Jack Burkman and Jacob Wohl’s Pathetic Disinformation May Finally Matter

/5 Comments/in , , /by

Yesterday, Jack Burkman (he of the press conference with his fly down) and Jacob Wohl (he of the precocious financial fraud) had a press conference at CPAC yesterday to spew disinformation.

Again.

They claimed they were releasing all sealed documents from the Roger Stone trial, not just juror questionnaires, but also grand jury testimony. Their statements were inconsistent about whether, by “sealed documents,” they meant everything that had been loaded onto the docket (which might include just Steve Bannon and Randy Credico’s grand jury transcript, both of which were litigated before the trial), or everything released in discovery to Stone.

They purported to be journalists exposing a miscarriage of justice of an American hero, by which they meant Roger Stone.

They were given to us, they did not come from Roger Stone, they did not come from anyone on his defense team, we’ve never met Roger Stone. … What happened was court packing.

They claimed they had a journalistic duty to release these documents to show a systematic conspiracy, led by Judge Amy Berman Jackson, against Stone, to pack the jury. They claimed, “Not a single juror” on Stone’s trial, “watches Fox News,” that they are instead “religious Rachel Maddow viewers.” They also claimed one could never have a lawyer on a jury.

The documents released (which I won’t link) demonstrated, once again, that their implementation was embarrassingly shoddy and their claims were false. All they released were juror questionnaires, and they didn’t release the questionnaires all 12 jurors. They uploaded the questionnaire of one juror twice (making ten total). Those jurors described their media diet this way:

  • occasionally a CNN headline
  • DC Fox 5 News
  • Fox 5 News
  • New York Times, established news sources that appear in my Google Feed (WSJ, Washington Post, etc.)
  • Wall Street Journal
  • NYT, Washington Post, NPR
  • Washington Post, NPR
  • Washington Post, Facebook, Twitter
  • Washington Post, PBS Newswire, NPR
  • Washington Post, Apple News Service, Twitter, Facebook, New York Times, CNN, Politico, The Hill, CBS News, “not regularly, but CNN Shows (Anderson Cooper), MSNBC — Rachel Maddow/Chris Hayes

Admittedly, local Fox News is not the same thing as Fox News Channel, but at least two of the jurors listed it as their primary news diet, a refutation of Wohl and Burkman’s entire premise.

The last bullet — the only one specifically naming Rachel Maddow — is from the foreperson, the woman on whose selection Stone based his bid for a new trial (and for more juror information on which Mike Cernovich is attempting to intervene in Stone’s case). But all the foreperson’s questionnaire shows is that Stone had notice of her liberal news watching diet during voir dire, and his team didn’t choose to disqualify her. That is, they are to blame for her presence on the jury, not ABJ or the DC District Court or anyone but Stone.

Likewise, just four or five jurors said they had heard anything about Stone’s case.  Three who had seen coverage of Stone had generally remembered his arrest (which, given the right wing propaganda suggesting he was ill-treated, would have been helpful to Stone). Again, the foreperson is the one person who commented negatively, describing that he “is accused of inappropriate contact Russian officials in the effort of helping Mr. Trump’s campaign for President.” She is also the person who had the most family members — a niece and a brother — who had been prosecuted for a crime.

Wohl and Burkman claimed that the jury was packed with CIA people and lawyers. In reality, that consisted of two people (including the foreperson) who each said they had a single friend who worked for the FBI, one person whose father had worked for CIA for 2-3 years in the 1960s before the juror was born, and one person whose son is in the Coast Guard.

This is the frothy right’s idea of a Deep State plot against Roger Stone.

Wohl and Burkman did not mention that the juror with the most direct, high level current political connection has a spouse who appears to work for a conservative Republican Senator.

In short, like all their hoaxes, this one was badly executed and based on lies.

But the poor execution may be the downfall. The released documents don’t actually reveal anything beyond what had already been identified during the initial frenzy against he foreperson (and since the foreperson gave credible responses in the hearing, backed by the testimony of two other jurors who said she was one of the last jurors to vote to convict). But Wohl and Burkman failed to redact the handwritten notes about a potential juror on one of the questionnaires.

This is going to make it easier to identify the potential sources for this document, something that ABJ was already trying to do in the hearing earlier this week.

There is a concerted effort on the part of the frothy right to violate every single norm of jury service, all to discredit a slam-dunk case against Roger Stone that even Bill Barr said was righteous. And for once these shithole hoaxsters may have done some good — in the form of helping the FBI figure out who’s behind it all.

Ted Yoho Says Lynching Is Not A Hate Crime

/67 Comments/in /by

Yesterday, in an historic vote by the overwhelming total of 410 to 4, the US House of Representatives passed HR 35, the Emmitt Till Antilynching Act. Here is how the Washington Post described the efforts leading to the bill, which took over 100 years to pass:

The House on Wednesday overwhelmingly passed legislation that would make lynching a federal hate crime, more than 100 years since the first such measure was introduced in Congress.

H.R. 35, the Emmett Till Antilynching Act, was approved on a bipartisan 410-to-4 vote after a sometimes emotional debate in the House. Rep. Bobby L. Rush (D-Ill.), who sponsored the legislation, said the bill will “send a strong message that violence, and race-based violence in particular, has no place in American society.”

House Speaker Nancy Pelosi (D-Calif.) also took to the floor to salute Rush for spearheading the bill and to urge members to support it.

“We cannot deny that racism, bigotry and hate still exist in America,” she said, citing the 2017 white nationalist rally in Charlottesville, among other recent incidents.

The measure’s passage comes after lawmakers tried, and failed, to pass anti-lynching bills nearly 200 times.

So, who could possibly be against the idea of lynching being a hate crime? One of them turned out to be the Congressman from my district, Republican Ted Yoho. In an interesting coincidence, another is the Congressman from Marcy’s district, Independent Justin Amash. Yoho and Amash differ by the caucuses to which they belong. Yoho, along with fellow No-voter Louie Gohmert of Texas, belongs to the Freedom Caucus, which routinely supports the most extreme right-wing conservative Republican policies, especially those that repress any citizens besides old white males. Amash, on the other hand, along with fellow No-voter Thomas Massie of Kentucky, caucuses with fellow Libertarians. One might try to say that at least the Libertarians are trying to make the point that we don’t need an extra law to declare lynching a hate crime because killing is already a crime. I would counter that lynching occupies a position of huge significance in the history of our country  and that its especially heinous nature, coupled with the intent to inflict terror on all people of color, makes it the ultimate hate crime and worthy of distinction even if no other crime rose to the level of a hate crime. For the Freedom Caucus members, it’s much easier to see how they get there. They are straight up racist in the bulk of their policies and they support a president who praised violent white nationalists who killed a protester in Charlottesville.

I’ll leave it to Marcy to go further into what may have led Amash to such a despicable position on this bill. The rest of this post will be aimed at describing and placing into context the severe harm that Yoho has done with this vote.

As a scientist, a horse owner and neighbor living just a few blocks away, I have struggled since his election to try to find some way to like Ted Yoho or to at least find a reason to admire him on even one front. After all, before he ran for office, he treated one of our horses once when he was the weekend area horse vet on call and one of our horses had a problem. Sadly, even though I know for a fact that he is a competent vet with the commensurate professional training and compassion for animals, his behavior in Congress has been to throw in with the extremely low-brow, anti-intellectual hate mongering that characterizes Trump’s Republican Party. Then, when he announced recently that he would not seek reelection this year, I had new hope that he would stop role-playing to get election funds and vote his conscience. That hope got dashed when Yoho continued boorish Freedom Caucus behavior and voted against both Trump articles of impeachment. Yesterday’s vote, then, leaves me unable to draw any other conclusion than that Yoho actually believes the racist tripe that the Freedom Caucus spouts if he’s willing to team up with fellow retiring dead-ender Gohmert to cast such a hate-filled vote.

But it gets much worse. As a resident of Alachua County, it seems impossible that Yoho would not know that our county has embarked on a Peace and Reconciliation Plan aimed at confronting the history of racial violence and lynching in our county. In November of 2018, a busload of Alachua County residents went to Montgomery, Alabama to visit the National Memorial for Peace and Justice. Here is part of the description of that trip:

As part of a trip to Montgomery, Alabama, last month, members of our community visited the Legacy Museum, which explores the aftermath of slavery, lynching, Jim Crow laws and their link to mass incarceration in U.S. history. We met with officials from the Equal Justice Initiative, which administers the Museum and the National Memorial for Peace and Justice about a mile away.

/snip/

Through the Equal Justice Initiative’s work, descendants of lynching victims and others collect soil from the crime scenes into containers labeled with their names. Dozens of glass jars filled with dirt and clay line museum shelves. The intention is to gather the dried blood and tears, the symbolic DNA of the victims, to take it to a place where it will be honored and memorialized, instead of leaving it at a forgotten parking lot, roadside or remote wooded area.

The National Memorial for Peace and Justice lists the names of more than 4,000 African American men, women and children lynched between 1877 and 1950 in 800 different counties across the country. The names are engraved on coffin-shaped metal slabs that stand or are suspended over the memorial space. From a distance, the rusting monuments in various shades of brown call to mind the bodies of these victims that haunt our history.

We read 18 names on the Alachua County slab, although local researchers have already identified more than twice that number of actual victims. Remembering this cruelty and honoring the memories of its victims does not mean we are dwelling in the past. Naming them and our role in this terror is a step in the process of transcending the past and beginning to heal.

The idea is to go through a truth and reconciliation process, and for each county to claim a replica of their historical marker to take back to their own community. As part of Alachua County’s truth and reconciliation process, we need to take an honest look at the following: the history of the role of slavery in the creation of wealth in our county; the history of lynching and illegal corporal punishment; and documentation of disproportionate negative contact and prosecution of persons of color by law enforcement and the criminal justice system.

More recently, on February 7 of this year, there was a memorial service in Gainesville to recognize the victims of racial violence in our county and to continue the process aimed at a permanent memorial in their honor. Here’s a partial screencap of the Gainesville Sun article on the service, showing the crowd gathered for the service. I was able to attend this service and found it extremely powerful:

That service was followed by another bus trip, this time to both Selma and Montgomery, Alabama on February 13 to February 15. I was able to join this group, as well. The feature image for this post is a view from inside the National Memorial for Peace and Justice, looking toward the large structure housing the monuments for each county’s list of lynching victims. Here’s the Alachua County monument:

But what really seared into my memory were the multiple collections of jars of soil from lynching sites. Here’s my photo of one such wall in the building housing the meeting room and gift shop at the National Memorial:

 

This powerful video, recorded prior to the completion of the National Memorial for Peace and Justice, includes Bryan Stevenson (yes, this is the same Bryan Stevenson you will recognize from the movie “Just Mercy”) describing the soil collection process and shows some collections as they occurred:

When our group gathered for an informational meeting prior to the trip, we each drew a name of a victim of racial violence in Alachua County to take with us on the trip. Here’s the name I got:

This name is not on the memorial in Montgomery, as only 18 are carved in now. After further research, there are now over 40 known vicitms in our county. It was moving to walk through these sites commemorating what has happened to people of color in our county out of fear, prejudice and hate while holding onto this name. Then, on Tuesday of this week, our group re-gathered to share a meal and to hold our own memorial service. As each victim’s name was read off the list, a candle was lit in their honor and the person who had carried the name stood in our circular gathering of chairs. Just typing this memory brought me to tears.

On April 4, our community will gather just west of Gainesville in the small town of Newberry, but still within Alachua County, to collect soil from a known lynching site. I will do my best to go to this, since Reverend Josh Baskin(s) was among the Newberry 6 lynched in August of 1916.

