The Anonymous Letter to WaPo

Just when I thought we’d have a long weekend without a big news dump, the WaPo published its story revealing Jared Kushner asked Sergey Kislyak to set up a channel of communication with Russia at Russian facilities at a meeting in early December.

Jared Kushner and Russia’s ambassador to Washington discussed the possibility of setting up a secret and secure communications channel between Trump’s transition team and the Kremlin, using Russian diplomatic facilities in an apparent move to shield their pre-inauguration discussions from monitoring, according to U.S. officials briefed on intelligence reports.

Ambassador Sergei Kislyak reported to his superiors in Moscow that Kushner, then President-elect Trump’s son-in-law and confidant, made the proposal during a meeting on Dec. 1 or 2 at Trump Tower, according to intercepts of Russian communications that were reviewed by U.S. officials. Kislyak said Kushner suggested using Russian diplomatic facilities in the United States for the communications.

The meeting also was attended by Michael Flynn, Trump’s first national security adviser.

That story — and additional details on Kushner’s discussions with UAE — is the big headliner.

But the fascinating detail is that WaPo received an anonymous letter with details of this meeting — and other things that the WaPo suggests it may not yet have confirmed — in mid-December.

The Post was first alerted in mid-December to the meeting by an anonymous letter, which said, among other things, that Kushner had talked to Kislyak about setting up the communications channel. This week, officials, who reviewed the letter and spoke on condition of anonymity to discuss sensitive intelligence, said the portion about the secret channel was consistent with their understanding of events.

For instance, according to those officials and the letter, Kushner conveyed to the Russians that he was aware it would be politically sensitive to meet publicly, but it was necessary for the Trump team to be able to continue their communication with Russian government officials.

In addition to their discussion about setting up the communications channel, Kushner, Flynn and Kislyak also talked about arranging a meeting between a representative of Trump and a “Russian contact” in a third country whose name was not identified, according to the anonymous letter.

So who could have sent the letter?

First, consider the timing. The letter was sent within a few weeks of the meeting itself. In between the meeting and sending of the letter, these very same reporters got the scoop that the CIA believed Russia affirmatively wanted Trump elected, a scoop that pre-empted the President’s call for a report on Russian tampering in the election. A week later, two of these reporters got another confirmation that John Brennan said the other agencies agreed with him on the view that Putin wanted Trump elected.

The letter also got received a few days after John McCain got a copy of Christopher Steele’s dossier (reportedly on December 9), followed just four days later by the last known and by far most incendiary installment of the dossier, which for the first time accused Trump’s campaign of paying the DNC hackers.

In other words, WaPo received the letter at a time when the IC was dumping a ton of information implicating Trump. So perhaps it was a spook who heard Kislyak’s description of the meeting on an intercept.

The dominant narrative on those intercepts, however, has said that the IC wasn’t listening closely to Kislyak intercepts until after Russia did not retaliate in response to the hacking sanctions imposed on December 28, and didn’t find the incriminating Mike Flynn conversations until around January 3. If that’s right, then the IC wouldn’t have heard about this meeting until weeks after the letter was sent. [Update: the NYT version of this–which appears to be damage control from the White House–cites a senior American official stating that they learned about this conversation “several months ago,” which would put it after the letter was sent.]

Of course, with the FBI and CIA getting their own raw feeds of data, it’s possible one agency listened to the intercepts (and had the language skills to understand them) before another did. It’s possible, for example, CIA learned about the meeting before FBI did so in the aftermath of the sanctions concerns.

It’s also possible that the Russians sent the letter — or even that Kislyak made up the Kushner claim as disinformation (remember, by this point there were leaks about FISA orders, with reports that Russian interlocutors were changing their communication habits). But it’s unclear what Russia would have to gain by sending a letter in December, rather than waiting until Kushner had compromised himself. Doing so would eliminate all the control they had gained with the information.

Which (barring a spook sending the letter) would seem to leave a Trump associate. Reportedly, WaPo’s Miller said that the letter appears to come from someone inside the Trump transition. Anyone else at the meeting would seem to be an immediate target for Trump retaliation. Though it is possible that Mike Flynn sent the letter, realizing he was getting set up by Trump, which would make the delay in reporting this detail rather interesting. That said, he would have little reason to do so in December, as opposed to now, given that he faces criminal investigation.

Outside of Flynn, though, it’s not clear many people knew this meeting ever happened, much less what happened in it. The meeting was first disclosed by the New Yorker, following which the White House quickly added (in a story to the NYT) Flynn to the story — suggesting he, and not the President’s son-in-law suggested the communication channel.

Michael T. Flynn, then Donald J. Trump’s incoming national security adviser, had a previously undisclosed meeting with the Russian ambassador in December to “establish a line of communication” between the new administration and the Russian government, the White House said on Thursday.

Jared Kushner, Mr. Trump’s son-in-law and now a senior adviser, also participated in the meeting at Trump Tower with Mr. Flynn and Sergey I. Kislyak, the Russian ambassador. But among Mr. Trump’s inner circle, it is Mr. Flynn who appears to have been the main interlocutor with the Russian envoy — the two were in contact during the campaign and the transition, Mr. Kislyak and current and former American officials have said.

[snip]

“They generally discussed the relationship and it made sense to establish a line of communication,” Ms. Hicks said. “Jared has had meetings with many other foreign countries and representatives — as many as two dozen other foreign countries’ leaders and representatives.”

