Journalists May Be Most at Risk (as Described) from a Presumed January 6 GeoFence Warrant

/37 Comments/in , , /by

On February 22, the Intercept had a thinly sourced story reporting (heavily relying on one “recently retired senior FBI official” whose motive and access weren’t explained and one other even less-defined source) on methods used in the January 6 investigation. It started by describing something unsurprising (some of which had been previously reported): that the FBI was using emergency legal authorities to conduct an investigation in the wake of an insurrection.

Using special emergency powers and other measures, the FBI has collected reams of private cellphone data and communications that go beyond the videos that rioters shared widely on social media, according to two sources with knowledge of the collection effort.

In the hours and days after the Capitol riot, the FBI relied in some cases on emergency orders that do not require court authorization in order to quickly secure actual communications from people who were identified at the crime scene. Investigators have also relied on data “dumps” from cellphone towers in the area to provide a map of who was there, allowing them to trace call records — but not content — from the phones.

From there, the story made conclusions that were not borne out by the evidence presented (which is not to say that such conclusions won’t one day be supported).

In particular, the story suggested that these investigative methods were used to investigate Congress, and likewise suggested that the involvement of Public Integrity prosecutors must mean members of Congress are already the focus of the investigation and further suggesting that the location data collection tied to the investigation of members of Congress.

The cellphone data includes many records from the members of Congress and staff members who were at the Capitol that day to certify President Joe Biden’s election victory.

[snip]

The Justice Department has publicly said that its task force includes senior public corruption officials. That involvement “indicates a focus on public officials, i.e. Capitol Police and members of Congress,” the retired FBI official said.

To make the insinuation, the story misstates the intent of a Sheldon Whitehouse statement aiming to use Congressional authorities to remove coup sympathizers from committees of jurisdiction (and ignores Whitehouse’s earlier statement that calls for the kind of data collection described in the story).

On January 11, Sen. Sheldon Whitehouse, D-R.I., released a statement warning against the Justice Department getting involved in the investigation of the attack, at least regarding members of Congress, asserting that the Senate should oversee the matter.

Thus far, the story seems tailor-made to get Congress — the Republican members of which are already trying to sabotage the investigation — to start tampering with it.

Far down in the story, it also describes the orders used with more specificity — but not yet enough specificity to substantiate the claims made earlier in it.

Federal authorities have used the emergency orders in combination with signed court orders under the so-called pen/trap exception to the Stored Communications Act to try to determine who was present at the time that the Capitol was breached, the source said. In some cases, the Justice Department has used these and other “hybrid” court orders to collect actual content from cellphones, like text messages and other communications, in building cases against the rioters.

At the time I suggested the story’s conclusions went well beyond the evidence included in it. I had several concerns about the story.

First, it didn’t address the granularity of location data collected, explaining whether the data collection focused just on the Capitol building or (as the story claimed) “in the area” generally. The Capitol is, according to multiple experts, incredibly wired up, meaning that one can obtain a great deal of data specific to the Capitol building itself. That matters here, because as soon as Trump insurrectionists entered the Capitol building, they committed the trespass crimes charged against virtually all the defendants. And the people legally in the Capitol that day were largely victims and/or law enforcement. It’s not an exaggeration to say that anyone collected off location collection narrowly targeted to the Capitol building itself is either a criminal, a witness, or a victim (and often some mix of the three).

If location collection was focused on the Capitol building itself (we don’t know whether it was or not, and the reports of collection aiming to the find the person who left pipe-bombs in the neighborhood on January 5 do pose real cause for concern), it mitigates some of the concerns normally raised by the use of IMSI-catchers at public events and protests, which is that such location collection would include a large number of people who were just engaging in protected speech, as many of the people outside the Capitol were. Similarly, unlike with most geofence warrants or tower dumps, which are used to find possible leads for a crime, here, FBI had an overwhelming list of suspects from its mass of tips and video evidence already: it wasn’t relying on location data to find suspects. Plus, with normal geofence warrants and tower dumps, the vast majority of the data obtained comes from uninvolved people, posing a risk that those unrelated people could become false positives who, as a result, would get investigated closely. Here, again, anyone collected from location data inside the Capitol was by definition associated with the crime, either as witness, victim, or perpetrator.

Finally, the story not only didn’t rely on, but showed little familiarity with the hundreds of arrest affidavits released so far, which provide some explanation (albeit undoubtedly parallel constructed) for how the FBI built cases against those hundreds of people.

Well before The Intercept article was written, there were a few interesting techniques revealed in the affidavits. Perhaps the most interesting (and not specifically covered in The Intercept article, unless as a hybrid order) described identifying Christopher Spencer from the livestreams on Facebook he posted from inside the Capitol.

The government received information as part of a search warrant return that Facebook UID 100047172724820 was livestreaming video in the Capitol during these events. The government also received subscriber information for Facebook UID 100047172724820 in response to legal process served on Facebook. Facebook UID 100047172724820 is registered to Chris Spencer (“SPENCER”). SPENCER provided subscriber information, including a date of birth; current city/state, and a phone number to Facebook to create the account.

[snip]

The government received three livestream videos from SPENCER’s Facebook UID 100047172724820 as part of a search warrant return. At different times during the videos, Spencer either used the rear facing camera to show himself talking, or turned the phone toward his face. Your affiant would note that the camera is capturing a reversed image of SPENCER in two of these sections of video as evidenced by the text on SPENCER’s hat. As such, reversed images are also provided below the original screenshot [my emphasis]

The first mention of the Facebook return appears before a paragraph describing an associate of Spencer’s who had seen the videos and recognized his wife, and the later paragraph describes the associate sharing a phone number for Spencer that the FBI seemed to have already received from Facebook. As written (and this structure is matched in the affidavit for Spencer’s wife, Jenny) the narrative may indicate that the FBI obtained the Facebook return before the tip and identified Spencer from the Facebook return even before receiving the tip. This is one of the strongest pieces of evidence that the FBI used data obtained from location-based collection in the Capitol from any social media source to identify an unknown subject. But, as described, it also has some protections built in. The data was obtained with a warrant, not PRTT or d-order. That means the FBI would have had to show probable cause to obtain the content (but, for the reasons I explained above, most people in the Capitol live-streaming were committing a crime). There’s also no indication here that this video was privately posted (though with a warrant the FBI would be able to obtain such videos).

All this is a read of what this paragraph might suggest about data collection. It doesn’t describe whether the data was obtained via a particularized warrant (targeting just Spencer), or whether the FBI asked Facebook to provide all live-streaming posted from within the Capitol during the insurrection (there are other early affidavits that targeted the content of Facebook via individualized warrants). In Spencer’s case, I suspect it’s the latter (there’s nothing that remarkable about Spencer’s video, except he was outside Speaker Pelosi’s office). Even so, for most people, posting from inside the Capitol during the insurrection would amount to probable cause the person was trespassing.

Even before The Intercept piece was posted I had also pointed to the affidavit for the Kansas cell of the Proud Boys. It uses location data to place one after another of the suspects “in or around” the Capitol during the insurrection: cell site data showed that the phones of Christopher Kuehne, Louis Colon, Felicia Konold were “in or around” the Capitol during the insurrection. That of Cory Konold, Felicia’s brother, was not shown to be, but,

Lawfully-obtained cell site records indicated that the FELICIA KONOLD cell called a number associated with CORY KONOLD while in or around the Capitol on January 6, 2021.

The most interesting detail in that affidavit pertained to William Chrestman. His phone wasn’t IDed off a cell site. Rather, it was IDed by connecting to Google services “in or around” the Capitol.

According to records produced by CHRESTMAN’s wireless cell phone provider in response to legal process, CHRESTMAN is listed as the owner of a cell phone number (“CHRESTMAN cell”). Lawfully-obtained Google records show that a Google account associated with the CHRESTMAN cell number was connected to Google services and was present in or around the U.S. Capitol on January 6, 2021.

A more recent document — the complaint against the southern Oath Keepers obtained on February 11 but unsealed long after that — describes the phones of those suspects in an area “includ[ing]” (but not necessarily limited to) the interior of the Capitol.

having utilized a cell site consistent with providing service to the geographic area that includes the interior of the United States Capitol building.

Unlike Spencer, the use of location data in the Proud Boys and Oath Keeper complaints seems to be used to establish probable cause. In both the militia group cases, the individuals appear to have been identified via different means (unsurprisingly, given their flamboyantly coordinated actions), with the location data being used in the affidavit to flesh out probable cause. (Undoubtedly, the FBI exploited this information far more thoroughly in an effort to map out other co-conspirators, but it is equally without doubt that the FBI had adequate probable cause to do so.)

The other day, DOJ unsealed an affidavit — that of Jeremy Groseclose — that provides more detail about the location collection at the Capitol. The FBI describes identifying Groseclose off of two tips, both on January 7, from people who had seen him post about being in the Capitol on Facebook (and in one case, remove his Facebook posts after he posted them).

Groseclose wore a gas mask for much of the time he was inside the Capitol (though wore the same clothes as he had outside), which undoubtedly made it more difficult to prove he was the person illegally inside the Capitol preventing cops from ousting the rioters.

The FBI affidavit describes times when Groseclose appears on security footage from inside the Capitol without the gas mask, but doesn’t include it. To substantiate his presence in the Capitol, the FBI included three paragraphs describing what must be a Google geofence warrant showing the device identifiers for everyone within a certain geographic area.

According to records obtained through a search warrant served on Google, a mobile device associated with [my redaction]@gmail.com was present at the U.S. Capitol on January 6, 2021. Google estimates device location using sources including GPS data and information about nearby Wi-Fi access points and Bluetooth beacons. This location data varies in its accuracy, depending on the source(s) of the data. As a result, Google assigns a “maps display radius” for each location data point. Thus, where Google estimates that its location data is accurate to within 10 meters, Google assigns a “maps display radius” of 10 meters to the location data point. Finally, Google reports that its “maps display radius” reflects the actual location of the covered device approximately 68% of the time. In this case, Google location data shows that a device associated with [my redaction]@gmail.com was within the U.S. Capitol at coordinates associated with the center of the Capitol Building, which I know includes the Rotunda, at 2:56 p.m. Google records show that the “maps display radius” for this location data was 34 meters.

Law enforcement officers, to the best of their ability, have compiled a list (the “Exclusion List”) of any Identification Numbers, related devices, and information related to individuals who were authorized to be inside the U.S. Capitol during the events of January 6, 2021, described above. Such authorized individuals include: Congressional Members and Staffers, responding law enforcement agents and officers, Secret Service Protectees, otherwise authorized governmental employees, and responding medical staff. The mobile device associated with [my redaction]@gmail.com is not on the Exclusion List. Accordingly, I believe that the individual possessing this device was not authorized to be within the U.S. Capitol Building on January 6, 2021. Furthermore, surveillance footage from the Rotunda, time-stamped within a minute of 2:56 p.m., shows GROSECLOSE, in his distinctive clothing, using his cell phone in an apparent attempt to take a picture.

Records provided by Google revealed that the mobile device associated with [my redaction]@gmail.com belonged to a Google account registered in the name of “Jeremy Groseclose.” The Google account also lists a recovery SMS phone number that matches [my redaction]. The recovery email address for this account appears to be in the name of GROSECLOSE’s significant other, with whom he has two children in common. Additionally, I have reviewed subscriber records from U.S. Cellular, related to the phone number [my redaction]. This number, along with another, are connected to an account in the name of GROSECLOSE’s significant other. The billing address for this account is [my redaction]. One of GROSECLOSE’s neighbors identified [my redaction] as GROSECLOSE’s address.

