Trump Transition Team Outraged To Be Treated as Transition Team!!

This is a general post on the GOP claim Mueller improperly obtained emails from ~13 Transition officials, updated as new news comes available. This post explains what is really going on: the Transition appears to have withheld emails — including the KT McFarland one referring to the election as having been “thrown” — and Mueller obtained proof they were withholding things. 

Both Fox News and Axios have pieces reflecting the outrage!!! among Trump people that they got asked questions about emails they thought they had hidden from Mueller’s investigation. Axios reveals that Mueller obtained the full contents of 12 accounts (Reuters says 13), one including 7,000 emails, from people on the “political leadership” and “foreign-policy team;” it says it includes “sensitive emails of Jared Kushner.”

Fox reveals that a transition lawyer wrote Congress today claiming that it was unlawful for government employees to turn over emails hosted on government servers for a criminal investigation.

A lawyer for the Trump presidential transition team is accusing Special Counsel Robert Mueller’s office of inappropriately obtaining transition documents as part of its Russia probe, including confidential attorney-client communications and privileged communications.

In a letter obtained by Fox News and sent to House and Senate committees on Saturday, the transition team’s attorney alleges “unlawful conduct” by the career staff at the General Services Administration in handing over transition documents to the special counsel’s office.

Officials familiar with the case argue Mueller could have a problem relating to the 4th Amendment – which protects against unreasonable searches and seizures.

Kory Langhofer, the counsel to Trump for America, wrote in the letter that the the GSA “did not own or control the records in question.”

But, Langhofer says, Mueller’s team has “extensively used the materials in question, including portions that are susceptible to claims of privilege.”

And Axios explains that the Trump people actually sorted through this stuff. “The sources say that transition officials assumed that Mueller would come calling, and had sifted through the emails and separated the ones they considered privileged.”

I’m really looking forward to hearing the full story about this, rather than just this partisan spin. For example, I’m interested in whether Mueller realized via some means (perhaps from someone like Reince Priebus or Sean Spicer — update, or George Papadopoulos) that the White House had withheld stuff that was clearly responsive to his requests, so he used that to ask GSA to turn over the full set.

I’m also interested in how they’ll claim any of this was privileged. The top 13 political and foreign policy people on the Trump team might include (asterisks mark people confirmed to be among those whose accounts were obtained):

  1. Pence
  2. Bannon
  3. Jared*
  4. Flynn*
  5. KT McFarland
  6. Spicer
  7. Priebus
  8. Nunes
  9. Sessions
  10. Seb Gorka
  11. Stephen Miller
  12. Hope Hicks
  13. Ivanka
  14. Don Jr
  15. Rebekah Mercer
  16. Kelly Anne Conway
  17. Rudy Giuliani
  18. Steven Mnuchin
  19. Rick Gates
  20. Corey Lewandowski
  21. Tom Bossert

Just one of those people — Sessions — is a practicing lawyer (and he wasn’t, then), and he wasn’t playing a legal role in the transition (though both Sessions and Nunes may have been using their congressional email, in which case Mueller likely would show far more deference; update: I’ve added Rudy 911 to the list, and he’d obviously qualify as a practicing lawyer). Though I suppose they might have been talking with a lawyer. But I would bet Mueller’s legal whiz, Michael Dreeben, would point to the Clinton White House Counsel precedent and say that transition lawyers don’t get privilege.

Furthermore, Trump wasn’t President yet! This has come up repeatedly in congressional hearings. You don’t get privilege until after you’re president, in part to prevent you from doing things like — say — undermining existing foreign policy efforts of the actually still serving President. So even if these people were repeating things Trump said, it wouldn’t be entitled to privilege yet.

Finally, consider that some of these people were testifying to the grand jury months and months ago. But we’re only seeing this complaint today. That’s probably true for two reasons. One, because Mueller used the emails in question (most notably, the emails between McFarland and Flynn from December 29 where they discussed Russian sanctions) to obtain a guilty plea from Flynn. And, second, because Republicans are pushing to get Trump to fire Mueller.

Update: I’ve added Pence, Don Jr., Ivanka, Hope Hicks, Kelly Anne Conway, Rudy Giuliani, Steven Mnuchin back in here.

Update: Here’s more from Reuters.

Langhofer, the Trump transition team lawyer, wrote in his letter that the GSA’s transfer of materials was discovered on Dec. 12 and 13.

The FBI had requested the materials from GSA staff last Aug. 23, asking for copies of the emails, laptops, cell phones and other materials associated with nine members of the Trump transition team response for national security and policy matters, the letter said.

On Aug. 30, the FBI requested the materials of four additional senior members of the Trump transition team, it said.

The GSA transfer may only have been discovered this week (probably as a result of Congress’ investigation). But the witnesses had to have known these emails went beyond the scope of what the transition turned over. And the request date definitely is late enough for Mueller to have discovered not everything got turned over, perhaps even from George Papadopoulos, who flipped in late July.

Update: One more thing. Remember that there were worries that transition officials were copying files out of a SCIF. That, by itself, would create an Insider Threat concern that would merit FBI obtaining these emails directly.

Update: Here’s a report dated June 15 on a transition lawyer instructing aides and volunteers to save anything relating to Russia, Ukraine, or known targets (Flynn, Manafort, Page, Gates, and Stone).

Update: AP reports that Flynn was (unsurprisingly) among those whose email was obtained.

Update: Here’s the letter. I unpacked it here. It’s a load of — I believe this is the technical term — shite. First, it stakes everything on PTT not being an agency. That doesn’t matter at all for a criminal investigation — Robert Mueller was no FOIAing this stuff. It then later invokes a bunch of privileges (the exception is the attorney client one) that only come with the consequent responsibilities. It then complains that Mueller’s team didn’t use a taint team.

Perhaps the craziest thing is they call for a law that would only permit someone to access such emails for a national security purpose — as if an espionage related investigation isn’t national security purpose!

