It’s Called a Spine, not a Conscience

I’ve been watching the media reaction to Marcy’s “Putting a Face . . .” post. The first day, there were a lot of “Wow – read this” tweets going around on twitter, but now the more reflective pieces are coming out, like yesterday’s Margaret Sullivan piece in the Style section of the Washington Post entitled “A journalist’s conscience leads her to reveal her source to the FBI. Here’s why.” On the whole, it’s a pretty good piece, but Sullivan makes two absolutely critical errors.

First, right at the top, Sullivan doesn’t seem to understand that all sources are not created equal, though Marcy tries to correct her:

It’s pretty much an inviolable rule of journalism: Protect your sources.

Reporters have gone to jail to keep that covenant.

But Marcy Wheeler, who writes a well-regarded national security blog, not only revealed a source — she did so to the FBI, eventually becoming a witness in special counsel Robert S. Mueller III’s investigation of President Trump’s possible connections to Russia.

“On its face, I broke one of the cardinal rules of journalism, but what he was doing should cause a source to lose protection,” Wheeler told me in a lengthy phone interview.

At least Sullivan put Marcy’s “should” in italics, but for the rest of the piece she seems to have forgotten that it was there.

As I read it, Marcy’s post was not primarily about the investigation into the Russian interference in the 2016 election, though that is what has gotten a lot of the attention. What she was really talking about was the practice  — or should I say “malpractice”? — of journalism. Woven into the entire post, Marcy laid out how she wrestled with a very basic question: What do you do, as a journalist, when a confidential source lies to you?

Marcy’s answer begins by distinguishing between different kinds of sources. Some tell you the truth. Some tell you something that they think is true, but it turns out to be wrong. And then there are some that tell you lies. Granting all of these sources uncritical confidentiality to protect your reputation as a journalist is as dangerous as telling a woman abused by her spouse to “protect her marriage” by staying with the abuser.  “Protecting your sources” when those sources undermine your work and reputation ought not mean “protecting your abuser.” Protecting a source uncritically is just asking to get used and abused, over and over again. See “Russert, Tim.”

The second thing that Sullivan missed is that Marcy was also talking to sources — actual and potential. From the end of Sullivan’s piece, with emphasis added:

Wheeler told me she believed herself to be “uniquely informed” about something that mattered a great deal.

In their reporting, journalists talk to criminals all the time and don’t turn them in.

Reporters aren’t an arm of law enforcement.

They properly resist subpoenas and fight like hell not to share their notes or what they know because doing so would compromise their independence and their ability to do their work in the future.

Wheeler knows all that — and believes in it. But she still came forward, not because of a subpoena but because of a conscience.

As Drezner told me, “She would not do this on a whim.”

And as Wheeler put it, “I believe this is one of those cases where it’s important to hold a source accountable for his actions.”

Marcy said it right there, but Sullivan missed it. What Marcy wrestled with, and shared in her post, was how she chose to do just that. She went to the FBI as a way of holding an unreliable source accountable AND as a way to protect her honest sources from a broad, wide-ranging governmental search that could potentially come down the road.

At its core, “Putting a Face . . .” is a journalist telling the world of potential sources two things, that I might paraphrase like this:

First, I take my work seriously, and that means protecting folks who come to me with information. If you share something with me in confidence, something that helps me do my job to get important stories out, I will protect you with all I’ve got.

Second, don’t screw with me. It’s one thing to tell me something you thought was correct that later proves not to be true. That happens. But if I learn that you deliberately lied to me in an effort to harm others, and you attacked my workplace, I am going to burn your ass. Count on it.

If burning sources that lie to you is not a cardinal rule of journalism, it damn well ought to be. I suspect that Marcy’s honest sources will respect her more for this, and her dishonest ones will be very very nervous. Isn’t that something that all journalists ought to strive for?

Think about it like this: if Devin Nunes, Trey Gowdy, and the rest of the House GOP knew that the journalists to whom they spread lies, off the record, would be willing to burn them if the journalists discovered that they were being lied to and used, do you think they’d be so eager to lie?

Sullivan lauded Marcy for being a journalist with a conscience — which she is, but that’s not the point here. The point is that Marcy is a journalist with a spine.

photo h/t to bixentro, and used under Creative Commons Attribution 2.o Generic license.

Two Days after Julian Assange Threatened Don Jr, Accused Vault 7 Leaker Joshua Schulte Took to Tor

Monday, the government rolled out a superseding indictment for former NSA and CIA hacker Joshua Schulte, accusing him (obliquely) of leaking the CIA’s hacking tools that became the Vault 7 release from Wikileaks. The filings in his docket (as would the search warrants his series of defense attorneys would have seen) make it clear that the investigation into him, launched just days after the first CIA release, was always about the CIA leak. But when the government took his computer last spring, they found thousands of child porn pictures dating back to 2009. It took the government over three months and a sexual assault indictment in VA to convince a judge to revoke his bail last December, and then another six months to solidify the leaking charges they had been investigating him from the start.

But the case appears to have taken a key turn on November 16, 2017, when he did something — it’s not clear what — on the Tor network. While there are several things that might explain why he chose to put his release at risk by accessing Tor that day, it’s notable that it occurred two days after Julian Assange tweeted publicly to Donald Trump Jr that he’d still be happy to be Australian Ambassador to the US, implicitly threatening to release more CIA hacking tools.

Schulte was, from days after the initial Vault 7 release, apparently the prime suspect to be the leaker. As such, the government was always interested in what Schulte was doing on Tor. In response to a warrant to Google served in March 2017, the government found him searching, on May 8, 2016, for how to set up a Tor bridge (Schulte has been justifiably mocked for truly abysmal OpSec, and Googling how to set up a bridge is one example). That was right in the middle of the time he was deleting logs from his CIA computer to hide what he was doing on it.

When he was granted bail, he was prohibited from accessing computers. But because the government had arrested him on child porn charges and remained coy (in spite of serial hold-ups with his attorneys regarding clearance to see the small number of classified files the government found on his computer) about the Vault 7 interest, the discussions of how skilled he was with a computer remained fairly oblique. But in their finally successful motion to revoke Schulte’s bail, the government revealed that Schulte had not only accessed his email (via his roommate, Schulte’s lawyer would later claim), but had accessed Tor five times in the previous month, on November 16, 17, 26, and 30, and on December 5, 2017, which appears to be when the government nudged Virginia to get NYPD to arrest him on a sexual assault charge tied to raping a passed out acquaintance at his home in VA in 2015.

Perhaps the most obvious explanation for why Schulte accessed Tor starting on November 16, 2017, is that he was trying to learn about the assault charges filed in VA the day before.

But there is a more interesting explanation.

As you recall, back in November 2017, some outlets began to publish a bunch of previously undisclosed DMs between Don Jr and Wikileaks. Most attention focused on Wikileaks providing Don Jr access to an anti-Trump site during the election. But I was most interested in Julian Assange’s December 16, 2016 “offer” to be Australian Ambassador to the US — basically a request for payback for his help getting Trump elected.

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. 12/16/16 12:38PM

In the wake of the releases, on November 14, 2017, Assange tweeted out a follow-up.

As I noted at the time, the offer included an implicit threat: by referencing “Vault 8,” the name Wikileaks had given to its sole release, on November 9, 2017 of an actual CIA exploit (as opposed to the documentation that Wikileaks had previously released), Assange was threatening to dump more hacking tools, as Shadow Brokers had done before it. Not long after, Ecuador gave Assange its first warning to stop meddling in other countries politics, explicitly pointing to his involvement in the Catalan referendum but also pointing to his tampering with other countries. That warning became an initial ban on visitors and Internet access in March of this year followed by a more formal one on May 10, 2018 that remains in place.

