “complete” understanding of WikiLeaks. One of the most important players in this process was then White House Homeland Security Advisor, Lisa Monaco. Her interview with the committee is cited repeatedly in the unredacted passages of the report.

Admittedly, Monaco’s views on how or whether her own understanding of WikiLeaks changed as part of that process do not appear in the report. The SSCI report redacts what those Obama officials came to understand about WikiLeaks in the waning days of the Obama Administration. But, in a story presented as “news,” it seems important to consider how that process might influence Monaco’s understanding of the case against Assange, given that one of the last things she did when last in government was struggle to respond to an attack on American democracy in part because the government treated WikiLeaks as a journalistic outlet for far too long during the attack. Whatever she believes, Monaco knows far more than Matthew Miller, or us, for that matter. We might not agree with her thus far non-public understanding of WikiLeaks, but even the four year old understanding of WikiLeaks she brought to her position as Deputy Attorney General surely will have a bigger influence on DOJ’s decisions about Assange going forward than what the Public Affairs guy said eight years ago.

It’s not that I disagree that some of the charges against Assange — particularly for publishing the names of US and Coalition informants — present a dangerous precedent. They do, and those risks are important to talk about, accurately and honestly. On that note, though, it’s again worthwhile to see how Baraitser distinguishes Assange (note, the circumstances of the release of the informant names is the area where Assange presented the most evidence to challenge the government’s evidence).

The defence submits that, by disclosing Ms. Manning’s materials, Mr. Assange was acting within the parameters of responsible journalism. The difficulty with this argument is that it vests in Mr. Assange the right to make the decision to sacrifice the safety of these few individuals, knowing nothing of their circumstances or the dangers they faced, in the name of free speech. In the modern digital age, vast amounts of information can be indiscriminately disclosed to a global audience, almost instantly, by anyone with access to a computer and an internet connection. Unlike the traditional press, those who choose to use the internet to disclose sensitive information in this way are not bound by a professional code or ethical journalistic duty or practice. Those who post information on the internet have no obligation to act responsibly or to exercise judgment in their decisions. In the modern era, where “dumps” of vast amounts of data onto the internet can be carried out by almost anyone, it is difficult to see how a concept of “responsible journalism” can sensibly be applied.

[snip]

Free speech does not comprise a ‘trump card’ even where matters of serious public concern are disclosed (see Stoll above), and it does not provide an unfettered right for some, like Mr. Assange, to decide the fate of others, on the basis of their partially informed assessment of the risks.

[snip]

The New York Times published the following condemnation on 25 July 2012:

“The Times and the other news organizations agreed at the outset that we would not disclose —either in our articles or any of our online supplementary material — anything that was likely to put lives at risk or jeopardize military or antiterrorist operations. We have, for example, withheld any names of operatives in the field and informants cited in the reports. We have avoided anything that might compromise American or allied intelligence-gathering methods such as communications intercepts. We have not linked to the archives of raw material. At the request of the White House, The Times also urged WikiLeaks to withhold any harmful material from its Web site.”

This is a distinctly European decision. That’s true because in Europe, unlike the US, such protections are tied to being a journalist. Plus Baraitser argued that under EU law, Assange’s release violated privacy protections that simply don’t exist in the US. Mind you, it’s one thing to say the NYT won’t publish details that might endanger military operations and another thing to say such revelations shouldn’t be protected by the First Amendment. Even if WikiLeaks is a “hostile organization acting intentionally and deliberately to undermine U.S. or allies’ interests,” (as SSCI described), that should not, itself, surpass the First Amendment consideration.

But it underscores the point. There are First Amendment problems with the publication charges and, to a lesser extent, the other Manning-focused ones. But Assange actually wouldn’t be the first person extradited from the UK significantly for publication activities, the same thing happened to Minh Quang Pham for the few months he spent as AQAP’s graphic designer. That precedent has not only gone virtually unnoticed, but did little to harm the press freedom of others in the US. Not only are the First Amendment risks of Assange’s prosecution not tied to whether or not Assange is a journalist, but the effort to reinvent both the history of his prosecution and what he is accused of to turn him into a journalist has led a bunch of journalists and press freedom advocates to violate the principles that are supposed to distinguish journalism.


Joshua Schulte Attempts to Hack the Court System

Joshua Schulte attempted to complete a hack of the court system yesterday.

I don’t mean that Schulte used computer code to bring down the court systems. His laptop doesn’t connect to the Internet, and so he does not have those tools available. Rather, over the 3.5 years he has been in jail, he has tested the system, figured out which messages can be used to distract adversaries, and which messages have an effect that will lead the system to perform in unexpected ways. He identified vulnerabilities and opportunities — SDNY arrogance, the pandemic and related court delays, Louis DeJoy’s postal system, and even the SAMs imposed on him — and attempted to exploit them.

As a reminder, a jury hung on the most serious charges against Schulte in March 2020. Afterwards, the government moved to retry Schulte quickly, but his defense attorneys said they needed more time, in part because their expert, Steve Bellovin, was for health reasons unwilling to serve as an expert during COVID. Last November, Judge Paul Crotty scheduled a trial to start June 7, 2021, which would have been a week ago Monday. In March, Schulte’s superb attorney, Sabrina Shroff, moved to delay the trial once more, to October, still citing Bellovin’s withdrawal.

Meanwhile, starting in January, Schulte started submitting pro se filings, some filed through Shroff, and some sent directly. The government responded to a motion for habeas corpus (basically, to point out he needs to file suit against the Warden of MCC, not the prosecution), but did not respond to his motion to suppress evidence seized from the MCC jail. When Schulte filed to request direct access to Lexus Nexis, the government responded, in part, by asking Judge Crotty to force Schulte to decide whether he was representing himself, pro se, or, if not, then to solely allow Shroff and her team to make filings on his behalf.

The defendant’s request appears to be an attempt to further his pattern of engaging in inappropriate, quasi-pro se litigation. The Court should not consider the defendant’s instant letter for that reason. “A defendant has a right either to counsel or to proceed pro se, but has no right to ‘hybrid’ representation, in which he is represented by counsel from time to time, but may slip into pro se mode for selected presentations.” United States v. Rivernider, 828 F.3d 91, 108 (2d Cir. 2016). Although the Court has “discretion to hear from a represented defendant personally,” id. at 108 n.5, “the interests of justice will only rarely be served by a defendant’s supplementation of the legal services provided by his . . . counsel,” United States v. Swinton, 400 F. Supp. 805, 806 (S.D.N.Y. 1975). To the extent the defendant has any colorable claims for relief, his attorneys can present them to the Court, and the Court should reject the defendant’s attempts to “slip into pro se mode,” Rivernider, 828 F.3d at 108, whenever it suits him. See, e.g., United States v. Crumble, No. 18 Cr. 32 (ARR), 2018 WL 3112041, at *4 (E.D.N.Y. June 25, 2018) (“As Markus has not elected to represent himself, he does not have a right to make a motion on his own behalf, nor does he have a right to insist that the district court hear his applications. While I have previously exercised my discretion to entertain Markus’s pro se submissions, I will do so no longer. If Markus wishes to file any further motions, he is directed to ask his trial counsel—or appellate counsel— to adopt this motion. I trust that assigned counsel will file any motions that they do not view as frivolous on Markus’s behalf. Any pro se motions made by Markus, however, will be summarily denied.” (cleaned up)).

In any event, even if the Court considers the defendant’s submission, it is without merit. As his letter acknowledges, he has access to legal databases (a fact confirmed by the volume of his recent pro se filings), but additionally he demands special access to “filings, briefs, modern search, and the ability to print.” The defendant’s claims about the purported deficiencies of the databases to which he does in fact have access do not support such demands or establish a basis for relief. “[A]n inmate cannot establish relevant actual injury simply by establishing that his prison’s law library or legal assistance program is subpar in some theoretical sense.” Lewis v. Casey, 518 U.S. 343, 351 (1996). The defendant identifies no reason he should be afforded special access beyond that which the facility provides in the normal course, and at bottom, he is represented by counsel who have the ability to make well-researched and thoroughly prepared legal claims on his behalf.

Crotty denied Schulte’s request for Lexus Nexis, but didn’t address the pro se request.

Meanwhile, two of the three prosecutors on the team, Matthew LaRoche and Sidhardha Kamaraju, withdrew from the case, both because they’ve left government. LaRoche was involved in a prosecution that collapsed because the government committed a Brady violation, but Kamaraju was not. Kamaraju, however, probably has the most computer expertise of the original three.

Yesterday there was a remarkable status hearing. Crotty started by asking the remaining prosecutor, David Denton, when replacement prosecutors will file an appearance. Imminently, Denton said, though it sounded like he didn’t believe that.

Crotty asked whether Shroff has found an expert. Curiously, she explained that Bellovin still can’t do it, even with the waning risk of COVID, because of his schedule at Columbia University. Crotty noted that it is her responsibility to find an expert (she had said in a November status conference that it would amount to ineffective assistance not to have one).

But the real stunner came at the end, when Shroff said that Schulte wanted her to tell the court that he had told the government back in November that he was proceeding pro se. Denton responded that this was the first he had heard of such a thing, and Shroff responded that he was incorrect; Schulte had informed the government in November.

The hearing ended with a commitment to brief whether Schulte can proceed pro se.

