Report from North Carolina Makes Reality Winner Leak Far More Important

According to NPR, the poll books in six precincts in Durham County, NC, went haywire on election day, which led the entire county to shift to paper poll books.

When people showed up in several North Carolina precincts to vote last November, weird things started to happen with the electronic systems used to check them in.

“Voters were going in and being told that they had already voted — and they hadn’t,” recalls Allison Riggs, an attorney with the Southern Coalition for Social Justice.

The electronic systems — known as pollbooks — also indicated that some voters had to show identification, even though they did not.

[snip]

At first, the county decided to switch to paper pollbooks in just those precincts to be safe. But Bowens says the State Board of Elections & Ethics Enforcement got involved “and determined that it would be better to have uniformity across all of our 57 precincts and we went paper pollbooks across the county.”

That move caused a whole new set of problems: Voting was delayed — up to an hour and a half — in a number of precincts as pollworkers waited for new supplies. With paper pollbooks, they had to cut voters’ names out and attach them to a form before people could get their ballots.

The company that provided the software for the poll books is VR Systems — the company that the document Reality Winner leaked showed had been probed by Russian hackers.

But Susan Greenhalgh, who’s part of an election security group called Verified Voting, worried that authorities underreacted. She was monitoring developments in Durham County when she saw a news report that the problem pollbooks were supplied by a Florida company named VR Systems.

“My stomach just dropped,” says Greenhalgh.

She knew that in September, the FBI had warned Florida election officials that Russians had tried to hack one of their vendor’s computers. VR Systems was rumored to be that company.

Because of the publicity surrounding the VR targeting — thanks to the document leaked by Winner — NC has now launched an investigation.

Lawson says the state first learned of the hack attempt when The Intercept, an online news site, published its story detailing Russian attempts to hack VR Systems. The leaked report said hackers then sent emails to local election offices that appeared to come from VR — but which actually contained malicious software.

[snip]

So now, months after the election, the state has launched an investigation into what happened in Durham County. It has secured the pollbooks that displayed the inaccurate information so forensic teams can examine them.

So this may be the first concrete proof that Russian hackers affected the election. But we’ll only find out of that’s true thanks to Winner’s leak.

Except she can’t raise that at trial.

Last week, Magistrate Judge Brian Epps imposed a protection order in her case that prohibits her or her team from raising any information from a document the government deems to be classified, even if that document has been in the public record. That includes the document she leaked.

The protective order is typical for leak cases. Except in this case, it covers information akin to information that appeared in other outlets without eliciting a criminal prosecution. And more importantly, Winner could now point to an important benefit of her leak, if only she could point to the tie between her leak and this investigation in North Carolina.

With the protection order, she can’t.

Note one more implication of this story.

In addition to the Presidential election last year, North Carolina had a surprisingly close Senate election, in which Senate Intelligence Committee Chair Richard Burr beat Deborah Ross by 6%. Admittedly, the margin was large — over 200,000 votes. But Durham County is the most Democratic county in the state.

Burr, of course, is presiding over one of the four investigations into the Russian hacks. And while I don’t think this story, yet, says that Burr won because of the hack, if the investigations shows VR was hacked in the state and it affected throughput in the most Democratic county, then it means Burr benefitted as clearly from the Russian hacks as Trump did.

The SSCI investigation has been going better than I had imagined. But this seems like a conflict of interest.

Update: I originally said the entire state switched to paper pollbooks. That’s incorrect: just Durham County did, which makes the issue even more important.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Former Senators Sessions and Coats Likely Just Set Off a Conflict with Congress

I’ll have more to say about Jeff Sessions’ new witch hunt on leaks later. But for now I want to look at what former Assistant Director Ron Hosko had to say to Daily Beast.

Ron Hosko, former deputy director of the FBI, said these changes could result in prosecution of members of Congress and Hill staffers. In the past, he said the FBI identified members of Congress who leaked classified information, who the Justice Department then declined to prosecute. Agents were often frustrated by this, Hosko added. Given the attorney general’s announcement, he said, members of Congress and Hill staffers may be more likely to face prosecution.

As I was listening to the press presentation (I won’t call it a conference because Sessions and Coats ran away without answering questions), I couldn’t help but thinking what a shitshow these two former Senators were likely setting off.

That’s because the universe of potential leakers is fraught for DOJ especially.

There are the various White House leakers (not including the President, who will escape notice even though he is one of the most prolific and dangerous leakers). Prosecuting them will be difficult politically in this contentious Administration.

There are the IC leakers. While some will likely be charged, a good many will be — like David Petraeus — too dangerous to aggressively prosecute, because they know where the truly interesting secrets are.

Most of all, though, there are the current and former members of Congress and their staffers, who have clearly been a central source of leaks embarrassing the White House.

Hosko is right that FBI has bumped up against limits in prosecuting Congress before. In the Jeffrey Sterling case, for example, SSCI staff director Bill Duhnke was FBI’s first and primary suspect (and a far more likely source for James Risen’s 2003 story than Sterling, not least because the final form of that story included a seeming reference to Iraq that Sterling wouldn’t have known). But SSCI refused to cooperate with the FBI investigation for years, and Duhnke reportedly never did. Duhnke remains in the Senate, working as the Rules Staff Director.

