Carter Page Believed James Wolfe Was Ellen Nakashima’s Source Disclosing His FISA Application Less than a Month After the Story

/15 Comments/in , /by

According to the Statement of Offense to which James Wolfe — the former Senate Intelligence Committee security official convicted of lying about his contacts with journalists — allocuted, Carter Page suspected Wolfe was the source for Ellen Nakashima’s story revealing Page had been targeted with a FISA order. When the former Trump campaign staffer wrote Nakashima to complain about the story less than four weeks after Washington Post published it, Page BCCed Wolfe. [Nakashima is Reporter #1 and Ali Watkins is Reporter #2.]

On May 8, 2017, MALE-1 emailed REPORTER #1 complaining about REPORTER #1’s reporting of him (MALE-1). According to the metadata recovered during the search of Wolfe’s email, Wolfe was blind-copied on that email by MALE-1.

That unexplained detail is important — albeit mystifying — background to two recent stories on leak investigations.

First, as reported last month, Nakashima was one of three journalists whose call records DOJ obtained last year.

The Trump Justice Department secretly obtained Washington Post journalists’ phone records and tried to obtain their email records over reporting they did in the early months of the Trump administration on Russia’s role in the 2016 election, according to government letters and officials.

In three separate letters dated May 3 and addressed to Post reporters Ellen Nakashima and Greg Miller, and former Post reporter Adam Entous, the Justice Department wrote they were “hereby notified that pursuant to legal process the United States Department of Justice received toll records associated with the following telephone numbers for the period from April 15, 2017 to July 31, 2017.” The letters listed work, home or cellphone numbers covering that three-and-a-half-month period.

The scope of the records obtained on the WaPo journalists last year started four days after the Page story, so while some May 11, 2017 emails between Nakashima and Wolfe would have been included in what got seized last year, any contacts prior to the FISA story would not have. And the public details on the prosecution of Wolfe show no sign that Nakashima’s records were obtained in that investigation (those of Ali Watkins, whom Wolfe was in a relationship, however, were). Indeed, the sentencing memo went out of its way to note that DOJ had not obtained deleted Signal texts from any journalists. “The government did not recover or otherwise obtain from any reporters’ communications devices or related records the content of any of these communications.”

That said, Nakashima’s reporting was targeted in two different leak investigations, covering sequential periods, three years apart.

It’s not clear how quickly the Page investigation focused on Wolfe. But it may have outside help. A CBP Agent unconnected to the FBI investigation grilled Watkins on her ties with Wolfe in June 2017.

The Sentencing Memorandum on Wolfe suggests the FBI came to focus on him — and excused their focus — after having learned of his affair with Watkins. They informed Richard Burr and Mark Warner, and obtained the first of several warrants to access his phone.

At the time the classified national security information about the FISA surveillance was published in the national media, defendant James A. Wolfe was the Director of Security for the SSCI. He was charged with safeguarding information furnished to the SSCI from throughout the United States Intelligence Community (“USIC”) to facilitate the SSCI’s critical oversight function. During the course of the investigation, the FBI learned that Wolfe had been involved in the logistical process for transporting the FISA materials from the Department of Justice for review at the SSCI. The FBI also discovered that Wolfe had been involved in a relationship with a reporter (referred to as REPORTER #2 in the Indictment and herein) that began as early as 2013, when REPORTER #2, then a college intern, published a series of articles containing highly sensitive U.S. government information. Between 2014 and 2017, Wolfe and REPORTER #2 exchanged tens of thousands of telephone calls and electronic messages. Also during this period, REPORTER #2 published dozens of news articles on national security matters that contained sensitive information related to the SSCI.

Upon realizing that Wolfe was engaged in conduct that appeared to the FBI to compromise his ability to fulfill his duties with respect to the handling of Executive Branch classified national security information as SSCI’s Director of Security, the FBI faced a dilemma. The FBI needed to conduct further investigation to determine whether Wolfe had disseminated classified information that had been entrusted to him over the past three decades in his role as SSCI Director of Security. To do that, the FBI would need more time to continue their investigation covertly. Typically, upon learning that an Executive Branch employee and Top Secret clearance holder had potentially been compromised in place – such as by engaging in a clandestine affair with a national security reporter – the FBI would routinely provide a “duty-to-warn” notification to the relevant USIC equity holder in order to allow the intelligence agencies to take mitigation measures to protect their national security equities. Here, given the sensitive separation of powers issue and the fact that the FISA was an FBI classified equity, the FBI determined that it would first conduct substantial additional investigation and monitoring of Wolfe’s activities. The FBI’s executive leadership also took the extraordinary mitigating step of limiting its initial notification of investigative findings to the ranking U.S. Senators who occupy the Chair and Vice Chair of the SSCI.2

The FBI obtained court authority to conduct a delayed-notice search warrant pursuant to 18 U.S.C. § 3103a(b), which allowed the FBI to image Wolfe’s smartphone in October 2017. This was conducted while Wolfe was in a meeting with the FBI in his role as SSCI Director of Security, ostensibly to discuss the FBI’s leak investigation of the classified FISA material that had been shared with the SSCI. That search uncovered additional evidence of Wolfe’s communications with REPORTER #2, but it did not yet reveal his encrypted communications with other reporters.

This process — as described by Jocelyn Ballantine and Tejpal Chawla, prosecutors involved in some of the other controversial subpoenas disclosed in the last month — is a useful lesson of how the government proceeded in a case that likely overlapped with the investigation into HPSCI that ended up seizing Swalwell and Schiff’s records. Given that Swalwell was targeted by a Chinese spy, it also suggests one excuse they may have used to obtain the records: by claiming it was a potential compromise.

Still, by the time FBI first informed Wolfe of the investigation, in October 2017, they had obtained his cell phone content showing that he was chatting up other journalists, in addition to Watkins — and indeed, he continued to share information on Page. By the time the FBI got Wolfe to perjure himself on a questionnaire about contacts with journalists in December 2017, they had presumably already searched Watkins’ emails going back years. Wolfe was removed from his position and stripped of clearance, making his indictment six months later only a matter of time.

All that said, the government never proved that Wolfe was the source for Nakashima. And Ballantine’s subpoena for HPSCI contacts, weeks later after FBI searched Wolfe’s phone, may have reflected a renewed attempt to pin the leak on someone, anyone (though it’s not clear whether investigators looked further than Congress, or even to Paul Ryan, who has been suspected of tipping Page off.

If the James Wolfe investigation reflects how they might have approached the HPSCI side, there’s one other alarming detail of this: The FBI alerted someone in Congress of the search, the Chair and Ranking Member of the Committee. But in HPSCI’s case, Schiff was the Ranking Member. Meaning it’s possible that, by targeting on Schiff, FBI gave itself a way to consult only with the Republican Chair of the Committee.

James Wolfe (and the investigation of Natalie Sours Edwards, who was sentenced to six months in prison last week) are an important lesson in leak investigations that serves as important background for Joe Biden’s promise that reporters won’t be targeted anymore. The way you conduct a leak investigation in this day and age is to seize the source’s phone, in part because that’s the only way to obtain Signal texts.

Timeline

March 2017: Exec Branch provides SSCI “the Classified Document,” which includes both Secret and Top Secret information, with details pertaining to Page classified as Secret.

March 2, 2017: James Comey briefs HPSCI on counterintelligence investigations, with a briefing to SSCI at almost the same time.

March 17, 2017: 82 text messages between Wolfe and Watkins.

April 3, 2017: Watkins confirms that Carter Page is Male-1.

April 11, 2017: WaPo reports FBI obtained FISA order on Carter Page.

June 2017: End date of five communications with Reporter #1 via Wolfe’s SSCI email.

June 2017: Using pretext of serving as a source, CBP agent Jeffrey Rambo grills Watkins about her travel with Wolfe.

October 2017: Wolfe offers up to be anonymous source for Reporter #4 on Signal.

October 16, 2017: Wolfe Signals Reporter #3 about Page’s subpoena.

October 17, 2017: NBC reports Carter Page subpoena.

October 24, 2017: Wolfe informs Reporter #3 of timing of Page’s testimony.

October 30, 2017: FBI informs James Wolfe of investigation.

November 15, 2017: 90 days before DOJ informs Ali Watkins they’ve seized her call records.

December 14, 2017: FBI approaches Watkins about Wolfe.

Prior to December 15, 2017 interview: Wolfe writes text message to Watkins about his support for her career.

December 15, 2017: FBI interviews Wolfe.

January 11, 2018: Second interview with Wolfe, after which FBI executes a Rule 41 warrant on his phone, discovering deleted Signal texts with other journalists.

February 6, 2018: Subpoena targeting Adam Schiff and others.

February 13, 2018: DOJ informs Watkins they’ve seized her call records.

June 6, 2018: Senate votes to make official records available to DOJ.

That the Chairman and Vice Chairman of the Senate Select Committee on Intelligence, acting jointly, are authorized to provide to the United States Department of Justice copies of Committee records sought in connection with a pending investigation arising out of allegations of the unauthorized disclosure of information, except concerning matters for which a privilege should be asserted.

June 7, 2018: Grand jury indicts Wolfe.

June 7, 2018: Richard Burr and Mark Warner release a statement:

We are troubled to hear of the charges filed against a former member of the Committee staff. While the charges do not appear to include anything related to the mishandling of classified information, the Committee takes this matter extremely seriously. We were made aware of the investigation late last year, and have fully cooperated with the Federal Bureau of Investigation and the Department of Justice since then. Working through Senate Legal Counsel, and as noted in a Senate Resolution, the Committee has made certain official records available to the Justice Department.

June 13, 2018: Wolfe arraigned in DC. His lawyers move to prohibit claims he leaked classified information.

Some Perspective on the Politicized Leak Investigation Targeting Adam Schiff

/27 Comments/in , , /by

The NYT reported the other day that DOJ obtained phone records of Adam Schiff, Eric Swalwell, and a bunch of House Intelligence Committee staffers in the guise of what it reports is a leak investigation (though given the specific form of Bill Barr’s prevarications about his knowledge, may have been repackaged as something else when the investigation was resuscitated in 2020).

Prosecutors subpoenaed Apple for data from the accounts of at least two Democrats on the House Intelligence Committee, aides and family members. One was a minor.

All told, the records of at least a dozen people tied to the committee were seized in 2017 and early 2018, including those of Representative Adam B. Schiff of California, then the panel’s top Democrat and now its chairman, according to committee officials and two other people briefed on the inquiry. Representative Eric Swalwell of California said in an interview Thursday night that he had also been notified that his data had subpoenaed.

Prosecutors, under the beleaguered attorney general, Jeff Sessions, were hunting for the sources behind news media reports about contacts between Trump associates and Russia. Ultimately, the data and other evidence did not tie the committee to the leaks, and investigators debated whether they had hit a dead end and some even discussed closing the inquiry.

But William P. Barr revived languishing leak investigations after he became attorney general a year later. He moved a trusted prosecutor from New Jersey with little relevant experience to the main Justice Department to work on the Schiff-related case and about a half-dozen others, according to three people with knowledge of his work who did not want to be identified discussing federal investigations.

The initial collection and especially the subsequent treatment were clearly politicized — and more importantly, stupid, from an investigative standpoint. But, especially because this involves Adam Schiff, some exactitude about what went on really is required.

This is not spying

First, this is not “spying.” If the use of informants to investigate members of the Trump campaign and Hillary Clinton’s Foundation during a political campaign is not spying, if the use of a lawful FISA to conduct both physical and electronic surveillance on recently departed campaign volunteer Carter Page is not spying — and Adam Schiff said they were not, and I agree — then neither is the use of a subpoena to collect the phone records of Democrats who had knowledge of information that subsequently leaked in a fully predicated (and very serious) leak investigation.

This is “just” metadata

According to all reports, the government obtained the iPhone metadata records of 73 phone numbers and 36 email addresses. Apple suggests other tech companies probably got subpoenas, too, which means that some of those email addresses probably weren’t Apple emails.

But it was — as Adam Schiff said many times when defending a program that aspired to collect “all” the phone records in the United States — “just” metadata.

I don’t mean to belittle the impact of that. As I and others argued (against Schiff), metadata is actually profoundly revealing.

But if this is a problem (it is!), then people like Adam Schiff should lead a conversation about whether the standard on collection of metadata — currently, it only needs to be “relevant to” an investigation — is what it should be, as well as the rules imposed on future access to the data once collected prevent abuse.

