The First Amendment Wall-Splat that Anticipates Any Defense of a Trump Conspiracy or WikiLeaks Charge

Last week, lawyers from Jones Day representing the Trump campaign submitted a response to a lawsuit by two Democratic donors and a DNC employee (the case is referred to as Cockrum after donor Roy Cockrum) that presents an interesting, but imperfect, preview of any defense of a Trump conspiracy and/or a WikiLeaks charge in the election hack-and-leak.

Effectively, the Democrats attempt to hold the Trump campaign responsible for having their private information (social security numbers in the case of the donors and more personal conversations in the case of DNC employee Scott Comer) posted in the emails released by WikiLeaks on July 22, 2016. They do so by arguing that the Trump campaign conspired with agents of Russia, agreeing to provide policy considerations in exchange for the assistance presented by the email release, which therefore makes them parties to the injury associated with the hack-and-leak.

The campaign isn’t responsible for information released as part of their conspiracy because the First Amendment protects it

In response, the Trump campaign (represented by Jones Day, and therefore by more competent lawyers than some of the clowns representing the president in the Mueller investigation) only secondarily deny the campaign entered into a conspiracy with the Russians as governed by the laws invoked by plaintiffs (you should not take this emphasis as admission of guilt in a conspiracy, but rather the most efficacious way of defeating the lawsuit). As a primary defense, they point to First Amendment precedent to argue two things: First, the campaign can’t be held responsible for the theft of information because they only sought the dissemination of already stolen documents — they had nothing to do with the theft of the documents, the campaign argues.

In Bartnicki v. Vopper, 532 U.S. 514 (2001), the Supreme Court held that the First Amendment protects a speaker’s right to disclose stolen information if (1) the speaker was “not involved” in the acquisition and (2) the disclosure deals with “a matter of public concern.” Id. at 529, 535. There, union leaders spoke on the phone about using violence against school-board members to influence salary negotiations. Id. at 518–19. An unknown person secretly intercepted the call and shared the illegal recording with a local radio host, who played it on his show. Id. at 519. The Court ruled that the First Amendment protected the radio broadcast, because the host “played no part in the illegal interception” and “the subject matter of the conversation was a matter of public concern.” Id. at 525. The Court reasoned that “state action to punish the publication of truthful information seldom can satisfy constitutional standards.” Id. at 527. The state has an interest in deterring theft of information, but it must pursue that goal by imposing “an appropriate punishment” on “the interceptor”—not by punishing a speaker who was “not involved in the initial illegality.” Id. at 529. The state also has an interest in protecting “privacy of communication,” but “privacy concerns give way when balanced against the interest in publishing matters of public importance.” Id. at 533–34. In short, “a stranger’s illegal conduct does not suffice to remove the First Amendment shield from speech about a matter of public concern.” Id. at 535.

“An opposite rule”—under which a speaker may be punished for truthful disclosures on account of a “defect in the chain of title”—“would be fraught with danger.” Boehner v. McDermott, 484 F.3d 573, 586 (D.C. Cir. 2007) (opinion of Sentelle, J., joined by a majority of the en banc court). “U.S. newspapers publish information stolen via digital means all the time.” Jack L. Goldsmith, Uncomfortable Questions in the Wake of Russia Indictment 2.0 (July 16, 2018).1 Indeed, they “openly solicit such information.” Id. Punishing “conspiracy to publish stolen information” “would certainly narrow protections for ‘mainstream’ journalists.” Id.

The Campaign satisfies the first part of Bartnicki’s test: It “played no part in the illegal interception.” Bartnicki, 532 U.S. at 525. That is clear from Plaintiffs’ factual theory: “Defendants entered into an agreement with other parties, including agents of Russia and WikiLeaks, to have information stolen from the DNC publicly disseminated in a strategic way.” (Am. Compl. ¶ 16) (emphasis added). The complaint reinforces that theory on every page: “the publication of hacked information pursuant to the conspiracy” (id. ¶ 20); “conspiracy … to disseminate information” (id. ¶ 78); “extracting concessions … in exchange for the dissemination of the information” (id. ¶ 149); “an agreement to disseminate the hacked DNC emails”) (id. at 42); “motive to coordinate regarding such dissemination” (id. ¶ 153); “an agreement regarding the publication” (id. ¶ 154); “agreed … to publicly disclose” (id. ¶ 296) (all emphases added).

In a key move, the response points to the chronology (they incorrectly say) the plaintiffs lay out to show that the Campaign didn’t enter into a conspiracy with the Russians until after the theft had already taken place.

That is no surprise. Given Rule 11, Plaintiffs could not have alleged the Campaign’s involvement in the initial hack. According to Plaintiffs’ own account, Russian intelligence hacked the DNC’s networks “in July 2015,” and gained access to email accounts “by March 2016.” (Id. ¶ 86.) But the Campaign supposedly became motivated to work with Russia only in “the spring and summer of 2016” (id. at 25), and supposedly entered into the agreement in “secret meetings” in “April,” “May,” “June,” and “July” 2016 (id. ¶¶ 89–104). In other words, Plaintiffs themselves say that the alleged conspiracy was formed after the hack and after the acquisition of the emails—so that the Campaign could not have participated in the initial theft.

From there, the Campaign shifts to the second part of the First Amendment argument: what they encouraged the Russians (and WikiLeaks) to publish was a matter of public concern.

The Campaign also satisfies the second part of Bartnicki’s test: the disclosure deals with “a matter of public concern.” Bartnicki, 532 U.S. at 525. Whether speech deals with issues of public concern is “a matter of law.” Snyder v. Phelps, 580 F.3d 206, 220 (4th Cir. 2009). “Speech deals with matters of public concern when it can be fairly considered as relating to any matter of political, social, or other concern to the community, or when it is a subject of legitimate news interest.” Snyder v. Phelps, 562 U.S. 443, 453 (2011) (citations and quotation marks omitted). A court applying this test must examine the “content, form, and context” of the speech. Id.

Courts judge the public character of a disclosure in the aggregate, not line by line. Regardless of whether the particular sentence complained about is itself of public concern, the disclosure is constitutionally protected if the disclosure as a whole deals with a matter of public concern. For example, in Bartnicki, leaders of a teachers’ union spoke on the phone about “blow[ing] off [school-board members’] front porches” to influence salary negotiations. 532 U.S. at 519. Even though the threat to “blow off” porches was not itself speech about public issues, the First Amendment protected the disclosure because the host made it while “engaged in debate about” teacher pay—“a matter of public concern.” Id. at 535. The “public concern” test thus turns on the broader context of the disclosure, not the nature of the specific fact disclosed.

To substantiate their “public concern” defense, the response points to (and includes as exhibits) a handful emails out of the tens of thousands dumped in just the DNC release and some bad press coverage, and argues that because WikiLeaks has a policy of not redacting emails, the information that damaged the plaintiffs just came out along with this public concern information.

These emails revealed important information about the Clinton Campaign and Democratic Party. For example:

  • The emails revealed DNC officials’ hostility toward Senator Sanders. DNC figures discussed portraying Senator Sanders as an atheist, because “my Southern Baptist peeps would draw a big difference between a Jew and an atheist.” (Ex. 1.) They suggested pushing a media narrative that Senator Sanders “never ever had his act together, that his campaign was a mess.” (Ex. 2.) They opposed his push for additional debates. (Ex. 3.) They complained that he “has no understanding” of the Democratic Party. (Ex. 4.)
  • According to The New York Times, “thousands of emails” between donors and fundraisers revealed “in rarely seen detail the elaborate, ingratiating and often bluntly transactional exchanges necessary to harvest hundreds of millions of dollars from the party’s wealthy donor class.” These emails “capture[d] a world where seating charts are arranged with dollar totals in mind, where a White House celebration of gay pride is a thinly disguised occasion for rewarding wealthy donors and where physical proximity to the president is the most precious of currencies.” (Ex. 5.)
  • The emails revealed the coziness of the relationship between the DNC and the media. For example, they showed that reporters would ask DNC to pre-approve articles before publication. (Ex. 6.) They also showed DNC staffers talking about giving a CNN reporter “questions to ask us.” (Ex. 7.)
  • The emails revealed the DNC’s attitudes toward Hispanic voters. One memo discussed ways to “acquire the Hispanic consumer,” claiming that “Hispanics are the most brand loyal consumers in the World” and that “Hispanics are the most responsive to ‘story telling.’” (Ex. 8.) Another email pitched “a new video we’d like to use to mop up some more taco bowl engagement.” (Ex. 9.)

WikiLeaks, however, did not redact the emails, so the publication also included details that Plaintiffs describe as private.

In this scenario, even assuming the Trump campaign did enter a conspiracy with the Russians, the plaintiffs in this lawsuit were just collateral damage to disclosures protected by the First Amendment.

The conspiracy to hurt individual Democratic donors defense

As noted, the defense against the claim that the campaign entered into a conspiracy with the Russians is only a secondary part of the defense here. Perhaps that’s because this part of the defense is far weaker than the First Amendment part.

As part of it, the response notes that the plaintiffs would have had to enter into a conspiracy with the goal and the state of mind laid out by the two laws primarily cited by plaintiffs, to intimidate voters and to intentionally inflict harm on plaintiffs. Once again, this part of the argument treats the plaintiffs as collateral damage to the goals of embarrassing the DNC effectuated by the publication of materials by WikiLeaks, which has a policy of not redacting anything in its releases.

Plaintiffs do not plausibly allege these states of mind. For one thing, Plaintiffs allege that the object of the purported conspiracy was to promote the Trump Campaign and to embarrass the DNC and the Clinton Campaign. (Am. Compl. ¶ 190.) They do not allege facts showing that the Campaign even knew of Mr. Comer, Mr. Cockrum, or Mr. Schoenberg, much less that Campaign officials met with Russian agents for the purpose of disclosing these individuals’ social security numbers, gossip, and stomach-flu symptoms.

For another thing, Plaintiffs fail to address (let alone refute) the “obvious alternative explanation” for the disclosure of their emails (Iqbal, 556 U.S. at 682): WikiLeaks’ “accuracy policy,” under which WikiLeaks does not redact or “tamper with” the documents it discloses. (Ex. 10.) The upshot is that Plaintiffs do not plausibly allege that the Campaign acted with the purpose of intimidating Plaintiffs; do not plausibly allege that the Campaign acted with the specific intent to disclose Plaintiffs’ allegedly private emails; and do not plausibly allege that the Campaign acted with knowledge that the WikiLeaks email collection included Plaintiffs’ allegedly private emails.

It’s the other part of the conspiracy defense where the response is dangerously weak, given the possibility that Mueller will roll out another indictment providing more detail on negotiations between the campaign and Russia (which plaintiffs could then add in an amended complaint). Here, the campaign argues only that the plaintiffs haven’t shown proof of a conspiracy because they have not yet pointed to evidence that the campaign sought the DNC emails specifically, including the details that allegedly damaged the plaintiffs.

[T]he Amended Complaint fails to plausibly allege that the Campaign conspired with or aided and abetted the publishers of the DNC emails. Plaintiffs allege a series of meetings between the Campaign and Russian agents in 2016. (Id. ¶ 15.) But Plaintiffs do not allege that any of the meetings in any way concerned the DNC emails, much less the information about Plaintiffs contained in those emails. The allegation that people met to discuss something does not raise a plausible inference that they met to discuss collaborative efforts to release specific emails hacked from the DNC to influence an election, much less to intimidate or embarrass Plaintiffs. Cf. Twombly, 550 U.S. at 567 n.12 (regular meetings do not suggest conspiracy).

This argument may be sufficient for this civil suit, but for a number of reasons, such an argument would be totally insufficient in a criminal case. For starters, there likely is evidence, not least obtained from Paul Manafort’s cooperation, that the campaign had some idea of what they might get in exchange for entering into a quid pro quo with the Russians. As it is, Jones Day is utterly silent about Don Jr’s, “If it’s what you say I love it especially later in the summer” email, which reflects some expectation, already by June 3, 2016, of what the campaign would get for entering into a conspiracy, even though plaintiffs quote it in their complaint.

But also, the conspiracy charged in a criminal indictment would allege a different goal — in part, the embarrassment of the DNC and support of the Trump campaign that the campaign response stops far short of denying. So while with respect to the suit brought by these plaintiffs, the argument that the defendants did not have the mindset of trying to intimidate voters or damage the plaintiffs, if and when Mueller charges a conspiracy, it will argue a different mind set, to defraud the US’ election integrity, in part to obtain a thing of value from the Russians. And that mindset is going to be much easier to prove.

This response does next to nothing to deny that mindset.

Instead, much later in the response (as part of an argument that plaintiffs can’t claim a conspiracy to violate campaign finance laws because the FEC preempts it), the campaign does address what might be one defense in a criminal indictment charging that the Trump team conspired with Russia with the goal of obtaining illegal campaign donations in the form of dirt on Hillary. The response argues that such released emails do not constitute a thing of value, but are instead protected political speech.

Plaintiffs in all events fail to establish a conspiracy to violate any federal campaign-finance law. Plaintiffs assert that federal law prohibits foreign nationals from making “a contribution or donation of money or other thing of value” in connection with an election, 52 U.S.C. § 30121(a), and that “Defendant’s co-conspirators … contributed a ‘thing of value’ … in the form of the dissemination of hacked private emails” (Am. Compl. ¶ 215). This assertion is incorrect. For one, there is a fundamental difference between contributing a thing of value and engaging in pure political speech. Pure political speech constitutes “direct political expression”; in contrast, “while contributions may result in political expression if spent by a candidate or association to present views to the voters, the transformation of contributions into political debate involves speech by someone other than the contributor.” Buckley v. Valeo, 424 U.S. 1, 21–22 (1976). The disclosure of information about a political party is pure political speech, not a political contribution. The disclosure itself directly expresses political messages; unlike money, it does not need to be transformed into a political message by somebody else.

