Leak Investigations

1 2 3 25

Jim Comey, Poker Face, and the Scope of the Clinton Investigation(s)

Screen Shot 2016-07-07 at 10.11.04 PMI write this post reluctantly, because I really wish the Hillary investigations would be good and over. But I don’t think they are.

After having watched five and a half hours of the Clinton investigation hearing today, I’ve got new clarity about what the FBI has been doing for the last year. That leads me to believe that this week’s announcement that DOJ will not charge Clinton is simply a pause in the Clinton investigation(s). I believe an investigation will resume shortly (if one is not already ongoing), though that resumed investigation will also end with no charges — for different reasons than this week’s declination.

First, understand how this all came about. After the existence of Hillary’s server became known, State’s IG Steve Linick started an investigation into it, largely focused on whether Hillary (and other Secretaries of State) complied with Federal Records Act obligations. In parallel, as intelligence agencies came to complain about State’s redactions of emails released in FOIA response, the Intelligence Committee Inspector General Charles McCullough intervened in the redaction process and referred Clinton to the FBI regarding whether any classified information had been improperly handed. As reported, State will now resume investigating the classification habits of Hillary and her aides, which will likely lead to several of them losing clearance.

The FBI investigation that ended yesterday only pertained to that referral about classified information. Indeed, over the course of the hearing, Comey revealed that it was narrowly focused, examining the behavior of only Clinton and four or five of her close aides. And it only pertained to that question about mishandling classified information. That’s what the declination was based on: Comey and others’ determination that when Hillary set up her home-brew server, she did not intend to mishandle classified information.

This caused some consternation, early on in the hearing, because Republicans familiar with Clinton aides’ sworn testimony to the committee investigating the email server and Benghazi were confused how Comey could say that Hillary was not cleared to have her own server, but aides had testified to the contrary. But Comey explained it very clearly, and repeatedly. While FBI considered the statements of Clinton aides, they did not review their sworn statements to Congress for truth.

That’s important because the committee was largely asking a different question: whether Clinton used her server to avoid oversight, Federal Record Act requirements, the Benghazi investigation, and FOIA. That’s a question the FBI did not review at all. This all became crystal clear in the last minutes of the Comey testimony.

Chaffetz: Was there any evidence of Hillary Clinton attempting to avoid compliance with the Freedom of Information Act?

Comey: That was not the subject of our criminal investigation so I can’t answer that sitting here.

Chaffetz: It’s a violation of law, is it not?

Comey: Yes, my understanding is there are civil statutes that apply to that. I don’t know of a crimin–

Chaffetz: Let’s put some boundaries on this a little bit — what you didn’t look at. You didn’t look at whether or not there was an intention or reality of non-compliance with the Freedom of Information Act.

Comey: Correct.

Having started down this path, Chaffetz basically confirms what Comey had said a number of times throughout the hearing, that FBI didn’t scrutinize the veracity of testimony to the committee because the committee did not make a perjury referral.

Chaffetz: You did not look at testimony that Hillary Clinton gave in the United States Congress, both the House and the Senate?

Comey: To see whether it was perjurious in some respect?

Chaffetz: Yes.

Comey: No we did not.

[snip]

Comey: Again, I can confirm this but I don’t think we got a referral from Congressional committees, a perjury referral.

Chaffetz: No. It was the Inspector General that initiated this.

Now, let me jump to the punch and predict that OGR will refer at least Hillary’s aides, and maybe Hillary herself, to FBI for lying to Congress. They might even have merit in doing so, as Comey has already said her public claims about being permitted to have her own email (which she repeated to the committee) were not true. Plus, there’s further evidence that Hillary used her own server precisely to maintain control over them (that is, to avoid FOIA).

That said, there are two reasons why Hillary and her aides won’t be prosecuted for lying to Congress: James Clapper and Scott Bloch.

Clapper you all know about. The Director of National Intelligence — unlike Clinton — was not under oath when he spectacularly lied to Ron Wyden. Nor was he referred to DOJ for prosecution. But that recent lie will make FBI hesitate.

DOJ will hesitate even more given the history of Scott Bloch. bmaz has written a slew of posts about this but the short version is that the former Office of Special Counsel lied to this very committee and wiped his hard drive to obscure that fact. He ultimately pled guilty, but when the magistrate handling the case pointed out that the plea carried a minimum one month sentence, Bloch and DOJ went nuts and tried to withdraw his plea. bmaz and a bunch of whistleblowers who had been poorly treated by Bloch went nuts in turn. All to no avail. After DOJ claimed there were secret facts that no one understood, the court agreed to sentence Bloch to just one day in jail.

In other words, to keep one of their own out of jail, DOJ made expansive claims about how unimportant lying to Congress is. Even assuming DOJ would ignore their own recent historical claims about the frivolity of lying to Congress, Hillary’s lawyers could use that precedent to argue that lying to Congress has, effectively, been decriminalized (unilaterally by the Executive Branch!).

So FBI will investigate it. Comey might even refer, this time, for prosecution, because the evidence is actually far stronger that Hillary used her own server to avoid oversight (and that she was less than forthcoming about that to Congress). But that, too, won’t be prosecuted because you basically can’t prosecute lying to Congress after the Bloch case.

Which brings me to the funniest part of this exchange with Chaffetz (which, coming as it did in the last minutes of the hearing, has escaped most notice).

Chaffetz: Did you look at the Clinton Foundation?

Comey: I’m not going to comment on the existence or non-existence of any other investigation.

Chaffetz: Was the Clinton Foundation tied into this investigation?

Comey: I’m not going to answer that.

Understand: Comey had already commented on the existence or non-existence of other investigations, commenting at length on the non-investigation of questions pertaining to FOIA and FRA, even describing how many people (four to five) were subjects of this investigation. Comment on non-existence of investigation, comment on non-existence of investigation, comment on non-existence of investigation.

And for what it’s worth, the Clinton Foundation probably couldn’t have been part of the scope of this, given that this was only focused on four to five people (note, a Clinton Foundation investigation would better explain why FBI gave Brian Pagliano immunity, another topic on which Comey would not comment).

But when asked about the Clinton Foundation, he claimed he couldn’t say. All of a sudden, refusal to comment on existence or non-existence of investigation.

Now, I’m just going to say I don’t think anything will come of that, because I doubt FBI would clear Hillary on one issue but not the related one (plus, given SCOTUS’ ruling in the Bob McDonnell case, it probably became impossible to prosecute any Clinton Foundation violations). But Comey’s answer does make it clear that FBI considers questions about improperly handling classified information, avoiding FOIA and other oversight, lying about avoiding FOIA, and deals made with the Clinton Foundation to be different things.

I think that doesn’t change that Hillary won’t be indicted. But I do think she will continue to be investigated in conjunction with questions about what she did and said to avoid FOIA and other oversight.

Update: This post has been tweaked.