This seems to confirm that FBI obtained a geofence warrant from Google, but — at least as described — it was focused on those at the Capitol, perhaps focused on the Rotunda and anything 100 feet from it. This is the kind of granularity that will exclude most uninvolved people. They may have used it (or included it in the affidavit) because by wearing a gas mask, Groseclose made it difficult to show his face in the existing film of the attack.

The affidavit suggests that the Google geofence relied not just on GPS data of users’ phones, but also Wi-Fi access points (there’s another affidavit where the suspect’s phone triggered the Capitol Wi-Fi) and Bluetooth beacons. Again, given how wired the Capitol is, this would offer a granularity to the data that wouldn’t exist in most geofence warrants.

Finally, and most interestingly, this affidavit (obtained on the same day as the The Intercept story and so presumably after the Intercept called for comment) describes that the FBI has an “Exclusion List” of everyone who had a known legal right to be in the Capitol that day. That suggests that, after such time as the FBI completed this list, they could identify which of those present in the Capitol were probably there illegally.

There are concerns about FBI putting together a list like this. After all, Members of Congress might have good Separation of Power reasons to want to keep their personal phone numbers private. That said, there’s reason to believe that the FBI has used this method of separating out congressional identifiers and creating a white list in the past (including with the Section 215 phone dragnet), with congressional approval.

The concern arises in FBI’s definition of how it describes those legally present:

  • Members of Congress
  • Congressional staffers
  • Law enforcement responding to the insurrection (as distinct from law enforcement joining in it)
  • Secret Service Protectees (AKA, Mike Pence and his family)
  • Other government employees (like custodial staff)
  • Medical staff

Not on this list? Journalists, not even those journalists holding valid congressional credentials covering the vote certification.

Already, there have been several cases where suspects have claimed to be present as media, only to be charged both because of their comments while present and the fact that they don’t have congressional credentials. Two of the key ones (I’m trying to dig out the third, most marginal case) are:

  • Provocateur John Sullivan, who filmed the riot and sold the footage to multiple media outlets and “claimed to be an activist and journalist that filmed protests and riots, but admitted that he did not have any press credentials.”
  • Nick DeCarlo, who told the LA Times he and Nicholas Ochs were there as journalists but who FBI noted, “is not listed as a credentialed reporter with the House Periodical Press Gallery or the U.S. Senate Press Gallery, the organizations that credential Congressional correspondents.”

If the FBI is going to use official credentials to distinguish journalists from trespassers, then it could also use those credentialing lists to white list journalists present at the Capitol. But to do that, the journalists in question would have to be willing to share identifying information for all the devices that were turned on at the Capitol, something they might have good reasons not to want to do.

Plus, I suspect there are a number of journalists without Congressional credentials who were covering the events outside the Capitol and, as the rally turned into a riot, entered the Capitol to cover it. Those journalists risked their lives and provided some of the most important early information about the riot and did so in ways that in no way glorified it. But in doing so, their devices may be in an FBI database relating to the attack.

There is clear evidence that the FBI obtained location data from the Capitol as part of its investigation, including Google and almost certainly Facebook. Thus far, the available evidence suggests that the ability to target that collection narrowly limits the typical concerns about tower dumps and geofence warrants (again, any similar data collection outside the Capitol in an effort to find the person who left the pipe bombs is another issue). Moreover, almost all those legal present in the Capitol appear to be whitelisted.

But not all. And the exception, journalists, include those who have the most at stake not having their devices identified and investigated by the FBI.

All that said, perhaps a similarly controversial question pertains to preservation orders. The Intercept describes a letter from Mark Warner calling on carriers to preserve data (and rightly questioning his legal authority to make such a request), then suggests the carriers have done so on their own.

Some of the telecommunications providers questioned whether Warner has the authority to make such a request, but a number of them appear to have been preserving data from the event anyway because of the large scale of violence, the source said.

The story doesn’t consider the — by far — most likely explanation, which is that FBI served very broad preservation orders on social media companies (though some key ones, such as Facebook, would keep data for a period even after insurrectionists attempted to delete it in the days after the attack as normal practice). In any case, broad preservation orders on social media companies would be solidly within existing precedent. But I suspect it may be one of the more interesting legal questions that will come out of this investigation.

Oath Keepers Learn the Hard Way: Don’t Plan an Insurrection on Facebook

/87 Comments/in , , /by

“For every Oath Keeper you see, there are at least two you don’t see.” – email from Oath Keeper head Stewart Rhodes forwarded from Oath Keeper Graydon Young to his sister, Laura Steele, on January 4, 2021

I want to look at filings from the Oath Keepers investigation to show how FBI is juggling to move quickly enough to prevent obvious subjects from obstructing the investigation without tipping off others to the substance of the investigation. The filings confirm that the FBI will get sealed arrest warrants against subjects who are obviously obstructing the investigation, but may not use them right away, so as to obtain more evidence against them and their immediate co-conspirators. The filings also show how hard it is to delete evidence in an age of social media while conspiring with dozens of other co-conspirators.

The investigation from Watkins to Caldwell to the Parkers, Youngs, and Biggs

There’s a story about the Oath Keepers investigation that arises from the nature of the first publicly charged defendants. According to that story, the founder of an Ohio militia affiliated with the Oath Keepers, Jessica Watkins, boasted on Parler about “forcing entry into the Capitol” on the day of the attack. Videos of the Oath Keeper Stack showed up in videos posted within a day of the attack. Then, on January 13, the Ohio Capital Journal posted an interview with Watkins where she described it “the most beautiful thing” until she started hearing glass smashing — which she blamed on an Antifa false flag attack (a subsequent filing suggests Watkins wanted the Oath Keepers to get good press from the attack, threatening to sue some male journalist if he portrayed the Oath Keepers negatively).

That’s the evidence the FBI showed to obtain an arrest warrant on Watkins on January 16.

Meanwhile, as the investigation was closing in on Watkins, her recruit Donovan Crowl did an interview with the New Yorker for a story loaded with more images of coordinated movement from the Oath Keepers. Crowl offered similarly contradictory excuses for his action as Watkins.

On January 17, the FBI tried to conduct an interview with Watkins, only to be told by her partner, Montana Siniff, that she left Ohio on January 14 to stay with her friend and fellow Oath Keeper, “Commander Tom.”

At some point, the FBI obtained information from Facebook — they don’t explain when or on whom it was served, which I’ll return to. The return showed that Caldwell coordinated hotel reservations at the Comfort Inn/Ballston, not just with Watkins, but also others from North Carolina, as well as speaking with Crowl. This content may not have been obtained via Caldwell yet, because Caldwell’s private messages don’t show up in filings until January 19 (alternately they may have delayed that reveal until Caldwell was arrested).

But the FBI used that public Facebook information to obtain a warrant for Crowl on January 17. Watkins and Crowl turned themselves into Urbana, OH police that day, where the FBI took them into custody.

On January 13, the Guardian did a story on Watkins’ use of Zello.

“We are in the main dome right now,” said a female militia member, speaking on Zello, her voice competing with the cacophony of a clash with Capitol police. “We are rocking it. They’re throwing grenades, they’re frickin’ shooting people with paintballs, but we’re in here.”

“God bless and godspeed. Keep going,” said a male voice from a quiet environment.

“Jess, do your shit,” said another. “This is what we fucking lived up for. Everything we fucking trained for.”

The frenzied exchange took place at 2.44pm in a public Zello channel called “STOP THE STEAL J6”, where Trump supporters at home and in Washington DC discussed the riot as it unfolded. Dynamic group conversations like this exemplify why Zello, a smartphone and PC app, has become popular among militias, which have long fetishized military-like communication on analog radio.

On January 19, the government obtained an amended conspiracy complaint against Watkins, Crowl, and Caldwell. It included the following new information:

  • Quotations from the Zello messaging
  • Facebook messaging from Caldwell pictured standing outside the riot calling everyone in Congress a traitor
  • Facebook messages showing planning between Watkins, Crowl, and Caldwell between December 24 and January 8
  • Instructions for making plastic explosives found at Watkins’ house

Of particular interest, the complaint included the first hint that the Oath Keepers had intelligence — shared using Facebook — about the movements of Members of Congress.

On January 6, 2021, while at the Capitol, CALDWELL received the following Facebook message: “All members are in the tunnels under capital seal them in . Turn on gas”. When CALDWELL posted a Facebook message that read, “Inside,” he received the following messages, among others: “Tom take that bitch over”; “Tom all legislators are down in the Tunnels 3floors down”; “Do like we had to do when I was in the core start tearing oit florrs go from top to bottom”; and “Go through back house chamber doors facing N left down hallway down steps.”

Having arrested the two Oath Keepers blabbing to the press and the guy they hid out with, there’s not much more overt sign of the investigation until February 11, when the government submitted filings supporting pre-trial detention for both Watkins and Caldwell.

Arrest affidavits submitted on February 11 and February 12 (but sealed until after February 16) also refer to Watkins’ cell phone returns, including address book information describing Bennie Parker as a recruit, texts between Watkins and Parker coordinating plans for the insurrection and reassuring him the FBI would not prosecute them after the insurrection, and a picture of his wife Sandi Parker. Watkins’ cell phone returns also show a contact for Kelly Meggs in Florida, which she associated in her address book with the Oath Keepers.

Those initially sealed arrest affidavits also rely on surveillance footage and financial records from the Comfort Inn where all the Ohioans  stayed. It shows the Ohioans together in the lobby. It reveals that Kelly Meggs paid for a room that night registered under another suspected Oath Keeper’s name (according to credit card records showing a $302 charge, Meggs apparently stayed at the Hilton Garden Inn the night of January 7). [Update: The indictment clarifies that Meggs paid for two rooms at the Comfort Inn and booked two at the Hilton, of which he paid for one. h/t bb]

The initial affidavit against Kelly and Connie Meggs and Graydon Young and Laura Steele also includes a picture taken — by some unidentified person — from the van from North Carolina.

The same affidavit includes testimony from a witness who interacted with the Oath Keepers on January 6 and was on a text message chain including Young and Steele, who was introduced to them as Gray and Laura and learned they had taken the Metro into DC. It relies on surveillance video from the Metro. It includes returns from Steele and Young’s Google accounts, including Steele’s application to join the Oath Keepers.

It includes location data showing Graydon Young’s phone traveling from Englewood, FL to Thomasville, NC to Springfield, VA, to DC, then back to Thomasville and ultimately, on January 8, back to Englewood. It includes his round trip flight records from Tampa to Greensboro, consistent with the movement of his phone. The affidavit also uses location data to place Steele and the Meggses in a “geographic area that includes the interior of the United States Capitol building.”

It includes subscriber records for Steele, Young, and Kelly Megg’s MeWe accounts, as well as subscriber records for Facebook accounts for everyone. Of particular note, the affidavit used to arrest Young and the others shows advanced legal process for Young, but mostly subscriber information for the others. They also use Young’s Google data to establish probable cause against the Meggs but do not, yet, use it against Young.

It’s likely in the five days between the affidavit and the arrest, more warrants were served for materials on the others.

There wasn’t much added in a February 25 memo supporting Watkins’ pretrial detention — except that aforementioned Watkins text with Stewart Rhodes complaining about media reports making the Oath Keepers look bad (which, because of the timing of the coverage, likely happened almost a week after the insurrection, or later).

If he has anything negative to say about us OATHKEEPERS, I’ll let you know so we can sue harder. Class action style. Oathkeepers are the shit. They rescued cops, WE saved lives and did all the right things. At the end of the day, this guy better not try us. A lawsuit could even put cash in OK coffers. He doesn’t know who he is playing with. I won’t tolerate a defamation of character, mine or the Patriots we served with in DC. Hooah?!