Update: Chris Geidner got GSA’s side of the story. Turns out they claim the now dead cover up GC didn’t make the agreement the TFA lawyer says he did. In any case, GSA device users agreed their devices could be monitored.

“Beckler never made that commitment,” he said of the claim that any requests for transition records would be routed to the Trump campaign’s counsel.

Specifically, Loewentritt said, “in using our devices,” transition team members were informed that materials “would not be held back in any law enforcement” actions.

Loewentritt read to BuzzFeed News a series of agreements that anyone had to agree to when using GSA materials during the transition, including that there could be monitoring and auditing of devices and that, “Therefore, no expectation of privacy can be assumed.”

Update: Mueller’s spox, Peter Carr, issued a statement saying, “When we have obtained emails in the course of our ongoing criminal investigation, we have secured either the account owner’s consent or appropriate criminal process.”

A Bit about Dossiers: You’ve Been Eating this FUD for Years

NB: Note the byline — this is Rayne, with what might be another minority report.

Once upon a time in a nearby galaxy in the not-too-distant past, I worked in competitive intelligence. I gathered information about large technology companies’ competitors and summarized it into reports — dossiers, if you will. These firms made product decisions after reading these reports. Thanks to non-disclosure agreements I can’t tell you which companies or products, but know that if you are reading this you have been in contact with their goods and/or the long-term impact of their products and services.

The technology you’ve used or been in contact with has been shaped by these same dossiers.

My research was based on publicly available information. No sneaking around inside fence lines with false identification or hacking servers and networks to pry open locked-away goods. No flights overseas to slink through alleys into dark pubs with shady characters. I was armed with my native curiosity, a decent computer, both internet and library access, and a background in Fortune 500 report writing.

These companies took my work and used it in what is corporate warfare. It goes on around you every day, skirmishes and battles for your wallet and attention, volleys lobbed by hard and soft goods manufacturers and retailers, by firms selling services and intangibles. You think of this as marketing and often consciously blow it off.

Some of this corporate warfare is negative, openly bashing competitors based on comparative price and quality. But some of it is far more insidious; it attacks brands in a way designed to inspire long-term avoidance of entire product lines and brand names, and based on fairly flimsy information. Sometimes it’s just plain false — truly false misinformation and plausible disinformation.

But isn’t some of this fraud, you might ask? Hah-hah. Good luck proving it and making a case. Disinformation is particularly weaselly because it is plausibly true, plausibly deniable.

And I would bet dollars to donuts you’ve made tens and hundreds of purchasing decisions in your lifetime based on disinformation, perhaps even disinformation created from my dossiers. This is the point of corporate disinformation campaigns: to dissuade you from supporting their competition.

As a researcher I often ran into laundered information. For example, it might be disseminated as a small press release in another country in a language Americans don’t often bother to acquire any level of fluency. The press release may get picked up in another country, then by an English language media outlet which reports the content now two degrees from origin as news. Presto: what was once the direct output of a corporate entity is now news upon which buyers make decisions.

Is there media complicity here? Sure, to some degree; the point of origin may be lost and the first news outlets may not perceive the importance of information’s provenance because to them the origin is still visible; witness this week’s reporting by U.S. news outlets all ultimately relying on a single German business paper’s report. But the news media doesn’t bear all the culpability here. News consumers in the U.S. have been notoriously lax in validating content for decades.

It’s unsurprising given the antiquity of the admonishment, Caveat emptor. It has long been a problem that consumers of goods whether information or products and services must be more skeptical before committing their wallets and health, let alone their votes.

Social media has only made the job of laundering information even easier, between the number of washings platforms can offer and the automation of repetition, scale, and dispersion, all for a pittance. Over the last ten years the work I did as a researcher has become incredibly difficult; tracing the origin of a single piece of highly controversial or relatively arcane news originating overseas is like swimming against a mighty current.

And much of that current is deliberately crafted “alternative narrative” (pdf) — disinformation.

You may look askance at information laundering about products and services. Don’t. My own work was laundered not once but twice that I’m aware of. I wasn’t a marketing department employee at the firms which contracted competitive intel research. Nor was I an employ of the small firm contracted by these Fortune 100-1000 firms needing my services. That’s two removes and I am sure there was at least one more — the work I did was probably restated and re-presented internally, at a minimum.

Immaculate information conception — you were sold a bill of goods without knowing I was at the other end of the food chain. You never saw my fingerprints, heard my heels on the pavement, or caught a whiff of my perfume, even though in one way or another you have been touched in the last decade by decisions made based on my research.

~ | ~

You have been eating the FUD prepared for you — fear, uncertainty and doubt which gave you pause and made you choose something else. FUD has long been a tactic of technology companies; billions in sales have relied on its use. Entire industries have depended on it, created wholly from competitive intelligence dossiers like those I’ve prepared.

And yet concern trolls tell you Russia wasn’t a factor during the 2016 and that ‘fake news’ played no role whatsoever in Trump’s election? Bullshit. Russia’s culture and government make Silicon Valley look like pikers when it comes to the development and use of FUD. Social media and the decades-long reflexivity of right-wing media only served to weaponize Russia’s FUD against the U.S. We never saw it coming because we bought our own nonsense disinfo of American exceptionalism and western democracy’s inviolability.

Out there on the internet in either social media, public records, or leaked data is your voter records, disclosing your location, your state/congressional district/precinct, your voting habits; your vehicle records, your home address; your telephone number, your social media accounts and the network of family and friends and businesses with which you choose to associate. Add your purchasing habits from buyers’ loyalty cards and subscriptions, your fast food purchases when not made with cash. Your debts, whether your small business’ Dun & Bradstreet report, your mortgage, and now your personal credit record (thank you so much, Equifax). Your entire life can be digitally reconstructed to reveal your soft underbelly: what is it that makes you wake up at night in a cold sweat?