There’s nothing the Sessions hearing today included that would change the circumstances of Congress’ non-participation in the prosecution of Duhnke going forward (except perhaps the threat to jail journalists, but that’s still not likely to be enough to get past Congressional Speech and Debate privilege.

Moreover, if the FBI pushes too hard, Congress will just legislate itself — and reporters — protections (as Congress has been threatening to do for some time).

Given the Fourth Circuit precedents tied to the Sterling case, I think it will be easier for FBI to go after low level IC staffers. But I’m fairly confident if it gets close to Congress there will be a significant backlash that will make former Senators Sessions and Coats regret they didn’t account for their former colleagues’ equities before rolling out a witch hunt.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

With Clowns To The Left, And Jokers On The Right, Trump Turns To Scaramucci

What is up today, you ask?

Well, not much…..oh, holy shit!

On Wednesday night, I received a phone call from Anthony Scaramucci, the new White House communications director. He wasn’t happy. Earlier in the night, I’d tweeted, citing a “senior White House official,” that Scaramucci was having dinner at the White House with President Trump, the First Lady, Sean Hannity, and the former Fox News executive Bill Shine. It was an interesting group, and raised some questions. Was Trump getting strategic advice from Hannity? Was he considering hiring Shine? But Scaramucci had his own question—for me.

“Who leaked that to you?” he asked. I said I couldn’t give him that information. He responded by threatening to fire the entire White House communications staff. “What I’m going to do is, I will eliminate everyone in the comms team and we’ll start over,” he said. I laughed, not sure if he really believed that such a threat would convince a journalist to reveal a source. He continued to press me and complain about the staff he’s inherited in his new job. “I ask these guys not to leak anything and they can’t help themselves,” he said. “You’re an American citizen, this is a major catastrophe for the American country. So I’m asking you as an American patriot to give me a sense of who leaked it.”

Ooof. That is pretty psychotic on the part of Scaramouche, glad he didn’t go too batshit…. Yikes, nevermind:

“Reince is a fucking paranoid schizophrenic, a paranoiac,” Scaramucci said. He channelled Priebus as he spoke: “ ‘Oh, Bill Shine is coming in. Let me leak the fucking thing and see if I can cock-block these people the way I cock-blocked Scaramucci for six months.’ ” (Priebus did not respond to a request for comment.)
Scaramucci was particularly incensed by a Politico report about his financial-disclosure form, which he viewed as an illegal act of retaliation by Priebus. The reporter said Thursday morning that the document was publicly available and she had obtained it from the Export-Import Bank. Scaramucci didn’t know this at the time, and he insisted to me that Priebus had leaked the document, and that the act was “a felony.”

“I’ve called the F.B.I. and the Department of Justice,” he told me.
“Are you serious?” I asked.

“The swamp will not defeat him,” he said, breaking into the third person. “They’re trying to resist me, but it’s not going to work. I’ve done nothing wrong on my financial disclosures, so they’re going to have to go fuck themselves.”

Just to be clear, this is the rootin tootin slick dick Harvard Law financial genius that Trump brought in to clean up his Presidency’s previous failures, and bring order and success to the West Wing.

A fine tuned machine!

Bmaz is a rather large saguaro cactus in the Southwestern Sonoran desert. A lover of the Constitution, law, family, sports, food and spirits. As you might imagine, a bit prickly occasionally. Bmaz has attended all three state universities in Arizona, with both undergraduate and graduate degrees from Arizona State University, and with significant post-graduate work (in physics and organic chemistry, go figure) at both the University of Colorado in Boulder and the University of Arizona. Married, with both a lovely child and a giant Sasquatch dog. Bmaz has been a participant on the internet since the early 2000’s, including active participation in the precursor to Emptywheel, The Next Hurrah. Formally joined the Emptywheel blog as an original contributing member at its founding in 2007. Bmaz grew up around politics, education, sports and, most significantly, cars; notably around Formula One racing and Concours de Elegance automobile restoration and showing. Currently lives in the Cactus Patch with his lovely wife and beast of a dog, and practices both criminal and civil trial law.

The Complexities of Reality Winner’s Case

I suggested in this post that some of the coverage of Reality Winner’s arraignment was less than stellar.

Case in point: I didn’t see any reporting of the hearing that the government had moved to declare her case complex because they intended to use the Classified Information Procedures Act (CIPA, which governs how the government uses or substitutes classified information to be used in a trial); Winner’s attorney did not object. The court formally approved that on June 14. Then, on June 19, the government moved for a CIPA pretrial conference, which (credit where due) the Augusta press covered on Friday.

Perhaps this is just formality. At the end of its CIPA motion, the government refers to the “fast-moving nature of this case” even while admitting that it may not need some (or most?) of the CIPA procedures it had just laid out.

Given that this investigation concerns the disclosure of classified material and that the government’s evidence includes classified information, the government respectfully moves for a pretrial conference, pursuant to Section 2 of CIPA, to establish a discovery and motion schedule relating to any classified information. The government notes that some of the CIPA sections outlined above may not be invoked or need to be addressed.