For another, treating a disclosure of information as a “contribution” would violate the First Amendment. The Supreme Court has held that the First Amendment guarantees Americans the right to receive political speech from foreigners. Lamont v. Postmaster General, 381 U.S. 301, 306 (1965). Yet under Plaintiffs’ theory, it would be illegal to solicit political information from a foreign national, because the provision of such information would amount to a “contribution.” For example, “if the Clinton campaign heard that Mar-a-Lago was employing illegal immigrants in Florida and staffers went down to interview the workers, that would be a crime.” Eugene Volokh, Can it be a crime to do opposition research by asking foreigners for information? (July 27, 2017).2 “Or say that Bernie Sanders’s campaign heard rumors of some misconduct by Clinton on her trips abroad—it wouldn’t be allowed to ask any foreigners about that.” Id. The First Amendment does not tolerate such results.

This claim, if it were substantiated, would have repercussions across Mueller’s work, extending to the Internet Research Agency indictment (indeed, Concord Consulting is trying to make similar arguments, though not as brazenly suggesting that foreigners have a First Amendment right to weigh in on our elections).

Yet, as I’ve noted, Mueller has already collected evidence of how much a similar campaign to the one the Russians conducted would cost a campaign, in the form of the spooked up Psy-Group campaign offered by Israelis and Gulf supporters: $3.31 million. That is, Mueller has the evidence to show that the Russians did not just release the information, but engaged in an entire social media campaign to maximize the value of the information they released, and that information goes beyond simple publication to the stuff that political consultants charge real money for.

The other problems with this defense

There is far more to the campaign’s defense (notably, extensive arguments about whether state or federal law applies to particularly parts of the complaint, and if it’s state law, whether it’s Maryland, New Jersey, and Tennessee as plaintiffs argue, or Virginia and New York as defendants do) than what I’ve laid out, and this suit would be a challenge in any case. But there are other problems with the defense.

In a piece on this response, Floyd Abrams argues that there are key differences between the primary First Amendment precedent on which the defense relies and this case. For example, the Bartnicki case focused on material the entirety of which was in the public interest, whereas the bulk of what the Russians gave WikiLeaks is not.

[T]he entirety of the wiretapped recording in Bartnicki was of undoubted public interest while some portions of the purloined DNC documents had a special claim to being of no sustainable public interest while inflicting substantial potential privacy harm—including social security numbers sent to the DNC which WikiLeaks, as it has repeatedly chosen to do, decided to make public.

Jones Day may well realize this is a weak part of their argument, as they return to WikiLeaks’ failure to redact information that had no public interest in a number of ways. At one point, they argue that if WikiLeaks redacted information some information of public interest might get withheld as part of the process.

To establish public-disclosure liability, a plaintiff must show that the facts at issue are not “of legitimate concern to the public”—in other words, that the facts are not “of the kind customarily regarded as ‘news.’” Second Restatement § 652D & comment g. Like the First Amendment test, the tort-law test requires courts to analyze speech “on an aggregate basis.” Alvarado v. KOB-TV, LLC, 493 F.3d 1210, 1221 (10th Cir. 2007). A publisher does not have to “parse out concededly public interest information” “from allegedly private facts.” Id. That is because redactions would undermine the “credibility” of a disclosure, causing the public to doubt its accuracy. Ross v. Midwest Commc’ns, Inc., 870 F.2d 271, 275 (5th Cir. 1989). Further, requiring publishers to redact—“to sort through an inventory of facts, to deliberate, and to catalogue”—“could cause critical information of legitimate public interest to be withheld until it becomes untimely and worthless to an informed public.” Star-Telegram, Inc. v. Doe, 915 S.W.2d 471, 475 (Tex. 1995).

At another point, they argue (this is one of their most ridiculous arguments) that WikiLeaks is just an intermediary that the Russians used to post injurious messages.

Under section 230 of the Communications Decency Act (47 U.S.C. § 230), a state may impose liability on “the original culpable party who posts [tortious] messages,” but not on “companies that serve as intermediaries for other parties’ potentially injurious messages.” Zeran v. America Online, 129 F.3d 327, 330–31 (4th Cir. 1997). As a result, a website that provides a forum where “third parties can post information” is not liable for the third party’s posted information. Klayman v. Zuckerberg, 753 F.3d 1354, 1358 (D.C. Cir. 2014). Since WikiLeaks provided a forum for a third party (the unnamed “Russian actors”) to publish content developed by that third party (the hacked emails), it cannot be held liable for the publication.

And the insistence that WikiLeaks is known not to redact information may hurt the Trump campaign if it gets that far.

Abrams also points to how entering into a conspiracy might change the legal liability of the Trump campaign.

[T]he Bartnicki defendants were at all times entirely independent of the person who surreptitiously made the wiretapped recording available to it while the Trump campaign is accused in Cockrum of conspiring with its alleged Russian source after the information had been hacked to make the information public.

Even for the purpose of this lawsuit, the claim that the Trump campaign entered into a conspiracy only after the information had been hacked may not be sustainable. After all, George Papadopoulos learned the Russians were going to release emails, of some sort (even if he believed they were Hillary server emails rather than DNC ones), well before the Russians were ejected from the DNC servers a month later. The Russians first contacted the Trump campaign about this conspiracy on April 26, 2016, after they had stolen the Podesta emails in March; but the DNC emails that are the subject of this lawsuit weren’t exfiltrated, at least according to the GRU indictment, until a month later.

Between on or about May 25, 2016 and June 1, 2016, the Conspirators hacked the DNC Microsoft Exchange Server and stole thousands of emails from the work accounts of DNC employees.

So Papadopoulos’ responsiveness might be enough to sustain a claim that the Trump campaign was engaged in this conspiracy before the emails in question were stolen. Indeed, this paragraph from the response (cited above) falsely claims that the plaintiffs suggested the theft ended in March.

Plaintiffs could not have alleged the Campaign’s involvement in the initial hack. According to Plaintiffs’ own account, Russian intelligence hacked the DNC’s networks “in July 2015,” and gained access to email accounts “by March 2016.” (Id. ¶ 86.) But the Campaign supposedly became motivated to work with Russia only in “the spring and summer of 2016” (id. at 25), and supposedly entered into the agreement in “secret meetings” in “April,” “May,” “June,” and “July” 2016 (id. ¶¶ 89–104). In other words, Plaintiffs themselves say that the alleged conspiracy was formed after the hack and after the acquisition of the emails—so that the Campaign could not have participated in the initial theft.

Here’s what the complaint really says:

In order to defeat Secretary Clinton and help elect Mr. Trump, hackers working on behalf of the Russian government broke into computer networks of U.S. political actors involved in the 2016 election, including the DNC and the Clinton Campaign. Elements of Russian intelligence gained unauthorized access to DNC networks in July 2015 and maintained that access until at least June 2016. By March 2016, the Russian General Staff Main Intelligence Directorate (GRU) gained unauthorized access to DNC networks, DCCC networks, and the personal email accounts of Democratic Party officials and political figures.

By May 2016, the GRU had copied large volumes of data from DNC networks, including email accounts of DNC staffers. Much of the GRU’s activity within the DNC networks took place between March and June 2016, at the very same time its agents were intensifying their outreach to and securing meetings with agents of the Trump Campaign.

[snip]

According to the indictment, “in and around April 2016, the Conspirators began to plan the release of materials stolen from the Clinton Campaign, DCCC, and DNC.” And “in or around June 2016,” when the Trump Campaign was taking meetings with Russian agents to “get information on an opponent,” the indicted Russians and their coconspirators began to “stage[] and release[]” the stolen emails.

All that said, if the plaintiffs are relying on the June 9 meeting to establish the conspiracy, or even Don Jr’s June 3 email enthusiastically responding to Rob Goldstone’s offer, the campaign can argue in this suit that the actual theft of the emails in question — the DNC emails revealing the donors social security numbers and Comer’s embarrassing comments — were, according to the public record, already stolen by the time the campaign entered into the conspiracy.

But that’s not going to work if Mueller charges a criminal conspiracy. That’s true, in part, because the criminal conspiracy would include the social media part of the Russian assistance, which continued well after the June 9 meeting (the plaintiffs here couldn’t argue the social media exploitation hurt them because the emails including the information damaging to them wasn’t promoted by Russian social media actors). It would also include the DCCC releases, which led to the provision of opposition research to Republican operatives.

Indeed, even the hacking continued after the June 9 meeting. As the plaintiffs pointed out, on July 27, Russian hackers even seemed to respond directly to Trump’s request for assistance.

191. On July 27, 2016, during the Democratic National Convention, Mr. Trump held a press conference in Florida. During his remarks, Mr. Trump called on Russia to continue its cyberattacks, stating, “Russia, if you’re listening, I hope you’re able to find the 30,000 [Secretary Clinton] emails that are missing.” Although the Trump Campaign—and later, then-White House press secretary Sean Spicer—claimed that Mr. Trump was “joking,” when Mr. Trump was asked at the time to clarify his remark and whether he was serious, Mr. Trump stated: “If Russia or China or any other country has those emails, I mean, to be honest with you, I’d love to see them.”

192. According to the July 13, 2018 indictment of twelve Russian nationals filed by the Special Counsel, agents of the Russian government attempted that same day—July 27, 2016— “to spearfish for the first time email accounts at a domain hosted by a third-party provider and used by Clinton’s personal office.” In other words, on the day that Mr. Trump publicly said that he hoped Russia would be able to find missing emails related to Secretary Clinton, Russian intelligence for the first time attempted to hack email accounts on Secretary Clinton’s own server.

That particular hack was not successful, but a hack of the Democrats’ AWS hosted analytics program in September was; see ¶34. As I understand it, the targeting of Hillary’s campaign went on in a series of waves, and those waves might be shown to correlate to Trump’s requests for assistance.

So, absent proof that someone in the campaign encouraged Papadopoulos after having learned about the emails in April, the plaintiffs in this suit will struggle to show that Russian hacking of the emails that injured them took place after Trump’s campaign entered into the conspiracy. But Mueller won’t have that problem. And all that’s before the Peter Smith operation, which asked for assistance from Guccifer 2.0 and reached out to presumed Russian hackers to obtain information from Hillary’s home server. Plus, that’s all separate from the social media campaign which continued to benefit the Trump campaign up to the election.

The ironies of a First Amendment defense

There’s a detail about this response, however, that (relying as it does on a strong First Amendment defense) deserves more attention. The response claims that the entire purpose of this suit suit is to obtain discovery on the President on a number of topics — notably his tax returns and business relationships — that Democrats have been unable to fully pursue elsewhere.

The object of this lawsuit is to launch a private investigation into the President of the United States. The Amended Complaint already foreshadows discovery into the President’s “tax returns” (Am. Compl. ¶ 238), his “business relationships” (id.), his conversations with “Director Comey” (id. ¶ 251), and on and on.

Much later, in the conspiracy section, in an argument that seems designed for Brett Kavanaugh’s review, the response argues that plaintiffs need a more plausible claim to be able to get discovery from the President.

Rule 8 requires a complaint to state a “plausible” claim for relief. Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). A complaint satisfies this standard if its “factual content” raises a “reasonable inference” that the defendant engaged in the misconduct alleged. Id. at 678. This requirement protects defendants against “costly and protracted discovery” on a “largely groundless claim.” Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 558 (2007). This protection is essential here, where Plaintiffs’ explicit goal is to burden the President with discovery. The President’s “unique position in the constitutional scheme” requires him to “devote his undivided time and attention to his public duties.” Clinton v. Jones, 520 U.S. 681, 697–98 (1997). Courts must thus ensure that plaintiffs do not use “civil discovery” on “meritless claims” to interfere with his responsibilities. Cheney v. U.S. District Court, 542 U.S. 367, 386 (2004).

It’s only after making the claim that this suit is all about obtaining public interest information such as the President’s tax returns that the campaign makes an argument justifying the release of all this information in the name of public interest.

According to the logic Jones Day lays out here, the Democrats’ mistake was in not finding foreign hackers to steal and then publish Trump’s tax returns.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The Reply Button

Dear readers and commenters. Thank you for your relentless advisory that “The Reply Button Is Not Working”.

That is swell. But here is the deal, we are not guarantors of blog commentary perfection for you.

This is a blog that does not impinge on you, the reader and occasional commenter, with advertising of any sort. Much less the invasive horse manure that makes most blogs hard to even engage with (Yeah, go check out Talking Points Memo now).

We do not do a lick of that. Not.One.Lick. So, when you bitch about “golly the reply function does not work”, please stop and think about what happens behind the scenes.

I spent most of yesterday on my day job, and STILL got many dozens of notices of attack on this site.

If your “reply button” doesn’t work, instead of whining about it, note the name of who you are responding to, and the time of their comment you are responding to, and then respond to it.

How hard is this?? There are a LOT of people here that remember when such was the ONLY way you could respond to another commenter. If you cannot do this during the occasional moments when our “reply button” is not serving you well enough, suck it up.

A Tale of Two GRU Indictments

Yesterday, DOJ indicted a bunch of GRU hackers again, in part for hacks in retaliation for anti-doping associations’ reports finding a state-run Russian effort to help its athletes cheat (though also including hacks of Westinghouse and the Organization for the Prohibition of Chemical Weapons (OPCW)).

As the DNC GRU indictment did, this indictment provides a snapshot of the division of labor in GRU, made easier by the capture of four of these guys, with all their hacking toys in the trunk of their rented car, in the Netherlands. I find a comparison of the two indictments — of some of the same people for similar activity spanning the same period of time — instructive for a number of reasons.

The team

Consider the team.

There are Aleksei Morenets and Evgenii Serebriakov, whom the indictment calls “on-site GRU hackers who traveled to foreign countries with other conspirators, in some instances using Russian government issued diplomatic passports to conduct on-site operations.” Serebriakov even has a title, “Deputy Head of Directorate,” which sounds like a pretty senior person to travel around sniffing WiFi networks.

There are the three men we met in the DNC indictment, Ivan Yermakov, Artem Malyshev, and Dmitriy Badin, all of whom work  out of Moscow running hacks. Yermakov and Malyshev were closely involved in both hacks in 2016 (as demonstrated by the timeline below).