Some Legislative Responses to Clinton’s Email Scandal

The Republicans have reverted to their natural “Benghazi witchhunt” form in the wake of Jim Comey’s announcement Tuesday that Hillary Clinton and her aides should not be charged, with Comey scheduled to testify before the House Oversight Committee at 10 AM.

Paul Ryan wrote a letter asking James Clapper to withhold classified briefings from Hillary. And the House Intelligence Committee is even considering a bill to prevent people who have mishandled classified information from getting clearances.

In light of the FBI’s findings, a congressional staffer told The Daily Beast that the House Intelligence Committee is considering legislation that could block security clearances for people who have been found to have mishandled classified information in the past.

It’s not clear how many of Clinton’s aides still have their government security clearances, but such a measure could make it more difficult for them to be renewed, should they come back to serve in a Clinton administration.

“The idea would be to make sure that these rules apply to a very wide range of people in the executive branch,” the staffer said. (Clinton herself would not need a clearance were she to become president.)

It’s nice to see the same Republicans who didn’t make a peep when David Petraeus kept — and still has — his clearance for doing worse than Hillary has finally getting religion on security clearances.

But this circus isn’t really going to make us better governed or safer.

So here are some fixes Congress should consider:

Add some teeth to the Federal/Presidential Records Acts

As I noted on Pacifica, Hillary’s real crime was trying to retain maximal control over her records as Secretary of State — probably best understood as an understandable effort to withhold anything potentially personal combined with a disinterest in full transparency. That effort backfired spectacularly, though, because as a result all of her emails have been released.

Still, every single Administration has had at least a minor email scandal going back to Poppy Bush destroying PROFS notes pertaining to Iran-Contra.

And yet none of those email scandals has ever amounted to anything, and many of them have led to the loss of records that would otherwise be subject to archiving and (for agency employees) FOIA.

So let’s add some teeth to these laws — and lets mandate and fund more rational archiving of covered records. And while we’re at it, let’s ensure that encrypted smart phone apps, like Signal, which diplomats in the field should be using to solve some of the communication problems identified in this Clinton scandal, will actually get archived.

Fix the Espionage Act (and the Computer Fraud and Abuse Act)

Steve Vladeck makes the case for this:

Congress has only amended the Espionage Act in detail on a handful of occasions and not significantly since 1950. All the while, critics have emerged from all corners—the academy, the courts, and within the government—urging Congress to clarify the myriad questions raised by the statute’s vague and overlapping terms, or to simply scrap it and start over. As the CIA’s general counsel told Congress in 1979, the uncertainty surrounding the Espionage Act presented “the worst of both worlds”:

On the one hand the laws stand idle and are not enforced at least in part because their meaning is so obscure, and on the other hand it is likely that the very obscurity of these laws serves to deter perfectly legitimate expression and debate by persons who must be as unsure of their liabilities as I am unsure of their obligations.

In other words, the Espionage Act is at once too broad and not broad enough—and gives the government too much and too little discretion in cases in which individuals mishandle national security secrets, maliciously or otherwise.

To underscore this point, the provision that the government has used to go after those who shared classified information with individuals not entitled to receive it (including Petraeus, Drake, and Manning), codified at 18 U.S.C. § 793(d), makes it a crime if:

Whoever, lawfully having possession of, access to, control over, or being entrusted with any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note relating to the national defense, or information relating to the national defense which information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted … to any person not entitled to receive it, or willfully retains the same and fails to deliver it on demand to the officer or employee of the United States entitled to receive it …

This provision is stunningly broad, and it’s easy to see how, at least as a matter of statutory interpretation, it covers leaking—when government employees (“lawfully having possession” of classified information) share that information with “any person not entitled to receive it.” But note how this doesn’t easily apply to Clinton’s case, as her communications, however unsecured, were generally with staffers who were“entitled to receive” classified information.

Instead, the provision folks have pointed to in her case is the even more strangely worded § 793(f), which makes it a crime for:

Whoever, being entrusted with or having lawful possession or control of [any of the items mentioned in § 793(d)], (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed … fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer …

Obviously, it’s easy to equate Clinton’s “extreme carelessness” with the statute’s “gross negligence.” But look closer: Did Clinton’s carelessness, however extreme, “[permit] … [classified information] to be removed from its proper place of custody or delivered to anyone in violation of [her] trust”? What does that even mean in the context of intangible information discussed over email? The short answer is nobody knows: This provision has virtually never been used at least partly because no one is really sure what it prohibits. It certainly appears to be focused on government employees who dispossess the government of classified material (like a courier who leaves a satchel full of secret documents in a public place). But how much further does it go?

There’s an easy answer here, and it’s to not use Clinton as a test case for an unprecedented prosecution pursuant to an underutilized criminal provision, even if some of us think what she did was a greater sin than the conduct of some who have been charged under the statute. The better way forward is for Congress to do something it’s refused to do for more than 60 years: carefully and comprehensively modernize the Espionage Act, and clarify exactly when it is, and is not, a crime to mishandle classified national security secrets.

Sadly, if Congress were to legislate the Espionage Act now, they might codify the attacks on whistleblowers. But they should not. They should distinguish between selling information to our adversaries and making information public. They should also make it clear that intent matters — because in the key circuit, covering the CIA, the Pentagon, and many contractors, intent hasn’t mattered since the John Kiriakou case.

Eliminate the arbitrariness of the clearance system

But part of that should also involve eliminating the arbitrary nature of the classification system.

I’ve often pointed to how, in the Jeffrey Sterling case, the only evidence he would mishandle classified information was his retention of 30-year old instructions on how to dial a rotary phone, something far less dangerous than what Hillary did.

Equally outrageous, though, is that four of the witnesses who may have testified against Sterling, probably including Bob S who was the key witness, have also mishandled classified information in the past. Those people not only didn’t get prosecuted, but they were permitted to serve as witnesses against Sterling without their own indiscretions being submitted as evidence. As far as we know, none lost their security clearance. Similarly, David Petraeus hasn’t lost his security clearance. But Ashkan Soltani was denied one and therefore can’t work at the White House countering cyberattacks.

Look, the classification system is broken, both because information is over-classified and because maintaining the boundaries between classified and unclassified is too unwieldy. That broken system is then magnified as people’s access to high-paying jobs are subjected to arbitrary review of security clearances. That’s only getting worse as the Intelligence Community ratchets up the Insider Threat program (rather than, say, technical means) to forestall another Manning or Snowden.

The IC has made some progress in recent years in shrinking the universe of people who have security clearances, and the IC is even making moves toward fixing classification. But the clearance system needs to be more transparent to those within it and more just.

Limit the President’s arbitrary authority over classification

Finally, Congress should try to put bounds to the currently arbitrary and unlimited authority Presidents claim over classified information.