There’s a reason I think those Tor accesses may actually be tied to Assange’s implicit threat. In January of this year, when his then lawyer Jacob Kaplan made a bid to renew bail, he offered an excuse for those Tor accesses. He claimed Schulte was using Tor to research the diaries on his experience in the criminal justice system.

In this case, the reason why TOR was accessed was because Mr. Schulte is writing articles, conducting research and writing articles about the criminal justice system and what he has been through, and he does not want the government looking over his shoulder and seeing what exactly he is searching.

Someone posted those diaries to a Facebook account titled “John Galt’s Defense Fund” on April 20, 2018 (in addition to being an accused rapist and child porn fan, Schulte’s public postings show him to be an anti-Obama racist and an Ayn Rand worshiping libertarian).

Yesterday, Wikileaks linked those diaries, which strikes me as an attempt to corroborate the alibi Schulte has offered for his access to Tor last November.

The government seems to have let Schulte remain free for much of 2017, perhaps in search of evidence to implicate him in the Vault 7 release. Whether it was a response to a second indictment or to Assange’s implicit threats to Don Jr, Schulte’s use of Tor last year (and, surely, the testimony of the roommate he was using as a go-between) may have been one of the keys to getting the proof the government had been searching for since March 2017.

Whatever it is, both Wikileaks and Schulte would like you to believe he did nothing more nefarious than research due process websites when he put his bail at risk by accessing Tor last year. I find that a dubious claim.


2009: IRC discussions of child porn

2011 and 2012: Google searches for child porn

April 2015: Rapes a woman (possibly partner) who is passed out and takes pictures of it

March to June 2016: Schulte deleting logs of access to CIA computer

May 8, 2016: Schulte Googles how to set up a Tor bridge

November 2016: Leaves CIA, moves to NY, works for Bloomberg

December 16, 2016: Assange DM to Don Jr about becoming Ambassador

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. 12/16/16 12:38PM

February 4, 2017: Wikileaks starts prepping Vault 7

March 7, 2017: Wikileaks starts releasing Vault 7

March 13, 2017: Google search warrant

March 20, 2017: Search (including of cell phone, from which passwords to his desktop obtained)

June 2017: Interview

August 17, 2017: Dana Rohrabacher tries to broker deal for Assange with Trump

August 23, 2017: Arrest affidavit

August 24, 2017: Arraignment

THE COURT: Well, it sounds like, based on the interview, that he knew what the government was looking at.

MR. LAROCHE: That wasn’t the basis of the interview, your Honor.

 

MR. KOSS: I think it was either two or three [interviews]. I think it was three occasions. I was there on all three, including one of which where we handed over the telephone and unblocked the password to the phone, which they did not have, and gave that to them. And as I said, I have been in constant contact with the three assistant U.S. attorneys working on this matter literally on a weekly basis for the last 4, 5, 6 months. And any time Mr. Schulte even thought about traveling, I provided them an itinerary. I cleared it with them first and made sure it was okay. On any occasion that they said they might want him close so that he could speak to them, I cancelled the travel and rescheduled it so that we would be available if they needed him at any given time.

October 2, 2017: Bail hearing

MR. LAROCHE: Well, I believe there still is a danger because it’s not just computers, your Honor, but electronic devices are all over society and easy to procure and this type of defendant having the type of knowledge he has does in terms of accessing things — so he has expertise and not only just generally computers but using things such as wiping tools that would allow him to access certain website and leave no trace of it. Those can be done from not just a computer but from other electronic devices.

But the child pornography itself is located on the defendant’s desktop computer. They can be accessed irrespective of those servers. So if all the government had was this desktop computer, we could recover the child pornography. So I think this idea that numerous people had access to the serves and potentially could have put it there, is simply a red herring. This was on the defendant’s desktop computer. And the location where it was found, this sub-folder within several layers of encryption, there were other personal information of the defendant in that area. There was his bank accounts. I think there was even a resume for the defendant where he was storing this information. And the passwords that were used to get into that location, those passwords were the same passwords the defendant used to access his bank account, to access various other accounts that are related to him. So this idea that he shared them with other people, the government just strongly disagrees.

October 11, 2017: Schulte lawyer Spiro withdraws

October 24, 2017: At Trump’s request Bill Binney meets with Mike Pompeo to offer alternate theory of the DNC hack

November 8, 2017: Status hearing

SMITH: I believe the government has told us that there’s more data in this case than in any other like case that they have prosecuted.

MR. STANSBURY: Let me just clarify that part first. We proposed this just in an abundance of caution given the defendant’s former employer and the fact that — and I meant to flag this before. I apologize now for not. There’s a small body of documents that were found in the defendant’s residence that were taken from his former employer that might implicate some classified issues. We have been in the process of having those reviewed and I think we’re going to be in a position to produce those in the next probably few days. But we wanted to just make sure that we were acting out of an abundance of caution in case any SEPA [sic] issues come about in the case. I don’t expect them too at this point but we wanted to do that out of an abundance of caution.

November 9, 2017: Wikileaks publishes Vault 8 exploit

November 14, 2017: Assange posts Vault 8 Ambassador follow-up

November 14, 2017: Arrest warrant in VA

November 15, 2017: Charged in Loudon County for sexual assault

November 16, 2017: Use of Tor

November 17, 2017: Use of Tor

November 26, 2017: Use of Tor

November 29, 2017: Abundance of caution, attorney should obtain clearance

November 30, 2017: Use of Tor

December 5, 2017: Use of Tor, Smith withdraws

December 7, 2017: NYPD arrests on VA warrant for sexual assault

December 12, 2017: Move for detention, including description of email and Tor access

Separately, since the defendant was released on bail, the Government has obtained evidence that he has been using the Internet. First, the Government has obtained data from the service provider for the defendant’s email account (the “Schulte Email Account”), which shows that the account has regularly been logged into and out of since the defendant was released on bail, most recently on the evening of December 6, 2017. Notably, the IP address used to access the Schulte Email Account is almost always the same IP address associated with the broadband internet account for the defendant’s apartment (the “Broadband Account”)—i.e., the account used by Schulte in the apartment to access the Internet via a Wi-Fi network. Moreover, data from the Broadband Account shows that on November 16, 2017, the Broadband Account was used to access the “TOR” network, that is, a network that allows for anonymous communications on the Internet via a worldwide network of linked computer servers, and multiple layers of data encryption. The Broadband Account shows that additional TOR connections were made again on November 17, 26, 30, and December 5.

[snip]

First, there is clear and convincing evidence that the defendant has violated a release condition—namely, the condition that he shall not use the Internet without express authorization from Pretrial Services to do so. As explained above, data obtained from the Schulte Email Account and the Broadband Account strongly suggests that the defendant has been using the Internet since shortly after his release on bail. Especially troubling is the defendant’s apparent use on five occasions of the TOR network. TOR networks enable anonymous communications over the Internet and could be used to download or view child pornography without detection. Indeed, the defendant has a history of using TOR networks. The defendant’s Google searches obtained in this investigation show that on May 8, 2016, the defendant conducted multiple searches related to the use of TOR to anonymously transfer encrypted data on the Internet. In particular, the defendant had searched for “setup for relay,” “test bridge relay,” and “tor relay vs bridge.” Each of these searches returned information regarding the use of interconnected computers on TOR to convey information, or the use of a computer to serve as the gateway (or bridge) into the TOR network.