But in a hearing held February 26, prosecutors told Judge Amit Mehta something in an ex parte hearing to support their argument that there really was a Quick Reaction Force outside of DC on the day of the insurrection ready to bring weapons into the Oath Keepers already in DC, which is one of the reasons he denied Watkins’ motion for release.

The earlier investigation into Graydon Young

It took a while for DOJ to unseal all the filings from the other co-conspirators, particularly the long affidavit for the four southerners. But a docket unsealed last week tells another side of that story. On January 15, a tipster identified Graydon Young, one of the Floridians added to the Caldwell and Watkins conspiracy. Based off that tip, the FBI prepared and got authorization for an arrest warrant by January 18. But they didn’t use it, perhaps because FBI was chasing down two false positives based off pictures of Young, as described in the later affidavit (the first of which may have been based off facial recognition).

First, on or around January 14, 2021, after receiving an internet tip and viewing similar photographs and video of Young from the civil unrest on January 6, 2021, an FBI agent drafted an arrest warrant for an individual (Subject-1) other than Young, based on a review of Subject-1’s driver’s license photo and the fact that Subject-1 was affiliated with the Oath Keepers. An FBI agent in Kansas City, Missouri, who was familiar with Subject-1, then determined that Subject-1 was not the individual depicted in the photos at the U.S. Capitol on January 6, 2021. The government did not pursue charges against Subject-1. Second, on or around January 15, 2021, a concerned citizen provided the FBI with a tip that the photograph of Young in the Rotunda was a photograph of Subject-2, who was a co-worker of the concerned citizen in Illinois. On January 18, 2021, SA Wren spoke with the concerned citizen, who stated that Subject-2 had quit the job and moved to Colorado, and “seemed like the type” who would have gone to the Capitol. SA Wren reviewed Subject-2’s driver’s license photo and determined that Subject-2 is not the person depicted in the photographs of Young at the U.S. Capitol.

In other words, FBI was prepared to arrest Young by January 18, within a day of the initial Watkins arrest. But they did not. They kept that arrest warrant sealed while they obtained his location records, travel records (including evidence he drove home from North Carolina rather than flying, and had his sister’s car towed back to North Carolina afterwards), and subscriber information for other social media.

At some point (as noted), FBI obtained Young’s Google account. But on February 11, they used that “solely as evidence against Kelly Meggs. At this time, the government is not seeking to use this email against Young,” suggesting they still needed legal process to use it against him.

Don’t launch an insurrection with a still-active Facebook account

Given that the FBI was ready to arrest Graydon Young on January 18, it’s worth looking more closely at the Facebook evidence in this conspiracy.

The FBI learned on January 15 that Young was probably at the insurrection, had been tagged in planning for the event on January 4, and had attempted to delete his Facebook account on January 7 (it went into effect the next day). Young didn’t delete his related Instagram account until January 13.

At some point, the FBI also learned that Caldwell attempted to unsend messages on January 8, the same day Young shut down his Facebook account.

Nevertheless, Facebook still had Young’s data, including a post from January 6 boasting, “We stormed and got inside.”

The government also obtained highly damning Facebook content from much earlier, including a message he posted to a group, the “War of Northern Aggression,” on November 7. In it, he clearly acknowledges Joe Biden’s victory.

Will this group consider migration to MeWe and Parler? I think censorship is going to get worse with Biden win.

On November 9, he asked again to move from Facebook to MeWe and Parler.

On November 30, he pushed MeWe and Parler again.

I already have MeWe and Parler … waiting for this drama to end before I delete my FB account.

Hey Graydon?!?! The drama for you is just beginning.

Meanwhile, Caldwell didn’t succeed in deleting all his evidence either. As early as January 17, in Crowl’s affidavit, they had a message (it’s unclear whether it’s public or private)

Here is the direct number for Comfort Inn Ballston/Arlington 1-571-397-3955 I strongly recommend you guys get one or two rooms for a night or two. Arrive 5th, depart 7th will work. She says there are five of you including a husband and wife new recruits. This time of year especially you will need to be indoors to set up, etc. Really, press this home, just get somebody to put it on a credit card. Even if you tell the hotel its double occupancy, you can STILL get a couple of people on the floor with bedrolls and the hotel won’t know shit. Paul said he might be able to take one or two in his room as well. I spoke to the hotel last night (actually 2 a.m. this morning) and they still had rooms. This is a good location and would allow us to hunt at night if we wanted to. I don’t know if Stewie has even gotten out his call to arms but it’s a little friggin late. This is one we are doing on our own. We will link up with the north carolina [sic] crew.

The later affidavits include Caldwell Facebook messages sent in November predicting violence.

I am very worried about the future of our country. Once lawyers get involved all of us normal people get screwed. I believe we will have to get violent to stop this, especially the antifa maggots who are sure to come out en masse even if we get the Prez for 4 more years.

On January 6, Caldwell continued to use Facebook, receiving a message informing him,

All members are in the tunnels under capital seal them in. Turn on gas.

And,

Tom all legislators are down in the Tunnels 3floors down

Between Young and Caldwell, Facebook evidence shows that this operation clearly targeted legislators even after they knew Joe Biden had been elected. It turns out that neither of them successfully deleted this Facebook content before the drama really got started.

The delayed reveal

As noted, it took some time for the affidavit for the southern Oath Keepers to be unsealed. In the interim period, the FBI would have been able to investigate the Oath Keeper whose name was on the hotel room Young paid for, and all the other people on the bus on which Young and his sister were pictured. The FBI surely has reviewed any role the War of Norther Aggression Facebook group had in the insurrection. The accounts for which the FBI just had subscriber information on February 11 are probably now being fully exploited (including the WeMe accounts on which they may have been more open about their plotting).

There are still members of The Stack at large, the others on the bus, the group from Mississippi those who provided “security” for Trump’s closest associates. We don’t know where the next Oath Keepers to be arrested are. We do know where the FBI was, 17 days ago.

Timeline of Oath Keeper conspiracy

January 4: Young travels from Englewood, FL to Thomasville, NC. Young tagged in planning messaging for the attack.

January 5: Young travels from Thomasville to Springfield, VA, then heads to DC for the evening.

January 6: Young travels into DC, then back to Thomasville that night. Watkins posts to Parler and Caldwell posts to Facebook. Young posts, “we stormed and got inside” on Facebook.

January 7: Young deleted Facebook content going back to March 2019 (per Facebook record it goes into effect on January 8).

January 8: Caldwell unsends Facebook messages continuing evidence. Young returns to Englewood. Young writes an email saying that his “team leader” during the insurrection was “OK Gator 1” with Kelly Meggs’ phone number.

January 9: Watkins texts Bennie Parker telling him not to worry about the FBI investigating them.

January 11: Young has a vehicle registered to Steele’s address towed from a location near his home to Steele’s home in NC. Young deletes his Instagram account.

January 13: Watkins interview in Ohio Capital Journal. Guardian story on Watkins’ use of Zello. Young closes Instagram account.

January 14: Donovan Crowl story in New Yorker. Watkins and Crowl travel to Caldwell’s property in VA; he gives them OpSec tips for the drive. Bennie Parker texts Watkins asking if she put Sandi “out there” in the Capitol. FBI chases a false positive for Young on an Oath Keeper who lives in Kansas City, MO.

January 15: A tipster who has known Young for 35 years identified Young in an image published by NBC, informs the FBI that on January 4, other people had tagged Young in a discussion about traveling to DC. The tipster further revealed that on January 7, Young deleted his Facebook content going back to March 2019, then deleted the whole thing. FBI chases a false positive for Young to someone in CO.

January 16: Arrest warrant for Watkins.

January 17: Search of Watkins’ house discovers gear and other military items. Interview of her partner reveals she has left to stay with a friend, Commander Tom, and provides a phone registered to him at his VA property as the way to reach Watkins. Arrest warrant for Crowl. Search of a location where Crowl stays finds his tactical vest. Arrest warrant for Caldwell. Both Watkins and Crowl turn themselves in to the Urbana Police, where the FBI takes them into custody.

January 18: First arrest warrant for Graydon Young.

January 19: Caldwell, Crowl arrested by FBI, and Watkins arrested. Amended criminal complaint makes conspiracy charges against Watkins, Crowl, and Caldwell more formal. Search of Caldwell’s property finds Death List targeting election official from a different, a Gadsden flag signed by Crowl and Watkins, and a sales invoice for a weapon designed to look like a phone.

Janaury 21: Stewart Rhodes declares Biden’s “not a constitutional government.” Kelly Meggs closes his Facebook account.

January 27: Indictment for Watkins, Crowl, and Caldwell.

January 29: NYT does video analysis showing the movements of the Oath Keepers from the Ellipse to the Capitol.

February 11: Counterterrorism prosecutors Justin Sher and Alexandra Hughes join team. Motions for pre-trial detention for both Watkins and Caldwell. Sealed complaint filed against Kelly and Connie Meggs, Graydon Young, and Laura Steele.

February 12: Government moves for protective order against the original conspirators; Caldwell objects. Sealed complaint filed against Bennie and Sandi Parker.

February 16: Graydon Young arrested.

February 17: The Meggs and Laura Steele arrested.

February 18: The Parkers arrested.

February 23: Thomas Caldwell appeals detention.

February 26: Amit Mehta grants government motion to detain Jessica Watkins.

Update: I clarified that the email quoted at the top is from Stewart Rhodes, not Graydon Young.

Pezzola

Dominic Pezzola Guesses Wrong, Gets Labeled a Terrorist for His Troubles

/17 Comments/in /by

As I’ve been following, the detention challenges for January 6 defendants have raised real questions about how the government and the courts will treat the event. The government and Jessica Watkins have provided additional briefing on whether her actions merit a rebuttable presumption of detention; they will revisit these issues today in a hearing before Judge Amit Mehta.

As I’ve noted, the Watkins case is close because the people with whom she conspired with did not, themselves, commit the acts of violence the government is using to argue for pre-trial detention.

Not so Dominic Pezzola, the Proud Boy who was the first to break a window to enter the Capitol. Earlier this week, he filed a motion to review bail arguing, in significant part, that the witness on whose testimony the government relied to establish intent of future violent crimes was the guy who recruited him into the Proud Boys, someone Pezzola claims bragged of macing a cop during the insurrection.

Pezzola guessed wrong about the witness, the government says. As far as the government knows, there was no tie between this witness and Pezzola prior to January 5 (which suggests this is someone Pezzola met the night before the attack).

The defendant speculates that W-1 is a “cooperating witness” with deeper ties to the Proud Boys than the defendant. The defense is incorrect. W-1 has not been charged with a crime in connection with the events of January 6, 2021, and the government is unaware of any affiliation between W-1 and the Proud Boys or any indication that W-1 knew the defendant prior to January 5, 2021.

But, having been given a chance to respond to Pezzola’s bid for release, the government has solidified the argument they’re making in other cases, in which they have less direct evidence than they have against Pezzola.

In Magistrate Robin Meriweather’s initial judgement denying Pezzola bail, she judged that no conditions of bail would eliminate the public safety risk posed by Pezzola. But she found that Pezzola had presented sufficient evidence to overcome a rebuttable presumption of detention, and specifically found that his family ties to Rochester, NY, made him less of a flight risk.

When Pezzola requested a review of Meriweather’s decision, he argued that Judge Timothy Kelly should accept Meriweather’s rulings in his favor, but revisit her judgment that he posed a threat to society.

That’s not how it works, noted prosecutor Eric Kennerson.

Although he acknowledges that this Court’s review is de novo, the defendant asks this Court not to reconsider certain findings made by the Magistrate Judge, including her finding that the presumption in favor of detention was rebutted and her decision not to address the government’s arguments regarding the defendant’s risk of flight. ECF No. 19 at 1-2. Because this Court’s review is de novo across the board, the government asks the Court to apply the statutory presumption of detention, which we submit has not been rebutted for the reasons stated below, and find by a preponderance of the evidence that the defendant is a serious risk of flight.