As a reminder, the Executive Branch routinely cites the Navy v. Egan precedent to claim unlimited authority over the classified system. They did so when someone (it’s still unclear whether it was Bush or Cheney) authorized Scooter Libby to leak classified information — probably including Valerie Plame’s identity — to Judy Miller. And they did so when telling Vaughn Walker could not require the government to give al Haramain’s lawyers clearance to review the illegal wiretap log they had already seen before handing it over to the court.

And these claims affect Congress’ ability to do their job. The White House used CIA as cover to withhold a great deal of documents implicating the Bush White House in authorizing torture. Then, the White House backed CIA’s efforts to hide unclassified information, like the already-published identities of its torture-approving lawyers, with the release of the Torture Report summary. In his very last congressional speech, Carl Levin complained that he was never able to declassify a document on the Iraq War claims that Mohammed Atta met with a top Iraqi intelligence official in Prague.

This issue will resurface when Hillary, who I presume will still win this election, nominates some of the people involved in this scandal to serve in her White House. While she can nominate implicated aides — Jake Sullivan, Huma Abedin, and Cheryl Mills — for White House positions that require no confirmation (which is what Obama did with John Brennan, who was at that point still tainted by his role in torture), as soon as she names Sullivan to be National Security Advisor, as expected, Congress will complain that he should not have clearance.

She can do so — George Bush did the equivalent (remember he appointed John Poindexter, whose prosecution in relation to the Iran-Contra scandal was overturned on a technicality, to run the Total Information Awareness program).

There’s a very good question whether she should be permitted to do so. Even ignoring the question of whether Sullivan would appropriately treat classified information, it sets a horrible example for clearance holders who would lose their clearances.

But as far as things stand, she could. And that’s a problem.

To be fair, legislating on this issue is dicey, precisely because it will set off a constitutional challenge. But it should happen, if only because the Executive’s claims about Navy v. Egan go beyond what SCOTUS actually said.

Mandate and fund improved communication system

Update, after I posted MK reminded me I meant to include this.

If Congress is serious about this, then they will mandate and fund State to fix their decades-long communications problems.

But they won’t do that. Even 4 years after the Benghazi attack they’ve done little to improve security at State facilities.

Update: One thing that came up in today’s Comey hearing is that the FBI does not routinely tape non-custodial interviews (and fudges even with custodial interviews, even though DOJ passed a policy requiring it). That’s one more thing Congress could legislate! They could pass a simple law requiring FBI to start taping interviews.

Does Jim Comey Think Thomas Drake Exhibited Disloyalty to the United States?

As you’ve no doubt heard, earlier today Jim Comey had a press conference where he said Hillary and her aides were “extremely careless in their handling of very sensitive, highly classified information” but went on to say no reasonable prosecutor would prosecute any of them for storing over 100 emails with classified information on a server in Hillary’s basement. Comey actually claimed to have reviewed “investigations into mishandling or removal of classified information” and found no “case that would support bringing criminal charges on these facts.”

Our investigation looked at whether there is evidence classified information was improperly stored or transmitted on that personal system, in violation of a federal statute making it a felony to mishandle classified information either intentionally or in a grossly negligent way, or a second statute making it a misdemeanor to knowingly remove classified information from appropriate systems or storage facilities.

[snip]

Although there is evidence of potential violations of the statutes regarding the handling of classified information, our judgment is that no reasonable prosecutor would bring such a case. Prosecutors necessarily weigh a number of factors before bringing charges. There are obvious considerations, like the strength of the evidence, especially regarding intent. Responsible decisions also consider the context of a person’s actions, and how similar situations have been handled in the past.

In looking back at our investigations into mishandling or removal of classified information, we cannot find a case that would support bringing criminal charges on these facts. All the cases prosecuted involved some combination of: clearly intentional and willful mishandling of classified information; or vast quantities of materials exposed in such a way as to support an inference of intentional misconduct; or indications of disloyalty to the United States; or efforts to obstruct justice. We do not see those things here.

To be clear, this is not to suggest that in similar circumstances, a person who engaged in this activity would face no consequences. To the contrary, those individuals are often subject to security or administrative sanctions. But that is not what we are deciding now.

Before we get into his argument, consider a more basic point: It is not Jim Comey’s job to make prosecutorial decisions. Someone else — whichever US Attorney oversaw the prosecutors on this case, Deputy Attorney General Sally Yates, or Loretta Lynch — makes that decision. By overstepping the proper role of the FBI here, Comey surely gave Lynch cover — now she can back his decision without looking like Bill Clinton convinced her to do so on the tarmac. But he has no business making this decision, and even less business making it public in the way he did (the latter of which points former DOJ public affairs director Matthew Miller was bitching about).

But let’s look at his judgment.

Given that Jeffrey Sterling has been in prison for a year based off a slew of metadata (albeit showing only 4:11 seconds of conversation between James Risen and Sterling) and three, thirty year old documents, classified Secret, describing how to dial a phone, documents which were presented to prove Sterling had the “intent” to retain a document FBI never showed him retaining, I’m particularly interested in Comey’s judgment that no reasonable prosecutor would bring charges based on the facts found against Hillary. Similarly, given the history of the Thomas Drake prosecution, in which he was charged with Espionage because he kept a bunch of documents on NSA’s fraud, at the direction of the Inspector General, which the FBI found in his basement.

I can only imagine Comey came to his improper public prosecutorial opinion via one of two mental tricks. Either he — again, not the prosecutor — decided the only crime at issue was mishandling classified information (elsewhere in his statement he describes having no evidence that thousands of work emails were withheld from DOJ with ill intent, which dismisses another possible crime), and from there he decided either that it’d be a lot harder to prosecute Hillary Clinton (or David Petraeus) than it would be someone DOJ spent years maligning like Sterling or Drake. Or maybe he decided that there are no indications that Hillary is disloyal to the US.

Understand, though: with Sterling and Drake, DOJ decided they were disloyal to the US, and then used their alleged mishandling of classified information as proof that they were disloyal to the US (Drake ultimately plead to Exceeding Authorized Use of a Computer).

Ultimately, it involves arbitrary decisions about who is disloyal to the US, and from that a determination that the crime of mishandling classified information occurred.

For what its worth, I think most of these cases should involve losing security clearances rather than criminal prosecution (though Petraeus also lied to FBI). But we know, even there, the system is totally arbitrary; DOJ has already refused to answer whether any of Hillary’s aides will be disciplined for their careless handling of classified information and Petraeus never did lose his clearance. Nor did the multiple witnesses who testified against Sterling who themselves mishandled classified information lose their security clearance.

Which is another way of saying our classification system is largely a way to arbitrarily label people you dislike disloyal.

How Did Booz Employee Analyst-Trainee Edward Snowden Get the Verizon 215 Order?

One thing I’ve been pondering as I’ve been going through the Snowden emails liberated by Jason Leopold is the transition Snowden made just before he left. They show that in August 2012, Snowden was (as we’ve heard) a Dell contractor serving as a SysAdmin in Hawaii.