The Trump Tower meeting lasted 20 minutes, and Mr. Kushner has not met since with Mr. Kislyak, Ms. Hicks said.

It later became clear that Kushner hadn’t even shared that meeting with White House staffers (presumably including Don McGahn) when responding the Mike Flynn firing, much less included them on his security clearance form.

The extent of Mr. Kushner’s interactions with Mr. Kislyak caught some senior members of Mr. Trump’s White House team off guard, in part because he did not mention them last month during a debate then consuming the White House: how to handle the disclosures about Mr. Flynn’s interactions with the Russian ambassador.

Ms. Hicks said that Mr. Trump had authorized Mr. Kushner to have meetings with foreign officials that he felt made sense, and to report back to him if those meetings produced anything of note. She said that because in Mr. Kushner’s view the meetings were inconsequential, it did not occur to him to mention them to senior staff members earlier.

“There was nothing to get out in front of on this,” she said.

So there wouldn’t be that many transition staffers who would know of the meeting by mid-December.

That said, one person who knew about the meeting ahead of time was Marshall Billingslea, who tried to warn Flynn about Kislyak. And his request for the Kislyak profile would have alerted the CIA to his concerns about the meeting.

In any case, there are now reports of still more Kushner communications with Kislyak coming out, going back to April 2016. So the FBI sure has a lot to review.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Sheldon Whitehouse and the Russia Investigation Deconfliction

Laura Rozen has me worried.

She pointed to this CNN article — posted sometime this afternoon — describing Sheldon Whitehouse’s worries that the scope of the DOJ inquiry into Trump and Russia might conflict with the Congressional inquiries.

Sen. Sheldon Whitehouse, the top Democrat on a Judiciary subcommittee, told CNN Thursday that it’s possible Flynn is cooperating with the Justice Department — and that Capitol Hill has not been kept in the loop. He warned that congressional probes that have subpoenaed Flynn for records could undercut Mueller’s investigation if the former national security adviser is secretly working with the Justice Department as part of its broader investigation into possible collusion between Russian officials and Trump associates during the campaign season.

“There is at least a reasonable hypothesis that Mike Flynn is already cooperating with the DOJ investigation and perhaps even has been for some time,” said Whitehouse, a Rhode Island Democrat.

Whitehouse added he had no direct evidence to suggest that Flynn is cooperating with the Justice Department. But he said there is circumstantial evidence to suggest that it could be the case, saying Mueller must immediately detail the situation to “deconflict” with probes on the Hill to “make sure that congressional investigations aren’t inadvertently competing with DOJ criminal investigations.”

[snip]

The Rhode Island Democrat said there are number of factors that suggest Flynn is working the Justice Department in its probe. He pointed out that “all reporting indicates they’ve got him dead to rights on a false statement felony” in his private interview with the FBI over his conversations last year with Russian Ambassador Sergey Kislyak. He also noted that Flynn has gone silent and retroactively signed on as a foreign agent to Turkey. And he noted that a federal grand jury has been summoned and has issued subpoenas to Flynn associates.

“So none of that proves anything but it’s all consistent with the hypothesis that he’s already cooperating,” Whitehouse told CNN.

“But that’s certainly a hypothetical case of a time when we do need need this de-confliction apparatus in place to make sure that congressional investigations aren’t inadvertently competing DOJ criminal investigations.”

Now, in point of fact, that deconfliction has already happened — or at least started. That’s what a May 11 meeting between Rod Rosenstein, Richard Burr, and Mark Warner was described as at the time.

Rosenstein was tight-lipped as he entered and emerged from a secure facility Thursday on Capitol Hill, where he huddled with Senate Intelligence Committee Chairman Richard Burr (R-N.C.) and Vice Chairman Mark R. Warner (D-Va.). The senators said the meeting had been scheduled before Comey’s ouster to discuss “deconfliction” — keeping the FBI’s and committee’s investigations of alleged ties between the Trump campaign and the Russian government from stepping on each other’s toes.

According to reports, the meeting was scheduled before the Jim Comey ouster, so it should reflect the scope of what he was investigating, and therefore presumably resembles the scope of what Robert Mueller will investigate.

But there are three reasons why Whitehouse might be justified in worrying that Congress might fuck up what DOJ is investigating.

Obviously, the first is Mueller: the Comey firing might have reflected some new investigative approach (including Flynn immunity), or Mueller, because of the firing, might be scoping the investigation differently.

A second is jurisdiction. Whitehouse and Lindsey Graham have assumed jurisdiction over the Russia investigation for their subcommittee — and the Senate Judiciary Committee obviously should oversee the FBI. So it may be that former US Attorney Sheldon Whitehouse wants to have a deconflicting conversation for himself, because he knows how investigations work (and for all we know is getting tips from DOJ).

The other is another announcement from this afternoon: that the Senate Intelligence Committee had voted to give Chair Richard Burr and Vice Chair Mark Warner the ability to issue subpoenas themselves going forward, without consulting the committee.

The leaders of the Senate Intelligence Committee now have broad authority to issue subpoenas in the Russia investigation without a full committee vote, Chairman Richard Burr (R-N.C.) said Thursday.

The panel voted unanimously to give Burr and Vice Chairman Mark Warner (D-Va.) the blanket authority for the duration of the investigation into Russia’s election meddling and possible collusion with President Trump’s campaign.

The two Senate leaders must be in agreement in order to issue an order.

Now, as the article notes, thus far, the committee has asked for documents, not testimony. My suspicion is this might have more to do with ensuring Comey’s testimony — promised after Memorial Day — is “compelled” in such a way that DOJ can’t object.

