Who Told Carter Page that James Wolfe Was the Source of the FISA Leak?

There’s a detail in the Statement of the Offense filed in conjunction with the guilty plea former Senate Intelligence Committee Director of Security James Wolfe worth further attention.

As I had noted when Wolfe was indicted, while the indictment catches Wolfe red-handed in lies about unclassified leaks Wolfe gave to Ali Watkins and some NBC reporters, it seems more interested in, and therefore probably arose out of, Wolfe’s ties with the reporters on the WaPo story first reporting that Carter Page had been targeted with a FISA order. Rather than having to prove that Wolfe leaked classified FISA information to a journalist with better operational security than the others, the government chose instead to charge him for the more easily proved case that he lied to the FBI.

The statement of offense confirms that the investigation arose in response to the FISA story.

On April 11, 2017, classified national security information concerning the existence and predication of FBI surveillance of an individual (“MALE-1”) pursuant to the Foreign Intelligence Surveillance Act (FISA) was published in an article authored by three reporters, including REPORTER #1.

In April 2017, the Federal Bureau of Investigation (FBI) opened an investigation into the unauthorized disclosure of this classified information to the news media.

And whereas the indictment had mostly discussed Wolfe’s conversations with the WaPo reporter obliquely, the statement of the offense describes how Wolfe followed up by email after meeting the reporter on December 9, 2015, and how the reporter then checked in the day before the election.

What’s more interesting, however, are the details about the aftermath of the story, when Carter Page wrote to the journalist in question and BCCed Wolfe.

On May 8, 2017, MALE-1 emailed REPORTER #1 complaining about REPORTER #1’s reporting of him (MALE-1). According to the metadata recovered during the search of Wolfe’s email, Wolfe was blind-copied on that email by MALE-1.

The day before Page sent that email, he had written a letter to Richard Burr and Mark Warner, complaining about the WaPo story and Ali Watkins’ reporting that Page was the anonymous person named in the  case. It seems that Page either learned or discovered that Wolfe might be the person who leaked the FISA news.

And as the Statement lays out, it seems that Wolfe and the journalist in question exchanged an encrypted file.

On May 11, 2017, at 11:13 a.m., REPORTER #1 emailed Wolfe, “What’s your cell?” The signature block of REPORTER #1’s email contained the reporter’s name, affiliation with a national news outlet, and telephone numbers.

On May 11, 2017, at 5:16 p.m., REPORTER #1 sent a second email to Wolfe, writing “Hi! When can we get coffee?” This time, the signature block of the second email included a 44-character long code made up of letters and numbers that appears to be a “PGP” fingerprint. If used, this fingerprint would have permitted Wolfe to send REPORTER #1 an email using an application that would encrypt the contents of the message, but not the subject line or the name of the sender.

Between the December 9, 2015, November 7, 2016, and two May 11, 2017 emails, the Statement lays out four email exchanges between Wolfe and this journalist. But the indictment says there was a fifth, possibly in June 2017.

For example, between in or around December 2015 and in or around June 2017, WOLFE and REPORTER #1 communicated at least five times using his SSCI email account.

In any case, that Page BCCed Wolfe suggests that he suspected Wolfe was the source, and perhaps said as much in his email to the reporter (thus explaining the follow-up between them).

As it is this Statement (and the indictment of Natalie Mayflower Sours Edwards for sharing FinCen data with Jason Leopold yesterday, but I’ll return to that) may suggest that the government obtained the reporter’s emails, but then parallel constructed doing so by collecting Wolfe’s. But it also suggests that Page knew precisely who leaked the FISA information.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Reality Gets A Harsh Sentence

With Update Below!

As many of you may already know, this morning was the sentencing for Reality Winner. She was sentenced to 63 months of incarceration and three years of supervised release upon completion of her term. The supervised release term is rather standard. She will be housed at the Federal Medical Center, Carswell in Fort Worth, Texas. The stated reason was because she is bulimic, but it seems more like a nod to her, and her family, who requested a Texas posting so they would be near. There is no pecuniary fine. I have not seen the official sentencing order yet, but have little to no doubt she will be credited with the time served in pre-trial detention since her arrest on June 3, 2017; i.e. nearly 15 months. So, assuming that, she should be released in about 4 years.

Okay, that is the hard nuts and bolts of Ms. Winner’s sentencing. If you want some more background, please see our old friend Kevin Gosztola at Shadowproof, who has been covering all the Reality Winner court appearances.

All that said, let me address a couple of things. First, the sentence was not unexpected, indeed it was stipulated to in the plea agreement Ms. Winner both signed and allocuted to in open court. While the court technically “could” have deviated downward, there was little to no chance it would given the plea language. Anybody shocked by today’s sentencing has not been paying attention.

Secondly, the government did not “block” Winner’s defenses. I had a discussion on this point with a good friend, Will Bunch, who has admirably written extensively on, and in favor of, Reality. Sadly, the law here is what it is, and not what Will and I would like it to be. Winner’s attorneys filed every motion they could, both to try to win and to protect the record. But those motions were never going to work, they never do, and they did not here.

Jeffrey Sterling also tried all of that. It did not work then, for him, either. Sterling got 42 months in prison. It is hard to compare disparate cases, but in the long run, I personally have a hard time seeing why Reality Winner was worse or more damaging than Jeff Sterling, and yet she got 1.5 times as much incarceration as Sterling. Different DOJ’s, different times and the Trump Administration was already on the record as head hunting for leakers when Winner fell into their lap. So, I guess it is not shocking. They were looking to make an example and there she was.

Now to the after show doings. The United States Attorney for the Southern District of Florida, Bobby L. Christine (never trust a man with two first names), cravenly issued a pompous press release on the sentencing. This is just a taste of the Christine hyperbolic:

The document Winner compromised did, in fact, contain TOP SECRET information about the sources and methods used to acquire the intelligence described in the report. That means it revealed how U.S. Intelligence Agencies obtained information. U.S. Government subject matter experts have determined that Winner’s willful, purposeful disclosure caused exceptionally grave damage to U.S. national security. That harm included, but was not limited to, impairing the ability of the United States to acquire foreign intelligence information similar to the information the defendant disclosed. This was, by no means, a victimless crime.

What’s more, Winner’s exceptionally damaging disclosure was not a spontaneous, unplanned event, but was the calculated culmination of a series of acts. She researched whether it was possible to insert a thumb drive into a Top Secret computer without being detected, and then inserted a thumb drive, WHICH THE GOVERNMENT NEVER RECOVERED, into a Top Secret computer. She researched job opportunities that would provide her access to classified information. At the same time, she searched for information about anti-secrecy organizations, and she celebrated claimed compromises in U.S. classified information.

Note the Trump like raging capital letters? Ooof. It was an unnecessary and prickish public release by somebody that had won and driven the vanquished into the ground. And while Bobby L. Christine took all the glory, he did not do diddly squat himself, the matter was handled by a team of career AUSA’s that he did not even have the common courtesy to mention. Very Trump like.

Okay, so why did Ms. Winner end up here? There are a lot of reasons. First off, while Winner would have pretty clearly been discovered anyway, she disclosed her material to The Intercept, which was far from the only cause of her discovery, but did her no favors either. And the Government, especially the NSA, hates, with a capital H, The Intercept. But again, Reality’s discovery was inevitable even despite that, but it is a factor.

Secondly, the Government has thought all along that she had more material than what The Intercept and Matt Cole received and published. In its sentencing memorandum, the government addressed other areas of concern as to Winner including: her insertion of flash drive into a TS/SCI NSA computer at Fort Meade; her Internet history (which other filings make clear included details on Anonymous, Vault 7, Hal Martin, Assange, and Snowden); her download of Tor; her seeking out employment at Pluribus; and her screenshots of secure drop information.