December 14, 2017: US custody in NY

MR. KAPLAN: Well, your Honor, we’ve obtained the discovery given to prior counsel, and I’ve started to go through that. In addition, there was one other issue which I believe was raised at our prior conference, which was a security clearance for counsel to go through some of the national security evidence that might be present in the case.

While most of the national security stuff does not involve the charges, the actual charges against Mr. Schulte, the basis for the search warrants in this case involve national security.

So I’m starting the process with their office to hopefully get clearance to go through some of the information on that with an eye towards possibly a Franks motion going forward. So I would ask for more time just to get that rolling.

January 8, 2018: Bail appeal hearing

MR. KAPLAN: Judge, on the last court date, when we left, the idea was that we had consented to detention with the understanding that Mr. Schulte would be sent down to Virginia to face charges based on a Virginia warrant. None of that happened. Virginia never came to get him. Virginia just didn’t do anything in this case. But before I address the bail issues, I think it’s important that this Court hear the full story of how we actually get here. At one of the previous court appearances, I believe it was the November 8th date, this Court asked why the defense attorney in this case would need security clearance. And the answer that was given by one of the prosecutors, I believe, was that there was some top secret government information that was found in Mr. Schulte’s apartment, and that out of an abundance of caution it would be prudent that the defense attorney get clearance. But I don’t think that’s entirely accurate.

While the current indictment charges Mr. Schulte with child pornography, this case comes out of a much broader perspective. In March of 2017, there was the WikiLeaks leak, where 8,000 CIA documents were leaked on the Internet. The FBI believed that Mr. Schulte was involved in that leak. As part of their investigation, they obtained numerous search warrants for Mr. Schulte’s phone, for his computers, and other items, in order to establish the connection between Mr. Schulte and the WikiLeaks leak.

As we will discuss later in motion practice, we believe that many of the facts relied on to get the search warrants were just flat inaccurate and not true, and part of our belief is because later on, in the third or fourth search warrant applications, they said some of the facts that we mentioned earlier were not accurate. So we will address this in a Franks motion going forward, but what I think is important for the Court is, in April or May of 2017, the government had full access to his computers and his phone, and they found the child pornography in this case, but what they didn’t find was any connection to the WikiLeaks investigation. Since that point, from May going forward, although they later argued he was a danger to the community, they let him out; they let him travel. There was no concern at all. That changed when they arrested him in August on the child pornography case.

[snip]

The second basis that the government had in its letter for detaining Mr. Schulte was the usage of computers. In the government’s letter, they note how, if you search the IP address for Mr. Schulte’s apartment, they found numerous log-ons to his Gmail account, in clear violation of this court’s order. But what the government’s letter doesn’t mention is that Mr. Schulte had a roommate, his cousin, Shane Presnall, and this roommate, who the government and pretrial services knew about, was allowed to have a computer.

And more than that, based on numerous conversations, at least two conversations between pretrial services, John Moscato, Josh Schulte and Shane Presnall, it was Shane’s understanding that pretrial services allowed him to check Mr. Schulte’s e-mail and to do searches for him on the Internet, with the idea that Josh Schulte himself would not have access to the computer.

And the government gave 14 pages of log-on information to establish this point. And, Judge, we have gone through all 14 pages, and every single access and log-in corresponds to a time that Shane Presnall is in the apartment. His computer has facial recognition, it has an alphanumeric code, and there is no point when Josh Schulte is left himself with the computer without Shane being there, and that was their understanding.

LAROCHE: And part of that investigation is analyzing whether and to what extent TOR was used in transmitting classified information. So the fact that the defendant is now, while on pretrial release, using TOR from his apartment, when he was explicitly told not to use the Internet, is extremely troubling and suggests that he did willfully violate his bail conditions.

 

KAPLAN: In this case, the reason why TOR was accessed was because Mr. Schulte is writing articles, conducting research and writing articles about the criminal justice system and what he has been through, and he does not want the government looking over his shoulder and seeing what exactly he is searching.

 

LAROCHE: Because there is a classified document that is located on the defendant’s computer, it is extremely difficult, and we have determined not possible, to remove that document forensically and still provide an accurate copy of the desktop computer to the defendant.

So in those circumstances, defense counsel is going to require a top secret clearance in order to view these materials. It’s my understanding that that process is ongoing, and we have asked them to expedite it. As soon as the defendant’s application is in, we believe he will get an interim classification to review this material within approximately two to three weeks. Unfortunately, that hasn’t occurred yet. So the defendant still does not have access to that particular aspect of discovery. So we are working through that as quickly as we can.

January 17, 2018: Bail appeal denied

March 15, 2018: Sabrina Shroff appointed

March 28, 2018: Initial ban of Internet access and visitors for Assange

April 20, 2018: Schulte’s diaries (ostensibly the purpose of using Tor) posted

May 10, 2018: Ecuador bans visitors for Assange

May 16, 18, 2018: Documents placed in vault

May 16, 2018: Schulte Facebook site starts legal defense fund

June 18, 2018: Schulte superseding indictment

June 19, 2018: Wikileaks posts links to diary

Two Details about DOJ IG’s Leak Investigations, Plural, Including the One into Rudy Giuliani’s Sources

Amid the discussions about the NY office’s rampant leaks to Rudy Giuliani back in 2016, HuffPo confirmed that he was interviewed by two FBI Agents who, he said, were investigating on behalf of the IG.

Giuliani told HuffPost that he spoke with [James] Kallstrom as well as one other former FBI official he would not identify.

But Giuliani said he told the FBI agents who interviewed him that he had neither inside knowledge of the Clinton probe’s status nor advance warning of Comey’s Oct. 28 announcement. He was merely speculating that FBI agents were so upset by Comey’s earlier decision not to charge the Democratic nominee with any crimes that they would “revolt,” either by leaking damaging information about her or by resigning en masse.

“Did I get any leaks from the FBI? I said no,” Giuliani said, adding that the “surprise” that he promised in 2016 was a 20-minute national television ad he was urging Trump to buy to deliver a speech “hitting very hard on the Comey decision.”

[snip]

The agents did not record the interview and did not offer him the opportunity to review their report before they submitted it to their supervisor. One of Giuliani’s private security guards was also present, he said.

“They seemed like straight kids,” he said of the agents.

He added that he was unconcerned that his inquisitors were from the FBI, which conducts criminal investigations, rather than investigators from Horowitz’s office. “They definitely told me they were investigating for the IG,” Giuliani said. “I wasn’t surprised at all.”

I’d like to add two data points from Inspector General Horowitz’s testimony about leaks.

First, while it should have been obvious, this exchange with North Carolina Congressman Mark Walker (particularly Horowitz’ lovely agreement self-correction) made me realize that there are leak investigations, plural.

Horowitz: Looking at the charts here you can see that these are not, generally speaking, one call. So, I would leave it at that. We’re looking at the, that deeper question.

Walker: When you say you’re looking at it, does that mean there may be warrant–it may warrant more investigation for some of those who’ve been players in this situation?

Horowitz: There is — there are, there are active investigations ongoing by our office.

As I said, that should have been clear: the IG Report refers to them as investigations.

Chapter Twelve describes the text messages and instant messages expressing political views we obtained between certain FBI employees involved in the Midyear investigation and provides the employees’ explanations for those messages. It also briefly discusses the use of personal email by several FBI employees, and provides an update on the status of the OIG’s leak investigations.