Now consider just how damaging Ted Yoho’s vote yesterday is. Our community has been coming together for years in a process meant to draw attention to, to commemorate and to honor the victims of racial violence in our county. In the midst of this process, Yoho just inserted a vile piece of racial hatred that reminds us that the road to peace and reconciliation will not be short. It has taken 100 years for these victims to be recognized and for Congress to pass legislation pointing out the level of hatred involved. Yoho’s vote reminds us that the first African-American US president has been followed by a president who thrives on stoking racism and hatred.

But we must not give in. This quote from Rep. John Lewis’s book “Across That Bridge: A Vision for Change and the Future of America” was reproduced in the booklet with our trip information (and I had highlighted it when I read the book just before leaving):

Take a long hard look down the road you will have to travel once you have made a commitment to work for change. Know that this transformation will not happen right away. Change often takes time. It rarely happens all at once…

Use the words of the movement to pace yourself. We used to say that ours is not the struggle of one day, one week, or one year. Ours is not the struggle of one judicial appointment or presidential term. Ours is the struggle of a lifetime, or maybe even many lifetimes, and each one of us in every generation must do our part. And if we believe in the change we seek, then it is easy to commit to doing all we can, because the responsibility is ours alone to build a better society and a more peaceful world.

There is so much comfort in these words from such a dedicated veteran of the movement. Sadly, Congressman Lewis was too ill to be present to cast a vote in favor of HR 35, but we can rest assured that he has voted in favor of every previous attempt to pass such a bill during his tenure in Congress.

To Ted Yoho, all we need to say is that your time for promoting hate in the US Congress is coming to an end at the end of this year. Your views will eventually lose out, and peace and justice will eventually come to our country. There are simply more people who are working for peace and justice than there are promoting hate. Even within our current Congress, which has many Republicans who endorse the bulk of the racist Republican agenda, you were outvoted by over 100-1 on the issue of lynching being a hate crime. The Senate and House versions of this legislation will soon be synchronized, and even if your racist president chooses to veto, there are enough votes to override this last-ditch effort to spread hate.

Preparing For The Inevitable Coronavirus Disease 2019 Outbreak

/294 Comments/in /by

Jim here.

I am quite late to getting to a post on the new coronavirus, but headlines yesterday finally forced me to move ahead and gather info today. First, watch this incredibly informative video from the World Health Organization. It gives very good information on the biology of the virus and what’s going on in the outbreak:

Although Donald Trump and his media partners have been denying that Coronavirus Disease 2019 (COVID-19) is a real cause for concern, there were multiple statements yesterday from US health officials that ranged from quite alarming to somewhat more reassuring. The announcements were summarized well by the Washington Post. Perhaps the most attention was paid to portions of what Dr. Nancy Messonnier provided in a telephone briefing yesterday morning. Dr. Messonnier is the Director of the National Center for Immunization and Respiratory Diseases. A recording of the briefing and a full transcript can be found here.

Of most note from the briefing is when Messonnier stated:

Ultimately, we expect we will see community spread in this country.  It’s not so much a question of if this will happen anymore but rather more a question of exactly when this will happen and how many people in this country will have severe illness.

So, yes, spread of COVID-19 in the US is inevitable. Messonnier continued, discussing what can be done to try to contain the disease. Because there’s no vaccine or specific treatment for the virus, control has to be through what is termed non-pharmaceutical interventions or NPIs:

There are three categories of NPIs.  Personal NPIs which include personal protective measures you can take every day and personal protective measures reserved for pandemics.  Community NPIs which include social distancing measures designed to keep people who are sick away from others.  And school closures and dismissals.  And environmental NPIs which includes surface cleaning measures.

It’s in the category of potential community NPIs where the biggest concerns start to appear:

Now I’d like to talk through some examples of what community NPIs look like.  These are practical measures that can help limit exposure by reducing exposure in community settings.  Students in smaller groups or in a severe pandemic, closing schools and using internet-based teleschooling to continue education.  For adults, businesses can replace in-person meetings with video or telephone conferences and increase teleworking options.  On a larger scale, communities may need to modify, postpone, or cancel mass gatherings.

Messonnier expanded on the disruptions:

Secondary consequences of some of these measures might include missed work and loss of income.  I understand this whole situation may seem overwhelming and that disruption to everyday life may be severe. But these are things that people need to start thinking about now.

So, yes, there may well be significant disruptions to everyday life in parts of the US. We of course don’t know when this would occur, or where in the US it would be. But this is a good time to start thinking about how a disruption to moving around for a couple of weeks would affect you. Here in Florida, we regularly have to prepare for a week or more of loss of electricity during hurricane season. Preparing for community control measures would be a bit different. Right now, my thoughts for our household are that I will stockpile a few extra large cuts of meat in the freezer. These are things I’d eventually use anyway, so it won’t hurt to have them around. I’ll increase a few of the pantry items that I wouldn’t otherwise increase until the start of hurricane season. I’ll beef up my supplies for baking bread. If a disruption starts looking more likely locally, I’ll even add some frozen veggies to my stockpile, but for now I’m going to rely mostly on my ongoing CSA supply.

But I’m not going to rush out and buy an N95 respirator facemask. The current recommendations from CDC do not recommend facemasks for the general public. They are only recommended for people who are sick or for those who are caring for someone who is sick. This and the other CDC recommendations for treatment and prevention can be found on this helpful page.

The key thing to remember in trying to avoid catching COVID-19, as described in the video above and on the CDC page linked just above, is to avoid being very close to sick people. The guideline mentioned is six feet. If you see someone who looks symptomatic, it shouldn’t be too hard to stay six feet from them. Also, if the virus is known or suspected to be in the area where you are, be especially careful to keep your hands below your shoulders at all times and to wash your hands frequently if visiting public places. As CDC describes here, transmission is thought primarily to be through aerosol droplets such as sneezes and coughs, but it remains possible that the virus could be picked up by touching contaminated surfaces.

Finally, people are also quite concerned about the prediction discussed here by Professor Marc Lipsich, an epidemiologist at Harvard. He has stated that it’s possible that a COVID-19 pandemic could result in 40-70% of people world-wide becoming infected. As Lipsich points out, however, that estimate must be coupled with the realization that we currently have no good estimate for what percentage of people who become infected develop few or no symptoms. In fact, moving out from his discussion, there currently are widely ranging estimates of what percentage of infected people die. Inside Wuhan, where the virus first emerged, estimates now are that 2.8% of those infected die. Outside Wuhan, however, that number drops to 0.18%, a difference of over 15-fold. For a discussion of how early we are in the process of understanding the epidemiology of this virus and why these numbers differ, see this paper.

For perspective, it appears that COVID-19 spreads far more efficiently than SARS and MERS, but conversely, SARS and MERS killed a higher percentage of those infected. We see more COVID-19 deaths because many more people have been infected.

The featured image for this post is in the public domain and comes from CDC. Here is the caption CDC provides: “This illustration, created at the Centers for Disease Control and Prevention (CDC), reveals ultrastructural morphology exhibited by coronaviruses. Note the spikes that adorn the outer surface of the virus, which impart the look of a corona surrounding the virion, when viewed electron microscopically. A novel coronavirus, named Severe Acute Respiratory Syndrome coronavirus 2 (SARS-CoV-2), was identified as the cause of an outbreak of respiratory illness first detected in Wuhan, China in 2019. The illness caused by this virus has been named coronavirus disease 2019 (COVID-19).” Credit for the image goes to Alissa Eckert, MS, Dan Higgins, MAM.

The State of Play: Joshua Schulte and Julian Assange

/39 Comments/in , , , /by

Last year, it looked like the Joshua Schulte trial, rescheduled in the fall to start January 13, would be done before the extradition hearing for Julian Assange started. Two things changed since then: Schulte got a delay until February 3, and then last month, Assange convinced Judge Vanessa Baraitser to split his extradition hearing into two, the first part lasting a week starting Monday, and then resuming on May 18 for three more weeks.

As a result, both men are in court during the same week, intersecting in interesting ways.

Thus far, Assange’s argument is threefold:

  1. His prosecution is hopelessly political, merely retaliation by the hated President that Assange helped elect, Donald Trump
  2. The evidence in the case against Assange is so weak as to be abusive
  3. A person cannot be extradited for political crimes like the Espionage Act

The first argument is a load of horseshit covering up the fact that the timing of the treatment of WikiLeaks as a non-state hostile intelligence service, the increased surveillance of Assange, and the initial December 21, 2017 charge all stem from WikiLeaks’ burning the CIA by publishing all its hacking tools. It’s horseshit, but it garners a lot of enthusiasm among WikiLeaks supporters who like to conveniently forget that, whatever Assange’s motivations were in 2010 (when he engaged in the acts he is charged with), he nevertheless helped Russia help Trump get elected. That said, even though the claims about what changed in 2017 are horseshit, it doesn’t change that the existing charges against Assange pose a real danger to journalism.

The second argument is far stronger. For each of the theories of prosecution under which Assange is charged — attempting to help Chelsea Manning crack a password, soliciting certain files via WikiLeaks’ wish list, and publishing a bunch of files in which the names of US and British sources were later revealed — Assange has at least a credible defense. Assange never succeeded, and could not have succeeded, in cracking that password. Manning didn’t leak the precise files that WikiLeaks had on its wish list (though did leak some of the same sets). WikiLeaks originally went to some effort to redact the names of sources, only to have a Guardian journalist release the password revealing them. Mind you, the extradition hearing is not the trial itself, so for these defenses to be relevant, WikiLeaks has to prove that the case against Assange is abusively weak.

The third argument, which is being argued today, is a more interesting legal question. Assange claims that the existing Anglo-US extradition treaty, passed in 2003, still prohibits extradition for political offenses like theEspionage Act. The US argues that Assange’s extradition is governed by the Extradition Act of 2003, which did not include such a bar (and also disagrees that these are political crimes). The lawyers are even arguing about the Magna Carta! Judge Vanessa Baraitser seems inclined to side with the US on this point, but the question will surely be appealed. Mind you, one of the charges against Assange, CFAA, is in no way a political offense, and the UK has not barred its own citizens, much less foreign citizens hanging out in foreign embassies, from being extradited on the charge (though several hackers, most recently Lauri Love, have challenged their extradition to the US for CFAA on other grounds).

Yesterday, Assange’s defense spent a good deal of time making the second argument. The US didn’t respond. Rather, it said it would deal with those issues in the May hearing.

Meanwhile, the Schulte trial is wrapping up, with Schulte doing little to mount a defense, but instead preparing an appeal. Yesterday, Schulte asked that an instruction on the defendant not testifying be added to the jury instructions (normally, these are included from the start, but Schulte has been claiming he would testify all this time). Today, Schulte told the court that Steve Bellovin won’t testify because he never got access to all the data Judge Paul Crotty ruled he couldn’t have access to (not mentioning, however, that the restrictions stemmed from Crotty’s own CIPA judgment).

I’m still unclear on the status of the witness, Michael. Schulte is trying to submit his CIA investigative report in lieu of finishing cross-examination (which is where things had left off). But it still seems possible that Crotty would require his testimony to be resumed, giving the government another opportunity to redirect his testimony. This is all likely happening today, but given that there’s so little coverage of the trial, we won’t know until Thursday.

Before all this happened, however, the jailhouse informant provided very damning testimony against Schulte, not only describing how Schulte obtained a phone (swapping an iPhone for a Samsung that he could load all the apps he wanted on it), but also claiming that Schulte said, “Russia had to help him with what he was doing,” launching an information war.” I had learned of similar allegations of ties or willingness to forge them with Russia via several sources in the past. And Schulte’s own jailroom notebooks include hints of the same, such as a bullet point describing how Russia could help the US “destroy itself.”