Finally, there are Oleg Sotnikov and Alexey Minin, who joined Morenets and Serebriakov as they tried to hack the Organization for the Prohibition of Chemical Weapons (OPCW) and tried to hack the Spiez Chemical laboratory that was analyzing the Novichok used to poison Sergei Skripal.

There are slightly different tactics than in the DNC hack. For example, GRU used a bunch of bit.ly links in this operation (though some of those are an earlier campaign against Westinghouse). And they sent out hackers to tap into targets’ WiFi networks directly, whereas none of the DNC hackers are alleged to have left Russia.

But there’s a ton of common activity, notably the spearphishing of targeted individuals and the use of their X-Agent hacking tool to exploit targeted machines.

Overlapping hack schedule

I’m also interested in the way the WADA hack, in particular, overlaps with the DNC one. I’ve got a timeline, below, of the two indictments look like (I’ve excluded both the Westinghouse and OPCW hacks from this timeline to focus on the overlapping 2016 operations).

Yermakov and Malyshev are described by name doing specific tasks in the DNC hack though May 2016. By August, they have turned to hacking anti-doping targets. Yermakov, in particular, seems to play the same research role in both hacks.

Given the impact of these operations, it’s fairly remarkable that such a small team conducted both.

Common bitcoin habits and possibly even infrastructure

There are also paragraphs in the WADA indictment, particularly those pertaining to the use of bitcoin to fund the operation used to substantiate the money laundering charge, that appear to be lifted in their entirety from the DNC one (or perhaps both come from DOJ or Western PA US Attorney boilerplate — remember that the DNC hack was originally investigated in Western PA, so this language likely originates there).

These include:

  •  58/106: Describing how conspirators primarily used bitcoin to pay for infrastructure
  • 59/107: Describing how bitcoin works, with examples specific to each operation provided
  • 60/108: Describing how conspirators used dedicated email accounts to track bitcoin transactions
  • 61/109: Describing how conspirators used the same computers to conduct hacking operations and facilitate bitcoin payments
  • 62/110: Describing how conspirators also mined bitcoin and then used it to pay for servers, with examples specific to each operation
  • 64/111: Describing how conspirators used the same funding structure and sometimes the same pool of funds to pay for hacking infrastructure, with examples specific to each operation provided

The similarity of these two passages suggests two things. First, it suggests that the August 8, 2016 transaction in the WADA indictment may have been orchestrated from the gfade147 email noted in the DNC indictment. With both, the indictment notes that “One of these dedicated accounts … received hundreds of bitcoin payment requests from approximately 100 different email accounts,” with the DNC indictment including the gfade147 address. (Compare paragraphs 60 in the DNC indictment with 108 in the WADA one.)  That would suggest these two operations overlap even more than suspect.

That said, there’s one paragraph in the DNC indictment that doesn’t have an analogue in the WADA one, 63. It describes conspirators,

purchasing bitcoin through peer-to-peer exchanges, moving funds through other digital currencies, and using pre-paid cards. They also enlisted the assistance of one or more third-party exchangers who facilitated layered transactions through digital currency exchange platforms providing heightened anonymity.

Given how loud much of these operations were, it raises questions about why some of the DNC hack (but not, at least by description) the WADA one would require “heightened anonymity.”

Different treatment of InfoOps

I’m perhaps most interested in the different treatment of the InfoOps side of the operation. As I noted here, in general there seems to be a division of labor at GRU between the actual hackers, in Unit 26165, which is located at  20 Komsomolskiy Prospekt, and the information operations officers, in Unit 74455, which is located in the “Tower” at 22 Kirova Street, Khimki. Both units were involved in both operations.

Yet the WADA indictment does not name or charge any Unit 74455 officers, in spite of describing (in paragraphs 1 and 11) how the unit acquired and maintained online social media accounts and associated infrastructure (paragraph 76 describes that infrastructure to be “procured and managed, at least in part, by conspirators in GRU Unit 74455”). Five of the seven named defendants in the WADA indictment are in Unit 26165, with Oleg Sotnikov and Alexey Minin not identified by unit.

By comparison, three of the 11 officers charged in the DNC indictment belong to Unit 744555.

And the WADA campaign did have a significant media component, as explained in paragraphs 76-87. The indictment even complains (as did DOJ officials as the press conference announcing this indictment) about,

reporters press[ing] for and receiv[ing] promises of exclusivity in such reporting, with one such reporter attempting to make arrangements for a right of first refusal for articles on all future leaks and actively suggesting methods with whicch the conspiracy could search the stolen materials for documents of interest to that reporter (e.g., keywords of interest).

That said, the language in much of this discussion (see paragraphs 77 through 81) uses the passive voice — “were registered,” “were named,” “was posted,” “were released,” “were released,” “were released,” “were released” — showing less certainty about who was running that infrastructure.

That’s particularly interesting given that the government clearly had emails between the Fancy Bear personas and journalists.

One difference may be, in part, that in the DNC indictment, there are specific hacking (not InfoOps) actions attributed to two of the Unit 74455 officers: Aleksandr Osadchuk and Anatoliy Kovalev. Indeed, Kovalev seems to have been added on just for that charge, as he doesn’t appear in the introduction section at the beginning of the indictment.

Whereas Unit 74455’s role in the WADA indictment seems to be limited to running the InfoOps infrastructure.

Importance of WikiLeaks and sharing with Republicans

It’s not clear how much we can conclude form all that. But the different structure in the DNC indictment does allow it to foreground the role of a number of others, such as WikiLeaks and Roger Stone and — as I suggested drop in some or all of  those others in a future conspiracy indictment — that were a key part of the election operation.

Timeline

February 1, 2016: gfade147 0.026043 bitcoin transaction

March 2016: Conspirators hack email accounts of volunteers and employees of Hillary campaign, including John Podesta

March 2016: Yermakov spearphishes two accounts that would be leaked to DC Leaks

March 14, 2016 through April 28, 2016: Conspirators use same pool of bitcoin to purchase VPN and lease server in Malaysia

March 15, 2016: Yermakov runs technical query for DNC IP configurations and searches for open source info on DNC network, Dem Party, and Hillary

March 19, 2016: Lukashev spearphish Podesta personal email using john356gh

March 21, 2016: Lukashev steals contents of Podesta’s email account, over 50,000 emails (he is named Victim 3 later in indictment)

March 25, 2016: Lukashev spearphishes Victims 1 (personal email) and 2 using john356gh; their emails later released on DCLeaks

March 28, 2016: Yermakov researched Victims 1 and 2 on social media

April 2016: Kozachek customizes X-Agent

April 2016: Conspirators hack into DCCC and DNC networks, plant X-Agent malware

April 2016: Conspirators plan release of materials stolen from Clinton Campaign, DCCC, and DNC

April 6, 2016: Conspirators create email for fake Clinton Campaign team member to spearphish Clinton campaign; DCCC Employee 1 clicks spearphish link

April 7, 2016: Yermakov runs technical query for DCCC’s internet protocol configurations

April 12, 2016: Conspirators use stolen credentials of DCCC employee to access network; Victim 4 DCCC email victimized

April 14, 2016: Conspirators use X-Agent keylog and screenshot functions to surveil DCCC Employee 1

April 15, 2016: Conspirators search hacked DCCC computer for “hillary,” “cruz,” “trump” and copied “Benghazi investigations” folder

April 15, 2016: Victim 5 DCCC email victimized

April 18, 2016: Conspirators hack into DNC through DCCC using credentials of DCCC employee with access to DNC server; Victim 6 DCCC email victimized

April 19, 2016: Kozachek, Yershov, and co-conspirators remotely configure middle server

April 19, 2016: Conspirators register dcleaks using operational email [email protected]

April 20, 2016: Conspirators direct X-Agent malware on DCCC computers to connect to middle server

April 22, 2016: Conspirators use X-Agent keylog and screenshot function to surveil DCCC Employee 2

April 22, 2016: Conspirators compress oppo research for exfil to server in Illinois

April 26, 2016: George Papadopolous learns Russians are offering election assistance in the form of leaked emails

April 28, 2016: Conspirators use bitcoin associated with Guccifer 2.0 VPN to lease Malaysian server hosting dcleaks.com

April 28, 2016: Conspirators test IL server

May 2016: Yermakov hacks DNC server

May 10, 2016: Victim 7 DNC email victimized

May 13, 2016: Conspirators delete logs from DNC computer

May 25 through June 1, 2016: Conspirators hack DNC Microsoft Exchange Server; Yermakov researches PowerShell commands related to accessing it

May 30, 2016: Malyshev upgrades the AMS (AZ) server, which receives updates from 13 DCCC and DNC computers

May 31, 2016: Yermakov researches Crowdstrike and X-Agent and X-Tunnel malware

June 2016: Conspirators staged and released tens of thousands of stolen emails and documents

June 1, 2016: Conspirators attempt to delete presence on DCCC using CCleaner

June 2, 2016: Victim 2 personal victimized

June 8, 2016: Conspirators launch dcleaks.com, dcleaks Facebook account using Alive Donovan, Jason Scott, and Richard Gingrey IDs, and @dcleaks_ Twitter account, using same computer used for other

June 9, 2016: Don Jr, Paul Manafort, Jared Kushner have meeting expecting dirt from Russians, including Aras Agalarov employee Ike Kaveladze

June 10, 2016: Ike Kaveladze has calls with Russia and NY while still in NYC

June 14, 2016: Conspirators register actblues and redirect DCCC website to actblues

June 14, 2016: WaPo (before noon ET) and Crowdstrike announces DNC hack

June 15, 2016, between 4:19PM and 4:56 PM Moscow Standard Time (9:19 and 9:56 AM ET): Conspirators log into Moscow-based sever and search for words that would end up in first Guccifer 2.0 post, including “some hundred sheets,” “illuminati,” “think twice about company’s competence,” “worldwide known”

June 15, 2016, 7:02PM MST (12:02PM ET): Guccifer 2.0 posts first post

June 15 and 16, 2016: Ike Kaveladze places roaming calls from Russia, the only ones he places during the extended trip

June 20, 2016: Conspirators delete logs from AMS panel, including login history, attempt to reaccess DCCC using stolen credentials

June 22, 2016: Wikileaks sends a private message to Guccifer 2.0 to “send any new material here for us to review and it will have a much higher impact than what you are doing.”

June 27, 2016: Conspirators contact US reporter, send report password to access nonpublic portion of dcleaks

Late June, 2016: Failed attempts to transfer data to Wikileaks

July, 2016: Kovalev hacks into IL State Board of Elections and steals information on 500,000 voters

July 6, 2016: Conspirators use VPN to log into Guccifer 2.0 account

July 6, 2016: Wikileaks writes Guccifer 2.0 adding, “if you have anything hillary related we want it in the next tweo [sic] days prefabl [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after”

July 6, 2016: Victim 8 personal email victimized

July 10-19: Morenets travels to Rio de Janeiro

July 14, 2016: Conspirators send WikiLeaks an email with attachment titled wk dnc link1.txt.gpg providing instructions on how to access online archive of stolen DNC documents

July 18, 2016: WikiLeaks confirms it has “the 1Gb or so archive” and would make a release of stolen documents “this week”

July 22, 2016: WikiLeaks releases first dump of 20,000 emails

July 27, 2016: Trump asks Russia for Hillary emails

July 27, 2016: After hours, conspirators attempt to spearphish email accounts at a domain hosted by third party provider and used by Hillary’s personal office, as well as 76 email addresses at Clinton Campaign

August 2016: Kovalev hacks into VR systems

August 2-9, 2016: Conspirators use multiple IP addresses to connect to or scan WADA’s network

August 2-4, 2016: Yermakov researches WADA and its ADAM database (which includes the drug test results of the world’s athletes) and USADA

August 3, 2016: Conspirators register wada.awa.org

August 5, 9, 2016: Yermakov researches Cisco firewalls, he and Malyshev send specific WADA employees spearfish

August 8, 2016: Conspirators register wada-arna.org and tas-cass.org

August 8, 2016: .012684 bitcoin transaction directed by dedicated email account

August 13-19, 2016: Morenets and Serebriakov travel to Rio, while Yermakov supports with research in Moscow

August 14-18, 2016: SQL attacks against USADA

August 15, 2016: Conspirators receive request for stolen documents from candidate for US congress

August 15, 2016: First Guccifer 2.0 exchange with Roger Stone noted

August 19, 2016: Serebriakov compromises a specific anti-doping official and obtains credentials to access ADAM database

August 22, 2016: Conspirators transfer 2.5 GB of stolen DCCC data to registered FL state lobbyist Aaron Nevins

August 22, 2016: Conspirators send Lee Stranahan Black Lives Matter document

September 1, 2016: Domains fancybear.org and fancybear.net registered

September 6, 2016: Conspirators compromise credentials of USADA Board member while in Rio

September 7-14, 2016: Conspirators try, but fail, to use credentials stolen from USADA board member to access USADA systems

September 12, 2016: Data stolen from WADA and ADAMS first posted, initially focusing on US athletes

September 12, 2016 to January 17, 2018: Conspirators attempt to draw media attention to leaks via social media

September 18, 2016: Morenets and Serebriakov travel to Lausanne, staying in anti-doping hotels, to compromise hotel WiFi

September 19, 2016 to July 20, 2018: Conspirators attempt to draw media attention to leaks via email

September 2016: Conspirators access DNC computers hosted on cloud service, creating backups of analytics applications

October 2016: Linux version of X-Agent remains on DNC network

October 6, 2016: Emails stolen from USADA first released

October 7, 2016: WikiLeaks releases first set of Podesta emails

October 28, 2016: Kovalev visits counties in GA, IA, and FL to identify vulnerabilities

November 2016: Kovalev uses VR Systems email address to phish FL officials

December 6, 2016 – January 2, 2017: Using IP frequently used by Malyshev, conspirators compromise FIFA’s anti-doping files

December 13, 2016: Data stolen from CCES released

January 19-24, 2017: Conspirators compromise computers of four IAAF officials

June 22, 2017: Data stolen from IAAF’s network released

July 5, 2017: Data stolen from IAAF’s network released

August 28, 2017: Data stolen from FIFA released

As I said in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Mueller’s Inquiry Expands and Contracts: The Rat-Fucking Is More Interesting than the Manafort Plea

There were two pieces of news today on the Mueller inquiry.