It is almost without exception an insanely bad idea for a defendant to represent themselves, and this is probably not that exception. Still, there are advantages that Schulte would get by representing himself. He’s brilliant, and clearly has been studying the law in the 3.5 years he has been in prison (though he has made multiple errors of process and judgment in his own filings). He has repeatedly raised the Sixth Amendment problems with Special Administrative Measures, notably describing how delays in receiving his mail make it impossible for him to respond to legal developments in timely fashion. So I imagine he’d prepare a Sixth Amendment challenge to everything going forward. He’d be able to demand access to the image of the server he is alleged to have hacked himself. By proceeding pro se, Schulte could continue to post inflammatory claims to the docket for sympathetic readers to magnify, as happened with a filing he submitted earlier this year. And after the government has made clear it will reverse its disastrous strategy from the first trial of making the trial all about Schulte’s conflicts with the CIA, by questioning witnesses himself, Schulte would be able to make personality conflicts central again, even against the government’s wishes. Plus, by not replacing Bellovin, Schulte would serve as expert himself. In that role, Schulte would present the false counter story he has been telling since he was jailed, but in a way that the government couldn’t cross-examine him. So it would probably be insanely detrimental, but less so than for most defendants that try it. It certainly would provide a way to mount the defense that Schulte clearly wants to pursue.

But I think that’s just Schulte’s fall-back plan.

I think his current plan is to argue that, because anything his attorneys did in his name after he purportedly informed prosecutors he was proceeding pro se would be a legal nullity, then two things have happened since that allegedly occurred that will permit him to demand immediate release. First, if his attorneys’ agreements to exclude time from the Speedy Trial clock were not valid, then it would mean the government has run out of time to prosecute Schulte. Additionally, if a request that Shroff made in March to reschedule the trial was not valid, then the trial would have still been scheduled for last week. I suspect Schulte will try to argue that the government forgot to hold their trial and so must be released.

Mind you, there’s no evidence in the docket that Schulte informed prosecutors, much less the court, that he was proceeding pro se. There’s a filing he made in April 2020 that claimed he had no lawyers and made requests as if he was proceeding pro se, one that everyone ignored. But according to Shroff, that’s not the notice; the notice took place in November. Still, given how Schulte has carefully tested how the mail system works with SAMs and COVID, I don’t rule out him sending a letter directly to prosecutors.

The other problem with his claim to be proceeding pro se is that in a May filing, Schulte referred to the October trial (meaning, he recognizes the validity of both that request and Shroff’s exclusion of time under the Speedy Trial Act) and complained that his attorney-client mail was being opened. If he were proceeding pro se without Crotty formally appointing Shroff as standby counsel, their communications would have no privilege. So he has said two things in a pro se filing that are inconsistent with really proceeding pro se.

Certainly, Shroff has said things — in multiple venues — that indicate she believed she remained Schulte’s lawyer.

Given that Schulte claims everything his legal team has done since November was done without his sanction, though, the government would seem to have cause to ask Crotty to assign entirely different lawyers to serve as Schulte’s stand-by counsel, if indeed he does proceed pro se going forward. Which would make his plan for the actual trial, if it ever happens, untenable.

To be sure, I’m not saying this is going to work. But the government — what’s left of the prosecution team, anyway — had better understand that Schulte has been treating the court system with the same adversarial approach as he allegedly did the CIA’s servers. Schulte is claiming to have entered a command into his prosecution back in November that hacked the system, effectively changed the effect of everything that has happened since. Just trusting that such a possibility cannot happen under the legal system is probably a bad idea given where the CIA’s trust that Schulte wouldn’t hack the system turned out.


April 12, 2020: Schulte claims he has no attorneys, claims only a few months remain on Speedy Trial

May 31, 2020: Shroff asks for a week extension to respond to government scheduling motion

June 8, 2020: Schroff requests a status conference for August or September 2020, acting as if Schulte’s request did not exist

June 15, 2020: Shroff initiates White Plains grand jury challenge

June 19, 2020: SDNY extends Speedy Trial to July 1, 2020

July 16, 2020: Shroff informs Judge Crotty Schulte will not reply to Rule 29 motion

July 27, 2020: Shroff asks for extension on grand jury challenge

July 28, 2020: Shroff asks for ESXi server (basically a repeat of Schulte’s April request)

July 30, 2020: Shroff asks for two week delay on status hearing citing (in part) Steve Bellovin’s withdrawal

August 14, 2020: Shroff asks for two week extension on reply to request for ESXi server

September 15, 2020: Shroff reply on ESXi laptop

September 16, 2020: SDNY proposes schedule, with January 2021 trial date

September 21, 2020: SDNY responds to Bellovin submission of ex parte declaration

October 14, 2020: SDNY asks for 30 day exclusion

October 30, 2020: Shroff requests Schulte appear remotely

November 4, 2020: Status conference, trial set for June 7, 2021, with time excluded; Shroff maintains it would be ineffective counsel to go to trial without expert

THE COURT: Are you entitled to an expert?

MS. SHROFF: In a case like this, yes. I’m quite certain I’m entitled to an expert. I think it would be clear error and ineffective assistance of counsel to try this case without an expert, without a doubt.

November 16, 2020: Shroff-submitted motion to dismiss on White Plains grand jury

November 19, 2020: Shroff submits request for VTC meeting with Schulte’s family

January 1, 2021: Schulte motion to suppress MCC evidence (docketed February 24)

January 7, 2021: Shroff requests 2 week extension on White Plains grand jury reply

January 19, 2021: Shroff files Schulte pro se motion for writ of habeas corpus regarding SAMs, dated December 25, 2020

January 22, 2021: Shroff requests two week extension on January 21 deadline for reply on White Plains grand jury reply

January 22, 2021: Shroff requests funds for new laptop for Schulte

January 27, 2021: Civil Division AUSA asks Crotty to dismiss motion for writ so it can be refiled naming Warden as defendant

February 22, 2021: Shroff submits reply on White Plains grand jury challenge

February 24, 2021: Schulte files motion to reconsider decision on habeas (docketed March 4)

March 19, 2021: Schulte calls on Crotty to decide his motion to suppress on the merits, given government non-response (docketed April 5)

March 22, 2021: Shroff moves, with consent of Schulte, to reschedule trial to last quarter of 2021

March 24, 2021: Crotty denies motion to dismiss; Crotty reschedules trial for October 25, excludes time

April 12, 2021: Schulte asks for Lexus Nexis (docketed April 29)

May 5, 2021: Schulte complains about mail delays (docketed May 19); among other things it reflects an October trial date and references attorney-client mail

May 7, 2021: Matthew LaRoche withdraws

May 11, 2021: SDNY submits opposition to Lexus Nexis request, including request for order that Schulte not submit pro se

June 3, 2021: Sidhardha Kamaraju withdraws

June 7, 2021: Date of trial scheduled in November 2020

June 15, 2021: Status hearing at which Schulte claims to have been representing himself pro se since November


The Delayed Trespassing Charges against Savanah McDonald and Nolan Kidd

Two MAGA tourists from Georgia, Savanah McDonald and Nolan Kidd, were arrested last Friday on charges of trespassing into the Capitol on January 6. They were two of the last remaining people captured in a photo of Jacob Chansley to be arrested.

There’s a detail of interest that may have some bearing on other cases.

People called in tips to the FBI on the two just days after the assault. On January 11, someone sent a screen cap of Kidd’s Facebook account full of pictures from inside the Capitol. Three days later someone sent a picture of McDonald in.

The FBI interviewed both shortly after receiving the tips. They told a story that many other insurrectionists have told since: they were let in.

On January 14, 2021, FBI agents interviewed MCDONALD in Elberton, Georgia. MCDONALD agreed to speak to the agents. When MCDONALD was shown the below picture, MCDONALD confirmed that the person circled was her.

MCDONALD stated that she and KIDD marched to the U.S. Capitol, and when they reached the U.S. Capitol, there were uniformed police officers near the doors telling them to come inside and showing them where to go.

On January 15, 2021, FBI agents separately interviewed KIDD in Athens, Georgia. KIDD agreed to speak to the agents. KIDD told the agents that the doors to the U.S. Capitol were wide open.

Nothing apparently happened for a while, until, on March 8, the FBI Agent on the case viewed video from the Northwest stairs leading to the door through which the two entered showing cops first attempting to rebuff an assault with tear gas, followed by the breach of the perimeter. She found that four minutes after that breach, in the wake of the tear gas, McDonald and Kidd rushed up the stairs.

The FBI agent explained that McDonald and Kidd entered via a door slightly to the side of the one that Dominic Pezzola first broke through, just 14 seconds after it was opened, “by unauthorized individuals” she doesn’t name.

MCDONALD and KIDD entered the U.S. Capitol through a Senate Fire Door approximately 14 seconds after it was breached from the inside by unauthorized individuals. The Senate Fire Door is marked in the above photo by an arrow.

That same day, she got search warrants for Kidd’s Facebook account and McDonald’s SnapChat, the former of which — in addition to admitting that he had removed his pictures to avoid arrest — showed McDonald and Kidd posing in front of a line of cops at the site of the Chansley confrontation, the latter of which depicted McDonald bragging about making it to the Senate.

The claim that that Northwest door was not strongly defended is true. It’s a claim that many defendants have made. But what seems to have happened here is that the FBI held off on applying for a probable cause warrant until they could show that before they walked in an unattended door, McDonald and Kidd were right in the middle of a crowd where cops were taking explicit measures to hold back the crowd.

This is not the first time we’ve seen something like this. When Brady Knowlton was arrested after they discovered him entering the building with Patrick Montgomery, his lawyers immediate demanded exculpatory evidence showing them walking right in this door. [Note,  this is believed to be a different door–the West central door; thanks to “Sansa Stark” for clarifying.]

Then the government indicted him along with Montgomery, charging the latter with assault along the way. Last DOJ reported, Knowlton was entertaining a plea offer.

Something happened at these doors that is both making it hard to hold people accountable for entering it, but also seems to be of investigative interest. Perhaps that’s why McDonald and Kidd got arrested — to obtain the video that Kidd, especially, shot.

But until then, prosecutors may be relying on confrontations outside the building to make it clear that defendants knew they shouldn’t have stormed the building.