It takes little for corporations to identify and target you with an ad to make you doubt another company’s product. I don’t even have to weed through all sources I once mined and aggregated to tell them what you were thinking about Competitor X’s product Y. You’ve already told the world and the places you’ve connected to have shared it. There are simple algorithms to harvest what’s needed, quickly and cheaply.

You are not exceptional nor inviolable because you have been conditioned to exist in this information matrix. You have made little effort to pan golden fact from streams of manufactured information, too eager to swallow misinfo and disinfo because it’s easy — plausible, palatable, hits you right where you are most sensitive and vulnerable.

And yet concern trolls tell you a competing nation-state wouldn’t have used this against you, inserting FUD in a way that furthers their interests above our own, though trillions of dollars benefit at least one nation-state to do so? Though a competing nation-state’s disinformation campaign may have a very low benchmark of success, merely to dissuade you from wholeheartedly supporting restrictions against them?

Hah. Sucker. I have some technology to sell you.

~ | ~

Now here’s the part where I get annoyed with the friction over the Steele dossier. I have reasonable confidence in Steele’s findings. But this doesn’t put me in the same camp as folks who believe the dossier is gospel truth waiting to be decoded into trial-worthy evidence. My confidence separates me from those who pooh-pooh the dossier as ‘fake news’.

The fundamental problem with the public’s understanding of the dossier is the dossier’s utility. It is like the documents I prepared for technology companies — a competitive intelligence report, designed to inform its purchaser about the weaknesses and threats a competitor poses, or the most sensitive point where a competitor can be attacked. It’s not a full-blown SWOT analysis (strengths, weaknesses, opportunities, threats) as the dossier is an external view; it’s closer to an inverted SWOT looking at a competitor excluding any internal perception of the client and its place in the market. It also doesn’t have to be one hundred percent accurate — just reasonably close for the marketing equivalent of a grenade or a Daisy Cutter as the situation dictates.

The friction on the left exists because nearly everyone with a published opinion on the Steele dossier doesn’t see it as a marketing document which should have helped a purchaser develop the political equivalent of the Four Ps — product, placement, promotion (pricing doesn’t really work here, apart from ensuring messaging includes the opportunity costs of electing the right/wrong candidate).

The Clinton campaign nor the dossier-purchasing campaign before it would not necessarily take the Steele dossier as evidence in a legal sense, just as the marketing documents I prepared weren’t evidence. I didn’t get sworn statements and multiple corroborating witnesses to disclose what competing technology companies were doing; neither did Christopher Steele or his intermediary client(s) do this about candidate Trump. (It kind of runs up a flag to your targets when you ask a witness to swear out a statement in front of a notary — so much for gaining a competitive edge.) But just as the firms who bought my services trusted me to gather reasonably accurate information sufficient to make a marketing decision, so, too, did Steele’s clients trust him to do the same. (Just as an aside, it’s rather amusing so few ask how such trust is generated.)

In short, competitive intelligence dossiers are not evidentiary. They’re aggregations of reasonably accurate information for the purpose of making a marketing decision, whether the dossier’s user is a product, service, or a campaign. They help a client look forward. They aren’t designed to lock down and set in stone facts for retrospection. And in most cases, competitive intelligence dossiers try to capture a moving target; they work within a narrow time frame because the field can change rapidly.

Think about a technology company approaching someone like me today for competitive intelligence. What use would the dossiers I prepared years ago be today? They don’t capture the competitive environment in which products now go head to head. I can think of multiple competitors I followed and wrote about in my dossiers which no longer exist. In the technology sector, the landscape can change overnight. What in the Steele dossier has changed if a Trump competitor were to try and use it today?

Argue all you want about the Steele dossier. In the mean time, the competition has been drafting a more fluid dossier on us, shifting their information warfare, I mean, campaign to persuade us to their cause or to our detriment, serving up fresh, hot FUD you may all too willingly consume. For all you know, the friction itself is a direct result of disinfo-created FUD.

10 Years of emptywheel: Key Non-Surveillance Posts 2016-2017

Happy Birthday to me! To us! To the emptywheel community!

On December 3, 2007, emptywheel first posted as a distinct website. That makes us, me, we, ten today.

To celebrate, over the next few days, the emptywheel team will be sharing some of our favorite work from the last decade. I’ll be doing probably 3 posts featuring some of my most important or — in my opinion — resilient non-surveillance posts, plus a separate post bringing together some of my most important surveillance work. I think everyone else is teeing up their favorites, too.

Putting together these posts has been a remarkable experience to see where we’ve been and the breadth of what we’ve covered, on top of mainstays like surveillance. I’m really proud of the work I’ve done, and proud of the community we’ve maintained over the years.

For years, we’ve done this content ad free, relying on donations and me doing freelance work for others to fund the stuff you read here. I would make far more if I worked for some free-standing outlet, but I wouldn’t be able to do the weedy, iterative work that I do here, which would amount to not being able to do my best work.

If you’ve found this work valuable — if you’d like to ensure it remains available for the next ten years — please consider supporting the site.

2016

Why Doesn’t Dianne Feinstein Want to Prevent Murders Like those Robert Dear Committed?

I’ve written a lot about how the focus on Islamic terrorism, based on a claim it’s foreign, creates gross inequalities for Muslims in this country, and does nothing to address some of our most dangerous mass killers (as the Stephen Paddock massacre in Las Vegas makes all too clear). This post is one of that series. It focuses on how the ill-advised efforts to use the No Fly List to create a list of those who couldn’t own guns would be discriminatory and wouldn’t add much to safety.

“Only Facts Matter:” Jim Comey Is Not the Master Bureaucrat of Integrity His PR Sells Him As

From the periods when Jim Comey was universally revered as a boy scout through those when Democrats blamed him for giving us Trump (through the time Democrats predictably flip flopped on that point), I have consistently pointed to a more complicated story, particularly with regards to surveillance and torture. I think the lesson of Comey isn’t so much he’s a bad person — it’s that he’s human, and no human fits into the Manichean world of good guys and bad guys that he viewed justice through.