These bases were generally also why she was detained without bail. That does not make it right, and it is, and remains true, that there is far too much secrecy and cheap classification in the face of the American public’s interest. This is a textbook example of just that. But Reality Winner tried to be a whistleblower and fell into the lurch where there are no such protections for the acts she did. She paid an overly, and draconian, price for what she did because the Trump Administration needed a head on a pike. They got hers. And this morning’s sentencing was the ugly culmination of that.

UPDATE: alright, Trevor Timm at The Intercept, has posted an interesting coda to the Reality Winner goings on today.

WHEN THE INTERCEPT first published the top-secret document, reporters and editors went to the government — as they do every time The Intercept publishes classified documents — to hear the NSA’s views about any information that might truly harm national security. After listening to the agency’s arguments, and out of an abundance of caution, The Intercept redacted a few pieces of information from the document before publishing it.

A key phrase that the government wanted withheld was the specific name of the Russian unit identified in the document. The government was particularly insistent on that point. Since it wasn’t vital to the story that the unit’s name be revealed, nor was it clear — at least at the time — that revealing the unit’s name was in the public interest, The Intercept agreed to withhold it.

But in the indictment of alleged Russian military intelligence operatives that Mueller’s office released last month, the Justice Department revealed the same name: GRU unit 74455. (The unit is also known as the Main Center for Special Technology or GTsST.) The indictment went on to reveal information almost identical to that contained in the document Winner admits to disclosing:

In or around June 2016, KOVALEV and his co-conspirators researched domains used by U.S. state boards of elections, secretaries of state, and other election-related entities for website vulnerabilities. KOVALEV and his co-conspirators also searched for state political party email addresses, including filtered queries for email addresses listed on state Republican Party websites.

In or around July 2016, KOVALEV and his co-conspirators hacked the website of a state board of elections (“SBOE 1”) and stole information related to approximately 500,000 voters, including names, addresses, partial social security numbers, dates of birth, and driver’s license numbers

In or around August 2016, KOVALEV and his co-conspirators hacked into the computers of a U.S. vendor (“Vendor 1”) that supplied software used to verify voter registration information for the 2016 U.S. elections. KOVALEV and his co-conspirators used some of the same infrastructure to hack into Vendor 1 that they had used to hack into SBOE 1.

The Justice Department is trying to have it both ways: It’s OK for Mueller to publicly release this information in an attempt to prosecute alleged Russian hackers because it’s in the public interest. But at the exact same time, the government is also claiming that a document including very similar information causes grave harm to national security when disclosed to the public by someone else.

There is a lot more there at Trevor’s post. Without doubling the size of this post, I would like to second the expert opinions submitted by Bill Leonard that Trevor Timm describes and have been long a staple here. There literally is no greater expert on classification than Bill Leonard. That said, it is like the discussion in the main original post. The fight is against archaic, authoritarian and totalitarian laws and legal precedent. Until those are changed, there is reality, and then there is the regrettable case of Reality Winner.

Journalist Records from the “Last Five Years”

Some weeks ago, there was some concern raised by DOJ’s response to an October 10, 2017 letter from Ron Wyden, written in the wake of an August Jeff Sessions press conference asking how many times DOJ has seized journalists’ records.

  1. For each of the past five years, how many times has DOJ used subpoenas, search warrants, national security letters, or any other form of legal process authorized by a court to target members of the news media in the United States and American journalists abroad to seek their (a) communications records, (b) geo-location information, or (c) the content of their communications? Please provide statistics for each form of legal process.
  2. Has DOJ revised the 2015 regulations, or made any other changes to internal procedures governing investigations of journalists since January 20, 2017? If yes, please provide me with a copy.

In response, in a letter claiming to provide all the “requests for information from January 2012 to the present,” DOJ pointed to the 2013 collection of AP records and the 2014 subpoena of James Risen. It also claimed,

The Federal Bureau of Investigation does not currently use national security letters to advance media leak investigations.

DOJ’s letter was written after Ali Watkins received notice, on February 13, that her phone and email records had been seized in the investigation of James Wolfe. It also comes after DOJ subpoenaed the Twitter information of Dissent Doe and Popehat last spring in conjunction with DOJ’s dumb persecution of Justin Shafer, both of whom have websites providing original content.

Whether DOJ has gotten more aggressive about seizing reporters’ phone records or content is a question I’m unsurprisingly very interested in.

All that said, DOJ may simply be playing word games, at least thus far.

Note, first of all, that Wyden only asked for the “past five years.” While DOJ claimed to present records spanning into the present, had DOJ responded to the actual request, it might have only presented past requests. Additionally, if Watkins got 90 day notice of her records being seized, the request itself would have taken place after the Wyden request.

While more specious, the May 2017 Twitter subpoena may have been deemed to be the same year as Wyden’s request.

Note three other details. First, Wyden’s letter (though not DOJ’s response) describes “targeting” journalists. Obviously, that word has a specific meaning in the context of surveillance, and I could see DOJ claiming that the Shafer investigation, for example, targeted Shafer, not his Tweeps.

Additionally, Wyden only asks about US news media and US journalists overseas. That’s not going to include an obvious target (whether or not DOJ still considers him a publisher): Julian Assange, an Australian publisher living in what counts as Ecuadoran territory.

Finally, note that DOJ specifies they don’t use NSLs for “media leak investigations.” That, too, has a specific meaning, one that probably doesn’t include the Shafer investigation on trumped up cyberstalking charges.

The Watkins case, especially, demands explanation. But finding it might just require rewording the questions.

And/Or: An Ominous Sign for WikiLeaks in the Joshua Schulte Indictment

There’s been a lot of attention paid to the language in the GRU indictment from Friday showing WikiLeaks asking to receive stolen Hillary emails in time to cause maximal outrage among Bernie supporters.

On or about June 22, 2016, Organization I sent a private message to Guccifer 2.0 to “[s]end any new material [stolen from the DNC] here for us to review and it will have a much higher impact than what you are doing.” On or about July 6, 2016, Organization 1 added, “if you have anything hillary related we want it in the next tweo [sic] days prefable [sic] because the DNC [DemocraticNationalConvention] is approaching and she Will solidify bernie supporters behind her after.” The Conspirators responded,“0k . . . i see.” Organization I explained,“we think trump has only a 25% chance of winning against hillary . . . so conflict between bernie and hillary is interesting.”

But I want to look at a minor–but potentially significant–detail in the Joshua Schulte indictment describing how he provided CIA’s hacking tools to WikiLeaks. The description of Count Two, Illegal Transmission of Lawfully Possessed National Defense Information, reads like this:

In or about 2016, in the Eastern District of Virginia and elsewhere, JOSHUA ADAM SCHULTE, the defendant, lawfully having possession of, access to, control over, and being entrusted with information relating to the national defense, to wit, certain portions of the Classified Information, which information the defendant had reason to believe could be used to the injury of the United States and to the advantage of a foreign nation, did knowingly and willfully communicate, deliver and transmit, and cause to be communicated, delivered, and transmitted, that aforesaid information to a person not entitled to receive it, to wit, Schulte caused the Classified information to be transmitted to Organization-1.

(Title 18, United States Code, Sections 793(d) and 2.)

The “and” there was pointed out to me by GDingers on Twitter.

As GDingers noted, the suggestion that Schulte knew a foreign nation (unnamed, but surely Russia if DOJ had any specific one, backed by evidence, in mind) would benefit, along with the US being damaged, is a fairly strong statement, one implicating WikiLeaks as well.