He used his response to a request a reconsideration of those earlier decisions relying, in part, on the indictment that was obtained on the same day he had submitted his earlier motion for detention, in which Kennerson noted that, “The government acknowledges that the defendant is not charged with these offenses at the time this memorandum is submitted,” presumably knowing that Pezzola would be charged with such crimes within hours.

Relying on the indictment, Kennerson argued that Pezzola committed two crimes — felony destruction of government property (for breaking the window of the Capitol) and robbery of US Government property (for stealing a cop’s riot shield, which he used to break the window) — that constitute crimes of violence bringing a presumption of detention, and then labeled the conduct a crime of terrorism.

Felony destruction of property, under the facts as laid out above, is a federal crime of terrorism. Title 18, U.S.C., Section 2332b(g)(5), defines “federal crime of terrorism” as an offense that “is calculated to influence or affect the conduct of government by intimidation or coercion, or to retaliate against government conduct” and is included in an enumerated list of statutes, which includes § 1361. See 18 U.S.C. §§ 2332b(g)(5)(A) & (B). The Grand Jury found probable cause in Count Seven of the Indictment to believe that the defendant intended to obstruct an official proceeding by committing, among other things, acts of civil disorder and breaking a window. The defendant has conceded that his conduct was calculated to influence or affect the conduct of government—specifically the certification of the Electoral College vote—and his actions show that he participated in doing so by intimidation and/or coercion. Moreover, because § 1361 is listed in § 2332b(g)(5)(B), there is a rebuttable presumption that no conditions or combination of conditions can assure community safety or the defendant’s appearance. See 18 U.S.C. § 3142(e)(3)(B).

Felony destruction of government property is also a crime of violence. For purposes of the bail statute, as relevant to these offenses, a crime of violence is defined as “an offense that has an element of the use, attempted use, or threatened use of physical force against the person or property of another,” if that crime is punishable by ten years or more in prison. See 18 U.S.C. § 3142(f)(1)(A) & 16. Section 1361 of Title 18 of the U.S. Code meets those requirements. It is punishable by ten years if the property damage was greater than $1,000, and its elements include the use of physical force against the property of another. See United States v. Khatallah, 316 F. Supp. 2d 207, 213 (D.D.C. 2018) (Cooper, J.) (holding that destruction of government property under a substantially similar statute, 18 U.S.C. § 1363, satisfies a substantially similar elements clause statute to qualify as a crime of violence).

Robbery of U.S. Government Property is also a crime of violence. See United States v. Alomante-Nunez, 963 F.3d 58, 67 (1st Cir. 2020), citing Stokeling v. United States 139 S. Ct. 544 (2019) (holding that common-law robbery meets the elements test of a different, but substantially similar statute, to qualify as a crime of violence). But see United States v. Bell, 158 F. Supp. 3d 906, 919 (N.D. Cal. 2016) (holding that § 2112 does not meet the elements test, although that opinion was issued prior to the Supreme Court’s decision in Stokeling).

Kennerson’s filing repeatedly tied the violence to the admitted ends of delaying the vote certification, relying among other things on a citation to Pezzola’s own filing.

The defendant concedes in his motion that smoked the victory cigar because “he considered the objective achieved, stopping the certification of the election pursuant to the instructions of the then President.” ECF No. 19 at 4.

[snip]

The defense’s admission that the defendant’s objective that day was to stop the certification of the Electoral College vote does not help his position. In essence, he took an active role at the front of a mob that displaced Congress, in an attempt to stop that body from certifying the result of a Presidential election. As Judge Lamberth recently found, “[s]uch conduct threatens the Republic itself.” See United States v. Munchel, et. al., No. 21-cr-118 (RCL), ECF No. 24 at 11. See also United States v. Meggs, No. 5:21-mj-1036-PRL (S.D. Fla.) (Lammens, M.J.), ECF No. 17, at 4 (“The [January 6] attack wasn’t just one on an entire branch of our government (including a member of the executive branch), but it was an attack on the very foundation of our democracy.”)

[snip]

The defendant’s actions show that as recently as a month and a half ago, he was willing to partake in and take advantage of violence to achieve his political ends. The Court can have no assurance that he will refrain from doing so again, despite his alleged disavowal of the Proud Boys since he has been detained.

The cases for detention against the January 6 defendants are all over the map, with more evidence of direct violence in some cases and more evidence of coordination with a terrorist group in others. As the government tries to detain members of the latter — including Watkins and her co-conspirator Thomas Caldwell — they have inched closer to using the terrorism label to describe what happened on the day.

In Pezzola’s case, they’re doing so with a defendant who actions played a singularly important role in the success of the insurrection, someone who directly engaged in violence, and someone who has already admitted that the goal was to intimidate Congress.

All these other cases will be influenced by (and in some cases, will build on) these earlier seminal cases. By asking for reconsideration of bail, Pezzola gave the government an opportunity to present the evidence they had not yet made public earlier in this prosecution.

The New Recruits on the Front Line on January 6

/57 Comments/in , , /by

In addition to adding six more people to the Oath Keeper conspiracy indictment originally charged against Jessica Watkins, DOJ added some new overt acts. Among others, it added training.

Training and recruitment were always part of Watkins’ alleged actions:

On November 9,2020, WATKINS, the self-described “C.O. [Commanding Officer] of the Ohio State Regular Militia,” sent text messages to a number of individuals who had expressed interest in joining the Ohio State Regular Militia. In these messages, WATKINS mentioned, among other things, that the militia had a weekJong “Basic Training class coming up in the beginning of January,” and WATKINS told one recruit, “l need you fighting fit by innaugeration.” WATKINS told another individual, “It’s a military style basic, here in Ohio, with a Marine Drill Sergeant running it. An hour north of Columbus Ohio[.]”

On November 9,2020, WATKINS asked a recruit if he could “download an App called Zello” and stated, “We all use Zello though for operations.”

On November 17 , 2020, when a recruit asked WATKINS for her predictions for 2021 , WATKINS replied, among other statements:

I can’t predict. I don’t underestimate the resolve of the Deep State. Biden may still yet be our President. If he is, our way of life as we know it is over. Our Republic would be over. Then it is our duty as Americans to fight, kill and die for our rights.

and:

[I]f Biden get the steal, none of us have a chance in my mind. We already have our neck in the noose. They just haven’t kicked the chair yet.

The original indictment also described Donovan Crowl attending a training session in December.

On December 12-13,2020, CROWL attended a training camp in North Carolina.

The superseding indictment adds to these details. It includes descriptions of how 54-year old Graydon Young and his 52-year old sister Laura Steele joined the Oath Keepers.

31. On December 3, 2020, YOUNG emailed the Florida chapter of the Oath Keepers with a membership application and wrote, “looking to get involved in helping. . ..”

33. On December 19, 2020, YOUNG wrote to a Facebook group: “Please check out Oath Keepers as a means to get more involved. Recruiting is under way. DM me if you want more info.”

38. On December 26, 2020, YOUNG wrote an email to a Florida company that conducts training on firearms and combat. YOUNG wrote, in part, “l trained with you not long ago. Since then I have joined Oath Keepers. I recommended your training to the team. To that effect, four of us would like to train with you, specifically in your UTM rifle class.”

52. On January 3, 2021, STEELE emailed the Florida chapter of the Oath Keepers with a membership application and wrote, “My brother, Graydon Young told me to submit my application this route to expedite the process.” Later in the day, STEELE emailed KELLY MEGGS and wrote, “My brother, Graydon Young told me to send the application to you so I can be verified for the Events this coming Tuesday and Wednesday.” The following day, STEELE sent an email to an Oath Keepers address, copying both YOUNG and KELLY MEGGS, attaching her Florida Oath Keepers membership application and vetting form, and writing, “I was just requested to send my documents to this email.”

And the arrest affidavit for the Parkers describe them discussing joining Watkins’ militia because their own had largely dissolved.

On December 27, 2020, Bennie Parker texted Watkins, “I may have to see what it takes to join your militia, ours is about gone.” Also on December 27, 202, Bennie Parker texted Watkins, “Yes and you and Sandi and I are like minded you guy [sic] aren’t that far away . . . . “

Effectively, that means that the organized stack (also included as an overt act in the superseding indictment) included at least three people — Crowl, Steele, Young, and Sandi Parker — who had just joined either Watkins’ militia or the Oath Keepers generally (Bennie, who’s 70, is not known to have entered the Capitol).

For all that it attracted media attention for that organized stack, the Oath Keepers weren’t as instrumental to the launch of the coup attempt as the Proud Boys.

But there, too, the militia was relying on new recruits. Dominic Pezzola claims (not entirely convincingly) that the insurrection was just his second action with the Proud Boys (though his first was the December MAGA March, where he was in close proximity to Roger Stone’s Oath Keeper body guard Robert Minuta).

Of more interest are the details Felicia Konold shared about her experience leading the mob.

She did a Snapchat video gleefully describing how much power she had exercised.

I’m watching the new guys

Fuuuck

Dude, I can’t even put into words. I. I. Never.

I never could [unintelligible] have imagined having that much of an influence on the events that unfolded today.

[Laughs]

Dude, people were willing to follow. You fucking lead, and everyone had my back, due, everyone, fucking wall, legit, in the air, up against the fence, [unintelligible], three lines of police, fence, me, not even on the ground, my feet weren’t even on the ground, all my boys, behind me, holding me up in the air, pushing back.

[Laughs]

We fucking did it.

Her arrest affidavit also quotes her on saying she was, “recruited into a fucking chapter from Kansas City,” complete with a challenge coin. The government’s detention memo for William Chrestman describes that he, “readily recruited two individuals from Arizona [Felicia and her brother Cory] to join the group of Kansas City Proud Boys, who then participated in the crime spree on U.S. Capitol grounds.” (It’s likely the case against Chrestman relies on an FBI interview of Konold, which has not been publicly cited.)

And it didn’t stop there. Experts have talked, abstractly, about how January 6 served as a recruiting boon for right wing terrorists. That’s shown tangibly in a detail from Royce Lamberth’s opinion  Zip Tie Guy Eric Munchel granting the government’s motion for his detention. Even as images from Munchel’s antics in the Senate had attracted close focus and on the same day the government obtained a warrant for his arrest, Zip Tie Guy reached out — via Signal — to the Proud Boys in an effort to join up.

There is also no evidence that Munchel is a member of any violent groups, thought the government has presented evidence that Munchel was in contact with a member of the Proud Boys after January 6 and was interested in joining the group. See Signal Chat Tr. (Jan. 9-10, 2021).

On top of being an explicit attempt to prevent Joe Biden from assuming the presidency, January 6 was also a recruitment bonanza, providing both a goal in advance to work towards, but also a networking opportunity permitting in-person recruitment.

The insurrectionists breached the Capitol with flagpoles and bullhorns. And some of the key players leading that breach were recent recruits to the organized militia leading the way. Meanwhile, Stewart Rhodes, Joe Biggs, and Ethan Nordean were watching from relative safety.

Update: I’ve fixed the Stack numbers; I think Crowl may have been training rather than being trained at the came in North Carolina in December.

Pezzola

Dominic Pezzola Suspects the FBI’s Cooperating Witness Is the Guy Who Recruited Him into the Proud Boys

/89 Comments/in , , /by

A number of people are pointing to this motion to modify bond by Proud Boy Dominic Pezzola, the guy who helped kick off an insurrection by breaking the window of the Capitol with a stolen police shield, reporting either that Pezzola is bidding to plead out or that that the Proud Boys are turning on themselves.