[snip]

In addition to the significant number of communications between FBI employees and journalists, we identified social interactions between FBI employees and journalists that were, at a minimum, inconsistent with FBI policy and Department ethics rules. For example, we identified instances where FBI employees received tickets to sporting events from journalists, went on golfing outings with media representatives, were treated to drinks and meals after work by reporters, and were the guests of journalists at nonpublic social events. We will separately report on those leak investigations as they are concluded, consistent with the Inspector General (IG) Act, other applicable federal statutes, and OIG policy. [my emphasis]

As a footnote notes, we learned of one result — the Andrew McCabe investigation — when it got referred for criminal investigation.

Between two hearings and three committees, not a single person asked about the methodology of the link clusters I complained about the other day, but I wonder whether they each represent a separate leak investigation?

The far more interesting exchange, however, came yesterday, between Horowitz and Dianne Feinstein. After she laid out Rudy’s claims back in 2016, she asked Horowitz if he was investigating. As he did repeatedly when asked about Rudy, he deferred. But after she asked if such leaks were lawful, and then followed up about whether the investigation was ongoing, he said something interesting.

Horowitz: I’m not in a position at this point to speak to any investigative outcomes.

Feinstein: Do you believe disclosures of this sort, especially during an election are appropriate, are they lawful?

Horowitz: I don’t believe disclosures of this sort are appropriate at any point in time in a criminal investigation. I was a former prosecutor. Worked extensively with FBI Agents, in my prior capacity, and all of us would have thought that was entirely inappropriate.

Feinstein: The report says that you, and I quote, will separately report on those investigations as they are concluded. Does this mean that this leak investigation is ongoing?

Horowitz: Our work remains ongoing and when we can do that consistent with the IG Act, the law, policy, we will do so.

Horowitz suggested that the reason they haven’t reported out the conclusions to these other leak investigations, plural, including the Rudy one is (in part) because it would be inconsistent with the IG Act.

There are specific restrictions on the DOJ IG in the IG Act, but the key one — which permits the Attorney General to halt an investigation for a variety of reasons — itself requires notice to the two committees that were in today’s hearing.

Which leaves the general restrictions on disclosing information in the IG Act. In both the specific DOJ IG language and here, the key restriction is on disclosing information that is part of an ongoing criminal investigation.

(1) Nothing in this section shall be construed to authorize the public disclosure of information which is—
(A) specifically prohibited from disclosure by any other provision of law;
(B) specifically required by Executive order to be protected from disclosure in the interest of national defense or national security or in the conduct of foreign affairs; or
(C) a part of an ongoing criminal investigation.

(2) Notwithstanding paragraph (1)(C), any report under this section may be disclosed to the public in a form which includes information with respect to a part of an ongoing criminal investigation if such information has been included in a public record.

Which would say that, as with the firing of Comey (which Horowitz explained they’ve halted because an ongoing investigation is investigating it), DOJ IG might have been unable to further report the results of its leak investigations because it referred them, plural.

Mind you, that’s not what happened with Andrew McCabe. The DOJ IG completed its investigation, concluded McCabe lied, and then referred him. But it does seem likely that the hold-up on explaining all those link clusters has to do with criminal investigations.

James Wolfe: The Distinction Between FBI’s Investigation of Leaking Classified versus Non-Public Information

There’s something about the James Wolfe case that has stuck with me. For an article published after Wolfe’s indictment was released, Ali Watkins’ lawyer, Mark MacDougall, tempered his concern about Watkins’ call records being seized by suggesting that the scope of charges might somehow legitimate it.

Watkins’ attorney, Mark MacDougall, had described the seizure as “disconcerting.”

“Whether it was really necessary here will depend on the nature of the investigation and the scope of any charges,” MacDougall said in a statement.

While MacDougall has gone silent since then, this comment suggested there might be a reasonable premise for DOJ to seize all of Watkins call records for her entire journalistic career, which is fairly shocking. FBI gets all the call records of someone, these days, to identify all the devices she uses to check that activity as much as they do so to identify specific calls made. There’s nothing revealed by the indictment that would justify that, and a lot (notably, the evidence they had ready access to Wolfe’s phone content) that suggests it wasn’t justified.

With that in mind, I want to look at some details about the known timeline of the investigation:

March 2017: Exec Branch provides SSCI “the Classified Document,” which includes both Secret and Top Secret information, with details pertaining to Page classified as Secret.

March 2, 2017: James Comey briefs HPSCI on counterintelligence investigations, with a briefing to SSCI at almost the same time.

March 17, 2017: 82 text messages between Wolfe and Watkins.

April 3, 2017: Watkins confirms that Carter Page is Male-1.

April 11, 2017: WaPo reports FBI obtained FISA order on Carter Page.

June 2017: End date of five communications with Reporter #1 via Wolfe’s SSCI email.

June 2017: Using pretext of serving as a source, CBP agent Jeffrey Rambo grills Watkins about her travel with Wolfe.

October 2017: Wolfe offers up to be anonymous source for Reporter #4 on Signal.

October 16, 2017: Wolfe Signals Reporter #3 about Page’s subepoena.

October 17, 2017: NBC reports Carter Page subpoena.

October 24, 2017: Wolfe informs Reporter #3 of timing of Page’s testimony.

October 30, 2017: FBI informs James Wolfe of investigation.

November 15, 2017: 90 days before DOJ informs Ali Watkins they’ve seized her call records.

December 14, 2017: FBI approaches Watkins about Wolfe.

Prior to December 15, 2017 interview: Wolfe writes text message to Watkins about his support for her career.

December 15, 2017: FBI interviews Wolfe.

February 13, 2018: DOJ informs Watkins they’ve seized her call records.

June 6, 2018: Senate votes to make official records available to DOJ.

That the Chairman and Vice Chairman of the Senate Select Committee on Intelligence, acting jointly, are authorized to provide to the United States Department of Justice copies of Committee records sought in connection with a pending investigation arising out of allegations of the unauthorized disclosure of information, except concerning matters for which a privilege should be asserted.

June 7, 2018: Grand jury indicts Wolfe.

June 7, 2018: Richard Burr and Mark Warner release a statement:

We are troubled to hear of the charges filed against a former member of the Committee staff. While the charges do not appear to include anything related to the mishandling of classified information, the Committee takes this matter extremely seriously. We were made aware of the investigation late last year, and have fully cooperated with the Federal Bureau of Investigation and the Department of Justice since then. Working through Senate Legal Counsel, and as noted in a Senate Resolution, the Committee has made certain official records available to the Justice Department.

June 13, 2018: Wolfe arraigned in DC. His lawyers move to prohibit claims he leaked classified information.

The indictment is quite clear: the investigation leading to Wolfe’s indictment started as an investigation into “multiple unauthorized disclosures of classified information” to the press. It’s clear from Burr and Warner’s statement that they were a bit surprised that the “charges do not appear to include anything related to the mishandling of classified information.” The indictment doesn’t charge Wolfe with leaking classified information.

And the timeline laid out in the indictment suggests that the document provided SSCI in March 2017 led to Watkins confirming that Page was Male-1 in the Victor Podobnyy complaint, the complaint itself is probably not classified. Nor would it, with its reference to Page as Male-1 (also used in this indictment!), be enough to ID Page as the guy Podobnyy was trying to recruit.