And his final plan — which the informant alerted his handlers to just before Schulte launched it — included some “Russia pieces.”

As part of the same plan to get fellow SysAdmins to leak all their secrets to WikiLeaks, then, Joshua Schulte was also hoping to encourage Russia to attack the US.

I’ve long said the Vault 7 case, if it were ever added to Julian Assange’s charges (including an extortion charge, which would also not be a political crime), would be far more damning and defensible than the ones currently charged. Filings from November suggested that the government had come to think of Schulte’s leaks to WikiLeaks as the last overt act in an ongoing conspiracy against the United States.

And by 2018, Schulte had come to see leaking to WikiLeaks as part of the same plan encouraging Russian attacks on the US, precisely the allegation WikiLeaks has spent years trying to deny, especially in the wake of Assange’s cooperation in Russia’s election year operation.

It’s not clear whether the US will add any evidence to the original 2010 charges against Assange before May (though Alexa O’Brien has pointed to where additional evidence might be), but the statement they’re waiting until then to rebut the solid defense that WikiLeaks is now offering suggests they might. That might reflect a hope that more coercion against Chelsea Manning will produce that additional evidence (she has renewed her bid to be released, arguing that such coercion has obviously failed). Or it might suggest they’ve got plans to lay out a broader conspiracy if and when Schulte is convicted.

Assange’s lawyers pushed for the delay to May in the first place. If the US government uses the extra time to add charges related to Vault 7, though, the delay may make a significant difference in the posture of the case.

The Kinds and Significance of Russian Interference — 2016 and 2020

/81 Comments/in , , , /by

Trump’s meltdown last week — in which he purged top staffers at the Director of National Intelligence after a briefing on Russian interference in the 2020 election, followed by National Security Advisor Robert O’Brien making shit up on Meet the Press — has created a firestorm about Russian interference in the 2020 election. That firestorm, however, has spun free of what ways Russia interfered in 2016 and what effect it had.

Five ways Russia interfered in 2016

First, remember that there were at least five ways Russia interfered in 2016:

  • Stealing information then releasing it in a way that treats it as dirt
  • Creating on-going security challenges for Hillary
  • Using trolls to magnify divisions and feed disinformation
  • Tampering with the voting infrastructure
  • Influence peddling and/or attempting to recruit Trump aides for policy benefits

Stealing information then releasing it in a way that treats it as dirt

The most obvious way Russia interfered in 2016 was by hacking the DNC, DCCC, and John Podesta (it also hacked some Republicans it did not like). It released both the DNC and Podesta data in such a way as to exaggerate any derogatory information in the releases, successfully distracting the press for much of the campaign and focusing attention on Hillary rather than Trump. It released DCCC information that was of some use for Republican candidates.

Roger Stone took steps — not all of which are public yet — to optimize this effort. In the wake of Stone’s efforts, he moved to pay off one participant in this effort by trying to get a pardon for Julian Assange.

Creating on-going security challenges for Hillary

In addition to creating a messaging problem, the hack-and-leak campaign created ongoing security challenges for Hillary. Someone who played a key role in InfoSec on the campaign has described the Russian effort as a series of waves of attacks. The GRU indictment describes one of those waves — the efforts to hack Hillary’s personal server — which came in seeming response to Trump’s “Russia are you listening” comment. An attack that is often forgotten, and from a data perspective was likely one of the most dangerous, involved a month-long effort to obtain Hillary’s analytics from the campaign’s AWS server.

Whatever happened with this data, the persistence of these attacks created additional problems for Hillary, as her staff had to spend time playing whack-a-mole with Russian hackers rather than optimizing their campaign efforts.

Using trolls to magnify divisions and feed disinformation

Putin’s “chef,” Yevgeniy Prigozhin, also had staffers from his troll factory in St. Petersburg shift an ongoing campaign that attempted to sow division in the US to adopt a specific campaign focus, pushing Trump and attacking Hillary. Importantly, Prigozhin’s US-based troll effort was part of a larger multinational effort. And it was in no way the only disinformation and trolling entity involved in the election. Both parties did some of this, other countries did some, and mercenaries trying to exploit social media algorithms for profit did some as well.

Tampering with the voting infrastructure

Russia also tampered with US voting infrastructure. In 2016, this consisted of probing most states and accessing voter rolls in at least two, though there’s no evidence that Russian hackers made any changes. In addition, Russian hackers targeted a vendor that provided polling books, with uncertain results. The most substantive evidence of possible success affecting the vote in 2016 involved failures of polling books in Durham County, NC, which created a real slowdown in voting in one of the state’s most Democratic areas.

In recent days, there have been reports of a ransomware attack hitting Palm Beach County in September 2016, but it is unclear whether this was part of the Russian effort.

Because there’s no certainty whether the Russian hack of VR Systems was behind the Durham County problems, there’s no proof that any of these efforts affected the outcome. But they point to the easiest way to use hacking to do so: by making it harder for voters in particular areas to vote and harder for specific localities to count the vote.

Some of what Russia did in 2016 — such as probes of a particularly conservative county in FL — may have been part of Russia’s effort to discredit the outcome. They didn’t fully deploy this effort because Trump won.

Influence peddling and/or attempting to recruit Trump aides for policy benefits

Finally, Russia accompanied its other efforts with various kinds of influence peddling targeting Trump’s aides. It was not the only country that did so: Saudi Arabia, Egypt, Turkey, UAE, and Israel were some of the others. Foreign countries were similarly trying to target Hillary’s campaign — and the UAE effort, at least, targeted both campaigns at once, through George Nader.

Importantly, however, these efforts intersected with Russia’s other efforts to interfere in the election in ways that tied specific policy outcomes to Russia’s interference:

  • An unrealistically lucrative Trump Tower deal involved a former GRU officer and sanctioned banks
  • At a meeting convened to offer Trump dirt about Hillary, Don Jr agreed in principle to revisit ending Magnitsky sanctions if Trump won
  • George Papadopoulos pitched ending sanctions to Joseph Mifsud, who had alerted him that Russia had emails they intended to drop to help Trump
  • Paul Manafort had a meeting that tied winning the Rust Belt, carving up Ukraine, and getting paid personally together; the meeting took place against the background of sharing internal polling data throughout the campaign

As I’ll note in a follow-up, information coming out in FOIAed 302s makes it clear that Mike Flynn’s effort to undercut Obama’s December 2016 sanctions was more systematic than the Mueller Report concludes. So not only did Russia make it clear it wanted sanctions relief, Trump moved to give it to them even before he got elected (and his Administration found a way to exempt Oleg Deripaska from some of these sanctions).

Manafort continued to pursue efforts to carve up Ukraine until he went to jail. In addition, Trump continues to take actions that undercut Ukraine’s efforts to fight Russia and corruption. Neither of these have been tied to a specific quid pro quo (though the investigation into Manafort’s actions, especially, remained inconclusive at the time of the Mueller Report).

So while none of these was charged as a quid pro quo or a conspiracy (and the reasons why they weren’t vary; Manafort lied about what he was doing, and why, whereas Mueller couldn’t prove Don Jr had the mens rea of entering into a quid pro quo), Russia tied certain policy outcomes to its interference.

Trump’s narcissism and legal exposure exacerbated the effects

The Russian attack was more effective than it otherwise would have been for two reasons. First, because he’s a narcissist and because Russia built in plausible deniability, Trump refused to admit that Russia did try to help him. Indeed, he clings more and more to Russian disinformation about what happened, leading the IC to refuse to brief him on the threat, leading to last week’s meltdown.

In addition, rather than let FBI investigate the people who had entered into discussions of a quid pro quo, Trump obstructed the investigation. Trump has spent years now attacking the rule of law and institutions of government rather than admit what DOJ IG found — there was reason to open the investigation, or admit what DOJ found — there was reason to prosecute six of his aides for lying about what happened.

The Russian effort was just one of the reasons Hillary lost

It’s also important to remember that Russia’s interference was just one of the many things that contributed to Hillary’s loss.

Other aspects were probably more important. For example, Republican voter suppression, particularly in Wisconsin and North Carolina, was far more important than any effect the VR Systems hack may have had in Durham County. Jim Comey’s public statements about the email investigation had at least as much effect as the Russian hack-and-leak campaign did on press focus. Hillary made some boneheaded choices — like barely campaigning in WI and MI; while I had worried that she made those choices because Russia tampered with her analytics (with the AWS hack), that doesn’t seem to have happened. Disinformation sent by the Trump campaign and associates was more significant than Russian disinformation. It didn’t help that the Obama Administration announced a sharp spike in ObamaCare prices right before the election.

The response matters

As noted, Trump’s narcissism dramatically increased the effect of the Russian efforts in 2016, because he has always refused to admit it happened.

Compare that to Bernie’s response to learning that Russia was trying to help his campaign, which accepted that it is happening and rejected the help.

“I don’t care, frankly, who [Russian President Vladimir] Putin wants to be president,” Sanders said in a statement. “My message to Putin is clear: Stay out of American elections, and as president I will make sure that you do.

“In 2016, Russia used Internet propaganda to sow division in our country, and my understanding is that they are doing it again in 2020. Some of the ugly stuff on the Internet attributed to our campaign may well not be coming from real supporters.”

This was not perfect — Bernie could have revealed this briefing himself weeks ago, Bernie blamed the WaPo for reporting it when it seems like the story was seeded by O’Brien. But it was very good, in that it highlighted the point of Russian interference — sowing divisions — and it reaffirmed the import of Americans selecting who wins. Plus, contrary to Trump, there’s no reason to believe Bernie would pursue policies that specifically advantaged Russia.

Other factors remain more important than Russian interference

There’s very serious reason to be concerned that Russia will hack the outcome of 2020. After all, it would need only to affect the outcome in a small number of precincts to tip the result, and the prospect of power outages or ransomware doing so in urgent fashion have grown since 2016.

That said, as with 2016, there are far more urgent concerns, and those concerns are entirely American.

Republicans continue to seek out new ways to suppress the vote, including by throwing large swaths of voters off the rolls without adequate vetting. There are real concerns about voting machines, particularly in Georgia (and there are credible concerns about the reliability of GA’s tally in past elections). Republicans have continued to make polling locations less accessible in Democratic precincts than in Republican ones.

Facebook refuses to police the accuracy of political ads, and Trump has flooded Facebook with disinformation.

And Bloomberg’s efforts this year — which include a good deal of trolling and disinformation — are unprecedented in recent memory. His ad spending has undercut the ability to weigh candidates. And his personnel spending is increasing the costs for other candidates.

Russian efforts to sway the vote are real. Denying them — as some of Bernie’s supporters are doing in ways that hurt the candidate — does not help. But, assuming DHS continues to work with localities to ensure the integrity of voting infrastructure, neither does overplaying them. Between now and November there’s far more reason to be concerned about American-funded disinformation and American money distorting our democratic process.

The Inconsistencies of the UC Global Julian Assange Spying Story

/15 Comments/in , , , , /by

Tomorrow, the first of two extradition hearings for Julian Assange starts. In addition to the least damning of several pardon discussions that happened with Assange, the hearing will include discussion of allegations that Assange was spied on in the Embassy, the most recent incarnation of which appeared in the Australian press today. In addition, NYT covered the story here, some key El País stories are here, and Andrew Müller-Maguhn did a presentation on it at CCC.

The story goes that a Spanish company employed to ensure security in the Ecuadorian Embassy, UC Global, significantly ratcheted up the level of video and audio surveillance of Assange in 2017. Additionally, Spain is investigating whether the head of that company, David Morales, shared that surveillance — possibly in real time — with the United States, allegedly directly with the CIA.