Most intriguing is the news that the FBI has told Republican operative Cheri Jacobus that their investigation of her hack and catfish in 2016 has been referred to Mueller. Click through for the full account of what happened to Jacobus after she exposed a Corey Lewandowski PAC to be coordinating with the campaign. The short version, though, is that the campaign first used deceit to try to collect information on what anti-Trump PACs were planning, later carried out a sustained campaign of abuse, and finally hacked her email when she prepared to reveal the catfishing scheme.

The FBI has been investigating ever since. But on September 10, the agents she had been working with let her know that their inquiry had grown beyond the hack itself and so had referred the case.

Jacobus has been in regular contact with FBI agents since the bureau opened an investigation into the hacking of her email after Jacobus filed a complaint around September 2016.

Following Trump’s election, Jacobus relayed additional incidents she considered suspicious to the agents investigating the hack.

Jacobus said she was also interviewed by FBI agents in the Southern District of New York for several hours in February 2017 and has had dozens of phone calls with the agents over the past two years. A lawyer who worked for Jacobus at the time, Jay Butterman, said he also attended the February 2017 meeting and had follow-up conversations with FBI agents.

In November 2017, the FBI asked Jacobus to turn over the remainder of her communications related to the catfishing scheme, some of which she had already submitted, according to an email reviewed by POLITICO.

On Sept. 10 of this year, an FBI agent wrote to Jacobus that he would be calling her, which is when, she said, the bureau informed her of the case’s referral to Mueller.

To answer a question many have posed, I don’t think any investigation into what I perceived as threats mirrors this. That’s in part because the technical threats were more oblique. But it’s also because the FBI really doesn’t want to talk to me, and so (with one exception) generally only followed up via my lawyer. The one instance I involved the cops may have been different, but if so, I never heard about it directly.

I’m more interested in the possibility that Jacobus’ treatment mirrors some of the stuff that Roger Stone was doing with his Stop the Steal çampaign.

The possibility that Mueller’s interest in Stone (and Manafort) extends back to the primary is all the more interesting given how centrally some of Stone’s core skill-sets played out in the lead-up to the Convention. There were veiled threats of violence (and in the home of his dark money, actual violence), a smear story projecting on Cruz the infidelity more typical of Trump, and lots of money sloshing around.

It’s not entirely clear what crime that would implicate — besides potential campaign finance violations (particularly, given Trump’s repeated disavowals of any coordination between Stone and his old buddy Manafort).

And, given how rabidly Republican base voters support Trump, I could see why Republicans would let bygones be bygones. It’s not like the Republican party has ever before shown distaste for Stone’s rat-fucking. Plus, no one likes Ted Cruz, and he may not even survive his race against Beto O’Rourke. So, no, Republicans won’t be any more disposed against Stone if he is shown to have helped Trump cheat in the primary.

All that said, if Mueller indicts Stone in other crimes that Republicans would like to distance themselves from, any allegations about the primary may provide cover.

Indeed, the comparison is one a number of people made when I started focusing on Stone’s PACs.

With one caveat, I’d think these would probably be parallel efforts, with two different sets of dark money groups funding two different sets of dirty tricks, violating both campaign law and probably some other fraud statutes. I say that because Corey Lewandowski, who was behind the attack on Jacobus, and Roger Stone really don’t get along.

That said, the two parallel tracks likely show a tolerance among the principals who did get along with both Lewandowski and Stone (starting with Trump) for this kind of rat-fucking. And to the extent that some of the rat-fucking involved either intelligence obtained from Russians or coordinated voter suppression later in the campaign, then it’d have a solid Russian nexus.

The one caveat is this tweet from Jacobus, which reveals a text she received from a guy making explicit threats, which she clearly identifies as a Stone-related threat. (h/t TC)

So maybe Stone just took over all the rat-fucking after Jacobus busted Lewandowski’s PAC for illegal coordination?

Also remember that, the illegal coordination between PACs and the campaign is likely one way that the campaign benefitted from Cambridge Analytica.

And that’s why I find the referral of the attack on Jacobus to be one of the most important details to provide insight onto the Mueller investigation in some time.

I find the news that money laundering expert Kyle Freeny and National Security Division prosecutor Brandon Van Grack are moving back to their normal homes at DOJ less intriguing.

Kyle Freeny and Brandon Van Grack, two prosecutors who worked on Paul Manafort’s criminal cases, are ending their tenure working for special counsel Robert Mueller.

Van Grack left recently to return to his job in the National Security Division of the Justice Department, and Freeny will leave the office in mid-October to return to the Criminal Division.

The most obvious explanation for both moves is that the Paul Manafort and Mike Flynn plea deals have been sealed (CNN notes that Van Grack will continue to work on the Flynn sentencing, but has mostly moved back to NSD for now). Which would make the different timing — Van Grack has already left, apparently, whereas Freeny has a few more weeks of work — the most interesting part of the report. Perhaps Van Grack left as soon as Flynn got a sentencing date?

Though there is another possibility, particularly in Freeny’s case.

I’ve long said that it’s possible once Mueller puts together the conspiracy case, he may farm out the “garden variety” corruption to other parts of DOJ. One key part of that, for example, is the non-Russian inauguration pay-for-play. That might be the kind of thing Freeny would move with to another part of DOJ.

As for Van Grack, I don’t rule out a tidbit or two that he had touched being moved back under NSD, though if so, it’s not a part of the investigation that has any public sign yet.

Remember: We still haven’t seen what a good number of Mueller’s prosecutors have been up to for the last 15 months. Those are some of the prosecutors who remain quietly busy.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The DNC-Centric Focus of the HPSCI Investigation

Through the duration of the various Russia investigations, skeptics always harp on two questions pertaining to the Russian election year hacks — why the Democrats never turned over the DNC “server,” singular, to the FBI, allegedly leaving the FBI to rely on Crowdstrike’s work, and whether several sets of files released via Guccifer 2.0 showed signs of non-Russian origin. That is, skeptics look exclusively at the DNC, not the totality of the known Russian targeting.

Looking at the list of witnesses the House Intelligence Committee called (which the committee will release in the coming weeks) shows one reason why: that the most public and propagandist of all the Russia investigations focused on the DNC to the detriment of other known Democratic targets.

Here’s what the list of the HPSCI interviews looks like arranged by date (HPSCI will not be releasing the bolded interviews).

  1. [Comey, Jim (May 2 and 4, 2017): Intel]
  2. [Rogers, Mike (May 4, 2017): Intel]
  3. [Brennan, John (May 23, 2017): Intel]
  4. Coats, Dan (June 22, 2017): Intel
  5. Farkas, Evelyn (June 26, 2017): Ukraine/RU DOD
  6. Podesta, John (June 27, 2017): Clinton Chair
  7. Caputo, Michael (July 14, 2017): RU tied Trump
  8. Clapper, James (July 17, 2017): Intel
  9. Kushner, Jared (July 25, 2017): June 9 etc
  10. Carlin, John (July 27, 2017): Early investigation
  11. Gordon, JD (July 26, 2017): Trump NatSec
  12. Brown, Andrew (August 30, 2017): DNC CTO
  13. Tamene, Yared (August 30, 2017): DNC tech contractor
  14. Rice, Susan (September 6, 2017): Obama response to hack/unmasking
  15. Stone, Roger (September 26, 2017): Trump associate
  16. Epshteyn, Boris (September 28, 2017): RU-tied Trump
  17. Tait, Matthew (October 6, 2017): Solicit hack
  18. Safron, Jonathan (October 12, 2017): Peter Smith
  19. Power, Samantha (October 13, 2017): Obama response to hack/unmasking
  20. Catan, Thomas (October 18, 2017): Fusion
  21. Fritsch, Peter (October 18, 2017): Fusion
  22. Lynch, Loretta (October 20, 2017): Investigation
  23. Parscale, Brad (October 24, 2017): Trump’s data
  24. Cohen, Michael (October 24, 2017): Trump lawyer
  25. Rhodes, Benjamin (October 25, 2017): Obama response to hack/unmasking
  26. McCord, Mary (November 1, 2017): Early investigation
  27. Kaveladze, Ike (November 2, 2017): June 9 meeting
  28. Yates, Sally (November 3, 2017): Early investigation
  29. Schiller, Keith (November 7, 2017): Trump bodyguard
  30. Akhmetshin, Rinat (November 13, 2017): June 9
  31. Samachornov, Anatoli (November 28, 2017): June 9
  32. Sessions, Jeff (November 30, 2017): Trump transition
  33. Podesta, John (December 4, 2017): Dossier
  34. Denman, Diana (December 5, 2017): RNC platform
  35. Henry, Shawn (December 5, 2017): Crowdstrike
  36. Trump, Jr. Donald (December 6, 2017): June 9
  37. Phares, Walid (December 8, 2017): Trump NatSec
  38. Clovis, Sam (December 12, 2017): Trump NatSec
  39. Goldfarb, Michael (December 12, 2017): Dossier
  40. Elias, Marc (December 13, 2017): Dossier
  41. Nix, Alexander (December 14, 2017): Cambridge Analytica
  42. Goldstone, Rob (December 18, 2017): June 9
  43. Sussmann, Michael (December 18, 2017): Hack and dossier
  44. McCabe, Andrew (December 19, 2017): Early investigation
  45. Kramer, David (December 19, 2017): Dossier
  46. Sater, Felix (December 20, 2017): RU connected Trump
  47. Gaeta, Mike (December 20, 2017): Dossier go-between
  48. Sullivan, Jake (December 21, 2017): Dossier
  49. [Rohrabacher, Dana (December 21, 2017): Russian compromise]
  50. [Wasserman Schultz, Debbie (December 21, 2017): dossier]
  51. Graff, Rhona (December 22, 2017): June 9
  52. Kramer, David (January 10, 2018): Dossier
  53. Bannon, Stephen (January 16, 2018): Trump official
  54. Lewandowski, Corey (January 17, 2018): Trump official
  55. Dearborn, Rick (January 17, 2018): Trump official
  56. Bannon, Stephen (February 15, 2018): Trump official
  57. Hicks, Hope (February 27, 2018): Trump official
  58. Lewandowski, Corey (March 8, 2018): Trump official

While John Podesta, one of the earliest spearphishing victims, was one of  the earliest witnesses (and, as HPSCI shifted focus to the dossier, one of the last as well), the other hack witnesses, DNC CTO Andrew Brown and DNC IT contractor Yared Tamene, represent the DNC. Perhaps that’s because of the NYT’s big story on the hack, which was obviously misleading in real time and eight months old by the time of those interviews. While Perkins Coie lawyer and former DOJ cyber prosecutor Michael Sussmann would surely have real insight into the scope of all the Democratic targets, he was interviewed during HPSCI’s dossier obsession, not alongside Brown and Tamene.

All of which is to say that the HPSCI investigation of the hack was an investigation of the hack of the DNC, not of the full election year attack.

To get a sense of some of what that missed, consider the victims described in the GRU indictment (which leaves out some of the earlier Republican targets, such as Colin Powell). I’ve included relevant paragraph numbers to ID these victims.

  1. Spearphish victim 3, March 21, 2016 (Podesta)
  2. Spearphish victim 1 Clinton aide, March 25, 2016 (released via dcleaks)
  3. Spearphish victim 4 (DCCC Employee 1), April 12, 2016 ¶24
  4. Spearphish victim 5 (DCCC Employee), April 15, 2016
  5. Spearphish victim 6 (possibly DCCC Employee 2), April 18, 2016 ¶26
  6. Spearphish victim 7 (DNC target), May 10, 2016
  7. Spearphish victim 2 Clinton aide, June 2, 2016 (released via dcleaks)
  8. Spearphish victim 8 (not described), July 6, 2016
  9. Ten DCCC computers ¶24
  10. 33 DNC computers ¶26
  11. DNC Microsoft Exchange Server ¶29
  12. Act Blue ¶33
  13. Third party email provider used by Clinton’s office ¶22 (in response to July 27 Trump request)
  14. 76 email addresses at Clinton campaign ¶22 (in response to July 27 Trump request)
  15. DNC’s Amazon server ¶34
  16. Republican party websites ¶71
  17. Illinois State Board of Elections ¶72
  18. VR Systems ¶73
  19. County websites in GA, IA, and FL ¶75
  20. VR Systems clients in FL ¶76

Effectively, HPSCI (and most hack skeptics) focused exclusively on item 11, the DNC Microsoft Exchange server from which the emails sent to WikiLeaks were stolen.

Yet, at least as laid out by Mueller’s team, the election year hack started elsewhere — with Podesta, then the DCCC, and only after that the DNC. It continued to target Hillary through the year (though with less success than they had with the DNC). And some key things happened after that — such as the seeming response to Trump’s call for Russia to find more Hillary emails, the Info-Ops led targeting of election infrastructure in the summer and fall, and voter registration software. Not to mention some really intriguing research on Republican party websites. And this barely scratches on the social media campaign, largely though not entirely carried out by a Putin-linked corporation.

HPSCI would get no insight on the overwhelming majority of the election year operation, then, by interviewing the witnesses they did. Of particular note, HPSCI would not review how the targeting and release of DCCC opposition research gave Republican congressmen a leg up over their Democratic opponents.

And while HPSCI did interview the available June 9 meeting witnesses, they refused to subpoena the information needed to really understand it. Nor did they interview all the witnesses or subpoena available information to understand the Stone operation and the Peter Smith outreach.