Further, dependent upon future events and potential pretrial resolutions and proceedings, there may be no need for hearings pursuant to CIPA. Because of the fast-moving nature of this case, the precise amount of classified information that may be discoverable or used as evidence is still being determined.

Claims of thumb drives inserted into Air Force computers last year notwithstanding, on its face, this appears to be a cut-and-dry case: out of a pool of six potential leakers, one — Winner — has already confessed to the FBI. So perhaps the government is just doing this to ensure it has a Court Information Security Officer involved and a hefty protection order imposed on Winner’s defense team.

But in the same motion, the government makes it clear that it collected classified material beyond the document that Winner is alleged to have leaked to The Intercept.

The indictment in this case charges the defendant with unlawfully retaining and transmitting classified national defense information in violation of 18 U.S.C. § 793(e). Classified material, including but not limited to the document which the defendant is charged with unlawfully retaining and transmitting, was collected as part of the underlying investigation and will be the subject of certain procedures set forth in CIPA, as well as in other applicable rules, statutes, and case law. The disclosure of such material will raise issues of national security that the Court must address before the material is provided to the defense. [my emphasis]

That might just refer to data the NSA and FBI used to hone in on Winner. Or it may mean there’s more to the case than meets the eye.

And whatever that is will remain out of eyesight, behind CIPA.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

In Opinion Mostly Rejecting Jeffrey Sterling Appeal, Fourth Circuit Criminalizes Unclassified Tips

The Fourth Circuit just codified the principle that you can go to prison for four minutes and 11 seconds of phone calls during which you tell a reporter to go find out classified details you know about.

They just released an opinion mostly upholding Jeffrey Sterling’s conviction. The majority, penned by Albert Diaz, overturned one conviction based on whether Sterling handed a letter (about which the court seems to have misunderstood the evidence) to James Risen in Virginia, but that didn’t result in any reduction in sentence. The court not only upheld all other convictions, but did so in ways that will be really horrible for any clearance holders charged with leaks in the Fourth Circuit (the jurisdiction of which covers all the major government spy agencies).

Four minutes and 11 seconds of metadata

First, there’s the matter of whether there was evidence to support the three charges related to the first story James Risen attempted to write on Merlin in 2003. The opinion claims Sterling and Risen had “numerous” phone calls in advance of Risen going to the CIA with his story.

The government presented evidence of numerous phone calls in February and March 2003, between Sterling’s home in Virginia and Risen’s home in Maryland. These phone calls occurred right before Risen notified the CIA that he had learned about the program from confidential sources and was planning to write an article about its classified operations. Furthermore, all of these calls were made nearly a year after Risen wrote an article about Sterling’s discrimination lawsuit.

Here’s what those “numerous” calls look like:

Altogether, the government presented evidence that Sterling and Risen spoke for four minutes and 11 seconds in advance of the first story. Sterling also sent an unclassified email referring to a CNN story on Iran’s nukes.

Significantly, the court doesn’t even hold that Sterling may have transmitted classified information in those calls. It holds that he may have “encouraged” and “caused” Risen to publish the information.

That circumstantial evidence, viewed in the light most favorable to the government, could have led a rational jury to infer that Sterling discussed some classified information with Risen during these calls—the longest of which was 91 seconds—or encouraged Risen to publish the information. Thus, a jury could find that, more likely than not, Sterling helped “cause” dissemination of the information to the public through phone communications from his home in the Eastern District of Virginia, making venue proper for Counts I, II, and IX.

This establishes a standard criminalizing something that happens all the time in DC — where sources point reporters to something that’s classified without providing any classified information, leading the reporter to go find the classified information from other sources.

Importantly (and not mentioned in the Fourth Circuit opinion), the FBI’s initial suspect in this case was then-SSCI staffer Bill Duhnke. SSCI refused to cooperate with the FBI in the early stages of the investigation and may never have done so with respect to Duhnke. Nothing in the public record ever ruled out that he was Risen’s source for this early story.

The Court erroneously claims that Sterling had “the letter” printed in Risen’s book

The court makes two troubling steps in upholding Sterling’s conviction for illegally retaining classified information, which it upholds this way.

As to this offense, the Russian scientist testified that he gave Sterling a copy of the program letter in 2000. Sterling lost access to classified materials after he was fired in early 2002 (when he was working and living in Virginia), and Risen first notified authorities that he had seen the letter in April 2003. Finally, the government introduced evidence that in 2006, Sterling had stored other classified documents in his Missouri home, after he moved in mid-2003. On this evidence, a jury could therefore reasonably infer that after Sterling left the CIA in 2002, he unlawfully retained the program letter in his home—which was then in the Eastern District of Virginia.

In the language rejecting the conviction that Sterling transmitted the actual letter to Risen in Virginia, the court claimed that both sides agree that Sterling actually had the letter.

Because both sides agree that Sterling provided Risen with a paper copy of the letter, evidence of phone and email communications alone cannot support proper venue for Count V.

The claim that the defense agreed that Sterling even had the hard copy of the letter, much less handed it to Risen, is utterly inconsistent with this statement later in the opinion.