I’d like to point to some inconsistencies in the stories. I’m not defending the levels of surveillance of Assange — but neither would I defend the gross abuses of privacy WikiLeaks has committed against private citizens in the US, Turkey, Saudi Arabia, and other countries. Nor am I contesting that the surveillance took place. I’m even willing to stipulate that the surveillance got shared with the US (though no story on this topic convincingly substantiates this, and some of the public bases for the claim CIA was the recipient are flimsy).

What legal regime has jurisdiction

One interesting question about all this pertains to the legal regime. This is surveillance conducted by a Spanish company with US business locations on Ecuadorian territory being raised in a post-Brexit British legal proceeding regarding extradition to the US. The surveillance of the embassy is Ecuador’s concern — and whatever you think of Rafael Correa’s Bolivarist politics, he embraced really intrusive surveillance. The sharing of data from the EU to the US — whether directly from the UK or via Spain — might come under GDPR or Privacy Shield protection, except EU law excepts out national security from these laws, which would apply here. And because UC Global does and did business in the US (it even had a location in New Mexico in 2016), it might be subject to subpoena or other legal process to conduct surveillance.

As it pertains to the question of extradition, as I understand it, the law in the UK has to do with proportionality, and as we’ll see, what we’re really talking about is surveillance of Assange during a period of investigation of one of the worst breaches of any Five Eyes intelligence agencies in history, Vault 7 (not the 2016 publications), and the surveillance ratcheted up during a period when WikiLeaks was still publishing those files. Which likely means the UK is going to be very permissive in how it weighs the question of this surveillance, because this was about an investigation into someone who helped burned a Five Eyes spying partner to the ground.

The escalation of surveillance happened after Vault 7 started

Virtually all of these stories obscure the timing, as illustrated by this AMM slide.

A key part of the story suggests that because UC Global owner Morales got a contract with Sheldon Adelson in 2015, under the Obama Adminsitration, that somehow proves CIA involvement, and some of the reports on this make it clear that UC Global was working for Adelson, which negates the entirety of his role. Sillier still, that Morales traveled to Chicago is no indication of a tie to CIA.

Once you’ve dismissed that, then it’s clear the escalation didn’t start in earnest until June and July 2017.

In his talk, AMM mentions that the US was unhappy about certain “publications,” plural, without describing them. There’s good reason to be silent about it — the same silence that WikiLeaks supporters like to enforce elsewhere. WikiLeaks was not only publishing CIA’s hacking tools with thin — and inaccurate — claims to justify doing so in the guise of journalism, but WikiLeaks was and is sitting on CIA’s actual hacking tools.

At the time, WikiLeaks was in ongoing communications with accused Vault 7 leaker Joshua Schulte (communication it continued at least as long as June 2018, when WikiLeaks posted the blogs Schulte published from jail, but probably even after that). The targeting of Schulte, himself, might explain some of this surveillance. And Morales’ presence in Alexandria (which AMM misstates as Arlington) is utterly consistent with someone subject to US subpoena appearing before a grand jury in EDVA; surveillance records are considered business records in the US subject to subpoena.

Certainly, questions about what WikiLeaks was doing with the still unpublished hacking tools might have elicited the surveillance. And in the months before the surveillance actually ratcheted up in December 2017 (which is when the surveillance in question really began), Schulte was doing some things on Tor that may have included reactionary communications with WikiLeaks.

Even AMM’s presentation, however, confirms that before December 2017 — that is, before the US finally detained Schulte and charged Assange — much of Assange’s private space was not covered by the surveillance. That actually dramatically contradicts claims about surveillance of Assange made in the past.

From there, all the stories make much about the events of December 21 and 22, 2017 (indeed, AMM presents the planned Ecuadorian-Russian exfiltration on those dates as a potential US kidnapping).

But here, too, the timing is obscured. The Australian piece, for example, suggests the surveillance put in place in anticipation of these events was a response to it.

“It got to the point where, during a visit to Mr Assange, the head of Ecuador’s intelligence service [Rommy Vallejo, on December 21, 2017] was also spied on,” Martinez added.

“In the meeting between Mr Vallejo and Mr Assange the possible release [from the embassy] of Mr Assange in a few days later was discussed.”

Within hours of that secret meeting, which was known to only a few people, the US Ambassador to Ecuador complained to Ecuadorian authorities, and the next day the US issued an international arrest warrant for Assange, Martinez said.

“That leads us to believe that the conversation was urgently sent to the US authorities and that they urgently issued the international arrest warrant the next day,” he said.

There’s a lot to be told about the events of December 21, which is the day Assange was actually charged. But events pertaining to Schulte preceded them. And Ecuador’s designation of Assange as a diplomat on December 19 — and the UK’s rejection of it — would have alerted the UK (and through them, the US) of the events two days before the meeting in question, without any surveillance.

Finally, as AMM notes, “PROM” took over surveillance after Ecuador made a security agreement with the US in April 2018. AMM suggests that that, for the first time, made such surveillance illegal. There’s no basis for that, particularly given that UC Global has a US component. Moreover, it was PROM, and not UC Global, that allegedly engaged in the corrupt sale of surveillance records, something that often gets lumped on UC Global.

In summary, say what you will about this surveillance, which clearly became oppressive in December 2017. Say what you will about whether obtaining all of CIA’s hacking tools and sitting on most of them is “journalism.” But if you’re going to talk about why surveillance ratcheted up, you do need to account for the fact that WikiLeaks was engaged in activities that resemble what CIA does, not what journalists do.

Assange has 1,000 lawyers

One of the key allegations is that this surveillance collected on conversations between Assange and his lawyers. The most recent Aussie version points to meetings with Geoffrey Robertson and Jennifer Robinson.

While this may be typical surveillance at a secure diplomatic property, what Robertson did not know was he and a handful of other lawyers, were allegedly being targeted in a remarkable and deeply illegal surveillance operation possibly run at the request of the US Government.

And recordings such as Robertson’s visit are at the heart of concerns about the surveillance: privileged legal conversations between lawyer and client in a diplomatic residence were recorded and, later, accessed from IP addresses in the United States and Ecuador.

Robertson was only one of at least three Australian lawyers and more than two dozen other legal advisers from around the world that were caught up in the surveillance operation.

Long-time WikiLeaks adviser Jennifer Robinson was one of the other Australian lawyers caught in the spying operation.

Jennifer Robinson is a pretty important lawyer for WikiLeaks, but even here she’s described as an “advisor.” And WikiLeaks has a long history of gaming legal representation, up to and including using it to obtain visibility about the defense of related persons.

Randy Credico even joked about how many people are claimed to be WikiLeaks lawyers at Roger Stone’s trial.

Q. Margaret Kunstler is one of WikiLeaks’s lawyers?

A. You’ll let — she’s going to have to describe her role as a — what her role is with WikiLeaks. You know, I don’t — he has — Julian Assange has about 1,000 lawyers. You know, Michael Ratner was one of his lawyers. Alan Dershowitz was one of his lawyers.

Q. Thank you.

A. There are a lot of lawyers. All right? But, that — you know, who’s a lawyer —

Robinson will present the Dana Rohrabacher story as a witness this week, so it’s worth attending to precisely what legal role these lawyers are playing.

Even if this surveillance was shared in real time with the United States, there are protocols in both the CIA and FBI about how to deal with it. The meetings were surveilled. That doesn’t mean the meetings with the lawyers actually representing him were viewed by American authorities.

Steve Bellovin Weighs in on the Schulte Mistrial Request

/6 Comments/in , , , /by

Steve Bellovin, who for the reasons I laid out in this post, has impeccable credibility, has now weighed in on accused Vault 7 leaker Joshua Schulte’s bid for a mistrial. Bellovin is Schulte’s technical expert, and lost a bid last August to get direct forensic access to the workstation and servers at issue in his case.

The current bid for a mistrial is based on two complaints: first, DOJ withheld notice that the CIA had put Schulte’s buddy, Michael, on paid administrative leave last August until the day Michael testified. In addition, Schulte argued they had gotten inadequate forensic discovery to challenge the government’s case.

Ultimately, I think this bid — even with Bellovin’s renewed request — will likely not work. With regards to the forensics demand, this is really a complaint about a decision Judge Paul Crotty made under the Classified Information Procedures Act last summer, which Schulte renewed based off unpersuasive claims about the scope of one of the testimony of one of the government’s expert witness, Patrick Leedom, at trial. Schulte certainly can and no doubt will appeal Crotty’s decision, but the government claimed in its response that the defense didn’t make the more tailored requests for information that were permitted under Crotty’s order.

While the defendant has maintained his stubborn insistence on full forensic images, he has failed to actually make use of the information the Government provided, such as the data on the Standalone, to explain why the discovery produced by the Government was inadequate, or to take the Court up on its repeated invitation to the defense to make more narrow requests. In United States v. Hill, the court did order the Government to produce two mirror images of hard drives containing child pornography to the defense. See 322 F. Supp. 2d 1081, 1091 (C.D. Cal. 2004). Hill, however, does not involve the requested disclosure of an unprecedented and staggering amount of classified information without a showing that the information would be both “relevant and helpful,” as required by CIPA.2

With regards to the late notice about Michael’s paid leave, I think (though am not certain) that this is actually a Jencks issue, and I think (though am not certain) the government did comply with the letter of the law even if withholding the report was dickish and unnecessary.

In his declaration, Bellovin makes a frivolous point about Michael as an excuse to complain about both issues raised in the mistrial motion: that there was a common password to Confluence that Michael could have used to access the backup files from which Schulte allegedly stole the files.

The government makes a number of specific assertions that are misleading or simply false. For example, the government states that certain FBI reports “make clear that Michael never had Atlassian administrator privileges and thus did not have the ability to access or copy the Altabackups (from which the Vault 7 information was stolen).” Gov’t Opp. at 8. As a simple factual matter, this statement is untrue. The possession of “Atlassian administrator privileges” had nothing to do with the ability to access or copy the Altabackup files. Rather, what was needed was log-in access, i.e., a working user name and password, to the Confluence Virtual Machine (or “VM”). Michael certainly had such log-in access. As shown in Leedom Slide 60 (GX 1207-10 and GX 1207-11), which is described as “April 16, 2016 Confluence Backup— password and shadow files,” a user name called “confluence” is listed (Slide 60, GX 1207-11, third line from the bottom). The password for this user name was listed on a web page that was accessible to all OSB members, including Michael, and was used for many other log-ins throughout the organization. See GX 1202-5 (listing one commonly used password as “123ABCdef.”). This password was valid both before and after April 16, 2016. So if Michael had simply typed that password into the Confluence VM on April 20, 2016, along with the user name “confluence,” he would have had access to the Altabackup files from which the Vault 7 information was allegedly taken.

Not only has the defense known this for over a year, I even pointed to the availability of root passwords days after the initial leak in March 2017. So nothing about the late notice on Michael prevented Schulte from arguing this from the start. Moreover, this is something the government already addressed in their response.

 Finally, the defense complains that he should have been able to examine the Confluence virtual machine to determine whether another user had “root” access, such as Michael. Again, the defendant’s argument fails. Initially, the defendant has been on notice since December 10, 2018 that Michael had “root” access to the ESXi Server, given that that fact was referenced in three different 302s produced to the defense at that time. Moreover, the defense has been provided with the available ESXi Server logs in discovery, such that he could have tried to determine whether any other user was logged in using the “root” password (there was not any such other user logged in during the reversion). Furthermore, to extent the defendant is complaining about the Confluence log files specifically, his assertion fails for two reasons. First, the Confluence log files of the activity on the Confluence virtual machine were deleted when the defendant reversed the reversion. Second, the Government produced to the defense the remaining Confluence application logs from April 7, 2016 through April 25, 2016 on June 14, 2019.