Apple (and other tech companies) wouldn’t have known this was Adam Schiff

Even people who understand surveillance seem to believe that Apple would have known these requests targeted Adam Schiff in a leak investigation and therefore should have done more to fight it, as if the actual subpoena would be accompanied with an affidavit with shiny flags saying “HPSCI Ranking Member.”

They wouldn’t have. They would have gotten a list of selectors (some of which, by its description, it probably did not service), a description of the crime being investigated (a leak), and a gag order. The one thing that should have triggered closer review from Apple was the number of selectors. But apparently it did not, and once Apple complied, the data was swept up into the FBI’s servers where it presumably remains.

The subpoena was overly broad and not tailored to limit damage to Schiff

All that said, there were aspects of the subpoena that suggest it was written without any consideration for limiting the damage to Congressional equities or reasonable investigative targets. Focusing on these details are important because they distinguish what is really problematic about this (and who is to blame). According to reports, the subpoena:

  • Obtained information from a minor, who would have had no access to classified information
  • Included a series of year-long gags
  • Obtained all the toll records from date of creation
  • May have focused exclusively on Democratic members and staffers

It’s conceivable that, after years of investigation, DOJ would have reason to believe someone was laundering leaks through a child. But given how broad this subpoena is, it’s virtually impossible the affidavit included that kind of specific knowledge.

With journalists, DOJ is supposed to use shorter gags–three months. The series of year-long gags suggests that DOJ was trying to hide the existence of these subpoenas not just to hide an investigation, but to delay the political embarrassment of it.

There’s no reason to believe that Adam Schiff leaked a FISA application targeting Carter Page first obtained in 2016 in 2009 (or whenever the Californian lawmaker first set up his Apple account). It’s a physical impossibility. So it is completely unreasonable to imagine that years-old toll records would be “relevant to” a leak investigation predicated off a leak in 2017. Mind you, obtaining all records since the inception of the account is totally normal! It’s what DOJ did, for example, with Antionne Brodnax, a January 6 defendant who got notice of subpoenas served on him, but whose attempt to limit the subpoena failed because those whose records are subpoenaed have no authority to do that. There are two appropriate responses to the unreasonable breadth of this request: both a focus on the failure to use special caution with Congressional targets, but also some discussion about how such broad requests are unreasonable regardless of the target.

Given the number of these selectors, it seems unlikely DOJ did more than ID the people who had access to the leaked information in question. Except if they only obtained selectors for Democrats, it would suggest investigators went into the investigation with the assumption that the leak was political, and that such a political leak would necessarily be partisan. That’s simply not backed by exhibited reality, and if that’s what happened, it should force some scrutiny on who made those assumptions. That’s all the more true given hints that Republicans like Paul Ryan may have tipped Page off that he had been targeted.

These kinds of limiting factors are where the most good can come out of this shit-show, because they would have a real impact and if applied broadly would help not just Schiff.

Barr continued to appoint unqualified prosecutors to do his political dirty work

I think it would be useful to separate the initial records request — after all, the leak of a FISA intercept and the target of a FISA order are virtually unprecedented — from the continued use of the records in 2020, under Billy Barr.

The NYT explains that the initial investigators believed that charges were unlikely, but Barr redoubled efforts in 2020.

As the years wore on, some officials argued in meetings that charges were becoming less realistic, former Justice Department officials said: They lacked strong evidence, and a jury might not care about information reported years earlier.

[snip]

Mr. Barr directed prosecutors to continue investigating, contending that the Justice Department’s National Security Division had allowed the cases to languish, according to three people briefed on the cases. Some cases had nothing to do with leaks about Mr. Trump and involved sensitive national security information, one of the people said. But Mr. Barr’s overall view of leaks led some people in the department to eventually see the inquiries as politically motivated.

[snip]

After the records provided no proof of leaks, prosecutors in the U.S. attorney’s office in Washington discussed ending that piece of their investigation. But Mr. Barr’s decision to bring in an outside prosecutor helped keep the case alive.

[snip]

In February 2020, Mr. Barr placed the prosecutor from New Jersey, Osmar Benvenuto, into the National Security Division. His background was in gang and health care fraud prosecutions.

Barr used this ploy — finding AUSAs who were unqualified to work on a case that others had found no merit to — on at least three different occasions. Every document John Durham’s team submitted in conjunction with the Kevin Clinesmith prosecution, for example, betrayed that investigators running it didn’t understand the scope of the Crossfire Hurricane investigation (and thereby also strongly suggested investigators had no business scrutinizing a counterintelligence investigation at all). The questions that Jeffrey Jensen’s team, appointed by Barr to review the DOJ IG investigation and the John Durham investigation to find conclusions they didn’t draw, asked Bill Barnett betrayed that the gun crimes prosecutors running it didn’t know fuckall about what they were doing (why Barnett answered as he did is another thing, one that DOJ IG should investigate). And now here, he appointed a health care fraud prosecutor to conduct a leak investigation after unbelievably aggressive leak investigators found nothing.

DOJ IG should include all of those investigations in its investigation, because they all reflect Barr’s efforts to force prosecutors to come to conclusions that the evidence did not merit (and because the Jensen investigation, at least, appears to have altered records intentionally).

FBI never deletes evidence

In an attempt to disclaim responsibility for yet more political abuse, Billy Barr issued a very interestingly worded disavowal.

Barr said that while he was attorney general, he was “not aware of any congressman’s records being sought in a leak case.” He added that Trump never encouraged him to zero in on the Democratic lawmakers who reportedly became targets of the former president’s push to unmask leakers of classified information.

There are two parts to this: One, that “while he was attorney general,” Congresspersons’ records were not sought, and two, sought in a leak case. The original subpoena for these records was in February 2018, so not during Barr’s tenure as Attorney General. He doesn’t deny asking for those previously-sought records to be reviewed anew while Attorney General.

But he also limits his disavowal to leak cases. Under Barr’s fervent imagination, however, these investigations may well have morphed into something else, what he may have imagined were political abuse or spying violation cases. DOJ can and often does obtain new legal process for already obtained records (which would be unnecessary anyway for toll records), so it is not outside the realm of possibility that Barr directed his unqualified prosecutor to use those already-seized records to snoop into some other question.

It’s a pity for Adam Schiff that no one in charge of surveillance in Congress imposed better trackability requirements on FBI’s access of its investigative collections.

Both an IG investigation and a Special Counsel are inadequate to this investigation

Lisa Monaco asked Michael Horowitz to investigate this investigation. And that’s fine: he can access the records of the investigation, and the affidavits. He can interview the line prosecutors who were tasked with this investigation.

But he can’t require Barr or Jeff Sessions or any of the other Trump appointees who ordered up this investigation to sit for an interview (he could move quickly and ask John Demers to sit for an interview).

Because of that, a lot of people are asking for a Special Counsel to be appointed. That would be nice, except thus far, there’s no evidence that a crime was committed, so there is no regulatory basis to appoint a Special Counsel. The standard for accessing records is very low, any special treatment accorded journalists or members of Congress are not written into law, and prosecutorial discretion at DOJ is nearly sacrosanct. The scandal is that this may all be entirely legal.

Mind you, there’s good reason to believe there was a crime committed in the Jeffrey Jensen investigation, the same crime (altering documents) that Barr used to predicate the Durham Special Counsel appointment. So maybe people should revisit that?

Luckily, Swalwell and Schiff know some members of Congress who can limit such abuses

If I learned that DOJ engaged in unreasonable surveillance on me [wink], I’d have no recourse, largely because of laws that Adam Schiff has championed for years.

But as it happens, Schiff and Swalwell both know some members of Congress who could pass some laws limiting the ability to do some of the things used against them that affect thousands of Americans investigated by the FBI.

Now that Adam Schiff has discovered, years after we tried to reason with him on this point, that “it’s just metadata” doesn’t fly in this day and age, maybe we can talk about how the FBI should be using metadata given how powerful it has become?

The renewed focus on Schiff’s metadata would have come after Schiff disclosed Nunes’ ties to Rudy Giuliani’s grift

Another factor of timing hasn’t gotten enough attention. In late December, Schiff released the Democrats’ impeachment report. Because Schiff obtained subpoenas (almost certainly targeting Lev Parnas and Rudy Giuliani), he included call records of calls implicating Devin Nunes and his staffer Derek

Over the course of the four days following the April 7 article, phone records show contacts between Mr. Giuliani, Mr. Parnas, Representative Devin Nunes, and Mr. Solomon. Specifically, Mr. Giuliani and Mr. Parnas were in contact with one another, as well as with Mr. Solomon.76 Phone records also show contacts on April 10 between Mr. Giuliani and Rep. Nunes, consisting of three short calls in rapid succession, followed by a text message, and ending with a nearly three minute call.77 Later that same day, Mr. Parnas and Mr. Solomon had a four minute, 39 second call.78

[snip]

On the morning of May 8, Mr. Giuliani called the White House Switchboard and connected for six minutes and 26 seconds with someone at the White House.158 That same day, Mr. Giuliani also connected with Mr. Solomon for almost six minutes, with Mr. Parnas, and with Derek Harvey, a member of Representative Nunes’ staff on the Intelligence Committee.159

69 AT&T Document Production, Bates ATTHPSCI _20190930_00848-ATTHPSCI_20190930_00884. Mr. Parnas also had an aborted call that lasted 5 seconds on April 5, 2019 with an aide to Rep. Devin Nunes on the Intelligence Committee, Derek Harvey. AT&T Document Production, Bates ATTHPSCI_20190930_00876. Call records obtained by the Committees show that Mr. Parnas and Mr. Harvey had connected previously, including a four minute 42 second call on February 1, 2019, a one minute 7 second call on February 4, and a one minute 37 second call on February 7, 2019. AT&T Document Production, Bates ATTHPSCI_20190930_00617, ATTHPSCI_20190930_00630, ATTHPSCI_20190930_00641. As explained later in this Chapter, Rep. Nunes would connect separately by phone on April 10, 11, and 12 with Mr. Parnas and Mr. Giuliani. AT&T Document Production, Bates ATTHPSCI_20190930_00913- ATTHPSCI_20190930_00914; ATTHPSCI_20190930-02125.

76 Specifically, between April 8 and April 11, phone records show the following phone contacts:

  • six calls between Mr. Giuliani and Mr. Parnas (longest duration approximately five minutes), AT&T Document Production, Bates ATTHPSCI_20190930-02115-ATTHPSCI_20190930-02131;
  • four calls between Mr. Giuliani and Mr. Solomon (all on April 8, longest duration approximately one minute, 30 seconds) AT&T Document Production, Bates ATTHPSCI_20190930-02114- ATTHPSCI_20190930-02115;
  • nine calls between Mr. Parnas and Mr. Solomon (longest duration four minutes, 39 seconds) AT&T Document Production, Bates ATTHPSCI_20190930-00885- ATTHPSCI_20190930- 00906; and
  • three calls between Mr. Parnas and Ms. Toensing (longest duration approximately six minutes), AT&T Document Production, Bates ATTHPSCI_20190930-00885- ATTHPSCI_20190930- 00905.

77 AT&T Document Production, Bates ATTHPSCI_20190930-02125, ATTHPSCI_20190930-03236.

78 AT&T Document Production, Bates ATTHPSCI_20190930-00902.

[snip]

158 AT&T Document Production, Bates ATTHPSCI_20190930_02313.

159 AT&T Document Production, Bates ATTHPSCI_20190930_02314; ATTHPSCI_20190930_02316; ATTHPSCI_20190930_02318; ATTHPSCI 20190930 01000.

Because Nunes doesn’t understand how phone records work, he — and most other Republicans in Congress — accused Schiff of subpoenaing the record of his colleagues. That’s not what happened. Instead, Nunes and a key staffer got involved in with Rudy’s efforts to solicit dirt from Russian assets and as a result they showed up in Rudy’s phone records.

But it’s the kind of thing that might lead Barr to intensify his focus on Schiff.

The last section of this was an update.

Snowden

Insurance File: Glenn Greenwald’s Anger Is of More Use to Vladimir Putin than Edward Snowden’s Freedom

/105 Comments/in , , , , /by

Glenn Greenwald risks making his own anger more valuable to Vladimir Putin than Edward Snowden’s freedom.

When WikiLeaks helped Snowden flee Hong Kong eight years ago, both WikiLeaks and Snowden had the explicit goal of using Snowden’s successful flight from prosecution to entice more leakers.