Sterling argued throughout the trial that he never retained or transmitted classified material.

Perhaps the court meant to say that “Sterling would have had to hand Risen a paper copy”?

Moreover, unless I’m missing something, not only does the defense not agree that Sterling handed over the letter, but it doesn’t even agree that Sterling ever had or saw the letter in the form handed to Risen. Indeed, the defense repeatedly got the government to admit they never found a copy of the actual letter that appeared in Risen’s book (though the record is inconsistent about whether that letter that got handed to the Iranians actually matched what appeared in Risen’s book).

That’s important — as I lay out in depth in this post — because Sterling was not involved in some key meetings leading up to the time Merlin went to Vienna. Given that he wasn’t involved in some of the meetings, it’s quite possible Sterling never saw the letter as it appeared in Risen’s book. I’d even say it’s likely, because Sterling’s habit was to include a verbatim transcript of letters Merlin was writing in his reporting, whereas Bob S, who handled the meetings Sterling didn’t attend, did not do so.

CIA has effectively — and not very credibly — claimed they didn’t have a copy of the letter as it appeared in Risen’s book, and in later years of the investigation Merlin started claiming he destroyed all evidence of it. Which would seem to undermine the claim that either side agreed Sterling handed over the actual letter to Risen.

I’m not sure how, based on that record, the Fourth Circuit can claim that Sterling ever had the letter in question.

Going to prison for keeping a procedure on how to dial a rotary phone

Then there’s what the court does to get to the claim that “in 2006, Sterling had stored other classified documents in his Missouri home, after he moved in mid-2003.”

The defense objected to the introduction of these documents, which included a performance review from the time Sterling was a trainee and instructions on how to dial into Langley from a rotary phone, specifically because of the way in which the documents were presented to the jury. The documents were handed out in red classified folders in unredacted form with great fanfare, whereas all other (far more classified) documents had been redacted and simply handed over to the jury in evidence binders.

Here’s how I described the theater surrounding these documents at the time.

A court officer handed out a packet of these same documents with bright red SECRET markings on the front to each juror (the government had tried to include such a warning on the binders of other exhibits, but the defense pointed out that nothing in them was actually classified at all). Judge Leonie Brinkema, apparently responding to the confused look on jurors’ faces, explained these were still-classified documents intended for their eyes only. “You’ll get the context,” Judge Brinkema added. “The content is not really anything you have to worry about.” The government then explained these documents were seized from Jeffrey Sterling’s house in Missouri in 2006. Then the court officer collected the documents back up again, having introduced the jurors to the exclusive world of CIA’s secrets for just a few moments.

On cross, however, the defense explained a bit about what these documents were. Edward MacMahon made it clear the date on the documents was February 1987 — a point which Lutz apparently missed. MacMahon then revealed that the documents explained how to use rotary phones when a CIA officer is out of the office. I believe the prosecution objected — so jurors can’t use MacMahon’s description in their consideration of how badly these documents implicate Sterling — but perhaps the improper description will help cue the jurors’ own understanding about what the documents they had glimpsed were really about, making it clear to them they’re being asked to convict a man because he possessed documents about using a rotary phone that the CIA retroactively decided were SECRET.

The court doesn’t deal with the silent witness aspect of this presentation at all. On the contrary, the court makes no mention of it when it dismisses the possibility this was inflammatory.

All probative evidence may be prejudicial to the defendant in some way, but we have found Rule 404(b) evidence to be unfairly prejudicial when it inflames the jury or encourages them to draw an inference against the defendant, based solely on a judgment about the defendant’s criminal character or wicked disposition. McBride, 676 F.3d at 399; Hernandez, 975 F.2d at 1041.

Here, evidence showing that Sterling had improperly retained four classified documents in the past encouraged the proper evidentiary inference that any subsequent retention of classified documents was, if proven, intentional.

The court’s treatment of these documents (and its silence on their actual content or the theater surrounding the introduction of them) is all the more troubling given that the court claimed the “prior bad acts” implicated by Sterling’s retention of these documents “were exactly the same as the act Sterling was charged with under Count III.”

Although the Rule 404(b) evidence was fairly old in this case, it did bear sufficient similarity in terms of pattern of conduct to justify its admission. An FBI search of Sterling’s Missouri home in 2006 uncovered four classified documents, which Sterling had improperly kept. And Sterling’s improper retention of these documents occurred during the same timeframe as his improper retention of files concerning the Program. Furthermore, the prior bad acts were exactly the same as the act Sterling was charged with under Count III.

Sure, in a legal sense, retaining classified information is retaining classified information. That’s how the Fourth Circuit gets to its “exactly the same” claim.

But retaining 20 year old HR documents — including a performance review — you obtained as a trainee just getting used to classification rules is not the same as retaining documents from covert operations. It’s not. And the claim it is is all the more outrageous given that Sterling wasn’t permitted to talk about how the witnesses against him had also retained classified information, and probably information that was far more classified than rotary phone dialing instructions.