Moreover, that language didn’t have to be in the indictment. Here’s what the statutory language looks like:

Whoever, lawfully having possession of, access to, control over, or being entrusted with any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note relating to the national defense, or information relating to the national defense which information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted or attempts to communicate, deliver, transmit or cause to be communicated, delivered or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it on demand to the officer or employee of the United States entitled to receive it; [my emphasis]

The statutory language uses “or.” DOJ chose, in this indictment, to use “and.” As Secrecy News’ Steven Aftergood suggested via email, asserting both in the indictment sets a higher mens rea bar for proving Schulte’s guilt. DOJ didn’t have to do so, but they did.

So along with exposing Schulte to 130 years of potential prison time — a life sentence even accounting for how it will work in sentencing — DOJ wants to prove that Schulte leaked CIA’s hacking tools not just to hurt the United States but to help another nation, possibly Russia by name.

That bodes poorly for Schulte. But it also suggests a different kind of role for WikiLeaks than prior discussions have made out.

Update: Nerdyatty suggested that this is a DOJ practice. Except that Count One, charging a different part of 18 USC 793, maintains the “or” of the statute:

… with intent or reason to believe that the information is to be used to the injury of the United States, or to the advantage of any foreign nation … [my emphasis]

Which tracks this language from the statute:

Whoever, for the purpose of obtaining information respecting the national defense with intent or reason to believe that the information is to be used to the injury of the United States, or to the advantage of any foreign nation,

[snip]

Whoever, for the purpose aforesaid, and with like intent or reason to believe, [my emphasis]

It’s Called a Spine, not a Conscience

I’ve been watching the media reaction to Marcy’s “Putting a Face . . .” post. The first day, there were a lot of “Wow – read this” tweets going around on twitter, but now the more reflective pieces are coming out, like yesterday’s Margaret Sullivan piece in the Style section of the Washington Post entitled “A journalist’s conscience leads her to reveal her source to the FBI. Here’s why.” On the whole, it’s a pretty good piece, but Sullivan makes two absolutely critical errors.

First, right at the top, Sullivan doesn’t seem to understand that all sources are not created equal, though Marcy tries to correct her:

It’s pretty much an inviolable rule of journalism: Protect your sources.

Reporters have gone to jail to keep that covenant.

But Marcy Wheeler, who writes a well-regarded national security blog, not only revealed a source — she did so to the FBI, eventually becoming a witness in special counsel Robert S. Mueller III’s investigation of President Trump’s possible connections to Russia.

“On its face, I broke one of the cardinal rules of journalism, but what he was doing should cause a source to lose protection,” Wheeler told me in a lengthy phone interview.

At least Sullivan put Marcy’s “should” in italics, but for the rest of the piece she seems to have forgotten that it was there.

As I read it, Marcy’s post was not primarily about the investigation into the Russian interference in the 2016 election, though that is what has gotten a lot of the attention. What she was really talking about was the practice  — or should I say “malpractice”? — of journalism. Woven into the entire post, Marcy laid out how she wrestled with a very basic question: What do you do, as a journalist, when a confidential source lies to you?

Marcy’s answer begins by distinguishing between different kinds of sources. Some tell you the truth. Some tell you something that they think is true, but it turns out to be wrong. And then there are some that tell you lies. Granting all of these sources uncritical confidentiality to protect your reputation as a journalist is as dangerous as telling a woman abused by her spouse to “protect her marriage” by staying with the abuser.  “Protecting your sources” when those sources undermine your work and reputation ought not mean “protecting your abuser.” Protecting a source uncritically is just asking to get used and abused, over and over again. See “Russert, Tim.”

The second thing that Sullivan missed is that Marcy was also talking to sources — actual and potential. From the end of Sullivan’s piece, with emphasis added:

Wheeler told me she believed herself to be “uniquely informed” about something that mattered a great deal.

In their reporting, journalists talk to criminals all the time and don’t turn them in.

Reporters aren’t an arm of law enforcement.

They properly resist subpoenas and fight like hell not to share their notes or what they know because doing so would compromise their independence and their ability to do their work in the future.

Wheeler knows all that — and believes in it. But she still came forward, not because of a subpoena but because of a conscience.

As Drezner told me, “She would not do this on a whim.”

And as Wheeler put it, “I believe this is one of those cases where it’s important to hold a source accountable for his actions.”

Marcy said it right there, but Sullivan missed it. What Marcy wrestled with, and shared in her post, was how she chose to do just that. She went to the FBI as a way of holding an unreliable source accountable AND as a way to protect her honest sources from a broad, wide-ranging governmental search that could potentially come down the road.

At its core, “Putting a Face . . .” is a journalist telling the world of potential sources two things, that I might paraphrase like this:

First, I take my work seriously, and that means protecting folks who come to me with information. If you share something with me in confidence, something that helps me do my job to get important stories out, I will protect you with all I’ve got.

Second, don’t screw with me. It’s one thing to tell me something you thought was correct that later proves not to be true. That happens. But if I learn that you deliberately lied to me in an effort to harm others, and you attacked my workplace, I am going to burn your ass. Count on it.

If burning sources that lie to you is not a cardinal rule of journalism, it damn well ought to be. I suspect that Marcy’s honest sources will respect her more for this, and her dishonest ones will be very very nervous. Isn’t that something that all journalists ought to strive for?

Think about it like this: if Devin Nunes, Trey Gowdy, and the rest of the House GOP knew that the journalists to whom they spread lies, off the record, would be willing to burn them if the journalists discovered that they were being lied to and used, do you think they’d be so eager to lie?

Sullivan lauded Marcy for being a journalist with a conscience — which she is, but that’s not the point here. The point is that Marcy is a journalist with a spine.

photo h/t to bixentro, and used under Creative Commons Attribution 2.o Generic license.

Two Days after Julian Assange Threatened Don Jr, Accused Vault 7 Leaker Joshua Schulte Took to Tor

Monday, the government rolled out a superseding indictment for former NSA and CIA hacker Joshua Schulte, accusing him (obliquely) of leaking the CIA’s hacking tools that became the Vault 7 release from Wikileaks. The filings in his docket (as would the search warrants his series of defense attorneys would have seen) make it clear that the investigation into him, launched just days after the first CIA release, was always about the CIA leak. But when the government took his computer last spring, they found thousands of child porn pictures dating back to 2009. It took the government over three months and a sexual assault indictment in VA to convince a judge to revoke his bail last December, and then another six months to solidify the leaking charges they had been investigating him from the start.

But the case appears to have taken a key turn on November 16, 2017, when he did something — it’s not clear what — on the Tor network. While there are several things that might explain why he chose to put his release at risk by accessing Tor that day, it’s notable that it occurred two days after Julian Assange tweeted publicly to Donald Trump Jr that he’d still be happy to be Australian Ambassador to the US, implicitly threatening to release more CIA hacking tools.

Schulte was, from days after the initial Vault 7 release, apparently the prime suspect to be the leaker. As such, the government was always interested in what Schulte was doing on Tor. In response to a warrant to Google served in March 2017, the government found him searching, on May 8, 2016, for how to set up a Tor bridge (Schulte has been justifiably mocked for truly abysmal OpSec, and Googling how to set up a bridge is one example). That was right in the middle of the time he was deleting logs from his CIA computer to hide what he was doing on it.