Without examining the other multiple threads via which Russia recruited Republicans, most notably via the NRA, HPSCI wouldn’t even get a sense of all the ways Russia was trying to make Republicans and their party infrastructure into the tools of a hostile foreign country. And there are other parts of the 2016 attack that not only don’t appear in these interviews, but which at least one key member on the committee was utterly clueless about well past the time the investigation finished.

The exception to the rule that HPSCI didn’t seek out information that might damn Republicans, of course, is the interview of Dana Rohrabacher, who (along with President Trump) proved reliably willing to entertain Russian outreach via all known channnels. But that’s one of the interviews Republicans intend to keep buried because — according to an anonymous Daily Beast source — they don’t want Rohrabacher’s constituents to know how badly Russia has pwned him before November 6.

“The Republicans are trying to conceal from the voters their colleague Dana Rohrabacher’s Russia investigation testimony,” said a committee source familiar with the issue. “There were highly concerning contacts between Rohrabacher and Russians during the campaign that the public should hear about.”

By burying the Comey, Rogers, and Brennan transcripts, Republicans suppress further evidence of the degree to which Russia specifically targeted Hillary, and did so to help not just Trump, but the Republican party.

I’m sure there will be some fascinating material in these transcripts when they’re released. But even before the selective release, designed to hide any evidence gathered of how lopsided the targeting was, the scope of these interviews makes clear that the HPSCI investigation was designed to minimize, as much as possible, evidence showing how aggressively Russia worked to help Republicans.

As I laid out in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

A Comparison of Rick Gates and Paul Manafort’s Plea Deals

Because I wanted to get a sense of what Gates won by pleading guilty and cooperating with Mueller’s team earlier, I decided to compare the two plea deals. (Gates, Manafort)

Manafort’s a bigger criminal than Gates

Obviously, the biggest difference comes in recommended sentence. While the government got Gates for a lie to prosecutors and got Manfort for witness tampering, the rest of the conduct was largely the same. Nevertheless, for a variety of reasons (Manafort was the lead and Gates benefitted from being called a minor player, Manafort’s obstruction gets added on top whereas Gates’ lie does not, Manafort got way more money out of the deal) the sentence ranges end up dramatically different.

Manafort’s advisory sentencing range works out to 210-262 months, whereas Gates’ range is 57-71 months.

The government is intent on taking all of Manafort’s stuff

The Manafort plea includes over three pages laying out how the government is going to take his ill-gotten gains. Given my newfound obsession with Paul Manafort’s forfeitures, I’ll write that up separately (or better yet make bmaz, who actually knows something about how this works, do so). The short version, though, is the government is intent on making sure they’ll get it all.

The EDVA charges

While this plea only deals with the charges in DC, the plea is meant to work with the EDVA charges. So for example, Manafort’s plea required him to admit he was guilty of the 10 hung charges in EDVA and prohibits him to appeal that case in any way (and includes the one bank account he had saved from forfeiture in the EDVA trial in the forfeiture in this plea). Manafort’s plea notes that if he is sentenced in EDVA before DC, he will have a criminal history for the purposes of sentencing. The plea promises to recommend that both his EDVA and DC sentences run concurrently (which probably would have happened anyway), but notes that neither judge, Amy Berman Jackson nor TS Ellis, is bound by the plea.

Gates was gagged

Perhaps most interesting pertains to Section 8, the description of cooperation each man has to offer. This is mostly boilerplate, and for both includes a few things in boilerplate bullet points — most  notably the requirement to participate in undercover activities — that won’t apply to either men (though Gates likely did still have documents to turn over whereas Manafort likely doesn’t).

But Gates’ plea has a bullet point Manafort’s doesn’t.

The defendant agrees not to reveal his cooperation, or any information derived therefrom, to any third party without prior consent of the Office.

In other words, the prosecutors anticipated sharing secrets with Gates that might blow up their case. They appear to have no such concerns with Manafort. Possibly, he has already seen such details in the 302s he got from Gates; he would be bound to secrecy about those under the DC protective order.

Still, there would almost certainly be things that Manafort would be discussing going forward, and he doesn’t appear to be bound to keep that secret.

Update: Andrew Prokop notes one thing I missed: the language introducing what kind of cooperation will be required in Gates says he’ll be working with “this Office,” whereas Manafort’s says he’ll be cooperating with “the Government.” I agree with him that suggests Manafort may still be cooperating after the Mueller office has shifted all its prosecutions elsewhere and will be cooperating in other jurisdictions (for example, against Tony Podesta, Vin Weber, and Greg Craig in SDNY). Anybody who has ever broken the law with Manafort should be securing legal representation if they haven’t already.

A slightly larger obligation to Gates

There’s one sentence at the end of the Government’s Obligation section in the Gates plea. After it says he can argue for any sentence below the advisory guidelines, it says,

Depending on the precise nature of the defendant’s substantial assistance, the Office may not oppose defendant’s application.

I’m not sure what to make of the difference — perhaps it suggests the government expected Gates might have that kind of argument to make?

Note, too, that the 5K language in the Manafort plea is actually plural, meaning if he cooperates a lot he’ll be able to ask for a lesser sentence in EDVA too.

Pardon-proofing the statute of limitations

The statute of limitations paragraph, which allows the government to prosecute the underlying crimes and any other crimes not prosecuted if “any plea or conviction [is…] set aside or dismissed for any reason,” even after the statute of limitations toll includes this language in the Manafort plea that is not present in the Gates plea:

The Office and any other party will be free to use against your client, directly and indirectly, in any criminal or civil proceeding, all statements made by your client, including the Statement of the Offense, and any of the information or materials provided by your client, including such statements, information, and materials provided pursuant to this Agreement or during the course of debriefings conducted in anticipation of, or after entry of, this Agreement, whether or not the debriefings were previously a part of proffer-protected debriefings, and your client’s statements made during proceedings before the Court pursuant to Rule 11 of the Federal Rules of Criminal Procedure.

It also repeats that this language applies to the conduct described in the Statement of the Offense “or any other crimes that the Government has agreed not to prosecute.”

Some lawyers believe this language generally and the addition specifically provides further insurance against pardon. If Trump pardons Manafort for the crimes he has just pled guilty to, the government will then be able to go after him for the other crimes he just told the grand jury about, crimes which are probably worse and for which the President is a co-conspirator.

Gates can’t even write a story about Paul Manafort’s sleazy influence peddling

There are two slight differences under the section enumerating trial rights. Both are prohibited from profiting off their stories. But those prohibitions are described differently. Gates many not make money on stories about his:

work for Paul Manafort, the transactions alleged in the Indictment, or the investigation by the Office or prosecution of any criminal or civil cases against him.

Whereas Manafort may not make money on stories about,

the conduct encompassed by the Statement of the Offense, or the investigation by the Office or prosecution of any criminal or civil cases against him.

There’s also a really subtle difference about how proffer statements might be used. Gates waived the right to object “to the Government’s use” of his proffer statements (which started on January 29, almost a month before he pled). Manafort waived the right to object to “the use” of his proffer statements, suggesting Mueller’s team might know of other venues (or branches of government) besides the Federal government where those statements might be used.

Gates preserves two potential collateral attacks on his sentence

Gates preserved two additional rights in the collateral attacks section. First, if the sentencing range for his crimes gets lowered in the future, he can challenge that under 18 USC §3582(c)(2). Additionally, he could also challenge the sentence if newly discovered evidence comes available. Manafort has neither of these protections.

The government can declare Manafort in breach of agreement based on good faith

With Gates, the standard the government has to prove to argue he has breached his agreement is preponderance of the evidence or, in case of committing a crime, probable cause. With Manafort, the government only has to prove “good faith.”

Jeannie Rhee gets involved

This may be a minor (or huge) issue. But there’s one difference to the prosecutors who signed these pleas. Andrew Weissman, Greg Andres, and Kyle Freeny are on both. But whereas Brian Richardson signed Gates’ plea, Jeannie Rhee signed Manafort’s. That’s interesting because she has been heavily involved in the Roger Stone investigation, but she was also involved in the two Russian indictments.

The $30 Million Leverage Mueller Has to Force Paul Manafort’s Cooperation

Yesterday, Amy Berman Jackson moved a pre-trial hearing that had been scheduled for this morning to Friday morning. That has led to further reports that Paul Manafort is seeking a plea deal. But, as ABC reported, one sticking point is whether Mueller is willing to offer a plea deal without cooperation along with it.

Sources tell ABC News that Mueller’s office is seeking cooperation from Manafort for information related to President Donald Trump and the 2016 campaign. Manafort, however, is resisting and his team is pushing prosecutors for a plea agreement that does not include cooperation, at least as related to the president, sources said.

To be clear, both sides have an incentive to find a way to avoid the trial. Mueller already has Manafort on the hook for an 8 year sentence or so, and if that’s not going to make him cooperate in the case in chief, it’s not clear that another 8 years will. And Manafort’s legal bills have to be sky high already, without another trial where he’s facing overwhelming evidence.

But the reason why Mueller isn’t just going to let Manafort plead to some of the DC charges without cooperating is because that would mean giving up the considerable leverage — $30 million worth — that Mueller built into this case a year ago.

While it hasn’t gotten a lot of attention, both Manafort indictments include forfeiture provisions, meaning the government will seize his ill-gotten gains. And because Manafort had a shit-ton of ill-gotten gains, there’s a whole lot of stuff that the government can now seize, starting with his ostrich skin suits.

Having been found guilty of charges 25 and 27 in his EDVA trial, for example, the government will seize the funds from the $16 million loan Manafort got by lying to Federal Savings Bank.

Upon conviction of the offenses charged in Counts Twenty-Four through Thirty-Two, defendants PAUL J. MANAFORT, JR., and RICHARD W. GATES III shall forfeit to the United States any property constituting, or derived from, proceeds 36 obtained, directly or indirectly, as a result of such violation(s). Notice is further given that, upon conviction, the United States intends to seek a judgment against each defendant for a sum of money representing the property described in this paragraph, as applicable to each defendant (to be offset by the forfeiture of any specific property).

76. The grand jury finds probable cause to believe that the property subject to forfeiture by PAUL J. MANAFORT, JR., includes, but is not limited to, the following listed assets: a. All funds held in account number XXXXXX0969 at Lender D, and any property traceable thereto.

Update: Andrew Prokop noted that the prosecutors had at least proposed a jury verdict form that tied forfeiture of these funds to just charges 29 and 30, which are both charges the jury hung on. That seems to suggest that these funds are not subject to seizure (which of course increases the stakes of retrial).

Update: SCO has confirmed that “forfeiture was limited at trial to convictions on counts 29 or 30.”

In the DC case, even more ill-gotten gains are at stake. Manafort stands to lose the proceeds of his influence peddling, the laundered proceeds of which the indictment says amount to $30 million. Manafort might lose, among other things, four of his homes.

Upon conviction of the offenses charged in Counts One [ConFraudUS tied to FARA], Three [FARA], Four [False Statements pertaining to FARA], Six [Obstruction], and Seven [Conspiracy to Obstruct], the defendants PAUL J. MANAFORT, JR., and KONSTANTIN KILIMNIK (as to Counts Six and Seven) shall forfeit to the United States any property, real or personal, which constitutes or is derived from proceeds traceable to the offense(s) of conviction. Notice is further given that, upon conviction, the United States intends to seek a judgment against the defendants for a sum of money representing the property described in this paragraph (to be offset by the forfeiture of any specific property).

53. The grand jury finds probable cause to believe that the property subject to forfeiture by PAUL J. MANAFORT, JR., includes, but is not limited to, the following listed assets:

a. The real property and premises commonly known as 377 Union Street, Brooklyn, New York 11231 (Block 429, Lot 65), including all appurtenances, improvements, and attachments thereon, and any property traceable thereto;

b. The real property and premises commonly known as 29 Howard Street, #4D, New York, New York 10013 (Block 209, Lot 1104), including all appurtenances, improvements, and attachments thereon, and any property traceable thereto;

c. The real property and premises commonly known as 1046 N. Edgewood Street, Arlington, Virginia 22201, including all appurtenances, improvements, and attachments thereon, and any property traceable thereto;

d. The real property and premises commonly known as 174 Jobs Lane, Water Mill, New York 11976, including all appurtenances, improvements, and attachments thereon, and any property traceable thereto;

e. Northwestern Mutual Universal Life Insurance Policy 18268327, and any property traceable thereto;

f. All funds held in account number XXXX7988 at Charles A. Schwab & Co. Inc., and any property traceable thereto; and

g. All funds held in account number XXXXXX0969 at The Federal Savings Bank, and any property traceable thereto.

The question of how much of his ill-gotten gains is subject to forfeiture was a big deal in the Rick Gates plea (and likely was a big deal to Sam Patten when he pled guilty to earning $1 million as an unregistered sleazy influence peddler). While Manafort doesn’t have young kids to raise, as Gates does, the sheer scale of his possible forfeiture no doubt makes such discussions even more fraught.

Up until now, it has always seemed that the most logical explanation for Manafort’s actions was a calculus that the evidence against him was so overwhelming and the prison sentence he faced so substantial that his best bet was to do anything he could to get a presidential pardon.

But now, he already faces losing around $16 million and stands to lose $30 million more. He’s been effectively broke since 2016 anyway. And it’s not clear that a presidential pardon prevents that from happening.

So on top of calculating whether he trusts Trump enough to rely on that pardon, Manafort (and the lawyers he likely still has to pay) also have to be wondering how many houses his freedom is worth.

That certainly strengthens Mueller’s hand in these negotiations.

As I disclosed July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The Frothy Right Is Furious that Peter Strzok Pursued the Guy Leaking about Carter Page

Close to midnight on June 3, 2017, Lisa Page texted Peter Strzok to let him know that Reality Winner was in custody. Page used the same shorthand she and Strzok (and presumably, those around them) consistently use to describe leak investigations, ML, media leaks.

They used the term elsewhere, as when Strzok said “media leaks and what I do for a living” when responding to the first reports that Mueller was investigating Trump (and hypothesizing about who the WaPo’s likely sources were).