Both may be true.

But buried within the filing is a far more inflammatory allegation. Pezzola, the guy who kicked off the entire assault on the Capitol on January 6 in coordination with other Proud Boys, is suggesting that someone who came to serve as an FBI cooperating witness less than a week after an attack that purportedly took the FBI entirely by surprise, was actually the guy who recruited him into the Proud Boys and set him up with a thumb drive loaded up — unbeknownst to him, he maintains — with the Anarchist’s Handbook, including its bomb-making plans.

Pezzola makes the allegation by rebutting the claim he is dangerous, the basis by which Magistrate Robin Meriweather. came to deny him bail.

As Pezzola notes, Meriweather denied him bail not because of a presumption of detention or a concern he would flee. It was because he posed a danger to the public. Meriweather framed that presumed danger as arising from a thumb drive loaded with the Anarchist’s Handbook found at his home and the testimony of a witness.

In determining that Pezzola’s release presented “danger” to the community the Court cited 2 factors from the prosecution’s proffer: (1) the claim that Pezzola participated in a group conversation when others expressed an intention to return to DC with weapons to commit acts of violence; (2) recovery of a thumb drive with plans for making, bombs, poisons, etc.

Per Pezzola’s arrest affidavit, the witness was someone whom the FBI interviewed at least twice before obtaining an arrest warrant against Pezzola on January 13, just a week after the insurrection. The description of witnesses in the total universe of January 6 affidavits are totally inconsistent (in part because so many different FBI Agents wrote them), meaning we can’t conclude anything by the description an agent uses. Nevertheless, this one was always among the only ones that seemed to be an insider. The witness is someone who described Pezzola as “Spaz” right away (though elsewhere he is called Spazzo), described Pezzola as bragging about breaking into the Capitol, and he described the group — the Proud Boys — as capable of killing Nancy Pelosi or Mike Pence, and planning more actions.

The FBI has spoken to an individual your affiant will refer to as “W-1” for purposes of this affidavit. W-1 stated that W-1 was in Washington, D.C., during the protests that occurred on January 6, 2021.

W-1 stated that after the events at the Capitol as described above, he or she spoke to an individual he or she knows as “Spaz,” along with other individuals. W-1 stated that during that conversation, “Spaz” bragged about breaking the windows to the Capitol and entering the building. In a subsequent interview W-1 clarified that “Spaz” said that he used a Capitol Police shield to break the window. W-1 said that “Spaz” can be seen on the cover of many newspapers and recognizes him from those photographs. W-1 stated that other members of the group talked about things they had done during the day, and they said that anyone they got their hands on they would have killed, including Nancy Pelosi. W-1 further stated that members of this group, which included “Spaz,” said that they would have killed [Vice President] Mike Pence if given the chance.

I had thought this witness would be one of numerous Proud Boy hangers on who was hanging around in DC after the attack, but as we’ll see, Pezzola believes it’s the guy he commuted to insurrection with.

The witness first told the FBI that the Proud Boys were preparing an event on January 20th (which is consistent with other reports).

According to W-1, the group said it would be returning on the “20th,” which your affiant takes to mean the Presidential Inauguration scheduled for January 20, 2021, and that they plan to kill every single “m-fer” they can.1 W-1 stated the men said they all had firearms or access to firearms.

Then, in a later interview (again, remember that this is before January 13), the witness said maybe the next event wasn’t inauguration, but soon after. Whenever it was, it’d involve guns.

In a later interview, W-1 stated that the group had no definitive date for a return to Washington, D.C, but W-1 re-iterated that the others agreed there would be guns and that they would be back soon and they would bring guns.

The witness also misidentified Doug Jensen, the QAnon adherent who chased officer Goodman up the Capitol stairs, as someone else, presumably a member of the Proud Boys, only to clarify later that someone else was the individual in question.

In W-1’s initial interview with law enforcement, W-1 initially incorrectly the individual in the black knit hat in the foreground of this photograph as someone I will refer to as “Individual A.” W-1 later clarified that the person in the knit hat is not in fact Individual A and identified a different person in a separate photograph as Individual A.

Thus far, this witness sounds like he’s telling the FBI what he expects they most want to hear, something you often hear from informants trying to maximize their own value. By misidentifying Jensen, he may have falsely suggested the Proud Boys chose where to go in the Capitol. And by promising there would be more events, featuring violence (again, which is consistent with what public chatter was at the time), he heightened the urgency of case against the Proud Boys.

As Pezzola describes in his motion for bail, he suspects the person who said the Proud Boys had ongoing plans is a guy he drove home to New York with from DC.

Pezzola maintains no recollection of the referenced conversation but suspects if the conversation did occur in his presence it could have only occurred in the car on the return trip from Washington when Pezzola was asleep in the car. Upon information and belief, the CW is not detained. Rather he has reached an agreement where he is making allegations against others in order to avoid his detention for what is actually his greater involvement in the underlying events.

That would explain why William Pepe, also from NY, was named Pezzola’s co-conspirator: presumably both were in the same car speaking to the same guy, which is how the government had confidence that Pepe’s actions were coordinated with Pezzola’s and not, for example, the two other people charged with kicking off the attack on the Capitol, Robert Gieswein and Ryan Samsel.

As Pezzola describes, “it is alleged” that he’s just a recent recruit to the Proud Boys (something I don’t necessarily buy, but it seems to reflect Pezzola parroting back what he’s seen in discovery so far).

Pezzola’s alleged contact with the “Proud Boys” was minimal and short lived. It is alleged he had no contact prior to late November 2020. Upon information and belief, the prosecution alleges his first contacts occurred around that time. They principally amounted to meeting for drinks in a bar. Prior to January 6, 2020, there is no allegation that Pezzola took any action with the “Proud Boys” that was in anyway criminal or violent. His only event prior to January 6, 2021, was that he attended a MAGA rally in support of Donald Trump in December 2020. There is no allegation he was involved in any criminal or violent activity there.

He claims that the cooperating witness is actually far more involved in the Proud Boys.

Addressing these in turn: There is a claim as the prosecution pointed out that a “cooperating witness” claimed that Pezzola was present in a group when someone professed an intention to return on January 20, 2021, Inauguration day to instigate more violence. However, there is no claim Pezzola made those statements nor that he expressed a similar intent1 nor any intention to participate in any acts of violence, let alone murder. Although the defense cannot be certain it is believed the “cooperating witness” (CW) who has made these claims is actually someone who was a much more active participant in the “Proud Boys” than Pezzola, having been with the organization for a much longer time than Pezzola’s alleged association and much more active.

And Pezzola claims that the thumb drive showing possession of bomb making instructions was actually given to him by the guy he suspects of being the cooperating witness.

What was unknown at the time of the prior hearing is that the thumb drive at issue was given to Pezzola, probably by the Prosecution’s CW5 when that person was making efforts to introduce Pezzola into the “Proud Boys.”

Finally, Pezzola further alleges that the guy he suspects of being the cooperating witness confessed to spraying cops with pepper spray, an assault that has not been charged (only Giswein and Samsel were charged with outright assaults on cops).

Although it is impossible to know with certainty at this point, if the defense supposition about the CW is correct, that person admitted to spraying law enforcement with a chemical agent, likely “OC or Pepper” spray during the January 6 event.

It is true that Pezzola nods to making a plea deal in this filing.

Although the Court can play no role in disposition negotiations, via counsel Pezzola has indicated his desire to begin disposition negotiations and acceptance of responsibility for his actions. He seeks to make amends.

But there’s little chance DOJ can offer him a deal that will help him rebuild his life. Even in this filing, he admits he was attempting to stop the vote count, the goal of every overriding conspiracy charge thus far, which would be a key part of any seditious conspiracy case. He doesn’t deny he broke into the Capitol; he instead disingenuously downplays the import of being the first to do so, noting that numerous doors and windows were breached over the course of the day. His claim he has never used his Marine training since his service is inconsistent with the way he walked through the Capitol with much greater operational awareness than many of the other rioters. Plus, even in his first bail hearing, Pezzola insisted he was not a leader of the attack, which — if he was a recent recruit, makes total sense (and is consistent with Felicia Konold, someone else who played a key role, but who was just a recruit-in-progress). So he wouldn’t necessarily have that much information on anyone except those who gave him directions and the guy in the car, not necessarily enough to trade as the guy who kicked off the insurrection, even if he was acting on orders.

He’s likely fucked one way or another, not least because he’d be far less useful as a cooperator if everyone knew he had a plea deal.

But Pezzola’s allegation is troubling for several more reasons.

As noted, the FBI interviewed this cooperating witness at least twice before January 13, suggesting at the very least that the FBI reached out to him right away (or vice versa), rather than collecting more information on the person’s own role. And in spite of two variations in his story — misidentifying Jensen and equivocating about when the next operations were planned — his testimony was deemed credible enough to implicate someone he may have recruited and provided other the other damning evidence on.

The FBI knew that Enrique Tarrio and the rest of the Proud Boys were coming to DC for the January 6 events, which is how they were prepared to arrest him on entry in DC. They knew that during the Proud Boys’ previous visit, the group had targeted two Black churches. DOJ had investigated threats four members of the Proud Boys had made against a sitting judge in 2019.

And yet, not only didn’t FBI prevent the January 6 attack kicked off by the Proud Boys, they didn’t even issue an intelligence warning about possible violence.

It’s possible this witness genuinely did just reach out to the FBI and try to pre-empt any investigation into himself. It’s possible that as the FBI has done more review (including of video outside the Capitol, where a pepper spray attack on cops likely would have occurred), they’ve come to grow more skeptical of this witness.

But it’s also possible that the FBI has ties with witnesses — possibly this guy, and very likely Rudy Giuliani interlocutor James Sullivan, who said he was in contact with the FBI — who have more information on those who set up this insurrection, rather than just busting down the window. Particularly given the unsurprising news that investigators are scrutinizing the role that Roger Stone and Alex Jones might have played (Rudy is not mentioned, but not excluded either), it seems critical that the FBI not adhere to its counterproductive use of informants targeting a group (no matter how reprehensible) rather than action.

The FBI has a lot to answer for in its utterly inconceivable failure to offer warnings about this event. If their informant practices blinded them — or if they’re making stupid choices now out of desperation to mitigate that initial failure — it will do little to mitigate the threat of the Proud Boys.

Bill Barr Claimed a Threat Meriting a Four Subpoena Investigation Didn’t Merit a Sentencing Enhancement

/44 Comments/in , , , , /by

In the aftermath of the Proud Boys-led insurrection, I’ve been reporting over and over on how Bill Barr’s DOJ treated threats by the Proud Boys against Amy Berman Jackson — which the probation office treated as the same kind of threat as the obstruction charge being used against many of the January 6 defendants — as a technicality unworthy of a sentencing enhancement.

Katelyn Polantz advanced that story last night, reporting that DOJ subpoenaed the four Proud Boys implicated by Roger Stone in his threat against ABJ for grand jury testimony.

Stone — testifying at a court hearing in 2019 to explain the post — said at the time that a person working with him on his social media accounts had chosen it.

Then, at another hearing the same year, Stone named names. Tarrio, the leader of the Proud Boys, had been helping him ​with his social media, Stone said under oath, as had the Proud Boys’ Florida chapter founder Tyler Ziolkowski, who went by Tyler Whyte at the time; Jacob Engels, a Proud Boys associate who is close to Stone and identifies himself as a journalist in Florida; and another Florida man named Rey Perez, whose name is spelled Raymond Peres in the court transcript​.

A few days later, federal authorities tracked down the men and gave them subpoenas to testify to a grand jury, according to Ziolkowski, who was one of the witnesses.