A New Emphasis on Threats of Violence in the Latest January 6 Conspiracy Indictment

As I laid out the other day, the government charged six Three Percenters from California — American Phoenix Project founder Alan Hostetter, Russell Taylor, Erik Warner, Tony Martinez, Derek Kinnison, and Ronald Mele — with conspiracy. As I described, the indictment was notable in that just one of the men, Warner, actually entered the Capitol. But it was also notable for the way it tied Donald Trump’s December 19 call for a big protest on January 6 with their own public calls for violence, including executions, as well as an explicit premeditated plan to “surround the capital” [sic].

That’s one reason I find the slight difference in the way this conspiracy got charged to be of interest.

As I’ve been tracking over time, the now-seven militia conspiracies are structured very similarly, with each including coordinated plans to get to DC, some kind of plans to kit out for war, and some coordinated effort to participate in the assault on the Capitol. These conspiracies intersect in multiple ways we know of:

  • Thomas Caldwell’s communication with multiple militia to coordinate plans
  • Kelly Meggs’ formation of an alliance between Florida militias
  • Joe Biggs’ decision to exit the Capitol after the first breach, walk around it, and breach it again with two other Proud Boys in tow just ahead of the Oath Keeper stack
  • The attendance of James Breheny (thus far only charged individually), apparently with Stewart Rhodes (thus far not charged), at a leadership meeting of “multiple patriot groups” in Quarryville, PA on January 3, which Breheny described as “the day we get our comms on point with multiple other patriot groups”

All three militias mingled in interactions they’ve had with Roger Stone, as well, but thus far Stone only shows up in the Oath Keepers’ conspiracy.

In other words, while these represent seven different conspiracies (along with around maybe 15 to 20 identified militia members not charged in a conspiracy), they’re really one networked conspiracy that had the purpose of preventing the democratic replacement of Donald Trump.

Of particular note, what is probably the most serious case of assault charged against a militia member, that charged against Proud Boy Christopher Worrell, has not been included in any conspiracy. So while individual members of these conspiracies — including Joshua James, Dominic Pezzola, and William Isaacs, have been charged for their own physical resistance to cops — the conspiracies as a whole don’t yet hold conspirators accountable for the violence of their co-conspirators. The conspiracies only allege shared responsibility for damage to the Capitol, not violence against cops.

That said, the purpose and structure of the Three Percenter conspiracy is slightly different than the other six. The other six (Oath Keeper, Proud Boy Media, Proud Boy Leadership, Proud Boy Kansas City, Proud Boy North Door, Proud Boy Front Door) are all charged under 18 U.S.C. §371, conspiracy against the US. While the timeline of each conspiracy varies and while some of the Proud Boy conspiracies also include the goal of impeding the police, all six include language alleging the conspirators,

did knowingly combine, conspire, confederate, and agree with each other and others known and unknown, to commit an offense against the United States, namely, to corruptly obstruct, influence, and impede an official proceeding, that is, the Certification of the Electoral College vote, in violation of Title 18, United States Code, Section 1512(c)(2).

The purpose of the conspiracy was to stop, delay, and hinder the Certification of the Electoral College vote.

That is, those six conspiracies are charged (at least) as a conspiracy to violate the obstruction statute.

The Three Percenter SoCal conspiracy, however, is charged under the obstruction itself, 18 U.S.C. §1512(k).

Between December 19, 2020 and January 6, 2021, within the District of Columbia and elsewhere, the defendants … together with others, did conspire to corruptly obstruct, influence, and impede an official proceeding, to wit: the Certification of the Electoral College vote.

The object is the same — to impede the vote certification. But it is charged differently.

I’m still thinking through what the difference might mean. It might mean nothing, it might reflect the preference of the prosecutors, or it may reflect a rethinking at DOJ.

Nick Smith claims there’s no evidence Ethan Nordean corruptly influenced anyone else to violate their duty

But there are two things that may factor into it. First, since the government first started structuring its conspiracies this way, some defense attorneys have started challenging the applicability of the obstruction statute to the vote certification at all. For this discussion, I’ll focus on the argument as Nick Smith laid it out in a motion to throw out the entire indictment against Ethan Nordean. Smith makes two arguments regarding the conspiracy charge.

First, Smith argues that Congress only intended the obstruction statute to apply to proceedings that involve making factual findings, and so poor Ethan Nordean had no way of knowing that trying to prevent the vote certification might be illegal.

As indicated above, § 1512(c)(2) has never been used to prosecute a defendant for the obstruction of an “official proceeding” unrelated to the administration of justice, i.e., a proceeding not charged with hearing evidence and making factual findings. Moreover, there is no notice, much less fair notice, in § 1512(c)(2) or in any statute in Chapter 73 that a person may be held federally liable for interference with a proceeding that does not resemble a legal tribunal.

Of course, that argument ignores that Ted Cruz and the other members who challenged the vote claim they were making factual findings — so Nordean’s co-conspirators may sink this legal challenge.

Smith also argues that the obstruction charge fails under the findings of US v. Poindexter, in which John Poindexter’s prosecution for lying to Congress about his role in Iran-Contra was reversed, in part, because the word “corruptly” as then defined in the obstruction statute was too vague to apply to Poindexter’s corrupt failure to do his duty. Smith argues that the language remains too vague based on his claim that the government is trying to prosecute Nordean for his “sincerely held political belief that the 2020 presidential election was not fairly decided,” which prosecutors have no business weighing.

Here, the FSI’s construction on § 1512(c)’s adverb “corruptly” fails this Circuit’s Poindexter test. First, the FSI does not allege that Nordean obstructed the January 6 joint session “to obtain an improper advantage for himself or someone else. . .” Poindexter, 951 F.2d at 386. Instead, it contends he allegedly obstructed the session in support of the sincerely held political belief that the 2020 presidential election was not fairly decided. Such an interpretation of § 1512(c) is unconstitutionally vague because it leaves to judges and prosecutors to decide which sincerely held political beliefs are to be criminalized on an ad hoc basis. Dimaya, 138 S. Ct. at 1223-24. Second, the FSI neither alleges that Nordean influenced another person to obstruct the January 6 proceeding in violation of their legal duty, nor that Nordean himself violated any legal duty by virtue of his mere presence that day.

As I noted in my post on this challenge, this might be a nifty argument for a defendant who hadn’t — as Nordean had — started calling for revolution on November 27,  well before the state votes were counted. But Nordean had already made his intent clear even before the votes were counted, so Smith’s claims that Nordean was reacting to the election outcome is fairly easily disproven. (As with this entire challenge, it might work well for other defendants, but for a long list of reasons, it is far less likely to work with Nordean.)

There’s another, far more important, aspect to this part of the argument though. Smith claims, without any discussion, that Nordean didn’t “influence” any other person to violate their legal duty. Smith wants Judge Timothy Kelly to believe that Nordean did not mean to intimidate Congress by assembling a violent mob and storming the Capitol and as a result of intimidation to fail to fulfill their duty as laid out in the Constitution, whether by refusing to certify Joe Biden as President, or by running away in terror and simply failing to complete the task.

Unlike conspiracy, obstruction has a threat of violence enhancement

As I understand it (and I invite actual lawyers to correct me on this), the other difference between charging this conspiracy under 18 USC 371 and charging it under 1512(k) is the potential sentence. While defendants can be sentenced to 20 years under their individual obstruction charges (the actual sentence is more likely to be around 40 months, or less if the defendant pleads out), 18 USC 371 has a maximum sentence of five years.

If two or more persons conspire either to commit any offense against the United States, or to defraud the United States, or any agency thereof in any manner or for any purpose, and one or more of such persons do any act to effect the object of the conspiracy, each shall be fined under this title or imprisoned not more than five years, or both.

But 18 USC 1512(k) says that those who conspire to obstruct shall be subject to the same penalty as they’d face for the actual commission of the offense.

(k)Whoever conspires to commit any offense under this section shall be subject to the same penalties as those prescribed for the offense the commission of which was the object of the conspiracy.

And obstruction has special penalties tied to murder, attempted murder, and the threat of physical force.

(3) The punishment for an offense under this subsection is—
(A) in the case of a killing, the punishment provided in sections 1111 and 1112;
(B) in the case of—
(i) an attempt to murder; or
(ii) the use or attempted use of physical force against any person;
imprisonment for not more than 30 years; and
(C) in the case of the threat of use of physical force against any person, imprisonment for not more than 20 years.

Thus, anyone charged along with a co-conspirator who threatened to kill someone may be exposed to twenty or even thirty years in prison rather than just five years.

As noted, there are several things about the overt acts charged in the Three Percenter conspiracy that differentiate it from the other militia conspiracies. They were even more explicit about their intent to come armed to the Capitol than the Oath Keepers were with their QRF (and their stated excuses to be armed relied even less on what I call the Antifa foil, the claim they had to come armed to defend against people they fully planned to incite).

And Hostetter twice publicly threatened to execute people. He posted a YouTube on November 27 in which he said, “some people at the highest levels need to be made an example of with an execution or two or three.” And he gave a speech on December 12 in which he demanded, “There must be long prison terms, while execution is the just punishment for the ringleaders of the coup.”

In other words, I think by charging this conspiracy under the obstruction statute rather than the conspiracy one, the government has exposed all of Hostetter’s co-conspirators, along with Hostetter himself, to far longer sentences because he repeatedly threatened to execute people.

The Three Percenter conspiracy makes threats to intimidate Mike Pence and members of Congress an object of the conspiracy

My guess is that the government is going to argue that, of course, Nordean was trying to corruptly influence others to violate their legal duty to certify the electoral results. Every single militia includes at least one member who made explicit threats against Mike Pence or Nancy Pelosi, and the Proud Boys, especially, have no recourse by claiming they showed up to listen to Donald Trump, since instead of attending his speech, they were assembling a violent mob to march on the place where Mike Pence was going to enact his official duties.

The Proud Boys were there to intimidate Mike Pence and members of Congress in hopes they would fail to fulfill their duty as laid out in the Constitution. If these charges make it to trial, I think prosecutors will be able to make a very compelling argument that assembling a mob in anticipation of Pence’s official acts was designed to intimidate him corruptly.

