Joshua Schulte’s Human Graymail Campaign Targets Mike Pompeo

“Graymail” is a term used to describe when a defendant attempts to make a prosecution involving classified information too difficult for the government to pursue by demanding reams of classified evidence that the government either has to water down to make admissible at trial or argue is not helpful to the defense.

As an example, Scooter Libby employed a defense that he didn’t lie to the grand jury about his efforts to expose Valerie Plame, but rather forgot about those efforts, because he was so distracted by everything scary he reviewed in daily Presidential Daily Briefs. He forced the government to substitute a great deal of information from PDBs and almost upended the trial as a result.

It has been clear for some time that accused Vault 7 leaker Joshua Schulte was employing such a strategy, but with a twist. He obviously has been trying to release as much classified information from the CIA as possible, both through legitimate means and via leaking it. But starting last fall, there was a dispute about how Schulte could serve trial subpoenas on CIA witnesses and whether he had to work through prosecutors to do so; Schulte argued the government was trying to learn his defensive strategy by vetting his subpoenas.

The dispute just surfaced again in the form of a government motion in limine to exclude 3 CIA witnesses and require Schulte to provide justifications for a slew of other CIA witnesses he has subpoenaed. At least 63 CIA witnesses have informed the CIA that he has subpoenaed them, and that’s just the ones who have informed the agency.

The Government understands that the defendant has served at least 69 current or former CIA employees with subpoenas in this case. This includes subpoenas for 23 individuals identified in a preliminary witness list the Government provided to the defense as a courtesy on August 16, 2019, which the Court authorized in an Order dated November 26, 2019 (Dkt. 200), and at least 46 additional subpoenas since then. That number reflects those recipients who have informed the CIA’s Office of General Counsel of the latest subpoenas, as required by CIA regulations.1

1 The Government does not know the precise number of subpoenas that the defendant has issued because the Government is only aware of the subpoenas issued to individuals who have reported receiving them to the CIA’s Office of General Counsel.

With respect to this slew of witnesses, the government asks just that Schulte be required to show that they have firsthand knowledge that is relevant to the trial that would not be cumulative.

But with respect to three, the government offers specific objections. The government’s objections to two — a covert field officer and the Center for Cyber Intelligence’s Chief Counsel — seem utterly reasonable. But the government’s objection to a third — Mike Pompeo, who was CIA Director when WikiLeaks published the leaks — is more dubious.

To the extent it’s discernible given redactions in the government’s motion, here are the objections to those three witnesses.

Lisa: Schulte has subpoenaed a woman pseudonymed “Lisa,” a “high up” customer of CIA’s hacking tools. Schulte argues that because CIA officers did not “warn” her about Schulte, it’s proof of his innocence. The government argues that Schulte is trying to call “Lisa” to testify in part to admit into evidence statements that he made to her, which would be hearsay designed to avoid taking the stand himself.

Erin: Schulte wants to call the Chief Counsel of CCI to testify about things she said in an FBI interview about other potential leads to find the culprit behind the theft. Apparently, she raised an off-site event that took place between March 8-10, 2016 that might play a role. According to the original theory of the case, Schulte used an opportunity when everyone else was gone from the office, possibly during that event, to steal these files. But, as the government points out, Schulte didn’t ask “Jeremy Weber” anything about this event when he was on the stand, even though Weber attended it personally. They note Schulte instead wants to ask someone who wasn’t there — Erin — about it. Plus, as the government notes, Erin is the counsel for the victim of this crime, and as such is protected by attorney-client privilege.

Mike Pompeo: Finally, Schulte wants to call Mike Pompeo. The government wants to exclude Pompeo because, during the period when he was a CIA employee as its Director, he had no direct knowledge of the theft.

While Sec. Pompeo was undoubtedly kept informed about the consequences of the defendant’s crimes and the CIA’s response to secure its systems going forward, he–like virtually all similarly situated high-ranking government officials–received that information through briefings and summaries provided by others, which is quintessential inadmissible hearsay, rather than first-hand knowledge of the facts.

Except that’s probably not why Schulte wants to call him. In fact, I predicted Schulte would call Pompeo back in November.

Notably, the government motion invokes the Senate’s recognition that WikiLeaks resembles “a non-state hostile intelligence service.” That may well backfire in spectacular fashion. That statement didn’t come until over a year after Schulte is alleged to have stolen the files. And the statement was a follow-up to Mike Pompeo’s similar claim, which was a direct response to Schulte’s leak. If I were Schulte, I’d be preparing a subpoena to call Pompeo to testify about why, after the date when Schulte allegedly stole the CIA files, on July 24, 2016, he was still hailing the purported value of WikiLeaks’ releases.

Because of the way the government has argued that Schulte’s choice to leak to WikiLeaks is proof he intended to harm the US, it makes then House Intelligence Chair Mike Pompeo’s celebration of WikiLeaks’ publication of the stolen DNC emails — a celebration that took place months after Schulte is alleged to have sent the emails to WikiLeaks — a pertinent issue.

Given what the government has argued, Pompeo might be required to take the stand and admit that he was just being an asshole who was happy to damage the US if it meant his party would benefit when he celebrated the WikiLeaks publication of stolen DNC emails in July 2016. Of course, that’s the last thing he wants to do — and if he did, his boss, who got elected by cheering such damage, might well fire him. Pompeo’s view of WikiLeaks in July 2016 is all the more relevant given that the government appears to be planning to make … something of the Schulte’s response to these very same leaks.

Schulte is clearly engaged in human graymail with this larger request, and I expect Judge Paul Crotty will agree to the government’s demand that Schulte show some particularized value to each of these CIA witnesses.

But given their efforts to treat WikiLeaks as a particularly damaging kind of leak recipient, I think Schulte may be able to make a compelling argument that Pompeo should have to explain his past enthusiasm for WikiLeaks’ publications.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Geostrategic and Historic Implications of Crypto

If you haven’t already, you should read the superb WaPo story on Crypto, the Swiss encryption company that German and US intelligence agencies secretly owned, allowing them to degrade the encryption used by governments all over the world. The story relies on classified CIA and BND histories obtained by the paper and a German partner.

The decades-long arrangement, among the most closely guarded secrets of the Cold War, is laid bare in a classified, comprehensive CIA history of the operation obtained by The Washington Post and ZDF, a German public broadcaster, in a joint reporting project.

[snip]

The Post was able to read all of the documents, but the source of the material insisted that only excerpts be published.

The CIA and the BND declined to comment, though U.S. and German officials did not dispute the authenticity of the documents. The first is a 96-page account of the operation completed in 2004 by the CIA’s Center for the Study of Intelligence, an internal historical branch. The second is an oral history compiled by German intelligence officials in 2008.

From the 1970s until the early 2000s, the company ensured its encryption had weaknesses that knowing intelligence partners — largely the NSA — exploited. CIA retained control of the company until 2018.

The WaPo correctly puts Crypto in a lineage that includes later spying and politicized fights over which corporations run the global telecommunications system. But it curiously suggests that the US “developed an insatiable appetite for global surveillance” from the project, as if that’s a uniquely American hunger.

Even so, the Crypto operation is relevant to modern espionage. Its reach and duration helps to explain how the United States developed an insatiable appetite for global surveillance that was exposed in 2013 by Edward Snowden. There are also echoes of Crypto in the suspicions swirling around modern companies with alleged links to foreign governments, including the Russian anti-virus firm Kaspersky, a texting app tied to the United Arab Emirates and the Chinese telecommunications giant Huawei.

Any nation-state or powerful non-state actor is going to want access to as much information as it can obtain. Russia, the Gulf states, and China, as well as the unmentioned Israel, are no different.

The story is better understood, in my opinion, as a lesson in how the US, Cold War partner Germany, and several key individuals and companies who could be motivated by Cold War ideology accomplished its spying. It absolutely provides important background to current US efforts to prevent rivals from achieving hegemony over communication structures. But if you didn’t know the US is so worried about Huawei’s dominance because it gives China a way to supplant the US spying footprint, you’re not paying attention.

Some particular features:

  • Crytpo was a Swiss company. That gave it some plausible deniability.
  • The operation struggled to find cryptologists who were good, but not too good. People who could identify weaknesses in the algorithms Crypto used either had to be fired or bought off.
  • The entire scheme worked off a corruption of market forces. The predecessor to Crypto sold shitty encryption to disfavored countries, but the US made up for the lost profits. Then, as integrated circuits presented a challenge for the business, the US leveraged that to get ongoing cooperation. Then CIA and BND bought out the company via a shell company set up in Lichtenstein. To sustain its customer base, Crypto would smear competitors and bribe customers with gifts and prostitutes.
  • The US leveraged its power in the US-German partnership at the core of the operation, forcing the Germans to sell degraded products to allied governments.
  • The ideology of the Cold War proved a powerful motive for some of the key participants, leading them to work for what ultimately was the CIA for no additional funds.