Ziolkowski and the others flew to DC in the weeks afterwards to testify.

“They asked me about if I had anything to do about posting that. They were asking me if Stone has ever paid me, what he’s ever paid me for,” Ziolkowski told CNN this week. When he first received the subpoena, the authorities wouldn’t tell Ziolkowski what was being investigated, but a prosecutor later told him “they were investigating the picture and if he had paid anybody,” Ziolkowski said. He says he told the grand jury Stone never paid him, and that he hadn’t posted the photo.

Tarrio and Engels did not respond to inquiries from CNN, and Stone declined to respond to CNN’s questions. ​The FBI’s Washington, DC, office did not respond to requests for comment from CNN.

A person familiar with the case said it had closed without resulting in any charges.

For what it’s worth, given the interest Mueller showed in Stone’s social media work, given the close ties between Stone’s social media work and that of the Proud Boys, and given that parts of the investigation against Stone continued well after his trial, it’s possible prosecutors used Stone’s comments as a way to ask other questions: about whether Stone had paid four of his closest buddies in the Proud Boys (remember they were also looking for a notebook Stone used for his 2016 book that recorded all of his communications with Trump).

That said, DC’s US Attorney’s office paid for four witnesses to come to DC to testify about whether they had had a role in Stone’s threats against the judge presiding over his case.

That raises the stakes on the things Barr said publicly about this threat. As noted, in a sentencing memo written as Barr’s urging, DOJ claimed that the threat against ABJ “overlap[ped] … with the offense conduct in this case.”

Second, the two-level enhancement for obstruction of justice (§ 3C1.1) overlaps to a degree with the offense conduct in this case. Moreover, it is unclear to what extent the defendant’s obstructive conduct actually prejudiced the government at trial.

And DOJ dismissed the import of a threat against a judge by suggesting that if it didn’t prejudice prosecutors at trial, it doesn’t much matter.

More problematic still was Barr’s testimony before House Judiciary Committee last July, just over two months before the President said the Proud Boys should “stand back and stand by.”

When Congressman Ted Deutch asked Barr if he could think of any other case where threatening to kill a witness and then threatening a judge were treated as mere technicalities, Barr kept repeating, at least five times, that “the Judge agreed with me.”

Deutch: You said enhancements were technically applicable. Mr. Attorney General, can you think of any other cases where the defendant threatened to kill a witness, threatened a judge, lied to a judge, where the Department of Justice claimed that those were mere technicalities? Can you think of even one?

Barr: The judge agreed with our analysis.

Deutch: Can you think of even one? I’m not asking about the judge. I’m asking about what you did to reduce the sentence of Roger Stone?

Barr: [attempts to make an excuse]

Deutch: Mr. Attorney General, he threatened the life of a witness —

Barr: And the witness said he didn’t feel threatened.

Deutch: And you view that as a technicality, Mr. Attorney General. Is there another time

Barr: The witness — can I answer the question? Just a few seconds to answer the question?

Deutch: Sure. I’m asking if there’s another time in all the time in the Justice Department.

Barr: In this case, the judge agreed with our — the judge agreed with our —

Deutch: It’s unfortunate that the appearance is that, as you said earlier, this is exactly what you want. The essence of rule of law is that we have one rule for everybody and we don’t in this case because he’s a friend of the President’s. I yield.

That claim — that ABJ agreed with the analysis of Barr and his flunkies — was a lie, a lie made under oath. ABJ, a liberal judge without Barr’s lifetime authoritarian claims about crime, believed the sentencing guidelines are too harsh. She did not believe these enhancements were mere technicalities.

Indeed, in ruling that the enhancement for the threat against her applied — a threat against official proceedings, the same charge being used against many of the insurrectionists — she talked about how posting a threat on social media, “increased the risk that someone else, with even poorer judgment than he has, would act on his behalf.”

I suppose I could say: Oh, I don’t know that I believe that Roger Stone was actually going to hurt me, or that he intended to hurt me. It’s just classic bad judgment.

But, the D.C. Circuit has made it clear that such conduct satisfied the test. They said: To the extent our precedent holds that a §3C1.1 enhancement is only appropriate where the defendant acts with the intent to obstruct justice, a requirement that flows logically from the definition of the word “willful” requires that the defendant consciously act with the purpose of obstructing justice.

However, where the defendant willfully engages in behavior that is inherently obstructive, that is, behavior that a rational person would expect to obstruct justice, this Court has not required a separate finding of the specific intent to obstruct justice.

Here, the defendant willfully engaged in behavior that a rational person would find to be inherently obstructive. It’s important to note that he didn’t just fire off a few intemperate emails. He used the tools of social media to achieve the broadest dissemination possible. It wasn’t accidental. He had a staff that helped him do it.

As the defendant emphasized in emails introduced into evidence in this case, using the new social media is his “sweet spot.” It’s his area of expertise. And even the letters submitted on his behalf by his friends emphasized that incendiary activity is precisely what he is specifically known for. He knew exactly what he was doing. And by choosing Instagram and Twitter as his platforms, he understood that he was multiplying the number of people who would hear his message.

By deliberately stoking public opinion against prosecution and the Court in this matter, he willfully increased the risk that someone else, with even poorer judgment than he has, would act on his behalf. This is intolerable to the administration of justice, and the Court cannot sit idly by, shrug its shoulder and say: Oh, that’s just Roger being Roger, or it wouldn’t have grounds to act the next time someone tries it.

The behavior was designed to disrupt and divert the proceedings, and the impact was compounded by the defendant’s disingenuousness.

This warning about what happens when people post inciteful language on Instagram might well have served as a warning in advance of January 6. But Barr, in testimony under oath to House Judiciary Committee, pretended that his DOJ had not ignored such a threat.

While it didn’t make the sentencing guidelines, the Proud Boy-linked threats to Credico were sufficiently serious that under FBI’s Duty to Warn, they alerted Credico to the threats. Now we learned that line prosecutors treated the threat against ABJ as sufficiently serious that they obtained grand jury subpoenas to learn more about it.

And in testimony under oath, Bill Barr pretended that ABJ agreed — and it was reasonable for his office to treat — such threats as mere technicalities.

Roger Stone Denies Palling Around with Alleged Terrorists [on January 6]

/30 Comments/in , , /by

On Sunday, the NYT had a really good piece showing that six members of the Oath Keepers that “guarded” Roger Stone on January 5 and 6 went on to participate in the insurrection. Curiously, most don’t obviously show up in the FBI BOLO pictures and the face of at least one was cut off in a larger picture of Oath Keepers, which I suspect means the FBI doesn’t want to advertise any interest they have in them.

Even before the NYT report, in response to CNN and ABC reporting on his ties to the Oath Keepers, Stone wrote a rebuttal disclaiming any tie to their actions on January 6.

The rebuttal starts and ends with lies about the Mueller investigation, claiming they found no proven link with WikiLeaks when in fact the release he talks about showed multiple ongoing investigations (that is in March 2019) into his role in the Russian CFAA hack, and then claiming he was investigated for treason, and not conspiracy.

These are the very same news outlets who failed to report that their previous claims against me – that I was aiding the Russian state or a collaborator with Wikileaks proved to be completely false according to the US Justice Dept. Those who made those accusations failed to report the court-ordered disclosure by the DOJ, the last actions of Mueller’s report in which they admitted they had no such evidence whatsoever and even if they had proven a link between me and Wikileaks, which they found no evidence of, those activities would not have been illegal.

[snip]

The very same fake news media outlets who defamed me and insisted falsely that I was guilty of treason and other high crimes and then failed to acknowledge that an unlimited $30 million-dollar investigation provided no such evidence now seek to use me a clickbait and an easy target with entirely false allegations that I had any role whatsoever in the politically stupid, destructive and illegal acts that took place at the US Capitol on January 6th.

So we should assume that in spite of Stone’s self-publicized recommitment to Catholicism, he continues to lie as blatantly as he always has.

Consider how he denies any involvement in events that have been charged — against the Oath Keepers as well as against Stone’s buddies in the Proud Boys — as a conspiracy to hinder the official proceeding of counting the certification of the Electoral College vote. One strand of his defense is that he didn’t leave the hotel on January 6 until he left for his plane (reportedly, because his speech at the rally had been cut).

These jackals in the media, who know better, again make baseless accusations against me using conjecture and “guilt by association” to imply that I was somehow involved in the illegal events of January 6th. I was not present, I knew nothing about them and denounced them on my now-defunct PARLER feed when I saw the images on TV.

The claims by these so-called journalists are categorically false as I was not present on the Ellipse, did not march to the Capitol, was not on the Hill and, like AOC was not at the Capitol that day.

In fact, other than the brief moments out in front of the Williard Hotel which CNN falsely reported I was departing from, I never left the Williard Hotel property because Hotel management prohibited congregating in the lobby due to the Mayor’s Covid 19 restrictions. Therefore I never left the hotel property on January 6th until leaving for Dulles Airport around 6:00 P.M.

[snip]

In fact, I never left the grounds of the Willard Hotel.

I stepped outside briefly when the hotel objected to anyone congregating in the lobby due to Covid-19 declarations by the Mayor.

Of course, that’s only a denial about his actions on January 6. The conspiracies charged against the Oath Keepers and the Proud Boys began weeks earlier, in preparation.

He spends a good deal of time denying he knew of any wrong-doing from the Oath Keepers and — thrown in once almost as an afterthought — the Proud Boys.

CNN rushes to characterize the Oath Keepers as criminals, which I have not seen any evidence of, and to my knowledge has never been proven in any court. I reserve the right to change my opinion if anything surfaces, which I am unaware of today. Based on what I have seen to date, ABC, CNN, and all of the low-rent left-wing advocacy news/smear sites are engaged in one vicious “guilt by association” campaign of distortion and baseless conjecture.

[snip]

If the Oath Keepers are the terrorists as some in the media claim and were involved in the planning and execution, I was not aware of any such thing.

[snip]

I know of no wrongdoing by the Oathkeepers or the Proud Boys.

But he’s talking about whether they are criminals, terrorists, or engaged in wrong-doing, not if they engaged in a concerted plan to disrupt the counting of the Electoral College vote.

He does, ultimately, say that if there’s credible evidence of a conspiracy against them, they should be charged for that (in statements on Parler that have since been deleted, he condemned the violence).

If there is evidence of that and if individual members of the organization committed unlawful acts, they should be prosecuted. If new credible information surfaces that reveals a conspiracy, everyone involved in such a conspiracy should be prosecuted.

It’s that line about a conspiracy I find most curious, given thats what has been charged. In the video from January 6, someone asks him if “we have this today.” He responds, seemingly acknowledging common understanding of what “this” is, “We shall see.” That’s the kind of intent that shows up in social media that DOJ has cited in charging documents.

More interestingly, Stone admits he raised money for security for January 6 (an observation MoJo’s Dan Friedman made), but says that the people guarding him were, instead, volunteers. The Oath Keepers’ recruiting post for the day actually invoked Stone’s name in talking about their “security” function.

Just as we have done at all the previous rallies in DC since the election, Oath Keepers volunteers will be conducting PSDs for multiple high profile speakers over both days, and our teams will be either directly responsible for event security or assisting event security on both days.   We will also have roving teams out that will be on the lookout for Antifa/communist terrorists who like to attack the weak and vulnerable.  We will be providing free security escorts to any patriot who needs one, into the night.   Just be on the lookout for men wearing our Oath Keepers hats, shirts, or patches, and ask them for help, and they will help you.    Our ethos is “first ones in, last one’s out” and we will stay out as late as we have to in order to keep the vulnerable safe from Antifa street thug terrorists.