Significantly, they used the term on April 10, 2017, when trying to figure out how to respond to DOJ’s effort to increasingly politicize leak investigations.

Indeed, Strzok’s lawyer has issued a statement confirming this is how Strzok and Page used the term.

The term ‘media leak strategy’ in Mr. Strzok’s text refers to a Department-wide initiative to detect and stop leaks to the media. The President and his enablers are once again peddling unfounded conspiracy theories to mislead the American People.

In spite of all that context, Mark Meadows has the entire frothy right, from Sara Carter to Fox News to Don Jr to his dad, worked up about two newly produced texts, based on this letter to Rod Rosenstein, which gets just about every thing wrong.

Before I explain how wrong Mark Meadows’ letter is, let me point out two things.

Michael Horowitz has already investigated a media leak text and found no misconduct

First, Michael Horowitz is (with the possible exception of DOD’s Glenn Fine) the best Inspector General in government. His office spent over a year investigating the work of Peter Strzok and Lisa Page; he wrote a 500-page report on it. And when he found evidence that even looked like impropriety, acted on it immediately and then formally, leading to Strzok’s firing. He has also spent a year investigating whatever calls went between FBI lines and reporters covering Hillary or Trump. He even drew pretty pictures showing each one of concern.

As part of both investigations, he examined a text in the series Meadows is concerned about (the April 10 one, above). And in spite of examining Page and Strzok, including a relevant text, at such length, Horowitz found no impropriety with the discussions about how to investigate leaks to the media.

We know the likely culprit for the leak the frothy right is blaming on Page and Strzok

The punchline of Meadows’ letter — as fed via the always-wrong Sara Carter — is a claim that Strzok and Page were the source for the WaPo story revealing that FBI obtained a FISA order on Carter Page.

The review of the documents suggests that the FBI and DOJ coordinated efforts to get information to the press that would potentially be “harmful to President Trump’s administration.” Those leaks pertained to information regarding the Foreign Intelligence Surveillance Court warrant used to spy on short-term campaign volunteer Carter Page.

Aside from how fucking stupid you’d have to be to believe that Strzok would go to great lengths to get a FISA order on Page and then tell the entire world about it, there’s another reason that the frothy right should know this is wrong: because we know the likely culprit for it.

As I noted in my first post on the James Wolfe indictment, that investigation appears to have started to (and focused on) finding the source for the WaPo story the frothy right now blames on Strzok and Page.

The government lays out clear proof Wolfe lied about conversations with three reporters. With Watkins and another, they point to stories about Carter Page to do so. The Watkins story is this one, confirming he is the person identified in the Evgeny Buryakov indictment. Another must be one of two stories revealing Page was subpoenaed for testimony by the Senate Intelligence Committee — either this one or this one.

I’m most interested, however, in this reference to a story the FBI raised with Wolfe in its interview, a story for which (unlike the others) the indictment never confirms whether Wolfe is the source.

During the interview, FBI agents showed WOLFE a copy of a news article authored by three reporters, including REPORTER #1, about an individual (referred to herein as “MALE-l), that contained classified information that had been provided to the SSCI by the Executive Branch for official purposes

The story suggests they don’t have content for the communications between Wolfe and Reporter #1, and the call records they’re interested in ended last June (meaning the story must precede it).

For example, between in or around December 2015 and in or around June 2017, WOLFE and REPORTER #1 communicated at least five times using his SSCI email account.

For that reason, I suspect this is the story they asked about — whether Wolfe is a source for the original credible story on Carter Page’s FISA order. The focus on Page generally in the indictment suggests this investigation started as an investigation into who leaked the fact that Page had been targeted under FISA, and continued to look at the stories that revealed classified details about the investigative focus on him (stories which he rightly complained to SSCI about).

The government didn’t charge Wolfe for that story — they just (appear to have) included his lies about whether he knew the reporters behind it among the lies they charged him for. But that’s a common strategy for FBI when dealing with a leak investigation the direct prosecution of which would require declassifying information, particularly with someone like Wolfe who could easily graymail the government. Moreover, the docket in his case has the look of one where the defense is considering a plea to avoid more serious charges.

Now consider how they got Wolfe. Not only did the government go after a trusted employee, not only did they very publicly access his Signal and WhatsApp texts, not only did they get Congress to waive speech and debate (which very rarely happens), but they also obtained years of Ali Watkins’ call records, both directly and via Temple University.

In other words, the prosecution of James Wolfe pushed prior protocols on leak investigations on a number of fronts: going after favored insiders, going after encrypted comms, going after employees of Congress, and going far more aggressively after a journalist and a college student than would seem necessary. That’s precisely the kind of thing that FBI and DOJ would debate as part of revising their strategy to more aggressively pursue media leaks.

So the James Wolfe case not only provides a likely culprit for the leak, but probably even evidence that shifts in the media leak strategy did happen, shifts resulting in far more aggressive pursuit of leaks than happened at the end of the Obama Administration.

Mark Meadows dangerously wrong

Which brings us, finally, to the many errors of Mark Meadows’ letter to Rosenstein. Once again, the premise of the letter is that two next texts (one of which obviously relates the one I posted above) create grave new concerns.

As you may know, we recently received a new production of documents from the Department providing greater insight into FBI and DOJ activity during the 2016 election and the early stages of the Trump administration. Our review of these new documents raises grave concerns regarding an apparent systemic culture of media leaking by high-ranking officials at the FBI and DOJ related to ongoing investigations.

Review of these new documents suggests a coordinated effort on the part of the FBI and DOJ to release information in the public domain potentially harmful to President Donald Trump’s administration. For example, the following text exchange should lead a reasonable person to question whether there was a since desire to investigate wrongdoing or to place derogatory information in the media to justify a continued probe.

April 10, 2017: Peter Strozk [sic] contacts Lisa Page to discuss a “media leak strategy.” Specifically, the text says: “I had literally just gone to find this phone to tell you I want to talk to you about media leak strategy with DOJ before you go.”

April 12, 2017: Peter Strozk [sic] congratulates Lisa Page on a job well done while referring to two derogatory articles about Carter Page. In the text, Strzok warns Page two articles are coming out, one which his “worse” than the other about Lisa’s “namesake.” [see update below] Strzok added: “Well done, Page.”

Meadows goes on to cite the WaPo story revealing Page’s FISA order and Andrew Weissman’s meeting with the AP (in which, per court testimony from the Manafort trial, the AP provided information useful to the investigation into Manafort, but which — significantly — led to the warrant on Manafort’s condo which may have led to the discovery of information that implicates Trump).

Meadows is just wrong. Both texts he already has and the Wolfe case “should lead a reasonable person” to understand that the same people who had long pursued leak investigations still were doing so, doing so in an increasingly politicized environment, but doing so with results that would employ more aggressive techniques and would find the likely culprit behind the WaPo story in question (not to mention send Reality Winner to prison for five years).

But all that’s just a premise to claim that because he imagines, fancifully, that Page and Strzok were leaking about ongoing investigations to the press (when in fact they were investigating such leaks), he should be able to get the FBI to talk about ongoing investigations.

During our interviews with Peter Strozk [sic] and Lisa Page, FBI attorneys consistently suggested witnesses could not answer questions due to the US Attorneys’ Manual’s policy for ongoing investigations. However, documents strongly suggest that these same witnesses discussed the ongoing investigations multiple times with individuals outside of the investigative team on a regular basis.

Not only is Meadows almost certainly wrong in his accusations against Strzok and Page, but he’s also ignoring that there are two ongoing investigations being protected here — both the general Russian investigation, but also the prosecution of Wolfe for behavior that likely includes the story he’s bitching about.

Meadows then uses what he even seems to admit are authorized media contacts as a transition paragraph.

Our task force continues to receive troubling evidence that the practice of coordinated media interactions continues to exist within the DOJ and FBI. While this activity may be authorized and not part of the inappropriate behavior highlighted above, it fails to advance the private march to justice, and as such, warrants your attention to end this practice.

The transition paragraph — which I’ll return to — leads to the whole point of the letter, Meadows’ demand that, because he has trumped up a false accusation against Strzok and Page, he should be able to interview FBI agents he believes will undermine the investigation into Donald Trump.

In light of the new information, our task force is requesting to review text messages, emails, and written communication from FBI and DOJ officials Stu Evans, Mike Kortan, and Joe Pientka between June 2016 to June 2017. To be clear, we are not suggesting wrongdoing on the part of Evans, Kortan, and Pientka–and, in fact, previously reviewed documents suggest that some of these individuals may share the committees’ same concerns. However, these additional documents, with an emphasis on communications between the aforementioned individuals and Peter Strozk [sic], Andrew McCabe, Lisa Page, Bruce Ohr and Andrew Weissman, would provide critical insight into the backdrop of the Russian investigation.

Meadows is looking, among other things, testimony that says Pientka didn’t believe Mike Flynn lied when he interviewed Trump’s National Security Advisor with Strzok. But he’s doing so specifically for a time period that ends before the evidence showing that Flynn did lie came into FBI (in part, when Mueller obtained Transition emails showing Trump closely directed Flynn’s conversations with Sergei Kislyak.

Now back to authorized media interactions. I happen to know something about how they work. I had a conversation with the FBI that pertained, in part, to whether there was a tie between Russian criminals and the President, one that also pertained to my perception of possible threats. Apparently Meadows thinks that such a conversation “fails to advance the private march to justice,” though it’s not clear what he means by that.  I mean, thus far, I have been very circumspect about the content of such conversations; is Meadows really asking me to air details before the midterms? I have thus far hesitated to share suspicions I had, believing it would be inappropriate for anyone besides Mueller and the FBI to air such things publicly, until they had corroborated my suspicions. But Meadows apparently believes it important to air investigative details before the election.

The better option — one that would put the rule of law and the security of the nation ahead of partisan obstruction — would be for Meadows to stop inciting hoaxes among the frothy right. Or maybe, at least, the frothy right can recognize that Meadows has serially embarrassed them as they credulously repeat whatever hoax he floats?

Update: After Jerrold Nadler and Elijah Cummings released a response noting some of Meadows’ errors, he fixed just one of the errors in his letter, admitting that the “well done, Page” language was actually from an April 22, 2017 text that reads, “article is out! Well done, Page,” and which obviously refers to this story on Jim Comey.

As I disclosed July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Is a Tie with Vladimir Putin What Makes Mariia Butina More of a Spy than Paul Manafort?

Given my continued obsession with the border between the spying charge (18 USC 951) with which Mariia Butina got charged and the FARA charge (22 USC 611 et seq.) with which Paul Manafort got charged, I find this footnote from the government’s opposition to Butina’s request for bail of particular interest.

14 The defendant also attempts to rely on the government’s search warrant seeking “evidence of a potential violation under FARA.” ECF No. 23-1 at 7. As the defendant later acknowledges, id. at 15, the search warrants the government obtained for the defendant’s residence authorized it to search for potential violations of 18 U.S.C. §§ 371 and 951, as well as 22 U.S.C. § 611 et seq.

It reveals that at the time they searched Butina’s residence on April 25, 2018, the FBI had not determined whether they considered her just a sleazy foreign influence peddler or a spy. The government had explained that, in that or a subsequent search they found several pieces of evidence she had ties to the FSB, including a note reflecting a job offer. The search also included access to her devices, which revealed a slew of “taskings” from Aleksandr Torshin, which the government will use (if this ever goes to trial) to prove Butina worked as an agent for the Russian government.

So that may be one of the things that led them to charge her as a spy, rather than just a sleazy influence peddler.

The opposition filing provides more details, however, that may explain the charge.

Pre-meditation: the operation started in 2015

I had noted, here, that one difference between Butina and Manafort likely stemmed from her necessity to lie to get a visa, something the government repeats here.

In 2016, the defendant applied for and was granted an F1 student visa to study at American University in Washington, D.C. On her application, she identified her current employer as “Antares LLC” and described the Russian Official as a previous employer. Nonetheless, once resident in the United States, the defendant continued her efforts at the direction of the Russian Official to establish connections with U.S. Political Party 1 and other U.S. officials and political operatives.

They also defend a claim they made about her current visa, which she obtained to ensure she’d be able to travel back and forth from Russia, another detail the defense had spun to great effect.

The defense asserts, ECF No. 23-1 at 13 n.12 & ECF No. 23-8, that the government made a misrepresentation regarding the type of visa for which the defendant recently applied and implies that it did so intentionally. The government acknowledges the error in its Memorandum in Support of Detention regarding the label it applied to the visa. ECF No. 8 at 8. But the substance of the government’s contention—that the defendant could travel to and from the United States per her new visa’s terms, but not per the terms of her F-1 visa after her graduation—is true of the Optional and Practical Training visa extension for which the defendant applied. In other words, the “B1/B2” label the government used to describe the visa was incorrect, but its underlying its argument was correct.

But this filing also adds further details of how pre-meditated Butina’s plan was, describing a plan she wrote up in March 2015.

Beginning as early as 2015, the defendant wrote a proposal intended for Russian officials laying out her plan to serve as an unofficial agent or representative to promote the political interests of the Russian Federation vis-à-vis the United States.

[snip]

In 2015, the defendant created a document entitled “Description of the Diplomacy Project,” in March 2015, which included a proposal to cultivate political contacts in the United States.

Interestingly, amid a list of Russian officials the FBI has evidence she had contact with, is a phone call she had with Sergey Kislyak in May 2015, when this operation was still in the planning stages.