Screen Shot 2016-06-10 at 1.48.37 PM

The training he was taking (and complaining about) in around April 5 – 12, 2013 was in preparation to move into an analyst role with the National Threat Operations Center.

Screen Shot 2016-06-10 at 1.55.17 PM

That would mean Snowden would have been analyzing US vulnerabilities to cyberattack in what is a hybrid “best defense is a good offense” mode; given that he was in HI, these attacks would probably have been launched predominantly from, and countermeasures would be focused on, China. (Before Stewart Baker accuses me of showing no curiosity about this move, as Baker did about the Chinese invitation to Snowden’s girlfriend to a pole dancing competition, I did, but got remarkably little response from anyone on it.)

It’s not clear why Snowden made the switch, but we have certainly seen a number of cybersecurity related documents — see the packet published by Charlie Savage in conjunction with his upstream cyber article. Even the PRISM PowerPoint — the second thing released — actually has a cybersecurity focus (though I think there’s one detail that remains redacted). It’s about using upstream to track known cyberthreat actors.

Screen Shot 2016-06-10 at 2.09.14 PM

I suspect, given the inaccuracies and boosterism in this slide deck, that it was something Snowden picked up while at Booz training, when he was back in Maryland in April 2013. Which raises certain questions about what might have been available at Booz that wasn’t available at NSA itself, especially given the fact that all the PRISM providers’ names appear in uncoded fashion.

Incidentally, Snowden’s job changes at NSA also reveal that there are Booz analysts, not NSA direct employees, doing Section 702 analysis (though that is technically public). In case that makes you feel any better about the way the NSA runs it warrantless surveillance programs.

Anyway, thus far, all that makes sense: Snowden got into a cybersecurity role, and one of the latest documents he took was a document that included a cybersecurity function (though presumably he could have gotten most of the ones that had already been completed as a SysAdmin before that).

But one of the most sensitive documents he got — the Verizon Section 215 primary order — has nothing to do with cybersecurity. The Section 215 dragnet was supposed to be used exclusively for counterterrorism. (And as I understand it, there are almost no documents, of any type, listing provider names in the Snowden stash, and not all that many listing encoded provider names). But the Verizon dragnet order it is dated April 23, 2013, several weeks into the time Snowden had moved into a cybersecurity analytical role.

Screen Shot 2016-06-10 at 2.29.20 PM

There’s probably an easy explanation: That even though NSA is supposed to shift people’s credentials as they move from job to job, it hadn’t happened for Snowden yet. If that’s right, it would say whoever was responsible for downgrading Snowden’s access from SysAdmin to analyst was slow to make the change, resulting in one of the most significant disclosures Snowden made (there have been at least some cases of credentials not being adjusted since Snowden’s leaks, too, so they haven’t entirely addressed what would have to be regarded as a major fuck-up if that’s how this happened).

Interestingly, however, the declassification stamp on the document suggests it was classified on April 12, not April 23, which may mean they had wrapped up the authorization process, only to backdate it on the date it needed to be reauthorized. April 12, 2013 was, I believe, the last day Snowden was at Fort Meade.

Screen Shot 2016-06-10 at 2.34.33 PM

Whatever the underlying explanation, it should be noted that the most sensitive document Snowden leaked — the one that revealed that the government aspired to collect phone records from every single Verizon customer (and, significantly, the one that made court challenges possible) — had to have been obtained after Snowden formally left his SysAdmin, privileged user, position.

Carrie Cordero’s Counterintelligence Complaints

I wasn’t going to respond to Carrie Cordero’s Lawfare piece on my and Jason Leopold’s story on NSA’s response to Edward Snowden’s claims he raised concerns at the agency, largely because I think her stance is fairly reasonable, particularly as compared to other Snowden critics who assume his leaks were, from start to finish, an FSB plot. But a number of people have asked me to do so, so here goes.

Let’s start with this:

As far as we know – even after this new reporting – Snowden didn’t lodge a complaint with the NSA Inspector General. Or the Department of Defense Inspector General. Or the Intelligence Community Inspector General. He didn’t follow up with the NSA Office of General Counsel. He didn’t make phone calls.  He didn’t write letters. He didn’t complain to Members of Congress who would have been willing to listen to his concerns.

Now here’s the rub: do I think that had he done all these things, the programs he questioned would have been shut down and there would have been the same effect as his unauthorized disclosures? No. He probably would have been told that more knowledgeable lawyers, leadership officials, congressmen and dozens of federal judges all assessed that the activities he questioned were legal.

Without noting the parts of the article that show that, nine months into the Snowden leaks and multiple hearings on the subject, Keith Alexander still didn’t know how contractors might raise complaints, and that the NSA editing of its Q&A on Snowden show real questions about the publicity and viability of reporting even to the IG, especially for legal violations, Cordero complains that he did not do so. Then she asserts that had Snowden gone to NSA’s IG (ignoring the record of what happened to Thomas Drake when he did the same), the programs would not have changed.

And yet, having taken a different approach, some of them have changed. Some of the programs — notably Section 215, but also tech companies’ relationship with the government, when exposed to democratic and non-FISA court review, and FISA court process itself — did get changed. I think all but the tech company changes have largely been cosmetic, Cordero has tended to think reforms would go too far. But the record shows that Snowden’s leaks, along with whatever else damage critics want to claim they caused, also led to a democratic decision to shift the US approach on surveillance somewhat. Cordero accuses Snowden of doing what he did because of ego — again, that’s her prerogative; I’m not going to persuade people who’ve already decided to think differently of Snowden — but she also argues that had Snowden followed the already problematic methods to officially report concerns, he would have had less effect raising concerns than he had in fact. Some of what he exposed may have been legally (when argued in secret) sustainable before Snowden, but they turned out not to be democratically sustainable.

Now let’s go back to how Cordero characterizes what the story showed:

Instead, the report reveals:

  • An NSA workforce conducting a huge after-action search for documents seeking to affirm or refute Snowden’s claim that he had raised red flags internally before resorting to leaking classified documents;
  • Numerous officials terrified that they would miss something in the search, knowing full-well how easily that could happen in NSA’s giant and complex enterprise; and
  • The NSA and ODNI General Counsels, and others in the interagency process –doing their job.

The emails in the report do reveal that government officials debated whether to release the one document that was evidence that Snowden did, in fact, communicate with the NSA Office of General Counsel. It’s hard to be surprised by this. On one hand, the one email in and of itself does not support Snowden’s public claim that he lodged numerous complaints; on the other hand, experienced senior government officials have been around the block enough times to know that as soon as you make a public statement that “there’s only one,” there is a very high likelihood that your door will soon be darkened by a staff member telling you, “wait, there’s more.” So it is no wonder that there was some interagency disagreement about what to do.