As always, while conducting security operations, we will have some of our men out in “grey man” mode, without identifiable Oath Keepers gear on.   For every Oath Keeper you see, there are at least two you don’t see.   That keeps the bad guys uncertain of how many of us there are, or where we are.

Over the years, Oath Keepers has conducted hundreds of highly successful volunteer security operations all over the nation, protecting patriots from communist terrorist assault.  From the streets of Berkely, [sic] CA (two separate rallies), to Portland, Boston, Washington DC (six times and counting), Dallas, Austin, Sacramento, etc, including providing volunteer security escorts outside twelve Trump campaign rallies, and many PSD details for high profile VIPs, such as Roger Stone, as well as many elected officials and election fraud whistle-blowers and patriot office holders.   Our men are skilled “quiet professionals” who take pride in doing their work efficiently and effectively, without drama. [my emphasis]

Remember: way back during Stone’s Stop the Steal 2016 incarnation, there were questions about the propriety of his fundraising, and the government showed at Stone’s trial that Stone was asking Rick Gates for lists and asking Steve Bannon, while he was Campaign CEO, for help getting funding from Rebekah Mercer. This time around, he explicitly raised money, but says it didn’t get spent, on what would be funds for people who ended up having a key role in the attack.

For conspiracies that started months ago, the question is not whether Roger Stone was at the Capitol swinging a baseball bat on January 6. The question is whether he entered into an agreement to disrupt the constitutionally mandated official event of counting the votes and took overt acts — before January 6 or on that day — to advance that goal.

Most People Suspected of Assaulting Officers in the January 6 Attack Remain at Large

/199 Comments/in , , /by

There continue to be efforts to make grand judgments about the January 6 insurrectionists base off a review of the ~207 people who have been charged federally thus far. In my opinion, that’s a mistaken effort, unless the analysis breaks the current arrestees up into groups, first by excluding the 100 or so people just charged with trespassing crimes, who will appropriately be treated as people who engaged in civil disobedience.

Of the rest, there are maybe 25 who are members of an identified militia group. But that group is just a fraction of the total numbers of militia members we should expect will be arrested, because anyone in the Capitol or who planned to halt the vote certification can be charged, and we know of the people who joined Jessica Watkins’ Oath Keepers’ formation, as well as a busload of others from North Carolina. Plus, there are at least 10 more Proud Boys — probably significantly more — identifiable from videos as active participants. In other words, the number of militia members will continue to grow.

There’s another set of people — like Zip Tie Guy (Eric Munchel) and his mother — not known to have ties to militia (though definitely friendly to them), but who took actions that DOJ seems to treat more seriously. So, too, are the people — many of them women — who directed and instigated the crowd.

But there are another two sets of people that the FBI is clearly pursuing, of whom just a fraction have been arrested and identified so far. One is the group of people wanted for assaulting the media (AOM in the FBI’s wanted pictures), which is reportedly being led by a special group at DOJ. There are about 27 people identified in this group right now, none of whom have yet been arrested).

A more obvious one are people who’ve assaulted cops (just three of whom so far have ties to militia groups), identified by AFO at the FBI site. Multiple reports say that around 139 cops were assaulted on January 6. Just 26 people have been charged with either 18 USC 111 for assaulting a cop, or in closely related charges. Meanwhile, there are roughly 134 BOLO images of people who are suspected of assaulting cops, meaning there may be over 100 people suspected of assaulting cops on January 6 at large right now. All told, they would make up over a third of Federal suspects, yet most haven’t been arrested yet.

Here’s my running list of the people who, as of 2/22, had been charged with intimidating or assaulting police. I’ve also tracked how the FBI found them — whether by a tip based off Social Media, a law enforcement tip (this group includes several felons), those FBI BOLO posters, or some other means.

  1. Daniel Page Adams, whose arrest affidavit describes engaging in a “direct struggle with [unnamed] law enforcement officers” (his cousin, Cody Connell, described the exchange as a “civil war”). Tip SM
  2. Zachary Alam, who pushed cops around as he was trying to break into the Speaker’s Lobby. BOLO 79
  3. Wilmar Alvarado, who pushed cops in the mob trying to get in from the West Terrace. BOLO 65
  4. David Blair, who poked a cop with a lacrosse stick with a Confederate flag attached.
  5. Matthew Caspel, who was filmed charging the National Guard. Tip SM
  6. William Chrestman, who is accused of threatening a cop as Proud Boys pushed their way past the original line of defense (charged with 18 USC 115). NM
  7. Bruno Cua, who was filmed shoving a cop to be able to get into the Senate. Tip LE
  8. Nathan DeGrave, whom security cameras caught threatening to fight cops. Network Sandlin
  9. Daniel Egdvedt, a large man who took swipes and grabbed at several officers as they tried to remove him from the Capitol. BOLO 76
  10. Scott Fairlamb, who was caught in multiple videos shoving and punching officers (one who whom is identified but not named); Cori Bush has said she was threatened by him last summer. Tips, including SM
  11. Kyle Fitzsimons, who charged officers guarding the doorway of the Capitol. BOLO 139
  12. Michael Foy, a former Marine who was caught on multiple videos beating multiple cops with a hockey stick. Tip SM
  13. Robert Giswein, who appears to have ties to the Proud Boys and used a bat to beat cops. NM
  14. Alex Harkrider, who after being filmed fighting with police at the door of the Capitol, posted a picture with a crowbar labeled, “weapon;” he was charged with abetting Ryan Nichols’ assault. Tip SM
  15. Emanuel Jackson, whom videos caught punching one officer, and others show beating multiple officers with a metal baseball bat. BOLO 31
  16. Douglas Jensen, the QAnon who chased Officer Goodman up the stairs, got charged with resisting him.
  17. Taylor Johnatakis, charged with 111.
  18. Chad Jones, who used a Trump flag to break the glass in the Speaker’s Lobby door just before Ashli Babbitt was shot and may have intimidated three officers who were pursuing that group. Tip NM
  19. Vitali Gossjankowski, who was interviewed about whether he had tased MPD officer Michael Fanone, causing a heart attack; instead he was charged with tasing CPD officer MM (BOLO 98 — with a second one mentioned)
  20. Edward Jacob Lang, who identified himself in a screen cap of a violent mob attacking cops and who was filmed slamming a riot shield into police and later fighting them with a red baseball bat. Tip SM
  21. Mark Jefferson Leffingwell, whom a Capitol Police officer described in an affidavit punching him. Onsite arrest
  22. Joshua Lollar, who described fighting cops and was caught in pictures showing himself in the front lines confronting cops. Tip SM
  23. Michael Lopatic, who allegedly assaulted some cops with Stager and Sabol, then took a BWC to hide the assault. BOLO 133
  24. Patrick Edward McCaughey III, who was filmed crushing MPD Officer Daniel Hodges in one of the doors to the Capitol. BOLO 62
  25. Jonathan Mellis, who used some kind of stick to try to jab and beat police. Tip SM
  26. Matthew Ryan Miller, who released fire extinguisher in close quarters. Tip SM
  27. Aaron Mostofsky, possibly for stripping a cop of his or her armored vest and riot shield. NM
  28. Ryan Nichols, who was filmed wielding a crowbar and yelling, “This is not a peaceful protest,” then spraying pepper spray against police trying to prevent entry to the Capitol. Tip SM
  29. Jose Padilla, who shoved cops at a barricade, then helped use a Donald Trump sign as a battering ram against them. Tip SM
  30. Dominic Pezzola, a Proud Boy who stole a shield from cops. NM (BOLO 43)
  31. Jeffrey Sabol, helped drag a cop from the Capitol and beat him while prone. LE arrest (erratic driving)
  32. Ryan Samsel, who set off the riot by giving a cop a concussion; he appears to have coordinated with Joe Biggs. BOLO 51 (though not IDed by BOLO)
  33. Robert Sanford, who was filmed hitting Capitol Police Officer William Young on the head with a fire extinguisher. Tip NM
  34. Ronald Sandlin, who tried to wrestle cops to keep the door to the Senate open. MPD tip
  35. Peter Schwartz, a felon who maced several cops. Tip NM (BOLO 120)
  36. Christian Secor, a UCLA self-described fascist who helped shove through some cops to break into the Capitol and then sat in the Senate chamber. Tip NM
  37. Barton Wade Shively, who pushed and shoved some police trying to get into the Capitol, punched another, then struck one of those same cops later and kicked another. BOLO 55
  38. Peter Francis Stager, who was involved in beating a prone cop with a flagpole. Tip SM
  39. Tristan Stevens, who fought cops with a shield and baton. Video
  40. Thomas Webster, who attacked a cop with a flagpole (BOLO 145)

One reason I made this effort was to show that many of these people were identified via other means, and really a big number of people remain on the FBI’s BOLO list.

Unsurprisingly, more people on this list have tried to destroy evidence or flee, meaning it will likely take more time to find them all. There’s also reason to believe that the FBI would prefer to wait to charge these people until they’ve shored up their case.

There are a few more cases that were originally charged as 18 USC 231 that I suspect may get charged as 111 after indictment (which has happened with DeGrave, Sandlin, and Miller), including these.

Craig Bingert (BOLO 105)

Hughes brothers (BOLO 42 and others)

Here are some other notable arrests for which the FBI released a BOLO. Note that the first 30 or so of those posters weren’t targeted to a particular crime, but some — like bullhorn lady Rachel Powell — were identified as AFO in their BOLO but not charged that way.

Joshua Black (BOLO 6)

Steve Malonado (BOLO 20)

William Pepe (BOLO 4)

Matthew Perna (BOLO 73)

Rachel Powell (BOLO 110)

Kevin Seefriend (BOLO 30)

Joshua Wagner (BOLO 34)

Attribution-ShareAlike 2.0 Generic (CC BY-SA 2.0)

Flashbacks to the 2015 Campaign

/72 Comments/in , , , , , , , /by

Katy Tur at SXSW
[h/t nrkbeta Attribution-ShareAlike 2.0 Generic (CC BY-SA 2.0) ]

Several years ago, I got Mrs Dr Peterr Katy Tur’s book Unbelievable: My Front-Row Seat to the Craziest Campaign in American History. Tur had been the NBC reporter assigned to the Trump campaign in 2015 and 2016, and listening to the impeachment coverage yesterday and the coverage this morning, one episode she recounted in the book came flashing back . . .

In Dec 2015, three days before Trump announced his pledge to institute a Muslim travel ban, Trump got rattled at a rally in Raleigh NC where protesters coordinated their efforts and threw him off his game, interrupting his speech every couple of minutes from different parts of the arena. Disgusted, Trump abruptly left the podium and started shaking hands offstage, and Tur sent out a simple tweet describing what had happened.

Right before lunch the next day, Hope Hicks wrote her to say “Katy, Mr. Trump thought your tweets from last night were disgraceful. Not nice! Best, Hope.” Shortly thereafter, the media gets the word about the travel ban Trump intended to announce that night, and that becomes the big story of the day with Katy doing liveshots all afternoon. That evening, before a rally inside the USS Yorktown (an aircraft carrier-turned-museum in Charleston harbor), Trump blasted her with four attack tweets in the span of four minutes.

Tur says the rally’s specific location was a surprise, in that it wasn’t held on the carrier deck but inside the belly of the ship, with the media crowded into a pen.

Yes, we are in a pen: a makeshift enclosure made of bicycle racks and jammed full of desks, reporters, and camera equipment. We’re in the middle of the carrier, slammed against the right side wall. As usual, almost all of Trump’s supporters are white and a lot of them are looking at us, not exactly kindly. The campaign and Secret Service force us to stay inside the pen while Trump is onstage. They even discourage bathroom breaks. None of them have a good explanation for why we’re kept separate from the supporters. Are we the threat or are they?