Nevertheless, the power to subpoena does grant someone (like former Trump National Security Advisor Richard Burr) the ability to fuck with the DOJ investigation by potentially working at cross-purposes. To grant immunity (and therefore to fuck up the investigation as happened in Iran-Contra), I think Burr would still need the support of the committee.

Still, this still gives Burr far more power to thwart the investigation, with only Mark Warner (who unlike Whitehouse has never been a prosecutor) to prevent it.

In theory, I think Whitehouse is just pushing for jurisdiction (and for the ability to demand the same kind of deconfliction conversation Burr and Warner have gotten).

But upon reflection, I don’t think his concerns are entirely unjustified.

In any case, I trust Whitehouse (with whatever leftover ties he has to DOJ) to do this review more than Mark Warner.

Update: Burr told Bloomberg he has had a deconfliction conversation with Mueller.

Senate Intelligence Chairman Richard Burr, a Republican from North Carolina, said he has contacted Mueller to discuss their parallel probes of Russian meddling.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Even (Especially?) the FBI Is Susceptible to Fake News

The WaPo has an utterly dispiriting story providing more detail on a document first revealed in this big NYT story on Jim Comey. Here’s how the NYT described it:

During Russia’s hacking campaign against the United States, intelligence agencies could peer, at times, into Russian networks and see what had been taken. Early last year, F.B.I. agents received a batch of hacked documents, and one caught their attention.

The document, which has been described as both a memo and an email, was written by a Democratic operative who expressed confidence that Ms. Lynch would keep the Clinton investigation from going too far, according to several former officials familiar with the document.

Read one way, it was standard Washington political chatter. Read another way, it suggested that a political operative might have insight into Ms. Lynch’s thinking.

[snip]

The document complicated that calculation, according to officials. If Ms. Lynch announced that the case was closed, and Russia leaked the document, Mr. Comey believed it would raise doubts about the independence of the investigation.

But as the WaPo reveals, the document was not an email, but rather a Russian document purportedly reporting on email. And while in August the FBI deemed the document a hoax, it took five months — covering the all important July announcement ending the Hillary investigation — to get to that point.

The document, obtained by the FBI, was a piece of purported analysis by Russian intelligence, the people said. It referred to an email supposedly written by the then-chair of the Democratic National Committee, Rep. Debbie Wasserman Schultz (D-Fla.), and sent to Leonard Benardo, an official with the Open Society Foundations, an organization founded by billionaire George Soros and dedicated to promoting democracy.

The Russian document did not contain a copy of the email, but it described some of the contents of the purported message.

[snip]

Comey had little choice, these people have said, because he feared that if Lynch announced no charges against Clinton, and then the secret document leaked, the legitimacy of the entire case would be questioned.

From the moment the bureau received the document from a source in early March 2016, its veracity was the subject of an internal debate at the FBI. Several people familiar with the matter said the bureau’s doubts about the document hardened in August when officials became more certain that there was nothing to substantiate the claims in the Russian document. FBI officials knew the bureau never had the underlying email with the explosive allegation, if it ever existed.

Yet senior officials at the bureau continued to rely on the document as part of their justification for how they handled the case before and after the election.

As the WaPo lays out, the FBI hadn’t even asked Loretta Lynch, much less the other participants in the alleged emails, about them before Comey used the document to justify his July statement on the investigation into Hillary’s emails. They simply relied on it, in spite of the way a Debbie Wasserman Schultz and George Soros screams of the worst kind of fevered misinformation that circulated last year. Or, at a minimum, they acted based on the assumption that they couldn’t combat evidently fake news were it to leak.

We talk a lot about dumb ordinary voters who can’t sort through PizzaGate and Seth Rich conspiracies on their own.

But even the FBI, with all the investigative tools you can imagine, was unable to sort through fake news. And that had a role in one of the most significant events in last year’s election.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

WannaCry Attribution: Missing the Sarcasm Tag

Parts of the security community have decided that Lazarus, a hacking group associated with North Korea, is behind WannaCry, including the global ransomware attack from a few weeks back. That’s based on significant reuse of code from earlier Lazarus activities.

But to explain certain aspects of the attack — notably, why Lazarus would become incompetent at ransomware after having been perfectly competent at it in the past — proponents of this theory are adopting some curious theories. For example, this — in Symantec’s report on the code reuse — doesn’t make any sense at all.

The small number of Bitcoin wallets used by first version of WannaCry, and its limited spread, indicates that this was not a tool that was shared across cyber crime groups. This provides further evidence that both versions of WannaCry were operated by a single group.

It’s effectively the equivalent of saying, “using just three bitcoin wallets doesn’t make sense [it doesn’t, if your goal is actual ransomware], so we’ll just claim that’s further proof that there must be few people involved.” In interviews, Symantec’s technical director has explained away other inconsistencies in this story by hackers working for a brutal dictator with a penchant for executing those who cross them by suggesting they were moonlighting when they blew up Lazarus’ ransomware by misdeploying it with Eternal Blue.

At the same time, flaws in the WannaCry code, its wide spread, and its demands for payment in the electronic bitcoin before files are decrypted suggest that the hackers were not working for North Korean government objectives in this case, said Vikram Thakur, Symantec’s security response technical director.

“Our confidence is very high that this is the work of people associated with the Lazarus Group, because they had to have source code access,” Thakur said in an interview.

But he added: “We don’t think that this is an operation run by a nation-state.”