Effectively, along with criminalizing sharing unclassified tips, the Fourth Circuit has also just criminalized mistakenly retaining HR documents in your basement, something that a large proportion of clearance holders have probably done over the course of their career.

Obstruction before the fact

Finally, here’s the court found that Sterling’s obstruction conviction was proper even though the government presented no proof whether he had deleted the unclassified email mentioning Iran’s nuclear program before or after receiving a subpoena for classified materials.

Sterling notes that this specific email “was not among the categories of documents requested by the grand jury’s [June 2006] subpoena.” Appellant’s Br. at 44. He argues, therefore, that even if he did delete the email, he could not have done so with the intent to impair the grand jury investigation. But while the email may not have been explicitly included in the subpoena’s categories, in that it did not directly share information about the classified program, it did reference Iran’s nuclear development efforts. Furthermore, the email and its brief comments suggest that Risen and Sterling had previously discussed Iran’s nuclear program.

We have said that to be culpable of obstructing justice, the actual documents destroyed “do not have to be under subpoena.” United States v. Gravely, 840 F.2d 1156, 1160 (4th Cir. 1988) (analyzing a conviction for obstruction of justice under 18 U.S.C. § 1503). Instead, “it is sufficient if the defendant is aware that the grand jury will likely seek the documents in its investigation.” Id. A rational jury could infer, based on the evidence at trial, that Sterling deleted the email between April and July 2006 in order to conceal it from a grand jury investigation. We therefore reject Sterling’s challenge to this conviction.

This language is just — what is the technical term? — weird.

First of all, the court never explains how Sterling would know there was a grand jury before receiving a subpoena from it, which is pretty important given that Sterling had known there was an investigation for three years, but hadn’t deleted that email before then.

Moreover, even as it deems it rational to believe that Sterling deleted the email thinking the grand jury will “likely seek the documents,” the court ignores that the grand jury actually never did seek such an email. So Sterling, with no formal notice of a grand jury introduced in the trial, not only deleted the unclassified email knowing there would be one, but happened to delete an email that the grand jury, in fact, would never go onto ask for?

Somehow, too, unless I missed it the court neglected to deal with venue on this claim. They just … ignored that part of Sterling’s appeal.

The Fourth Circuit just made it illegal to share unclassified information

So between the finding that Sterling criminally “encouraged” the transmission of classified information in four minutes and 11 seconds of phone calls of unknown content, and the finding that Sterling obstructed justice before knowing there was a grand jury by deleting information that unknown grand jury ultimately never asked for, the Fourth Circuit has just criminalized sharing unclassified information.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The Sources for Some Russian Voting Hack Stories Will Not Be Prosecuted

Yesterday, former Homeland Security Secretary Jeh Johnson spent 90 minutes meeting with the Senate Intelligence Committee’s Russian investigators.

Today, Bloomberg reports that Russian probes of election-related targets was far more extensive than previously reported, reaching into 39 states. It relies on three unnamed sources for the story, either including, or in addition to, at least one former senior US official.

In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said.

[snip]

Another former senior U.S. official, who asked for anonymity to discuss the classified U.S. probe into pre-election hacking, said a more likely explanation is that several months of hacking failed to give the attackers the access they needed to master America’s disparate voting systems spread across more than 7,000 local jurisdictions.

[snip]

One former senior U.S. official expressed concern that the Russians now have three years to build on their knowledge of U.S. voting systems before the next presidential election, and there is every reason to believe they will use what they have learned in future attacks. [my emphasis]

The report also uses the document allegedly leaked by Reality Winner as corroboration and confirmation of one of the companies targeted, rather curiously included as a parenthetical comment.

(An NSA document reportedly leaked by Reality Winner, the 25-year-old government contract worker arrested last week, identifies the Florida contractor as VR Systems, which makes an electronic voter identification system used by poll workers.)

The Bloomberg story is critically important, as it should provide pressure on the Republicans for real protections for voting systems, even if they’ll probably ignore that pressure. It provides far more details than the Winner document did. That said, much of this information might come out formally in Jeh Johnson testimony before the House Intelligence Committee.

I raise all this to note that the treatment of Bloomberg’s sources will be dramatically different than that of Winner. I’d bet there won’t even be a referral for this story, especially if it relies on (as is likely) information shared by people protected by the speech and debate clause and/or people who might have been original classification authorities (OCAs — the people who get to decide whether something is classified or not) for this information in the past.

Perhaps that is as it should be. Perhaps our democracy has unofficially agreed that OCAs and congressional staffers should serve as kind of a relief valve, the place where classified information may be leaked without criminal penalty. Perhaps we believe those kinds of people have a better read on whether the interests of leaking outweigh the sensitivity of an issue. Though obviously, when OCAs like David Petraeus become impossible to punish (or former SSCI staff director Bill Duhnke, who was the FBI’s primary suspect for the Merlin leak, but who was protected by the Senate’s refusal to cooperate), that creates a profoundly unequal system of justice. Reality Winner can be prosecuted even while people leaking similar — perhaps even more sensitive — information within weeks might not even be investigated.