But, if I’m right about the criminal penalties, with the Three Percenter conspiracy, the government is going one step further. This conspiracy is structured to hold each member of the conspiracy accountable for the threats of murder made by Hostetter, the threat posed by planning to be armed at the Capitol, as well as the violence of others in their networked conspiracy. And even for those who didn’t enter the Capitol but instead egged on violence from some rally stage or behind some bullhorn, this conspiracy seems to aspire to expose co-conspirators accountable to a twenty year sentence for their (unsuccessful) efforts to intimidate Mike Pence to renege on his duty.

Update: I should add that someone with no prior convictions who goes to trial and is found guilty would face closer to 7-9 years with a full threats of violence enhancement. It would not be the full 20 years.

Update: Thanks to harpie for helping me count to seven (I had the wrong total number originally).


How Don McGahn Distracted the NYTimes from the Subpoenas Known To Be Problematic

The NYT just published a story that buried incredibly important details about the HPSCI subpoena in paragraphs 18 and 19.

In that case, the leak investigation appeared to have been primarily focused on Michael Bahar, then a staffer on the House Intelligence Committee. People close to Jeff Sessions and Rod J. Rosenstein, the top two Justice Department officials at the time, have said that neither knew that prosecutors had sought data about the accounts of lawmakers for that investigation.

It remains murky whether agents were pursuing a theory that Mr. Bahar had leaked on his own or whether they suspected him of talking to reporters with the approval of the lawmakers. Either way, it appears they were unable to prove their suspicions that he was the source of any unauthorized disclosures; the case has been closed and no charges were brought.

The details back a hypothesis that I and others have raised about the 2018 subpoena that obtained Adam Schiff’s call records: that Schiff wasn’t targeted at all, but instead someone else — here, Michael Bahar — was the target.

That means that the initial subpoena may have been more stupid — not adequately targeted given the scope of the investigation — than scandalous. It also means that the focus should remain on Bill Barr’s renewed focus on those records in 2020, particularly whether or not he used Schiff records that should have been sealed to investigate a key member of Congress.

But that’s not how the NYT is spending its time. Instead, they are spending 17 paragraphs admitting that they have no idea whether a subpoena obtained by an EDVA grand jury for Don McGahn’s records on February 23, 2018 is newsworthy or not.

They report that Apple got the subpoena for McGahn, implying but not reporting clearly that all Apple provided was subscriber information.

Apple told Donald F. McGahn II, the White House counsel to former President Donald J. Trump, last month that the Justice Department had subpoenaed information about an account that belonged to him in February 2018, and that the government barred the company from telling him at the time, according to two people briefed on the matter.

Mr. McGahn’s wife received a similar notice from Apple, said one of the people, who spoke on the condition of anonymity to discuss a sensitive matter.

It is not clear what F.B.I. agents were scrutinizing, nor whether Mr. McGahn was their specific focus. In investigations, agents sometimes compile a large list of phone numbers and email addresses that were in contact with a subject, and seek to identify all those people by using subpoenas to communications companies for any account information like names, computer addresses and credit card numbers associated with them.

They assume, with no evidence, that the subpoena was obtained because McGahn was Trump’s White House counsel.

Still, the disclosure that agents secretly collected data of a sitting White House counsel is striking as it comes amid a political backlash to revelations about Trump-era seizures of data of reporters and Democrats in Congress for leak investigations. The president’s top lawyer is also a chief point of contact between the White House and the Justice Department.

They then go tick off one after another possible explanation:

  • The Manafort tax investigation, which was conducted in DC, and was completed in, and therefore would have been disclosed in, 2018
  • A tirade Trump launched about McGahn involving a potential leak that would have been investigated in DC
  • The totally unrelated HPSCI subpoena, which also was investigated in DC

They don’t consider a much more likely explanation, especially since Mueller is known to have identified at least three SuperPACs that were coordinating with the Trump campaign, including at least two that were headquartered in VA, but did not pursue charges relating to potential illegal coordination himself. That possibility is that prosecutors were appropriately investigating why the former FEC chairman was letting Trump’s 2016 campaign coordinate with so many supposedly independent PACs, particularly given his knowledge that Trump and Michael Cohen had been investigated for campaign finance laws in 2011, before then FEC Chair Don McGahn bailed them out for it. There’s no evidence Mueller’s investigators asked McGahn about this, even though Roger Stone’s coordination with Steve Bannon and Rick Gates was a subject of considerable interest to Mueller (in part because it implicated the Mercers).

That’s just one possible explanation, but unlike all the speculation included in the NYT story not focusing on Barr’s resuscitation of the HPSCI leak, might actually involve a grand jury in VA.

Until there’s some sense of what this subpoena was, there’s zero reason to assume it’s newsworthy or in any way focused on something McGahn had done as White House Counsel.

One of the only pieces of genuine “news” that came out of McGahn’s testimony the other day is he confessed to being a source for a story that was obviously sourced to someone close to him that nevertheless claimed he, personally, had not responded to requests for comment. “McGahn did not respond to requests for comment.” The man knows how to make journalists run around like puppies chasing his shiny objects.

And what the NYT just did was take their focus away from subpoenas there’s good reason to believe are newsworthy to instead speculate wildly about one that may not be.


“Target:” A Vocabulary Lesson for Adam Schiff

Most of the people in top DOJ positions under Trump have issued statements claiming they did not know of any subpoena “targeting” Adam Schiff.

Billy Barr told Politico that “while he was Attorney General,” he was not aware of any congressperson’s records, “being sought” “in a leak case.”

Barr said that while he was attorney general, he was “not aware of any congressman’s records being sought in a leak case.” He added that Trump never encouraged him to zero in on the Democratic lawmakers who reportedly became targets of the former president’s push to unmask leakers of classified information.

Trump “was not aware of who we were looking at in any of the cases,” Barr said. “I never discussed the leak cases with Trump. He didn’t really ask me any of the specifics.”

That in no way serves as a denial that he’s aware of the previously collected congressperson’s records being used in an investigation, possibly one not defined as a leak case. Given that the records in question were collected over a year before he became Attorney General, it is, frankly, not a denial in the least.

WaPo includes purported denials from all three potential Attorneys General.

In February 2018, Jeff Sessions was attorney general, though a person familiar with the matter said he has told people he did not recall approving a subpoena for lawmakers’ data in a leak case. Sessions was recused from many Russia-related matters, including special counsel Robert S. Mueller III’s investigation of the Kremlin’s interference in the 2016 election. A person close to Rod J. Rosenstein, Sessions’s deputy attorney general, said he, too, has told people he did not recall hearing about the subpoena until news of it broke publicly.

Two other people said William P. Barr — Trump’s second attorney general — also has told people he did not remember being informed of any subpoenas for lawmakers’ data during his time leading the department.

Barr says he does not remember being informed of “subpoenas for lawmakers’ data.” Jeff Sessions, who may have been recused from the investigation in question (though I’m virtually certain the recusal is not as broad as it is being treated), says “he did not recall approving a subpoena for lawmakers’ leak data.” And Rod Rosenstein, the leak hawk who served as Attorney General for Russia related investigations, says “he did not recall hearing about the subpoena” until it was just revealed.

Every single one of these denials is premised on this being a subpoena for Members of Congress. These denials are denials about targeting Members of Congress.

But Apple’s description of what happened makes it virtually certain none of these denials are relevant to the subpoena in question.

On Feb. 6, 2018, Apple received a grand jury subpoena for the names and phone records connected to 109 email addresses and phone numbers. It was one of the more than 250 data requests that the company received on average from U.S. law enforcement each week at the time. An Apple paralegal complied and provided the information.

[snip]

Without knowing it, Apple said, it had handed over the data of congressional staff members, their families and at least two members of Congress, including Representative Adam B. Schiff of California, then the House Intelligence Committee’s top Democrat and now its chairman. It turned out the subpoena was part of a wide-ranging investigation by the Trump administration into leaks of classified information.

Apple was asked for the names and toll records connected with 109 accounts. That means that investigators didn’t know — or could claim not to know — whose records they were collecting, and didn’t discover until they got the subpoena returns that Adam Schiff, Eric Swalwell, and a child with no conceivable access to classified information had been included. Chances are good that none of these people were the target. Chances are good that a staffer was the target — perhaps the one for whose records Microsoft was subpoenaed in 2017. This sounds like a Community of Interest subpoena — something that gets the calling circle of a target. It was a key part of Stellar Wind and the phone dragnet that Adam Schiff championed over and over again, a request that shows (in this case) two hops removed from a target to figure out whom he called and whom those people called.

The danger of using such requests in leak investigations has been known since a 2010 IG Report revealed that a journalist’s records had been collected as part of a community of interest grand jury subpoena. One plausible explanation for what happened in that instance is that the government targeted a known source for Stellar Wind — perhaps Thomas Tamm — knowing full well that one of the journalists on the story had been in contact with him. By getting two hops of records, though, the known contact with the journalist would (and did) return all the journalists’ contacts as well. The journalist in that case wasn’t the “target” but he may as well have been.

Still, as the phone dragnet championed by Adam Schiff reveals, the government never gave up their interest in such two-hop subpoenas.

All of the descriptions of what happened are consistent with this explanation. It would explain why:

  • Apple didn’t know the identity of the account holders but returned both the identity and the call records in response to the subpoena
  • Apple is now limiting the number of records they’ll return with one subpoena
  • Sessions, Rosenstein, and Barr are all denying knowing that Members of Congress were “targeted”

What it doesn’t explain — though no one has been asked to explain — whether investigators on this case alerted their superiors that they had ended up subpoenaing Adam Schiff’s records, whether or not they [claim they] intended to. Oops, boss, I just subpoenaed the Ranking Member of HPSCI, what do I do now?

In the case of the journalist whose records were seized in a community of interest subpoena in 2006, after it was discovered the FBI sealed the records and they were purged from at least some of the FBI’s investigative databases. That’s what should have happened after a prosecutor discovered they had obtained a Member of Congress’ call records unintentionally: the records should have been sealed.