For what it’s worth, I think the emails show a mixed story about how well various participants did their job. They make Admiral Rogers look great (which probably would have been more prominently noted had the NSA not decided to screw us Friday night, leading to a very rushed edit job). They make Raj De, who appears to have started the push to release the email either during or just as Snowden’s interview with Brian Williams finished airing (it aired at 10:00 PM on May 28; though note the time stamps on this string of De emails are particularly suspect), look pretty crummy, and not only for that reactive response. (I emailed De for comment but got no response.)

Screen Shot 2016-06-05 at 12.57.44 PM

Later on, Cordero admits that, in addition to the OGC email, the story reported for the first time that there had also been a face-to-face conversation with one of the people involved in responding to that email.

The Vice report reveals that Snowden did do at least these things related to his interest in legal authorities and surveillance activities: (i) he clicked on a link to send a question to NSA OGC regarding USSID 18 training, which resulted in an emailed response from an NSA attorney; and (ii) he had a personal interaction (perhaps a short conversation) with a compliance official regarding questions in a training module. But according to the report, in his public statements, “Snowden insisted that he repeatedly raised concerns while at the NSA, and that his concerns were repeatedly ignored.”

(Note Cordero entirely ignores that interviews with Snowden’s colleagues — the same people whom she characterized as terrified they’d miss something in the media response but doesn’t consider whether they would be even more terrified conversations about privacy with Snowden might be deemed evidence of support for him — found a number of them having had conversations about privacy and the Constitution).

She doesn’t get into the chronology of the NSA’s treatment of the face-to-face conversation, though. What the story lays out is this:

  • Released emails show NSA now asserts that Snowden complained about two training programs within the span of a week, possibly even on the same day, with Compliance being involved in both complaints (Snowden would have known they were involved in the OGC response from forwarded emails)
  • Given the record thus far, it appears that there is no contemporaneous written record of the face-to-face complaint (we asked the NSA for any and that’s when they decided to just release the emails in the middle of the night instead of responding, though I assume there is an FBI 302 from an interview with the training woman)
  • Given the record thus far, NSA only wrote up that face-to-face complaint the day after and because NSA first saw teasers from the April 2014 Vanity Fair article revealing Snowden’s claim to have talked to “oversight and compliance”
  • In spite of what I agree was a very extensive (albeit frantic and limited in terms of the definition of “concern”) search, NSA did not — and had not, until our story — revealed that second contact, even though it was written up specifically in response to claims made in the press and well before the May 29 release of Snowden’s email
  • In the wake of NSA not having acknowledged that second contact, a senior NSA official wrote Admiral Rogers a fairly remarkable apology and (as I’ll show in a follow-up post) the NSA is now moving the goal posts on whom they claim Snowden may have talked to

Now, I actually don’t know what happened in that face-to-face contact. We asked both sides of the exchange very specific questions about it, and both sides then declined to do anything but release a canned statement (the NSA had said they would cooperate before they saw the questions). Some would say, so what? Snowden was complaining about training programs! Training programs, admittedly, that related to other documents Snowden leaked. And at least one training program, as it turns out, that the NSA IG had been pushing Compliance to fix for months, which might explain why they don’t want to answer any questions. But nevertheless “just” training programs.

I happen to care about the fact that NSA seems to have a pattern of providing, at best, very vague information about how seriously NSA has to take FISA (or, in the one program we have in its entirety, perfectly legal tips about how to bypass FISA rules), but I get that people see this as just a training issue.

I also happen to care about the fact that when Snowden asked what NSA would like to portray as a very simple question — does what would be FISA take precedence over what would be EO 12333 — it took 7 people who had been developing that training program to decide who and how to answer him. That question should be easier to answer than that (and the emailed discussion(s) about who and how to answer were among the things conspicuously withheld from this FOIA).

But yes, this is just two questions about training raised at a time (we noted in the story) when he was already on his way out the door with NSA’s secrets.

Which is, I guess, why the balance of Cordero’s post takes what I find a really curious turn.

If this is all there is – a conversation and a question  – then to believe that somehow NSA attorneys and compliance officials were supposed to divine that he was so distraught by his NSA training modules that he was going to steal the largest collection of classified documents in NSA history and facilitate their worldwide public release, is to live in a fantasy land.

No, what this new report reveals is that NSA lawyers and compliance personnel take questions, and answer them. Did they provide a simple bureaucratic response when they could or should have dug deeper? Maybe. Maybe not.

Because what they apparently do not do is go on a witch hunt of every employee who asks a couple legal questions. How effective do we think compliance and training would be, if every person who asks a question or two is then subject to intense follow-up and scrutiny? Would an atmosphere like that support a training environment, or chill it?

[snip]

NSA is an organization, and a workforce, doggedly devoted to mission, and to process. In the case of Snowden, there is an argument (one I’ve made before) that its technical security and counterintelligence function failed. But to allude – as today’s report does – that a couple questions from a low level staffer should have rung all sorts of warning bells in the compliance and legal offices, is to suggest that an organization like NSA can no longer place trust in its workforce. I’d wager that the reason the NSA lawyers and compliance officials didn’t respond more vigorously to his whispered inquiries, is because they never, in their wildest dreams, believed that a coworker would violate that trust.

Cordero turns a question about whether Snowden ever complained into a question about why the NSA didn’t notice he was about to walk off with the family jewels because he complained about two training programs.

There are two reasons I find this utterly bizarre. First, NSA’s training programs suck. It’s not just me, based on review of the few released training documents, saying it (though I did work for a number of years in training), it’s also NSA’s IG saying the 702 courses, and related materials, are factually wrong or don’t address critical concepts. Even the person who was most negative towards Snowden in all the emails, the Chief of SID Strategic Communications Team, revealed that lots of people complain about the 702 test (as is also evident from the training woman’s assertion they have canned answers for such complaints).

Complaints about fairness/trick questions are something that I saw junior analysts in NTOC … would pose — these were all his age and positional peers: young enlisted Troops, interns, and new hires. Nobody that has taken this test several times, or worked on things [redacted] for more than a couple of years would make such complaints. It is not a gentleman’s course. *I* failed it once, the first time I had to renew.

I’m all for rigorous testing, but all the anecdotes about complaints about this test may suggest the problem is in the test, not the test-takers. It’s not just that — as Cordero suggested — going on a witch hunt every time someone complains about training courses would chill the training environment (of a whole bunch of people, from the sounds of things). It’s that at precisely the moment Snowden took this training it was clear someone needed to fix NSA’s training, and Cordero’s response to learning that is to wonder why someone didn’t launch a CI investigation.

Which leads me to the other point. As Cordero notes, this is not the first time she has treated the Snowden story as one primarily about bad security. I happen to agree with her about NSA’s embarrassing security: the fact that Snowden could walk away with so much utterly damns NSA’s security practices (and with this article we learn that, contrary to repeated assertions by the government, he was in an analytical role, though we’ve already learned that techs are actually the ones with unaudited access to raw data).