Those features are worth noting as you consider where this capability moved to as Crypto became less valuable:

  • AT&T and other US backbone providers
  • Silicon Valley companies compelled under Section 702 of FISA
  • Various products supported by CIA’s investment arm, In-Q-Tel
  • SWIFT

702 is the big outlier — in that the US government leveraged existing market dominance and actually didn’t hide what was going on to those who paid attention. But that’s changing. The US government is increasingly demanding that its 702 partners — notably both Apple and Facebook — make choices dictated not by a market interest in security but by their demands.

The WaPo story cites some “successes:” nearly complete visibility on Iran, a critical advantage for the UK in the Falklands war, and visibility on Manuel Noriega as he started to outgrow his client role. One wonders what would have happened if the US or its allies had lost visibility on all those key strategic points.

WaPo focuses its challenge to this spying, however, on what the US had to have known about but overlooked: assassination, ethnic cleansing, and atrocities.

The papers largely avoid more unsettling questions, including what the United States knew — and what it did or didn’t do — about countries that used Crypto machines while engaged in assassination plots, ethnic cleansing campaigns and human rights abuses.

The revelations in the documents may provide reason to revisit whether the United States was in position to intervene in, or at least expose, international atrocities, and whether it opted against doing so at times to preserve its access to valuable streams of intelligence.

Nor do the files deal with obvious ethical dilemmas at the core of the operation: the deception and exploitation of adversaries, allies and hundreds of unwitting Crypto employees. Many traveled the world selling or servicing rigged systems with no clue that they were doing so at risk to their own safety.

I’m actually more interested in the latter case, though (though after all, the US was overlooking atrocities in Iran, Panama, and Argentina, in any case).

These atrocities were known in real time, but ideology — largely, the same Cold War ideology that convinced some of the engineers to play along quietly — served to downplay them. The ideology that excuses much of our current spying, terrorism, likewise leads many to excuse Americans and allies overlooking atrocities by our allies (but that, too, is evident without proving they’re reading the SIGINT proving it).

But the solutions to this problem have as much to do with fixing ideology and market forces behind the power structures of the world as it does with protecting the encryption that people around the world can access.

Joshua Schulte’s Hot and Cold Snowden Views

I’ve been tracking the government’s claims that the Vault 7 leaks “relate” to earlier WikiLeaks leaks — including Chelsea Manning’s and Anonymous‘ — Edward Snowden, and Shadow Brokers.

With respect to Snowden, specifically, in a warrant application submitted in 2017 (PDF 150) the government cited Schulte’s search for a specific Snowden tweet on August 4, 2016, just as he started searching for WikiLeaks information.

In a November filing laying out their theory of the crime, the government cited his searches on WikiLeaks and “related” topics in that same time period.

Around this time, Schulte also began regularly to search for information about WikiLeaks. In the approximately six years leading to August 2016, Schulte had conducted one Google search for WikiLeaks. Beginning on or about August 4, 2016 (approximately three months after he stole the Classified Information), Schulte conducted numerous Google searches for WikiLeaks and related terms and visited hundreds of pages that appear to have resulted from those searches. For example, in addition to searching for information about WikiLeaks and Julian Assange, its primary leader, Schulte also conducted searches using the search terms “narcissist snowden,” “wikileaks code,” “wikileaks 2017,” “shadow brokers,” and “shadow broker’s auction bitcoin.” “Snowden” was presumably a reference to Edward Snowden, the former NSA contractor who disclosed information about a purported NSA surveillance program, and “Shadow Brokers” was a reference to a group of hackers who disclosed online computer code that they purportedly obtained from the NSA, beginning in or about August 2016. Indeed, in contrast to the period before August 4, 2016, between that date and March 2017 (when the first of the Leaks occurred), Schulte conducted searches for Wikileaks and related information on at least 30 separate days.

Many of these searches, particularly the Snowden ones, could have been innocuous.

When Schulte’s lawyers tried to complain that Paul Rosenzweig’s inclusion of Manning, Anonymous, and Snowden in his expert testimony on WikiLeaks falsely assumed that Schulte knew of those earlier leaks, the government revealed that in contemporaneous chats, Schulte had commented on both Manning and Snowden.

Moreover, even setting aside the dubious assertion that a member of the U.S. intelligence community could have been completely unaware of WikiLeaks’ serial disclosures of classified and sensitive information and the resulting harm, the Government’s proof at trial will include evidence that the defendant himself was well aware of WikiLeaks’ actions and the harms it caused. For example, WikiLeaks began to disclose classified information Manning provided to the organization beginning in or about April 2010, including purported information about the United States’ activities in Afghanistan. In electronic chats stored on the defendant’s server, the defendant discussed these disclosures. For example, on August 10, 2010, the defendant wrote in a chat “you didn’t read the wikileaks documents did you?” and, after that “al qaeda still has a lot of control in Afghanistan.” In addition, on October 18, 2010, the defendant had another exchange in which he discussed Manning’s disclosures, including the fact that the information provided was classified, came from U.S. military holdings, and that (according to the defendant) it was easy for Manning to steal the classified information and provide it to WikiLeaks. Similarly, in a June 9, 2013 exchange, the defendant compared Manning to Edward Snowden, the contractor who leaked classified information from the National Security Agency, and stated, in substance and in part, that Snowden, unlike Manning, “didnt endanger in [sic] people.”

As I noted, that exchange the very day Snowden came forward might suggest Schulte had a much less critical view of Snowden’s leak than Manning’s.

But that’s not what he told his former CIA colleague, who testified this week under the pseudonym Jeremy Weber. To Weber, Schulte condemned Snowden’s behavior in the strongest terms, arguing Snowden was a traitor who should be executed.

A. I don’t believe so, no.

Q. You don’t remember him ever discussing leakers with you?

A. I, I do remember talking about leakers.

Q. Okay. What do you recall?

A. There was discussion around Snowden.

Q. Okay. And?

A. Schulte felt that Snowden was a — had betrayed his country.

Q. That doesn’t, you know, he seems to have strong opinions on everything. You sure he didn’t say more?

A. He probably would have call him a traitor. Said he should be executed for sure. I don’t remember specific verbiage, but he did express his typical strong opinions.

Q. Right. Then he had those same opinions about Chelsea Manning, correct?

A. Possibly. I don’t remember conversations about Chelsea Manning.

Q. And when he was talking about Snowden, it was clear to you that he strongly believed in the mission of the CIA, correct?

A. Yes.

Q. And he strongly believed that you should do nothing against America, correct?

A. Yes.

Q. And he thought Snowden should be executed, correct?

A. I believe I recall specifically him saying that.

Remarkably, Schulte’s lawyer Sabrina Shroff didn’t seem to expect this answer, even though she made much of the prior interviews Weber had had with what she called prosecutors, but which instead probably reflects having gotten 16 302s for Weber, many of them probably interviews with just FBI agents conducting early interviews as part of the investigation.

Q. You met with each one of these prosecutors, correct?

A. I don’t know if I talked to all of them, but, yes.

Q. You’ve talked to them somewhere between 11 and 15 times?

A. I have no idea what the number was.

Q. March 22, 2017, March 27, April 5, May 8th, May 22, June 1st, August 31. This was all in 2017.

A. Okay.

Q. Do you have any idea how many hours you spent with them in 2017?

A. No, I don’t.

Q. 2018, you met with them on January 12, June 1st, June 11, August 6, November 12, December 12, Any idea how many hours you spent with them?

MR. LAROCHE: Objection.

A. No.

THE COURT: Overruled.

Q. Then you met with them in January. Correct?

A. Yes.

Q. January 14, January 21, and January 29. Correct?

A. Possibly, yes.

Still, if Shroff has 16 302s from Weber and she didn’t know how he would answer this question, whether he and Schulte had ever spoken about Snowden’s leaks, it suggests the FBI and prosecutors never thought to ask someone who had worked side by side with Schulte for 6 years, starting around the same time as the Manning leaks and continuing through the Snowden leaks. Which is pretty remarkable.

The government responded by getting Weber to read from Schulte’s prison notebook where he seemingly advocated for sending top secret documents to WikiLeaks.

Q. Can you please read what the defendant wrote here?

A. “This is a huge wake-up call to U.S. intelligence officers. The Constitution you fight to defend will be” —

MS. SHROFF: Denied.

A. — “denied to you if, God forbid, you are ever accused of a crime. If your government has no allegiance in you, why do you have any allegiance towards your government or associates provided info to the NYT.”

MR. LAROCHE: Can we go up to the next, to the top of this page, please.

Q. Again, is this the defendant’s handwriting?

A. Yes.

Q. Can you please read what the defendant wrote?

A. “Your service in” — defense, maybe, “in” — I don’t recognize that word — “security investigations and pristine criminal history can’t even get you bail. As Joshua Schulte has said, you are denied a presumption of innocence. Ironic, you do your country’s dirty work, but when you — when your country accuses you of a crime, you are arrested and presumed guilty. And” — I don’t — “and” something, “your service. Send all of your secrets here: WikiLeaks.”

The chats from 2013 are not yet in evidence, so the government simply relied on what they had already entered with Weber based off his familiarity with Schulte’s handwriting.

But Shroff will — and already has — argued that you can’t argue the views Schulte expressed after he had been in jail for months were the same ones that motivated his actions in 2016, when he allegedly stole all these files. Weber couldn’t place his conversations about Snowden in time, so his views could have also changed before he leaked the files. But the 2018 prison notebooks cannot be said to reflect Schulte’s views in 2016.