NSA and CIA Hacked Enrique Peña Nieto before the 2012 Election

As Americans came to grips with the fact that Russia had hacked Democrats to influence last year’s election, many people forgot that the US does the same. And it’s not even just in the bad old days of Allen Dulles. The Snowden documents revealed that NSA and CIA hacked Enrique Peña Nieto in the weeks before he was elected in 2012. The big difference is we don’t know what our spooks did with that information.

Why Is HPSCI’s Snowden Report So Inexcusably Shitty?

In 2016, HPSCI released its Devin Nunes-led investigation into Edward Snowden’s leaks. It was shitty. Really shitty.

Now that the HPSCI investigation into the Russian hack (which has not been subjected to the same limitations as the Snowden investigation was) has proven to be such a shit show, people should go back and review how shitty this review was (including its reliance on Mike Flynn’s inflammatory claims). There absolutely should have been a review of Snowden’s leaks. But this was worse than useless.

Look Closer to Home: Russian Propaganda Depends on the American Structure of Social Media

As people began to look at the role of fake news in the election, I noted that we can’t separate the propaganda that supported Trump from the concentrated platforms that that propaganda exploited. A year later, that’s a big part of what the Intelligence Committees have concluded.

The Evidence to Prove the Russian Hack

In this post I did a comprehensive review of what we knew last December about the proof Russia was behind the tampering in last year’s election.

Obama’s Response to Russia’s Hack: An Emphasis on America’s More Generalized Vulnerability

Last year, in a speech on the hack, Obama focused more on America’s vulnerability that made it possible for Russia to do so much damage than he did on attacking Putin. I think it’s a really important point, one I’ve returned to a lot in the last year.

The Shadow Brokers: “A Nice Little NSA You’ve Got Here; It’d Be a Shame If…”

In December, I did a review of all the posts Shadow Brokers had done and suggested he was engaged in a kind of hostage taking, threatening to dump more NSA tools unless the government met his demands. I was particularly interested in whether such threats were meant to prevent the US from taking more aggressive measures to retaliate against Russia for the hack.

2017

On “Fake News”

After getting into a bunch of Twitter wars over whether we’re at a unique moment with Fake News, I did this post, which I’ve often returned to.

How Hal Martin Stole 75% of NSA’s Hacking Tools: NSA Failed to Implement Required Security Fixes for Three Years after Snowden

The government apparently is still struggling to figure out how its hacking tools (both NSA and CIA) got stolen. I noted back in January that an IG report from 2016 showed that in the three years after Snowden, the IC hadn’t completed really basic things to make itself more safe from such theft.

The Doxing of Equation Group Hackers Raises Questions about the Legal Role of Nation-State Hackers

One thing Shadow Brokers did that Snowden and WikiLeaks, with its Vault 7 releases, have not is to reveal the identities of NSA’s own hackers. Like DOJ’s prosecution of nation-state hackers, I think this may pose problems for the US’ own hackers.

Reasons Why Dems Have Been Fucking Stupid on the Steele Dossier: a Long Essay

I believe Democrats have been ill-advised to focus their Russia energy on the Steele dossier, not least because there has been so much more useful reporting on the Russia hack that the Steele dossier only makes their case more vulnerable to attack. In any case, I continue to post this link, because I continue to have to explain the dossier’s problems.

Other Key Posts Threads

10 Years of emptywheel: Key Non-Surveillance Posts 2008-2010

10 Years of emptywheel: Key Non-Surveillance Posts 2011-2012

10 Years of emptywheel: Key Non-Surveillance Posts 2013-2015

[Photo: Emily Morter via Unsplash]

K. T. McFarland’s Big Fat Email [UPDATED]

[NB: Update at the bottom of this post.]

I am posting this on the fly, haven’t yet fully digested what I just read. All I can really do right now is roll my eyes as I wave my hands in the air and scream about the stupid that burns.

You need to read this article, Emails Dispute White House Claims That Flynn Acted Independently on Russia; this bit in particular just boggles my mind although it’s not the only thing in this article which made me ululate.

Excerpt, The New York Times

And of course it’s Obama’s or the Democratic Party’s fault she was taken out of context here. Uh-huh. And Clinton should be impeached.

This bit is nearly as mind-blowingly whack:

Excerpt, The New York Times

“Political malpractice” is not the first thing that comes to mind here, Mr. Cobb.

UPDATE — 9:00 PM EST —

NYT’s Michael Schmidt has now provided K. T. McFarland’s full quote to clarify what was meant in the email.

We’re supposed to believe the context is about spin McFarland anticipated Obama (or the unspecified Democrats in the NYT’s article) would employ against Trump.

However lawyer Ty Cobb’s explainer-cum-apologia doesn’t sound like McFarland and others on the transition team were merely indulging in speculation.

Any time now I expect someone in the administration will not only say openly that Trump authorized the transition team to discuss dropping the sanctions, but that it isn’t illegal when the president does it.

Except in the U.S. we only have one president at a time.

Throwing H2O on the Pompeo to State Move

I could be totally wrong, but I don’t think the reported plan for Rex Tillerson to step down, to be replaced by Mike Pompeo, who in turn will be replaced by Tom Cotton (or maybe Admiral Robert Harward because Republicans can’t afford to defend an Arkansas Senate seat), will really happen.

The White House has developed a plan to force out Secretary of State Rex W. Tillerson, whose relationship with President Trump has been strained, and replace him with Mike Pompeo, the C.I.A. director, perhaps within the next several weeks, senior administration officials said on Thursday.

Mr. Pompeo would be replaced at the C.I.A. by Senator Tom Cotton, a Republican from Arkansas who has been a key ally of the president on national security matters, according to the White House plan. Mr. Cotton has signaled that he would accept the job if offered, said the officials, who insisted on anonymity to discuss sensitive deliberations before decisions are announced.