Trump starts his rambling speech, and the crowd eats it up. Then Trump opens up on the media.

“The mainstream media,” Trump says. “These people back here, they’re the worst. They are so dishonest.”

Hoots and hollers.

And then I hear my name.

“She’s back there, little Katy. She’s back there.”

Trump then calls her a liar several times, and a third rate reporter several times as well, before pivoting to a more general attack on the media. Finally, once he’s got the crowd sufficiently whipped up, he formally announces the Muslim ban, and the crowd which she described earlier as looking at her like “a large animal, angry and unchained” went nuts.

She goes live with Chris Matthews as Trump leaves the stage, and when she’s done with that, Chris Hayes takes over and wants to keep her on the air for the lead story on his show that followed Matthews’.

[Trump] supporters are taking their time to leave. They’re still whipped up. I know someone is going to start yelling at me as soon as I start talking. So I do what I always do. I find the pinhole deep in the back of the lens and I tune everything else out.

A couple of minutes later, I’m done. The crowd that had gathered behind my live shot is gone except for a few stragglers, yelling at me. They’re five feet away, held back by those lousy bicycle racks. A Trump staffer shoos them away. MSNBC has cleared me and my bosses want [her cameraman/sound tech] Anthony and me to get out of there as quickly as we can. I don’t quite understand why until we pack up and start to head out. A Trump staffer stops me and says “These guys are going to walk you out.”

I look over and see two Secret Service agents. Thank goodness. They walk Anthony and me along the gangway back to our car. It’s pitch black and I’m nervous. We’re parked with the crowd.

Once we’re moving, I take a look at my phone. My mom has called. And called. And called. I dial her back. “Are you okay? Where are you staying? Can someone stay with you? You need security!? She is crying. And it hits me.

I’m a target.

On that day in December 2015, the security professionals of the US Secret Service recognized that Trump was dangerously inciting a mob, and stepped in to protect the target he had singled out.

On January 6, 2021, Trump again incited a mob, and this time there was no one to stop them.

The Insurrection Affidavits Don’t Show Where the Insurrection Was Organized

/42 Comments/in , , /by

The normally very rigorous Thomas Brewster has a piece purporting to fact-check Sheryl Sandberg’s claim, made days after the January 6 insurrection, that the insurrection wasn’t organized on Facebook.

“I think these events were largely organized on platforms that don’t have our abilities to stop hate and don’t have our standards and don’t have our transparency,” said Sheryl Sandberg, Facebook chief operating officer, shortly after the Capitol Hill riots on January 6.

The piece has led both bad faith and good faith actors to grasp on the story to claim that Facebook is responsible for the violence.

Brewster purports to measure that by seeing how many mentions appear in the charging documents for the 223 people included on GWU’s list of arrestees.

But a few paragraphs later, Brewster admits he’s not measuring on what platform the riot was organized, but instead which was most popular among rioters.

Whilst the data doesn’t show definitively what app was the most popular amongst rioters, it does strongly indicate Facebook was rioters’ the preferred platform.

Even that is not proven (though it may well prove to be true), but obviously which platform is most used among rioters to boast about the riot is a very different question than on which platform (if any) the insurrection was organized.

Here’s why:

  • At least half the existing affidavits are a measure of which riot attendees were most likely to be outed and how
  • Expect parallel construction
  • There are a lot of dangerous rioters who’ve not yet been charged
  • The currently accused in no way represent all the known people who might be considered organizers of the riot or the larger operation
  • The existing affidavits are no measure of what platforms actual organizers used to organize

At least half the existing affidavits are a measure of which riot attendees were most likely to be outed and how

The police made just a handful of arrests on January 6, with the biggest component being curfew violators who did not even provably enter the Capitol (and so those non-federal cases should not be included in the analysis of rioters, as Brewster did).

In the four and a half weeks since the riot, the cops have engaged in a kind of triage, arresting those whom they could easily identify and then, over time, prioritizing those who — from video evidence of the insurrection — appeared to have committed more dangerous crimes. That means in the days after the insurrection, arrests largely focused on the people who appeared the most outlandishly stupid in videos, those whose own social networks of family, work acquaintances, and high school friends disapproved of their participation in the riot and so called the FBI with a tip, or those who identified themselves in media interviews (which often led to family, work acquaintances, and high school friends to then alert the FBI).

To understand the affidavits, it’s important to realize that any person who entered the Capitol without a legitimate purpose on January 6 (that includes a number of people who videoed the event but had no media credentials) were committing two crimes, both tied to it being the Capitol. So all the FBI would need to charge someone is to prove that they entered the building.

About half the current arrestees were charged with just these trespassing crimes, yet many of these people were among the first arrested. These people are in no way the organizers of the riot, and many of them are just Trump supporters who were caught up in the crowd. Some even credibly described trying to de-escalate the situation (including one such guy who got arrested because he had the misfortunate to show up in videos of the guy who stole Pelosi’s lectern).

The measure of how these people were arrested is quite often a measure of the fact that they shared their memories of the day or were caught by others who did. And to the extent that this happened on Facebook, it likely happened because Facebook is the platform where people have their broadest social networks, making it more likely that a lot of people who don’t sympathize with the riot would have witnessed social media content talking about it. Facebook is where ardent Trump supporters still share networks with people who vehemently oppose him.

In other words, in this initial arrest push, the people who bragged on Facebook were among the most likely to be arrested precisely because the network includes a broader range of viewpoints. It’s a measure of reach — and the political diversity of that reach — and not a measure of the centrality of the platform to the planning or violence.

Expect parallel construction

As noted, in the weeks since the insurrection, some agents at the FBI have obviously shifted to a reverse approach: rather than arresting those against whom tips came in from aggrieved ex-wives and people who were owed money, the FBI started to identify which rioters were the most dangerous and prioritize figuring out who they were.

One type of more dangerous rioter would be those with institutional ties that lead the FBI to believe there might be something more going on. But these are just arrest affidavits, which the FBI is acutely aware will be publicly scrutinized. As every single one of them say, they don’t reflect the totality that an Agent might know about the person. And in those cases, we should expect the FBI to parallel construct what they know about people and how they came to know it.

Social media is a wonderful way to do that.

And it does seem that the FBI relied on social media to establish probable cause for such people. Take the Lebanese-born woman who started engaging in the 3% community in November, which the FBI cites to Facebook. Or consider how the FBI pretends they did not know who Nick DeCarlo was until he showed up in Nick Ochs’ Twitter feed. Both rely on social media (in the latter case, one piece of evidence is something researchers found on Telegram and posted on Twitter, and so should be chalked up in the “uses Telegram” column).

But measuring how the FBI parallel constructed other knowledge is not a measure of what social media platforms people primarily use.

There are a lot of potentially dangerous rioters who’ve not yet been charged

As noted, one way the FBI shifted focus after the initial arrests of people identified by their disapproving family members was by identifying people involved in assaults — first of officers (designated by AFO), and then the media (designated by AOM) — and trying to identify them, in part through the use of Wanted posters (BOLO).

To date, the FBI has released 223 BOLOs, of which 40 precede the shift of focus to those involved in assault (and so include people who caught attention for another reason, such as the use of a Confederate or Nazi imagery). The FBI has arrested around 35 people identified in BOLOs, thus leaving around 190 people that the FBI has identified to be of particular interest based off video images, that they have not yet arrested.

For what it’s worth, I suspect that the FBI has identified a goodly number of these people, and may even have sealed complaints against some of them but is holding off on an arrest to gather more evidence. That is, they can arrest them now, but would prefer not to until they shore up their case. In a number of cases where people were identified off of BOLOs, the people turned themselves into the FBI but denied any physical contact was anything but a love tap (here’s one example, but there are others), potentially making it harder to prosecute for the violence.

If and when these people are identified, they may well prove to have used Facebook. But thus far, this group of people has shown better operational security and (unsurprisingly) a greater likelihood to flee or to destroy evidence.

But whatever their Facebook use, when counting the numbers of the 800 people who committed a trespass crime on January 6 by entering the Capitol, of which 200 have been arrested, it’s worth noting that almost another 200 — some of the greatest concern — have not been provably identified by bragging Facebook posts yet.

The currently accused in no way represent all the known people who might be considered organizers of the riot or the larger operation

Thus far, the government has filed the bare outlines of conspiracy charges against both the Oath Keepers (who spoke of a plan they had trained for) and the Proud Boys (who moved in obviously coordinated fashion communicating via radio on January 6). But those conspiracy charges currently include just three and two people, respectively (with a sub-conspiracy charged against two more Proud Boys).

According to claims quoted in charging documents, there were anywhere from 30 to 65 Oath Keepers involved in the riot (including a busload from North Carolina). There are at least three other key Proud Boys that have not been arrested for the riot (Enrique Tarrio, of course, was arrested days earlier for a different racist attack), and about half of those that have were charged with just the trespassing crimes.

In general, these people are not currently identified in BOLO posters.

In other words, this is a set of people — perhaps another 40 on top of the 190 outstanding BOLO figures — that the FBI likely considers key suspects.

And that’s just the organizers of the riot. That doesn’t include James Sullivan, who appears to have been in communication — via text — with Rudy Giuliani.  It doesn’t include people like Ali Alexander and Rudy and possibly Roger Stone who would tie the riot to the larger effort to delay the vote (which is the object of both the Oath Keeper and Proud Boys conspiracy). We know from Stone’s prosecution, at least, that he was de-platformed long ago and learned to use encrypted apps by August 2016.

In any case, before you can make claims about what platforms were used to organize the insurrection, you first need to identify the universe of people believed to have organized it. Right now, perhaps as few as 20 of the 200 people who’ve been arrested should be considered leaders of it, and there are probably at least another 40 who might be considered organizers of the riot itself who have not been arrested yet.

The existing affidavits are no measure of what platforms actual organizers used to organize

To be sure, both of the groups identified in conspiracies (and Three Percenters) made use of Facebook. As Brewster cited, accused Oath Keeper conspirator Thomas Caldwell posted updates to Facebook during the siege, and the co-conspirators did use Facebook to communicate both publicly and privately before the event. Among those referencing the Proud Boys in affidavits, Andrew Ryan Bennett uploaded video to Facebook,  Gabriel Garcia uploaded video to Facebook, and Daniel Goodwin used Instagram and Twitter. As noted above, Nick Ochs had a campaign Twitter account.

But some of the more substantive public communications from both groups, including important communications from before the riot, was posted on Parler. And both groups used other means — Zello for the Oath Keepers and radios for the Proud Boys — to communicate operationally during the day.

With the Proud Boys, in particular, Facebook and Twitter have long tried to exclude them from the platform, both because their speech violated platform guidelines but also because after expulsion the group tried to bypass that expulsion.

Importantly, aside from some quotations from Jessica Watkins’ Zello account and those Facebook messages, the FBI hasn’t shown what it has of operational communications between these groups, and it’s unlikely to do so, either, until trial. The FBI is not going to share how much it knows (if anything) about the operational contacts of these groups until it has to. Which makes any conclusions drawn from what it is willing to show of questionable validity.

Don’t get me wrong: I’m happy to argue that Sheryl Sandberg is one of a number of Facebook executives who should be ousted. I agree that Facebook has fostered right wing violence, not least with the settings of its algorithms (which is the opposite of what Glenn Greenwald wants the Facebook problem to be). Because it has such wide breadth, it is a platform where people not already radicalized might get swept up in disinformation.

But I know of little valid evidence yet about Facebook’s role in organizing the insurrection, nor is there likely to be conclusive evidence for some time yet.

Update: Changed language to describe Tarrio’s alleged vandalism of a traditionally black church to make it clear he is not accused of assaulting another person.

image_print