I remain sympathetic to Bellovin’s request in principle, but doubt that it will work legally in this instance. Plus, given Sabrina Shroff’s strategy on everything else, it seems they didn’t make the expanded requests earlier to leave open this opportunity to complain now.

What happens on appeal is a different issue though, one that goes to the heart of how CIPA gets applied in a computer hacking case like this. The government has, successfully, argued that the forensics of this case amount to classified information that must first qualify under the CIPA requirement that evidence is both relevant and helpful to the defense. I’m reasonably comfortable that the government has given Schulte enough forensics to test their theory of the case — that is, to test whether Schulte did revert backups on April 20, 2016 and access — and so presumably copy — the backup copy of the files published by WikiLeaks. But there are two questions they didn’t provide enough forensics to answer.

The first pertains to whether anyone else ever used the weak protections of these servers to do anything suspicious.

It’s clear that one prong of whatever defense Schulte will offer (and therefore what Bellovin will do in his testimony) is that CIA’s security was woefully inadequate, both in their physical space (Schulte was able to bring in thumb drives on at least two occasions and, the prosecution’s case suggests, even two hard drives) and digitally. Schulte’s lawyers have already brought out aspects of this on cross. What Bellovin won’t be able to do (aside from pointing to a time someone swapped the cables accessing the Internet, which resulted in a massive effort to clean up any data pollution of the CIA network) is point to any damage from real security incidents, aside from Schulte’s. And while that’s not necessary to rebut the government’s theory of the case, it is a part of arguing that Schulte was concerned about security himself (a claim that multiple witnesses have already credibly debunked) but also that the government was not making sufficient efforts to keep this National Defense Information secure, which is an element of the Espionage Act charges.

A far more interesting question pertains to the evidence against Schulte. Schulte is accused of stealing both the “Confluence” files — which are development notes — and “Stash” — which includes source code and user guides. The entirety of the Confluence files were posted on WikiLeaks on March 7, 2017, whereas a bunch of files from Stash were published, drip by drip, until November 2017.

The government has presented a compelling case that Schulte accessed a March 3, 2016 copy of Confluence and made a copy, based on existing logs of that back-up.

But it has not been able to do the same with Stash, I believe because the log files were deleted after the reversions that Schulte did on April 20, 2016, as elicited in cross-examination of “Dave,” the SysAdmin witness.

Q. That was confusing, you saying “yes,” me saying “okay.” Let’s talk about these missing Stash logs, okay? You said that you never would have in a security system or in a secure system lose logs, correct? A. Correct.

Q. And you were asked about missing logs, correct, missing logs from January 14 to April 21, correct? You remember that?

A. I’m sorry, I apologize, not really. But if it’s in the report, I may have talked about it.

Q. Let’s look at 3515-09. Page four. You were asked about missing logs from January 14 to April 21, 2016. Correct?

A. Is this — which exhibit is this? I apologize. I don’t have the right — do I have the right one?

The government has instead tracked file sizes and a copy date range to suggest that Schulte copied those files on that same date, here in testimony from expert witness Michael Berger.

Q. So what was your conclusion as to when the data, the range for the data?

A. For Stash we identified the range of data being from February 26, 2016, at 9:36 a.m., and March 4, 2016, at 9:45 a.m.

Q. Can you remind us, was there an identical hash for the marble file at March 1st?

A. Yes, there was.

Q. Was there a reason why you didn’t use March 1st here instead of February 26?

A. Yes.

Q. What’s that?

A. The reason is because that the files were identical, we didn’t want to assume that the data had to have come after March 1st. We took a more conservative approach and we slid our date back to being as possibly coming from after February 26 instead.

[snip]

Q. Let’s move on to the next. What does this reflect?

A. This reflects both the Stash and Confluence analysis. Looking at Stash, we can see that the data that was on WikiLeaks corresponds to the data from between February 26, at 9:36 a.m. and March 4, at 9:45 a.m. Looking at the Confluence data points, we’re able to get a smaller window that shows between March 2, 3:58 p.m. and March 3, at 6:47 a.m.

To some degree this doesn’t matter: leaking Confluence by itself would be a violation of the Espionage Act and so sufficient for guilty verdicts. But absent that evidence, the defense will be able to point to other questions about the Stash back-up made during the change in privileges on April 18, 2016, notably that the SysAdmin who changed privileges to the network on April 18, 2016, Dave, kept one copy on his desk and one copy on a hard drive he subsequently misplaced.

Q. You never told the FBI, did you, that you ever moved it to a locked compartment in your desk, correct?

A. Correct.

Q. And you also said that you actually couldn’t even recall if you had wiped the information about Stash off of that hard drive, correct?

A. Correct.

Q. And sitting here today, you have not a clue as to where that hard drive is, correct?

A. No, I don’t.

I don’t rule out Schulte using someone else’s privileges to delete the Stash logs (for example, he had and used the credentials of “Rufus,” a guy who was supposed to work in SysAdmin but moved on after a short period, in his April 20 hack). But the government hasn’t shown that, perhaps because doing so would implicate one of their key witnesses.

Given the cross of Patrick Leedom, I think it quite likely Schulte’s team knows what happened and plans to unveil it to maximal advantage during their defense.

Q. And according to you and the government, shortly afterward, during this reversion period, the theory is that he also accessed the Stash backup file, correct?

A. That would be correct.

Bellovin may have a very good idea of where such evidence would be — I’m particularly intrigued by this request, because the government doesn’t appear to understand why Bellovin asked for it — and may even know, via Schulte (who spent a lot of time on obfuscation) that it would look exculpatory (but that’s based on the government’s response, not any understanding of what this might show).

The defendant argues that he could not test the vulnerability of the “DS00 file system,” without access to the mirror image of the NetApp Server. The defendant does not explain why this forensic artifact would demonstrate any vulnerabilities or how any part of Mr. Leedom’s testimony-which did not reference the file system-implicated this assertion. Therefore, the defendant has not established that a mistrial is required based on this claim.

Then there’s a far more interesting question. As of the date of completion of a WikiLeaks Task Force Report on October 17, 2017, as brought in via the testimony of Sean Roche, the CIA had only moderate confidence that WikiLeaks hadn’t obtained the “gold repository” of finished exploits.

Q. Right. All you know is, in 2017, WikiLeaks published it, correct?

A. That’s correct.

Q. And did you by any chance learn that even after 2017 publication, the CIA still did not know whether or not WikiLeaks had the information from the gold repository?

MR. DENTON: Objection.

THE COURT: Overruled.

A. Could you repeat that, please, ma’am.

Q. Sure. Is it fair to say, sir, that the CIA slash you still don’t know if WikiLeaks has the gold repository?

THE COURT: Rebecca, could you read the question back, please. (The record was read)

A. I believe that represents the last conversation I had on what is called the gold repository.

Q. So I’m correct.

A. Yes.

Q. CIA still doesn’t know?

A. I don’t know that, ma’am. I don’t work there anymore.

Q. You know what the WikiLeaks task force report is?

A. Yes, I do.

Q. Could you pull that up for this gentleman, please. Are you happier with a paper copy or the screen?

A. We can do this.

Q. Could we just go to page 45. Could you just focus on the actual text. You see that line, “However we now assess with moderate confidence”?

A. Yes.

Q. Right. “Moderate confidence that WikiLeaks does not possess the gold folder,” correct?

A. Correct.

This is clearly testimony prosecutor David Denton did not want to come in.

That moderate confidence judgment appears to be based on Leedom’s analysis of what privileges Schulte himself had.

Q. You see there a folder at the bottom, “source code and binary gold copies”?

A. Yes.

Q. What are those?

A. These are the delivered completed tools from the work at EDG.

[snip]

Q: Would the defendant have been able to copy the gold source folders?

A: No, he would not have had access to it with his DevLAN account.

But given Schulte’s own behavior, it’s not clear this analysis can rule out the possibility Schulte took the gold repository.

One of the last events in Schulte’s never-ending escalation of grievances came when he sent an email on June 28, 2016 to Meroe Park, the CIA Executive Director (the #3 ranking official at CIA), Andrew Hallmen, who was then the Director of the Directorate of Digital Innovation (and just got ousted as Deputy Director of National Intelligence in the purge of ODNI last week), and Sean Roche, the Deputy Director of DDI. This came in the wake of Schulte first obtaining privileges to his old project, Brutal Kangaroo, and then booting all the other developers off it. In response to the email, as laid in Roche’s testimony, Roche first responded immediately via email and then had a meeting with Schulte on June 30, 2016. In the meeting with the senior most official Schulte met with, he insinuated he still might get his administrator privileges back.

Q. What did you mean when you say you asked him about permissions?

A. On the system that he was working on, an agency network, his — he had — his permissions had been changed, and when his management explained to him, he went back in and changed his permissions back to get access again, and they had issued a letter of warning to him explaining how serious that was and that that behavior is not acceptable.

Q. Why was that something you discussed with him?

A. Because of how serious the nature of that is. Activity on any system that holds agency data, agency tools, things that we call sources and methods, is — is — it is very, very important that we not have a doubt about what people have access to and maintain the integrity and the protection of that information.

Q. What did you discuss with him about his permission changes?

A. I said to him something to the effect of in the post-Edward Snowden era, you don’t do something like that. That’s going to draw attention that you certainly don’t want. It’s really serious, and you cannot be taking that kind of action.

Q. And how did he respond?

A. He talked a little bit about the project that he had been working on and some new work that he had been given, and he was not pleased with it. But at one point, he stopped and he looked at me and said, You know, I could get back on it if I wanted to, something to — that’s not — I won’t say that’s the exact quote, but it’s pretty darn close.

Q. Now, when he said that, did you understand him to be raising a security concern about the network?

A. No. What I, what I realized — it was a striking comment because, to me, it illustrated that after everything that had happened, all the warnings, all of this formal process, that he was determined to undermine the controls on the network.

Brutal Kangaroo is a USB-based tool to exfiltrate from air-gapped machines. Schulte unsuccessfully attempted to delete the copy of Brutal Kangaroo he had worked on at home on April 28, 2016. But he regained access at CIA in June. He also had worked on serious obfuscation tools.

Given the state of the CIA networks, it’s not impossible that Schulte made good on that threat using tools built by the CIA to make it difficult for the CIA to discover if it happened.

Not long after, in August 2016, according to warrant affidavits the substance of which have not yet been entered into evidence at the trial (they’re likely to come in early this week via an FBI Agent laying out the evidence of the rest of the charges, including obstruction and lies in FBI interviews as well as the MCC charges), Schulte started getting really interested in WikiLeaks and Shadow Brokers and Edward Snowden.

Schulte stuck around months after he allegedly first stole data from the CIA, and he threatened a very senior official that he might regain access that would allow him to do so again.

Having access to logs that might suggest that had or had not happened wouldn’t help Bellovin refute the case against him. But it might hide details of still worse compromise that the CIA would like to keep quiet.

I think Schulte can — and will attempt to, on appeal — argue that the forensics behind a hack are a different kind of classified evidence than intelligence itself (that is, information about what the intelligence community knows), both because it is neutral data about potential compromise and because you can’t just substitute a name like you can for other intelligence. In this case, it goes to the heart of a dispute about whether the CIA was really doing what it needed to do to keep these files safe. The evidence doesn’t suggest that Schulte gave a damn about all that; on the contrary, he clearly exploited it. But it’s evidence he can make a claim to need to rebut the Espionage Act charges against him.

But I also wonder whether the CIA refused to grant Bellovin access in this case (who, as I’ve noted, has been trusted by the government in other programmatic ways, including as the technical advisor to PCLOB) not because of any exculpatory evidence they were hiding, but because of inculpatory evidence.