I say that for two reasons.

First, because of all the evidence that Mike Flynn is working on a plea deal. Particularly given that Mueller has decided he doesn’t need any more evidence of Flynn’s corrupt dealings with Turkey, I suspect his leverage over Flynn has gone well beyond just those crimes (which, in turn, is why I suspect Flynn has decided to flip).

I think that when the plea deal against Flynn is rolled out, it will be associated with some fairly alarming allegations against him and others, allegations that will dramatically change how willing Republicans are to run interference for Trump in Congress.

If I’m right about that, it will make it almost impossible for Pompeo to be confirmed as Secretary of State. Already, Senate Foreign Relations Committee Chair Bob Corker, who’d oversee the confirmation, is sending signals he’s not interested in seeing Pompeo replace Tillerson.

“I could barely pick Pompeo out of a lineup” Sen. Bob Corker (R-Tenn.), chairman of the Senate Foreign Relations Committee, said Thursday morning.

Already, Pompeo’s cheerleading of Wikileaks during the election should have been disqualifying for the position of CIA Director. That’s even more true now that Pompeo himself has deemed them a non-state hostile intelligence service.

Add in the fact that Pompeo met with Bill Binney to hear the skeptics’ version of the DNC hack, and the fact that Pompeo falsely suggested that the Intelligence Community had determined Russia hadn’t affected the election. Finally, add in the evidence that Pompeo has helped Trump obstruct the investigation and his role spying on CIA’s own investigation into it, and there’s just far too much smoke tying Pompeo to the Russian operation.

All that will become toxic once Mike Flynn’s plea deal is rolled out, I believe.

So between Corker and Marco Rubio, who both treat Russia’s hack of the election with real seriousness (remember, too, that Rubio himself was targeted), I don’t see how Pompeo could get out of the committee.

But there’s another reason I don’t think this will happen. I suspect it — like earlier threats to replace Jeff Sessions — is just an attempt to get Tillerson to hew the Administration line on policy. The NYT cites Tillerson’s difference of opinion on both North Korea and Iran.

Mr. Trump and Mr. Tillerson have been at odds over a host of major issues, including the Iran nuclear deal, the confrontation with North Korea and a clash between Arab allies. The secretary was reported to have privately called Mr. Trump a “moron” and the president publicly criticized Mr. Tillerson for “wasting his time” with a diplomatic outreach to North Korea

It’s Iran that’s the big issue, particularly as Jared frantically tries to finish his “peace” “plan” before he gets arrested himself. The fact that Trump has floated Cotton as Pompeo’s replacement is strong support for the notion that this is about forcing Tillerson to accept the Administration lies about Iran and the nuclear deal: because Cotton, more than anyone else, has been willing to lie to oppose the deal.

Trump is basically saying that unless Tillerson will adopt the lies the Administration needs to start a war with Iran, then he will be ousted.

But Tillerson’s claim that he doesn’t need to replace all the people who’ve left state because he thinks a lot of domestic issues will be solved soon seems to reflect that he’s parroting the Administration line now.

Obviously, there’s no telling what will happen, because Trump is completely unpredictable.

But he also likes to use threats to get people to comply.

Update: CNN now reporting I’m correct.

On the Jared and Flynn Stories

Amid reports that Mike Flynn is flipping like a pancake, CNN reported (in addition to a report that Mueller’s team canceled a grand jury appearance for former Flynn business associates) that Jared Kushner was asked a bunch of questions about Flynn in an interview earlier this month.

Before reading the details CNN provides, however, consider this line in the story:

It’s not clear that this is the only time that Kushner will meet with the special counsel’s team.

That is, the subtext here is that, even as Mueller’s team preps a plea deal with Flynn, he’s well aware that he remains a key target in conjunction with Flynn events, and may get hauled back before Mueller’s team for all the other stuff. Effectively, they were locking in Kushner’s testimony — including, presumably, about what kind of permission/instructions Flynn had to engage in the corrupt foreign deals he was pushing — from Kushner and his pop-in-law before flipping Flynn.

So here’s how CNN describes the Flynn questions:

Mueller’s team specifically asked Kushner about former national security advisor Michael Flynn, who is under investigation by the special counsel, two sources said. Flynn was the dominant topic of the conversation, one of the sources said.

[snip]

The conversation lasted less than 90 minutes, one person familiar with the meeting said, adding that Mueller’s team asked Kushner to clear up some questions he was asked by lawmakers and details that emerged through media reports. One source said the nature of this conversation was principally to make sure Kushner doesn’t have information that exonerates Flynn.

The meeting took place around the same time the special counsel asked witnesses about Kushner’s role in the firing of former FBI Director James Comey and his relationship with Flynn, these people said.

That means, as we speak, Flynn is providing his side of this story, and explaining why Jared was so intent on firing Mueller because Mueller was actively investigating Flynn.

As I’ve long said, you get to Jared through Flynn. It seems like Jared’s team is now hoping he gets a second chance at testimony before he gets busted himself.

The Russian Metadata in the Shadow Brokers Dump

When I first noted, back in April, that there was metadata in one of the Shadow Brokers dumps, I suggested two possible motives for the doxing of several NSA hackers. First (assuming Russia had a role in the operation), to retaliate against US indictments of Russian hackers, including several believed to be tied to the DNC hack.

A number of the few people who’ve noted this doxing publicly have suggested that it clearly supports the notion that a nation-state — most likely Russia — is behind the Shadow Brokers leak. As such, the release of previously unannounced documents to carry out this doxing would be seen as retaliation for the US’ naming of Russia’s hackers, both in December’s election hacking related sanctions and more recently in the Yahoo indictment, to say nothing of America’s renewed effort to arrest Russian hackers worldwide while they vacation outside of Russia.