When he was granted bail, he was prohibited from accessing computers. But because the government had arrested him on child porn charges and remained coy (in spite of serial hold-ups with his attorneys regarding clearance to see the small number of classified files the government found on his computer) about the Vault 7 interest, the discussions of how skilled he was with a computer remained fairly oblique. But in their finally successful motion to revoke Schulte’s bail, the government revealed that Schulte had not only accessed his email (via his roommate, Schulte’s lawyer would later claim), but had accessed Tor five times in the previous month, on November 16, 17, 26, and 30, and on December 5, 2017, which appears to be when the government nudged Virginia to get NYPD to arrest him on a sexual assault charge tied to raping a passed out acquaintance at his home in VA in 2015.

Perhaps the most obvious explanation for why Schulte accessed Tor starting on November 16, 2017, is that he was trying to learn about the assault charges filed in VA the day before.

But there is a more interesting explanation.

As you recall, back in November 2017, some outlets began to publish a bunch of previously undisclosed DMs between Don Jr and Wikileaks. Most attention focused on Wikileaks providing Don Jr access to an anti-Trump site during the election. But I was most interested in Julian Assange’s December 16, 2016 “offer” to be Australian Ambassador to the US — basically a request for payback for his help getting Trump elected.

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. 12/16/16 12:38PM

In the wake of the releases, on November 14, 2017, Assange tweeted out a follow-up.

As I noted at the time, the offer included an implicit threat: by referencing “Vault 8,” the name Wikileaks had given to its sole release, on November 9, 2017 of an actual CIA exploit (as opposed to the documentation that Wikileaks had previously released), Assange was threatening to dump more hacking tools, as Shadow Brokers had done before it. Not long after, Ecuador gave Assange its first warning to stop meddling in other countries politics, explicitly pointing to his involvement in the Catalan referendum but also pointing to his tampering with other countries. That warning became an initial ban on visitors and Internet access in March of this year followed by a more formal one on May 10, 2018 that remains in place.

There’s a reason I think those Tor accesses may actually be tied to Assange’s implicit threat. In January of this year, when his then lawyer Jacob Kaplan made a bid to renew bail, he offered an excuse for those Tor accesses. He claimed Schulte was using Tor to research the diaries on his experience in the criminal justice system.

In this case, the reason why TOR was accessed was because Mr. Schulte is writing articles, conducting research and writing articles about the criminal justice system and what he has been through, and he does not want the government looking over his shoulder and seeing what exactly he is searching.

Someone posted those diaries to a Facebook account titled “John Galt’s Defense Fund” on April 20, 2018 (in addition to being an accused rapist and child porn fan, Schulte’s public postings show him to be an anti-Obama racist and an Ayn Rand worshiping libertarian).

Yesterday, Wikileaks linked those diaries, which strikes me as an attempt to corroborate the alibi Schulte has offered for his access to Tor last November.

The government seems to have let Schulte remain free for much of 2017, perhaps in search of evidence to implicate him in the Vault 7 release. Whether it was a response to a second indictment or to Assange’s implicit threats to Don Jr, Schulte’s use of Tor last year (and, surely, the testimony of the roommate he was using as a go-between) may have been one of the keys to getting the proof the government had been searching for since March 2017.

Whatever it is, both Wikileaks and Schulte would like you to believe he did nothing more nefarious than research due process websites when he put his bail at risk by accessing Tor last year. I find that a dubious claim.


2009: IRC discussions of child porn

2011 and 2012: Google searches for child porn

April 2015: Rapes a woman (possibly partner) who is passed out and takes pictures of it

March to June 2016: Schulte deleting logs of access to CIA computer

May 8, 2016: Schulte Googles how to set up a Tor bridge

November 2016: Leaves CIA, moves to NY, works for Bloomberg

December 16, 2016: Assange DM to Don Jr about becoming Ambassador

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. 12/16/16 12:38PM

February 4, 2017: Wikileaks starts prepping Vault 7

March 7, 2017: Wikileaks starts releasing Vault 7

March 13, 2017: Google search warrant

March 20, 2017: Search (including of cell phone, from which passwords to his desktop obtained)

June 2017: Interview

August 17, 2017: Dana Rohrabacher tries to broker deal for Assange with Trump

August 23, 2017: Arrest affidavit

August 24, 2017: Arraignment

THE COURT: Well, it sounds like, based on the interview, that he knew what the government was looking at.

MR. LAROCHE: That wasn’t the basis of the interview, your Honor.

 

MR. KOSS: I think it was either two or three [interviews]. I think it was three occasions. I was there on all three, including one of which where we handed over the telephone and unblocked the password to the phone, which they did not have, and gave that to them. And as I said, I have been in constant contact with the three assistant U.S. attorneys working on this matter literally on a weekly basis for the last 4, 5, 6 months. And any time Mr. Schulte even thought about traveling, I provided them an itinerary. I cleared it with them first and made sure it was okay. On any occasion that they said they might want him close so that he could speak to them, I cancelled the travel and rescheduled it so that we would be available if they needed him at any given time.

October 2, 2017: Bail hearing

MR. LAROCHE: Well, I believe there still is a danger because it’s not just computers, your Honor, but electronic devices are all over society and easy to procure and this type of defendant having the type of knowledge he has does in terms of accessing things — so he has expertise and not only just generally computers but using things such as wiping tools that would allow him to access certain website and leave no trace of it. Those can be done from not just a computer but from other electronic devices.

But the child pornography itself is located on the defendant’s desktop computer. They can be accessed irrespective of those servers. So if all the government had was this desktop computer, we could recover the child pornography. So I think this idea that numerous people had access to the serves and potentially could have put it there, is simply a red herring. This was on the defendant’s desktop computer. And the location where it was found, this sub-folder within several layers of encryption, there were other personal information of the defendant in that area. There was his bank accounts. I think there was even a resume for the defendant where he was storing this information. And the passwords that were used to get into that location, those passwords were the same passwords the defendant used to access his bank account, to access various other accounts that are related to him. So this idea that he shared them with other people, the government just strongly disagrees.

October 11, 2017: Schulte lawyer Spiro withdraws

October 24, 2017: At Trump’s request Bill Binney meets with Mike Pompeo to offer alternate theory of the DNC hack

November 8, 2017: Status hearing

SMITH: I believe the government has told us that there’s more data in this case than in any other like case that they have prosecuted.

MR. STANSBURY: Let me just clarify that part first. We proposed this just in an abundance of caution given the defendant’s former employer and the fact that — and I meant to flag this before. I apologize now for not. There’s a small body of documents that were found in the defendant’s residence that were taken from his former employer that might implicate some classified issues. We have been in the process of having those reviewed and I think we’re going to be in a position to produce those in the next probably few days. But we wanted to just make sure that we were acting out of an abundance of caution in case any SEPA [sic] issues come about in the case. I don’t expect them too at this point but we wanted to do that out of an abundance of caution.

November 9, 2017: Wikileaks publishes Vault 8 exploit

November 14, 2017: Assange posts Vault 8 Ambassador follow-up

November 14, 2017: Arrest warrant in VA

November 15, 2017: Charged in Loudon County for sexual assault

November 16, 2017: Use of Tor

November 17, 2017: Use of Tor

November 26, 2017: Use of Tor

November 29, 2017: Abundance of caution, attorney should obtain clearance

November 30, 2017: Use of Tor

December 5, 2017: Use of Tor, Smith withdraws

December 7, 2017: NYPD arrests on VA warrant for sexual assault

December 12, 2017: Move for detention, including description of email and Tor access

Separately, since the defendant was released on bail, the Government has obtained evidence that he has been using the Internet. First, the Government has obtained data from the service provider for the defendant’s email account (the “Schulte Email Account”), which shows that the account has regularly been logged into and out of since the defendant was released on bail, most recently on the evening of December 6, 2017. Notably, the IP address used to access the Schulte Email Account is almost always the same IP address associated with the broadband internet account for the defendant’s apartment (the “Broadband Account”)—i.e., the account used by Schulte in the apartment to access the Internet via a Wi-Fi network. Moreover, data from the Broadband Account shows that on November 16, 2017, the Broadband Account was used to access the “TOR” network, that is, a network that allows for anonymous communications on the Internet via a worldwide network of linked computer servers, and multiple layers of data encryption. The Broadband Account shows that additional TOR connections were made again on November 17, 26, 30, and December 5.