To be clear, I don’t want Bloomberg’s sources to be investigated. But we need to acknowledge the double standards for leakers in this country.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Which Was a More Sensitive Open Secret Revealed as a Result of the Reality Winner Story: Details on Russian Hacks of Voting Equipment, or Invisible Printer Dots?

Mr. EW doesn’t follow my work all that closely. He’s most apt to read something I wrote if it gets cited in TechDirt, a fact that occasionally makes me fantasize about getting Mike Masnick to publish secret messages about fixing leaky toilets or broken screen doors.

So I was pretty interested in Mr. EW’s take on the Reality Winner story. He believes, as many people do, that Winner was caught using the printer dot technology that Rob Graham laid out here.

I don’t doubt that the FBI or NSA used the printer dot technology to confirm that they had gotten the right person before they charged Winner. But it’s not mentioned at all in DOJ’s narrative of how they caught Winner (who, remember, pled not guilty even though she confessed to the FBI). They cite the following steps (search warrant affidavit, complaint affidavit):

  1. May 30: The Intercept contacts NSA and provides a copy of the document. NSA confirms for itself that it is real and classified.
  2. June 1: NSA makes a leak referral to the FBI.
  3. Undated:
    1. NSA notes that the document has been folded, suggested it was printed off.
    2. NSA checks who has accessed and printed the document.
    3. NSA checks the work computers of the six people who have printed the document, including Winner.
    4. NSA finds a direct email, from March, from Winner’s work computer to The Intercept using her personal Gmail account pertaining to TI’s podcast.
  4. June 1: For the second time, The Intercept contacts a contractor to validate the document (he or she had told them it was fake on May 24), telling the contractor that the NSA has confirmed its authenticity. The contractor provided a document number to The Intercept, and on the same day, the contractor informed the NSA about the May 24 and June 1 interactions, probably also passing on the detail that the document had been sent from Augusta, GA.
  5. June 2: FBI verifies Winner’s residence for a search warrant.
  6. June 3: FBI interviews Winner, who admits to “removing the classified intelligence reporting from her office space, retaining it, and mailing it from Augusta, Georgia.”

Winner was arrested on June 3; her arrest was unsealed on June 5, just after The Intercept published the document.

On June 5, Graham posted a piece explaining how the hidden dots on the hard copy of the document would have told NSA that the document had been printed out on May 9, making it even easier for the NSA to pinpoint who had printed out the document.

The document leaked by the Intercept was from a printer with model number 54, serial number 29535218. The document was printed on May 9, 2017 at 6:20. The NSA almost certainly has a record of who used the printer at that time.

As I explained to Mr. EW last night, nothing in the official record says the NSA used this hidden dot technology in its hunt for the leaker. I explained that while my friends started talking about the hidden dots almost immediately, there was nothing in the public record about it.

Clearly, the government didn’t exactly want that (and no doubt a number of other investigative methods, presumably including at a minimum checks on the non-government computer communications of the six people who printed out the document, and potentially also a check of postal records) detail to become public.

Yet, as a result of the reporting on this, people like Mr. EW not only know about the dot technology, but believe it was the key factor in identifying Winner. If they follow Rob Graham closely, they’ll also know that (in response to my question) another presumed leaker to The Intercept had managed to pass on a printed (and frankly far more important leaked) document — FBI’s Domestic Investigations and Operations Guidewithout including the telltale dots (I told Mr. EW about the follow-up but he’s more likely to read it if TechDirt links so…) So they would have learned that the dots are an operational security issue, but there are as yet unknown ways to mitigate that problem.

As I’ve stated several times, while the document Winner leaked to The Intercept provides new details about Russian attempts to hack the election, it simply adds to the widely known narrative already in the public (though the redacted details would no doubt be even more interesting). The secret dots though! — that was news to most people (including me).

Which secret do you think the government is most grumpy about having been made public?

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Reality Winner Appears to Have Already Leaked “Documents” Plural

There appears to be a misunderstanding about details revealed at the bail hearing for Reality Winner last week, where Magistrate Judge Brian Epps denied her bail. Epps did so because she allegedly said she said wanted to burn the White House down and because prosecutor Jennifer Solari — who sounds like she made some pretty inflated claims — suggested Winner might have more to leak. There’s no written record for this yet, but it appears from one of the less-shitty reports on the hearing that the claim is based on three things: First, Winner stuck a thumb drive in a Top Secret computer last year.

Winner inserted a portable hard drive in a top-secret Air Force computer before she left the military last year. She said authorities don’t know what happened to the drive or what was on it.

Second, because Solari portrayed the 25-year old translator’s knowledge as a danger unto itself (more ridiculously, she painted Winner’s knowledge of Tor — which Winner didn’t use to look up sensitive information — as a means by which she might flee).

“We don’t know how much more she knows and how much more she remembers,” Solari said. “But we do know she’s very intelligent. So she’s got a lot of valuable information in her head.”

And finally, because Winner told her mother, in a conversation from jail that was recorded, that she was sorry about the documents, plural.

Solari said Winner also confessed to her mother during a recorded jailhouse phone call, saying: “Mom, those documents. I screwed up.”

Solari apparently emphasized the latter point as a way to suggest Winter might still have documents to leak.