The government seems intent on using Snowden et al to prove a level of mens rea that’s more than they need to prove to get convictions on the Espionage Act charges — that Schulte intended to do harm rather than had reason to know, based off his understanding of classification and the import of those hacking tools, that it would do harm. The varying things Schulte has said about Snowden and others may or may not support that, at least for the Espionage charges tied to the 2016 leaks.

That said, if and when Schulte is sentenced for all this, the testimony that he once claimed to believe leakers like Snowden should be executed may not help him avoid a life sentence.

Calyx Institute has generously funded obtaining these Schulte trial transcripts. Please consider a tax deductible donation to support that effort.

“What is the root user?” Joshua Schulte Set Up the Shared “root” Password He’ll Use in His Defense

In a full day of testimony yesterday, one of Joshua Schulte’s former colleagues, testifying under the name Jeremy Weber (which may be a pseudonym of a pseudonym under the protective order imposed for the trial) introduced a ton of detail about how the engineering group he and Schulte worked in was set up bureaucratically, how the servers were set up, and how relations between Schulte and the rest of the group started to go south in the months and weeks leading up to the date when, the government alleges, he stole CIA’s hacking tools. He also described how devastating the leak was for the CIA.

In that testimony, the government began to lay out their theory of the case: When Schulte lost SysAdmin access to the servers hosting the malware they were working on — and the same day the unit announced they’d soon be moving the last server to which Schulte had administrator privileges under the official SysAdmin group — Schulte went back to the back-up file of the server from the day the fight started blowing up, March 3, 2016, and made a copy of it.

But the government also started previewing what will likely be Schulte’s defense: that some of these servers were available via a shared root password accessible to anyone in their group.

Prosecutor Matthew LaRoche walked Weber through a description of how a “root” user for the ESXi server was used.

Q. What is the root user?

A. The root user, in this situation, “root” was kind of Linux term for the administrative account on the machine, like the default administrator account.

Q. You also mentioned there was a password for the ESXi server?

A. That’s correct.

Q. Was that password stored anywhere?

A. Yes, it was.

Q. Where?

A. It was stored on OSB’s passwords page for some of our services.

Q. What do you mean by OSB’s passwords page?

A. OSB had a lot of virtual machines outside of the Atlassian products that had passwords on them solely because the technology required to have a password and not for security practices, so that — these were often like test machines, and these passwords we kept on a page so that if somebody was leveraging that VM they would have the credentials they needed to log in to it.

Q. Where was that passwords page located?

A. Confluence.

Q. Was it restricted in any way?

A. It was.

Q. How?

A. It was to OSB.

This detail has been public since WikiLeaks first published the documents. I pointed it out here:

Among the pages that got exposed in this week’s Wikileaks dumps of CIA’s hacking tools was a page of Operational Support Branch passwords. For some time the page showed the root password for the network they used for development purposes.

These passwords, as well as one (“password”) for another part of their server, were available on the network site as well.

Throughout the period of updates, it included a meme joking about setting your password to Incorrect.

[snip]

A discussion ensued about what a bad security practice this was.

2015-01-30 14:30 [User #14588054]:

Am I the only one who looked at this page and thought, “I wonder if security would have a heart attack if they saw this.”?

2015-01-30 14:50 [User #7995631]:

Its locked down to the OSB group… idk if that helps.

2015-01-30 15:10 [User #14588054]:

I noticed, but I still cringed when I first saw the page.

I have no idea whether these passwords exacerbated CIA’s exposure. The early 2015 discussion happened well before — at least as we currently understand it — the compromise that led to Wikileaks’ obtaining the files.

It turns out that Schulte himself moved this password onto the ESXi passwords page on or before March 31, 2015, almost a year before he allegedly stole the files.

MR. LAROCHE: Ms. Hurst, can you please publish Government Exhibit 1003, and please just zoom in on the top of the email, the to-from.

Q. Is this another email from the CIA, Mr. Weber?

A. Yes, it is.

Q. When was this email sent?

A. It was sent on March 31, 2015, at 8:20 p.m.

Q. Who sent it?

A. It was sent by Josh Schulte.

Q. Who was it sent to?

A. It was sent to the OSB email group.

Q. How do you know that?

A. The string NCS-IOC-EDG-AED-OSB is a user group and it’s explicit in its naming. NCS was in the org chart above IOC, the rest of those are the groups that we have previously talked about.

Q. It’s a lot of acronyms.

A. It is.

Q. Below that, what’s the subject line?

A. OSB.DevLAN.net VM credentials.

Q. What’s OSB.DevLAN.net?

A. That was the OSB ESXi server.

MR. LAROCHE: Ms. Hurst, if you could please zoom out and then on to the text of the email.

Q. Can you read the first sentence, please?

A. “I’ve modified the OSB’s ESXi server page to contain the passwords and other information directly instead of through the OSB’s passwords page; also updated the permissions to be restricted to everyone outside of OSB.”

Q. Do you understand what he’s referring to by OSB’s ESXi server page?

A. Yes.

Q. What’s he referring to?

A. It was a second page created later to contain information specifically to the ESXi server and the administration of that.

Q. And do you understand what he means by updated the permissions to be restricted to everyone outside of OSB?

A. This was him saying that only people within the OSB — within OSB would have access to read this page.

Q. Now, is this the same ESXi server that as of 2015 was running Confluence and Bamboo?

A. Yes, it was.

I think this is what that page would have looked like, in part, in the March 3, 2016 files, with the same root password set to “mysweetsummer:”

Schulte will eventually argue that he not only recognized that this arrangement — which he set up, per this email — was insecure, but that he warned people about it repeatedly. Weber says that didn’t happen, because if Schulte had complained, he would have told Schulte to fix it.

Q. Are you sure that the defendant never made any complaints that DevLAN was vulnerable to theft?

A. Yes.

Q. Why?

MS. SHROFF: Objection.

THE COURT: Overruled.

A. If he had complained to me about the Atlassian products being vulnerable to theft, I would have told him to fix it. The Atlassian products were our responsibility, and if he had highlighted an issue with that, I would have made it our primary focus to fix that.

The government has already begun showing forensics suggesting the files were stolen via other means.

More importantly, they showed that if Schulte thought the shared root password was insecure, he’s got no one but himself to blame for it.

It’s certainly possible he will point to things he’ll argue are proof that he raised concerns about this arrangement — rather than just joking about it on the development pages (it won’t take too long before we learn which numbered ID WikiLeaks used for Schulte). But there’s already evidence that he’s the one who set it up that way.

Calyx Institute has generously sprung for Schulte transcripts. If you’d like to support the effort, you can make a tax deductible donation to them here.

The FBI Downloaded CIA’s Hacking Tools Using Starbuck’s WiFi

One of the most interesting details from the yesterday’s Joshua Schulte trial involved how the FBI obtained the Vault 7 and Vault 8 materials they entered into evidence yesterday. Because the FBI did not want to download the files onto an existing FBI computer (in part, out of malware concerns) and because they didn’t want to use an FBI IP address, they got a new computer and downloaded all the files at Starbucks.

Q. What were some of the parts of that plan?

A. So, one of the parts would be to obtain a separate computer that wasn’t connected, that wasn’t a previous government computer or connected to our network.

Another component was to just use public wi-fi and not a government-attributable internet connection. And the third part would be to find the best way to store this unique piece of evidence in the best way possible.

Q. Let’s talk about each of those steps. I think you said that you got a nongovernment computer, is that correct?

A. Correct.

Q. Why is that?

A. Just so that when we entered it into evidence, we wouldn’t be taking something from the network and essentially putting it aside indefinitely. And then also, we did not want to download information from the internet, which could potentially contain viruses or malware, to an FBI system.

Q. Do you have an understanding of what was contained within the disclosures made by WikiLeaks?

A. I do.

Q. And what is that information?

A. They were information about CIA hacking tools and cyber-exploitation tools.

Q. What, if any, impact did that have on your decision to use a nongovernment computer?

A. Anytime you download something from the internet, you take a risk. And then given what type of information we were going to acquire, we wanted to take an extra — many extra steps of security to maintain the integrity of our systems as well as be able to get the information and then store it properly.

Q. I think the second part of the plan was using public space to download the leak. Is that correct?

A. Correct.

Q. Why didn’t you download the leak from an FBI facility?

A. So, anytime actions on the internet are traceable as well as downloads, and we didn’t want to use an FBI system. And given the type of information we were going to acquire, we didn’t want to use an FBI system to download the information which could then be traced back to us and potentially implicate the IP address and potentially other investigations.

Q. And why would that be problematic for the FBI?

A. So, anytime actions on the internet are traceable as well as downloads, and we didn’t want to use an FBI system. And given the type of information we were going to acquire, we didn’t want to use an FBI system to download the information which could then be traced back to us and potentially implicate the IP address and potentially other investigations.

Q. And why would that be problematic for the FBI?

The explanation is interesting for more than the seeming validation of Starbuck’s WiFi quality.