As I suggested in this post, for all the focus on Watkins, the indictment actually seemed to prioritize Reporter #1, including on the questionnaire the FBI gave Wolfe when they interviewed him in December. It first asked if Wolfe knew any of the reporters behind that still unidentified story, then asked a question that his relationship with Watkins would clearly refute, which agents contextualized even further by asking specific questions about details they had already confirmed about their relationship, including the international travel Rambo had identified as early as June. Then, after asking a question that would clearly pertain to Wolfe’s undeniable relationship with Watkins, the questionnaire asked whether he had given classified or unclassified documents to any of the journalists he might have admitted to contacting in Question 10, covering the basis for that Podobnyy story.

c. During the interview, FBI agents showed WOLFE a copy of a news article authored by three reporters, including REPORTER #1, about an individual (referred to herein as “MALE-l)”, that contained classified information that had been provided to the SSCI by the Executive Branch for official purposes.

d. Question 9 of the lnvestigative Questionnaire asked “Have you had any contact with” any of those three reporters. As to each reporter, WOLFE stated and checked “No.”

e. Question 10 of the Investigative Questionnaire asked, “Besides [the three named reporters], do you currently have or had any contact with any other reporters (professional, official, personal)?” Before answering this question, WOLFE stated orally to the FBI agents that although he had no official or professional contact with reporters, he saw reporters every day, and so to “feel comfortable” he would check “Yes.” He did so, and initialed this answer.

f. Question 10 of the Investigative Questionnaire further asked, “If yes, who and describe the relationship (professional, official, personal).” In the space provided, WOLFE hand wrote “Official – No” and “Professional – No.” WOLFE then orally volunteered that he certainly did not talk to reporters about anything SSCl-related. FBI agents orally asked WOLFE if he had traveled internationally with any reporter, gone to a baseball game or to the movies with a reporter, or had weekly or regular electronic communication with a reporter. To each question WOLFE verbally responded ‘No.” WOLFE then wrote “Personal – No” on the Investigative Questionnaire.

g. Question 11 of the lnvestigative Questionnaire asked, “If yes to question ten, did you discuss or disclose any official U.S. government information or documents whether classified or unclassified which is the property of the U.S. government without express authorization from the owner of the information?” WOLFE stated and checked “No” and initialed this answer.

Now consider the vote to release official SSCI documents to DOJ, which DOJ appears to have needed before they presented the indictment to the grand jury the next day, but which DOJ knew enough about to already be prepped to indict. That is, DOJ surely already knew what those records showed; what the vote did was permit DOJ to use the records in a prosecution. There are surely records pertaining to the SSCI SCIF that DOJ wanted, including the specific treatment of the Classified Document delivered to SSCI in March 2017.

On or about March 17,2017,the Classified Document was transported to the SSCI. As Director of Security, WOLFE received, maintained, and managed the Classified Document on behalf of the SSCI.

It’s also possible (though unlikely) that SSCI, and not the Executive Branch, counts as custodian of Wolfe’s Non-Disclosure Agreements.

But the only actual SSCI record described in the indictment is the email account he used to communicate with Reporter #1, as well as emails that Page sent to the committee to complain about leaks.

For example, between in or around December 2015 and in or around June 2017, WOLFE and REPORTER #1 communicated at least five times using his SSCI email account.

[snip]

26. On or about October 18, 2011, MALE-1 sent an email to the SSCI, complaining that the news organization had published REPORTER #3’s news article of the previous day, reporting that he had been subpoenaed.

27. On or about October 24,2017, at 7:00 a.m., WOLFE informed REPORTER #3, using Signal, that MALE-1 would testify in closed hearing before the SSCI “this week.” At 9:58 a.m., REPORTER #3 sent an email to MALE-I, asking him to confirm that he would be ‘paying a visit to Senate Intelligence staffers this week.” At 9:23 p.m., MALE-I sent an email to the SSCI, forwarding the email he had received from REPORTER #3, and complaining that the details of his appearance had been leaked to the press.

So it’s possible that, having had SSCI’s cooperation since the time FBI was interviewing Wolfe, DOJ only needed to ensure it could access these email records. It’s possible that DOJ believes convicting Wolfe of false statements charges, and avoiding the hassle of exposing classified information at a trial charging that he leaked classified information, is sufficient punishment.

Or it’s possible that this indictment is just the next step in an investigative process that aims to get confirmation — public or tacit, the latter obtained via a guilty plea with cooperation — regarding the source for that other, still unidentified story that incorporated classified information. I also think FBI may be particularly interested that Wolfe was approaching journalists offering to be a source, as he did in October with Reporter #4, and not vice-versa.

Google at Temple: Did DOJ Follow Its New Guidelines on Institutional Gags?

On October 19, 2017, DOJ issued new guidelines on default gag orders under the Stored Communications Act. It required that prosecutors “conduct an individualized and meaningful assessment requiring the need for protection from disclosure prior to seeking” a gag “and only seek an order when circumstances require.” Sometime after that, in association with its investigation of leaks about Carter Page, DOJ sought Ali Watkins’ call records, including her email subscriber records from when she was an undergraduate at Temple.

Under Justice Department regulations, investigators must clear additional hurdles before they can seek business records that could reveal a reporter’s confidential sources, such as phone and email records. In particular, the rules require the government to have “made all reasonable attempts to obtain the information from alternative, non-media sources” before investigators may target a reporter’s information.

In addition, the rules generally require the Justice Department to notify reporters first to allow them to negotiate over the scope of their demand for information and potentially challenge it in court. The rules permit the attorney general to make an exception to that practice if he “determines that, for compelling reasons, such negotiations would pose a clear and substantial threat to the integrity of the investigation, risk grave harm to national security, or present an imminent risk of death or serious bodily harm.”

Top Justice Department officials must sign off on any attempt to gain access to a journalist’s communications records.

It is not clear whether investigators exhausted all of their avenues of information before confiscating Ms. Watkins’s information. She was not notified before they gained access to her information from the telecommunications companies. Among the records seized were those associated with her university email address from her undergraduate years.

This request would almost certainly not have been presented to Temple University. It would have been presented to Google, which provides email service for Temple. At least, that’s what appears to have happened in the case of Professor Xiaoxiang Xi in DOJ’s investigation of him for carrying out normal academic discussions about semiconductors with colleagues in China.

Thus far (as reflected here with the NYT coverage), the focus on whether DOJ followed its own regulations pertains to whether they followed guidelines on obtaining the records of a journalist. But the circumstances surrounding their request for Temple records should focus as much attention on whether the government followed its brand new regulations on imposing gags even when obtaining records from an institutional cloud customer like Temple.

The new guidelines were adopted largely in response to a challenge from Microsoft on default, indefinite gags. While few noted it at the time, what Microsoft most worried about was its inability to give its institutional customers notice their records had been subpoenaed. That meant that certain kind of cloud customers effectively gave up a legal right to challenge legal process by outsourcing that service to Microsoft. Microsoft dropped its suit to legally force this issue when DOJ adopted the new guidelines last year. Best as I understand, those guidelines should have governed whether Google could tell Temple that DOJ was seeking the records of a former student.

So it’s not just that DOJ didn’t give Watkins an opportunity to challenge this subpoena, but also whether they gagged Google from telling Temple, and providing Temple the opportunity to challenge the subpoena on academic freedom grounds.

Given how they treated Xi, it’s unlikely Temple would have done much to protect their former student. But some universities — and other institutions with special First Amendment concerns that use Microsoft or Google for their email service — might. They can only do so, however, if DOJ doesn’t obtain frivolous gags to prevent them from doing so.