But by description, that didn’t happen here. Barr never denied having focused on Members of Congress when he resuscitated his investigation in 2020 (nor has he said for sure that it remained a “leak” investigation rather than a “why does this person hate Trump” investigation, like so many others of his investigations. Barr denied telling Trump about it. But he didn’t deny that Members of Congress were investigated in 2020.

That’s why Adam Schiff’s reassurances that Section 702 of FISA doesn’t “target” Americans have always been meaningless. Because once FBI ingests the records, they can go back to those records years later, in an entirely different investigation. And no one has denied such a thing happened here.

Update: Fixed the description of Barr’s denial to WaPo.


Carter Page Believed James Wolfe Was Ellen Nakashima’s Source Disclosing His FISA Application Less than a Month After the Story

According to the Statement of Offense to which James Wolfe — the former Senate Intelligence Committee security official convicted of lying about his contacts with journalists — allocuted, Carter Page suspected Wolfe was the source for Ellen Nakashima’s story revealing Page had been targeted with a FISA order. When the former Trump campaign staffer wrote Nakashima to complain about the story less than four weeks after Washington Post published it, Page BCCed Wolfe. [Nakashima is Reporter #1 and Ali Watkins is Reporter #2.]

On May 8, 2017, MALE-1 emailed REPORTER #1 complaining about REPORTER #1’s reporting of him (MALE-1). According to the metadata recovered during the search of Wolfe’s email, Wolfe was blind-copied on that email by MALE-1.

That unexplained detail is important — albeit mystifying — background to two recent stories on leak investigations.

First, as reported last month, Nakashima was one of three journalists whose call records DOJ obtained last year.

The Trump Justice Department secretly obtained Washington Post journalists’ phone records and tried to obtain their email records over reporting they did in the early months of the Trump administration on Russia’s role in the 2016 election, according to government letters and officials.

In three separate letters dated May 3 and addressed to Post reporters Ellen Nakashima and Greg Miller, and former Post reporter Adam Entous, the Justice Department wrote they were “hereby notified that pursuant to legal process the United States Department of Justice received toll records associated with the following telephone numbers for the period from April 15, 2017 to July 31, 2017.” The letters listed work, home or cellphone numbers covering that three-and-a-half-month period.

The scope of the records obtained on the WaPo journalists last year started four days after the Page story, so while some May 11, 2017 emails between Nakashima and Wolfe would have been included in what got seized last year, any contacts prior to the FISA story would not have. And the public details on the prosecution of Wolfe show no sign that Nakashima’s records were obtained in that investigation (those of Ali Watkins, whom Wolfe was in a relationship, however, were). Indeed, the sentencing memo went out of its way to note that DOJ had not obtained deleted Signal texts from any journalists. “The government did not recover or otherwise obtain from any reporters’ communications devices or related records the content of any of these communications.”

That said, Nakashima’s reporting was targeted in two different leak investigations, covering sequential periods, three years apart.

It’s not clear how quickly the Page investigation focused on Wolfe. But it may have outside help. A CBP Agent unconnected to the FBI investigation grilled Watkins on her ties with Wolfe in June 2017.

The Sentencing Memorandum on Wolfe suggests the FBI came to focus on him — and excused their focus — after having learned of his affair with Watkins. They informed Richard Burr and Mark Warner, and obtained the first of several warrants to access his phone.

At the time the classified national security information about the FISA surveillance was published in the national media, defendant James A. Wolfe was the Director of Security for the SSCI. He was charged with safeguarding information furnished to the SSCI from throughout the United States Intelligence Community (“USIC”) to facilitate the SSCI’s critical oversight function. During the course of the investigation, the FBI learned that Wolfe had been involved in the logistical process for transporting the FISA materials from the Department of Justice for review at the SSCI. The FBI also discovered that Wolfe had been involved in a relationship with a reporter (referred to as REPORTER #2 in the Indictment and herein) that began as early as 2013, when REPORTER #2, then a college intern, published a series of articles containing highly sensitive U.S. government information. Between 2014 and 2017, Wolfe and REPORTER #2 exchanged tens of thousands of telephone calls and electronic messages. Also during this period, REPORTER #2 published dozens of news articles on national security matters that contained sensitive information related to the SSCI.

Upon realizing that Wolfe was engaged in conduct that appeared to the FBI to compromise his ability to fulfill his duties with respect to the handling of Executive Branch classified national security information as SSCI’s Director of Security, the FBI faced a dilemma. The FBI needed to conduct further investigation to determine whether Wolfe had disseminated classified information that had been entrusted to him over the past three decades in his role as SSCI Director of Security. To do that, the FBI would need more time to continue their investigation covertly. Typically, upon learning that an Executive Branch employee and Top Secret clearance holder had potentially been compromised in place – such as by engaging in a clandestine affair with a national security reporter – the FBI would routinely provide a “duty-to-warn” notification to the relevant USIC equity holder in order to allow the intelligence agencies to take mitigation measures to protect their national security equities. Here, given the sensitive separation of powers issue and the fact that the FISA was an FBI classified equity, the FBI determined that it would first conduct substantial additional investigation and monitoring of Wolfe’s activities. The FBI’s executive leadership also took the extraordinary mitigating step of limiting its initial notification of investigative findings to the ranking U.S. Senators who occupy the Chair and Vice Chair of the SSCI.2

The FBI obtained court authority to conduct a delayed-notice search warrant pursuant to 18 U.S.C. § 3103a(b), which allowed the FBI to image Wolfe’s smartphone in October 2017. This was conducted while Wolfe was in a meeting with the FBI in his role as SSCI Director of Security, ostensibly to discuss the FBI’s leak investigation of the classified FISA material that had been shared with the SSCI. That search uncovered additional evidence of Wolfe’s communications with REPORTER #2, but it did not yet reveal his encrypted communications with other reporters.

This process — as described by Jocelyn Ballantine and Tejpal Chawla, prosecutors involved in some of the other controversial subpoenas disclosed in the last month — is a useful lesson of how the government proceeded in a case that likely overlapped with the investigation into HPSCI that ended up seizing Swalwell and Schiff’s records. Given that Swalwell was targeted by a Chinese spy, it also suggests one excuse they may have used to obtain the records: by claiming it was a potential compromise.

Still, by the time FBI first informed Wolfe of the investigation, in October 2017, they had obtained his cell phone content showing that he was chatting up other journalists, in addition to Watkins — and indeed, he continued to share information on Page. By the time the FBI got Wolfe to perjure himself on a questionnaire about contacts with journalists in December 2017, they had presumably already searched Watkins’ emails going back years. Wolfe was removed from his position and stripped of clearance, making his indictment six months later only a matter of time.

All that said, the government never proved that Wolfe was the source for Nakashima. And Ballantine’s subpoena for HPSCI contacts, weeks later after FBI searched Wolfe’s phone, may have reflected a renewed attempt to pin the leak on someone, anyone (though it’s not clear whether investigators looked further than Congress, or even to Paul Ryan, who has been suspected of tipping Page off.

If the James Wolfe investigation reflects how they might have approached the HPSCI side, there’s one other alarming detail of this: The FBI alerted someone in Congress of the search, the Chair and Ranking Member of the Committee. But in HPSCI’s case, Schiff was the Ranking Member. Meaning it’s possible that, by targeting on Schiff, FBI gave itself a way to consult only with the Republican Chair of the Committee.

James Wolfe (and the investigation of Natalie Sours Edwards, who was sentenced to six months in prison last week) are an important lesson in leak investigations that serves as important background for Joe Biden’s promise that reporters won’t be targeted anymore. The way you conduct a leak investigation in this day and age is to seize the source’s phone, in part because that’s the only way to obtain Signal texts.

Timeline

March 2017: Exec Branch provides SSCI “the Classified Document,” which includes both Secret and Top Secret information, with details pertaining to Page classified as Secret.

March 2, 2017: James Comey briefs HPSCI on counterintelligence investigations, with a briefing to SSCI at almost the same time.

March 17, 2017: 82 text messages between Wolfe and Watkins.

April 3, 2017: Watkins confirms that Carter Page is Male-1.

April 11, 2017: WaPo reports FBI obtained FISA order on Carter Page.

June 2017: End date of five communications with Reporter #1 via Wolfe’s SSCI email.

June 2017: Using pretext of serving as a source, CBP agent Jeffrey Rambo grills Watkins about her travel with Wolfe.

October 2017: Wolfe offers up to be anonymous source for Reporter #4 on Signal.

October 16, 2017: Wolfe Signals Reporter #3 about Page’s subpoena.

October 17, 2017: NBC reports Carter Page subpoena.

October 24, 2017: Wolfe informs Reporter #3 of timing of Page’s testimony.

October 30, 2017: FBI informs James Wolfe of investigation.

November 15, 2017: 90 days before DOJ informs Ali Watkins they’ve seized her call records.

December 14, 2017: FBI approaches Watkins about Wolfe.

Prior to December 15, 2017 interview: Wolfe writes text message to Watkins about his support for her career.

December 15, 2017: FBI interviews Wolfe.

January 11, 2018: Second interview with Wolfe, after which FBI executes a Rule 41 warrant on his phone, discovering deleted Signal texts with other journalists.

February 6, 2018: Subpoena targeting Adam Schiff and others.

February 13, 2018: DOJ informs Watkins they’ve seized her call records.

June 6, 2018: Senate votes to make official records available to DOJ.

That the Chairman and Vice Chairman of the Senate Select Committee on Intelligence, acting jointly, are authorized to provide to the United States Department of Justice copies of Committee records sought in connection with a pending investigation arising out of allegations of the unauthorized disclosure of information, except concerning matters for which a privilege should be asserted.

June 7, 2018: Grand jury indicts Wolfe.