Solari stressed that Winner referred to “documents” in the plural, and that federal agents were looking to see whether she may have stolen other classified information.

The idea is that because Winner used the plural and she only leaked one document, there must be more she’s planning on leaking.

Except that doesn’t appear right.

It appears Winner actually already leaked two documents.

While the Intercept article describes a document, singular, what they actually appear to have gotten are two documents — the report on the Russian hacking, and one page of a two-page document laying out the hacks. The Intercept calls the second document “an overview chart.”

But the “chart” actually has its own separate pagination (indeed, its own separate pagination format). The “document” paginates by page number,

Whereas the “chart” paginates by pages out of total.

Moreover, the “chart” also uses a different title than the report.

That’s not to say they’re not related. It’s just two say that we already appear to have documents, plural, from Winner.

Moreover, are we really led to believe that 3 years after Edward Snowden succeeded in loading a bunch of documents onto a flash drive because he was in a remote facility where insider threat programs hadn’t yet been fully implemented, had SysAdmin access, and had pulled some strings to retain an outdated computer that had a port, a translator in an NSA or other military facility could use a flash drive without a very close accounting of what she downloaded?

Mind you, her attorney should have argued as much in the detention hearing if Winner really thinks these are multiple documents. But appears they are.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

What a Difference a Day Makes to the Privileges of a King

As part of his testimony today, Jim Comey revealed he gave some or all of the nine memos he wrote documenting his interactions with President Trump to a friend, since confirmed to be Columbia Professor Dan Richman, who in turn shared one with the press.

COLLINS: Finally, did you show copies of your memos to anyone outside of the department of justice?

COMEY: Yes.

COLLINS: And to whom did you show copies?

COMEY: I asked — the president tweeted on Friday after I got fired that I better hope there’s not tapes. I woke up in the middle of the night on Monday night because it didn’t dawn on me originally, that there might be corroboration for our conversation. There might a tape. My judgement was, I need to get that out into the public square. I asked a friend of mine to share the content of the memo with a reporter. Didn’t do it myself for a variety of reasons. I asked him to because I thought that might prompt the appointment of a special counsel. I asked a close friend to do it.

COLLINS: Was that Mr. Wittes?

COMEY: No.

COLLINS: Who was it?

COMEY: A close friend who is a professor at Columbia law school.

The fact that Comey released the memo through Richman formed part of Trump lawyer Marc Kasowitz’s pushback after the hearing.

Of course, the Office of the President is entitled to expect loyalty from those who are serving in an administration, and, from before this President took office to this day, it is overwhelmingly clear that there have been and continue to be those in government who are actively attempting to undermine this administration with selective and illegal leaks of classified information and privileged communications. Mr. Comey has now admitted that he is one of the leakers.

Today, Mr. Comey admitted that he unilaterally and surreptitiously made unauthorized disclosures to the press of privileged communications with the President. The leaks of this privileged information began no later than March 2017 when friends of Mr. Comey have stated he disclosed to them the conversations he had with the President during their January 27, 2017 dinner and February 14, 2017 White House meeting. Today, Mr. Comey admitted that he leaked to his friends his purported memos of these privileged conversations, one of which he testified was classified. He also testified that immediately after he was terminated he authorized his friends to leak the contents of these memos to the press in order to “prompt the appointment of a special counsel.” Although Mr. Comey testified he only leaked the memos in response to a tweet, the public record reveals that the New York Times was quoting from these memos the day before the referenced tweet, which belies Mr. Comey’s excuse for this unauthorized disclosure of privileged information and appears to [sic] entirely retaliatory.

Kasowitz gets a lot wrong here. Comey said one memo was classified, but that’s the memo that memorialized the January 6 meeting, not the ones described here. And the NYT has already corrected the claim that the shared memos preceded the tweet.

And, as a number of people (including Steve Vladeck) have noted, even if this information were covered by executive privilege, even if that privilege weren’t waived with Trump’s tweet, it’s not a crime to leak privileged information.

Nevertheless, Kasowitz’ focus on purportedly privileged documents is all the more interesting given the pathetic conduct of Director of National Intelligence Dan Coats and NSA Director Mike Rogers at yesterday’s 702 hearing. After a great deal of obfuscation from both men about why they couldn’t answer questions about Trump’s request they intervene in the FBI’s Mike Flynn investigation, Angus King finally got Rogers to admit that he and Coats never got a conclusive answer about whether the White House was invoking privilege.

King: I think you testified, Admiral Rogers, that you did discuss today’s testimony with someone in the White House?

Rogers: I said I asked did the White House intend to invoke executive privilege with respect to interactions between myself and the President of the United States.

King: And what was the answer to that question?

Rogers: To be honest I didn’t get a definitive answer. Both myself and the DNI are still talking–

King: So then I’ll ask both of you the same question. Why are you not answering these questions? Is there an invocation by the President of the United States of executive privilege? Is there or not?

Rogers: Not that I’m aware of.

King: Then why are you not answering the question?

Rogers: Because I feel it is inappropriate, Senator.