Kashyap Patel Had Better Not Rely on the Bill Duhnke Precedent

Contrary to what a lot of people understand of the case, Jeffrey Sterling was not the CIA’s first suspect for the Merlin leaks to James Risen. Senate Intelligence Committee Staff Director Bill Duhnke was. As former CIA press person Bill Harlow testified, he told the FBI that James Risen had close ties to Duhnke when he first talked to them about Risen’s story.

Q. Okay. And you also told them that someone they should talk to about something like this would be Bill Duhnke, a person named Bill Duhnke, correct, up at the — that worked at the U.S. Senate?

BY MR. MAC MAHON: Q. Now, Mr. Harlow, in 2003, you told the FBI that you thought that Mr. Risen might reach out to the Staff Director of the Senate Select Intelligence Committee on Intelligence for confirmation, that Mr. Risen would, correct?

[snip]

A. My recollection is what the FBI asked me is who are the kind of people that Risen might talk to on a story like this, and I told them that he had regular contact with the Congressional Oversight Committees, including the Senate Intelligence Committee, and so the kind of places he might go to ask about the story would be the Senate Oversight committees. That’s my recollection of it. You know, it’s a dozen years ago but —

Q. And one of the names you gave them was Bill Duhnke, right?

A. Right.

As FBI Agent Hunt explained, however, she was hampered from investigating whether Duhnke (who knew aspects about Merlin that Sterling did not which showed up in Risen’s reporting) was a source for Risen because Senator Pat Roberts refused to cooperate with the FBI, even after then FBI Director Robert Mueller requested himself.

Q. And do you also remember writing in 2006 that the FBI director contacted the SSCI Chairman and Senator Pat Roberts, right?

A. Yes.

Q. And that Senator Roberts told Director Mueller that he wasn’t going to cooperate with the FBI at all in this investigation, correct?

A. Yes.

Q. And that never changed, did it?

A. It did change.

Q. You then got some cooperation from SSCI, correct?

A. I did. Q. You never got an interview with Mr. Duhnke, right?

A. I did not interview Mr. Duhnke.

Thus it happened that Speech and Debate prevented the FBI from investigating whether a key Intelligence Committee staffer played a role in a leak the government claimed was one of the worst ever.

I thought of that precedent when I read this passage in the NYT’s latest story on DOJ’s belated realization that Devin Nunes was using purported oversight requests to discover details that might help Trump delegitimize the Mueller investigation.

In another meeting, Mr. Rosenstein felt he was outright misled by Mr. Nunes’s staff. Mr. Rosenstein wanted to know whether Kashyap Patel, an investigator working for Mr. Nunes who was the primary author of the disputed memo, had traveled to London the previous summer to interview a former British spy who had compiled a salacious dossier about Mr. Trump, according to a former federal law enforcement official familiar with the interaction.

Mr. Patel was not forthcoming during the contentious meeting, the official said, and the conversation helped solidify Mr. Rosenstein’s belief that Mr. Nunes and other allies in Congress were not operating in good faith.

And these passages in an earlier NYT piece on Patel.

Over the summer, Mr. Nunes dispatched Mr. Patel and another member of the committee’s Republican staff to London, where they showed up unannounced at the offices of Mr. Steele, a former British intelligence official.

Told Mr. Steele was not there, Mr. Patel and Douglas E. Presley, a professional staff member, managed to track him down at the offices of his lawyers. There, they said they were seeking only to establish contact with Mr. Steele, but were rebuffed and left without meeting him, according to two people with knowledge of the encounter.

A senior official for the Republican majority on the Intelligence Committee, who spoke on the condition of anonymity because he was not authorized to speak about the matter, said the purpose of the visit had been to make contact with Mr. Steele’s lawyers, not Mr. Steele. Still, the visit was highly unusual and appeared to violate protocol, because they were trying to meet with Mr. Steele outside official channels.

Ordinarily, such a visit would be coordinated through lawyers, conducted with knowledge of the House Democrats, who were not informed and the American Embassy.

Given Rosenstein’s concerns that Patel was lying, I find it particularly interesting that he didn’t inform the American Embassy when he was there. It’s as if he was looking for a back channel!

As NYCSouthpaw noted, Patel has been hanging around the White House since he’s started playing this role.

In the months since, Mr. Patel has apparently forged connections at the White House. In November, he posted a series of photos to Facebook of him and several friends wearing matching shirts at the White House bowling alley. “The Dons hit the lanes at 1600 Pennsylvania,” Mr. Patel wrote under the photos.

This would suggest that the Nunes designee who has had firsthand access to all this intelligence, has also gotten really comfortable with the White House, leaving the possibility that he has shared the information with those in charge of delegitimize the investigation.

I’ve long wondered why Nunes has refused to read the information he has fought so hard to get access to. But by giving Patel that access without reading the materials himself, Nunes ensures that someone with easy access to the White House sees the materials, without jeopardizing the power to refuse any cooperation with Mueller.

Nunes, like Roberts did in 2006, could simply refuse to cooperate under speech and debate.

And it might well work!

There is, however one problem with that. You see, one of the ways (admittedly one of the less offensive ways) the President has interfered in the operations of DOJ is by demanding that the department ratchet up the leak investigations. And at a time last summer where Trump was threatening to fire Sessions so he could hire someone who could interfere with the Mueller investigation, Sessions and Dan Coats rolled out a new war on leaks, speaking of new permissiveness for prosecutors. Both Sessions…

To prevent these leaks, every agency and Congress has to do better.

We are taking a stand. This culture of leaking must stop.

[snip]

Finally, here is what I want to tell every American today: This nation must end the culture of leaks. We will investigate and seek to bring criminals to justice. We will not allow rogue anonymous sources with security clearances to sell out our country any longer.

These cases are never easy. But cases will be made, and leakers will be held accountable.

All of us in government and in every agency and in Congress must do better.

And Coats invoked Congress as a source of leaks specifically.

I would like to point out, however, that these national security breaches do not just originate in the Intelligence Community. They come from a wide range of sources within government, including the Executive Branch and including the Congress.

At the time, those mentions were deemed a warning that (in addition to changing the rules allowing them to pursue journalists), DOJ would also start pursuing Congress and its staffers more aggressively.

So while the available evidence suggests that Patel may be part of Nunes’ effort to funnel information to the White House, and while past history has shown that Nunes’ counterparts have been able to protect intelligence committee leakers, perhaps the witch hunt demanded by Trump will change that.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Reality Winner: The Cost of Mounting a Defense Arguing the Government Overclassifies

In this Democracy Now appearance, Reality Winner’s mom, Billie Winner-Davis, suggested that, whereas her case had originally been due to go to trial next month, it now looks like it will stretch into 2019.

We do not have a trial date at this point. The trial was originally scheduled for October, and then it was pushed to March. But as of right now, we do not have a new trial date. So we don’t know when she will be—face the jury. What I’m being told is that it will be late 2018, if not early February 2019.