In his book, Snowden described that Sarah Harrison and Julian Assange’s goal in helping him flee Hong Kong was to provide a counterexample to the draconian sentence of Chelsea Manning.

People have long ascribed selfish motives to Assange’s desire to give me aid, but I believe he was genuinely invested in one thing above all—helping me evade capture. That doing so involved tweaking the US government was just a bonus for him, an ancillary benefit, not the goal. It’s true that Assange can be self-interested and vain, moody, and even bullying—after a sharp disagreement just a month after our first, text-based conversation, I never communicated with him again—but he also sincerely conceives of himself as a fighter in a historic battle for the public’s right to know, a battle he will do anything to win. It’s for this reason that I regard it as too reductive to interpret his assistance as merely an instance of scheming or self-promotion. More important to him, I believe, was the opportunity to establish a counterexample to the case of the organization’s most famous source, US Army Private Chelsea Manning, whose thirty-five-year prison sentence was historically unprecedented and a monstrous deterrent to whistleblowers everywhere. Though I never was, and never would be, a source for Assange, my situation gave him a chance to right a wrong. There was nothing he could have done to save Manning, but he seemed, through Sarah, determined to do everything he could to save me. That said, I was initially wary of Sarah’s involvement. But Laura told me that she was serious, competent, and, most important, independent: one of the few at WikiLeaks who dared to openly disagree with Assange. Despite my caution, I was in a difficult position, and as Hemingway once wrote, the way to make people trustworthy is to trust them.

[snip]

It was only once we’d entered Chinese airspace that I realized I wouldn’t be able to get any rest until I asked Sarah this question explicitly: “Why are you helping me?”

She flattened out her voice, as if trying to tamp down her passions, and told me that she wanted me to have a better outcome. She never said better than what outcome or whose, and I could only take that answer as a sign of her discretion and respect.

It’s not just Snowden’s impression, though, that WikiLeaks intended to make an example of him. The superseding indictment against Assange cites several times when Assange invoked WikiLeaks’ role in Snowden’s successful escape to encourage others (including CIA Systems Administrators like Joshua Schulte, who had a ticket to Mexico when the FBI first interviewed him and seized his passports) to go do what Snowden did. British Judge Vanessa Baraitser even included one of those speeches in paragraphs distinguishing what Assange is accused of from legal journalism. And as early as 2017, public reporting said that WikiLeaks’ assistance to Snowden was what changed how DOJ understood WikiLeaks and why it began to consider prosecuting Assange. It wasn’t Trump that led DOJ to stop treating Assange as a journalist, it was Snowden.

According to Snowden’s own words, he shared WikiLeaks’ goal of setting an example to inspire others. In an email that Snowden must have sent Bart Gellman weeks before the exchange between him and Harrison above, Snowden described steps he took to give other leakers (this may be Gellman’s paraphrase), “hope for a happy ending.”

In the Saturday night email, Snowden spelled it out. He had chosen to risk his freedom, he wrote, but he was not resigned to life in prison or worse. He preferred to set an example for “an entire class of potential whistleblowers” who might follow his lead. Ordinary citizens would not take impossible risks. They had to have some hope for a happy ending.

To effect this, I intend to apply for asylum (preferably somewhere with strong internet and press freedoms, e.g. Iceland, though the strength of the reaction will determine how choosy I can be). Given how tightly the U.S. surveils diplomatic outposts (I should know, I used to work in our U.N. spying shop), I cannot risk this until you have already gone to press, as it would immediately tip our hand. It would also be futile without proof of my claims—they’d have me committed—and I have no desire to provide raw source material to a foreign government. Post publication, the source document and cryptographic signature will allow me to immediately substantiate both the truth of my claim and the danger I am in without having to give anything up. . . . Give me the bottom line: when do you expect to go to print?

Citizenfour also quotes Snowden describing how he hoped that proof that his “methods work[]” would encourage others to leak.

If all ends well, perhaps the demonstration that our methods worked will embolden more to come forward.

Snowden’s “methods” don’t work — they certainly haven’t for Daniel Hale, Reality Winner, or Joshua Schulte. But for each, Snowden played at least some role (there is ambiguity about how Schulte really felt about Snowden) in inspiring them to ruin their lives with magical thinking and inadequate operational security.

One of Snowden’s “methods” appears to entail quitting an existing job and then picking another at an Intelligence Community contractor with the intent of obtaining documents to leak. Snowden did this at Booz Allen Hamilton, and his book at least suggests the possibility he did that with his earlier job in Hawaii.

The government justified the draconian sentence that it had negotiated with Winner’s lawyers, in part, by claiming that she premeditated her leak.

Around the same time the defendant took a job with Pluribus requiring a security clearance in February 2017, she was expressing contempt for the United States, mocking compromises of our national security, and making preparations to leak intelligence information

Along with evidence Winner researched The Intercept’s SecureDrop before starting at her new job, the government supported this claim by pointing to three references Winner made to Snowden as or shortly after she started at Pluribus, including texts in which Winner told her sister she was on Assange and Snowden’s side the day the Vault 7 leak was revealed. That was still two months before she took the files she would send to The Intercept.

Had Hale gone to trial, the government would have shown that Hale discussed serving as a source for Jeremy Scahill by May 30, 2013, the day before he left NSA, and discussed Snowden — and hanging out with the journalists reporting on him — the day Snowden came forward on June 9. Then, on July 25, Hale sent Scahill a resume showing he was looking for counterterrorism or counterintelligence jobs. In December, Hale started the the job at Leidos where he would print out the files he sent to The Intercept.

You can think these leaks were valuable and ethical without thinking it a good idea to leave a months-long trail of evidence showing premeditation on unencrypted texts and social media.

Similarly, one of Snowden’s “methods” was to claim he had expressed concerns internally, but was ignored, a wannabe whistleblower stymied by America’s admittedly failed support for whistleblowers, especially those at contractors.

In the weeks before Snowden left NSA, he made a stink about some legal issues and NSA’s training programs (about how FISA Section 702 interacted with EO 12333) that he subsequently pointed to as his basis for claiming to be a whistleblower. The complaint was legit, and one NSA department actually did take notice, but it was not a formal complaint; indeed, it was more a complaint about US law. But his complaint had nothing to do with the vast majority of the documents that have been published based off his files, to say nothing of the far greater set of documents he took. And he made the complaint long after having prepared for months to steal vast amounts of files.

Similarly, Joshua Schulte wrote two emails documenting purported concerns about CIA security, one to a colleague less than a month before he left, which he didn’t send, and then, on his final day, one to CIA’s Inspector General that he falsely claimed was unclassified, a copy of which he was seen taking with him when he packed up. In the first search warrant for Schulte’s house obtained on March 13, 2017, less than a week after the initial Vault 7 release, the FBI had already found those emails and deemed Schulte’s treatment of them as suspect. And when they found a copy of the classified letter to the IG stashed in his headboard, it gave them cause to seize Schulte’s passports on threat of arrest. Snowden’s “methods” didn’t deliver Schulte a “happy ending;” they made Schulte’s apprehension easier.

To the extent Schulte could be shown to be following Snowden’s “methods” (again, that question was not resolved at his first trial) it would be a fairly damning indictment of those methods, since this effort to create a paper trail as a whistleblower was such an obvious attempt to retroactively invent cover for leaks for which there was abundant evidence Schulte’s motivation was spite and revenge. Maybe that’s why someone close to Assange explicitly asked me to stop covering Schulte’s case.

Had Daniel Hale gone to trial, the government undoubtedly would have used the exhibits showing that Hale had never made any whistleblower claims in any of the series of government jobs where he had clearance as a way to push back on his claim of being a whistleblower, though Hale was outspoken about his criticisms of the drone program before he took most of the files he shared with The Intercept. Indeed, given the success of Hale’s earlier anti-drone activism, his case raises real questions about whether leaking was more effective than Hale’s frank, overt witness to the problems of the drone program.

Worse still, Snowden’s boasts about his “methods” appear to have made prosecutions more likely. An early, mostly-sealed filing in Hale’s case, reveals that the government set out to investigate whether Hale was The Intercept’s source because they were trying to figure out whom Snowden had “inspired” to leak.

Specifically, the FBI repeatedly characterized its investigation in this case as an attempt to identify leakers who had been “inspired” by a specific individual – one whose activity was designed to criticize the government by shedding light on perceived illegalities on the part of the Intelligence Community.

That explains why the government required Hale to allocute to being the author of an essay in a collection of Hale’s leaked documents involving Snowden: by doing so, they obtained sworn proof that Hale is the person Snowden and Glenn Greenwald were discussing, while the two were sitting in Moscow, in the closing sequence of Citizenfour. In the scene, Glenn flamboyantly wrote for Snowden how this new leaker and The Intercept’s journalist were communicating, what appears to be J-A-B-B-E-R. That stunt for the camera would have tipped the government off, in cinema release just two months after they had raided Hale’s home, to look for and reconstruct Hale’s Jabber communications with Jeremy Scahill, which they partly succeeded in doing.

Rather than being means to a “happy ending,” then, prosecutors have found Snowden’s “methods” useful to pursuing increasingly draconian prosecutions of people inspired by him.

And now, after Snowden and Greenwald failed to persuade Trump to pardon Snowden, Assange — and in a secondary effort — The Intercept’s sources (perhaps, like Assange, they find the association with Schulte counterproductive, because they didn’t even try to get him pardoned, even though Trump himself almost bolloxed that prosecution), Snowden is left demanding pardons on Twitter for the people he set out to convince leaking could have a “happy ending.”

By associating these leaks with someone being protected by Russia so that — in Snowden’s own words — he could encourage more leaks, Snowden only puts a target on these people’s back, making a justifiable commutation of Winner’s sentence less likely (Winner is due to get out on November 23, two days before the most likely time for Joe Biden to even consider commuting her sentence).

I’m grateful for Snowden’s sacrifices to release the NSA files, but his efforts to lead others to believe that leaking would be easy was bound to, and has, ended badly.

If Vladimir Putin agreed to protect Snowden in hopes that he would inspire more leakers to release files that help Russia evade US spying (as Schulte’s leak did, at a time when the US was trying to understand the full scope of what Russia had done in 2016), the US prosecutorial focus on Snowden-related leakers undermines his value to Putin, probably by design. As that happens, Snowden might reach the moment that observers of his case have long been dreading, the moment when Putin’s utilitarian protection of Snowden will give way to some other equally utilitarian goal.

This is all happening as Putin adjusts to dealing with Joe Biden rather than someone he could manipulate by (at the very least) feeding his narcissism, Donald Trump. It is happening in the wake of new sanctions on Russia, in response to which Putin put US Ambassador John Sullivan on a plane to deliver some message, in person, to Biden. It is happening as Biden’s response to the Colonial Pipeline attack, in which ransomware criminals harbored by Putin shut down US critical infrastructure for fun and profit, includes noting that he and Putin will meet in person soon, followed by the unexplained disabling of the perpetrators in the wake of the attack.

Meanwhile, even as Snowden is of less and less use to Putin, Glenn Greenwald’s utility continues to grow. Snowden, for example, continues to speak out about topics inconvenient to Putin, like privacy. The presence in Russia of someone like Snowden with his own platform and international credibility may become increasingly risky for Putin given the success of protests around Alexei Navalny.

Greenwald, by contrast, seems to have dropped all interest in surveillance and has instead turned many of his grievances — even his complaint that former NSA lawyer Susan Hennessey will get a job in DOJ’s National Security Division, against whom one can make a strong case on privacy grounds — into a defense of Russia. Greenwald spends most of his time arguing that a caricature that he labels “liberals” and another caricature that he labels “the [American] Deep State,” followed closely by another caricature he calls “the  [non-right wing propaganda] Media,” are the most malignant forces in American life. In his rush to attack “liberals,” “the Deep State,” and “the Media,” Greenwald has coddled the political forces that Putin has found useful, including outright racists and other right wing extremists. By the end of the Trump presidency, Greenwald was excusing virtually everything Trump did, up to and including his attempted coup based on the utter denigration of democratic processes. In short, Greenwald has become a loud and important voice in support of the illiberalism Putin favors, to say nothing of Greenwald’s use of a rhetoric unbound by facts.

That Greenwald spends most of his days deliberately inciting Twitter mobs is just an added benefit, to those who want to weaken America, to Greenwald’s defense of fascists.