[snip]

First, there is clear and convincing evidence that the defendant has violated a release condition—namely, the condition that he shall not use the Internet without express authorization from Pretrial Services to do so. As explained above, data obtained from the Schulte Email Account and the Broadband Account strongly suggests that the defendant has been using the Internet since shortly after his release on bail. Especially troubling is the defendant’s apparent use on five occasions of the TOR network. TOR networks enable anonymous communications over the Internet and could be used to download or view child pornography without detection. Indeed, the defendant has a history of using TOR networks. The defendant’s Google searches obtained in this investigation show that on May 8, 2016, the defendant conducted multiple searches related to the use of TOR to anonymously transfer encrypted data on the Internet. In particular, the defendant had searched for “setup for relay,” “test bridge relay,” and “tor relay vs bridge.” Each of these searches returned information regarding the use of interconnected computers on TOR to convey information, or the use of a computer to serve as the gateway (or bridge) into the TOR network.

December 14, 2017: US custody in NY

MR. KAPLAN: Well, your Honor, we’ve obtained the discovery given to prior counsel, and I’ve started to go through that. In addition, there was one other issue which I believe was raised at our prior conference, which was a security clearance for counsel to go through some of the national security evidence that might be present in the case.

While most of the national security stuff does not involve the charges, the actual charges against Mr. Schulte, the basis for the search warrants in this case involve national security.

So I’m starting the process with their office to hopefully get clearance to go through some of the information on that with an eye towards possibly a Franks motion going forward. So I would ask for more time just to get that rolling.

January 8, 2018: Bail appeal hearing

MR. KAPLAN: Judge, on the last court date, when we left, the idea was that we had consented to detention with the understanding that Mr. Schulte would be sent down to Virginia to face charges based on a Virginia warrant. None of that happened. Virginia never came to get him. Virginia just didn’t do anything in this case. But before I address the bail issues, I think it’s important that this Court hear the full story of how we actually get here. At one of the previous court appearances, I believe it was the November 8th date, this Court asked why the defense attorney in this case would need security clearance. And the answer that was given by one of the prosecutors, I believe, was that there was some top secret government information that was found in Mr. Schulte’s apartment, and that out of an abundance of caution it would be prudent that the defense attorney get clearance. But I don’t think that’s entirely accurate.

While the current indictment charges Mr. Schulte with child pornography, this case comes out of a much broader perspective. In March of 2017, there was the WikiLeaks leak, where 8,000 CIA documents were leaked on the Internet. The FBI believed that Mr. Schulte was involved in that leak. As part of their investigation, they obtained numerous search warrants for Mr. Schulte’s phone, for his computers, and other items, in order to establish the connection between Mr. Schulte and the WikiLeaks leak.

As we will discuss later in motion practice, we believe that many of the facts relied on to get the search warrants were just flat inaccurate and not true, and part of our belief is because later on, in the third or fourth search warrant applications, they said some of the facts that we mentioned earlier were not accurate. So we will address this in a Franks motion going forward, but what I think is important for the Court is, in April or May of 2017, the government had full access to his computers and his phone, and they found the child pornography in this case, but what they didn’t find was any connection to the WikiLeaks investigation. Since that point, from May going forward, although they later argued he was a danger to the community, they let him out; they let him travel. There was no concern at all. That changed when they arrested him in August on the child pornography case.

[snip]

The second basis that the government had in its letter for detaining Mr. Schulte was the usage of computers. In the government’s letter, they note how, if you search the IP address for Mr. Schulte’s apartment, they found numerous log-ons to his Gmail account, in clear violation of this court’s order. But what the government’s letter doesn’t mention is that Mr. Schulte had a roommate, his cousin, Shane Presnall, and this roommate, who the government and pretrial services knew about, was allowed to have a computer.

And more than that, based on numerous conversations, at least two conversations between pretrial services, John Moscato, Josh Schulte and Shane Presnall, it was Shane’s understanding that pretrial services allowed him to check Mr. Schulte’s e-mail and to do searches for him on the Internet, with the idea that Josh Schulte himself would not have access to the computer.

And the government gave 14 pages of log-on information to establish this point. And, Judge, we have gone through all 14 pages, and every single access and log-in corresponds to a time that Shane Presnall is in the apartment. His computer has facial recognition, it has an alphanumeric code, and there is no point when Josh Schulte is left himself with the computer without Shane being there, and that was their understanding.

LAROCHE: And part of that investigation is analyzing whether and to what extent TOR was used in transmitting classified information. So the fact that the defendant is now, while on pretrial release, using TOR from his apartment, when he was explicitly told not to use the Internet, is extremely troubling and suggests that he did willfully violate his bail conditions.

 

KAPLAN: In this case, the reason why TOR was accessed was because Mr. Schulte is writing articles, conducting research and writing articles about the criminal justice system and what he has been through, and he does not want the government looking over his shoulder and seeing what exactly he is searching.

 

LAROCHE: Because there is a classified document that is located on the defendant’s computer, it is extremely difficult, and we have determined not possible, to remove that document forensically and still provide an accurate copy of the desktop computer to the defendant.

So in those circumstances, defense counsel is going to require a top secret clearance in order to view these materials. It’s my understanding that that process is ongoing, and we have asked them to expedite it. As soon as the defendant’s application is in, we believe he will get an interim classification to review this material within approximately two to three weeks. Unfortunately, that hasn’t occurred yet. So the defendant still does not have access to that particular aspect of discovery. So we are working through that as quickly as we can.

January 17, 2018: Bail appeal denied

March 15, 2018: Sabrina Shroff appointed

March 28, 2018: Initial ban of Internet access and visitors for Assange

April 20, 2018: Schulte’s diaries (ostensibly the purpose of using Tor) posted

May 10, 2018: Ecuador bans visitors for Assange

May 16, 18, 2018: Documents placed in vault

May 16, 2018: Schulte Facebook site starts legal defense fund

June 18, 2018: Schulte superseding indictment

June 19, 2018: Wikileaks posts links to diary

Two Details about DOJ IG’s Leak Investigations, Plural, Including the One into Rudy Giuliani’s Sources

Amid the discussions about the NY office’s rampant leaks to Rudy Giuliani back in 2016, HuffPo confirmed that he was interviewed by two FBI Agents who, he said, were investigating on behalf of the IG.

Giuliani told HuffPost that he spoke with [James] Kallstrom as well as one other former FBI official he would not identify.

But Giuliani said he told the FBI agents who interviewed him that he had neither inside knowledge of the Clinton probe’s status nor advance warning of Comey’s Oct. 28 announcement. He was merely speculating that FBI agents were so upset by Comey’s earlier decision not to charge the Democratic nominee with any crimes that they would “revolt,” either by leaking damaging information about her or by resigning en masse.

“Did I get any leaks from the FBI? I said no,” Giuliani said, adding that the “surprise” that he promised in 2016 was a 20-minute national television ad he was urging Trump to buy to deliver a speech “hitting very hard on the Comey decision.”