With WannaCry, Thakur said, Lazarus Group members could have been moonlighting to make extra money, or they could have left government service, or they could have been contractors without direct obligations to serve only the government.

Krypt3ia has a post making fun of the nonsense theories out there.

  • LAZARUS code snippets found in WANNACRY samples
  • LAZARUS has been active in stealing large sums of money from banks, as this attack was about ransom and money… well… UNDERPANTS GNOMES AND PROFIT!
  • LAZARUS aka Un, would likely love to sow terror by unleashing the digital hounds with malware attacks like this to prove a point, that they are out there and to be afraid.
  • LAZARUS aka Un, might have done this not only to sow fear but also to say to President CRAZYPANTS (Official USSS code name btw) “FEAR US AND OUR CYBER PROWESS
  • LAZARUS aka Un, is poor and needs funds so ransoming hospitals and in the end gathering about $100k is so gonna fill the coffers!
  • LAZARUS aka UNIT 108 players are “Freelancing” and using TTP’s from work to make MO’ MONEY MO’ MONEY MO’ MONEY (No! Someone actually really floated that idea!)
  • LAZARUS is a top flight spooky as shit hacking group that needed to STEAL code from RiskSense (lookit that IPC$ from the pcap yo) to make their shit work.. Huh?

Note the last bullet is a reference to another post he did, where he showed another piece of code in WannaCry was taken from folks working to reverse engineer Eternal Blue for Metasploit. That piece of borrowed code doesn’t permit you to blame the Evil Hermit Kingdom, though, so no one is talking about it.

Perhaps the oddest piece of evidence presented relating the claim North Korea did WannaCry comes from CNBC.

Analysts have been weighing in with various theories on the identity of those behind WannaCry, and some early evidence had pointed to North Korea. The Shadow Brokers endorsed that theory, perhaps to take heat off their own government backers for the disaster.

CNBC must be referring to this passage from Shadow Brokers’ latest screed.

In May, No dumps, theshadowbrokers is eating popcorn and watching “Your Fired” and WannaCry. Is being very strange behavior for crimeware? Killswitch? Crimeware is caring about target country? The oracle is telling theshadowbrokers North Korea is being responsible for the global cyber attack Wanna Cry. Nukes and cyber attacks, America has to go to war, no other choices! (Sarcasm) No new ZeroDays.

As part of a narrative of how reasonable it was to release all these files after they’ve been patched (all the while threatening far more damaging leaks), Shadow Brokers comments on WannaCry. Importantly, it lays out one detail — the kill switches — that doesn’t make sense if the goal was true ransomware, as well as another detail — “caring about target country”? — that I don’t understand. (Russia was hit badly in the attack, the US very lightly, and there were reports that Arabic speaking countries weren’t hard hit, which I find interesting since it is the one Microsoft supported language that for which a ransomware note was not included.)

But the part that CNBC has read to mean Shadow Brokers endorsed this theory instead does nothing of the sort; if anything, it does the opposite. I read it as a comment about how quickly we go from dodgy attribution to calling for war. And it comes with a sarcasm tag!

Moreover, why would you take Shadow Brokers’ endorsement for anything? Either they did WannaCry (which actually seems to be what CNBC suggests; Krypt3ia makes fun of that possibility, too), in which case any endorsement might be disinformation, or they didn’t do it, and they’d have no more clue who did than the rest of us.

The entire exercise in attribution with WannaCry is particularly odd given the assumptions that it is what it looks like, traditional ransomware, in spite of all the evidence to suggest it is not. And so we’ll just ignore obvious tags, like a “sarcasm” tag, because accounting for such details gets very confusing.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

John Brennan Denies a Special Harry Reid Briefing

This passage from John Brennan’s testimony about Russia to the House Intelligence Committee yesterday has gotten a lot of attention:

Through the so-called Gang of Eight process, we kept Congress apprised of these issues as we identified them. Again, in consultation with the White House, I personally briefed the full details of our understanding of Russian attempts to interfere with the election to Congressional leadership, specifically Senators Harry Reid, Mitch McConnell, Dianne Feinstein, and Richard Burr, and to Representatives Paul Ryan, Nancy Pelosi, Devin Nunes, and Adam Schiff between 11 August and 6 September. I provided the same briefing to each of the Gang of Eight members.  Given the highly sensitive nature of what was an active counterintelligence case involving an ongoing Russian effort to interfere in our presidential election, the full details of what we knew at the time were shared only with those members of Congress, each of whom was accompanied by one senior staff member. The substance of those briefings was entirely consistent with the main judgments contained in the January classified and unclassified assessments, namely that Russia’s goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton and harm her electability and potential presidency and to help President Trump’s election chances.

The passage has been used to question why GOP leaders, most especially Mitch McConnell, didn’t react more strongly, particularly given public reports that he wouldn’t sign onto a more aggressive statement about Russian efforts.

As I noted in this post, the record thus far reflects a difference in emphasis (on protecting the election systems rather than on Russian attempts to hurt Clinton).

But I want to look more closely at what Brennan actually said.

His description of the briefings seems to be a denial of what I laid out in this post — the NYT report that he gave Harry Reid a special briefing (one which may have been based on the Christopher Steele dossier) that was more alarming than others.

CIA DIRECTORS SHOULD NOT MEET WITH JUST ONE GANG OF EIGHT MEMBER

The second detail I find most interesting in this story is that John Brennan privately briefed Harry Reid about his concerns about the Russians.