Update: Yikes. The government submitted a scathing “correction” of Bellovin’s declaration.

The Bellovin Affidavit asserts that the log files from the ESXi server produced by the Government in discovery were “demonstrably damaged” as a “result of prior forensic examination.” However, on or about June 14, 2019, in response to the defense’s request, the Government produced unmodified copies in their original format of both log files and unallocated space from the ESXi server.

The Bellovin Affidavit also asserts that the Government only provided “heavily redacted” versions of the Confluence databases, and not “a full copy of the SQL file.” On or about November 5, 2019, the Government provided defense counsel and the defendant’s expert access to a standalone computer at the CCI Office containing, among other things, (1) complete, unredacted copies of the March 2 and 3, 2016 Confluence databases (i.e., a “full copy of the SQL file”) and all of the Confluence data points used by Michael Berger, one of the Government’s expert witnesses, to conduct his timing analysis; (2) complete, unredacted copies of the Stash repositories for the tools for which source code had been released by WikiLeaks; (3) complete, unredacted copies of all Stash documentation released by WikiLeaks; and (4) all commit logs for all projects released by WikiLeaks, redacting only usernames. The Government understands that Dr. Bellovin examined the standalone computer at the CCI Office in December 2019.

It also suggests that Bellovin’s assertion that the Confluence root password would give Michael access to the backups is wrong, but won’t explain why until Bellovin takes the stand.

Finally, the Government does not address Dr. Bellovin’s incorrect assertions regarding Michael’s access to the Altabackups in this letter. Should Dr. Bellovin testify, the Government will cross-examine him regarding, among others, those substantive matters (using information that has already been produced to the defense in discovery). The Government notes, however, that, to assert incorrectly that Michael had access to the Altabackups, Dr. Bellovin relies on information that has been available to him since well before trial, such as the screenshot taken by Michael on April 20, 2016, which was produced by the Government to the defense in December 2018, and data for the Confluence virtual machine, which was produced by the Government to the defense by July 2019, and not on any information disclosed by the Government regarding Michael’s administrative leave status during trial.

Schulte may be yanking Bellovin’s chain on this claim.

A Discussion of a Pardon for Assange Is Why Stone’s Threats against Credico Worked

/3 Comments/in , , /by

Given events of the last several days, I want to return to an exchange from Roger Stone trial. It came during Aaron Zelinksy’s questioning of Randy Credico. The exchange started with a discussion of a May 21, 2018 email exchange between Stone and Credico.

It started when Credico told Stone “you should have just been honest with the house intel committee… you opened yourself up to perjury charges like an idiot…”

Stone responded by threatening Margaret Kunstler.

You are so full of shit. You got nothing. Keep running your mouth and I’ll file a bar complaint against your friend Margaret.

Without any more context, Credico responded,

Go right ahead she’s no Assange lawyer never has been…

Several months earlier, Stone had threatened to expose that, in September 2016, Credico had forwarded a Stone request to find out of Assange had any emails relating to Libya and R.K. Paul to Kunstler.

But the questioning in the trial suggested this May 2018 threat related to something else. After getting Credico to read through the May 2018 email, Zelisnky immediately pivoted to something else: how Credico put Stone in touch with Kunstler in 2016 to discuss a pardon for Assange.

Q. What did you write to Mr. Stone on May 21st, 2018?

A. “Go right ahead. She’s not Assange’s lawyer.”

Q. I’m sorry. Below that. Let’s start at the first message, “You should have.” All the way at the bottom.

A. Where? Where am I? Here, “You should have.”

“You should have just been honest with the House Intel Committee. You’ve opened yourself up to perjury charges like an idiot. You have different versions. Maybe you need to get into rehab and get that memory straight.”

Q. What did Mr. Stone respond?

A. I don’t see it here.

Q. Just above that, do you see —

A. Oh, yes. “You are so full of S-H-I-T. You got nothing. Keep running your mouth and I’ll file a bar complaint against your friend Margaret.”

Q. And when he says “your friend Margaret,” who is he referring to?

A. Margaret Ratner Kunstler.

Q. Had you put Mr. Stone directly in touch with Ms. Kunstler after the election?

A. Yes, I did.

Q. And why had you done that?

A. Well, sometime after the election, he wanted me to contact Mrs. Kunstler. He called me up and said that he had spoken to Judge Napolitano about getting Julian Assange a pardon and needed to talk to Mrs. Kunstler about it. So I said, Okay. And I sat on it. And I told her–I told her–she didn’t act on it. And then, eventually, she did, and they had a conversation.

Q. And at this time period, in May of 2018, how did you feel about having put Ms. Kunstler directly in touch with Mr. Stone?

A. I was — I was ashamed of myself that I had done that. I should have never done that, you know. I don’t blame him; I blame me for doing that.

Q. For the remainder of 2018, did you continue to be concerned about Mr. Stone?

A. Remainder of 2018?

Q. Yes, sir.

A. Well, yes, I did.

Q. Why were you concerned about Mr. Stone?

A. Well, this is it, right here. This is the crux of it, is bringing Margaret into this, Mrs. Kunstler into it. That was the crux of it.

The suggestion — at least in the context of this particularly threat — is that it was the late 2016 contact, not the September 2016 one, that Credico primarily worried about.

For what it’s worth, this is not the only time Credico denied that Kunstler was Assange’s lawyer (even though he bragged about that colloquially during the election). During cross-examination from Robert Buschel, Credico dodged mightily, even claiming — in a statement that might put complaints about surveillance of Assange at the Ecuadorian embassy in a different light — that Assange has “about 1,000 lawyers.” Though ultimately Credico said that Kunstler represented Sarah Harrison, not Assange.

Q. Margaret Kunstler is one of WikiLeaks’s lawyers?

A. You’ll let — she’s going to have to describe her role as a — what her role is with WikiLeaks. You know, I don’t — he has — Julian Assange has about 1,000 lawyers. You know, Michael Ratner was one of his lawyers. Alan Dershowitz was one of his lawyers.

Q. Thank you.

A. There are a lot of lawyers. All right? But, that — you know, who’s a lawyer —

THE COURT: The question is, do you know —

THE WITNESS: I don’t consider —

THE COURT: — do you have personal —

THE WITNESS: — her to be his lawyer. I consider her to be — to know people, be part of a team.

BY MR. BUSCHEL: Q. That was —

A. Yes.

Q. — giving legal advice to WikiLeaks?

A. I don’t know if they gave to WikiLeaks or somebody else. I think it was somebody else, Sarah Harrison, maybe, but not — I don’t think she was giving legal advice.

That’s consistent with what Kunstler herself testified, though she also said that she “sometimes represented WikiLeaks.”

Q. Who have you represented who is connected to WikiLeaks?

A. I have represented Sarah Harrison. I still represent Sarah Harrison. She was — did work at WikiLeaks, but she no longer does.

Q. How long had you represented her?

A. For about four and a half years.

Q. How did Ms. Harrison become your client?

A. She became my client because the lawyers representing Mr. Assange decided that it would be helpful to have a second lawyer for Ms. Harrison, and I was asked to do that.

Q. Do you know who the founder of WikiLeaks is?

A. Yes.

Q. Who is it?

A. Julian Assange.

Q. Have you, as an attorney, ever represented Mr. Assange?

A. Only to the extent that I sometimes represented WikiLeaks, so it kind of overlaps. But technically, I don’t know.

Q. Have you ever spoken with Mr. Assange?

A. Yes.

Q. How often have you spoken with him?

A. I think about a total of under ten times.

Q. When is the last time that you have spoken with Mr. Assange, if you can remember?

A. Probably the end of 1918.

Q. I’m sorry, do you mean 2018?

A. Yes, I’m sorry, 2018.

So something about what happened in late 2016 served as a point of leverage over Credico.

As I have noted, Stone used Credico’s shared support for a pardon for Assange as leverage through early January 2018, by which point Stone’s buddy’s government had charged Assange as part of a bid to stave off an Ecuadorian-Russian exfiltration attempt.

Right in the middle of Credico’s claims about what WikiLeaks was up to in early October 2016, for example, on October 3, he pushed Stone to get Trump to back asylum for Assange.

Then there are the exchanges on the topic that MoJo reported on a year ago from early January 2018.

In the wake of Stone’s successful effort to get Credico to plead the Fifth, the President’s rat-fucker suggested that if Credico publicly revealed that he couldn’t be Stone’s back channel, it might screw up efforts he claimed he was making to get Assange a pardon.

They resumed the discussion about a pardon several days later, when Stone sent Credico Jerome Corsi’s story on Ecuador’s grant of a diplomatic passport to Assange.

Remarkably, given what has transpired since, Credico informed Stone that the British government was not honoring the diplomatic passport, observed that “Infowars ” — which in this case would be Corsi — “doesn’t know what they’re talking about,” then taunted, ‘Maybe your back Channel knows more than I do.”

The current operative story, of course, is that Corsi was the backchannel, though Credico wouldn’t have known that at the time.

It’s certainly possible that Stone was blowing smoke, raising something he knew Credico cared deeply about, pardoning Assange, to get him to toe the line. It’s likely, too, he was just taking reporting on efforts made in late 2017 to liberate Assange and claiming credit for it.

But at the very least, it shows that Stone used a pardon for Assange — something Credico still spends a lot of time pushing — as leverage to try to get Credico to sustain his cover story. It doesn’t explain why that point of leverage was so effective, though.

What Happens After You’re Cancelled

/59 Comments/in /by

This is a highly personal account of what happens after a social media crowd destroys a life. It includes talk of mental illness, severe pain, trauma, and suicide. Stop now if that’s not for you. Also, it’s long. 

I was folding laundry with my partner one day when I looked up at him and said, “Do you think they’d be happy if I did kill myself?”

He looked at me, and took a long breath, and said, “No.”

“You’re right,” I said, “I know it. Nothing makes them happy.”

Taylor Lorenz, a staff writer at the New York Times told The Stranger: “In internet culture, being canceled is only good for your career. It usually results in going viral, which is default good in today’s broken world.”

I suppose it seems this way because you only see the people who survived it, who stayed in the public mind or their jobs. The rest of us, we cease, unpersoned and exiled. We are not in the observational data set, we are never spoken of when people talk about this mode of human life. To this day, as many articles as the New York Times has published about the phenomenon, never once has anyone mentioned my name.

The second time it happened, the bad time everyone remembers, I got a call in a movie theater. That was where I was when the internet wrecked my career, watching Black Panther, and my body still goes cold when I remember it. Katie Kingsbury called me, just before Killmonger died, just before he said “Bury me in the ocean with my ancestors who jumped from the ships, because they knew death was better than bondage” – I missed that part. As I was walking out, she asked me if I’d tweeted something, and I was confused by it. I said, “That doesn’t sound like me.” It turned out it wasn’t my tweet, it was a nine-year-old retweet of John Perry Barlow, an angry clap back at racists shortly after the first Obama election, and it contained the N word.

In the next hours, people would dig up tweets and display them out of context to paint me as an unrepentant racist and homophobe. I never had a chance, before I got home from the theater I was fired from my new job. The Times never asked me to explain the tweets. By the time the King of Wakanda was landing in Oakland, my life as I had know it was gone.

The only tweet anyone at the Times asked me about (after that initial call) was one where I was angry tweeting criticism of the Times’ coverage of the Michael Brown shooting. It was a tweet saying that I’d make a lot more money as a racist at the New York Time than I was making then, right after they’d published their “Michael Brown was no angel” article. I didn’t stop with the tweet. I wrote a satirical piece making fun of how the Times and other outlets covered Brown’s death and other police shootings, about how no one could be good enough to make the conventional media question the police, called Man Killed by Local Police in the Province of Judea.