Earlier this week the two sides submitted a proposed schedule that shows even that may be optimistic. Because Winner’s defense wants to use classified information to argue the document she is accused of releasing is not national defense information, it has to go through the onerous Classified Information Procedures Act process (see this for a description of the CIPA process) to get that information approved for use in a trial. If I’m doing the math correctly, most optimistically the proposed schedule looks like this:

  • March 30, 2018: Defense submits all proposed subpoenas
  • April 30: Deadline for discovery, including remainder of government’s CIPA Section 4
  • June 14: Government’s Rule 16 expert disclosures
  • July 14: Defendant’s Rule 16 expert disclosures, if they already have clearance (former ISOO head, Bill Leonard, who is already serving as expert witness already has clearance)
  • July 29: Defendant’s amended CIPA 5 notice
  • August 13: Government’s supplemental Rule 16 expert disclosures due, government’s objections to adequacy of defendant’s CIPA 5 notice
  • September 10: Government’ CIPA 6(a) motion
  • October 1: Defendant’s response to government’s CIPA 6(a) motion
  • October 15: Government’s reply to CIPA 6(a) motion
  • October 21: CIPA hearing (this is where the two sides argue about what classified information the defense needs to make her case)

At this point, there would either be 42 days to argue about CIPA 6(c) motion (where the government proposes unclassified substitutes). If that happens, it will be 90 days until trial, meaning it would start March 1. If it doesn’t, then the trial would skip that 42 day process and presumably drop into very early 2019).

  • Early January 2019 or March 1: Trial start

Again, this is a joint proposal, meaning the defense is on board with the long delay. Either they think they can win a graymail attempt (meaning the judge agrees they should get the classified information but the government refuses to provide adequate substitutes and so is forced to dismiss the case) or they believe they can make a case (with the help of Leonard) on the NDI claims generally. They may also anticipate that other events — the Mueller investigation, the congressional investigations into the Russian hack, state investigations, or more journalism — may make it clear how absurd it is to try Winner for information that has become publicly available as we have a public discussion about what the Russians did in 2016.

But if not, because (unlike most other people save Hal Martin recently charged under the Espionage Act) she will have been in jail for 19 months assuming an early January 2019 trial, or 21 months assuming a March 2019 trial. Winner is charged with one count of willful retention and dissemination of National Defense Information.

By comparison, Jeffrey Sterling, who was found guilty on nine counts, including five unauthorized disclosure counts, was sentenced to 42 months (the government had been asking for nine years, but Leonie Brinkema seemed to have reservations about the evidence behind a number of the guilty verdicts, and the sentencing came in the wake of the David Petraeus sweetheart two years of probation plea deal). Admittedly, the government piled on the charges in that case, whereas here they charged as one count things they might have charged as several (by charging both the leaks to The Intercept and WaPo, for example, or by charging her for not telling the full truth to the FBI). Nevertheless, Sterling was accused of exposing a critically sensitive program and an intelligence asset, whereas Winner is charged with leaking one document in an environment where very similar information is being leaked or released by multiple government sources.

Stephen Jin-Woo Kim, who pled guilty to one count of disseminating NDI pertaining to CIA resources in North Korea, was sentenced to 13 months.

This is the no-win situation Winner is in, trying to challenge her conviction after having been denied bail. Because of the way we deal with classified information, she’ll have served a likely full sentence by the time she gets to trial.

It still may be worth it. After all, if she wins at trial, she’ll avoid a record as a felon.

But the larger battle seems to be one about the ridiculousness of our classification system. As Leonard said (see PDF 99-100) in his declaration to explain why he was providing his services pro bono in this case, he believes the kind of overclassification of information that may be at issue here amounts to degrading the entire classification system.

My motivation for becoming involved in this case. was my concern for the integrity of the classification system. I strongly believe that classification is a critical national security tool and that the responsibilities of cleared individuals to properly protect classified information are profound. At the same time, government agencies have equally profound responsibilities and in this regard, I have long witnessed the over•classification of rnfonnation within the Executive Branch due to the failure of agencies to fulfill these responsibilities. In this way, the actions of agencies can actually undermine the integrity of the classification system in that to be effective, it must be used with precision. As Justice Potter Stewart said in the Pentagon Papers case, “when everything is classified, then nothing is classified … ”

[snip]

My involvement in [two prior prosecutions, that of Steven Rosen and Thomas Drake] confirmed for me the importance~ especially in criminal prosecutions, of not allowing representatives of the Executive Branch to simply assert that certain information is classified or closely held or potentially damaging if disclosed.

That is, Winner might prove a point: that this kind of information should be more accessible to the public.

But along the way she will have paid a very costly price.

Update, March 15: After two hearings, Magistrate Brian Epps cut two months off this schedule, setting Winner’s trial date for October 15. That will mean she will have been in jail over 16 months by the time of her trial.

Reality Winner Seeks to Use Trump’s Denials of Russian Hacking in Her Defense

Last week, Reality Winner had a hearing on her bid to get her interview with the FBI thrown out because they didn’t issue her a Miranda warning (Kevin Gosztola covered and discussed it on Democracy Now). Given the precedents on Miranda, I think that bid is unlikely to succeed.

But there is a tack her defense is taking that, as far as I’ve seen, has gotten no notice, one that is far more interesting. Winner is seeking to use Trump’s comments denying that the Russians hacked the election to argue the document she is accused of leaking to The Intercept isn’t actually National Defense Information, the standard the government has to prove to secure an Espionage conviction.

In her discovery requests, Winner asked for three (entirely redacted) categories of documents “reflecting statements made by high-ranking governmental officials regarding information contained in the document,” all of which were denied (see PDF 87).

A discovery appeal submitted in January (but only released on February 13) makes clear that Winner’s defense attorneys are going to argue that the intelligence in the report she is accused of leaking cannot be National Defense Information because the President’s statements would be taken to suggest the intelligence is not true.

However, high-ranking government officials, including the President of the United States, have made statements undermining and/or contradicting that contention. 44 That, is of great import because, if the information in the Document is inaccurate (as the President and other high-ranking officials have said), it cannot be NDI. While the defense may seek to capture some of this information in the public domain, 45 it cannot capture statements made privately by these high-ranking officials.

Bill Leonard, the former head of the federal classification authority, ISOO, who has served as expert witness on two other cases involving Espionage charges, laid out the logic of the argument this way (PDF 102-3)

[T]here are governmental actors, including high-level governmental actors (such as the President of the United States), that have made conflicting and/or contradicting statements in comparison to the Government’s position here. In other words, these high-level governmental officials have made statements undermining the veracity of the information contained in the Document, which would impact whether the Document actually contains “national defense information” because, if inaccurate, the Government’s contention that its disclosure could harm the national security of the United States would be severely undermined. Indeed, the President is the highest level of authority in our classification system and has virtually unrestricted access to information in our intelligence system. He is, therefore, in the best position to know the particulars of any piece of intelligence, including its sensitivity and its veracity. Consequently, records reflecting statements made by high-ranking governmental officials, including and in particular, the President of the United States, relating to the information contained in the Document (including statements contradicting the truth or veracity of the information at issue) are highly relevant and are critical to the determination of whether or not it is closely held and/or whether or not its disclosure would potentially damage the national security.

There are a number of other challenges the government is facing with this case (not least that — as I’ve pointed out — similar information has been leaked to the press without any apparent prosecution arising from it).

But Trump’s self-interested denials are the most interesting. After all, he cannot admit that Russia affected the election, because he has staked so much on the claim that that will lessen his legitimacy (not to mention any risk such an admission exposes him to in the Mueller investigation). As Leonard notes, the entire classification system is built on presidential authority, and if he says something isn’t true, it will seriously undermine any claim a prosecutor can make at trial that Winner leaked true National Defense Information.

Effectively, some prosecutor will be in a position of having to point out what we all know, that the President is a liar. Given Trump’s propensity towards rage-induced firings, I imagine the government would like to avoid this pickle.

How the White House’s Tolerance for Wife-Beaters Exposed That It Was Harboring Counterintelligence Threats

There are a lot of important lessons about the White House’s protection and promotion of Rob Porter even after the FBI informed the White House about his serial wife beating: about White House’s tolerance for conflicts, about John Kelly’s overblown competence. If you haven’t read Dahlia Lithwick’s piece on what it says about society’s response to domestic abuse more generally, absolutely do.