It’s also interesting given details of timing and download method.

Q. When did you first go to Starbucks to download the leak?

A. In March of 2018.

Q. And how did you download the leak once you were there?

A. I went to the — used an internet browser, went to the WikiLeaks website first. Didn’t really see a quick way to download all the — the large volume of information, so WikiLeaks had also provided a torrent website, which is essentially just — it was about 15 hyperlinks that connected to zip files to download the bulk of the information that they released.

Q. What is a torrent website?

A. It’s a — it looked — just a blank website, but it had 15 hyperlinks, and each time you clicked on one of the links, it asked if you wanted to save the associated zip file. And then I saw there were 15 of those, and then I just downloaded it that way.

Q. And what is a zip file?

A. Zip file is just a way to compress information. So if you want to send a ton of files over an email or kind of website to website, you can use software to compress that information in a more easily storable format.

Q. Why did you go to the torrent instead of downloading it directly from the website?

A. I did — I tried — I perused the website for a little and didn’t see — given the volume of the information, there wasn’t, to my appearance, a good way to capture all of it. And I knew of this — from our investigation I knew of this torrent address, which had been provided by WikiLeaks too, if you wanted to essentially bulk download all the information.

Q. Did you download those zip files to the computer?

A. I did.

Q. And were you able to unzip those zip files?

A. I was.

Q. Were you able to download any of WikiLeaks’s public statements on that computer?

A. I was.

Q. And how did you do that?

A. Via screenshots.

Q. And you said you downloaded the zip files to the computer?

A. Correct.

Q. How long did that downloading process take?

A. Around an hour.

Q. And approximately how much data was found on those zip
files?

A. Approximately 1.4 gigabytes.

One thing this does is explain that it took an hour to download just what got published on WikiLeaks. This will become a critical detail in proving that the files had to have been stolen from inside CIA — basically the “download speed” argument thrown back at the Russian hack denialists.

By revealing that that amounted to just 1.4GB of material, prosecutors have revealed that what WikiLeaks published was just a fraction of the 1TB of material that, per his contemporaneous Google searches, Schulte stole.

The other thing this description reveals is that WikiLeaks did not include Vault 8, the one case (beyond Marble, the obfuscation tool Schulte wrote) where they published source code, in their Torrent download of the files.

Q. Did there come a time when you went back to Starbucks to download additional materials?

A. I did.

Q. Approximately when did that happen?

A. In May of 2018.

Q. And why did you go back to download additional materials?

A. Through the investigation, we determined that the zip files which I had downloaded contained Vault 7, but it did not contain the Vault 8 release, and we wanted to capture the entirety of what WikiLeaks had put out there from March 2017 to November of 2017.

Q. Were you able to download Vault 8 when you went back?

A. I was.

Q. How did you do that?

A. So, it was a lot less information. I was able to just go to the release that WikiLeaks specified as Vault 8 and download the singular files in that way. It’s just — it’s a kind of like right click, save as.

Q. And did you download the Vault 8 leak on the same computer that you downloaded the Vault 7 leaks?

I’m not sure why WikiLeaks wouldn’t include Vault 8, but I find the decision very curious.

Finally, this story is really interesting from an investigative standpoint. The FBI didn’t download the files they were going to enter into evidence in this trial until March and May of 2018, a year after the leak and a year after they identified Schulte as the leaker. Someone — possibly the CIA, which started to investigate the leak even before the first dump — had done a forensic comparison of the first release within days after the leak. The FBI had access to that.

But they went back a year later and prepared the evidence for that trial.

During the entire period of the Schulte prosecution, prosecutors made it clear the case may involve classified information (so his attorneys needed to be able to get clearance). Starting in January 2018, they made clear the leak would be charged.

But — particularly given the child porn charges he faces would have the same kind of prison sentence that the Espionage charges against him will — they could have forgone the trial (I had heard discussion that just the porn would be charged, so it’s possible that was the initial plan). Yes, they want to make an example of him, but the CIA has had to declassify an unbelievable amount of sensitive information to put Schulte on trial. Plus, the cost for prosecuting this crime is enormous. So I wonder whether they didn’t make the final decision to do this prosecution until 2018.

If so, that would parallel the timing of the Julian Assange prosecution in interesting ways. He was charged in December 2017, then indicted in March 2018, literally the same month that FBI obtained the Vault 7 files to enter into evidence.

Joshua Schulte Opening Arguments

Accused Vault 7 leaker Joshua Schulte’s trial started yesterday. The first transcript, covering (very short) opening arguments and Paul Rosenzweig’s testimony, is here (Calyx Institute sprung for the transcripts).

The opening arguments were interesting for two reasons. First, the government revealed something that had not been in filings before: they’re certain that Joshua Schulte stole the backup dated March 3, the date his supervisors took actions because of his fight with a colleague.

And the evidence will show that shortly after Schulte had broken back into the system, he stole an entire backup, a copy of all those secrets. And not just any backup, actually one that meant something to him. He stole the backup from March 3, 2016, the very day that Schulte felt the CIA had wronged him, by dismissing his false accusations against his co-worker. The exact backup, the exact secrets, put out by WikiLeaks.

The government had originally believed the files were stolen on March 7, the one year anniversary of the leak. This detail now makes it clear that the initial assessment, regarding the date of the files, has never changed.

Schulte’s lawyer, Sabrina Shroff, did not adjust her opening argument to adjust for this level of detail. She claimed that the government has changed it story about when the files were stolen.

Not only is the government’s story implausible, it keeps changing. And you will hear about this. You will hear that the government and the FBI agents first said that the data was taken from the CIA in March of 2016. They identify for you a very specific time period of when they think this data was stolen, March 7th or 8th of 2016. But now they will tell you, and now they have told you, in fact, that their first theory was wrong.

That’s true, but with the assertion that the March 3, 2016 backup was stolen, the government doubles down on their same initial theory.

Shroff also falsely claimed that CIA did not know the files were stolen until they were published on March 7, 2017.

The CIA had no idea — no idea at all — how these documents were leaked.

Julian Assange was months into an attempt to use these files to obtain immunity; the CIA had started an investigation at least as soon as that started, which is one of the reasons they had concluded Schulte might be the culprit by the time the files were leaked.

Having made that false claim, Shroff makes much of the fact that WikiLeaks sat on the files for a year.

Does the government even know when this happened? They claim to, but let’s just examine that. All they know is WikiLeaks published the information on March 7, 2017. The government’s theory is that the information was stolen almost a year before that, leaked to WikiLeaks, and for a whole year, WikiLeaks just sat on the information. The government wants you to believe that this information — this is national defense information that everybody wanted, that the CIA worked so very hard to keep secret — was released to WikiLeaks and WikiLeaks sat on that information — sensational, mind-blowing, news-creating information — for a year. Does that make any sense to you? An organization that wants to spread information, give out the news, sits on information for a whole year.

This might open the trial up for discussions of how WikiLeaks attempted to use the files to try to extort a pardon. It certainly will open up discussions about other things she’d probably not discuss.

Perhaps most curiously, Shroff makes much of the fact that (she says) the government can’t prove how the files got to WikiLeaks.

You will see that they have no evidence that WikiLeaks was the first entity, person, government, foreign agency to get that information. They will be able to give you no such evidence, so they will shift.

[snip]

The CIA still does not know, and as you hear the government put in evidence after evidence, you will see that they will never be able to tell you how the evidence was taken, whether, in fact, WikiLeaks was the only entity that got it.

She may know Schulte used a cut-out. If so, staking her case on this may not help her.

Methinks Joshua Schulte Doth Protest Too Much over Anonymous

Accused Vault 7 leaker Joshua Schulte — whose trial starts Monday — and the government are having a fight over Paul Rosenzweig’s expert witness testimony again (see this post for the most comprehensive coverage of this dispute). Rosenzweig submitted the Powerpoint he plans to use at trial. Schulte raised objections to the Powerpoint as a whole and to specific slides on it. And the government responded, offering to make some modifications.

The general complaint from Schulte is that the government is using Rosenzweig to introduce otherwise inadmissible hearsay. In one case, the government has agreed to withdraw the claim (a quote from Fred Kaplan, who in my opinion is not particularly reliable with respect to WikiLeaks in any case). The government makes two responses of particular interest. First, that experts are allowed to draw on periodicals to make their conclusions.

Moreover, the defendant’s objection to the introduction of statements from respected news publications ignores that the Rules of Evidence expressly provide for the introduction of such material. Federal Rule of Evidence 803(18) expressly permits the recitation of “[a] statement contained in a . . . periodical . . . if . . . the statement is . . . relied on by the expert on direct examination; and . . . the publication is established as a reliable authority by the expert’s admission or testimony, by another expert’s testimony, or by judicial notice.”

After pulling the Kaplan quote, there’s not really much left in the slide deck that quotes journalistic sources, aside from direct quotes about the diplomatic backlash to the State cables. But what the government doesn’t say is that WikiLeaks presents itself as a respected news publication, which if they truly believe is true should allow introducing the WikiLeaks material as such.