John O. Brennan, the C.I.A. director, was so concerned about the Russian threat that he gave an unusual private briefing in the late summer to Harry Reid, then the Senate Democratic leader.

Top congressional officials had already received briefings on Russia’s meddling, but the one for Mr. Reid appears to have gone further. In a public letter to Mr. Comey several weeks later, Mr. Reid said that “it has become clear that you possess explosive information about close ties and coordination between Donald Trump, his top advisors, and the Russian government — a foreign interest openly hostile to the United States.”

While I’m generally sympathetic to Democrats’ complaints that DOJ should have either remained silent about both investigations or revealed both of them, it was stupid for Brennan to give this private briefing (and I hope he gets grilled about it by HPSCI when he testifies in a few weeks). In addition to the things Reid said publicly about the investigation, it’s fairly clear he and his staffers were also behind some of the key leaks here (and, as CNN reported yesterday, leaks about the investigation actually led targets of it to alter their behavior). For reasons beyond what appears in this story, I think it likely Reid served as a cut-out for Brennan.

And that’s simply not appropriate. There may well have been reasons to avoid briefing Richard Burr (who was advising Trump). But spooks should not be sharing information with just one party. CIA did so during its torture cover-up in ways that are particularly troubling and I find this — while not as bad — equally problematic.

When Brennan said he “provided the same briefing to each of the Gang of Eight members,” he might be seen as denying that the briefing to Reid was anything unusual.

Except this NYT article describes Reid’s as taking place in “late summer” and describes top officials as already having received briefings. Another NYT article describes the special briefing for Reid as having taken place on August 25.

In an Aug. 25 briefing for Harry Reid, then the top Democrat in the Senate, Mr. Brennan indicated that Russia’s hackings appeared aimed at helping Mr. Trump win the November election, according to two former officials with knowledge of the briefing.

The officials said Mr. Brennan also indicated that unnamed advisers to Mr. Trump might be working with the Russians to interfere in the election. The F.B.I. and two congressional committees are now investigating that claim, focusing on possible communications and financial dealings between Russian affiliates and a handful of former advisers to Mr. Trump. So far, no proof of collusion has emerged publicly.

Mr. Trump has rejected any suggestion of a Russian connection as “ridiculous” and “fake news.” The White House has also sought to redirect the focus from the investigation and toward what Mr. Trump has said, with no evidence, was President Barack Obama’s wiretapping of phones in Trump Tower during the presidential campaign.

The C.I.A. and the F.B.I. declined to comment for this article, as did Mr. Brennan and senior lawmakers who were part of the summer briefings.

In the August briefing for Mr. Reid, the two former officials said, Mr. Brennan indicated that the C.I.A., focused on foreign intelligence, was limited in its legal ability to investigate possible connections to Mr. Trump. The officials said Mr. Brennan told Mr. Reid that the F.B.I., in charge of domestic intelligence, would have to lead the way.

As described by the NYT, the Reid briefing went beyond what Brennan says he briefed all the Gang of Eight members on, specially with regards to Trump advisors working with Russia. It’s possible Brennan briefed Reid twice.

Much later in the hearing, Trey Gowdy asked Brennan about the Steele dossier. Some of Brennan’s responses — especially his claim not to know who commissioned the Steele dossier; watch him play with his pen — were not all that believable. Brennan went on to say that the CIA didn’t rely on the dossier, but his denial pertained to the IC report on the hack.

It wasn’t part of the corpus of intelligence, uh, information that we had. It was not in any way used as a basis for the intelligence community assessment that was done, uh, it was not.

Note the funny mouth gesture which used to be Brennan’s main “tell.”

Gowdy being Gowdy was not smart enough to ask whether the dossier was ever used in a briefing to members of Congress.

As I have noted, the IC denials pertaining to the dossier are, um, unconvincing (one two three). That’s all the more true given that Steele has admitted to sharing copies of his dossier with his former employer, who would naturally share with Brennan (elsewhere in the hearing Brennan refused to address what our foreign partners had shared with us).

In any case, it seems to me the question is not so much whether McConnell blew off the seriousness of the Brennan warning, but, still, whether Reid received another briefing–perhaps outside that date scope–that included information McConnell didn’t get.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Did Pompeo Also Get an Obstruction Call from Trump?

The WaPo reports that Trump called both Admiral Mike Rogers and Dan Coats to ask if they could issue statements denying any collusion between Trump’s campaign and Russia.

Trump made separate appeals to the director of national intelligence, Daniel Coats, and to Adm. Michael S. Rogers, the director of the National Security Agency, urging them to publicly deny the existence of any evidence of collusion during the 2016 election.

Coats and Rogers refused to comply with the requests, which they both deemed to be inappropriate, according to two current and two former officials, who spoke on the condition of anonymity to discuss private communications with the president.

If Trump was calling spooks, he presumably would have called all spooks, including CIA Director Mike Pompeo (with whom he is probably closer than the other two). So why aren’t we hearing about that call? Is Pompeo just better at keeping secrets than his counterparts? Or is he hiding it because he didn’t object as strongly as his counterparts?

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The Kushner-Comey Connection

The WaPo is reporting that the FBI probe into ties between Russia and Trump’s campaign is looking at a person still in the White House, in addition to Mike Flynn and Paul Manafort.

The law enforcement investigation into possible coordination between Russia and the Trump campaign has identified a current White House official as a significant person of interest, showing that the probe is reaching into the highest levels of government, according to people familiar with the matter.