June 7, 2018: Richard Burr and Mark Warner release a statement:

We are troubled to hear of the charges filed against a former member of the Committee staff. While the charges do not appear to include anything related to the mishandling of classified information, the Committee takes this matter extremely seriously. We were made aware of the investigation late last year, and have fully cooperated with the Federal Bureau of Investigation and the Department of Justice since then. Working through Senate Legal Counsel, and as noted in a Senate Resolution, the Committee has made certain official records available to the Justice Department.

June 13, 2018: Wolfe arraigned in DC. His lawyers move to prohibit claims he leaked classified information.


Some Perspective on the Politicized Leak Investigation Targeting Adam Schiff

The NYT reported the other day that DOJ obtained phone records of Adam Schiff, Eric Swalwell, and a bunch of House Intelligence Committee staffers in the guise of what it reports is a leak investigation (though given the specific form of Bill Barr’s prevarications about his knowledge, may have been repackaged as something else when the investigation was resuscitated in 2020).

Prosecutors subpoenaed Apple for data from the accounts of at least two Democrats on the House Intelligence Committee, aides and family members. One was a minor.

All told, the records of at least a dozen people tied to the committee were seized in 2017 and early 2018, including those of Representative Adam B. Schiff of California, then the panel’s top Democrat and now its chairman, according to committee officials and two other people briefed on the inquiry. Representative Eric Swalwell of California said in an interview Thursday night that he had also been notified that his data had subpoenaed.

Prosecutors, under the beleaguered attorney general, Jeff Sessions, were hunting for the sources behind news media reports about contacts between Trump associates and Russia. Ultimately, the data and other evidence did not tie the committee to the leaks, and investigators debated whether they had hit a dead end and some even discussed closing the inquiry.

But William P. Barr revived languishing leak investigations after he became attorney general a year later. He moved a trusted prosecutor from New Jersey with little relevant experience to the main Justice Department to work on the Schiff-related case and about a half-dozen others, according to three people with knowledge of his work who did not want to be identified discussing federal investigations.

The initial collection and especially the subsequent treatment were clearly politicized — and more importantly, stupid, from an investigative standpoint. But, especially because this involves Adam Schiff, some exactitude about what went on really is required.

This is not spying

First, this is not “spying.” If the use of informants to investigate members of the Trump campaign and Hillary Clinton’s Foundation during a political campaign is not spying, if the use of a lawful FISA to conduct both physical and electronic surveillance on recently departed campaign volunteer Carter Page is not spying — and Adam Schiff said they were not, and I agree — then neither is the use of a subpoena to collect the phone records of Democrats who had knowledge of information that subsequently leaked in a fully predicated (and very serious) leak investigation.

This is “just” metadata

According to all reports, the government obtained the iPhone metadata records of 73 phone numbers and 36 email addresses. Apple suggests other tech companies probably got subpoenas, too, which means that some of those email addresses probably weren’t Apple emails.

But it was — as Adam Schiff said many times when defending a program that aspired to collect “all” the phone records in the United States — “just” metadata.

I don’t mean to belittle the impact of that. As I and others argued (against Schiff), metadata is actually profoundly revealing.

But if this is a problem (it is!), then people like Adam Schiff should lead a conversation about whether the standard on collection of metadata — currently, it only needs to be “relevant to” an investigation — is what it should be, as well as the rules imposed on future access to the data once collected prevent abuse.

Apple (and other tech companies) wouldn’t have known this was Adam Schiff

Even people who understand surveillance seem to believe that Apple would have known these requests targeted Adam Schiff in a leak investigation and therefore should have done more to fight it, as if the actual subpoena would be accompanied with an affidavit with shiny flags saying “HPSCI Ranking Member.”

They wouldn’t have. They would have gotten a list of selectors (some of which, by its description, it probably did not service), a description of the crime being investigated (a leak), and a gag order. The one thing that should have triggered closer review from Apple was the number of selectors. But apparently it did not, and once Apple complied, the data was swept up into the FBI’s servers where it presumably remains.

The subpoena was overly broad and not tailored to limit damage to Schiff

All that said, there were aspects of the subpoena that suggest it was written without any consideration for limiting the damage to Congressional equities or reasonable investigative targets. Focusing on these details are important because they distinguish what is really problematic about this (and who is to blame). According to reports, the subpoena:

  • Obtained information from a minor, who would have had no access to classified information
  • Included a series of year-long gags
  • Obtained all the toll records from date of creation
  • May have focused exclusively on Democratic members and staffers

It’s conceivable that, after years of investigation, DOJ would have reason to believe someone was laundering leaks through a child. But given how broad this subpoena is, it’s virtually impossible the affidavit included that kind of specific knowledge.

With journalists, DOJ is supposed to use shorter gags–three months. The series of year-long gags suggests that DOJ was trying to hide the existence of these subpoenas not just to hide an investigation, but to delay the political embarrassment of it.

There’s no reason to believe that Adam Schiff leaked a FISA application targeting Carter Page first obtained in 2016 in 2009 (or whenever the Californian lawmaker first set up his Apple account). It’s a physical impossibility. So it is completely unreasonable to imagine that years-old toll records would be “relevant to” a leak investigation predicated off a leak in 2017. Mind you, obtaining all records since the inception of the account is totally normal! It’s what DOJ did, for example, with Antionne Brodnax, a January 6 defendant who got notice of subpoenas served on him, but whose attempt to limit the subpoena failed because those whose records are subpoenaed have no authority to do that. There are two appropriate responses to the unreasonable breadth of this request: both a focus on the failure to use special caution with Congressional targets, but also some discussion about how such broad requests are unreasonable regardless of the target.

Given the number of these selectors, it seems unlikely DOJ did more than ID the people who had access to the leaked information in question. Except if they only obtained selectors for Democrats, it would suggest investigators went into the investigation with the assumption that the leak was political, and that such a political leak would necessarily be partisan. That’s simply not backed by exhibited reality, and if that’s what happened, it should force some scrutiny on who made those assumptions. That’s all the more true given hints that Republicans like Paul Ryan may have tipped Page off that he had been targeted.

These kinds of limiting factors are where the most good can come out of this shit-show, because they would have a real impact and if applied broadly would help not just Schiff.

Barr continued to appoint unqualified prosecutors to do his political dirty work

I think it would be useful to separate the initial records request — after all, the leak of a FISA intercept and the target of a FISA order are virtually unprecedented — from the continued use of the records in 2020, under Billy Barr.

The NYT explains that the initial investigators believed that charges were unlikely, but Barr redoubled efforts in 2020.

As the years wore on, some officials argued in meetings that charges were becoming less realistic, former Justice Department officials said: They lacked strong evidence, and a jury might not care about information reported years earlier.

[snip]

Mr. Barr directed prosecutors to continue investigating, contending that the Justice Department’s National Security Division had allowed the cases to languish, according to three people briefed on the cases. Some cases had nothing to do with leaks about Mr. Trump and involved sensitive national security information, one of the people said. But Mr. Barr’s overall view of leaks led some people in the department to eventually see the inquiries as politically motivated.

[snip]

After the records provided no proof of leaks, prosecutors in the U.S. attorney’s office in Washington discussed ending that piece of their investigation. But Mr. Barr’s decision to bring in an outside prosecutor helped keep the case alive.

[snip]

In February 2020, Mr. Barr placed the prosecutor from New Jersey, Osmar Benvenuto, into the National Security Division. His background was in gang and health care fraud prosecutions.

Barr used this ploy — finding AUSAs who were unqualified to work on a case that others had found no merit to — on at least three different occasions. Every document John Durham’s team submitted in conjunction with the Kevin Clinesmith prosecution, for example, betrayed that investigators running it didn’t understand the scope of the Crossfire Hurricane investigation (and thereby also strongly suggested investigators had no business scrutinizing a counterintelligence investigation at all). The questions that Jeffrey Jensen’s team, appointed by Barr to review the DOJ IG investigation and the John Durham investigation to find conclusions they didn’t draw, asked Bill Barnett betrayed that the gun crimes prosecutors running it didn’t know fuckall about what they were doing (why Barnett answered as he did is another thing, one that DOJ IG should investigate). And now here, he appointed a health care fraud prosecutor to conduct a leak investigation after unbelievably aggressive leak investigators found nothing.

DOJ IG should include all of those investigations in its investigation, because they all reflect Barr’s efforts to force prosecutors to come to conclusions that the evidence did not merit (and because the Jensen investigation, at least, appears to have altered records intentionally).

FBI never deletes evidence

In an attempt to disclaim responsibility for yet more political abuse, Billy Barr issued a very interestingly worded disavowal.

Barr said that while he was attorney general, he was “not aware of any congressman’s records being sought in a leak case.” He added that Trump never encouraged him to zero in on the Democratic lawmakers who reportedly became targets of the former president’s push to unmask leakers of classified information.

There are two parts to this: One, that “while he was attorney general,” Congresspersons’ records were not sought, and two, sought in a leak case. The original subpoena for these records was in February 2018, so not during Barr’s tenure as Attorney General. He doesn’t deny asking for those previously-sought records to be reviewed anew while Attorney General.

But he also limits his disavowal to leak cases. Under Barr’s fervent imagination, however, these investigations may well have morphed into something else, what he may have imagined were political abuse or spying violation cases. DOJ can and often does obtain new legal process for already obtained records (which would be unnecessary anyway for toll records), so it is not outside the realm of possibility that Barr directed his unqualified prosecutor to use those already-seized records to snoop into some other question.

It’s a pity for Adam Schiff that no one in charge of surveillance in Congress imposed better trackability requirements on FBI’s access of its investigative collections.

Both an IG investigation and a Special Counsel are inadequate to this investigation

Lisa Monaco asked Michael Horowitz to investigate this investigation. And that’s fine: he can access the records of the investigation, and the affidavits. He can interview the line prosecutors who were tasked with this investigation.