[snip]

The agents did not record the interview and did not offer him the opportunity to review their report before they submitted it to their supervisor. One of Giuliani’s private security guards was also present, he said.

“They seemed like straight kids,” he said of the agents.

He added that he was unconcerned that his inquisitors were from the FBI, which conducts criminal investigations, rather than investigators from Horowitz’s office. “They definitely told me they were investigating for the IG,” Giuliani said. “I wasn’t surprised at all.”

I’d like to add two data points from Inspector General Horowitz’s testimony about leaks.

First, while it should have been obvious, this exchange with North Carolina Congressman Mark Walker (particularly Horowitz’ lovely agreement self-correction) made me realize that there are leak investigations, plural.

Horowitz: Looking at the charts here you can see that these are not, generally speaking, one call. So, I would leave it at that. We’re looking at the, that deeper question.

Walker: When you say you’re looking at it, does that mean there may be warrant–it may warrant more investigation for some of those who’ve been players in this situation?

Horowitz: There is — there are, there are active investigations ongoing by our office.

As I said, that should have been clear: the IG Report refers to them as investigations.

Chapter Twelve describes the text messages and instant messages expressing political views we obtained between certain FBI employees involved in the Midyear investigation and provides the employees’ explanations for those messages. It also briefly discusses the use of personal email by several FBI employees, and provides an update on the status of the OIG’s leak investigations.

[snip]

In addition to the significant number of communications between FBI employees and journalists, we identified social interactions between FBI employees and journalists that were, at a minimum, inconsistent with FBI policy and Department ethics rules. For example, we identified instances where FBI employees received tickets to sporting events from journalists, went on golfing outings with media representatives, were treated to drinks and meals after work by reporters, and were the guests of journalists at nonpublic social events. We will separately report on those leak investigations as they are concluded, consistent with the Inspector General (IG) Act, other applicable federal statutes, and OIG policy. [my emphasis]

As a footnote notes, we learned of one result — the Andrew McCabe investigation — when it got referred for criminal investigation.

Between two hearings and three committees, not a single person asked about the methodology of the link clusters I complained about the other day, but I wonder whether they each represent a separate leak investigation?

The far more interesting exchange, however, came yesterday, between Horowitz and Dianne Feinstein. After she laid out Rudy’s claims back in 2016, she asked Horowitz if he was investigating. As he did repeatedly when asked about Rudy, he deferred. But after she asked if such leaks were lawful, and then followed up about whether the investigation was ongoing, he said something interesting.

Horowitz: I’m not in a position at this point to speak to any investigative outcomes.

Feinstein: Do you believe disclosures of this sort, especially during an election are appropriate, are they lawful?

Horowitz: I don’t believe disclosures of this sort are appropriate at any point in time in a criminal investigation. I was a former prosecutor. Worked extensively with FBI Agents, in my prior capacity, and all of us would have thought that was entirely inappropriate.

Feinstein: The report says that you, and I quote, will separately report on those investigations as they are concluded. Does this mean that this leak investigation is ongoing?

Horowitz: Our work remains ongoing and when we can do that consistent with the IG Act, the law, policy, we will do so.

Horowitz suggested that the reason they haven’t reported out the conclusions to these other leak investigations, plural, including the Rudy one is (in part) because it would be inconsistent with the IG Act.

There are specific restrictions on the DOJ IG in the IG Act, but the key one — which permits the Attorney General to halt an investigation for a variety of reasons — itself requires notice to the two committees that were in today’s hearing.

Which leaves the general restrictions on disclosing information in the IG Act. In both the specific DOJ IG language and here, the key restriction is on disclosing information that is part of an ongoing criminal investigation.

(1) Nothing in this section shall be construed to authorize the public disclosure of information which is—
(A) specifically prohibited from disclosure by any other provision of law;
(B) specifically required by Executive order to be protected from disclosure in the interest of national defense or national security or in the conduct of foreign affairs; or
(C) a part of an ongoing criminal investigation.

(2) Notwithstanding paragraph (1)(C), any report under this section may be disclosed to the public in a form which includes information with respect to a part of an ongoing criminal investigation if such information has been included in a public record.

Which would say that, as with the firing of Comey (which Horowitz explained they’ve halted because an ongoing investigation is investigating it), DOJ IG might have been unable to further report the results of its leak investigations because it referred them, plural.

Mind you, that’s not what happened with Andrew McCabe. The DOJ IG completed its investigation, concluded McCabe lied, and then referred him. But it does seem likely that the hold-up on explaining all those link clusters has to do with criminal investigations.

James Wolfe: The Distinction Between FBI’s Investigation of Leaking Classified versus Non-Public Information

There’s something about the James Wolfe case that has stuck with me. For an article published after Wolfe’s indictment was released, Ali Watkins’ lawyer, Mark MacDougall, tempered his concern about Watkins’ call records being seized by suggesting that the scope of charges might somehow legitimate it.

Watkins’ attorney, Mark MacDougall, had described the seizure as “disconcerting.”

“Whether it was really necessary here will depend on the nature of the investigation and the scope of any charges,” MacDougall said in a statement.

While MacDougall has gone silent since then, this comment suggested there might be a reasonable premise for DOJ to seize all of Watkins call records for her entire journalistic career, which is fairly shocking. FBI gets all the call records of someone, these days, to identify all the devices she uses to check that activity as much as they do so to identify specific calls made. There’s nothing revealed by the indictment that would justify that, and a lot (notably, the evidence they had ready access to Wolfe’s phone content) that suggests it wasn’t justified.

With that in mind, I want to look at some details about the known timeline of the investigation:

March 2017: Exec Branch provides SSCI “the Classified Document,” which includes both Secret and Top Secret information, with details pertaining to Page classified as Secret.

March 2, 2017: James Comey briefs HPSCI on counterintelligence investigations, with a briefing to SSCI at almost the same time.

March 17, 2017: 82 text messages between Wolfe and Watkins.

April 3, 2017: Watkins confirms that Carter Page is Male-1.

April 11, 2017: WaPo reports FBI obtained FISA order on Carter Page.

June 2017: End date of five communications with Reporter #1 via Wolfe’s SSCI email.

June 2017: Using pretext of serving as a source, CBP agent Jeffrey Rambo grills Watkins about her travel with Wolfe.

October 2017: Wolfe offers up to be anonymous source for Reporter #4 on Signal.

October 16, 2017: Wolfe Signals Reporter #3 about Page’s subepoena.

October 17, 2017: NBC reports Carter Page subpoena.

October 24, 2017: Wolfe informs Reporter #3 of timing of Page’s testimony.

October 30, 2017: FBI informs James Wolfe of investigation.

November 15, 2017: 90 days before DOJ informs Ali Watkins they’ve seized her call records.

December 14, 2017: FBI approaches Watkins about Wolfe.

Prior to December 15, 2017 interview: Wolfe writes text message to Watkins about his support for her career.

December 15, 2017: FBI interviews Wolfe.

February 13, 2018: DOJ informs Watkins they’ve seized her call records.

June 6, 2018: Senate votes to make official records available to DOJ.

That the Chairman and Vice Chairman of the Senate Select Committee on Intelligence, acting jointly, are authorized to provide to the United States Department of Justice copies of Committee records sought in connection with a pending investigation arising out of allegations of the unauthorized disclosure of information, except concerning matters for which a privilege should be asserted.

June 7, 2018: Grand jury indicts Wolfe.