Further down in the article, WaPo names some people that might be this other person of interest — but just one of them is actually in the White House.

Current administration officials who have acknowledged contacts with Russian officials include President Trump’s son-in-law, Jared Kushner, as well as Attorney General Jeff Sessions and Secretary of State Rex Tillerson.

Still further down, the WaPo covers what first got me believing Jared Kushner is the ultimate target of this probe: his meeting with Sergey Gorkov, the FSB-trained head of the sanctioned Russian bank, Vnesheconombank.

The White House also has acknowledged that Kushner met with Kislyak, the Russian ambassador to the United States, in late November. Kushner also has acknowledged that he met with the head of a Russian development bank, Vnesheconombank, which has been under U.S. sanctions since July 2014. The president’s son-in-law initially omitted contacts with foreign leaders from a national security questionnaire, though his lawyer has said publicly he submitted the form prematurely and informed the FBI soon after that he would provide an update.

Vnesheconombank handles development for the state, and in early 2015, a man purporting to be one of its New York-based employees was arrested and accused of being an unregistered spy.

That man — Evgeny Buryakov — ultimately pleaded guilty and was eventually deported. He had been in contact with former Trump adviser Carter Page, though Page has said he shared only “basic immaterial information and publicly available research documents” with the Russian. Page was the subject of a secret warrant last year issued by the Foreign Intelligence Surveillance Court, based on suspicions he might have been acting as an agent of the Russian government, according to people familiar with the matter. Page has denied any wrongdoing, and accused the government of violating his civil rights.

As I’ve noted since, there was a lot of smoke coming from Kushner’s direction: first, SSCI’s explicit interest in interviewing Kusher and then two competing stories about a Trump request for CIA’s Sergey Kislyak dossier that only makes sense if the audience were Kushner, not Flynn.

But there are a few more dots (in addition to people claiming to have confirmed this point) that support the idea that Kushner is the ultimate target here, and that Trump, in his clumsy attempts to protect Mike Flynn by firing Jim Comey, is actually attempt to protect the father of his grandchildren.

Back on March 2, Jim Comey’s then still secret Twitter account favorited this NYT article disclosing that Mike Flynn had a previously undisclosed face-to-face meeting with Sergey Kislyak at Trump Tower. (h/t TC)

Michael T. Flynn, then Donald J. Trump’s incoming national security adviser, had a previously undisclosed meeting with the Russian ambassador in December to “establish a line of communication” between the new administration and the Russian government, the White House said on Thursday.

Jared Kushner, Mr. Trump’s son-in-law and now a senior adviser, also participated in the meeting at Trump Tower with Mr. Flynn and Sergey I. Kislyak, the Russian ambassador. But among Mr. Trump’s inner circle, it is Mr. Flynn who appears to have been the main interlocutor with the Russian envoy — the two were in contact during the campaign and the transition, Mr. Kislyak and current and former American officials have said.

[snip]

They generally discussed the relationship and it made sense to establish a line of communication,” Ms. Hicks said. “Jared has had meetings with many other foreign countries and representatives — as many as two dozen other foreign countries’ leaders and representatives.”

The story was presented as White House confirmation of earlier New Yorker reporting that Kushner had the meeting, with the White House newly disclosing Flynn’s presence at it. But we now know that the representation that Kushner’s meeting with Kislyak was just one of a slew of meetings with foreign leaders wasn’t quite right. He had sent an aide to a subsequent meeting, and coming out of that meeting, he met with Gorkov, basically meeting with someone personally lobbying to get rid of Ukraine-related sanctions.

Later that month, though, Mr. Kislyak requested a second meeting, which Mr. Kushner asked a deputy to attend in his stead, officials said. At Mr. Kislyak’s request, Mr. Kushner later met with Sergey N. Gorkov, the chief of Vnesheconombank, which the United States placed on its sanctions list after President Vladimir V. Putin of Russia annexed Crimea and began meddling in Ukraine.

Of course, while we only learned that fact later, when Comey favorited that story on March 2, he would have known the full details of the follow-up communications. In other words, he would recognize that story as yet another case of the White House hiding Russian communications. He would also likely already know that Kushner had not included that meeting on his security clearance form.

We only learned that story on March 27, when the NYT revealed the Senate Intelligence Committee wanted to interview Kushner about the meeting. As I noted at the time, the discussion between Gorkov and Kushner, coming before Flynn’s December 29 discussions with Kislyak, would dramatically change the connotation of Flynn’s discussions of sanctions. Because, while the immediate context of the December 29 discussions would have been the new hacking related sanctions imposed on December 28, with the prior meeting with Gorkov, they would likely also include the Ukrainian ones. That was the payoff discussed in any quid pro quo related to the election: Putin would help elect Trump, and in exchange Trump would end economic sanctions.

Of course, to make the argument that Flynn was offering to give Russia the payoff for the election-related help, you’d have to get Flynn to cooperate. If you got Flynn to cooperate, he’d be able to tell the FBI whether or not those December 29 conversations pertained just to the hacking sanctions or also to the Ukrainian ones.

The FBI has a great many things they can and will use to get Flynn to cooperate, including his undisclosed foreign payments and his lies to the FBI in his January 24 interview.

[Large section based off erroneous reading of Wittes’ post removed.]

When Trump fired Comey, he claimed that Comey had thrice told him “he” wasn’t under investigation. Even assuming Comey did, consider how Trump would understand that and how normal people would. To us, “he” would include just Trump. But to someone like Trump whose only real loyalty is to family, “he” would include his family. Including Kushner.