At the detention hearing on July 18, 2018, defense counsel argued, “There’s no evidence [the defendant has] been in a diplomatic car. There’s no evidence that she’s been to the embassy. There’s no evidence that she’s been in contact with the consulate. ECF No. 12 at 55:21-25. But after the government proffered that it had seen photos of the defendant with the former Russian ambassador to the United States, ECF No. 12 at 58:8-18, counsel admitted that he was aware of at least one photograph of the defendant with the former Ambassador at “a movie screening hosted by a Russian cultural group in Washington.” Id. at 59:19-21. The government now proffers that it possesses additional photographs of the defendant and the Russian Official with the former Russian ambassador to the United States; that the defendant’s calendar shows a call with the former ambassador in May 2015; and that the defendant’s journal reflects her plan to meet with the current Russian ambassador to the United States upon his arrival to the United States. The government also possesses a photograph of the defendant with the Russian ambassador dated October 2017. [my emphasis]

Putin’s personal involvement

Finally, as noted here, this filing provides more evidence of Putin’s involvement (even though one premise of the operation is to suggest some in Russia are planning for a post-Putin future). The filing describes Erickson calling Torshin “Putin’s emissary.”

The government has developed other evidence over the course of the conspiracy that establishes taskings by the Russian Official (whom U.S. Person 1 has referred to as “Putin’s emissary”) and actions within the United States in response to those taskings by the defendant

It describes Erickson pitching Putin’s involvement when arranging for the Russian delegation to the National Prayer Breakfast.

Reaction to the delegation’s presence in America will be relayed DIRECTLY to President Putin and Foreign Minister Sergey Lavrov (who both had to personally approve the delegation’s travel to this event).

And that Putin involvement came at the last minute — the weekend of January 20-21, 2017.

[Erickson] noted, “I was ahead of this in December, but last weekend Putin decided to up his official delegation – if we can accommodate them, we can empower rational insiders that have been cultivated for three years.”

Diplomatic attention even beyond propaganda-making

All of which may explain why the Russians have made such an effort to pressure for Butina’s release.

Since the detention hearing in this case, the actions of the Russian Federation and its officials toward the defendant have confirmed her relationship with, and value to, her own government. To date, the Russian government has conducted six consular visits with the defendant. It also has passed four diplomatic notes to the U.S. Department of State.2 According to the Russian Ministry of Foreign Affairs, Russian Foreign Minister Sergey Lavrov has spoken to the U.S. Secretary of State twice to complain about this prosecution.3 The official Kremlin Twitter account changed its avatar to the defendant’s face and started a #FreeMariaButina hashtag. RT, a Russian television network funded by the Russian government, has published numerous articles on its website criticizing this prosecution and the defendant’s detention.4 Russia has issued more diplomatic notes on the defendant’s behalf in the past month than for any other Russian citizen imprisoned in the United States in the past year. Put simply, the Russian government has given this case much more attention than other cases.

2 Diplomatic notes are used for official correspondence between the U.S. Government and a foreign government. The Department of State serves as the official channel for diplomatic communications between the U.S. government and a foreign government.

3 Press release on Foreign Minister Sergey Lavrov’s telephone conversation with US Secretary of State Mike Pompeo, July 21, 2018 available at http://www.mid.ru/en/web/guest/foreign_policy/news/-/asset_publisher/cKNonkJE02Bw/ content/id/3302434 (last accessed Sept. 7, 2018); Press Release on Foreign Minister Sergey Lavrov’s telephone conversation with US Secretary of State Mike Pompeo, August 23, 2018, available at http://www.mid.ru/en/web/guest/foreign_policy/news/-/asset_publisher/ cKNonkJE02Bw/content/id/3323966 (last accessed September 7, 2018).

4 See, e.g., “Accused ‘Russian Agent’ Butina moved to another jail, now in ‘borderline torture’ conditions,” RT, August 19, 2018, available at https://www.rt.com/usa/436301-butinamoved-torture-prison/ (last accessed Sept. 2, 2018); “‘A real witch hunt’: Moscow says student Butina is being held as ‘political prisoner’ by US,” RT, July 26, 2018, available

Though, of course, some of this is the simple counterpart to what Butina’s attorneys complain DOJ is doing: because she’s a pretty woman, she makes for good propaganda that Russia can use to accuse the US of abuse. Still — Butina has gotten more reported attention than even Yevgeniy Nikulin, another case the Russian government has shown exceptional interest in.

Spying doesn’t require tradecraft

Her lawyers’ opposition to a government bid for a gag order repeats, in more dramatic fashion, a claim they had made in their bid for bail: that the government has presented no evidence of traditional tradecraft.

Maria Butina is in a cell, pretrial, 22 hours a day for crimes she did not commit and for government falsehoods and never-tested theories of culpability that have not (and will never) pan out. For all of the government insinuation and media coverage of Hollywood style, spy-novel allegations, in reality this case is bereft of any tradecraft or covert activity whatsoever. There are no dead drops, no brush passes, no secret communication devices, no bags of cash or payoffs, no bribes, no confidential secret information gathering, no espionage type activity, and no agency or agreement to commit crime.

Ultimately, though, the government relies on the elements of the offense, and confirm what I had suggested here — “he mis-states what the materials say about exempting political activity, not least because, per other materials, section 611 can be a subset of a section 951 violation.”

The elements of a violation of 18 U.S.C. § 951 are that (1) the defendant acted in the United States as an agent of a foreign government; (2) that the defendant failed to notify the Attorney General of the United States that she would be acting in the United States as an agent of a foreign government prior to so acting; and (3) that the defendant acted knowingly, and knew that she had not notified the attorney general.

But neither the USAM nor the Criminal Resource Manual contain any provisions that “specifically exempt[] section 951 from applying to ‘foreign agents engaged in political activities.’” ECF No. 23-1 at 7. Setting aside whether the defendant’s alleged activities are “purely political”—which the government does not concede—the sections of the USAM and Criminal Resource Manual cited by the defendant do not specifically exempt political activity undertaken at the behest of a foreign government or foreign government official from prosecution under 18 U.S.C. § 951. Further, the Inspector General’s Report cited by the defendant, id. at 6, n.4, quotes National Security Division officials as stating, “unlike FARA . . . Section 951 can be aimed at political or non-political activities of agents under the control of foreign governments.” U.S. DOJ, Office of the Inspector General, Audit of the National Security Division’s Enforcement and Administration of the Foreign Agents Registration Act, at ii (Sep. 2016), available at https://oig.justice.gov/reports/2016/a1624.pdf (last visited Aug. 26, 2018). More importantly, the USAM “is not intended to, does not, and may not be relied upon to create any rights, substantive or procedural, enforceable at law by any party in any matter civil or criminal.” United States v. Goodwin, 57 F.3d 815, 818 (9th Cir. 1995) (quoting USAM § 1-1.100); cf. United States v. Caceras, 440 U.S. 741, 754 (1979) (IRS manual does not confer any substantive rights on taxpayers but is instead only an internal statement of penalty policy and philosophy). 14

One final thing: this opposition motion makes it clear how pissed Butina and Torshin were when news of the DNC hack broke, knowing it would focus more attention to their own operation.

In July 2016, in a series of revealing communications, the defendant, U.S. Person 1, and the Russian Official expressed concern about how their operation might be affected by news reports that Russia had hacked the emails of the Political Party 2 National Committee. U.S. Person 1 worried that “it complicates the hell out of nearly a year of quiet back-channel diplomacy in establishing links between reformers inside the Kremlin and a putative [Political Party 1] administration (regardless of nominee or president). . . . What a colossal waste of lead time.” The defendant told the Russian Official, “Right now I’m sitting here very quietly after the scandal about our FSB hacking into [Political Party 2’s] emails. My all too blunt attempts to befriend politicians right now will probably be misinterpreted, as you yourself can understand.” The Russian Official responded by telling the defendant, she was “doing the right thing.”

Parallel processing: Not just about Trump

And it describes Butina first latching on to Scott Walker before picking up with Trump.

At some point, she identified a particular candidate (“Political Candidate 1”), whom she believed to have the best chance of becoming Political Party 1’s nominee for President. On July 14, 2015, the Russian Official requested that the defendant send him a report about Political Candidate 1’s announcement of his candidacy for the Presidency. She did so the next morning. After recounting Political Candidate 1’s speech, the defendant reported that she had a “short personal contact” with Political Candidate 1, with whom she had had previous personal contact, as well as one of his three advisors in matters of international politics. The day prior, the defendant had written to the Russian Official, “Judging from American polls – our bet on [Political Candidate 1] is correct.”

It describes the arc of the operation as an attempt to be well-positioned after the 2016 election.

[Butina] was working as an undeclared agent on behalf of the Russian Federation to position herself and that official to exert Russian influence over U.S. policies towards Russia after the 2016 Presidential election.

All that leads me to believe that the government is beginning to view the Torshin operation as a parallel effort to the election hack one, an effort that had Putin’s direct involvement in.

So it’s not just that the government has decided she has real ties to Russia’s spooks. It’s that the scope of her effort, and the involvement of Putin, raises the stakes for her custody, but also for any attempt to learn how these operations fit together.

Spy versus Spy: The Two Alleged Agents of Foreign Powers Sitting in the Alexandria Jail, Part Two (Mariia)

In this post, I laid out the difference between two laws criminalizing foreign agents of influence, 22 USC 611 et seq. (FARA) and 18 USC 951. Paul Manafort is charged with the former; Rick Gates, Mike Flynn, and Sam Patten have also all pled guilty to FARA related crimes; Mariia Butina is accused of the latter.

I think, particularly as Mueller’s investigation begins to put real teeth in FARA (and as nation-state spying hides under new kinds of cover and funding arrangements), the border between the two crimes will become increasingly tenuous. A comparison of Butina and Manafort shows some of the ways that’s clear.

Butina’s lawyer pitches her actions as lobbying

In response to her charges, her attorney Robert Driscoll has repeatedly denied she’s an agent of Russia, not by denying she did what Aleksandr Torshin instructed her to, but by claiming that hers is just a regulatory filing case.

“This is not an espionage case, this is not a spy case, this is a regulatory filing case,” in which Butina didn’t file the correct paperwork with the Justice Department, Driscoll told Robnson in arguing why she should be freed pending trial.

“She’s not an agent of the Russian Federation,” Driscoll told reporters after the hearing.

In a bid to overturn Magistrate Deborah Robinson’s decision to deny Butina bail, Driscoll minimizes the Russian’s activities as “going to dinners among intellectuals and foreign policy wonks to discuss U.S.-Russia relations, attending two National Prayer Breakfasts, and booking hotel rooms at the Washington Hilton, if true, is anything but an ‘obvious’ danger to the public.” He argues, “the allegations do not involve spying, tradecraft, classified information, or any other hallmarks of an espionage case.” To rebut any claim of covert operation, Driscoll points to the fact that one of the actions in her indictment — a dinner hosted by her unindicted co-conspirator, George O’Neill, just after the National Prayer Breakfast — was hosted by O’Neill and written up in the press (one of two stories he cited was written by O’Neill).

She is accused of arranging dinners to promote better relations between Russia and the United States although the very dinner that is listed as a predicate act for her alleged crimes was written about in Time Magazine and the American Conservative—hardly covert activity—and, in actuality, was initiated, organized, and directed by an American citizen, not the Russian government.3

He argues that the government charged Butina with section 951 as a tactical move, to make it easier to prosecute political activity (I’m not a lawyer, but I’m virtually certain he mis-states what the materials say about exempting political activity, not least because, per other materials, section 611 can be a subset of a section 951 violation).

To distract from the frailty of its charges, the government reprises that Ms. Butina is charged under section 951 and not FARA. However, that charging decision alone contradicts the Justice Department’s own policies, and perhaps was made as an attempt to aggrandize her conduct and mischaracterize her innocent political interest as nefarious.

That is, the Department of Justice (“DOJ”) Criminal Resource Manual makes a distinction between section 951 and a FARA violation. It describes FARA under section 611 et seq. as requiring an agent of a foreign principal engaged in political activities to register. See U.S. Dep’t of Justice, United States Attorneys’ Manual 9-90.700 and 9-90.701; and see Criminal Resource Manual at 2062. It also discusses other federal statutes like section 951, which is “aimed at persons loosely called foreign agents” but specifically exempts section 951 from applying to “foreign agents engaged in political activities.” Id. In plain English, DOJ further notes among frequently asked questions that section 951 is only “aimed at foreign government controlled agents engaged in non-political activities.”5

The government’s April, 2018 search warrant sought evidence of a potential violation under FARA.

[snip]

[A]lthough such allegations are unfounded and untrue, and although the government’s searches revealed no hidden transmitters, wads of cash, counterfeit passports, and plane tickets back to Moscow, the government still decided to paper a case against Ms. Butina under section 951. This decision shows that the government desired to overcharge and inflate her conduct for tactical advantages versus act with restraint or, at a minimum, be consistent with the DOJ and National Security Division’s own publicized understanding of appropriate charges.

And Driscoll doesn’t even concede she violated FARA.

[F]or reasons only it is aware, the government has charged Ms. Butina under 18 U.S.C. § 951 rather than the Foreign Agent Registration Act (“FARA”), 22 U.S.C. § 611 et seq., which generally carries civil penalties and much less severe criminal penalties (for circumstances far more egregious than the facts alleged here). Much like a FARA case, the government does not allege that Ms. Butina undertook any independently illegal activities in the United States. The only thing that made her alleged conduct illegal, if true, is that she did not notify the Attorney General prior to undertaking it.

[snip]

At bottom, the government’s case appears to be a novel attempt to stretch 18 U.S.C. § 951 to cover the activities of a foreign national student under the theory that her communications (about non-classified public source material) with contacts in her home country made her an “agent” of that country. The serious charges against her should be viewed in that context, which makes this case distinctly different from a typical section 951, “espionage-like or clandestine behavior” case.4

The lobbying included in Butina’s alleged crimes

To some extent, Driscoll is right: the government’s description of the allegations against Butina does focus closely on activity that might fall under FARA’s political activities (though, as noted, he cites a DOJ statement that suggests sections 611 and 951 are mutually exclusive, when by my understanding sections 611 can be a part of 951).

Many of the activities Butina is alleged to have done involve things that might be classified as lobbying. In her arrest affidavit, DOJ describes how Butina, with help from Paul Erickson, identified a network of influential Americans, including the NRA, to whom she could pitch closer relations with Russia. George O’Neill helped Butina set up a series of “friendship and dialogue” dinners. A number of her activities, such a publishing an article in The National Interest, are precisely the kinds of things FARA attempts to provide transparency on. This is where Driscoll gets his claim that Butina only “arrang[ed] dinners to promote better relations between Russia and the United States.”