June 7, 2018: Richard Burr and Mark Warner release a statement:

We are troubled to hear of the charges filed against a former member of the Committee staff. While the charges do not appear to include anything related to the mishandling of classified information, the Committee takes this matter extremely seriously. We were made aware of the investigation late last year, and have fully cooperated with the Federal Bureau of Investigation and the Department of Justice since then. Working through Senate Legal Counsel, and as noted in a Senate Resolution, the Committee has made certain official records available to the Justice Department.

June 13, 2018: Wolfe arraigned in DC. His lawyers move to prohibit claims he leaked classified information.

The indictment is quite clear: the investigation leading to Wolfe’s indictment started as an investigation into “multiple unauthorized disclosures of classified information” to the press. It’s clear from Burr and Warner’s statement that they were a bit surprised that the “charges do not appear to include anything related to the mishandling of classified information.” The indictment doesn’t charge Wolfe with leaking classified information.

And the timeline laid out in the indictment suggests that the document provided SSCI in March 2017 led to Watkins confirming that Page was Male-1 in the Victor Podobnyy complaint, the complaint itself is probably not classified. Nor would it, with its reference to Page as Male-1 (also used in this indictment!), be enough to ID Page as the guy Podobnyy was trying to recruit.

As I suggested in this post, for all the focus on Watkins, the indictment actually seemed to prioritize Reporter #1, including on the questionnaire the FBI gave Wolfe when they interviewed him in December. It first asked if Wolfe knew any of the reporters behind that still unidentified story, then asked a question that his relationship with Watkins would clearly refute, which agents contextualized even further by asking specific questions about details they had already confirmed about their relationship, including the international travel Rambo had identified as early as June. Then, after asking a question that would clearly pertain to Wolfe’s undeniable relationship with Watkins, the questionnaire asked whether he had given classified or unclassified documents to any of the journalists he might have admitted to contacting in Question 10, covering the basis for that Podobnyy story.

c. During the interview, FBI agents showed WOLFE a copy of a news article authored by three reporters, including REPORTER #1, about an individual (referred to herein as “MALE-l)”, that contained classified information that had been provided to the SSCI by the Executive Branch for official purposes.

d. Question 9 of the lnvestigative Questionnaire asked “Have you had any contact with” any of those three reporters. As to each reporter, WOLFE stated and checked “No.”

e. Question 10 of the Investigative Questionnaire asked, “Besides [the three named reporters], do you currently have or had any contact with any other reporters (professional, official, personal)?” Before answering this question, WOLFE stated orally to the FBI agents that although he had no official or professional contact with reporters, he saw reporters every day, and so to “feel comfortable” he would check “Yes.” He did so, and initialed this answer.

f. Question 10 of the Investigative Questionnaire further asked, “If yes, who and describe the relationship (professional, official, personal).” In the space provided, WOLFE hand wrote “Official – No” and “Professional – No.” WOLFE then orally volunteered that he certainly did not talk to reporters about anything SSCl-related. FBI agents orally asked WOLFE if he had traveled internationally with any reporter, gone to a baseball game or to the movies with a reporter, or had weekly or regular electronic communication with a reporter. To each question WOLFE verbally responded ‘No.” WOLFE then wrote “Personal – No” on the Investigative Questionnaire.

g. Question 11 of the lnvestigative Questionnaire asked, “If yes to question ten, did you discuss or disclose any official U.S. government information or documents whether classified or unclassified which is the property of the U.S. government without express authorization from the owner of the information?” WOLFE stated and checked “No” and initialed this answer.

Now consider the vote to release official SSCI documents to DOJ, which DOJ appears to have needed before they presented the indictment to the grand jury the next day, but which DOJ knew enough about to already be prepped to indict. That is, DOJ surely already knew what those records showed; what the vote did was permit DOJ to use the records in a prosecution. There are surely records pertaining to the SSCI SCIF that DOJ wanted, including the specific treatment of the Classified Document delivered to SSCI in March 2017.

On or about March 17,2017,the Classified Document was transported to the SSCI. As Director of Security, WOLFE received, maintained, and managed the Classified Document on behalf of the SSCI.

It’s also possible (though unlikely) that SSCI, and not the Executive Branch, counts as custodian of Wolfe’s Non-Disclosure Agreements.

But the only actual SSCI record described in the indictment is the email account he used to communicate with Reporter #1, as well as emails that Page sent to the committee to complain about leaks.

For example, between in or around December 2015 and in or around June 2017, WOLFE and REPORTER #1 communicated at least five times using his SSCI email account.

[snip]

26. On or about October 18, 2011, MALE-1 sent an email to the SSCI, complaining that the news organization had published REPORTER #3’s news article of the previous day, reporting that he had been subpoenaed.

27. On or about October 24,2017, at 7:00 a.m., WOLFE informed REPORTER #3, using Signal, that MALE-1 would testify in closed hearing before the SSCI “this week.” At 9:58 a.m., REPORTER #3 sent an email to MALE-I, asking him to confirm that he would be ‘paying a visit to Senate Intelligence staffers this week.” At 9:23 p.m., MALE-I sent an email to the SSCI, forwarding the email he had received from REPORTER #3, and complaining that the details of his appearance had been leaked to the press.

So it’s possible that, having had SSCI’s cooperation since the time FBI was interviewing Wolfe, DOJ only needed to ensure it could access these email records. It’s possible that DOJ believes convicting Wolfe of false statements charges, and avoiding the hassle of exposing classified information at a trial charging that he leaked classified information, is sufficient punishment.

Or it’s possible that this indictment is just the next step in an investigative process that aims to get confirmation — public or tacit, the latter obtained via a guilty plea with cooperation — regarding the source for that other, still unidentified story that incorporated classified information. I also think FBI may be particularly interested that Wolfe was approaching journalists offering to be a source, as he did in October with Reporter #4, and not vice-versa.

Google at Temple: Did DOJ Follow Its New Guidelines on Institutional Gags?

On October 19, 2017, DOJ issued new guidelines on default gag orders under the Stored Communications Act. It required that prosecutors “conduct an individualized and meaningful assessment requiring the need for protection from disclosure prior to seeking” a gag “and only seek an order when circumstances require.” Sometime after that, in association with its investigation of leaks about Carter Page, DOJ sought Ali Watkins’ call records, including her email subscriber records from when she was an undergraduate at Temple.

Under Justice Department regulations, investigators must clear additional hurdles before they can seek business records that could reveal a reporter’s confidential sources, such as phone and email records. In particular, the rules require the government to have “made all reasonable attempts to obtain the information from alternative, non-media sources” before investigators may target a reporter’s information.

In addition, the rules generally require the Justice Department to notify reporters first to allow them to negotiate over the scope of their demand for information and potentially challenge it in court. The rules permit the attorney general to make an exception to that practice if he “determines that, for compelling reasons, such negotiations would pose a clear and substantial threat to the integrity of the investigation, risk grave harm to national security, or present an imminent risk of death or serious bodily harm.”

Top Justice Department officials must sign off on any attempt to gain access to a journalist’s communications records.

It is not clear whether investigators exhausted all of their avenues of information before confiscating Ms. Watkins’s information. She was not notified before they gained access to her information from the telecommunications companies. Among the records seized were those associated with her university email address from her undergraduate years.

This request would almost certainly not have been presented to Temple University. It would have been presented to Google, which provides email service for Temple. At least, that’s what appears to have happened in the case of Professor Xiaoxiang Xi in DOJ’s investigation of him for carrying out normal academic discussions about semiconductors with colleagues in China.