Most of us who used to know Greenwald attribute his Russian denialism and his apologies for Trump at least partly to his desire to free Snowden from exile. Yet Greenwald’s tantrums, because of their value to Putin, may have the opposite effect.

Stoking Greenwald’s irrational furor over what he calls “liberals” and “the Deep State” and “the Media” would actually be a huge incentive for Putin to deal Snowden to the US, in maximally symbolic fashion. There is nothing that could light up Greenwald’s fury like Putin bringing Snowden to a summit with Biden, wrapped up like a present, to send back on Air Force One. (That’s an exaggerated scenario, but you get my point.)

Plus, if Putin played it right, such a ceremonial delivery of Snowden might just achieve the completion of the Snowden operation, the public release of all of the files Snowden stole, not just those that one or another journalist found to have news value.

The Intelligence Community has, over the years, said a bunch of things about Snowden that were outright bullshit or, at least, for which they did not yet have evidence. But one true thing they’ve said is that Snowden took a great many files that had no imaginable privacy value. Even from a brief period working in the full archive aiming to answer three very discrete questions about FISA, I believe that to be true. While some (including Assange) pressured Snowden and others to release all these files, Snowden instead ensured that journalists would serve a vetting role, and after some initial fumbling, The Intercept did a laudable job of keeping those files safe. So up to now, the fact that Snowden took far more files than any privacy concern — even privacy concerns divorced from all question of nationality — could justify may not have mattered.

But as far as I know there are still full copies out there and Russia would love to spin up Glenn Greenwald’s fury so much he would attempt to burn down his caricature of “The Deep State” in retaliation — much like Schulte succeeded in badly damaging the CIA — by releasing his set.

I believe Russia has been trying to do this since at least 2016.

To be very clear, I’m not claiming that Greenwald is taking money from or is any way controlled by Russia. I am very much not claiming that, in part because it wouldn’t be necessary. Why pay Greenwald for what you can get him to do for free?

And while I assume Greenwald would respect Snowden’s stated wishes and protect the files, like Trump, Greenwald’s narcissism and resentment are very, very easy buttons to push. Greenwald has been heading in this direction without pushing. It would be child’s play to have people friendly to Russia’s illiberal goals (people like Steve Bannon or Tucker Carlson) exacerbate Greenwald’s anger at “the Deep State” to turn it into the frenzy it has become.

Meanwhile, custody of Edward Snowden would be a very enticing dangle for Putin to offer Biden as a way to reset Russia’s relationship with the US. One cannot negotiate with Putin, one can only adjust the points of leverage over each other and hope to come to some stable place, and Snowden has always been at risk of becoming a bargaining chip in such a relationship. By turning Snowden over to the US to be martyred in a high profile trial, Putin might wring the last bit of value out of Snowden. All the better, from Putin’s standpoint, if Greenwald were to respond by releasing the full Snowden set.

For the past four years, Greenwald seems to have believed that if he sucked up to Putin and Trump, he’d win Snowden’s freedom, as if either man would ever deal in good faith. Instead, I think, that process has had the effect of making Greenwald more useful to Russia than Snowden is anymore. And at this point, Greenwald seems to have lost sight of the likelihood that his belligerent rants may well make Snowden less safe, not more.

Update: According to the government sentencing memo for Hale, they didn’t write up the statement of offense, Hale did.

Hale pled guilty without any plea agreement, and submitted his own Statement of Facts. Def.’s Statement of Facts, Dkt. 197 (“SOF”).

Did John Durham Seize Journalists’ Call Records?

/52 Comments/in , , /by

The WaPo has revealed that DOJ obtained toll records on three journalists, covering a 3.5 month period in 2017, in 2020.

The Trump Justice Department secretly obtained Washington Post journalists’ phone records and tried to obtain their email records over reporting they did in the early months of the Trump administration on Russia’s role in the 2016 election, according to government letters and officials.

In three separate letters dated May 3 and addressed to Post reporters Ellen Nakashima and Greg Miller, and former Post reporter Adam Entous, the Justice Department wrote they were “hereby notified that pursuant to legal process the United States Department of Justice received toll records associated with the following telephone numbers for the period from April 15, 2017 to July 31, 2017.” The letters listed work, home or cellphone numbers covering that three-and-a-half-month period.

[snip]

The letters do not say when Justice Department leadership approved the decision to seek the reporters’ records, but a department spokesman said it happened in 2020, during the Trump administration. William P. Barr, who served as Trump’s attorney general for nearly all of that year, before departing Dec. 23, declined to comment.

The WaPo cites two stories it think might be culprits:

But it misses a key story on which Ellen Nakashima — whose mobile phone and home numbers were seized — was the first byline.

There’s also one on which Nakashima was not the first byline that might be relevant.

Notably, the request goes through the time when Peter Strzok was on the Mueller team.

In August 2020, NYT reported that John Durham was investigating media leaks. As reported, that was focused on the original leak to David Ignatius that led Mike Flynn to respond. But it reported that it wasn’t clear whether the investigation included other leaks, such as the two stories based on leak intercepts from the period under subpoena.

This report looks like what you’d expect if Durham’s investigation was broader than that, covering the period through when Strzok was removed from Mueller’s team.

Update: Billy Barr told the AP that he had made Durham Special Counsel on December 1, just over 6 months before WaPo got notice that DOJ had seized their records. He did so, it’s now clear, so that whatever providers they were trying to obtain records for would know that he had the authority of Attorney General.

Update: What Durham is clearly pursuing is charging someone under 18 USC 798 for leaking signals intercepts that seeded three stories:

  • The David Ignatius story revealing Mike Flynn’s calls with Sergei Kislyak had been discovered
  • The WaPo story revealing that Jared Kushner’s effort to set up a back channel with Russia had been discovered
  • The WaPo story revealing that Jeff Sessions had lied when he said he hadn’t spoken to any Russians in his confirmation hearing

Update: To be quite clear: I have no reason to believe Durham has any evidence about Strzok. What I have is a bunch of evidence that 1) Durham doesn’t understand what he’s looking at and 2) he was hired to take out a couple of FBI people, starting with Strzok.

The George Nader Problem: NSA Removes the Child Exploitation Content from Its Servers

/29 Comments/in , , /by

When Lebanese-American dual citizen George Nader was stopped at Dulles after arriving on a flight from Dubai on January 17, 2018, he had at least 12 videos on his phone depicting boys as young as two years old being sexually abused, often with the involvement of farm animals. In the days before a Mueller prosecutor obtained the contents of the three phones Nader had with him, Nader sat for at least four interviews with Mueller’s prosecutors and told a story (which may not have been entirely forthright) about how he brokered a meeting in the Seychelles between Russia and Erik Prince a year earlier. Nader exploited Prince’s interest in work with Nader’s own employer — Mohammed bin Zayed — to set up the back channel meeting, and as such was a very effective broker in the service of two foreign countries, one hostile to the US. As such, I assume, Nader became a key counterintelligence interest, on top of whatever evidence he provided implicating Trump and his flunkies.

Mueller’s team got the returns on Nader’s phones back on March 16. An FBI Agent in EDVA in turn got a warrant for the child porn. But two days after the agent got the warrant return, Nader skipped town and remained out of the country until days after Mueller shut down his investigation, at which point he returned to the US and was promptly arrested for his abuse of children. Even without the other influence peddling that Nader had done on behalf of the Emirates, he would have remained a key counterintelligence interest for the entire 14 months he remained outside the country. After all, Nader had been making key connections since at least the time he introduced Ahmed Chalabi to Dick Cheney, and probably going back to the Clinton Administration.

So it is quite possible that for the entire period Nader was out of the country, he was surveilled. If that happened, it almost certainly would have happened with the assistance of NSA. As an agent of Dubai, he would be targetable under FISA, but as a US citizen, targeting him under FISA would require an individualized FISA warrant, and the surveillance overseas would take place under 705b.

If the surveillance did happen, Nader’s sexual abuse of boys would have had foreign intelligence value. It would be of interest, for example, to know who knew of his abuse and whether they used it as leverage over Nader. The source of the videos showing the children being exploited would be of interest. So, too, would any arrangements Nader made to procure the actual boys he abused, particularly if that involved high powered people in Middle Eastern countries.

Understanding how George Nader fit in international efforts to intervene in US affairs would involve understanding his sexual abuse of boys.

And that poses a problem for the NSA, because it means that really horrible content — such as Nader’s videos showing young boys being abused with goats for the object of an adult’s sexual pleasure — is among the things the NSA might need to collect and analyze.

I’ve been thinking about George Nader as I’ve been trying to understand one detail of the recent FISA 702 reauthorization. In January 2020, the NSA got permission to — in the name of lawful oversight — scan its holdings for child exploitation, stuff like videos of adults using goats to sexually abuse very young boys.

In a notice filed on January 22, 2020, the government informed the Court that NSA had developed a method, [redacted] of known or suspected child-exploitation material (including child pornography), to identify and remove such material from NSA systems. To test this methodology, NSA ran the [redacted] against a same of FISA-acquired information in NSA systems. The government concedes that queries conducted for such purposes do not meet generally applicable querying standard; nor do they fall within one of the lawful oversight functions enumerated in the existing NSA querying procedures. Nevertheless, NSD/ODNI opined that “the identification and removal of child exploitation material … from NSA systems that is a lawful oversight function under section IV.C.6,” and that the deviation from the querying procedures was “necessary to perform this lawful oversight function of NSA systems.” Notice of Deviation from Querying Procedures, January 22, 2020, at 3; see Oct. 19, 2020, Memorandum at 10.

NSA anticipates using such queries going forward, likely on a recurring basis, to proactively identify and remove child-exploitation material from its systems. The government submits that doing so is necessary to “prevent [NSA] personnel from unneeded exposure to highly disturbing, illegal material.” October 19, 2020, Memorandum at 10. The Court credits this suggestion and likewise finds that performance of these queries qualifies as a lawful oversight function for NSA systems. But the Court encouraged the government to memorialize this oversight activity in § IV.C.6, among the other enumerated lawful oversight functions that are recognized exceptions to the generally acceptable querying standards.

The government has done so. Section IV.C.6 now includes a new provision for “identify[ing] and remov[ing] child exploitation material, including child pornography, from NSA systems.” NSA Querying Procedures § IV.C.6.f. The Court finds that the addition of this narrow exception has no material impact on the sufficiency of the querying procedures taken as a whole.

At first, I thought they were doing this to protect the children. Indeed, my initial concern was that NSA was using these scans to expand the use of NSA queries for what wound up being law enforcement action, such that they could ask to do similar scans for the seven other crimes they’ve authorized sharing FISA data on (though of the other crimes, only snuff videos would be as easy to automate as child porn, which has a well-developed technology thanks to Facebook and Google). I thought that, once they scanned their holdings, they would alert whatever authority might be able to rescue the children involved that they had been victimized. After all, under all existing minimization procedures, the NSA can share proof of a crime with the FBI or other relevant law enforcement agency. Indeed, in 2017, FISC even authorized NSA and FBI to share such evidence of child exploitation with the National Center for Missing and Exploited Children, so they could attempt to identify the victims, help bring the perpetrators to justice, and track more instances of such abuse.

But that doesn’t appear to be what’s happening.

Indeed, as described, “saving the victims” is not the purpose of these scans. Rather, preventing NSA personnel from having to look at George Nader’s pictures showing goats sexually abusing small boys is the goal. When I asked the government about this, NSA’s Director for Civil Liberties, Privacy and Transparency, Rebecca Richards, distinguished finding child exploitation material in the course of intelligence analysis — in which case it’ll get reported as a crime — from this, which just removes the content.

NSA does not query collected foreign intelligence information to identify individuals who may be in possession of child exploitation material. This particular provision allows NSA to identify and remove known or suspected child-exploitation material (including child pornography) from NSA systems.

The Court agreed that this was appropriate lawful oversight to “prevent [NSA] personnel from unneeded exposure to highly distributing, illegal material.” The point of the query is not to surface the material for foreign intelligence analysis, the function of the query is to remove the material. If NSA finds such information in the course of its analytic process to identify and report on foreign intelligence, it will review and follow necessary crimes reporting.

The Court credits the suggestion to conduct this activity as part of NSA’s lawful oversight function. [my emphasis]

I asked NSA a bunch of other questions about this, but got no further response.