Trump may well think Flynn is a nice man that deserves his loyalty. More likely, though, Trump knows that Flynn could sink his son-in-law. I believe that’s why Trump had to fire Comey in an effort to undercut the Flynn investigation.

And Rod Rosenstein, the survivor, just picked a partner from the firm of Kushner and Ivanka’s lawyer Jamie Gorelick, Robert Mueller, to take over the investigation into Flynn.

Update: Sure enough, Reuters is reporting that Mueller, by design, may not be able to investigate Kushner or Paul Manafort.

Within hours of Mueller’s appointment on Wednesday, the White House began reviewing the Code of Federal Regulations, which restricts newly hired government lawyers from investigating their prior law firm’s clients for one year after their hiring, the sources said.

An executive order signed by Trump in January extended that period to two years.

Mueller’s former law firm, WilmerHale, represents Trump’s son-in-law Jared Kushner, who met with a Russian bank executive in December, and the president’s former campaign manager Paul Manafort, who is a subject of a federal investigation.

Legal experts said the ethics rule can be waived by the Justice Department, which appointed Mueller. He did not represent Kushner or Manafort directly at his former law firm.

If the department did not grant a waiver, Mueller would be barred from investigating Kushner or Manafort, and this could greatly diminish the scope of the probe, experts said.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Why Did Tom Bossert Claim WannaCry Was Spread Via Phishing?

Writing this post made me look more closely at what Trump’s Homeland Security Czar Tom Bossert said in a briefing on WannaCry on Monday, May 15.

He claimed, having just gotten off the phone with his British counterpart and in spite of evidence to the contrary, that there had been minimal disruption to care in Britain’s DHS.

The UK National Health Care Service announced 48 of its organizations were affected, and that resulted in inaccessible computers and telephone service, but an extremely minimal effect on disruption to patient care.

[snip]

And from the British perspective, I thought it was important to pass along from them two points — one, that they thought it was an extremely small number of patients that might have been inconvenienced and not necessarily a disruption to their clinical care, as opposed to their administrative processes.  And two, that they felt that some of those reports might have been misstated or overblown given how they had gotten themselves into a position of patching.

 

Of course, this may be an issue in the upcoming election, so I can see why Theresa May’s government might want to downplay any impact on patient care, especially since the Tories have long been ignoring IT problems at DHS.

He dodged a follow-up question about whether there might be more tools in the Shadow Brokers haul that would lead to similar attacks in the future, by pointing to our Vulnerabilities Equities Process.

Q    I guess a shorter way to put it would be is there more out there that you’re worried about that would lead to more attacks in the future?

MR. BOSSERT:  I actually think that the United States, more than probably any other country, is extremely careful with their processes about how they handle any vulnerabilities that they’re aware of.  That’s something that we do when we know of the vulnerability, not when we know we lost a vulnerability.  I think that’s a key distinction between us and other countries — and other adversaries that don’t provide any such consideration to their people, customers, or industry.

Obviously, the VEP did not prevent this attack. More importantly, someone in government really needs to start answering what the NSA and CIA (and FBI, if it ever happens) do when their hacking tools get stolen, an issue which Bossert totally ignored.

But I’m most interested in something Bossert said during the original exchange on NSA’s role in all this.

Q    So this is one episode of malware or ransomware.  Do you know from the documents and the cyber hacking tools that were stolen from NSA if there are potentially more out there?

MR. BOSSERT:  So there’s a little bit of a double question there.  Part of that has to do with the underlying vulnerability exploit here used.  I think if I could, I’d rather, instead of directly answering that, and can’t speak to how we do or don’t do our business as a government in that regard, I’d like to instead point out that this was a vulnerability exploit as one part of a much larger tool that was put together by the culpable parties and not by the U.S. government.

So this was not a tool developed by the NSA to hold ransom data.  This was a tool developed by culpable parties, potentially criminals of foreign nation states, that was put together in such a way so to deliver it with phishing emails, put it into embedded documents, and cause an infection in encryption and locking. [my emphasis]

Three days into the WannaCry attack, having spent the weekend consulting with DHS and NSA, Bossert asserted that WannaCry was spread via phishing.

That is a claim that was reported in the press. But even by Monday, I was seeing security researchers persistently question the claim. Over and over they kept looking and failing to find any infections via phishing. And I had already seen several demonstrations showing it didn’t spread via phishing.

Now, Bossert is one of the grown-ups in the Trump Administration. His appointment — and the cybersecurity policy continuity with Obama’s policy — was regarded with relief when it was made, as laid out in this Wired profile.

“People that follow cybersecurity issues will be happy that Tom is involved in those discussions as one of the reasoned voices,” Healey says.

“Frankly, he’s an unusual figure in this White House. He’s not a Bannon. He’s not even a Priebus,” says one former senior Obama administration official who asked to remain unnamed, contrasting Bossert with Trump’s top advisers Stephen Bannon and Reince Priebus. “He has a lot of credibility. He’s very straightforward and level-headed.”

And (as the rest of the profile makes clear) he does know cybersecurity.

So I’m wondering why Bossert was stating that this attack spread by phishing at a time when open source investigation had already largely undermined that hasty claim.

There are at least three possibilities. Perhaps Bossert simply mistated here, accidentally blaming the vector we’ve grown used to blaming. Possibly (though this would be shocking) the best SIGINT agency in the world still hadn’t figured out what a bunch of people on Twitter already had.