But the government wants to prevent that from coming into evidence (even though Schulte warned that calling Rosenzweig would invite it). Indeed, rather than including material from the About page that Schulte would like to include that makes that point,

The excerpts from the WikiLeaks website are taken out of context. If the government is permitted to introduce two sentences from the lengthy “about” page on WikiLeaks.org, the defense would be entitled to introduce other portions of that page, including that WikiLeaks is a “multi-national media organization and associated library,” that it has “contractual relationships” with more than 100 major media organizations, and that it has won numerous media awards. See https://wikileaks.org/What-is-WikiLeaks.html.

The government has offered to pull this slide:

Rather than conceding (or even mentioning) WikiLeaks’ claim to be a respected media outlet, the government says it can introduce the vast majority of the clips from WikiLeaks’ site because they are not assertions at all.

Indeed, other than WikiLeaks’ statements regarding the content of the Vault 7 leaks, the particular statements from WikiLeaks and Assange about which Mr. Rosenzweig will testify are not “statements” or “assertions” such that the rule against hearsay is even applicable.

That’s true. Some of what Rosenzweig plans to submit includes the pre-release hype WikiLeaks gave the Vault 7 release, including the release purporting to show the US had infiltrated French political parties (which it claimed provided justification for the Vault 7 release) and slides emphasizing the spookiness of the release, including this one invoking Chelsea Manning and Edward Snowden in the same breath as Julian Assange.

Other slides capture the instructions WikiLeaks gives to leakers, including to contact WikiLeaks if you have very large submissions (as this was) and to format and dispose of hard drives.

The government will claim Schulte followed some — but not all — of these instructions, in part because he couldn’t dispose of his CIA workstation, and in part because he kept the hard drives and a thumb drive he used to exfiltrate the files.

Mind you, WikiLeaks didn’t warn leakers not to Google everything they were doing as they did it, which is the really damning evidence against Schulte.

In any case, I can’t help but imagine we’ll be seeing this very same slide deck in a trial in EDVA (if Assange is ever extradited), as it shows a continuation of the kinds of activities charged in the existing Assange indictment. Assange’s extradition hearing has been split into two, with the second starting in May, so the government would have plenty of time to add such charges after this trial (which may last a month).

In addition to Rosenzweig’s refusal to include WikiLeaks’ awards (which I would imagine Schulte will bring out on cross in any case, though I honestly wonder why they didn’t bring in their own expert to present such material), one Schulte claim that absolutely has merit is that Rosenzweig should not use the WikiLeaks logo on all these slides.

Each page of the power point has the WikiLeaks logo and name from the WikiLeaks website as if the power point document itself was created by WikiLeaks. This creates a misleading impression and should be removed.

Schulte doesn’t lay out what misleading impression the logo provides, but I would argue it suggests that WikiLeaks endorses some of the content in the slide deck, pertaining to damage or the characterization of certain leaks. The government says this misleading impression can be avoided with an instruction.

With respect to the inclusion of the WikiLeaks logo on the relevant pages of the Demonstrative, WikiLeaks is the subject of his testimony, and it is reasonable to include it as a header. To avoid any confusion, the Government will elicit from Mr. Rosenzweig that the Demonstrative as a whole was prepared as a demonstrative aid for his testimony and was not produced by WikiLeaks.

I vehemently disagree with this stance. Over half of people are visual learners (indeed, the government will rely on visual reenactments to show how they claim Schulte stole the files). The logo on this slide deck ascribes to WikiLeaks things that they would strongly dispute. Particularly given that Rosenzweig is claiming there are three official WikiLeaks channels — the site, the WikiLeaks Twitter account, and Assange’s Twitter account — it is imperative that he differentiate in his presentation between what is official and what is his own analysis.

All of which is to say that, as predicted, calling Rosenzweig will invite a dispute over what kind of organization WikiLeaks really is (which is probably the point).

All that said, I’m frankly stunned that, amidst all the other slides in this presentation — including the one showing convicted leaker Chelsea Manning (whose leaks, the government will show, Schulte viewed as damaging in real time) and admitted leaker Edward Snowden (whom the government will show Schulte was Googling at a key time in August as he was also Googling WikiLeaks for almost the first time) — Schulte objects, again, to the invocation of Anonymous in this slide.

Having not objected that the government will raise Chelsea Manning and not objected that the government will raise Edward Snowden, Schulte is objecting that they’re raising Jeremy Hammond — like Manning, a confessed WikiLeaks source — and a 2010 operation to punish Paypal and others for blacklisting WikiLeaks.

We renew our objections to references to Anonymous, which are irrelevant and prejudicial.

As I have laid out, the way in which Schulte himself adopted the identity of Anonymous as part of his effort to leak to the WaPo from jail links together the three main pieces of evidence of that — his Signal texts with Shane Harris, his ProtonMail account in the name of Anonymous, and his prison notebooks. Schulte’s the one who claimed to be Anonymous, whether or not it’s true (and given the ethics the group adopts about membership, by claiming to be a member he basically is one). Anonymous’ tie to WikiLeaks is clearly admissible evidence based on Schulte’s own actions.

Schulte deems the invocation of Anonymous to suggest “concerted activity” that is more disturbing than simply stealing CIA’s hacking tools and leaking them to WikiLeaks in an effort to burn CIA to the ground out of spite for being made to sit in what Schulte considered an “intern desk” rather than a “prestigious desk with a window,” which is the motive the government says it will present.

The evidence of claimed participation in a shadowy, underground group infamous for cyber-attacks and dumping on WikiLeaks is unduly prejudicial as it suggests concerted activity of a type even more disturbing than what is charged.

The evidence suggests that Schulte adopted at least three personalities to leak from jail, deliberately attempting to present the illusion of concerted activity. Given the concerted concern about Anonymous amid all the equally damning references, perhaps some of Schulte’s imaginary friends aren’t actually imaginary?

As I disclosed in 2018, I provided information to the FBI in 2017. The government recently stated publicly that matters on which I shared information are related to Schulte. Aside from two press inquiries, I have not spoken with the government about Schulte.

Joshua Schulte Wanted to Include Instructions to Contact WikiLeaks in a Pro Se Motion

The lawyers for accused Vault 7 leaker Joshua Schulte made a last ditch effort yesterday to limit how much information from his prison notebooks can be admitted as evidence in his trial starting next week. Perhaps inadvertently, the letter provides new details about why the government believes Schulte was trying to leak from jail, as well as some hints about why his lawyers claim they may be responsible for some of his exposure on those charges.

As I had noted, the government wants to include a passage from his notebooks instructing somebody to “ask WikiLeaks” if they need help to prove that Schulte had knowledge of what WikiLeaks had received.

“Ask WikiLeaks” (014099) (undated): In the middle of the page, the defendant writes, “If you need help ask WikiLeaks for my code.”3 The defendant’s direction to consult WikiLeaks about his “code” is admissible as Nonpublic Information Evidence, because it is a statement that WikiLeaks is in possession of source code for tools upon which the defendant worked and that are contained in the back-up file that was stolen, even though WikiLeaks has not publicly disclosed that it possesses any source code for all of the tools. Schulte’s knowledge of non-public aspects of the information that was given to WikiLeaks helps to demonstrate that he was the one who gave that information to WikiLeaks in the first place.

Schulte’s lawyers argue, unpersuasively, that this is not relevant, though they also argue that it is “privileged information or work product” because the passage is part of a pro se motion Schulte was trying to draft.

  • “If you need help ask WikiLeaks for my code.” Gov. Ltr. 8. The government says that this sentence means that “WikiLeaks is in possession of source code for tools upon which the defendant worked and that are continued in the backup file that was stolen, even though WikiLeaks has not publicly disclosed that it possesses any source code for all of the tools.”

Nothing in the unredacted portion of Page JAS_022627 (classified #014099) is relevant to the government’s case. On the contrary, the beginning of the page is clearly part of a legal motion that Mr. Schulte was drafting. The top of the page states: “You can create a forensic copy of the device & then have control over it. There has been no reason over this past year that we would not have had access to this critical evidence except that the prosecutors have lied to your honor & played games.” This is privileged information or work product and is therefore not admissible.

Obviously, Schulte’s lawyers are wrong that this is not relevant to the government’s case, either on the MCC charges or the charges in chief. They don’t deny that this reflects knowledge that WikiLeaks has source code that Schulte wrote; they simply remain silent about it.

They’re instead making a half-hearted attempt to argue that it pertains to Schulte’s defense. That is, they’re arguing that in a pro se motion addressed to Judge Crotty, Schulte included instructions about how to use the code he wrote for the CIA to do something, possibly obtain forensic evidence from the CIA that the government had not yet turned over.

While the privilege claim, half-hearted as it is, is an interesting one, Schulte’s argument in some ways makes this passage more damning. After all, he had already, by this point, included allegedly classified information in a pro se bail motion. Around this period he tried to release information publicly via a pro se motion again, though the government pulled it from PACER before most people could access it. Schulte eventually would submit a pro se lawsuit challenging his SAMs designation that happened to make many of the same claims he had made in his “Presumption of Innocence” blog and alluded to some of the same challenges he had tried to make to warrants by leaking protected or classified information (though the government has not claimed it included classified information). That is, the record suggests that Schulte was using his pro se motions to communicate publicly as much as to mount legal arguments (though his pro se motion raises some important points about our shitty criminal justice system amid a lot of dreck and lies).