But leaving the metadata in the documents might also make the investigation more difficult.

[F]our days before Shadow Brokers started doxing NSA hackers, Shadow Brokers made threats against those who’ve commented on the released Shadow Brokers files specifically within the context of counterintelligence investigations, even while bragging about having gone unexposed thus far even while remaining in the United States.

Whatever else this doxing may do, it will also make the investigation into how internal NSA files have come to be plastered all over the Internet more difficult, because Shadow Brokers is now threatening to expose members of TAO.

With that in mind, I want to look at a Brian Krebs piece that makes several uncharacteristic errors to get around to suggesting a Russian-American might have been the guy who leaked the files in question.

He sets out to read the metadata I noted (but did not analyze in detail, because why make the dox worse?) in April to identify who the engineer was that had NSA files discovered because he was running Kaspersky on his home machine.

In August 2016, a mysterious entity calling itself “The Shadow Brokers” began releasing the first of several troves of classified documents and hacking tools purportedly stolen from “The Equation Group,” a highly advanced threat actor that is suspected of having ties to the U.S. National Security Agency. According to media reports, at least some of the information was stolen from the computer of an unidentified software developer and NSA contractor who was arrested in 2015 after taking the hacking tools home. In this post, we’ll examine clues left behind in the leaked Equation Group documents that may point to the identity of the mysterious software developer.

He links to the WSJ and cites, but doesn’t link, this NYT story on the Kaspersky related breach.

Although Kaspersky was the first to report on the existence of the Equation Group, it also has been implicated in the group’s compromise. Earlier this year, both The New York Times and The Wall Street Journal cited unnamed U.S. intelligence officials saying Russian hackers were able to obtain the advanced Equation Group hacking tools after identifying the files through a contractor’s use of Kaspersky Antivirus on his personal computer. For its part, Kaspersky has denied any involvement in the theft.

Then he turns to NYT’s magnum opus on Shadow Brokers to substantiate the claim the government has investigations into three NSA personnel, two of whom were related to TAO.

The Times reports that the NSA has active investigations into at least three former employees or contractors, including two who had worked for a specialized hacking division of NSA known as Tailored Access Operations, or TAO.

[snip]

The third person under investigation, The Times writes, is “a still publicly unidentified software developer secretly arrested after taking hacking tools home in 2015, only to have Russian hackers lift them from his home computer.”

He then turns to the Shadow Brokers’ released metadata to — he claims — identify the two “unnamed” NSA employees and the contractor referenced in The Times’ reporter.”

So who are those two unnamed NSA employees and the contractor referenced in The Times’ reporting?

From there, he points to a guy that few reports that analyzed the people identified in the metadata had discussed, A Russian! Krebs decides that because this guy is Russian he’s likely to run Kaspersky and so he must be the guy who lost these files.

The two NSA employees are something of a known commodity, but the third individual — Mr. Sidelnikov — is more mysterious. Sidelnikov did not respond to repeated requests for comment. Independent Software also did not return calls and emails seeking comment.

Sidelnikov’s LinkedIn page (PDF) says he began working for Independent Software in 2015, and that he speaks both English and Russian. In 1982, Sidelnikov earned his masters in information security from Kishinev University, a school located in Moldova — an Eastern European country that at the time was part of the Soviet Union.

Sildelnikov says he also earned a Bachelor of Science degree in “mathematical cybernetics” from the same university in 1981. Under “interests,” Mr. Sidelnikov lists on his LinkedIn profile Independent Software, Microsoft, and The National Security Agency.

Both The Times and The Journal have reported that the contractor suspected of leaking the classified documents was running Kaspersky Antivirus on his computer. It stands to reason that as a Russian native, Mr. Sildelnikov might be predisposed to using a Russian antivirus product.

Krebs further suggests Sidelnikov must be the culprit for losing his files in the Kaspersky incident because the guy who first pointed him to this metadata, a pentester named Mike Poor, said a database expert like Sidelnikov shouldn’t have access to operational files.

“He’s the only one in there that is not Agency/TAO, and I think that poses important questions,” Poor said. “Such as why did a DB programmer for a software company have access to operational classified documents? If he is or isn’t a source or a tie to Shadow Brokers, it at least begets the question of why he accessed classified operational documents.”

There are numerous problems with Krebs’ analysis — which I pointed out this morning but which he blew off with a really snotty tweet.

First, the NYT story he cites but doesn’t link to notes specifically that the Kaspersky related breach is unrelated to the Shadow Brokers leak, something that I also  pointed out was logically obvious given how long the NSA claimed Hal Martin was behind the Shadow Brokers leak after the government was known to be investigating the Kaspersky related guy.

It does not appear to be related to a devastating leak of N.S.A. hacking tools last year to a group, still unidentified, calling itself the Shadow Brokers, which has placed many of them online.

Krebs also misreads the magnum opus NYT story. The very paragraph he quotes from reads like this:

The agency has active investigations into at least three former N.S.A. employees or contractors. Two had worked for T.A.O.: a still publicly unidentified software developer secretly arrested after taking hacking tools home in 2015, only to have Russian hackers lift them from his home computer; and Harold T. Martin III, a contractor arrested last year when F.B.I. agents found his home, garden shed and car stuffed with sensitive agency documents and storage devices he had taken over many years when a work-at-home habit got out of control, his lawyers say. The third is Reality Winner, a young N.S.A. linguist arrested in June, who is charged with leaking to the news site The Intercept a single classified report on a Russian breach of an American election systems vendor.

That is, there aren’t “two unnamed NSA employees and [a] contractor referenced in The Times’ reporting.” The paragraph he refers to names two of the targets: Hal Martin (the other TAO employee) and Reality Winner. Which leaves just the Kaspersky related guy.

Krebs seemed unaware of the WaPo versions of the story, which include this one where Ellen Nakashima (who was the first to identify this guy last year) described the engineer as a Vietnamese born US citizen. Not a Russian-American, a Vietnamese-American.