But he can’t require Barr or Jeff Sessions or any of the other Trump appointees who ordered up this investigation to sit for an interview (he could move quickly and ask John Demers to sit for an interview).

Because of that, a lot of people are asking for a Special Counsel to be appointed. That would be nice, except thus far, there’s no evidence that a crime was committed, so there is no regulatory basis to appoint a Special Counsel. The standard for accessing records is very low, any special treatment accorded journalists or members of Congress are not written into law, and prosecutorial discretion at DOJ is nearly sacrosanct. The scandal is that this may all be entirely legal.

Mind you, there’s good reason to believe there was a crime committed in the Jeffrey Jensen investigation, the same crime (altering documents) that Barr used to predicate the Durham Special Counsel appointment. So maybe people should revisit that?

Luckily, Swalwell and Schiff know some members of Congress who can limit such abuses

If I learned that DOJ engaged in unreasonable surveillance on me [wink], I’d have no recourse, largely because of laws that Adam Schiff has championed for years.

But as it happens, Schiff and Swalwell both know some members of Congress who could pass some laws limiting the ability to do some of the things used against them that affect thousands of Americans investigated by the FBI.

Now that Adam Schiff has discovered, years after we tried to reason with him on this point, that “it’s just metadata” doesn’t fly in this day and age, maybe we can talk about how the FBI should be using metadata given how powerful it has become?

The renewed focus on Schiff’s metadata would have come after Schiff disclosed Nunes’ ties to Rudy Giuliani’s grift

Another factor of timing hasn’t gotten enough attention. In late December, Schiff released the Democrats’ impeachment report. Because Schiff obtained subpoenas (almost certainly targeting Lev Parnas and Rudy Giuliani), he included call records of calls implicating Devin Nunes and his staffer Derek

Over the course of the four days following the April 7 article, phone records show contacts between Mr. Giuliani, Mr. Parnas, Representative Devin Nunes, and Mr. Solomon. Specifically, Mr. Giuliani and Mr. Parnas were in contact with one another, as well as with Mr. Solomon.76 Phone records also show contacts on April 10 between Mr. Giuliani and Rep. Nunes, consisting of three short calls in rapid succession, followed by a text message, and ending with a nearly three minute call.77 Later that same day, Mr. Parnas and Mr. Solomon had a four minute, 39 second call.78

[snip]

On the morning of May 8, Mr. Giuliani called the White House Switchboard and connected for six minutes and 26 seconds with someone at the White House.158 That same day, Mr. Giuliani also connected with Mr. Solomon for almost six minutes, with Mr. Parnas, and with Derek Harvey, a member of Representative Nunes’ staff on the Intelligence Committee.159

69 AT&T Document Production, Bates ATTHPSCI _20190930_00848-ATTHPSCI_20190930_00884. Mr. Parnas also had an aborted call that lasted 5 seconds on April 5, 2019 with an aide to Rep. Devin Nunes on the Intelligence Committee, Derek Harvey. AT&T Document Production, Bates ATTHPSCI_20190930_00876. Call records obtained by the Committees show that Mr. Parnas and Mr. Harvey had connected previously, including a four minute 42 second call on February 1, 2019, a one minute 7 second call on February 4, and a one minute 37 second call on February 7, 2019. AT&T Document Production, Bates ATTHPSCI_20190930_00617, ATTHPSCI_20190930_00630, ATTHPSCI_20190930_00641. As explained later in this Chapter, Rep. Nunes would connect separately by phone on April 10, 11, and 12 with Mr. Parnas and Mr. Giuliani. AT&T Document Production, Bates ATTHPSCI_20190930_00913- ATTHPSCI_20190930_00914; ATTHPSCI_20190930-02125.

76 Specifically, between April 8 and April 11, phone records show the following phone contacts:

  • six calls between Mr. Giuliani and Mr. Parnas (longest duration approximately five minutes), AT&T Document Production, Bates ATTHPSCI_20190930-02115-ATTHPSCI_20190930-02131;
  • four calls between Mr. Giuliani and Mr. Solomon (all on April 8, longest duration approximately one minute, 30 seconds) AT&T Document Production, Bates ATTHPSCI_20190930-02114- ATTHPSCI_20190930-02115;
  • nine calls between Mr. Parnas and Mr. Solomon (longest duration four minutes, 39 seconds) AT&T Document Production, Bates ATTHPSCI_20190930-00885- ATTHPSCI_20190930- 00906; and
  • three calls between Mr. Parnas and Ms. Toensing (longest duration approximately six minutes), AT&T Document Production, Bates ATTHPSCI_20190930-00885- ATTHPSCI_20190930- 00905.

77 AT&T Document Production, Bates ATTHPSCI_20190930-02125, ATTHPSCI_20190930-03236.

78 AT&T Document Production, Bates ATTHPSCI_20190930-00902.

[snip]

158 AT&T Document Production, Bates ATTHPSCI_20190930_02313.

159 AT&T Document Production, Bates ATTHPSCI_20190930_02314; ATTHPSCI_20190930_02316; ATTHPSCI_20190930_02318; ATTHPSCI 20190930 01000.

Because Nunes doesn’t understand how phone records work, he — and most other Republicans in Congress — accused Schiff of subpoenaing the record of his colleagues. That’s not what happened. Instead, Nunes and a key staffer got involved in with Rudy’s efforts to solicit dirt from Russian assets and as a result they showed up in Rudy’s phone records.

But it’s the kind of thing that might lead Barr to intensify his focus on Schiff.

The last section of this was an update.


The Hybrid Hatchet Conspiracy: A Premeditated Plan to Surround the Capitol on January 6

Contrary to what you might read on Twitter, I have not been predicting that Trump will be held accountable for January 6. Rather, I am observing–based on actual court filings and the evidence in them–that if he or his associates were to be held accountable, that would happen via conspiracy indictments, indictments that have already reached within two degrees of Trump’s closest associates. In a hearing yesterday, Christopher Wray answered one after another question about holding Trump accountable by talking about conspiracy indictments, so it seems he may agree with me.

Just the other day, for example, I suggested we might see prosecutions of those involved in the rallies, as opposed to busting into the Capitol.

Together, those posts argue that if any kingpins will be held accountable, it will be through a conspiracy prosecution. I note that one of the conspiracies has already reached back to the Willard Hotel, where Roger Stone was staying and where the call patterns suggest possible consultation with people present at the hotel. And I suggest that not only will there will be further conspiracies (I’m pretty confident about that prediction) but there may be more complex prosecutions tied to people who were involved in the rallies rather than the riot or who were discussed explicitly with Rudy Giuliani (I’m far less confident about that possibility).

That doesn’t mean Donald Trump, or even Roger Stone or Rudy Giuliani, are going to prison. It’s not clear what kind of evidence is out there. It’s not clear how loyal these famously paranoid people will be without the constant dangle of pardons that Trump used to buy silence during the Mueller investigation.

Earlier in the week, I noted that DOJ had already charged one of the speakers on January 5, Brandon Straka, and has been holding him in a kind of limbo awaiting what look like possible charges of obstruction and civil disorder.

Then there’s the case of Brandon Straka. He’s the head of the Walkaway campaign, and was a speaker on January 5. There’s no allegation he entered the door of the Capitol, though at a time when he was on the stairs, he was involved in attempting to take a shield from an officer and for that got charged with civil disorder (in addition to the standard trespass crimes). He obviously could be charged with obstruction, but that hasn’t been charged yet.

Last night, DOJ rolled out a conspiracy indictment that alleges that Alan Hostetter, another of the speakers on January 5, conspired with five other Three Percenters to “corruptly obstruct, influence, and impede an official proceeding, to wit: the Certification of the Electoral College vote.”

The indictment is slightly different than the other conspiracies charged against militias thus far (and therefore may be yet another degree more vulnerable to challenge), insofar as it charges 18 U.S.C. § 1512(k), the conspiracy charge tied to obstruction, rather than conspiracy itself 18 U.S.C. §371. Plus, just one of the accused defendants — Erik Warner — managed to enter the Capitol (another, Russell Taylor, chose not to enter because he didn’t want to do so while armed), so even the trespassing charges may be more vulnerable to challenge. Two of the men — Derek Kinnison and Warner — are also charged with obstruction for trying to delete the Telegram chat they used for organizational purposes.

But if this indictment withstands legal challenge, it is in some ways far more provocative than the existing militia conspiracies. That’s because it’s not just a militia conspiracy indictment.

The indictment is a hybrid: one that charges a group that is both a militia, the Three Percenters, but also men who played an organizational role in the larger event via an anti-mask turned into election conspiracy group, the American Phoenix Project. The conspiracy language of the indictment repeatedly describes the men flashing their Three Percenter signs or otherwise identifying themselves as such.

KINNISON attached a picture of himself, MARTINEZ, and WARNER with the following message: “From left to right, I’m Derek aka midnightrider the short guy, Tony aka blue collar patriot, Erik aka silvir surfer…. We are 3 percent so cal. Also coming with us is redline Ron [MELE].” In the photo, all three are flashing a hand signal that designates affiliation with a Three Percenter group.

[snip]

On January 2, 2021, KINNISON, MELE, WARNER, and MARTINEZ met at MELE’S house in Temecula, California. Before leaving in the SUV, the four men posed for a photograph in which they all made a hand gesture signaling affiliation with a Three Percenter group.

[snip]

MELE, MARTINEZ, KINNISON, and WARNER also congregated on the National Mall and posed for a photo there. In the photo, MARTINEZ, KINNISON, and WARNER made a hand signal showing affiliation with a Three Percenter group.

But the indictment also describes how Hostetter formed the Phoenix Project as an anti-mask group and then used it to sow violence against those who supported the democratic result of the 2020 election.