But here’s the thing: you cannot, as Cordero does, say that the “foreign intelligence collection activities [are] done with detailed oversight and lots of accountability” if it is, at the same time, possible for a SysAdmin to walk away with the family jewels, including raw data on targets. If Snowden could take all this data, then so can someone maliciously spying on Americans — it’s just that that person wouldn’t go to the press to report on it and so it can continue unabated. In fact, in addition to rolling out more whistleblower protections in the wake of Snowden, NSA has made some necessary changes (such as not permitting individual techs to have unaudited access to raw data anymore, which appears to have been used, at times, as a workaround for data access limits under FISA), even while ratcheting up the insider threat program that will, as Cordero suggested, chill certain useful activities. One might ask why the IC moved so quickly to insider threat programs rather than just implementing sound technical controls.

Carrie Cordero’s lesson, aside from grading the participants in this email scrum with across-the-board As, is that Snowden complaining about the same training programs the IG was also complaining about should have been a counterintelligence issue but wasn’t because of the great trust at NSA. That argument, taken in tandem with Cordero’s vouching for NSA’s employees, should not, itself, inspire trust.

You Can Get Clearance If You Always Believed in the Fourth Amendment, But Not if You’re a Fourth Amendment Convert

Screen Shot 2016-05-14 at 8.43.08 PMOn Thursday night at 11PM, in advance of an Oversight and Government Reform hearing scheduled at 9AM Friday, James Clapper’s office rolled out a new policy integrating the use of social media in security clearance reviews. Basically, the government can use public social media in making security clearance determinations, but can’t ask for your password, friend you to collect information, or access your non-public social media activity. They additionally claim, implausibly, they won’t keep anything unnecessary to make such determinations.

Even taking those caveats in good faith, the policy should not be regarded as a risk-free policy, because government bureaucrats don’t have a perfect record with attribution (something National Counterintelligence Director William Evanina admitted in the hearing) and they have a still worse one with irony. Plus, the history of FBI prosecutions of alleged terrorists for RTs suggests they will read certain actions in social media with a certain kind of intent that may not be true.

Worse, Evanina said two ridiculous things in the hearing that raises real questions about the policy and his ability to implement it fairly.

First, Thomas Massie asked Evanina whether political views would be considered. Massie, after having noted the committee notes suggested a social media search might have identified Snowden as a potential threat (Snowden did spend time online before his classified career, but nothing would have obviously flagged him), also noted their similar political contribution histories. “Do you take into account political support when you’re doing background research on social media?” After Evanina explained the background check would not review that, Massie asked specifically about whether a person supported a candidate who was strong on the Fourth Amendment.”Your belief in Fourth Amendment would not have any predication on whether you could hold or maintain a security clearance,” Evanina replied in response.

Breaking! You can believe in the Fourth Amendment and get a security clearance. 

Only, that’s not true if you’re a convert to the Fourth Amendment (as Snowden arguably was, given his online comments).

Barely mentioned at the hearing were the guidelines the Intelligence Authorization had laid out for this policy, which I wrote about here and here.

(C) publicly available information, whether electronic, printed, or other form, including relevant security or counterintelligence information about the covered individual or information that may suggest ill intent, vulnerability to blackmail, compulsive behavior, allegiance to another country, change in ideology, or that the covered individual lacks good judgment, reliability, or trustworthiness; [my emphasis]

One thing Congress explicitly wanted to measure was “change in ideology” (I believe this was always included in security clearance determinations, but it has a much different impact if one is reviewing everyone’s candid thoughts), the kind of thing when someone who once railed against leakers in public comments goes on to question whether surveillance has gotten out of hand, as Snowden did.

Or as a lot of other people did, when they considered the impact of their dragnets.

The other ridiculous thing Evanina said came in response to Ted Lieu’s concerns about the number of Asian Americans charged with spying charges that later collapsed (something that Judy Chu has also been hitting on). Lieu also mentioned that since the public reports of spying cases collapsing, he has heard from some people who believe they were denied security clearances because of their (presumably Chinese-American) ethnicity.

So Lieu asked Evanina if that’s ever a consideration.

Evanina not only claimed that it is not a consideration (in spite of the case of the man who was denied clearance because of the USAID-tied organization his wife worked for), but he offered up that in his 19 years at FBI, they had also never used ethnicity as a reason for investigation.

There’s one ginormous problem with that claim (which was sworn).

Evanina was at FBI when, in 2008, they changed the Domestic Investigations and Operations Guide (as noted above) to permit consideration of First Amendment protected activities, including religion, among the things FBI Agents may take into account during an investigation.

FBI employees may take appropriate cognizance of the role religion may play in the membership or motivation of a criminal or terrorism enterprise. If, for example, affiliation with a certain religious institution or a specific religious sect is a known requirement for inclusion in a violent organization that is the subject of an investigation, then whether a person of interest is a member of that institution or sect is a rational and permissible consideration. Similarly, if investigative experience and reliable intelligence reveal that members of a terrorist or criminal organization are known to commonly possess or exhibit a combination of religion-based characteristics or practices (e.g., group leaders state that acts of terrorism are based in religious doctrine), it is rational and lawful to consider such a combination in gathering intelligence about the group-even if any one of these, by itself, would constitute an impermissible consideration.

Worse, Evanina served in a policy role when, in 2011, they reinforced this permission in that year’s DIOG.

Admittedly, religion is not the same thing as ethnicity. But for a number of ethnicities, including Chinese and Muslim Arabs, religion can stand in for a kind of ethnicity.

It may be that Evanina was foolish enough to raise his FBI experience, which might be entirely unrelated to the practice of security clearance evaluations. But he did. And that raised some really good reasons (on top of the known record and explicit direction from Congress about what this social media approach should entail) to doubt his assurances to the committee about civil liberties problems with this policy.

I get that it makes sense to review someone’s social media to see if they can keep a secret. But it is also the case that the IC generally, the FBI in particular, and Evanina personally, are not credible on this point.

The Intelligence Community Casts Its Vote for Hillary Clinton

Since Donald Trump all-but sealed the nomination the other day, there has been a bit of a tizzy because he’ll receive intelligence briefing(s). Several spooks and former spooks complained to the Daily Beast that Trump might run his mouth and let something slip.

And that prospect has some spies sweating. Trump, who can’t seem to dam his stream of consciousness on Twitter, and who has lately taken to spreading rumors and conspiracy theories on national television, has never been privy to national secrets. Nor has he ever demonstrated that he’s capable of keeping them.

“My concern with Trump will be that he inadvertently leaks, because as he speaks extemporaneously, he’ll pull something out of his hat that he heard in a briefing and say it,” said a former senior U.S. intelligence official who has participated in the process of briefing presidential candidates.

[snip]

“It’s not an unreasonable concern that he’ll talk publicly about what’s supposed to stay in that room,” said another former senior intelligence official.

A currently serving U.S. official echoed some of those anxieties and wondered whether Trump would respect the discretion of the briefing and not use it to his advantage on the campaign trail.