Mystery solved Scoob! All without even looking at the Shadow Brokers’ metadata. There’s one more part of the Krebs story which is weird — that he takes the same non-response he got from the known NSA guys doxed by Shadow Brokers from Sidelnikov as somehow indicative of anything, even while if he had been “arrested” as Krebs’ headline mistakenly suggests, then you’d think his phone might not be working at all.

There’s more I won’t say publicly about Krebs’ project, what he really seems to be up to.

But the reason I went through the trouble of pointing out the errors is precisely because Krebs went so far out of his way to find a Russian to blame for … something.

We’ve been seeing Russian metadata in documents for 17 months. Every time such Russian metadata is found, everyone says, Aha! Russians! That, in spite of the fact that the Iron Felix metadata was obviously placed there intentionally, and further analysis showed that some of the other Russian metadata was put there intentionally, too.

At some point, we might begin to wonder why we’re finding so much metadata screaming “Russia”?

Update: After the Vietnamese-American’s guilty plea got announced, Krebs unpublished his doxing post.

A note to readers: This author published a story earlier in the week that examined information in the metadata of Microsoft Office documents stolen from the NSA by The Shadow Brokers and leaked online. That story identified several individuals whose names were in the metadata from those documents. After the guilty plea entered this week and described above, KrebsOnSecurity has unpublished that earlier story.

The Seychelles Meeting Inches Kushner Closer to Quid Pro Quo with Sanctioned Russian Money

The Intercept has an article that has gotten surprisingly little attention, particularly given the reports that Mike Flynn is prepping to flip on Trump and that the House Intelligence Committee will have Erik Prince testify in its investigation.

It reveals that the previously unknown identity of a Russian that Erik Prince met in the Seychelles in January is the CEO of the Russian Direct Investment Fund.

The identity of the Russian individual was not disclosed, but on January 11, a Turkish-owned Bombardier Global 5000 charter plane flew Kirill Dmitriev, CEO of the Russian Direct Investment Fund, to the Seychelles, flight records obtained by The Intercept show. Dmitriev’s plane was an unscheduled charter flight and flew to the island with two other Russian individuals, both women. The RDIF is a $10 billion sovereign wealth fund created by the Russian government in 2011.

[snip]

Although Prince repeatedly stated he couldn’t remember the Russian’s name — “We didn’t exchange cards” — a spokesperson for Frontier Services Group confirmed to The Intercept in September that Prince “crossed paths” with Dmitriev in the Seychelles.

The article goes on to note that the RDIF separated from its parent company Vnesheconombank in 2016 to evade sanctions.

While it is legal to do business with RDIF in certain circumstances, there are several nuanced restrictions that if ignored or overlooked can easily lead to a violation. The resulting uncertainty has created opportunities for companies and individuals to find loopholes to bypass sanctions.

Analysts say RDIF attempted to do this in 2016 when the fund distanced itself from its parent company, the Russian bank Vnesheconombank, or VEB, which is also subject to U.S. sanctions. Legislation signed by Putin in June 2016 enabled RDIF to transfer its management company, known as the RDIF Management Company LLC, to the Russian Federal Agency for State Property Management.

Sadly, the Intercept article doesn’t lay out the timeline this creates:

Early December: Flynn and Kushner meet with Sergei Kislyak

Later December: At the behest of Kislyak, Kushner meets with Vnesheconombank’s Sergey Gorkov

December: Mohammed bin Zayed holds undisclosed meeting in NY with Kushner and Steve Bannon

December 29: Flynn tells Kislyak Trump will ease sanctions

January 11: At behest of Mohammed bin Zayed, Erik Prince meets with Dmitriev

January 17: Anthony Scaramucci meets with RDIF in Davos

As We Face Our Current Emergency Let’s Not Forget How (and Who) Our Last One Contributed to This One

All over Twitter yesterday, people introduced this Michael Hayden tweet decrying Trump’s “assault on truth, a free press or the first amendment” by emphasizing that he served as CIA and NSA Director.

They seem to forget that, in the name of supporting expansive executive authority, Hayden lied to Congress, targeted Thomas Drake for his unclassified communications with the press about Hayden’s support for profiteering contractors, and attacked journalists who have covered the Snowden leaks.

Also on Twitter, Ben Wittes wrote a long thread, advocating that “Americans do not need to be actively contesting right now across traditional left-right divisions” so long as “Americans of good faith collectively band together to face a national emergency.”

In a thread that singles out the First Amendment (though not, predictably, the Fourth), Wittes imagines two main entities that might conduct investigations into Trump: law enforcement and “men and women of the bureaucracy who are courageous enough to come forward and assist,” though he follows quickly with a generalized profession that this non-partisan truce he has unilaterally declared also involves supporting the spooks.

Having declared a truce on “important foreign policy questions,” he then emphasizes we have to keep our promises abroad.

And also we have to keep promises about rights.

The two, together, have set off a debate about what our national emergency really is — where Trump came from.

Remarkably, I’ve seen few pointing back to this remarkable Adam Serwer piece on the whiteness that got Trump elected. As he lays out, Trump got elected because white voters cared more about restoring “traditional” race, sex, and class roles than about all the horrible things Trump espoused.

Trump’s great political insight was that Obama’s time in office inflicted a profound psychological wound upon many white Americans, one that he could remedy by adopting the false narrative that placed the first black president outside the bounds of American citizenship. He intuited that Obama’s presence in the White House decreased the value of what W. E. B. Du Bois described as the “psychological wage” of whiteness across all classes of white Americans, and that the path to their hearts lay in invoking a bygone past when this affront had not taken place, and could not take place.

That the legacy of the first black president could be erased by a birther, that the woman who could have been the first female president was foiled by a man who confessed to sexual assault on tape—these were not drawbacks to Trump’s candidacy, but central to understanding how he would wield power, and on whose behalf.