That makes the second part of what Schulte’s lawyers claim was a planned pro se motion all the more interesting. The government wants to present a page that appears 37 Bates stamp numbers later in Schulte’s notebook which lists a bunch of potentially classified topics.

“What We Expect to Find in Emails” (014136) (undated): At the top of this page, the defendant writes “What we expect to find in emails.” On the remainder of the page, the defendant writes a list of items, many of which contained classified information. This portion of the Blue Notebook is admissible as Intent Evidence and MCC Classified Information Evidence, because it shows the defendant cataloguing classified information that, if publicly disclosed, would likely be harmful to the United States. Indeed, some of the categories of information identified by the defendant on this page—such as certain operations—is the same as the classified information contained in the Fake Authentication Tweet, which serves to show that the defendant’s intent was to collect these materials for dissemination, not for any legitimate purpose related to his defense.

As noted, Schulte claims that this passage was not part of Schulte’s planned “New Articles,” which appears 22 pages earlier in the notebook, but instead the pro se motion. His defense claims this was a Fifth Amendment one, which I’m not sure I understand; it seems more like a selective prosecution challenge, but then they’re not engaging with the substance here.

What We Expect to Find in Emails (014136) (undated). This page is clearly part of Mr. Schulte’s pro se motion to dismiss under the Fifth Amendment for prosecutorial misconduct. The Fifth Amendment is referenced at the top of the right-hand page. As such it is privileged work product. In addition, the government has not specified which part of this page contains classified information and because the handwriting is not always legible the defense cannot fairly guess the offending part. Again this seems more a statement of Mr. Schulte’s political viewpoint, now as a wrongfully charged and detained defendant, and even were it not privileged, it would be irrelevant and unduly prejudicial.

In any case, even Schulte’s own lawyers are saying that Schulte wanted to submit a pro se motion that, first, instructed someone to use a tool he wrote for the CIA that could be obtained by asking WikiLeaks, possibly to find a bunch of email that includes classified information about CIA operations.

I can see how, in the wake of being busted once trying to spread protected information via pro se motion, his attorneys might advise him to draft any pro se motions in his notebook (at the time he had a classified discovery computer, but it’s not clear what he could write and save on it), which they could then review to make sure he wasn’t getting himself in more legal trouble. But then, when it was discovered, the government used it to claim he intended to leak more classified information.

Yet Schulte’s letter — in conjunction with evidence the government has said they’d submit at trial if the attorney-client advice issue came up — makes it clear that he was unhappy with his lawyer, Sabrina Shroff’s advice.

Finally, the government’s more general assertion that the conflict surrounding the MCC notebooks has somehow “disappear[ed]” based on the court’s ruling over objection that Mr. Schulte may not raise an advice-of-counsel defense is also incorrect. Gov. Ltr. 1. Indeed, the specific pages the government seeks to introduce include work product in preparation for Mr. Schulte’s defense. Some the pages that the government seeks to introduce also specifically mention “Sabrina” and refer to his family reaching out to different defense lawyers, strongly implying that Mr. Schulte had concerns about his current defense team. These portions of the notebooks only highlight the inherent conflict that the current defense team faces in representing Mr. Schulte. Additionally, if Mr. Schulte is convicted, this issue will surely be taken up on appeal, and may well cause a reversal of a conviction. The issue will only begin to “disappear” if the notebooks are excluded from the trial.

The government could easily show — and will, when Schulte appeals based on this argument — that at the time Shroff was trying to get him to stop trying to go public, he was threatening to go around her.

For example, the Government has described to the defense how, if the defendant offered his counsel’s testimony, the Government would likely rely on recorded prison calls in which the defendant criticized defense counsel’s advice, including, for example, calls in which the defendant stated that he would “go around” Ms. Shroff to disclose information to the media, despite her objections to this strategy.

In other words, written at a time when Schulte was trying to bypass Shroff, submitting a pro se motion including instructions on how to get and use one of the hacking tools he wrote, possibly to obtain classified emails, it could be seen as an attempt to use the pro se motion to leak information (or instruct others how to get and leak it). There’s no chance that that address, “If you need help ask WikiLeaks for my code,” was intended for Judge Crotty (who, in his writings, Schulte describes in very unfavorable terms), after all. Nor is it clear how someone as smart as Schulte is would include information confirming his role in the leak in a pro se motion claiming that prosecutors had unfairly targeted him.

All of which makes it interesting, to me, that this last-ditch letter addressing Schulte’s notebooks mounts an effort to get all reference to Anonymous, specifically, excluded from trial.

The government also again makes repeated reference to the “Anonymous” group. Dkt 257, at 5, 12, 17. As explained in our response to the motions in limine, all reference to Anonymous should be excluded under Rule 404(b).

[snip]

The defense continues to object to any mention of Autonomous [sic] as unduly prejudicial and because it may confuse the jury.

The government has said it will introduce evidence that Schulte, in real time in 2010, opined that Chelsea Manning’s leaks to WikiLeaks had done damage, which not only proves that he followed historical WikiLeaks releases but believed that the way WikiLeaks had released her leaks did some damage. That piece of evidence is utterly damning in support of a claim that Schulte intended to damage the US with his alleged leaks. And the defense is focusing, instead, on Schulte’s self-proclaimed reference to Anonymous?!?!?

While Schulte’s team doesn’t specifically reference which arguments it relies on here, weeks ago, the defense made this argument about why mentioning Anonymous would be prejudicial.

The government has provided no justification to introduce comments about Anonymous, which must be excluded under Rule 404(b). The government offers no support why it should be allowed to introduce “additional communications with the Reporter, including encrypted communications in which [Mr.] Schulte claims to have been [a] member of the group Anonymous, which is a group known for conducting cyber-attacks that has provided documents to WikiLeaks in the past.” Gov. Mot. 33. This “additional” evidence is clearly not part of the charged offenses nor is it inextricably intertwined with them. The jury will discern no gaps in the government’s case if it is not included in the proof. Instead, it is just classic “bad act” evidence that would be purely prejudicial. The evidence of claimed participation in a shadowy, underground group infamous for cyber-attacks and dumping on WikiLeaks is unduly prejudicial as it suggests concerted activity of a type even more disturbing than what is charged.

[snip]

The government also states that Mr. Rosenzweig will testify that in 2012 “Anonymous and WikiLeaks worked together to release information.” Gov. Res. 13. This testimony will “aid the jury in understanding the hacking group’s relationship with WikiLeaks” and that Mr. Schulte had “contact with access to WikiLeaks. Gov. Res. 13. As explained above, supra Point II(C)(1), information about Anonymous should be excluded from the trial.

That is, when Schulte’s team wrote this weeks ago (when they were trying unsuccessfully to exclude Paul Rosenzweig’s testimony about what Anonymous is and its past relationship with WikiLeaks), they focused only on the prejudicial aspect. Now, they’re claiming that discussion of Anonymous will confuse the jury, except that’s precisely why the government wanted Rosenzweig to explain what Anonymous is.

But we now know how inadequate this argument is.

Remember: the letter Schulte sent yesterday is an attempt to get Schulte’s notebooks (or at least the most damning parts of them) excluded from trial. But their reference to the government’s plan to introduce references to Anonymous in the letter actually draws from four different kinds of evidence: his notebooks, the Samsung phone he used in jail, and Signal texts and ProtonMail he used to contact a reporter (who warrant affidavits and recent filings have confirmed is WaPo’s Shane Harris).

Partly, the references to Anonymous prove that Schulte used the Samsung phone and the Annon ProtonMail account (the passwords for the ProtonMail accounts were also in the notebook), and that therefore the Signal texts that remain on the phone were sent by him.

In his correspondence with the Reporter, the defendant, pretending to be the defendant’s family and friends, asked the Reporter to send him the versions of the defendant’s articles that the defendant and his family had previously provided to the Reporter. When the Reporter demurred and sought confirmation from the defendant’s family whether the Reporter could provide the defendant’s articles to the user of the Annon Account, the defendant, posing as a member of his family, used a secure messaging application, Signal, to authorize release of the articles. In these Signal communications (the “Signal Messages”), the defendant claimed that the user of the Annon Account was a member of the hacktivist group Anonymous, of which, according to the defendant, the defendant was once a member. Anonymous has collaborated in the past with WikiLeaks to disclose stolen sensitive information.

[snip]

Signal and Twitter to Send Articles and Tweets (014327) (Sept. 2, 2018): In this portion of the Red Notebook, Schulte writes, among other things, “Well its September now. Locked in all day. Hopefully tonight I can setup Signal from my cell & msg [last name of the Reporter] to confirm anon’s permission and get my fucking articles. I also need to confirm my twitter.” This page contains Use Evidence. In particular, the defendant references setting up Signal “from my cell”—which supports that the defendant was using Signal on the Samsung Phone—to confirm “anon’s permission”—which shows that the defendant was using the Anon Account to “get [his] fucking articles.” The defendant also made clear that he had created a Twitter account when he wrote “I also need to confirm my twitter.”