I’ve spent a lot of my career weaving in elements of satirical bait-and-switch into my commentary and articles, and plenty of the bait without the switch was on display that day. I realized I couldn’t counter it, not all of it, and really not even a bit of it. No one was listening.

Online crowd stomping someone is like a sealioning of mythic proportions, where the crowd tempts you to think if you could just explain it would be OK, but it’s not true, it’s a lie that fucks with your head, a crowd screaming why are you hitting yourself while also telling you to kill yourself.

It’s not that the crowd used my weaknesses against me, it’s that they used my strengths. My pacifism, my work with weird and marginalized communities, my love of flawed people, my humor, my long thoughts and hopes about complicated moral topics, these were all used to reduce me to nazi sympathizer, a homophobe, a white supremacist.

So many of the things people brought up and threw at me weren’t my mistakes at all, but things I’m proud of, like trying to argue an anon out of making rape jokes at a feminist on Twitter.

And then my colleagues in American journalism did me dirty. They ran with the crowd, releasing fast articles without any more context than Twitter and Facebook, without talking to me or trying to understand what was happening. Not all, but most. Enough that I knew I wouldn’t get work again, that anyone who googled me would not speak to me again. And yes, they’ll complain I didn’t get back to them. But I was nine hours ahead of the west coast and overwhelmed. I had just been fired, I was preparing for spinal surgery, and I needed to sleep.Or at least, I needed to try to sleep.

The New York Times apologized for hiring me, but it would be years before anyone would apologize to me. It would be even more time before I found my anger. But it helped when I did.

You don’t know me, you assholes. You don’t even think that matters. All that matters is the last thing you saw, and feeling like you’re better than other people. You’re like the amnesiac goldfish of self-righteous hatred.  

But then, I also know why they did it, I spent years studying and trying to understand exactly the forces that wrecked me that day. I had written about them, had spoken to the situations in which they arise, had suggested ways of making the internet better. Education, mostly, and creating the cultures you want to see on the net through active moderation, among other things. Maybe someday I’ll be able to write about it again.

That February 2018,  I was in a level of pain hard to fit into words. I was struggling to type, I’d all but lost the use of my left hand and my right was starting to fail too. I had written about the pain the five months before,  but it hadn’t improved since then. That’s what the spinal surgery I was preparing for was supposed to fix. This was the final cut on top many years of agony, physical and emotional. I explained everything as best I could in those days following my firing. I wrote about my philosophy, I wrote about what the Times and the crowd had done to me, the how and the why. Often I wrote by dictating notes into my phone, because typing was so painful and difficult. I hoped someone in journalism would retract their claims about me, but no one did. Regular people did, they still do. Sometimes out of nowhere someone on Twitter will say, I was in the mob, and I’m sorry. Not every article was a hit piece, but mostly they were, and none, not a single one that I could find, ever criticized my writing as racist or homophobic. Just me, on social media, in snippets no one wanted to understand.

Publications I was talking to replied that obviously they couldn’t work with me now. People who knew me apologized quietly, but with a few exceptions, they just felt like if they stood up for me they’d be destroyed by the mob too.

Friends, horrified by what happened to me, retreated from the internet. I found myself comforting them. I’d say the internet was not all bad, it was mostly wonderful, and that I would be OK. The first was true, the second, I still don’t know.

When the chips were down I found out I was mostly alone. It wasn’t the first time I felt that. It wasn’t the first time a crowd came for me, nearly drove me to the point of self-harm.

I’d felt it five years earlier, when the media and public went looking for a bad guy to blame for Aaron’s suicide. There were bad guys, MIT and the prosecution, US Attorneys  Stephen Heymann and Carmin Ortiz, but they were safe behind the walls of institutional power. The crowd came for me for the same  reason Heymann did: because I was powerless and easy to exploit and they wanted blood.

I was at my girlfriend’s flat in London the morning Aaron died. I woke up and opened my laptop to see mails and messages from everyone saying to call them, and that it was about Aaron. I said something like “No, no, what did you do, you didn’t do it no no no” and, of all things, pulled up Wikipedia. There, on the page, was Aaron’s end date. As I recall it, I just rocked and cried and said “no no no you didn’t do it” until I had to explain it to my girlfriend. She fed me and looked after me while I booked my way back to New York and then Chicago for the funeral. I went to a conference and did a presentation on Anonymous. Everyone told me I didn’t have to, including the organizers, but I wanted the distraction. I wanted to go through the motions of a normal life I already knew was never going to be normal again.

I met a filmmaker friend of mine at the conference. He hadn’t known Aaron, but now he was surrounded by people who had, and he wanted to understand more. He did a few interviews with me and other people, and said he thought this might be a short film. I looked him in the eye and said, “this is a feature length film.” He was thoughtful and silent. Later, with the camera rolling, he asked me why so many people cared so much about Aaron, and I said, “He was the internet’s own boy, and the old world killed him.”

That film, Internet’s Own Boy, would be shortlisted for the Oscars.

What I didn’t tell Brian that day was the complicated role I played in Aaron’s prosecution, or the complicated roles we played in each other’s lives. That would come out later, in the movie, and in articles, including my own. I would bring most of it out, but already under attacks from people who wanted someone to suffer for what had happened to Aaron. I’d been on and off in a romantic relationship with Aaron for years, and we had both struggled with depression in that time, even before he was arrested while riding my bike in Cambridge.

We’d gone through his arrest and investigation together. I was so angry at him, though you must understand, not for downloading journal articles. I was angry he hadn’t told me what he was doing. When I was being questioned by the Secret Service they couldn’t believe that I didn’t know, because we were so close. I wanted to pound on the table and explain that if I’d known they would never have. There wouldn’t be a laptop in Evidence, purchased with my credit card, there’d be a smoking crater where the JSTOR server used to be and not a shred of evidence that lead anywhere. Aaron wasn’t that kind of hacker. I, on the other hand, had done plenty of things no one ever caught me for.

My lawyers, who were terrible and sold me down the river, had advised me not to say that to the prosecution. They were probably right about that at least.

Aaron was so angry at me for meeting with them on my lawyers’ advice. He was right, but I didn’t know that. He was angry at me for betraying him, but not the way everyone thinks. I was the only one he told when he was suicidal, which was often during the investigation. One day I blurted it out to his lawyer on a speakerphone call. “Aaron is suicidal,” I told him, but he didn’t respond and Aaron hung up and yelled me that his lawyer wouldn’t care and it didn’t matter. I wouldn’t know that his lawyer had tried to act on that information until after Aaron died.

My life with Aaron started at the same time that my spinal problems started, and started with the loss of control of my hands and daily migraines. Just as my marriage collapsed, my body also started to collpase. In 2008 when the first MRI came back, the specialists explained that I could maybe control symptoms with physical therapy, Botox injections, and cortisone injected into my spinal neck, but that very little could be done for me, and when I had surgery, I’d lose mobility. That I would suffer a decline and my body would fail and that it would be terribly painful. “Maybe,” I was told. “Someone will invent a prosthetic.”

Ten years later, thousands of miles away in a country with more mercy for the ill, I was fired from my job, and waiting for that prosthetic to be inserted into three sections of my cervical spine, all while the crowd was trying to move into my mind.

Recovery was not easy. I had to cross Paris on the metro and take a train home, and it was a shockingly painful experience, even for someone as familiar with pain as I was. For the next weeks, I would patiently get up and reach up on the walls to feel them and push myself along. I’d shuffle my way along the edges of my room, trying to balance, trying to move. I didn’t have adequate pain medication, complained, and then I had too much. I became physically dependent on Fentanyl, and then wrote about the withdrawal.

I handed my Twitter account over to a group of friends for my recovery period, and they tweeted the details of my post-operative condition. “Every time I lose a follower, an angel gets its wings,” I joked with them. I was already retreating from the world, as I had when strangers had spent their time telling me I’d killed my beloved.

The weeks passed. I talked to a few publications, but no one  wanted to be seen with me. I felt like an unperson. My throat would tighten until it felt like I would choke, just sitting there. I was fighting to get my body back, and fighting the memories of being a pariah for all of my childhood. It had all welled up and poured over my psyche after the Times, along with the inadequacy I felt at not being able to save Aaron. I was barely keeping my grip on reality. I still had support on Patreon, which was both shocking and intimidating. I felt like I couldn’t produce, I felt broken down completely, and unsure how to rebuild myself, physically, mentally, or emotionally.

And then, a ray of hope. Out of the blue, a publication I dearly love offered me a column. It sounded like it would be coming home, and I said yes. They told me whom I would talk to next in the process to brought on board, and then there were no more mails. They ghosted me. I wrote and wrote asking for the next steps, and they simply never wrote back. I never learned why.

Some little thing in me snapped after that. It was too much. I fought back thoughts of suicide on a daily basis. I talked them through with friends and my partner, and defanged them, but always temporarily.

I was fighting my worst depression in years, and I was using everything I knew to fight it. I was exercising and doing mental work and trying to manage my sleep, but my PTSD was also out of control. I was dreaming every night of fights with Aaron, Occupy camp evictions, seeing my dead father’s body, being visited by all the people who had died, and sometimes just straight up monsters chasing and killing my people, both alive and dead. It had progressed to hallucinations that lasted up to a few minutes after I’d wake up. I’d bat at the air, fighting demons my mind dreamt of, until I realized what was happening, and stopped. I apologized when I woke up my partner.

When I’d dealt with every self-harming thought as well as I could cognitively, they retreated into urges, a feeling like my body would just act on its own, however I might fight it. I became scared to walk across bridges. I tried to not be alone too much. I hated feeling like a burden, I hated feeling like I couldn’t do or be anything helpful or productive for the world, but I had hung on, until the day came when I couldn’t.

I didn’t trust myself anymore. I walked over to the bus stop, and caught the last bus of the night that would take me to the Emergency Room. When they asked me why I had come, I said I was afraid I was going to hurt myself.

They asked me to sit down and before long had a staff psychiatrist talk to me. He spoke some English, but not well. He asked what had happened, and why I was feeling so bad, and I started to tell him about Twitter and the New York Times. I stopped, realizing that he didn’t understand much about this crazy story and I was going to get the wrong diagnosis if I wasn’t careful. I called my partner, and put him on the phone to explain in French.

I watched the psychiatrist. He was an older man with a trace of corrected cleft palate. This comforted me in ways hard to explain. He’d known pain, and flaws, and problems with society. He couldn’t really understand me or my world, but I knew he could understand the pain of being different, of people being thoughtless. He nodded with the phone to his ear and ask questions, and eventually handed my phone back to me. He suggested I take a bed in the hospital for the night.

My trust was not misplaced. Over the next few days we never had much of a real conversation, but he listened and tried to help.

I was admitted to the psych ward that night. It was not a great experience for me, but it was safe. And more than anything I felt like I’d pulled the emergency cord on my life. I’d stopped the whole train, just to say, I need help, I need something to change. I’m not going to survive this without help. I spent two days there, stabilizing and trying to figure out a long terms plan for care. It didn’t work out. Luxembourg, which had so wonderfully cared for me when it came to my spine, has next to nothing in terms of mental health care options. The only care they would pay for outside of the country was inpatient. A former NHS psychologist who had recently moved to Luxembourg was found to talked to me a few hours while I was in the ward, but there was no option to see her later.

Still, the few hours did help.

I went home two days later, in the strange and liminal mood that comes after you’ve done something that changes everything. Everything was a different color. I wasn’t better, but I had nothing on my to do list but survive.