Americans act with the understanding that Trump’s nationalism promises to restore traditional boundaries of race, gender, and sexuality. The nature of that same nationalism is to deny its essence, the better to salve the conscience and spare the soul.

Serwer’s piece is absolutely required reading.

But his exposition largely focuses on the domestic aspect of white supremacy. This paragraph is one of the few that focuses on the last emergency people like Wittes and Hayden screamed un-self critically about, the never-ending war on terror.

In the meantime, more than a decade of war nationalism directed at jihadist groups has shaped Republican attitudes toward Muslims—from seeing them as potential Republican voters in the late 1990s to viewing them as internal enemies currently. War nationalism always turns itself inward, but in the past, wars ended. Anti-Irish violence fell following the service of Irish American soldiers in the Civil War; Germans were integrated back into the body politic after World War II; and the Italians, Jews, and eastern Europeans who were targeted by the early 20th century’s great immigration scare would find themselves part of a state-sponsored project of assimilation by the war’s end. But the War on Terror is without end, and so that national consolidation has never occurred. Again, Trump is a manifestation of this trend rather than its impetus, a manifestation that began to rise not long after Obama’s candidacy.

And there’s no mention of white supremacy’s foreign counterpart, American exceptionalism, which has long led (white male) Americans to believe America had somehow earned its wealth and prestige without, at the same time, hurting the well-being of others around the world, one which has made Trump’s instinct to demand capitulation from other countries so popular.

Both are, after all, about assuming the capitulation of brown people is the natural order we deserve, whether in our neighborhoods or on the other side of the world.

I raise all this because, in addition to the whiteness problem Serwer lays out, I do think the exceptionalism and expansive executive power that Hayden and Wittes have championed are part of what created this emergency as well. Those who created and sustained that last emergency — those who insisted we needed exceptional measures the last time, exceptional measures that gave Trump far more tools with which to violate norms and persecute enemies — want us to divorce this emergency from their own actions that contributed to it and may make it harder to recover from.

By all means, those who newly admit problems with expansive executive power are welcome to join those of us who’ve long been fighting it. But I’m not sure why everyone wants them to take the lead.

How Did Christopher Steele Collect Information after Sources (Allegedly) Dried Up?

Sorry to those who think I’m overly focused on the Christopher Steele dossier, but I’m reading Luke Harding’s book on the Russian investigation, which uses the dossier as a centerpiece. I may do a longer post about what his overall narrative does, but for now there’s a weird paragraph that conveniently is in this long excerpt I want to focus on.

After introducing the first report of the dossier (the one that features the pee tape and dated, non-email kompromat), Harding writes,

The memo was sensational. There would be others, 16 in all, sent to Fusion between June and early November 2016. At first, obtaining intelligence from Moscow went well. For around six months – during the first half of the year – Steele was able to make inquiries in Russia with relative ease. It got harder from late July, as Trump’s ties to Russia came under scrutiny. Finally, the lights went out. Amid a Kremlin cover-up, the sources went silent and information channels shut down.

There are several details that conflict with known facts and/or claimed (in some cases, sworn) ones.

First, Harding suggests there were 16 reports in all. I’m not sure whether he’s suggesting the final total of reports written between June and early November was 16 or whether he’s suggesting there were 16 additional reports in all, for a total of 17. Either way the number works out (there were 17 total reports, one of which was written after November). But that makes the November reference weird. There was no report written in early November. The last known report before the election was dated October 20, and then there wasn’t another one until that December 13 one.

  • 080: June 20, 2016
  • 086: July 26, 2015 (citing events in 2016)
  • 095: not dated
  • 94: July 19, 2016
  • 097: July 30, 2016
  • 100: August 5, 2016
  • 101: August 10, 2016
  • 102: August 10, 2016
  • 136: October 20, 2016
  • 105: August 22, 2016
  • 111: September 14, 2016
  • 112: September 14, 2016
  • 113: September 14, 2016
  • 130: October 12, 2016
  • 134: October 18, 2016
  • 135: October 19, 2016
  • 166: December 13, 2016

In any case, Harding gets the December date sort of correct later in the passage. Except he describes Glenn Simpson giving John McCain the report, dated December 13, before McCain called Jim Comey about it on December 8.

Less than 24 hours later, Kramer returned to Washington. Glenn Simpson then shared a copy of the dossier confidentially with McCain, along with a final Steele memo on the Russian hacking operation, written in December.

McCain believed it was impossible to verify Steele’s claims without a proper investigation. He made a call and arranged a meeting with Comey. Their encounter on 8 December 2016 lasted five minutes. Not much was said. McCain gave Comey the dossier.

I explain the significance of these December dates in this post.

Things are even weirder with the third sentence in this passage.

For around six months – during the first half of the year – Steele was able to make inquiries in Russia with relative ease.

According to the public narrative, Steele wasn’t working for Fusion until the Democrats asked for a Russian focus in June. And the first of his released reports relies on reporting from June. But Harding here suggests Steele was working on it for the six months before that! I pointed to circumstantial evidence that Fusion paid Steele on March 22, April 6, and May 25, in payments they don’t associate with Perkins Coie, in addition to the payments that were probably to him on July 13, August 2, September 1, October 5, and November 1.

Now check out the following sentences. Starting in “late July … the lights went out and … the sources went silent and information channels shut down.”

As the timeline above makes clear, the numbering in the dossier gets funky almost immediately, but the most likely reading suggests after that first, June 20 report, there are 4 reports from late July, and the remaining 12 reports all postdate late July. Report 100, the first post-July one, is sourced to “early August 2016” (and dated August 5).

Now, maybe the paragraph is just totally screwy. But if there’s any basis in fact to it, it suggests the public timeline is wrong (something which may be backed by the payments). More importantly, it suggests Steele’s extensive (albeit very indirect) network of sources stopped providing intelligence not long after he allegedly started his inquiry.

image_print