First, isn’t the NSA required to (and permitted to, under the minimization procedures) alert the FBI to all such instances they find? So wouldn’t this be no different from a law enforcement search, since if found it will lead to the FBI finding out about it?

Second, as offensive as this stuff is, isn’t it also of value from a foreign intelligence perspective? Ignoring that George Nader is a US person, if a high profile advisor to MbZ was known to exploit boys, wouldn’t that be of interest in explaining his position in MbZ’s court and his preference for living in Dubai instead of VA? Wouldn’t it be of interest in understanding the counterintelligence threat he posed?

If it is of FI interest (I seem to recall a Snowden revelation where similar discoveries were used against a extremist cleric, for example), then how is it recorded to capture the FI use before it is destroyed? And in recording it, aren’t there NSA and/or FBI personnel who would have to look more closely at it? Wouldn’t that increase the amount of child exploitation viewed (presumably with the benefit of finding more predators, even if they are outside US LE reach)?

Finally, can you tell me whether NCMEC is involved in this? Do they receive copies of the material for their databases?

Are you saying that if the NSA finds evidence of child exploitation via these searches, it does not refer the evidence to FBI, even if it implicates victims in the United States?

Another question I have given Richards’ response is, why would NSA personnel be accessing collections that happen to include child exploitation except for analytic purposes?

But maybe that’s the real answer here: NSA employees would access child exploitation 1) for analytical purposes (in which case, per Richards, it would get reported as a crime) or 2) inappropriately, perhaps after learning of its presence via accessing it for analytic purposes (something that is not inconsistent with claims Edward Snowden has made).

After all, there have been two really high profile examples of national security personnel accused of critical leaks in the last decade who also have been accused of possessing child pornography: Donald Sachtleben, who after he was busted for (amazingly) bringing child porn on his laptop into Quantico, he later became the scapegoat for a high profile leak about Yemen, and Joshua Schulte, on whose computer the government claims to have found child porn on when it searched the computer for evidence that he stole all of CIA’s hacking tools.

So perhaps the NSA is just removing evidence of child exploitation from its servers — which it spent a lot of resources to collect as foreign intelligence — to avoid tempting NSA employees from accessing it and further victimizing the children?

If that’s correct, then it seems that NSA has taken a totally backwards approach to mitigating this risk.

If you’re going to scan all of NSA’s holdings to ID child exploitation, why not do so on intake, and once found, hash and encrypt it immediately. Some of what analysts would be interested in — tracking the dissemination of known child porn or the trafficking of known victims by transnational organized crime, for example — could be done without ever viewing it, solely after those existing hashes. If there were some other need — such as identifying a previously unidentified victim — then the file in question can be decrypted as it is sent along to FBI. That would have the added benefit of ensuring that if NSA personnel were choosing to expose themselves to George Nader’s videos of young boys being abused with farm animals, then the NSA would have a record of who was doing so, so they could be fired.

I get why the NSA doesn’t want to host the world’s biggest collection of child abuse, particularly given its difficulties in securing its systems. I don’t have any answers as to why they’re using this approach to purge their systems.

Joshua Schulte Undermines the WikiLeaks Claim to Publish “Whistleblowers”

/10 Comments/in , , /by

In this post, I noted that The Intercept — including Micah Lee — had fairly systematically ignored the most recent superseding indictment against Julian Assange, and as such had ignored the overt acts in it tied to helping Edward Snowden flee. I think the outlet has real ethical responsibility to actually report the truth of that detail — which they should do in any case to address the legally suspect aspects of some of the claims made about Snowden.

I’d like to look at an earlier Micah Lee post, not because of anything it (necessarily) says about The Intercept, but as background for a larger post about WikiLeaks I hope to move towards. In an article subtitled, “The Trump Administration Is Using the Full Power of the U.S. Surveillance State Against Whistleblowers,” Micah laid out how (according to his read of what he claimed were the court filings) the government had found a bunch of “whistleblowers.” Before he gets there, though, he describes the subjects of his post to be “government whistleblowers” who, only after they see something wrong, do they reach out to journalists and share information.

GOVERNMENT WHISTLEBLOWERS ARE increasingly being charged under laws such as the Espionage Act, but they aren’t spies.

They’re ordinary Americans and, like most of us, they carry smartphones that automatically get backed up to the cloud. When they want to talk to someone, they send them a text or call them on the phone. They use Gmail and share memes and talk politics on Facebook. Sometimes they even log in to these accounts from their work computers.

Then, during the course of their work, they see something disturbing. Maybe it’s that the government often has no idea if the people it kills in drone strikes are civilians. Or that the NSA witnessed a cyberattack against local election officials in 2016 that U.S. intelligence believes was orchestrated by Russia, even though the president is always on TV saying the opposite. Or that the FBI uses hidden loopholes to bypass its own rules against infiltrating political and religious groups. Or that Donald Trump’s associates are implicated in sketchy financial transactions.

So they search government databases for more information and maybe print some of the documents they find. They search for related information using Google. Maybe they even send a text message to a friend about how insane this is while they consider possible next steps. Should they contact a journalist? They look up the tips pages of news organizations they like and start researching how to use Tor Browser. All of this happens before they’ve reached out to a journalist for the first time.

Having laid out certain assumptions not just that all these people are whistleblowers, but also about what whistleblowing entails (and made certain claims about motive that don’t necessarily match the claimed motive of some of the subjects of the story, though some of that has become public since Micah wrote this), Micah explains that Joshua Schulte is an exception with regards to how he was caught.

Of the four Espionage Act cases based on alleged leaks in the Trump era, the most unusual concerned Joshua Schulte, a former CIA software developer accused of leaking CIA documents and hacking tools known as the Vault 7 disclosures to WikiLeaks. Schulte’s case is different from the others because, after the FBI confiscated his desktop computer, phone, and other devices in a March 2017 raid, the government allegedly discovered over 10,000 images depicting child sexual abuse on his computer, as well as a file and chat server he ran that included logs of him discussing child sexual abuse images and screenshots of him using racist slurs. Prosecutors initially charged Schulte with several counts related to child pornography and later with sexual assault in a separate case, based on evidence from his phone. Only in June 2018, in a superseding indictment, did the government finally charge him under the Espionage Act for leaking the hacking tools. He has pleaded not guilty to all charges.

He doesn’t return to Schulte’s case for the rest of the piece.

About the rest of the subjects of the story, Micah describes how, whether the subject took some measure to protect himself (such as with Terry Albury and James Wolfe) or did not (such as Reality Winner), they all got caught. What they all have in common is that they were among a very limited circle of people who had access to the stuff that got leaked, and therefore could be ultimately identified with more investigation.

I think Micah’s comment was meant to suggest that Schulte wasn’t identified that same way, but was instead identified only after he was busted for child porn. I texted Micah at the time and let him know that’s not what the court records reflect (he had not, in fact, reviewed the affidavits in the court docket). By that point, a slew of the warrants in the case had been revealed, including the first ones, which showed that Schulte was identified as a suspect almost immediately, in part the same way the others were — because he was one of three people who had access to the files believed to have been leaked. (It would later become clear that at least a few more people had access to the server and that the files were copied on a different, more incriminating date than FBI originally suspected.)

Micah never corrected his post.

Of note, however, even that initial warrant raised real questions about any claim that Schulte was a whistleblower — a claim WikiLeaks made it its first Vault 7 post.

In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.

That first warrant revealed that Schulte,

  • Had already restored his access to the exact files in question without authorization once (FBI would later discover he did this at least two more times)
  • Was pissy about something that had nothing to do with the hacking CIA did with the tools that Schulte wrote, basically a juvenile work dispute with a colleague
  • Had laid a paper trail in the weeks before he left CIA, making a claim to be a whistleblower, but the claim was not backed by any prior record of concern (per the FBI agent who admittedly should not be trusted on face value)

That is, even that first affidavit suggested that Schulte had used the claim to be a whistleblower as cover.

Schulte declined to present much of a defense at his first trial, a decision that (given the hung jury) absolutely was the right decision. So we can’t claim to have fully assessed all his claims to be a whistleblower, claims he made in pro se filings and deceitful Tweets he intended to post from jail. He chose not to make that case personally and he didn’t need to make the case to avoid a guilty verdict.

That said, all the evidence presented at trial strongly backs the initial FBI assessment that he was just an angry shithole who thought he was god, aiming to get back at people at the CIA he thought had dissed him. Indeed, two pieces of evidence submitted seriously undermine his claim to be a whistleblower, because they show he acted in ways that would be inconsistent from someone who genuinely had the concerns Schulte claimed to have — both a concern about the role of contractors and about security.

First, at one point when he was pissy because the CIA had contracted with a consultant to finish off a project that had been taking too long under him, Schulte actually considered become a contractor. Yes, he was pissy that a contractor could take away his project. But considering a job as a contractor is inconsistent with his claims about the use of them. It makes the claims translated into the WikiLeaks statement yet another cover for Schulte’s own resentment.

Then, at trial, the government showed that Schulte himself was responsible for setting up a root password that he allegedly used to steal the files. That is, to the extent the files were totally insecure from someone like Schulte, they were insecure because Schulte set them up to be. So not only was he not complaining to anyone else about the insecurity of these files, he was the one making them insecure.

Again, maybe Schulte could make a persuasive case he leaked these files to expose wrong-doing. But thus far, every piece of evidence suggests not only that Schulte was not a whistleblower, that every time he wrote up a claim to be one he otherwise told identifiable lies, and that he’s mostly just a rage-driven dude who decided to burn the CIA to the ground for spite.

Now, if WikiLeaks is a publisher, as it claims, that doesn’t necessarily matter. Journalists get information from sources operating out of a variety of motives, and personal pique is a common one. Except it raises the stakes on the newsworthiness of the files published. And on that front, WikiLeaks (on Twitter especially) vastly oversold the newsworthiness of the CIA files it published. Yes, it was useful for security firms to have CIA’s files identified publicly. But there was never anything published showing that CIA was operating outside of its mandate, and much of what was published showed tools that would be narrowly targeted. Just as importantly, CIA wasn’t actually doing anything particularly exotic with its hacking files. Spies were spying, news at 11.

I’ve written before about how a close associate of Assange’s sternly asked me to downplay Schulte because he hurt the public case for Julian Assange. I think that’s partly the allegations of child porn, racism, and sexual assault against him. People associated with WikiLeaks also knew before it was public that there was evidence involving Schulte implicating Russia (though the record on what the import of various pieces of evidence about Schulte pertaining to Russia mean is very mixed; Sabrina Shroff argued fairly convincingly that some of what is there stems from work Schulte was doing for his cellmate). Still, that may be another reason WikiLeaks boosters don’t want anyone to talk seriously about Schulte, because in the wake of Julian Assange working with Russia to get harm Hillary, their next big source also had some tie, of uncertain nature, to Russia.

But the existing record on Schulte, at least, not only undermines WikiLeaks’ claim to facilitate whistleblowers. On the contrary, WikiLeaks gave a disgruntled spook an easy way to burn the place down. More importantly, somewhere along the way, Schulte decided to cloak his bitter revenge plot inside a false claim to be a whistleblower.

People can certainly still defend WikiLeaks as an outlet permitting disgruntled spooks to burn their agencies to the ground out of spite. Certainly, if you believe the CIA is inherently, uniquely evil, you might still champion this leak. But on the Vault 7 leak, WikiLeaks boosters should be clear that’s what they’re doing.

From Failed Whistleblower to Journalistic Source: Natalie Sours Edwards Mounts a Credible Public Interest Defense

/9 Comments/in , , , /by

Natalie Sours Edwards, one of the sources for a series of BuzzFeed stories on Treasury and a larger, global series on Suspicious Activity Reports, submitted her sentencing memorandum last night. It is probably the most convincing example of a whistleblower-turned-leaker telling her story to explain why she did what she did. And while she was charged under a different statute than the Espionage Act — there’s a specific law prohibiting the leaking of SARs — it is a laudable effort to make a public interest defense.

She spends much of her submission (as most do) describing her background — her Native American upbringing, the series of jobs she had after obtaining a PhD in national security decision-making, first at ATF, then at CIA, and then at Treasury’s FinCEN. Not long after she moved to Treasury, she grew concerned about a number of things she was seeing: She believed Treasury was making some organizational changes without first getting congressional approval.