The DB piece admits that Hillary is under investigation for mishandling classified information, with her presumptive National Security Advisor Jake Sullivan among the staffers who forwarded emails the CIA claims (dubiously) to be super secret (curiously, this flurry of Trump briefing stories came on the same date the FBI was leaking to CNN that thus far they’ve got nothing against Hillary). It doesn’t mention that Leon Panetta, who leaked classified information for political gain, is also among Hillary’s advisors.

WaPo’s Greg Miller airs more concerns from the spooks, including that intelligence briefers would be uncomfortable briefing people who have close business ties to rivals or adversaries, not to mention people who espouse torture.

Analysts selected for such assignments tend to be among the most polished and experienced in the intelligence community. “They are going to be very professional,” Peritz said, but Trump poses unique complications. “He has all kinds of relationships with Chinese investors and Russian investors. He’s spoken very highly of our adversaries. And he’s talked about using torture and waterboarding and attacking people’s families. All these things are going through the analysts’ minds.”

Huh? The CIA doesn’t have anyone left over who briefed Dick Cheney? Because those guys surely knew he talked about torture and waterboarding! Or how about the folks who briefed Obama before someone killed Anwar al-Awlaki’s teenage son? And if Hillary, with all her ties to Clinton Global Initiatives people, can be briefed, I’m not sure why Trump can’t, with his business ties. It’s not as if the Russians and Chinese haven’t already stolen the secrets that Trump would get.

Look. Michele Bachmann served on the House Intelligence Committee for four years. She’s every bit as unpredictable as Donald Trump. And aside from that time she claimed that jihadis had already tried to penetrate 6 of the 15 Pakistani nuclear sites that were vulnerable — a detail that had already been reported to the press — she never ran her mouth more than, say, Marco Rubio when he leaked details about the implementation of USA Freedom Act earlier this year.

The point is, all this Sturm und Drang about Trump getting intelligence briefings ignores all the other leakage that already goes on by people the Intelligence Community doesn’t seem worried about briefing. All the more so given what Charlie Savage notes — that this is just one limited briefing; Trump won’t get to learn the good stuff until after he wins the Presidency.

Michael J. Morell, a former deputy C.I.A. director, who regularly briefed Mr. Obama before retiring in 2013, said the postconvention nominee briefing would last several hours. The idea is to “get them to understand that they have now stepped into a bigger world” in which foreign allies, adversaries, and neutral parties are paying close attention to whatever they say, and that their words may have broad consequences, he said.

Michael E. Leiter, a former director of the National Counterterrorism Center, provided the terrorism portion of the briefing that Mr. Obama received after he became the Democratic nominee in 2008. Mr. Leiter said the post-convention briefings lay out a significant amount of important and sensitive information.

“You are not trying to give them a tactical update on the issues of the day, but to lay out the full panoply of issues that they are going to face; the good, the bad, and the ugly of what the world looks like and what implications there may be going forward,” he said.

Both former officials said that the postconvention briefing for nominees would contain top secret information, but not a discussion of the sources and methods used to gather it, or any description of covert operations.

Raising the specter of classified information is nice. But this seems to be more a statement of preference for Hillary Clinton, and a continuation of the status quo, with all its questionable aggression, than a case against Trump, no matter how bad his foreign policy would be (though his domestic policy against minorities would be worse than his foreign policy). The spooks want Hillary and a continuation of their current plans.

Plus, all this whining ignores something else.

Although the Executive does so by very broadly interpreting the relevant precedents, for decades, Presidents have claimed — and the Intelligence Community has backed that claim fully — that they have unlimited discretion to classify or declassify information. The idea is that if some guy can get elected, he can decide what counts as classified in this country.

If that would be a problem with Trump, then maybe now is the time to start thinking about codifying some limits to giving popularly elected Presidents unfettered discretion to play with classified information? I, frankly, don’t want Hillary to have that authority either (or any President!). You never know when someone is going to leak an officer’s identity just for political gain, after all.

But the IC has for decades agreed with a system in which the President has complete, arbitrary control over what counts as classified. That’s the underlying problem. Not that Donald Trump might get a single intelligence briefing.

The IC Can’t Even Decide What Is Classified in Hillary’s Emails But They’re Attempting To Do Same on the Internet

Yesterday, Steven Aftergood noted that, rather than prosecute leakers, the Intelligence Community is instead taking administrative measures against people who leak information. We’ve know they were moving in that direction for some time (largely through Aftergood’s efforts). But he posts now de-classified testimony obtained via FOIA that Bob Litt gave in 2012 explaining the change.

“This Administration has been historically active in pursuing prosecution of leakers, and the Intelligence Community fully supports this effort,” said ODNI General Counsel Robert S. Litt in testimony from a closed hearing of the Senate Intelligence Committee in 2012 that was released last week in response to a Freedom of Information Act request.

But, he said, “prosecution of unauthorized disclosure cases is often beset with complications, including difficult problems of identifying the leaker, the potential for confirming or revealing even more classified information in a public trial, and graymail by the defense.”

Therefore, Mr. Litt said, in 2011 Director of National Intelligence James Clapper ordered intelligence agencies “to pursue administrative investigations and sanctions against identified leakers wherever appropriate. Pursuant to this DNI directive, individual agencies are instructed to identify those leak incidents that are ripe for an administrative disposition….”

As Aftergood notes, such measures sure didn’t dissuade Edward Snowden.

There are two more interesting details of note in the testimony Aftergood liberated. First, Litt provides a somewhat redacted assessment of whether IC elements have the ability to audit employee activities on their networks. Most members of the IC has some audit and monitoring in place. Whereas some are what Litt describes as “robust,” he admitted that “other agencies have less mature programs, but some ability to track employee online activity.”

I do hope for Litt’s sake he didn’t tell SSCI, a year before Snowden’s leaks, that the NSA was among the agencies with robust systems, because they ended up having no ability to track what he took, much less see him taking huge amounts of data in real time.

Perhaps most interesting, though, is Litt’s reference to the development of “automated systems … that will assist in identifying classified information published on the Internet.” By Litt’s testimony on February 9, 2012, an IC study had “concluded that it would be beneficial and feasible for ONCIX/S to implement a centralized and automated capability to identify potential unauthorized disclosures of classified information published electronically on the Internet.” The IC was looking for funding to develop a pilot program to do just that in 2012.

The example of Hillary’s email is testament to one of many problems with such a plan. Various intelligence agencies accused her aides of sharing classified information. But in at least some cases, the same information was available via open source (not to mention that it’s easy to suss out what the IC thinks its biggest secrets are).

So the IC will be scanning the Internet for stuff they think is theirs. But short of tracking classification markings, this will necessarily involved scanning for either known leaked information (so imagine them currently tracking everyone discussing a document Snowden leaked, anywhere in the world), or scanning for information that looks to have the particular syntax (heh) of an intelligence report.