In Spring, 2020, ALAN HOSTETTER (“HOSTETTER”) founded the American Phoenix Project to oppose government-mandated restrictions arising from the COVID-19 pandemic. After the 2020 U.S. Presidential election, HOSTETTER, RUSSELL TAYLOR (“TAYLOR”), and PERSON ONE used the American Phoenix Project to support former President Donald J. Trump and protest what they asserted was a stolen or fraudulent election result. TAYLOR and PERSON ONE became directors of the American Phoenix Project in the Fall of 2020.

From at least in and around November 2020, HOSTETTER used the American Phoenix Project as a platform to advocate violence against certain groups and individuals that supported the 2020 presidential election results.

It describes how in a post on November 27, Hostetter demanded that “tyrants and traitors need to be executed.” It explains that at a rally in Huntington Beach on December 12, Hostetter gave a speech calling for executions.

The enemies and traitors of America both foreign and domestic must be held accountable. And they will. There must be long prison terms, while execution is the just punishment for the ringleaders of this coup.

This demand for long prison terms may come back to haunt Hostetter if he is ever sentenced for his attack on America.

Because of its hybrid structure, I suspect this indictment may serve as a node to connect other conspiracies together. Obviously, we should expect to see parallel Three Percenter conspiracies. Given how Guy Reffitt’s known actions that day parallel those of these conspirators, and given what prosecutor Jeffrey Nestler said in a status hearing for Reffitt the other day, I would be unsurprised if the superseding indictment Nestler said was imminent was a conspiracy of the Texas Three Percenters Reffitt was organizing.

I also expect that some of the 30 other people described to have taken part in the The California-DC Brigade Telegram chat described in this indictment to be charged in their own conspiracy indictment.

This group will serve as the Comms for able bodied individuals that are going to DC on Jan 6. Many of us have not met before and we are all ready and willing to fight. We will come together for this moment that we are called upon.

The indictment makes it clear that these Three Percenter defendants coordinated with other members of the DC Brigade using a coordinated radio channel, 142.422 on the day of the insurrection; they were conspiring with others, in addition to each other.

On the Telegram chat, Taylor explicitly talked about coming to DC armed.

I am assuming that you have some type of weaponry that you are bringing and plates as well.

Importantly, some of these other people from SoCal did engage in assault, and given Hostetter’s public statements plus the mention of “willing[ness] to fight” in this Telegram description and Taylor’s mention of weapons, the Three Percenter conspirators may be implicated by association in their violence (which, along with weapons charges that have not been charged, could serve as inducements for members of this conspiracy to flip).

So I believe this indictment will link in conspiracies with other Three Percenters and with other Southern Californian anti-maskers.

But the role of the rallies in the indictment is even more intriguing.

Hostetter set up an earlier organizational Telegram chat on November 10. It was used to plan travel to DC for the November Million MAGA March as well as the January 6 insurrection. In the language describing the overt acts in this conspiracy, the indictment focuses closely on posts and other events starting on December 19. It linked Trump’s Tweet calling for “Big protest in D.C. on January 6th.” It describes an Instagram post Hostetter posted under the Phoenix Project moniker the same day, calling for people to join him. It describes that Hostetter and Taylor reserved rooms in a Kimpton Hotel on December 20, earlier planning than many of the Oath Keepers. It describes how Taylor renamed the Telegram chat to “The Californian Patriots–Answer the Call Jan 6” on December 20.

Then, having tied the travel of these organizers of a network of radicalized Southern California Trump supporters to Trump’s call on December 20, the indictment describes that this group got booked to speak at the January 5 rally.

On December 30, 2020, KINNISON sent a text message to MELE, WARNER, and MARTINEZ in which he attached a flyer advertising the January 5, 2021 rally outside the Supreme Court, at which TAYLOR, HOSTETTER, and PERSON ONE were named speakers for the American Phoenix Project.

The indictment doesn’t describe how this happened, though the government obviously has enough comms to have some insight into it.

Then, that same day, December 30, Taylor posted his plans for the days of January 5 and 6. His post stated a clear plan to work with Stop the Steal to surround the Capitol.

Spread the word to other CALIFORNIA Patriots to join us as we March into the Capitol Jan 6. The Plan right now is to meet up at two occasions and locations: 1. Jan 5th 2pm at the Supreme Court steps for a rally. (Myself, Alan, [and others] will be speaking) 2. Jan 6th early 7am meet in front of the Kimpton George Hotel…we will leave at 7:30am shart and March (15 mins) to the Capital [sic] to meet up with the stop the steal organization and surround the capital. [sic] There will be speakers there and we will be part of the large effort for the “Wild Rally” that Trump has asked us all to be part of. [my emphasis]

This plan is structurally the foundation in the indictment for the leadership role these men played in the SoCal contingent of anti-maskers. For example, the next section describes how just after this post, the men created the DC Brigade chat, including its calls for anti-maskers from Southern California to come to DC armed to and expecting a fight.

DOJ has been working on this indictment for six months. That’s still lightning fast for a conspiracy indictment, but unlike the other militia conspiracies, it has not been jury-rigged together as one after another co-conspirators’ phones get exploited.

And what it does, at a minimum, is to tie the anti-mask community in Southern California into a network with the Three Percenters.

More importantly, it suggests the organizing surrounding the rally on January 5 included a premeditated plan to surround the Capitol on January 6.


Planes, Trains, and Automobiles: The Metadata of Insurrection

Kevin Douglas Creek, whose arrest was announced yesterday, is your garden variety January 6 defendant accused of assaulting cops in the extended fighting on the West Terrace that day.

But his arrest affidavit is a lesson in all the ways that insurrectionists, or any other travelers, leave a path of metadata that can be tracked later.

While the FBI described that someone reported comments Creek made in a visit to the Northside Forsyth Hospital days after the riot — Creek said that, “he was gassed before in the military where he never experienced the types of effects he was experiencing this time” — it appears that no one tracked down that tip directly (many of those who were gassed on January 6 would have only weak trespassing cases against them).

It seems likely that Creek was identified anew based off his Be on the Lookout pictures captured from two alleged assaults against cops. The affidavit doesn’t say he was identified through facial recognition, but the inclusion of the two clearest BOLO pictures of him in the affidavit suggests that’s likely.

Investigators often use driver’s license pictures to match for facial recognition, and indeed, this affidavit describes validating Creek’s BOLO to his Georgia driver’s license (though not the use of facial recognition to get there).

Your affiant reviewed a driver’s license photo issued to Creek and the Facebook profile photos posted by Kevin Creek and also compared these to images and videos of AFO-296. By comparing these photographs to the videos and images from the U.S. Capitol, your affiant believes the images are all consistent with Kevin Douglas Creek.

Once they IDed Creek as a suspect, they started accumulating proof of his travel. While Creek drove to insurrection, Air Marshals at Atlanta’s airport nevertheless witnessed Creek entering his F-150 at the airport, which tied him to his license plate.

Your affiant reviewed records obtained from open sources and verified that a F-150 Supercrew with license plate ending in XXX5830 is registered to Creek. Federal Air Marshals have also observed Kevin Creek entering this vehicle at the Hartfield Jackson International Airport in Atlanta, Georgia.

Once they tied Creek to his license plate, they tracked his drive to DC.

This license plate was run by an FBI-Atlanta Task Force Officer through Leonardo, a Automatic License Plate reader in Georgia. Leonardo automatic plate reader captured Creek driving to D.C. from Georgia on at 8:44 am on January 5, 2021 and returning at 6:11 pm on January 7, 2021. On both occasions, the reader registered the license plate on I-85 in Franklin County, Georgia.

Given Franklin County’s location on the border with South Carolina, Georgia’s license plate reader probably picked up Creek on his way into South Carolina on I-85 on January 5 and on his way back into Georgia on January 7.

Along the way, his credit card purchases showed him buying gas going and returning.

For example, on January 5, 2021, Creek used his credit card at Shell Oil in Petersburg, VA, Quinns in Arlington, VA and at Panera Bread in Burlington, NC. On January 7, 2021, Creek used his credit card at QT in Anderson, SC and at BP in North Chester, VA.

His credit card not only placed him at what was then a Courtyard in Arlington, but showed that he took the metro into the city on January 6.

Travel records obtained from Washington Metropolitan Area Transit Authority confirm that on January 6, 2021 at 8:15am, Creek’s credit card was used to purchase four metro cards. These metro cards were used to traveled from Rosslyn Station McPherson Sq Station at approximately 8:17 am. At 11:07 am, one metro card was used to return to Rosslyn Station from McPherson Station. The other 3 cards returned from Arch-Navy Memorial Station to Rosslyn Station at 4:37 pm.

This tipped off the FBI that three people were traveling with Creek. Creek told the FBI whom he traveled with in an interview on May 21, but if he hadn’t, the FBI would have been able to use surveillance video from the hotel and the Metro to figure out who the others were, especially the two that appear to have left the Capitol with him shortly before 4:37PM.

At the beginning of this investigation, there was a focus on how many rioters had IDed themselves on social media. In Creek’s case, he may have deleted his live streaming from the attack before anyone chased down the tip based off his hospital visit (FBI ran some kind of GeoFence off of people live streaming to Facebook from inside the Capitol, but it’s not clear Creek ever entered the building).

An open source search was conducted to identify any social media accounts in the name of Kevin Creek. A search of Facebook revealed an account with the handle Kevin Creek. This Facebook profile shared a photo of a “Nailed It Roofing and Restoration” business card. Nailed It Roofing and Restoration is registered with the Georgia Corporations Division with a registered agent of Kevin Douglas Creek.

[snip]

Initially, Creek told affiant he was live streaming January 6th and posted the stream and photos on his Facebook account. Creek deleted those photos once he returned home. Creek stated he may have heard about the protest from his twitter account (handle @KevinDCreek) but stated he could not remember for certain.

As described then, the only lead the FBI got from Creek’s Facebook was the tie to his business, “Nailed It Roofing and Restoration.”

But even without leaving boasts on Facebook for the FBI to find, Creek nevertheless left a clear trail of metadata in his wake as he traveled to insurrection.

Copyright © 2021 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/author/emptywheel/