By April of 2016, TFI was considering a proposal to move several employees from FinCEN to OIA. May Sours Edwards and other members of FinCEN’s upper management questioned the legality of the proposed realignment. In an email to John Farley, Acting Director of Executive Office for Asset Forfeiture (TEOAF), Dr. Edwards raised concerns about whether the transfers would be consistent with Congressional appropriations and whether OIA was moving forward in spite of a direction from the Senate Select Committee on Intelligence not to proceed until the Committee had reviewed the plans for the reallocation of funds.

She was concerned — as was the Privacy and Civil Liberties Oversight Board — that Treasury had never instituted guidelines protecting Americans’ privacy when accessing records under 12333. (I had written about this problem before this period.)

Did OIA, as a member of the intelligence community, have the authority to collect and retain data domestically. Under Executive Order 12333 (“E.O. 12333”) IC entities, which OIA is, are permitted to collect information on “United States persons” only if the organization has promulgated guidelines for doing so and had them reviewed and approved by the Attorney General.11 Dr. Edwards questioned whether OIA had signed guidelines. Counsel for OIA hostilely, in Dr. Edwards’ estimation, disagreed with her interpretation of EO 12333. She believed he deliberately denigrated her during the meeting in front of the other participants in an attempt to bully her into agreeing with his position. She did not acquiesce.

11Executive Order 12333 provides in pertinent part as follows. “2:3 Collection of Information. Agencies within the Intelligence Community are authorized to collect, retain or disseminate information concerning United States persons only in accordance with procedures established by the head of the agency concerned and approved by the Attorney General, consistent with the authorities provided in Part 1 of this Order.”

After she had shared these concerns with Congress, she believed that Jacob Lew had knowingly lied to Congress about whether there were whistleblowers at Treasury.

On September 22, 2016, Treasury Secretary Jacob Lew testified before the House Financial Services Committee. https://www.c-span.org/video/?415661- 1/secretary-jack-lew-testifies-financial-stability-report&start=9046. Representative Fitzpatrick specifically asked him whether the proposed realignment was consistent with the existing budget, the issue Dr. Edwards had been raising. He also the Secretary whether there were any whistleblowers at Treasury. Representatives Jeb Hensarling and Sean Duffy later sent a follow-up congressional letter to Secretary Lew, expressing concern that the proposed “changes may violate appropriations requirements, civil service rules, and constraints on gathering and use of financial intelligence data.” They also noted that it was “troubling that Treasury is moving forward with the proposed reallocation with the intention to complete the process before a new Administration takes over in January 2017 and despite bipartisan requests to process at a more deliberate pace.” Id.

Something else of significance happened during the hearing. In response to a question from Representative Fitzpatrick, Secretary Lew stated that he was unaware of any whistleblowers in the Treasury Department. Dr. Edwards was taken aback and concerned. She was a whistleblower, a fact well known to Treasury OIG.

In the wake of that hearing, she believed that her clearance was pulled, briefly, as retaliation.

On September 27, 2016, a week after the contentious OIA-FinCEN meeting, someone at OIA ordered that Dr. Edward’s SCI (Sensitive Compartmentalized Information) clearance and her access to the SCIF (Sensitive Compartmentalized Information Facility) be revoked. Dr. Edwards questioned the basis for the action. Her clearance was reinstated the following day. Email of September 28, 2016, from May Edwards to Elizabeth Ortiz, attached hereto as Exhibit XX

She submitted two whistleblower complaints — to Treasury IG and to OSC. The latter found that she had engaged in protected activity (meaning that she had been a whistleblower), but ruled against her claims of retaliation on narrow grounds.

By letter dated May 21, 2018, OSC informed Dr. Edwards that they were closing her file. OSC concluded that Dr. Edwards’ reports to her “leadership, OIG, Congress and OSC all likely constitute ‘protected activity’ or whistleblowing under the law.” May 21, 2018, letter from OSC to Dr. Edwards, attached hereto as Exhibit HHH at 4. Further, Dr. Edwards could establish that her “management knew about [her] whistleblowing regarding, at a minimum, the issues [she] raised directly to them.” However, OSC made several findings that it concluded were fatal to Dr. Edwards’ claim that she had been retaliated against as a whistleblower. OSC could not find that there was a substantial likelihood that Treasury Secretary Lew knew of Dr. Edwards’ allegations when he testified before Congress that there were no whistleblowers in Treasury. Id. at 3. The email that outlined OMB’s direction to Treasury on communicating with Congress about the FinCEN/TSI realignment was not improper because it appeared to be directing Treasury officials not to discuss the issue in their official capacities as opposed to directing them in their individual capacities on their rights to report suspected wrongdoing to Congress

A Treasury IG Report ruled against her based on an alternative explanation provided for why the PKI of FinCEN employees had been pulled.

While finding that the problem with the IC PKI certificates was solely the result of inadvertence, the author of the audit did note that “the present working relationship between OIA and FinCEN related to the IC PKI process is strained.” Id. at 3. The two Treasury components had a “fundamental disagreement” about FinCEN’s need for access to the IC PKIs and more broadly about FinCEN’s autonomy.

She even explains how — after she started working with Jason Leopold — Ron Wyden complained that FinCEN was withholding information on Russian interference and its ties with Donald Trump.

In addition to her concern about OIA’s handling of realignment and the PKIs issue, Dr. Edwards grew to question whether FinCEN was providing complete information in response to Congressional requests for information. She was not alone in that belief. On May 10, 2017, Senator Ron Wyden made a floor statement placing a hold on the nomination of Sigal Mandelker for the position of Under Secretary of TFI. His office issued a statement explaining the Senator’s reasoning:

Senator Ron Wyden, D-Ore., today placed a hold on the nomination of Sigal Mandelker to be Under Secretary of the Treasury for Terrorism and Financial Intelligence. Wyden said he will maintain that hold until the Treasury Department provides the Senate Intelligence Committee and Senate Finance Committee information and documents related to Russia and its financial dealings with President Trump and his associates.

On Tuesday, May 9, Senate Intelligence Committee Vice Chairman Mark Warner announced that the Committee had made a request to the Treasury Department’s Financial Crimes Enforcement Network (FinCEN). https://www.wyden.senate.gov/news/press-releases/wyden-announces-hold-ontreasury-nominee-until-administration-produces-documents-on-russian-dealingswith-trump-associates. On September 22, 2017, Senator Wyden put a hold on another Treasury Assistant Secretary nominee, Isabelle Patelunas, again because of Treasury’s “refusal to provide documents related to Russia.” https:// www.wyden.senate.gov/news/press-releases/wyden-announces-hold-ontreasury-nominee-over-agencys-refusal-to-provide-documents-related-to-russia.

It’s in that context that — she described — she started working with Leopold to get Congress to return its attention to misconduct at Treasury.

When Congress’ attention to the issues May believed vitally affected the security of this country flagged, she began communicating with Jason Leopold, a reporter with the online publication BuzzFeed News. He told her that he shared her concern for national security. He assured her that the only way to revive Congressional interest was through media attention. He promised to – and did – introduce her to additional Congressional staffers. At his encouragement, she provided him with Suspicious Activity Reports (“SARs”) and other internal Treasury Department documents. He wrote articles that disclosed that information. She was arrested. He was not.

[snip]

Although Congress by then had done little to curb Treasury’s behavior, Dr. Edwards continued to believe that the only way to ensure that those responsible for the improper behavior were held accountable was through Congress. Leopold encouraged this belief: By writing articles, he could get the proper attention for the issues she believed were of vital importance to national security. This was a theme he returned to more than once when he sought information from Dr. Edwards: He could use what she gave him to write stories that would force Congress to investigate her allegations. (September 27, 2017: “We do need to keep momentum going so this story is crucial.” October 16, 2017: “We are going for the next story – keep momentum going with 12333.” January 11, 2018: “Listen, I am going to make a case that we need to leak something and report it. I am going to reach out to some of your colleagues. But this is getting ridiculous and I need to get their attention…By their attention I mean Congress).

Importantly, given the way she was charged (with a conspiracy to leak these SARs, with Leopold identified as a co-conspirator would be) she describes how hard Leopold worked to champion her efforts in Congress.

Throughout 2017 and 2018, Leopold told Dr. Edwards in their WhatsApp conversations that he was committed to her cause of uncovering and remedying corruption in the Treasury Department. He told her at times that he was acting on behalf of Congressional staff members in seeking information from her. He sought to arrange meetings for Dr. Edwards with members of Congress or their staff. Such meetings did take place. Leopold attended meetings with Dr. Edwards. Staffers encouraged Dr. Edwards to provide information they sought about the inner workings of the Treasury Department, including whether the requirements of the Bank Secrecy Act were being enforced by financial institutions as required to assist U.S. government agencies.

Remember: Before the global SARs reporting effort came out, Treasury issued a statement that can only be viewed as an attempt at prior restraint, a threat against Leopold.

Edwards’ sentencing memorandum says that the Probation office recommended two years of probation.

Dr. Sours Edwards faces no mandatory minimum term of incarceration. As discussed above, the relevant range under the United States Sentencing Guidelines, both as stipulated in the plea agreement and as determined by United States Probation, is zero to six months. PSR at ¶4, p. 28. Probation has recommended that the Court sentence Dr. Sours Edwards to a two-year term of Probation.

It is unclear whether this will work — whether Edwards will get probation. It is equally unclear whether Leopold’s laudable efforts to double down on his reporting, to raise global attention to the issue, will bring about reform at banks or in the US.

But this is what every other leaker I’ve covered has tried to do, far less persuasively: an attempt to make a public interest defense for leaking to a journalist.

“A Digital Pearl Harbor:” The Ways in Which the Vault 7 Leak Could Have Compromised US and British Assets’ Identities

/4 Comments/in , , , /by

The Julian Assange extradition defense yesterday started presenting evidence that Assange suffers from conditions — Aspergers, depression, and suicidal tendencies — that would make US prisons particularly lethal. It’s the defense that Lauri Love used to avoid extradition, and is Assange’s most likely chance of success. And given our inhumane prisons, it’s a perfectly fair defense against his extradition.

Before that, though, the most interesting evidence submitted by Assange’s team pertained to the three charges that he identified the identities of US and Coalition (and so, British) informants in the Afghan, Iraq, and Cablegate releases. For each of those releases, Assange’s team presented evidence that someone else — Cryptome, in one case, some Guardian journalists in another — released the informants’ identities first. At one point, the lawyer for the US seemed to suggest that Assange had made such disclosures more readily available after the identities had already been published. But Assange can only be extradited for charges that are illegal in the UK as well, and while the UK’s Official Secrets Act explicitly prohibits the publication of covert identities, it does not prohibit republication of names.

In other words, it’s the one evidentiary question where I think WikiLeaks might have the better case (the government has yet to present its own counter-evidence, and Assange has to prove that the charges are baseless to prevent the extradition, so it’s a high hurdle).

The question is particularly interesting for several reasons. Publishing the names of informants is the one charge specifically tied to publication, rather than conspiring to get Chelsea Manning to leak, making it dangerous for journalism in a different way than most of the other charges (save the CFAA charge).

But also because — in a Mike Pompeo screed that many WikiLeaks witnesses have cited completely out of context, in which the then-CIA Director named WikiLeaks a non-state hostile intelligence agency — he accused WikiLeaks of being like Philip Agee, a disillusioned CIA officer who went on to leak the identities of numerous CIA officers who was credibly accused of working with Cuban and Russian intelligence services.

So I thought I’d start today by telling you a story about a bright, well-educated young man. He was described as industrious, intelligent, and likeable, if inclined towards a little impulsiveness and impatience. At some point, he became disillusioned with intelligence work, and angry at his government. He left the government and decided to devote himself to what he regarded as public advocacy: exposing the intelligence officers and operations that he had sworn to keep secret. He appealed to agency employees to send him leads, tips, suggestions. He wrote in a widely-circulated bulletin quote “We are particularly anxious to receive – and anonymously, if you desire – copies of U.S. diplomatic lists and U.S. embassy staff,” end of quote.

That man was Philip Agee, one of the founding members of the magazine CounterSpy, which in its first issue, in 1973, called for the exposure of the CIA undercover operatives overseas. In its September 1974 issue, CounterSpy publicly identified Richard Welch as the CIA station chief in Athens. Later, Richard’s home address and phone number were outed in the press, in Greece. In December 1975, Richard and his wife were returning home from a Christmas party in Athens. When he got out of his car to open the gate in front of his house, Richard Welch was assassinated by a Greek terrorist cell.