Thus far (as reflected here with the NYT coverage), the focus on whether DOJ followed its own regulations pertains to whether they followed guidelines on obtaining the records of a journalist. But the circumstances surrounding their request for Temple records should focus as much attention on whether the government followed its brand new regulations on imposing gags even when obtaining records from an institutional cloud customer like Temple.

The new guidelines were adopted largely in response to a challenge from Microsoft on default, indefinite gags. While few noted it at the time, what Microsoft most worried about was its inability to give its institutional customers notice their records had been subpoenaed. That meant that certain kind of cloud customers effectively gave up a legal right to challenge legal process by outsourcing that service to Microsoft. Microsoft dropped its suit to legally force this issue when DOJ adopted the new guidelines last year. Best as I understand, those guidelines should have governed whether Google could tell Temple that DOJ was seeking the records of a former student.

So it’s not just that DOJ didn’t give Watkins an opportunity to challenge this subpoena, but also whether they gagged Google from telling Temple, and providing Temple the opportunity to challenge the subpoena on academic freedom grounds.

Given how they treated Xi, it’s unlikely Temple would have done much to protect their former student. But some universities — and other institutions with special First Amendment concerns that use Microsoft or Google for their email service — might. They can only do so, however, if DOJ doesn’t obtain frivolous gags to prevent them from doing so.

Kashyap Patel Had Better Not Rely on the Bill Duhnke Precedent

Contrary to what a lot of people understand of the case, Jeffrey Sterling was not the CIA’s first suspect for the Merlin leaks to James Risen. Senate Intelligence Committee Staff Director Bill Duhnke was. As former CIA press person Bill Harlow testified, he told the FBI that James Risen had close ties to Duhnke when he first talked to them about Risen’s story.

Q. Okay. And you also told them that someone they should talk to about something like this would be Bill Duhnke, a person named Bill Duhnke, correct, up at the — that worked at the U.S. Senate?

BY MR. MAC MAHON: Q. Now, Mr. Harlow, in 2003, you told the FBI that you thought that Mr. Risen might reach out to the Staff Director of the Senate Select Intelligence Committee on Intelligence for confirmation, that Mr. Risen would, correct?

[snip]

A. My recollection is what the FBI asked me is who are the kind of people that Risen might talk to on a story like this, and I told them that he had regular contact with the Congressional Oversight Committees, including the Senate Intelligence Committee, and so the kind of places he might go to ask about the story would be the Senate Oversight committees. That’s my recollection of it. You know, it’s a dozen years ago but —

Q. And one of the names you gave them was Bill Duhnke, right?

A. Right.

As FBI Agent Hunt explained, however, she was hampered from investigating whether Duhnke (who knew aspects about Merlin that Sterling did not which showed up in Risen’s reporting) was a source for Risen because Senator Pat Roberts refused to cooperate with the FBI, even after then FBI Director Robert Mueller requested himself.

Q. And do you also remember writing in 2006 that the FBI director contacted the SSCI Chairman and Senator Pat Roberts, right?

A. Yes.

Q. And that Senator Roberts told Director Mueller that he wasn’t going to cooperate with the FBI at all in this investigation, correct?

A. Yes.

Q. And that never changed, did it?

A. It did change.

Q. You then got some cooperation from SSCI, correct?

A. I did. Q. You never got an interview with Mr. Duhnke, right?

A. I did not interview Mr. Duhnke.

Thus it happened that Speech and Debate prevented the FBI from investigating whether a key Intelligence Committee staffer played a role in a leak the government claimed was one of the worst ever.

I thought of that precedent when I read this passage in the NYT’s latest story on DOJ’s belated realization that Devin Nunes was using purported oversight requests to discover details that might help Trump delegitimize the Mueller investigation.

In another meeting, Mr. Rosenstein felt he was outright misled by Mr. Nunes’s staff. Mr. Rosenstein wanted to know whether Kashyap Patel, an investigator working for Mr. Nunes who was the primary author of the disputed memo, had traveled to London the previous summer to interview a former British spy who had compiled a salacious dossier about Mr. Trump, according to a former federal law enforcement official familiar with the interaction.

Mr. Patel was not forthcoming during the contentious meeting, the official said, and the conversation helped solidify Mr. Rosenstein’s belief that Mr. Nunes and other allies in Congress were not operating in good faith.

And these passages in an earlier NYT piece on Patel.

Over the summer, Mr. Nunes dispatched Mr. Patel and another member of the committee’s Republican staff to London, where they showed up unannounced at the offices of Mr. Steele, a former British intelligence official.

Told Mr. Steele was not there, Mr. Patel and Douglas E. Presley, a professional staff member, managed to track him down at the offices of his lawyers. There, they said they were seeking only to establish contact with Mr. Steele, but were rebuffed and left without meeting him, according to two people with knowledge of the encounter.

A senior official for the Republican majority on the Intelligence Committee, who spoke on the condition of anonymity because he was not authorized to speak about the matter, said the purpose of the visit had been to make contact with Mr. Steele’s lawyers, not Mr. Steele. Still, the visit was highly unusual and appeared to violate protocol, because they were trying to meet with Mr. Steele outside official channels.

Ordinarily, such a visit would be coordinated through lawyers, conducted with knowledge of the House Democrats, who were not informed and the American Embassy.

Given Rosenstein’s concerns that Patel was lying, I find it particularly interesting that he didn’t inform the American Embassy when he was there. It’s as if he was looking for a back channel!

As NYCSouthpaw noted, Patel has been hanging around the White House since he’s started playing this role.

In the months since, Mr. Patel has apparently forged connections at the White House. In November, he posted a series of photos to Facebook of him and several friends wearing matching shirts at the White House bowling alley. “The Dons hit the lanes at 1600 Pennsylvania,” Mr. Patel wrote under the photos.

This would suggest that the Nunes designee who has had firsthand access to all this intelligence, has also gotten really comfortable with the White House, leaving the possibility that he has shared the information with those in charge of delegitimize the investigation.

I’ve long wondered why Nunes has refused to read the information he has fought so hard to get access to. But by giving Patel that access without reading the materials himself, Nunes ensures that someone with easy access to the White House sees the materials, without jeopardizing the power to refuse any cooperation with Mueller.

Nunes, like Roberts did in 2006, could simply refuse to cooperate under speech and debate.

And it might well work!

There is, however one problem with that. You see, one of the ways (admittedly one of the less offensive ways) the President has interfered in the operations of DOJ is by demanding that the department ratchet up the leak investigations. And at a time last summer where Trump was threatening to fire Sessions so he could hire someone who could interfere with the Mueller investigation, Sessions and Dan Coats rolled out a new war on leaks, speaking of new permissiveness for prosecutors. Both Sessions…

To prevent these leaks, every agency and Congress has to do better.

We are taking a stand. This culture of leaking must stop.

[snip]

Finally, here is what I want to tell every American today: This nation must end the culture of leaks. We will investigate and seek to bring criminals to justice. We will not allow rogue anonymous sources with security clearances to sell out our country any longer.

These cases are never easy. But cases will be made, and leakers will be held accountable.

All of us in government and in every agency and in Congress must do better.

And Coats invoked Congress as a source of leaks specifically.

I would like to point out, however, that these national security breaches do not just originate in the Intelligence Community. They come from a wide range of sources within government, including the Executive Branch and including the Congress.

At the time, those mentions were deemed a warning that (in addition to changing the rules allowing them to pursue journalists), DOJ would also start pursuing Congress and its staffers more aggressively.

So while the available evidence suggests that Patel may be part of Nunes’ effort to funnel information to the White House, and while past history has shown that Nunes’ counterparts have been able to protect intelligence committee leakers, perhaps the witch hunt demanded by Trump will change that.

image_print