There are also multiple theories about how this all came to light, whether the recent girlfriend who learned of the abuse after talking to the ex-wives about Porter’s philandering made it happen, or whether the FBI did so in the wake of White House involvement in the Devin Nunes saga.

Whatever the answers to those issues, it’s now clear what just or is about to happen.

Last night, the WaPo answered a question that should have been answered at yesterday’s presser. There are dozens of people working in the White House who, like Porter, have not yet received clearance. Starting with the son-in-law that has been remapping the world while under active counterintelligence investigation for shaping policy in a way that may stave off familial bankruptcy.

Dozens of White House employees are awaiting permanent security clearances and have been working for months with temporary approvals to handle sensitive information while the FBI continues to probe their backgrounds, according to U.S. officials.

People familiar with the security-clearance process said one of those White House officials with an interim approval is Jared Kushner — the president’s son-in-law and one of his most influential advisers.

Then Politico provided the other, even more critical piece of this puzzle: FBI already told the White House that Porter and others would not get security clearance. And there are witnesses that Kelly knew about these multiple White House aides and thought they should be fired.

White House chief of staff John Kelly was told several weeks ago that the FBI would deny full security clearances to multiple White House aides who had been working in the West Wing on interim security clearances.

Those aides, according to a senior administration official, included former White House staff secretary Rob Porter, who left the White House on Thursday after reports that he physically and verbally abused his two ex-wives.

The White House chief-of-staff told confidants in recent weeks that he had decided to fire anyone who had been denied a clearance — but had yet to act on that plan before the Porter allegations were first reported this week.

I figure around about noon we’ll learn Jared was one of the others.

Remember: according to Supreme Court precedent, the President has final authority on matters of clearance. So if Trump wants to override the FBI’s determination, he can. Which he might get away with so long as it remained secret, so long as the press didn’t know that a bunch of people were working with the country’s most sensitive information even though the FBI had told the White House it was a very bad idea to let them. And know which ones they were.

But whether through the coincidental timing of a bunch of women refusing to let a serial abuser go on with his life or through orchestration by the Bureau or both, any effort to keep secret that the White House was delaying the obvious counterintelligence choice or even perhaps planning to defy the FBI about it is in the process of being exposed.

Trump is reportedly consulting now with two of the most likely counterintelligence problems, Jared and (on her own right, because of her own dodgy business deals) Ivanka, on a staff shake-up to try to make this problem go away.

Has Hal Martin Finally Gotten the Government to Admit He Didn’t Feed Shadow Brokers?

Hal Martin may finally get a plea deal.

On Tuesday, Martin’s (excellent) public defender James Wyda asked to cancel a guilty plea to one of the 20 charges against him which had been scheduled for next week, stating that continuing negotiations may settle the whole case.

The defense requests a cancellation of the Rule 11 guilty plea hearing currently scheduled for January 22, 2018. The parties are continuing negotiations with the hope of resolving the entire case.

As John Gerstein had previously reported, last month Martin unilaterally moved to plead guilty to retaining one document described as “a March 2014 NSA leadership briefing outlining the development and future plans for a specific NSA organization,” though the government still threatened to ask for the maximum sentence on that one charge. But something changed since then to reinvigorate plea discussions.

I’m particularly interested in the schedule Judge Marvin Garbis had set in response to Martin’s bid to plead to one charge. The plea would have triggered a CIPA review, the process by which judges decide what classified information is necessary for a criminal trial, often in substitute form.

This is to confirm, as stated at the conference held this date:

1. On January 8, 2018, Defendant shall file a letter including its version of the statement of facts as to Count One of the Indictment.

2. Defendant Martin intends to plead guilty to Count One on January 22, 2018 at 10:00 A.M.

3. Defendant Martin expects to file a CIPA § 4 submission on January 26, 2018.

4. The Government shall make an ex parte presentation regarding its contentions and its pending CIPA § 4 motion in an on-the-record sealed proceeding on February 1, 2018 commencing at 10:00 A.M.

5. Defendant Martin shall make an ex parte presentation regarding its contentions and its forthcoming CIPA § 4 submission in an on-the-record sealed proceeding at a time to be scheduled by further Order.

That’s presumably an indication that Martin wanted to use classified evidence to mitigate his sentence. And all of this has happened in a six week extension Martin’s lawyers asked for on December 8, explaining that they had only just gotten access to information seized (back in August 2016) from Martin’s car and home.

On November 28, 2017, we had the opportunity to conduct an evidence review at the Baltimore FBI Field Office’s Sensitive Compartmented Information Facility for the first time of some of the items allegedly seized from Mr. Martin’s car and residence. In light of the volume of material made available for our review, we expect to return to the FBI multiple more times to review the remainder of the items.

All of which suggests the defense saw something in their classified discovery that made them think they can mitigate Martin’s sentence and, possibly, eliminate the government’s interest in trying him for those other 19 retained documents.

So to recap: on December 8, Martin’s lawyers ask for more time. On December 22, he moves to plead guilty. In the last few weeks, the judge set in motion the process to allow Martin to use classified information in his sentencing (and his lawyers submitted their version of what he would plead guilty to). And now a plea deal may be in the offing.

All that happened in the wake of Nghia Hoang Pho pleading guilty on December 1, after some interesting timing delays as well, timing which I laid out here.

The actual plea deal is dated October 11. It states that “if this offer has not been accepted by October 25, 2017, it will be deemed withdrawn.” The information itself was actually signed on November 29. Friday, the actual plea, was December 1.

So while there’s not a substantial cooperation component in the plea deal, certainly a substantial amount of time took place in that window, enough time to cooperate.

And consider the news coverage that has happened during that period. The initial plea offer was made in the week following a big media blitz of stories blaming Pho (and through him Kaspersky) for the Russian theft of NSA tools. In the interim period between the offer and the acceptance of the plea deal, Kaspersky confirmed both verbally and then in a full incident report that his AV had found the files in question, while noting that a third party hacker had compromised Pho’s machine during the period he had TAO’s tools on it.

In other words, after at least an 18 month investigation, Pho finally signed a plea agreement as the media started blaming him for the compromise of these tools.

In that plea deal, the government noted that they could have charged Pho as they had charged Martin, with one count for each retained file (though in reality Martin got charged for a tiny fraction of what he brought home).

During much of that period, Harold Martin was in custody and under investigation for a similar crime: bringing a bunch of TAO tools home and putting them on his computer. Only, unlike Pho, Martin got slammed with a 20-count indictment, laying a range of files, and not just files from NSA. Indeed, the Pho plea notes,

This Office and the Defendant agree that the Defendant’s conduct could have been charged as multiple counts. This Office and the Defendant further agree that had the Defendant been convicted of additional counts, … those counts would not group with the count of conviction, and the final offense level would have increased by 5 levels.

That is, the government implicity threatened Pho to treat him as Martin had been, with a separate charge tied to the individual files he took.

Now, perhaps that’s all that Martin’s lawyers were going to note, that a similarly situated defendant in the same district had been able to plead guilty to a single charge.

But I wonder if there’s not more, specifically related to that plea, pertaining to the real source of the Shadow Brokers files. That is, if Pho was permitted to plead guilty after having making the Shadow Brokers files accessible to third party hackers coming in after Kaspersky’s AV got shut down, then why couldn’t Martin, whose files were air gapped from such measures, obtain a similar plea?

image_print