At the time of his death, Richard was the highest-ranking CIA officer killed in the line of duty. He had led a rich and honorable life – one that is celebrated with a star on the agency’s memorial wall. He’s buried at Arlington National Cemetery, and has remained dearly remembered by his family and colleagues.

Meanwhile, Philip Agee propped up his dwindling celebrity with an occasional stunt, including a Playboy interview. He eventually settled down as the privileged guest of an authoritarian regime – one that would have put him in front of a firing squad without a second thought had he betrayed its secrets instead of ours.

Today, there are still plenty of Philip Agees in the world, and the harm they inflict on U.S. institutions and personnel is just as serious today as it was back then. They don’t come from the intelligence community, they don’t all share the same background, or use precisely the same tactics as Agee, but they are soulmates. Like him, they choose to see themselves under a romantic light as heroes above the law, saviors of our free and open society. They cling to this fiction even though their disclosures often inflict irreparable harm on both individuals and democratic governments, pleasing despots along the way.

The one thing they don’t share with Agee is the need for a publisher. All they require now is a smartphone and internet access. In today’s digital environment, they can disseminate stolen U.S. secrets instantly around the globe to terrorists, dictators, hackers and anyone else seeking to do us harm.

The reference to Richard Welch is inaccurate (in the same way the claim that WikiLeaks is responsible for release of these informants’ identities could be too). Much of the rest of what Pompeo said was tone-deaf, at best. And that Pompeo — who months earlier had been celebrating WikiLeaks’ cooperation with Russia in interfering in the 2016 election — said this is the kind of breathtaking hypocrisy he specializes in.

Still, I want to revisit Pompeo’s insinuation, made weeks after the release of the Vault 7 files, that Julian Assange is like Philip Agee. The comment struck me at the time, particularly given that the only thing he mentioned to back the claim — also floated during the Chelsea Manning trial — was that WikiLeaks’ releases had helped al-Qaeda.

And as for Assange, his actions have attracted a devoted following among some of our most determined enemies. Following the recent WikiLeaks disclosure, an al-Qaida in the Arabian Peninsula member posted a comment online thanking WikiLeaks for providing a means to fight America in a way that AQAP had not previously envisioned. AQAP represents one of the most serious threats to our country and around the world today. It’s a group that is devoted not only to bringing down civil passenger planes but our way of life as well. That Assange is the darling of these terrorists is nothing short of reprehensible. Have no doubt that the disclosures in recent years caused harm, great harm, to our nation’s national security, and they will continue to do so for the long term.

They also threaten the trust we’ve developed with our foreign partners when that trust is crucial currency among allies. They risk damaging morale for the good officers at the intelligence community and who take the high road every day. And I can’t stress enough how these disclosures have severely hindered our ability to keep you all safe.

But given what we’ve learned about the Vault 7 release since, I’d like to consider the multiple ways via which the Vault 7 identities could have — and did, in some cases — identify sensitive identities. Pompeo’s a flaming douchebag, and the CIA’s complaint about being targeted like it targets others is unsympathetic, but understanding Pompeo’s analogy to Agee provides some insight into why DOJ charged WikiLeaks in 2017 when it hadn’t in 2013.

Vault 7, justifiably or not, may have changed how the government treated WikiLeaks’ facilitation of the exposure of US intelligence assets.

Before I start, let me emphasize the Vault 7 leak is not charged in the superseding indictment against Assange, and Assange’s treatment of Vault 7 may be radically different than his earlier genuine attempts to at least forestall or delegate the publication of US informant identities. Even if DOJ’s understanding of WikiLeaks’ facilitation of the exposure of US intelligence assets may have changed with the Vault 7 release, DOJ understanding may not be correct. Nor do I think this changes the risk to journalism of the current charges, as charged.

But it may provide insight into why the government did charge those counts, and what a superseding indictment integrating the Vault 7 leak might look like.

First, although WikiLeaks made a big show of redacting the identities of the coders who developed the CIA’s hacking tools (as they did with the 2010 and 2011 releases), some were left unredacted in the content of the release. That may be unintentional. But the first FBI affidavit against accused Vault 7 leaker Joshua Schulte noted that the pseudonyms of the two other SysAdmins who had access to the files were left unredacted in the first release, something that suggests more intentional disclosure, one that would presumably require the involvement of Schulte or someone else who knew these identities.

i. Names used by the other two CIA Group Systems Administrators were, in fact, published in the publicly released Classified Information.

ii. SCHULTE’s name, on the other hand, was not apparently published in the Classified Inforamtion.

iii. Thus, SCHULTE was the only one of the three Systems Administrators with access to the Classified Information on the Back-Up Server who was not publicly identified via WikiLeaks’s publication of the Classified Information.

A subsequent WikiLeaks release (after the FBI had already made it clear he was a, if not the, suspect) would include Schulte’s username, but I believe that is distinguishable from the release of the other men’s cover names.

Schulte would later threaten to leak more details (including, presumably, either his cover or his real name) on one of those same guys, someone he was particularly angry at, from jail, including the intriguing hint that he had been exposed in the Ashley Madison hack.

 

At trial, Schulte’s lawyer explained that the leaking he attempted or threatened from jail reflected the anger built up over almost a year of incarceration, but there’s at least some reason to believe that the initial Vault 7 release intentionally exposed the identities of CIA employees whom Schulte had personal gripes with, or at the very least he hoped would be blamed other than him.

Then there’s the damage done to ongoing operations. At trial, one after another CIA witness described the damage the Vault 7 leak had done. While the testimony was typically vague, it was also more stark in terms of scale than what you generally find in CIA trials.

After describing the leak the “equivalent of a digital Pearl Harbor,” for example, Sean Roche, who was the Deputy Director for Digital Innovation at the time of the leak, testified how on the day of the first release, the CIA had to shut down “the vast, vast majority” of operations that used the CIA tools (at a time, of course, when the CIA was actively trying to understand how Russia had attacked the US the prior year), and then CIA had to reach out to those affected.

It was the equivalent of a digital Pearl Harbor.

Q. What do you mean by that?

A. Our capabilities were revealed, and hence, we were not able to operate and our — the capabilities we had been developing for years that were now described in public were decimated. Our operations were immediately at risk, and we began terminating operations; that is, operations that were enabled with tools that were now described and out there and capabilities that were described, information about operations where we’re providing streams of information. It immediately undermined the relationships we had with other parts of the government as well as with vital foreign partners, who had often put themselves at risk to assist the agency. And it put our officers and our facilities, both domestically and overseas, at risk.

Q. Just staying at a very general level, what steps did you take in the immediate aftermath of those disclosures to address those concerns?

A. A task force was formed. Because operations were involved we had to get a team together that did nothing but focus on three things, in this priority order. In an emergency, and that’s what we had, it was operate, navigate, communicate, in that order. So the first job was to assess the risk posture for all of these operations across the world and figure out how to mitigate that risk, and most often, the vast, vast majority we had to back out of those operations, shut them down and create a situation where the agency’s activities would not be revealed, because we are a clandestine agency.

The next part of that was to navigate across all the people affected. It was not just the CIA. There were equities for other government agencies. There were, of course, equities at places and bases across the world, where we had relationships with foreign partners. People heeded immediately, were calling and asking what do I do, what do I say?

And the third part of that was to communicate, which was — in the course of looking at this as a what systemic issues led to the ability to have our information out there — was to document that and write a report that would serve as a lessons learned with the idea of preventing it from ever happening again. [my emphasis]

Notably, given that Assange could be vulnerable to Official Secrets Act charges in the UK if this leak affected any British intelligence officers or assets, Roche mentioned “foreign partners” twice in just this short passage. You don’t get very far down the list of CIA’s foreign partners before you’ve damaged MI6 assets.

Of course, shutting down ongoing operations would not have been enough to protect CIA’s assets. It took just 40 days for Symantec and Kaspersky to publicly identify the tools described in the Vault 7 releases as those found targeting their clients. If the CIA (or its foreign partners) had used human assets to introduce malware into target computers, as a number of these tools required, then those assets might be easily identifiable to the organizations affected.

Part of that same leak Schulte attempted from jail explains how this might work. He described how a tool from a particular vendor (which he would have named) was actually “Bartender,” by name presumably a watering hole attack, which had been released in Vault 7.

Had he succeeded in tweeting this out, Schulte would have identified either a cover organization or one in which CIA had recruited assets which was loading malware onto target computers while also loading some kind of vendor software.

I’m not defending CIA’s use of such assets to provide a side-helping of malware when targeted organizations install real software, though all major state-actors do this. But what Schulte (without any known active involvement of WikiLeaks, though he did continue to communicate with WikiLeaks, at least indirectly, while in jail) was allegedly attempting to do was burn either a cover organization or CIA assets, who would have been immediate targets if not exfiltrated. And it provides a good example of what could have happened over and over again on March 7, 2017, when these files were first released.

But there’s one other, possibly even more significant risk.

WikiLeaks has, in the past, preferentially withheld or shared files with Russia and other countries. Most obviously, at least one file hacked as part of the Syria Files which was damning to Russia never got published, and Emma Best claimed recently there were far more. The risk that something like that would have happened in this case is quite real. That’s because the files were leaked at a time when WikiLeaks was actively involved in another Russian operation. There was a ten month delay between the time the files were allegedly shared (in early May 2016) and the time WikiLeaks published them on March 7, 2017. The government has never made any public claim about how they got shared with WikiLeaks. Details of contacts between Guccifer 2.0 and WikiLeaks demonstrate that it would have been impossible to send the volume of data involved in this hack directly to WikiLeaks’ public facing submission system in the time which Schulte did so, and several people familiar with the submission system at the time of that hack have suggested it served more as cover than a functional system. That suggests that Schulte either would have had to have prior contact with WikiLeaks to arrange an alternate upload process, or shared them with WikiLeaks via some third party (notably, Schulte bragged in jail that compressing data to do this efficiently was one of his specialties at CIA).

At trial, even though the government in no way focused on this evidence themselves, there was (inconsistent) evidence that Schulte planned to involve Russia in his efforts to take revenge on the CIA. I’ve heard a related allegation independently.

Remember, too, that WikiLeaks has never published the vast majority of the code for these tools, even though Schulte did leak it, which would make it still easier to identify anyone who had used these tools.

So imagine what might have happened had Russia gotten advance notice (either via WikiLeaks, a WikiLeaks associate, or Schulte himself) of these tools? Russia would have had months — starting well before US intelligence had begun to understand the full extent of the election year operation — to identify any of the CIA tools used against it. To be clear, what follows is speculative (though I’m providing it, in part, because I’m trying to summarize the Vault 7 information so people who are experts on other parts of the Russian treason case can test the theory). But if it had, the aftermath might have looked something like Russia’s prosecution of several FSB officers for treason starting in December 2016. And the response — if CIA recognized that its assets had already been compromised by the Vault 7 release — might look something like the Yahoo indictment charging one of the same FSB officers rolled out, with great fanfare, on March 15, just over a week after the Vault 7 release (DOJ obtained the indictment on February 28, after the CIA knew that WikiLeaks had the release coming and months after the treason arrest, but a week before the actual release). That is, Russia might move to prosecute months before the CIA got specific notice, using the years-old complaints of Pavel Vrublevsky to hide the real reason for the prosecution, and the US might move to disclaim any tie to the FSB officers by criminally prosecuting them and identifying many of the foreign targets they had used Yahoo infrastructure to spy on. Speaking just hypothetically, then, that’s the kind of damage we’d expect if any country — and Russia has been raised here explicitly — got advance access to the CIA tools before the CIA did its damage mitigation starting on March 7, 2017.

This scenario (again, it is speculative at this point) is Spy versus Spy stuff, the kind of thing that state intelligence agencies pull off against each other all the time. But it’s not journalism.

And even the stuff that would have happened after the public release of the CIA files would not just have exposed CIA collection points, but also, probably, some of the human beings who activated those collection points.

WikiLeaks would have you believe that nothing that happened after 2013 could change DOJ’s understanding of those earlier exposures of US (and British) assets.

But the very same Mike Pompeo speech that they’ve all been citing explained precisely what changed.