King: What you feel isn’t relevant Admiral. What you feel isn’t the answer. The question is why are you not answering the questions. Is it an invocation of executive privilege? If there is, then let’s know about it, and if there isn’t answer the questions.

Rogers: I stand by the comments I’ve made. I’m not interested in repeating myself, Sir. And I don’t mean that in a contentious way.

King: Well I do mean it in a contentious way. I don’t understand why you’re not answering our questions. When you were confirmed before the Armed Services Committee you took an oath, do you solemnly swear to give the committee the truth, the full truth and nothing but the truth. You answered yes to that.

Rogers: I do. And I’ve also answered that those conversations were classified. It is not appropriate in an open forum to discuss those classified conversations.

King: What is classified about a conversation about whether or not you should intervene in the FBI investigation?

Rogers: Sir I stand by my previous comments.

King: Mr. Coats? Same series of questions. What’s the basis for your refusal to answer these questions today?

Coats: The basis is what I’ve previously explained, I do not believe it is appropriate for me to–

King: What’s the basis? I’m not satisfied with I do not believe it is appropriate or I do not feel I should answer. I want to understand a legal basis. You swore that oath to tell us the truth, the whole truth, and nothing but the truth, and today you are refusing to do so. What is the legal basis for your refusal to testify to this committee?

Coats: I’m not sure I have a legal basis.

In other words, these men admit they had no legal basis (they’re not classified, no matter what Rogers claimed) to dodge the Committee’s question. But nevertheless they’re invoking things like their feelings to avoid testifying.

Clearly, the White House is playing a game here, invoking loyalty rather than law to compel silence from its top officials.

Kasowitz’ claims are, on their face, bogus. But taken in conjunction with the dodges from Coats and Rogers, they’re all the more problematic.

 

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Does Vice President Pence Believe He Has Declassification Authority?

It is, as I understand it, fairly customary for each new presidential administration to rewrite the Executive Order on classification. George W Bush didn’t do so right away — he finalized his classification EO on March 23, 2003. Obama moved a bit more quickly, superseding the Bush EO with his own classification EO on December 29, 2009.

But even among the flood of Executive Orders that Trump has signed thus far in his term, I don’t believe he has modified the Obama one.

That means a change made in 2003, which was retained in the Obama EO, remains in place: the inclusion of the Vice President among those who is and can name Original Classification Authorities (here’s Bill Clinton’s EO for comparison). Here’s the language that gave Dick Cheney classification authorities:

Classification Authority. (a) The authority to classify information originally may be exercised only by:

    (1) the President and, in the performance of executive duties, the Vice President;

And here’s how Obama slightly tweaked that language to retain that authority for Joe Biden:

a) The authority to classify information originally may be exercised only by:

(1) the President and the Vice President;

Now, Cheney got this authority at an interesting time. That was a key time for Torture cover-up; in fact, sometime in that period, someone in the White House ordered George Tenet to make torture a Special Access Program. He was already pushing back against the CIA whistleblowers who knew the intelligence behind Iraq was crap, an effort that would lead to Scooter Libby sharing Valerie Plame’s identity with Judy Miller on Cheney’s orders (it remains unclear whether Cheney had Bush’s permission to leak this). Yet for some reason, the new classification rules appear most closely connected with Stellar Wind (I believe this had to do with a change in whom Stellar Wind could target).

In any case, from that moment forward, the Vice President has had the authority to classify things. As you can imagine, given Cheney’s role in the Plame outing, there was a heated and still publicly unresolved debate whether the Vice President also got declassification authorities, including of things that the President or Presidential authority had classified.

I raise this issue because more and more people have started raising questions about whether Mike Pence is sabotaging Donald Trump, especially as leaks like this come out of the White House.

President Trump told Russian officials in the Oval Office this month that firing the F.B.I. director, James B. Comey, had relieved “great pressure” on him, according to a document summarizing the meeting.

“I just fired the head of the F.B.I. He was crazy, a real nut job,” Mr. Trump said, according to the document, which was read to The New York Times by an American official. “I faced great pressure because of Russia. That’s taken off.”

Mr. Trump added, “I’m not under investigation.”

The conversation, during a May 10 meeting — the day after he fired Mr. Comey — reinforces the notion that Mr. Trump dismissed him primarily because of the bureau’s investigation into possible collusion between his campaign and Russian operatives. Mr. Trump said as much in one televised interview, but the White House has offered changing justifications for the firing.

The White House document that contained Mr. Trump’s comments was based on notes taken from inside the Oval Office and has been circulated as the official account of the meeting. One official read quotations to The Times, and a second official confirmed the broad outlines of the discussion.

If Pence believes — perhaps based on knowledge personally imparted by Cheney allies — that he has the ability to declassify anything that the President can, then he can leak details of White House events with utter impunity. Having him insta-declassify things would be a fairly safe way to feed the never-ending stream of embarrassing information coming out of the White House.

Oh, sure. He’d have utterly venal motive to do so. By feeding the Trump Russian scandal, Pence would make it increasingly likely he’d become President without having to expose his regressive views to the review of voters. But there’s nothing Trump could do about it so long as an EO granting Pence the same authorities that Cheney abused to great effect remains on the book.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.