There are a range of problems I can imagine that would result.

But that likely won’t stop the IC from trying to hold their glut of classified information inside their fences, or to hunt down people who seem to understand the same things the IC knows, in case that person can be caught talking to some person the IC would also like to enclose behind that fence.

In Exchange about Clinton Email Investigation, Lynch Forcefully Reminds She Is FBI’s Boss

There’s one last exchange in Wednesday’s Senate Judiciary Committee hearing with Attorney General Loretta Lynch that deserves closer focus. It came during John Cornyn’s round of questioning.

He structured his questions quite interestingly. He started by using the example of the Apple All Writs Act order to emphasize that FBI can’t do anything without DOJ’s approval and involvement. “I just want to make sure people understand the respective roles of different agencies within the law enforcement community — the FBI and the DOJ.”

He then turned to an unrelated subject — mental health, particularly as it relates to gun crime — ending that topic with a hope he and Lynch could work together.

Then he came back to the respective roles of the FBI and DOJ. “So let me get back to the role of the FBI and the Department of Justice.”

He did so in the context of Hillary’s email scandal. He started by reminding that Hillary had deleted 30,000 emails rather than turning them over to State for FOIA review. Cornyn then raised reports that the government had offered Bryan Pagliano immunity (Chuck Grassley argued elsewhere in the hearing that that should make it easy for Congress to demand his testimony, as the WSJ has also argued). “It’s true, isn’t it, that immunity can’t be granted by the FBI alone, it requires the Department of Justice to approve that immunity.”

Lynch filibustered, talking about different types of immunities, ultimately ceding that lawyers must be involved. She refused to answer a question directly about whether they had approved that grant of immunity. Which is when Cornyn moved onto trying to get the Attorney General to admit that she would have the final decision on whether to charge anyone in the email scandal.

Cornyn: Let me give you a hypothetical. If the FBI were to make a referral to the Department of Justice to pursue a case by way of an indictment and to convene a grand jury for that purpose, the Department of Justice is not required to do so by law, are they?

Lynch: It would not be an operation of law, it would be an operation of our procedures, which is we work closely with our law enforcement partners–

Cornyn: Prosecutorial discretion–

Lynch: –it would also be consulting with the Agents on all relevant factors of the investigation, and coming to a conclusion.

Cornyn: But you would have to make to the decision, or someone else working under you in the Department of Justice?

Lynch: It’s done in conjunction with the Agents. It’s not something that we would want to cut them out of the process. That has not been an effective way of prosecuting in my experience.

Cornyn: Yeah, I’m not suggesting that you would cut them out. I’m just saying, as you said earlier, you and the FBI would do that together, correct? Just like the Apple case?

Lynch: We handle matters together of all types.

Cornyn: If the FBI were to make a referral to the Department of Justice to pursue criminal charges against Mr. Pagliano or anyone else who may have been involved in this affair, does the ultimate decision whether to proceed to court, to ask for the convening of a grand jury, and to seek an indictment, does that rest with you, or someone who works for you at the Department of Justice?

Lynch: So Senator with respect to Mr. Pagliani [sic] or anyone who has been identified as a potential witness in any case, I’m not able to comment on the specifics of that matter and so I’m not able to provide you–

Cornyn: I’m not asking you to comment on the specifics of the matter, I’m asking about what the standard operating procedure is, and it seems pretty straightforward. The FBI does a criminal investigation, but then refers the charges to the Department of Justice, including US Attorneys, perhaps in more celebrated cases goes higher up the food chain. But my simple question is doesn’t the buck stop with you, in terms of whether to proceed, to seek an indictment, to convene a grand jury, and to prosecute a case referred to you by the FBI?

Lynch: There’s many levels of review, at many stages of the case, and so I would not necessarily be involved in every decision as to every prosecutorial step to make.

Cornyn: It would be you or somebody who works for you, correct?

Lynch: Everyone in the Department of Justice works for me, including the FBI, sir.

Cornyn: I’m confident of that.

Grassley: Senator Schumer.

Schumer: Well done, Attorney General, well done.

I’m not entirely sure what to make of this: whether Cornyn was setting this up for the future, or whether he was trying to lay out Lynch’s responsibility for a decision already made. But given the reports that FBI Agents think someone should be charged (whether because of the evidence or because Hillary is Hillary), it sure felt like Cornyn was trying to pressure Lynch for her role in decisions already discussed. Indeed, I wonder whether Cornyn was responding to direct entreaties from someone at the FBI, possibly quite high up at the FBI, about Lynch’s role in this case.

Whatever he was trying to do, it may lead to some folks in the FBI getting a stern talking to from their boss, Loretta Lynch.

FBI Can’t Have Whistleblower Protection Because It Would Encourage Too Many Complaints

The Department of Justice is undercutting Chuck Grassley’s efforts to provide FBI employees whistleblower protection. That became clear in an exchange (2:42) on Wednesday.

The exchange disclosed two objections DOJ has raised to Grassley’s FBI Whistleblower Protect Act. First, as Attorney General Loretta Lynch revealed, DOJ is worried that permitting FBI Agents to report crimes or waste through their chain of command would risk exposing intelligence programs.

What I would say is that as we work through this issue, please know that, again, any concerns that the Department raises are not out of a disagreement with the point of view of the protection of whistleblowers but again, just making sure that the FBI’s intelligence are also protected at the same time.

I suspect (though am looking for guidance) that the problem may be that the bill permits whistleblowers to go to any member of Congress, rather than just ones on the Intelligence Committees. It’s also possible that DOJ worries whistleblowers will be able to go to someone senior to them, but not read into a given program.

Still, coming from an agency that doesn’t adequately report things like its National Security Letter usage to Congress, which has changed its reporting to the Intelligence Oversight Board so as to exempt more activities, and can’t even count its usage of other intelligence programs, it seems like a tremendous problem that DOJ doesn’t want FBI whistleblowers to have protection because it might expose what FBI is doing on intelligence.

That’s sort of the point!

Especially given Grassley’s other point: apparently, DOJ is opposed to the bill because it will elicit too many complaints.

One of the issues that your department has raised is that allowing FBI employees to report wrong-doing to their chain of command could lead to too many complaints. You know? What’s wrong with too many complaints? … Seems to me you’d invite every wrong doing to get reported to somebody so it could get corrected.

Apparently, DOJ knows there are so many problems FBI employees would like to complain about that things would grind to a halt if they were actually permitted to complain.

This is the FBI! Not only a bureau that has tremendous power over people, but also one with a well-documented history of abuse. It should be the first entity that has whistleblower protection, not the last!

Grassley raised two more points. First, in April 2014, DOJ promised to issue new guidelines on whistleblowing for FBI, clarifying who employees could go to. That hasn’t been done yet.

FBI has, however, created a video about whistleblowing which is, according to what Grassley said, pretty crappy. He’s asking for both those things as well.

1 2 3 25