Or, perhaps there were some phished infections, which quickly got flooded as the infection spread via SMB. Though that’s unlikely, because the certainty that it didn’t spread via email has only grown since Monday.

So assuming Bossert was, in fact, incorrect when he made this claim, why did have this faulty information?

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The Legitimacy Problem with NSA’s Silence on WannaCry

Over at Matt Suiche’s website, he chronicles the discovery of a way to work around WannaCry’s ransomware. First a guy named Adrien Guinet figured out how the find the prime numbers that had computed the key locking a computer’s files. Then a guy named Benjamin Delpy recreated the effort and tested it against versions up to Windows 7. This is not a cure-all, but it may be a way to restore files encrypted by the attackers.

This of course comes after Suiche and before him Malware Tech set up sinkholes to divert the malware attack. Other security researchers have released tools to prevent the encryption of files after infection.

And all the while, NSA — which made the exploit that made this worm so damaging, EternalBlue — has remained utterly silent. At this point, Lauri Love, who faces 99 years of prison time for alleged hacking in the US, has done more in public to respond to this global ransomware attack than the NSA has.

The most public comment from NSA has come in the form of this WaPo article, which describes “current and former” officials defending the use of EternalBlue and sort of confirming that NSA told Microsoft of the vulnerability. It also revealed the White House called an emergency cabinet meeting to deal with the attack. Department of Homeland Security released a pretty useless statement last Friday. On Monday, Homeland Security Czar Tom Bossert answered questions at the press briefing (sometimes inaccurately, I think), emphasizing that the US is not responsible for the attack.

I’d like to instead point out that this was a vulnerability exploit as one part of a much larger tool that was put together by the culpable parties and not by the U.S. government.

So this was not a tool developed by the NSA to hold ransom data.

That’s it. That’s what we’ve seen of our government’s response to a malware attack that it had a role in creating.

(For what it’s worth, people in the UK have said their cybersecurity organization, the National Cyber Security Centre, has been very helpful.)

Don’t get me wrong. I’m sure folks at NSA have been working frantically to understand and undercut this attack. Surely they’ve been coordinating with the private sector, including Microsoft and more visible victims like FedEx. NSA intervention may even explain why there have been fewer infections in the US than in Europe. There may even be some cooperation between the security people who’ve offered public solutions and the NSA. But if those things have happened, it remains totally secret.

And I understand why NSA would want to remain silent. After all, companies and countries are going to want some accountability for this, and while the hackers deserve the primary blame, NSA’s own practices have already come in for criticism in Europe.

Plus, I’m sure whatever NSA is doing to counter this attack is even more interesting — and therefore more important to keep secret from the attackers — than the really awesome sinkholes and prime number workarounds the security researchers have come up with. It’s worth noting that the attackers and aspiring copy-catters are undoubtedly watching the public discussions in the security community to figure out how to improve the attack (though the WannaCry attackers didn’t seem to want or be able to use the information on sinkholes to their advantage, as the release that fixed that problem is corrupted).

But, in my opinion, NSA’s silence creates a legitimacy problem. This is the premier SIGINT agency in the world, tasked to keep the US (and more directly, DOD networks) safe from such attacks. And it has remained silent while a bunch of researchers and consultants collaborating together have appeared to be the primary defense against the weaponization of an NSA tool.

If 22 year olds fueled by pizza are the best line of defense against global attacks, then it suggests (I’m not endorsing this view, mind you) that we don’t need the NSA.

Update: On Twitter, Jake Williams asked whether NSA would have had a better response if the defensive Information Assurance Directorate hadn’t been disbanded last year by Mike Rogers. I hadn’t thought of that, but it’s a good question.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Wherein emptywheel Avoids Saying Blowjob on the TV

Amid a crazy week traveling, I kept getting asked to do TV, in one case extending a short airport transfer in Chicago overnight to appear on Democracy Now. I thought I’d share today’s interviews.

To explain the Beeb clip above: I have a history of totally bolloxing the time difference in Chicago. So I thought I had another hour to get myself safely ensconced someplace quiet at O’Hare. Instead, they texted me and said I had 5 minutes while I was on the El heading out to O’Hare. So I jumped off at the next stop, huddled down in a shelter and did the interview sitting on the platform. The Beeb did a tremendous job editing out the train and highway noise–I could barely hear myself speak.

Then there’s this Democracy Now interview, which was a comedy of errors in its own way (if one of you wants to walk me through buying my own TV interview earpiece, I’d appreciate the help). I think the interview was good; it’s always a treat to be on with Amy Goodman. But I wanted to call attention to this part of the interview.

MARCY WHEELER: Right. So, this is not Ken Starr. For those of you old enough to remember, Ken Starr was investigating everything and everywhere and couldn’t be fired. And that—the law that authorized such investigations was ended, on the logic that they encouraged kind of wide—they encouraged investigators to keep investigating until they found anything, such as the consensual relationship between Clinton and Monica Lewinsky.

You can too teach an old dog new tricks!

One more note: the lack of make-up in these was not my fault. I thought I was adulting plenty by bringing a jacket with me just in case I had to go adulting somewhere, so I was reasonably okay for the Democracy Now interview. But I didn’t have makeup with me because … why?

Something new to add to my adulting list, now that I’ve mastered translating “blowjob” into “consensual relationship,” and even before coffee: make-up.

Some day soon I might yet grow up.

Update: Adding a link to the Intercepted podcast I was on with Jeremy Scahill and Glenn Greenwald, because it was a lot of fun.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.