Wherein WikiLeaks Brags about Entertaining a Pardon Dangle from a Suspected Russian Asset and a White Supremacist

/12 Comments/in , , , , /by

Yesterday, Julian Assange’s lawyer Jennifer Robinson had a statement (which has not been released) read at his extradition hearing describing that she witnessed a meeting between Assange and Dana Rohrabacher on August 15, 2017 (Neo-Nazi Chuck Johnson was also present), where the Congressman said he had a win-win deal to offer: Trump would pardon Julian Assange if Assange would say that the source of the stolen DNC emails was not Russia.

Robinson stated that Assange did not disclose the source. Based on reports, though, she did not appear to deny that Assange had claimed his source was not Russia, which is what Rohrabacher reported at the time.

A lawyer representing the United States did not contest Robinson’s report, agreeing that the offer occurred. But representatives from the US did state that Trump had not agreed to it (which, without access to the exact statement, could mean any thing, but Trump certainly hasn’t pardoned Assange, yet).

Amid a laudable parade of arguments at Assange’s extradition hearing about the Espionage Act and discussions of all the important disclosures associated with the 2010 WikiLeaks releases for which Julian Assange is fighting extradition — including testimony read from German torture victim Khaled al-Masri, one of the first times he has had his say in public — including this statement was a cynical, and I would argue, damning, ploy.

In spite of the frenzy from the US press about the statement, the claim is not new. It was reported immediately by the Daily Caller (I covered that report here). Then Assange tweeted and then released on Facebook a statement asserting that reports from others should not be deemed authoritative. “Only unmediated statements coming directly from me can be considered authoritative.” Rohrabacher issued a statement, in which he promised to divulge what Assange stated to Trump.

Neither explicitly admitted what was obvious, that it was a pardon quid pro quo.

In a follow-up interview with the Daily Caller, Rohrabacher claimed not to remember whether he spoke to anyone at the White House about the meeting. Then, in a follow-up interview with Sean Hannity, Rohrabacher said, “It is my understanding from other parties who are trying to arrange the rendezvous that a rendezvous with myself and the President is being arranged for me to give him the firsthand information from him.” Earlier this year (when WikiLeaks announced that Robinson was going to resuscitate this story), Kim Dot Com released texts describing how he had pushed Trump’s best friend (whom he claimed not to identify) to accept the deal.

Those texts identified the best friend as Sean Hannity, the same guy who hosted Rohrabacher to explain that, “other parties [were] trying to arrange the rendezvous that a rendezvous with myself and the President is being arranged for me to give him the firsthand information from him.”

Ultimately, Chief of Staff John Kelly refused to let the President meet with Rohrabacher, just like he refused other agents of disinformation about the Russian hack to meet with him in the same period.

Mr. Rohrabacher confirmed he spoke to Mr. Kelly this week but declined to discuss the content of their conversation. “I can’t confirm or deny anything about a private conversation at that level,” he said in a brief interview. He declined to elaborate further.

A Trump administration official confirmed Friday that Mr. Rohrabacher spoke to Mr. Kelly about the plan involving Mr. Assange. Mr. Kelly told the congressman that the proposal “was best directed to the intelligence community,” the official said. Mr. Kelly didn’t make the president aware of Mr. Rohrabacher’s message, and Mr. Trump doesn’t know the details of the proposed deal, the official said.

In the call with Mr. Kelly, Mr. Rohrabacher pushed for a meeting between Mr. Assange and a representative of Mr. Trump, preferably someone with direct communication with the president.

On its face, the pardon dangle story proves only that Julian Assange was willing to meet with someone widely presumed to be Russian asset, Dana Rohrabacher, and a far right white nationalist to help float false claims about Russia’s role in getting Trump elected. It also proves that, at the time (when Trump was desperately trying to shut down the investigation into his coordination with Russia in the 2016 election and one after another were giving false prepared statements denying such coordination), the President had a Chief of Staff with the ability to look out after his legal interests.

And while I doubt lawyers for the US will go there, in context, the fact that WikiLeaks’ defense team presented just one of the at least four pardon dangles — including one for which the import of Russian disinformation is more obvious than others — is a testament to the degree to which the true story of those pardon discussions would make WikiLeaks’ compromise by Russia clear.

Here are the known discussions of pardons since WikiLeaks released emails in such a way as to optimize their benefit to getting authoritarian torture fan Donald Trump elected.

  • Starting at least by November 16 (and probably earlier) and lasting at least through January 11, 2018, Roger Stone tried to broker a pardon; according to sworn testimony by Randy Credico, Margaret Kunstler was involved in this effort (and threatening to expose whatever role Kunstler had in the process is one of the ways Stone used to discourage Credico’s testimony).
  • Starting at least by January 12 and continuing until at least March 28, 2017, Adam Waldman — the lawyer that Assange shared with Oleg Deripaska, whom the SSCI Report shows had a central role in the 2016 operation — tried to negotiate a deal via which Assange would provide limited information to mitigate the harm of the Vault 7 leak and DOJ (or if that failed, SSCI) would give him immunity, effectively a pardon. Given WikiLeaks’ history of sharing raw documents with Russia and others, the entrée would have come long after WikiLeaks had had the opportunity to broker the files, which would have helped Russia not only identify CIA’s hacks of Russian computers, but also NOCs working for CIA. (I’ve started to wonder whether the Russian treason case from late 2016 has a tie.) John Solomon — who has spread Deripaska’s propaganda before — even blamed Jim Comey for the compromise that resulted. In short, the offer was far too late to be meaningful, but it was an effort to give Assange impunity for burning the CIA to the ground.
  • From August to October 2017, Rohrabacher pursued his pardon for disinformation deal.
  • Last week, in the guise of defending journalism, Glenn Greenwald went on Tucker Carlson’s show (where a number of people have successfully lobbied for a pardon) and pitched pardons for both Assange and Ed Snowden not, as he claimed, out of any defense of journalism or whistleblowers — both things that Trump affirmatively reviles — but instead because it’s a great way to stick it to the Obama Deep State.

So one pardon pitch immediately after Assange worked with Russia to get Trump elected, another one brokered by Oleg Deripaska’s lawyer, a third pitched by a Congressman widely believed to be a Russian asset, and finally Glenn’s pitch for a pardon as a great way to do damage to the intelligence community.

Not only did Russia figure in all of those pardon dangles, but each was pitched not as a way to honor Assange’s debt to journalism, but instead to serve Russia’s purposes. And for some reason WikiLeaks thinks that raising just one of these — while remaining silent about perhaps the most damning pardon dangle — helps prove its case that Julian Assange is a journalist and not the Russian spy the prosecutors in this case claim to believe he is.

Snowden

Snowden Lies about Outreach about a Pardon and Puts a Target on Daniel Everette Hale’s Back

/26 Comments/in /by

I’m going to make three observations about this Edward Snowden interview, to mark it.

The interview was filmed live, Friday night US time, September 11, as the other clip indicates.

In it, Snowden repeatedly and categorically denied any outreach to the US government for a pardon.

Williams: Have you had any contact with the Administration. Did you initiate any? Have they initiated any? Have you sought a pardon from the United States?

Snowden: I have not. And this is something people have actually forgotten. There was a pardon campaign back during the Obama Administration. But I at no point actually asked for pardon myself. It was tremendously gratifying to have this level of support. But as I said, my condition for return is simply a fair trial. Now we didn’t see the Obama Administration talking about a pardon in this way and I think Trump has commented again since then that he thought treatment was very unfair, or could be. And there’s been a lot of speculation that’s come from this. But there’s been no contact. I was as surprised as anyone else to see this. But it’s very interesting to see this President thinking pardoning what a lot of people would consider [laughs] one of the big names in this new war on whistleblowers. And that’s something that we should all support seeing come to an end.

Williams: So no representative for you has done any outreach. No representative for you or you yourself has heard anything from the White House, the Administration, any government types?

Snowden: No. By hook or by crook, there’s been nothing. No contact, anything like that. I think [laughs] if that were happening, it would be certainly news that we would hear through other channels.

Williams: Let’s use plain English. The price for pardons appears to be lavish praise for this President after the fact. Is that something you’re willing to do?

Snowden: Certainly not. I don’t think a pardon is — or should be — conditioned on anything. When you look at the pardon power, it’s constitutionally derived. It’s Article II Section 2. A pardon is not a contract. A pardon is not something that you accept or reject. And it certainly shouldn’t be used as a political tool. And this is why, while I haven’t asked for pardon from the President, I will ask for A Pardon for others. When I mentioned the war on whistleblowers, this is an ongoing and continuing thing. The reason pardon is even being considered, even being debated, the fact that comments from the Attorney General are even hitting the news are because everyone who has followed these cases know, being charged under the Espionage Act as a whistleblower means no fair trial is permitted. And there are people in the United States today, serving time in prison for doing the right thing. And this is why we should see Donald Trump — or any President — end the war on whistleblowers. He should pardon Reality Winner for trying to expose election interference. He should pardon Daniel Hale for revealing abuses in the drone program. Or Terry Albury for trying to expose systemic racism within the FBI. And these are all people who are deserving of pardon. But this, when we look at pardon, pardon is intended to ameliorate unfairness, to fix fundamental flaws in our system of laws or the way they’re being applied. And there’s nowhere this is more clear right now than in the prosecution of whistleblowers under the Espionage Act.

It is, of course, a blatant lie that there has been no outreach.

Just hours earlier (I think about three?), Glenn Greenwald went onto Tucker Carlson’s show — a show that has repeatedly served as a platform for people to pitch pardons — and argued that Trump should pardon Snowden and Julian Assange. Though Glenn had promised he would be talking about journalism, he instead pitched the pardon as a good way for Trump to stick it to the Deep State. Glenn’s pitch was not only premeditated (it had been rescheduled days earlier), but it was delivered to fit Tucker’s 3 minute time slot.

So Glenn lied about defending journalism (rather than just damaging the Deep State), and Snowden lied about there being no outreach. Snowden also, in the other clip, lied about Putin taking no interest in him.

There was one truth told. When Snowden said, “if that [outreach about a pardon] were happening, it would be certainly news that we would hear through other channels,” he was effectively telling the truth. This was news on another channel: Glenn Greenwald, appearing on Fox News, just hours earlier, pitched Trump on a pardon.

Snowden, in turn, suggested that Trump was thinking of ending the “war on whistleblowers” and — at a time when Trump is ending the careers of people who make legal whistleblowing claims upholding democracy, with glee — claimed that there is no place where unfairness is more clear than the prosecution of whistleblowers under the Espionage Act.

I’ll spot Snowden that one for his own self-interest.

Then Snowden calls for a pardon for three others he suggests are serving time in prison. Reality Winner and Terry Albury are serving time. But Daniel Hale is not. He’s out on bail awaiting trial. In other words, Snowden is actually just calling to pardon everyone who leaked to The Intercept.

In fact, unless Trump decides to pardon Hale, who doesn’t have anyone lobbying him on Tucker Carlson’s show, Snowden just made Hale’s life worse.

That’s because the government believes that Hale was “inspired” by Snowden.

Moreover, as argued in more detail in Defendant’s Reply in support of his Motion to Dismiss for Selective or Vindictive Prosecution (filed provisionally as classified), it appears that arbitrary enforcement – one of the risks of a vague criminal prohibition – is exactly what occurred here. Specifically, the FBI repeatedly characterized its investigation in this case as an attempt to identify leakers who had been “inspired” by a specific individual – one whose activity was designed to criticize the government by shedding light on perceived illegalities on the part of the Intelligence Community. In approximately the same timeframe, other leakers reportedly divulged classified information to make the government look good – by, for example, unlawfully divulging classified information about the search for Osama Bin Laden to the makers of the film Zero Dark Thirty, resulting in two separate Inspector General investigations.3 Yet the investigation in this case was not described as a search for leakers generally, or as a search for leakers who tried to glorify the work of the Intelligence Community. Rather, it was described as a search for those who disclosed classified information because they had been “inspired” to divulge improprieties in the intelligence community.

That is, Snowden — who with WikiLeaks’ Sarah Harrison made sure to avoid capture so he could be an inspiration to others to follow — effectively just confirmed what the government has only alleged, and in secret, that there is a tie between him and Hale. In so doing, he has also confirmed an allegation in the superseding Assange indictment.

Between them, Snowden and Glenn are feigning that Trump would pardon anyone out of any concern for journalism or whistleblowing. Both claims are utterly absurd.

And in so doing, they’re going to make sure that any pardon Snowden gets is not because Trump cares about journalism or even wants to rein in spying (he has done the opposite, on both counts), but is done exclusively in the name of damaging the Deep State.