[snip]

The Samsung Phone: Although the Samsung Phone was not found in the defendant’s cell, the Government intends to show that it was one of the cellphones that the defendant used at the MCC through various pieces of evidence, including by comparing identifying information appearing on the Samsung Phone to one of the images taken by CW-1 of one of the cellphones the defendant used in prison. The Samsung Phone contains, among other things, evidence that Encrypted Email Accounts were accessed on the cellphone, but not the actual communications from those accounts. The Samsung Phone also contains the Signal Messages in which the defendant, among other things, pretended to be a third person and attempted to convince the Reporter that the user of one of the Encrypted Email Accounts with whom the Reporter was corresponding (but who was in fact the defendant) is a member of the online hacktivist group Anonymous who is trying to help the defendant.

The Encrypted Email Accounts: The Annon Account contains the defendant’s correspondence with the Reporter, including the September 2018 Emails that attached the classified Network Structure Document and the Protected Search Warrant. The other Encrypted Email Accounts also contain records related to the defendant’s use and control of the Social Media Accounts, such as, for example, email notifications when the defendant modified the Social Media Accounts.

If I understand all this correctly, not only did Schulte use a ProtonMail account claiming to be a member of Anonymous to send details of CIA’s network structure to Harris (one of the charged pieces of classified information), but also used it to try to get him to send Schulte the original copies of his blog posts. Schulte was pretending to be a member of Anonymous on ProtonMail and a member of his family on Signal. And Schulte documented that scheme in his notebook in some of the references that Schulte’s lawyers want to exclude (though which they don’t lay out in such a way to show how it glues everything Schulte was doing from jail together).

But there’s still one more reference of Anonymous, tying it directly to the content that Schulte wanted to release: the Malware of the Mind article that reportedly discussed what he did at CIA.

Identifying Malware of the Mind as Article 10 (014319): On this page, the defendant identifies the Malware Article as article 10: “I’m hoping to write /edit my 9 articles. I don’t know how I can them—oh I may text [the Reporter] from [my cousin’s] number. Omar claims that some service exists to do this – I’m dubious. [Redacted]. Although I feel this may not work either . . . IDK Basically on hold for my publication. Secondly, I want to rewrite article #10: Malware of the Mind!” After a line drawn on the page, the page also includes, among other things, the phrase “Anonymous,” and the phrase “classified information.” This entry includes Intent Evidence, in that it shows that the defendant plans to re-draft his articles, including the Malware Article. Furthermore, the defendant’s statement that he might text the Reporter from his cousin’s telephone number, thus continuing to conceal his identity during those communications, is Guilty Conscience Evidence. Finally, the defendant’s reference to “Anonymous” and “classified information” is consistent with the defendant’s claims in his Signal messages that Anonymous is seeking to help prove his innocence by providing information to the Reporter.

The defense claims all this is prejudicial because, “it suggests concerted activity of a type even more disturbing than what is charged.” Except, by claiming that Schulte planned to include instructions in a pro se motion that people other than Judge Crotty — people with access to WikiLeaks — might use go get the code he wrote from WikiLeaks, possibly to obtain emails of classified information suggests that may well be what Schulte was attempting.

The government and Schulte are also arguing over what measures the government can use to protect the identities of a slew of CIA witnesses who will testify. Schulte has good reason to complain. In past trials (Jeffrey Sterling’s trial is being cited as precedent), the government engaged in a great deal of theater to make CIA witnesses — including witnesses whose CIA tie had already been declassified, as some of the witnesses here have been — seem especially momentous. Some of that is undoubtedly going on here. But if the government believes (and this letter from his defense does nothing to rebut that belief) that Schulte is using every opportunity in his prosecution to leak more information, there’s actually a solid case for some of those measures.

As I disclosed in 2018, I provided information to the FBI in 2017. The government recently stated publicly that matters on which I shared information are related to Schulte. Aside from two press inquiries, I have not spoken with the government about Schulte.

Joshua Schulte Spoke Positively of Edward Snowden the Day Snowden Came Forward

Here I thought that Joshua Schulte’s lawyers had finally come up with a decent argument, that Paul Rosenzweig’s testimony would be pointless to prove that Schulte, in choosing to leak to WikiLeaks, intended to damage the US because the government would have to prove Schulte knew of WikiLeaks when he allegedly first stole the CIA documents in May 2016.

But after pointing out that Schulte’s lawyers already blew their chance to make that argument, in a response the government  then pointed out how bad this argument is: because Schulte’s lawyers have already admitted that, “of course, Mr. Schulte knew” about Chelsea Manning’s leaks.

As an initial matter, the defendant’s Reconsideration Motion directly contradicts the argument he made in his original motions in limine concerning Mr. Rosenzweig’s testimony. The defendant argues in the instant motion that Mr. Rosenzweig’s testimony should not be admitted because there is no evidence that the defendant knew of, for example, Chelsea Manning’s disclosures to WikiLeaks. In his original opposition to the Government’s motions in limine, however, the defendant argued the exact opposite:

Next, the government says that it intends to introduce evidence of Mr. Schulte’s “knowledge of [Ms.] Manning’s leak.” Gov. Res. 11. The release of documents by Ms. Manning was front page news in every major news publication for numerous days. Of course, Mr. Schulte knew about it; so did everyone else who picked up a newspaper. It is not clear what the expert would have to add to this information. (Dkt. 242 at 44).

Worse, the government lays out not just that Schulte wrote about both Manning’s leaks to WikiLeak and Edward Snowden’s leaks, but discloses that they intend to introduce those chats at trial.

Moreover, even setting aside the dubious assertion that a member of the U.S. intelligence community could have been completely unaware of WikiLeaks’ serial disclosures of classified and sensitive information and the resulting harm, the Government’s proof at trial will include evidence that the defendant himself was well aware of WikiLeaks’ actions and the harms it caused. For example, WikiLeaks began to disclose classified information Manning provided to the organization beginning in or about April 2010, including purported information about the United States’ activities in Afghanistan. In electronic chats stored on the defendant’s server, the defendant discussed these disclosures. For example, on August 10, 2010, the defendant wrote in a chat “you didn’t read the wikileaks documents did you?” and, after that “al qaeda still has a lot of control in Afghanistan.” In addition, on October 18, 2010, the defendant had another exchange in which he discussed Manning’s disclosures, including the fact that the information provided was classified, came from U.S. military holdings, and that (according to the defendant) it was easy for Manning to steal the classified information and provide it to WikiLeaks. Similarly, in a June 9, 2013 exchange, the defendant compared Manning to Edward Snowden, the contractor who leaked classified information from the National Security Agency, and stated, in substance and in part, that Snowden, unlike Manning, “didnt endanger in [sic] people.”

Effectively, the government is going to show that Schulte — who like Snowden worked at both CIA and NSA (though in reverse order) — had decided the day that Snowden revealed himself that he hadn’t endangered someone.

I suggested in this post that the government appears to be preparing to use Schulte as an exemplar of an ongoing conspiracy, complete with their reliance on organized crime precedents.

[T]he government is preparing to argue that Schulte intended to harm the United States when he leaked these files to WikiLeaks, a stronger level of mens rea than needed to prove guilt under the Espionage Act (normally the government aims to prove someone should have known it could cause harm, relying on their Non-Disclosure Agreements to establish that), and one the government has, in other places, described as the difference between being a leaker and a spy.

To make that argument, the government is preparing to situate Schulte’s leaks in the context of prior WikiLeaks releases, in a move that looks conspicuously like the kind of ongoing conspiracy indictment one might expect to come out of the WikiLeaks grand jury, one that builds off some aspects of the existing Assange indictment.

That is, the government appears to be using Schulte to lay out their theory — rolled out in the wake of the Vault 7 leaks — that WikiLeaks is a non-state hostile intelligence service.

To be sure, there’s nothing in the least bit incriminating about talking about Snowden in real time. But it will make it a lot easier to hold Schulte accountable for leaking stuff in a far more damaging way in 2016 than Snowden did in 2013.

As I disclosed in 2018, I provided information to the FBI in 2017.

The Glenn Greenwald versus the Julian Assange Charges, Compared

Yesterday, Brazil charged Glenn Greenwald as part of the criminal sim swapping group that also leaked The Intercept details of corruption in Sérgio Moro’s efforts to put Lula in prison.

In a criminal complaint made public on Tuesday, prosecutors in the capital, Brasília, accused Mr. Greenwald of being part of a “criminal organization” that hacked into the cellphones of several prosecutors and other public officials last year.

Here’s the indictment.

The indictment comes after a ruling, in December, that Glenn (whom Bolsonaro was already targeting in a financial investigation) could not be investigated.

Those reports led a Supreme Court justice, Gilmar Mendes, to issue an extraordinary order barring the federal police from investigating Mr. Greenwald’s role in the dissemination of the hacked messages.

Prosecutors on Tuesday said they abided by that order until they found audio messages which, they argued, implicated Mr. Greenwald in criminal activity.