Butina was directed by Aleksandr Torshin

A number of the allegations would support either a FARA or 951 violation.

The affidavit makes it clear she was following the directions of Aleksandr Torshin, the Deputy Governor of Russia’s Central Bank and as such an official representative of the government.

On the night of the election, for example, she asked for orders from Torshin, “I’m going to sleep. It’s 3 am here. I am ready for further orders.” The two moved to WhatsApp out of Torshin’s concern “all our phones are being listened to.” It’s clear, too, she and Torshin were hiding the role of the Russian government behind her actions. When she sent a report on a conference to establish a dialogue with US politicians, she said it “must be presented as a private initiative, not a government undertaking.”

The government even presented proof that Butina’s actions were approved by people close to Putin himself.

On March 14, 2016, Butina wrote O’Neill that what DOJ calls a  “representative of the Russian Presidential administration” had expressed approval “for building this communication channel,” suggesting she and Torshin had direct approval from Putin. “All we needed is <<yes>> from Putin’s side,” Butina explained to O’Neill.

With one exception, Driscoll largely offers bullshit in response to the government’s evidence she operated as a Russian government agent (indeed, his recognition that Butin advertised being Torshin’s special assistant on one of her business cards confirms that she continued to work for Torshin). He includes a letter of grad school recommendation for Butina for Columbia as proof of … it’s not clear what, particularly since Torshin includes his government affiliation on the letter.

Still: Paul Manafort was operating on behalf of a foreign government while Viktor Yanukovych remained in power, yet DOJ charged him with FARA, not section 951. The bar to meet foreignness under FARA is broader than it is under section 951, but lobbying for a foreign government can be sufficient to it. Yet Butina got charged under section 951, not FARA.

Paid by an oligarch

The exception to my claim that Driscoll offers little to rebut (in court filings — his statements to the press are another issue) that Butina was directed by the Russian government is the issue of her funding, which the government notes comes from an oligarch that Butina identified to the Senate Intelligence Committee as Konstantin Nikolaev.

Her Twitter messages, chat logs, and emails refer to a known Russian businessman with deep ties to the Russian Presidential Administration. This person often travels to the United States and has also been referred to as her “funder” throughout her correspondence; he was listed in Forbes as having a real-time net worth of $1.2 billion as of 2018. Immediately prior to her first trip to the United States in late 2014, Butina engaged in a series of text messages with a different wealthy Russian businessman regarding budgets for her trip to the United States and meetings with the aforementioned “funder.”

Driscoll points to this to disclaim a tie between her and the Russian state.

[T]he Russian Federation did not pay for her travel to the United States, her tuition, her living expenses, or make any payments to her at all.

This is actually an interesting point, because while FARA requires only that a person be working as an agent of a foreign principal (which might include, for example, an oligarch), section 951 requires that the agent be working on behalf of a foreign government. Butina no doubt still qualifies, given her tie to Torshin.

But particularly when comparing Manafort and Butina, both of whom worked at the border between laundered oligarch cash and government officials, the detail is of particular interest. If Russia outsources its intelligence operations to oligarchs (the Internet Research Agency’s Yevgeniy Prigozhin is another example), will that intelligence still qualify as spying under section 951?

In any case, thus far, the allegations against Butina and Manafort are fairly similar: both were hiding the fact that their political activities were backed by, and done in the interest of, Russian or Russian-backed entities.

The evidence for covert action

One area where Butina may go further than Manafort (at least for his pre-election work) is in the means by which she was trying to hide her work.

In spite of the great deal of publicity Butina made of her own actions — with all the pictures of her and powerful Republican men — the government affidavit also described Butina trying to set up (in her words) a “back channel” of communication with influential Americans.  On October 4, 2016, Erickson emailed a friend admitting he had “been involved in security a VERY private line of communication between the Kremlin and key [Republican] leaders through, of all conduits, the [NRA]. The affidavit describes Butina telling Torshin that her Russia-USA friendship society” is “currently ‘underground’ both here and there.” When discussing the list of delegates to the 2017 National Prayer Breakfast with Erickson in late November, she said the attendees were seeking to establish a “back channel of communication.”

Manafort was trying to hide that the lobbying he paid for was done for Yanukovych’s benefit, but there’s no allegation his pre-election work aimed to set up a secret channel of communication between Yanukovych and Congress.

Of particular interest, given the parallel efforts on voter suppression from Roger Stone and the Russians, Butina floated serving as an election observer. Torshin argued that “the risk of provocation is too high and the ‘media hype’ which comes after it.” But Butina argued she’d only do it incognito.

The honey pot claim

Then there’s the specific government insinuation that Butina was engaged in a honey pot operation. It substantiates this two ways — first, by suggesting she’s not that into Erickson.

Further, in papers seized by the FBI, Butina complained about living with U.S. Person 1 and expressed disdain for continuing to cohabitate with U.S. Person 1.

It also alleges she offered sex for favors.

For example, on at least one occasion, Butina offered an individual other than U.S. Person 1 sex in exchange for a position within a special interest organization.

Driscoll pretty convincingly argues the government misinterpreted this last bit.

The only evidence the government relied on for its explosive claim was an excerpt from an innocuous three-year-old text exchange (attached as Exhibit 3) sent in Russia between Ms. Butina and DK, her longtime friend, assistant, and public relations man for The Right to Bear Arms gun rights group that she founded.

DK, who often drove Ms. Butina’s car and thus was listed on the insurance, took the car for its annual government-required inspection and insurance renewal, and upon completion, texted (according to government translators), “I don’t know what you owe me for this insurance they put me through the wringer.” Ms. Butina jokingly replied, “Sex. Thank you so much. I have nothing else at all. Not a nickel to my name.” DK responded: “Ugh . . . ( ”—that is, with a sad face emoticon.

Aside from the fact that Maria is friends with DK’s wife and child and treats DK like a brother, the reference to sex is clearly a joke.

We still haven’t seen the government response to this, but what Driscoll presents does support his claim this is a “sexist smear.”

But Driscoll’s dismissal of the other claim — that Butina disdained living with Erickson — is far less convincing.

[I]n response to her girlfriend’s own complaints about her boyfriend’s failure to call in three weeks (accompanied by an angry face emoji) that Maria responds that her own boyfriend (Mr. Erickson) has been “bugging the sh*t out of me with his mom” and that she has “a feeling that I am residing in a nursing home.” “Send a link to the dating app[,]”

Driscoll spins this as an attack on Erickson’s now late mother, but doesn’t address the central allegation that she likened living with her much older boyfriend to living in a nursing home. Nor that she started the exchange by saying “let’s go have some fun with guys!!!” because she was “Bored. So there.” Furthermore, Butina seemed concerned that her use of Tinder would become public because she logged in using Facebook.

Though he has been sharing schmaltzy videos of Butina and Erickson with ABC, Driscoll also doesn’t address the fact that as early as May, Butina was proffering to flip on Erickson in fraud charges in South Dakota, which would have the effect of putting her in a position to negotiate permanent visa status independent of him, while limiting her own legal exposure.

A student visa or tourist one?

One key distinction between Manafort and Butina stems from the fact that she’s not a citizen.

The government’s detention motion also notes that Butina “use[d] deceit in a visa application.” They describe her attendance at American University as her cover, one she chose after rejecting carrying out the operation on tourist visas.

Butina chose a student visa from a range of options for her ultimate application, but not before a lengthy discussion of the risks associated with traveling to the United States repeatedly on a tourist visa. The FBI has discovered text messages and emails between U.S. Person 1 and Butina in which Butina would routinely ask U.S. Person 1 to help complete her academic assignments, by editing papers and answering exam questions. In other words, although she attended classes and completed coursework with outside help, attending American University was Butina’s cover while she continued to work on behalf of the Russian Official.

The government also notes that Butina claimed she was no longer employed by Torshin on her visa application. It points to her visa fraud as additional support that she did not intend to register as required by the law.

Butina entered the United States with the express purpose of working as part of a covert Russian influence campaign and did not disclose that fact—not on her visa application and not to the Attorney General.

Driscoll offers a narrow (and to my mind, unconvincing) defense, arguing the government hasn’t shown proof she lied on her form, when the claim is, instead, that intercepts show she applied for a student visa over a tourist visa because of the immigration advantages it offers.

[T]he government has also failed to provide any evidence to support its claim that Maria affirmatively lied on her application for a student visa should give this Court pause.

To be clear: this doesn’t mean Americans can’t be charged under section 951. In June, for example, DOJ charged Ron Rockwell Hansen under section 951 for spying for China.

But because Butina had to find a way to get and stay in the US, she had to game out the best way to do so, and that adds to the evidence that her entire purpose for being in the US is to push Russian policies. That is, it may be easier to charge a foreigner under section 951 because it often involves lying on visa forms.

Ongoing ties with Russian intelligence

Finally, there are ties with spooks.

The government alleges that Butina had ongoing ties with the Russian intelligence agencies, including a private meal with a suspected Russian intelligence operator, Oleg Zhiganov (whom Driscoll identified, to the government’s displeasure, to Politico).

FBI surveillance observed Butina in the company of a Russian diplomat in the weeks leading up to that official’s departure from the United States in March 2018. That Russian diplomat, with whom Butina was sharing a private meal, was suspected by the United States Government of being a Russian intelligence officer.

The government also cites from pointed to a conversation where Torshin likened Butina to Anna Chapman (see below) and argued that showed that Torshin treated her a covert spy. The government further points to a document suggesting she considered a job with FSB (though remains murky about other evidence that supports the claim).

Another document uncovered during the execution of a search warrant contained a hand-written note, entitled “Maria’s ‘Russian Patriots In-Waiting’ Organization,” and asking “How to respond to FSB offer of employment?” Based on this and other evidence, the FBI believes that the defendant was likely in contact with the FSB throughout her stay in the United States.

That said, the government also alleges that Manafort has had ongoing ties with Russian intelligence, in the form of Konstantin Kiliminik. So it’s not like ties to intelligence officers by itself merits a section 951 charge.

Recruiting assets

I suspect a key feature that may distinguish Butina from Manafort is that she had two Americans, Erickson and O’Neill, working with her. There’s even the allegation that she was seeking out time with JD Gordon in the lead-up to the election, suggesting she may have been recruiting assets within the new administration, an action akin to a formal spook. That is, she seems to have been recruiting agents.

That’s different from Manafort, employing a bunch of lobbyists (even while hiding some aspects of those engagements), because Manafort was hiring established professionals (or former European government officials).

I guess one question I have is whether the awareness of the recruitment targets is different.

Flight risk

While it matters little for the distinction between FARA and section 951, Driscoll suggests the fact that Butina hasn’t fled yet — notably did not in response to a report on her work — is proof she’s not an agent.

First, in February, 2017, the Daily Beast published an article about Maria, her connection to Aleksandr Torshin, her love of guns, and her activities in the United States, essentially alleging that her purpose in the United States might be to “infiltrate” American conservative political groups.13 If the government’s fanciful theory were correct, almost 18 month ago, Maria Butina was exposed, her handler identified, and her purpose in the United States published on the internet. She did not flee, visit the Russian Embassy, or make any effort to change her status as a student.

Curiously, he doesn’t address an intercept excerpted in the government’s detention motion, suggesting that in March 2017 there was an order against arresting her.

Specifically, in March 2017, after a series of media articles were published about Butina, the following conversation ensued:

Russian Official: Good morning! How are you faring there in the rays of the new fame?[] Are your admirers asking for your autographs yet? You have upstaged Anna Chapman. She poses with toy pistols, while you are being published with real ones. There are a hell of a lot of rumors circulating here about me too! Very funny!

[snip]

Butina: It’s the other thing that is important: evidently, there is an Order not to touch us. I believe it is a good sign.

Russian Official: For now – yes, but should things shift, then we are guaranteed a spot on the list of ‘agents of influence.” . . .

But as I noted, Butina’s flight risk would remain the same regardless of whether she had been charged with FARA or section 951.

Why Maria and not Manafort (yet)?

All of which raises a series of questions about what might distinguish Butina from Manafort:

  • How important is citizenship in this? And would dual citizenship — dual Russian Federation and US — change that? The government’s reliance on Butina’s alleged visa fraud would (and in other 951 cases has) have important repercussions for any subjects of the investigation who lied but have since obtained US citizenship.
  • Does who is paying for a person’s defense matter? Driscoll won’t say who is paying his bills, but neither do we know who is funding Manafort’s (thus far) much more expensive defense. In similar cases (such as Evgeny Buryakov, one of the spies who recruited Carter Page), the government filed for a Curcio hearing to make sure a person’s lawyer wasn’t representing the interests of the people paying his bills rather than the defendant, but in so doing proved that Buryakov was not a government agent. If a close Putin ally is paying for Manafort’s defense, does that change the calculus of who he’s working for?
  • At what point would obtaining useful information on political process in the US count as collecting intelligence? Manafort knows US politics better than almost anyone — he doesn’t need to recruit a source to learn that. Butina did. Does recruiting Erickson to learn about US politics amount to collecting intelligence?
  • Is beefed up FARA enforcement the proper tool to combat foreign influence operations, or is section 951, absent more covert operations, the way to go after foreign nationals engaging in influence operations?
  • Given how these two crimes might bleed into each other, are prosecutors threatening charges under section 951 to get pleas under FARA?
  • All this analysis is based off stuff Manafort did years ago, going back over a decade. It doesn’t address the stuff he is suspected of doing in during the 2016. For example, if Manafort was reporting back on an active Presidential campaign to Oleg Deripaska via suspected Russian intelligence agent Konstantin Kilimnik, is that a FARA violation, or a section 951 one? He got charged under FARA for his historic work. But I’m not sure his election-related work doesn’t pass the bar for a section 951 charge.

As I disclosed July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

image_print