Prosecutors have claimed that they were abiding by that order, which relied on a Brazilian law (which sounds like it’s akin to the Bartnicki decision in the US) that says journalists cannot be prosecuted for publishing stolen information. But they found recordings that — they claim — show Glenn was interacting with the hackers while they were engaged in their other crimes, and advised them to delete logs, which (the indictment argues) helped them evade prosecution.

Citing intercepted messages between Mr. Greenwald and the hackers, prosecutors say the journalist played a “clear role in facilitating the commission of a crime.”

For instance, prosecutors contend that Mr. Greenwald encouraged the hackers to delete archives that had already been shared with The Intercept Brasil, in order to cover their tracks.

Prosecutors also say that Mr. Greenwald was communicating with the hackers while they were actively monitoring private chats on Telegram, a messaging app. The complaint charged six other individuals, including four who were detained last year in connection with the cellphone hacking.

The indictment includes long excerpts of the discussion, which (if my combination of shitty Portuguese assisted by Google Translate is correct) they claim shows that, amid news that Moro had been hacked, the source of the Intercept’s files came to Glenn and admitted there were currently monitoring Telegraph channels in the period before the Intercept was going to publish and had a discussion about whether they had to keep the stuff leaked to the Intercept pertaining to corruption. Glenn was quite careful to note he wasn’t offering advice about what the hackers should do, but said they would keep their one copy in a safe place and so the hackers could do whatever they wanted with the stuff they had. Even in spite of Glenn’s clear statement that The Intercept had obtained the files long before the ongoing hacking, the Brazilian prosecutors claim this shows Glenn knew of ongoing hacking and then discussed deleting logs of the prior hacking, making him a co-conspirator.

Apparently, however, this same evidence had already been reviewed before the December ruling, meaning the government is reversing itself to be able to include Glenn in the charges. The government must first get the approval of the judge that issued the initial ruling to prosecute Glenn.

Let me start by saying that this is both an attack on the press and a fairly clear attempt at retaliation against a Jair Bolsonaro critic, part of a sustained attack on Glenn and his spouse, David Miranda. The press in the US has pretty loudly come out in support of Glenn, and no matter what you think of Glenn or his Russia denialism, Glenn deserves support on this issue.

The charges have led a lot of people to say that the charges are just like what is happening with Julian Assange. They are similar. But I think they are distinct, and it’s worth understanding the similarities and distinctions.

Before I do that, since I’ve been accused — because I report on what the prosecution of Joshua Schulte says — of being insufficiently critical of the existing charges against Assange, here’s a post where I talked about the danger of the first charge against Assange (conspiracy to hack information) and here’s one where I lay out how a number of the Assange charges are for publishing information. I don’t support the current charges against Assange, though I think some of Assange’s more recent actions pose closer calls.

Renewing old charges

In both cases, the government took evidence that had already been assessed — in Assange’s case, chat logs from 2010 that the Obama Administration had deemed were not distinguishable from stuff the NYT does, and in Glenn’s case, the recordings that police had already reviewed before the ruling that Glenn should not be investigated — and found reason to charge that hadn’t existed before. In Glenn’s case, that decision was made just weeks later, under the same Administration. In Assange’s case, that decision came by another Administration (one installed in part with WikiLeaks’ assistance), but also came after WikiLeaks engaged in several more leaks that had pissed off the US.

The US government has (Trump flunky efforts to pardon Assange notwithstanding) always hated Assange, but it’s unlikely he would have been charged without 1) the Vault 7 leak burned the CIA’s hacking ability to the ground and 2) an authoritarian Trump administration with a gripe against journalism generally. That said, it’s still not clear why, if DOJ wanted to go after Assange, they didn’t do it exclusively on actions (like extortion using CIA files) that were more distinguishable from journalism, unless the government plans to add such charges to show a pattern over time, one that culminated in the Vault 7 leaks.

Whereas with Glenn, this feels immediately personalized, an effort to keep looking at a leak that exposed Bolsonaro’s hypocrisy until charges could be invented.

The similar conspiracy charge

Where the two cases are most similar is the common charge: a conspiracy involving computer hacking. But even there, there are important differences.

Brazil is arguing (again, relying on my shitty Portuguese) that Glenn is part of the conspiracy his sources are being prosecuted for because in a conversation where he acknowledged that they were still engaged in criminal hacking, he talked about deleting logs. That is, they’re not arguing that he tried to take part in the hacking. They’re arguing that he helped the ongoing hacking by helping the hackers evade discovery.

This is something that the government has shown WikiLeaks to do, for example showing Assange discussing with Chelsea Manning about operational security. The government cites OpSec assistance in the directly comparable “Conspiracy to Commit Computer Intrusion” charged against Assange (count 18):

  1. It was part of the conspiracy that ASSANGE and Manning used the “Jabber” online chat service to collaborate on the acquisition and dissemination of the classified records, and to enter into the agreement to crack the password hash stored on United States Department of Defense computers connected to the Secret Internet Protocol Network.
  2. It was part of the conspiracy that ASSANGE and Manning took measures to conceal Manning as the source of the disclosure of classified records to WikiLeaks, including by removing usernames from the disclosed information and deleting chat logs between ASSANGE and Manning.

But those are described in the “manner and means” section of the conspiracy charge. The overt acts part, however, describes things more commonly described as hacking: Manning’s use of a Linux operating system to obtain Admin privileges, her sharing of a password hash, and Assange’s unsuccessful effort to crack it. That is, Assange is charged with taking an overt act that amounts to hacking, whereas Glenn is charged with advising a source to delete logs (notwithstanding the way Glenn, in very lawyerly fashion, made it clear that he wasn’t offering advice). The inclusion of OpSec in the manners and means is absolutely dangerous in the Assange indictment. But the government alleged something more to include him in a CFAA conspiracy, something not present in the charge against Glenn.

Assange is also charged with another conspiracy charge that reflects ongoing discussions to obtain more information. That’s distinguishable from Glenn’s charge in that Assange was talking about getting more information, whereas all Glenn is alleged to have done is have a discussion at a time he knew his source was committing other ongoing hacking unrelated to and long after obtaining the files he published. But the two conspiracies are similar insofar as the government in question holds a publisher/journalist accountable for continued communication with a source who is engaged in ongoing lawbreaking, but in Assange’s case that crime pertains to obtaining information for Assange, whereas with Glenn it involves an entirely different crime.

More — and in some way, more dangerous — charges against Assange

There’s no parallel between the charge against Glenn and the other charges against Assange, which are some of the most dangerous. As I’ve laid out, there are three theories of prosecution used against Assange:

  • The attempt to hack to obtain additional classified information (described above, along with a charge tied to the things they were trying to obtain by cracking that password)
  • A solicitation of specific files, some of which Manning sought out and provided
  • The publication of three sets of informants names

The last of these is absolutely a charge for publishing information; that’s specifically what (with its contorted thinking) the charge against Glenn tries not to do.

The solicitation request is something both Brazil and the US attempt to insinuate about the Intercept for its advocacy of SecureDrop (which is now used by a slew of outlets). It’s also something that could easily be used to criminalize normal journalism.

The Brazilian charge against Glenn at least attempts to avoid criminalizing any of these things.

Espionage

Of course, that’s a big difference right away. Glenn is not accused of publishing anything classified. Assange is.

And Assange is charged in such a way that gives him liability for releasing classified information under the Espionage Act.

And that’s an added danger of the Assange charges. Thus far, Assange has been charged for leaks that Chelsea Manning has never backed off having a whistleblower interest in leaking (the broad use of State cables she leaked would support that, but that’s less true of the Afghan and Iraqi war logs). As such, Assange is being charged for something that could implicate any journalist publishing classified information.

That said, that could change. That’s why some of the arguments the government is making in the Schulte case are so noteworthy. They are preparing to rely on precedents used for organized crime to argue that, in part because he leaked to WikiLeaks, Schulte intended to harm the US. To the extent that they substantiate that motive, it would put Schulte solidly in the position that the Espionage was designed for. But the government seems to be preparing to apply that argument to WikiLeaks more broadly.

Extradition and international legal process

Finally, though some folks appear to be forgetting this in demanding that the US get involved in Glenn’s case, Glenn was charged as a resident of Brazil for actions taken in Brazil. Assange was charged as an Australian citizen for actions taken in the UK affecting the US government, which has asked the Brits to extradite him for charges (Espionage) that fit under the kind of political crime that often will not merit extradition. Of course, Assange is fighting against Five Eyes governments that, post Vault 7 leak, are likely far less interested in such legal distinctions. Indeed, I suspect that’s one of the reasons the US charged Assange for leaking informant identities; some of those informants were British sources as much as American ones.

Still, the extradition gives Assange a preliminary opportunity to fight these charges, not just because it is a political crime and his health is at risk, but also based on claims (the validity of which I’ve been meaning to unpack) that he was spied on in the Embassy in ways that violate EU if not UK law.

Glenn, however, is facing charges in the increasingly authoritarian country he lives in with his spouse and children. So even though, as I understand it, the high court will have to approve his charges before he is actually prosecuted, Glenn still faces political retaliation within his resident country.

Update: Here’s a Mathew Ingram piece doing similar, though less granular, analysis.

image_print