I went back to America, where I knew I could see providers, but for a lot of money. I passed the hat — and old school gofundme — to pay for a couple months of therapy and a visit with a creative, young, and damn expensive psychiatrist. I walked into his office with a twenty-year history of drugs which either had unlivable side effects or hadn’t worked on my depression and PTSD. He took it, read through it, and said “You’ve taken all the drugs.”

I talked about the night terrors, which I never had before. He prescribed me a hypertension drug, which somehow someone realized controls PTSD related night terrors in overly high doses. I had to ramp up over six weeks, but I did. The night terrors aren’t completely gone, but they’re much reduced, and the hallucinations have almost disappeared. It was the second time a drug had actually helped me mentally, the first being taking Trazodone to help me with lifelong insomnia.

But controlling the wider PTSD and depression symptoms wasn’t working. I sought out more group therapy as well as one-on-one, and started a short term treatment with ketamine in hopes that it would control my depression. I tried everything I could at the beginning of 2019.

It didn’t work. It wasn’t a total failure, my sleeping was better, but I was still struggling to live. I felt like I gave it all I could.

When I came back home everything was quiet, around me, and in my head. I felt allowed to do anything I wanted to get better, what was left? Who could say anything to me? I figured if I wanted to run off to a forest and drop acid to get better, so be it, I was going to do whatever I wanted. I had tried everything. I read the studies, saw so many clinicians, read books, tried apps, even taught myself a fair bit of neurology. I was allowed whatever I wanted at this point. I was allowed to call myself treatment resistant.

I didn’t run off to the forest and drop acid, that was mostly theoretical, I don’t even know how to buy acid. But I felt better thinking I could if I wanted to.

I started a new drug prescribed to me by a pschiatrist, new enough that it had to be brought in from France and wasn’t cover by my national insurance. Maybe it helped, I don’t know. It gave me migraines again, which we tried to control through more Botox and other drugs including heavy duty NSAIDs and triptans.

I let the days go by, mostly. I cooked and helped people where I could, I wrote when I was able. I felt time slipping away with panic again, just as I had when my hands stopped worked and every day was full of physical pain. There were ups and downs, but for a while, it seemed to be getting better. My doctor thought it was the new drug, I was not so sure. Trying to understand this stuff makes the three body problem look like child’s play. Controlling one variable is a fun game researchers play, while clinicians laugh at their theories. In the real world, you still have to throw things at the wall, and hope.

I started declining again. I stopped writing, and hated myself for it. I began reaching for anything — exercising, meditation, but everything just got worse. I went back on sleep medication, and upped my antidepressant, figuring I’ll just live with the migraines. I went looking for more ideas, more research, more anecdotes. The familiar gift of desperation was back, accompanied by the fireworks that heralded 2020.

I am out here on the peculiar edge of human experience: the hate of the crowd, in a peculiar era where the crowd can kill you and you still find yourself untouched, alive, and ill-equipped for this life.

Looking for ideas in one thing after another, I found research about holocaust survivors who, having told their story, started doing better. Their physical and mental health improved after they stopped holding in the stories of what happened and how awful it was. I looked at my blown deadlines, and my loving partner, my hesitant career, and all these secrets I was keeping about how much it hurt to get hated and driven out of my career, and I thought, well, what the hell do I have to lose? So here I am, saying what it’s like to try to rebuild a life after a cancelling, and so far, largely failing.

I’ve been harassed on the internet most of my life, but it has tried to kill me twice, a kind of civic death absent stockades or end dates. It nearly succeeded both times. Some days I’m still shocked by the absurdity of still being alive.

The first piece I was going to write for the Times was about how human proclivities and network math work together to sort us into strange crowds, and how hard they can be to escape from. It’s still here, on this hard drive, almost finished for years. I look at it occasionally, but I can’t find the strength in my fingers and mind to tie up its loose ends. I am one of those loose ends now. Every day is hard.

Thanks to my Patrons on Patreon, who amazingly keep trying with me,

even though I struggle and complain so much.

CIA Put Joshua Schulte’s Buddy on Administrative Leave Last August

/14 Comments/in , , /by

Update, 2/21/20: This post has been updated reflecting the DOJ response to Schulte’s bid for a mistrial based on this dispute. The response makes quite clear that the administrative leave pertains only to concerns about Michael’s candor regarding Schulte’s behavior.

Neither the Government nor the CIA believes anyone else was involved, and the defendant’s claims otherwise are based on a distorted reading of the CIA memorandum placing Michael on administrative leave (the “CIA Memorandum”). The CIA Memorandum explicitly states that Michael was placed on leave because of concerns he was not providing information about the defendant (not that he is a suspect in the theft); the Government has confirmed with the author of that memorandum that the memorandum was not intended to suggest that it was Michael rather than the defendant who stole the Vault 7 Information; and, in any event, the defendant has had all of the relevant information underlying the CIA Memorandum for months in advance of trial.

There was some drama at the end of last week’s testimony in the trial of accused Vault 7 leaker, Joshua Schulte. Schulte’s lawyers forced the government to admit that Schulte’s buddy, testifying under the name, “Michael,” is on paid leave from the CIA for lack of candor.

It turns out “Michael” got put on paid leave in August 2019, shortly after his seventh interview as part of the investigation (his interview dates, based DOJ’s response off Shroff’s cross-examination, were March 16, 2017, June 1, 2017, June 2, 2017, June 6, 2017, August 30, 2017, March 8, 2018, August 16, 2019, and January 13, 2020).

While prosecutors provided Schulte the underlying interview reports (the last one wasn’t even a 302 because prosecutors led the interview, with just one FBI agent present, possibly as part of pre-trial prep), they withheld documents explaining the personnel change until providing part of the documentation the night before Michael’s testimony starting on February 12. Technically, that late notice probably complied with Jencks, but once Judge Paul Crotty realized what documentation had been shared with whom, he granted the defense request for a continuance of Michael’s testimony so they could better understand the implications. Withholding the information was a dickish move on the part of the prosecutors.

The question is, why prosecutors did this, why they withheld information that might be deemed key to a fair trial.

I don’t think defense counsel Sabrina Shroff’s seeming take — that the government tried to hide Michael’s personnel status to hide that they were (purportedly) coercing him to get his story “to morph a little,” to testify in the way he had on threat of false statements charges and certain firing from the CIA — makes sense. That’s because, on the two key issues he testified about, Michael testified in roughly the same way in court as he did in FBI interviews in the wake of the Vault 7 disclosure.

On the stand under direct examination, Michael explained how he told his and Schulte’s colleague, Jeremy Weber, to take away Schulte’s access because he feared Schulte would respond to losing access to his own projects by restoring that access, which would lead to significant trouble.

Q. Did you ever speak with Mr. Weber about the defendant’s anger?

A. Yes.

Q. What did you talk about?

A. We didn’t talk about his anger per se. But, I told Jeremy that he should remove all of Josh’s admin accesses.

Q. Why did you ask Mr. Weber to do that?

A. I felt like Jeremy was kind of, like, setting him up. I knew that Josh was mad at Jeremy, and that he was putting him in a position where Josh had the ability or the access to change permissions on the project in question. And that he would do that because he didn’t respect Jeremy’s authority.

As Shroff elicited on cross-examination, Michael told the FBI something very similar on August 30, 2017.

Q. And it is in this meeting, if you remember, that you told the FBI that, in your opinion, Mr. Weber was setting Mr. Schulte up. Do you remember that?

A. I remember feeling that way.

Q. Okay. By that you mean that you thought Mr. Weber was setting Mr. Schulte up to fail at his job at the CIA, right?

A. I thought he was — baiting him into using his accesses, for a lack of a better word.

[snip]

A. Yeah, I thought he was setting — he was creating circumstances where he knew that Josh had access to change permissions on the server, Josh was an admin. He was telling Josh you cannot do this. But Josh technically could do that, right, he had the technical capability to do that. So, Josh was going to do that.

Q. Okay. You told Mr. Weber your concern?

A. Yes.

Q. And Mr. Weber said butt out, correct?

A. Yes, in summary. Mr. Weber said butt out.

Likewise, last week the government got Michael to explain how, on April 20, 2016 (the day the government alleges Schulte stole the Vault 7 files) Schulte first invited Michael to work out at the gym as they normally would, but then didn’t respond for an hour, at which point Michael witnessed — and took a screen cap of — Schulte deleting log files, which means Schulte’s buddy documented in real time as his buddy stole the files.

Q. It is a little difficult, so let’s blow up the left side of the screen. Do you recognize what we’re looking at?

A. Yes.

Q. How do you recognize it?

A. It is a screenshot I took.

Q. What is it a screenshot of?

A. It a screenshot of, in the bottom you can see a VM being reverted and then a snapshot removed.

Q. It is a screenshot of a computer screen?

A. Yes, of my computer screen.

Q. What date and time did you take this screenshot?

A. The date was April 20, and time was 6:56 p.m.

Q. What year was that?

A. 2016.

Michael explained his past testimony to the FBI to Shroff using much the same story (though she used a different screen cap that may be of import).

Q. Uh-huh.

A. I believe I was trying to dig into what the screenshot meant. I was unsure. You know, I took the screenshot because I was concerned, and then I tried to validate those concerns by determining did a person do these reverts, or was this a system action? This is me trying to dig into that. I have debug view open to see if there was any debug messages about reverting the VMs or something. That could have been there already. I don’t know. But specifically this command prompt here that you see, this black-and-white text, the command prompt, I was looking at IP addresses.

Q. And did you do that on the same day, or you did this later?

[snip]

Q. And you don’t see anything before the start time of 6:55?

A. Yeah. I don’t see anything before 6:55 — or I see 6:51.

Q. Right, but you’re saying that even though your vSphere was running, you didn’t see any April 16 snapshot?

A. Yeah. I don’t see an April 16 snapshot.

On redirect prosecutors will have Michael make it clear that the reason he didn’t see an April 16 snapshot is because it had been deleted, making this a damning admission, not a helpful one.

So knowing that the CIA has concerns that Michael isn’t telling the truth about all this doesn’t help Shroff rebut the most damning details of Michael’s testimony: that one of Schulte’s closest friends at CIA tried to intervene to prevent Schulte from doing something stupid before it happened, and the same friend happened to get online and capture proof of it happening in real time.

Nor does it help her rebut another damning detail from Michael’s testimony, a description of how a rubber band fight between him and Schulte led to Michael hitting Schulte physically.

Q. Could you just describe generally what happened.

A. Sure. On that day, Josh hit me with a rubber band, I hit him back with a rubber band. This went back and forth until late at night. I hit him with a rubber band and then ran away before he could hit me back. He trashed my desk. I trashed his desk. And then I was backed up against Jeremy’s desk and Josh was looking at me, kind of coming towards me. And something came over me and I just hit him.

This might seem, if you’re the NYT trying to cull the trial record for glimpses of the banality of CIA cubicle life, like an innocuous detail. But it’s not. Schulte’s defense, such as he has offered one so far, is that he had a real gripe with a colleague, Amol, which escalated into both being moved, him losing his SysAdmin access, which led to his retaliation against the CIA. But what Amol did was take Schulte’s Nerf darts away when they landed on his desk and make verbal — but never physical — attacks against Schulte. Yet Schulte obtained a restraining order against Amol, not against Michael, the guy who really had physically hit him. This rubber band fight with Michael, as juvenile as it seems, actually undermines Schulte’s claim that his complaint against Amol made sense.

Meanwhile, Shroff herself seems to have brought out the detail that led to CIA’s personnel action (and which Judge Crotty argued prosecutors had withheld by not sharing the full CIA notice). On direct, Michael told prosecutor Sidhardha Kamaraju that he stopped digging to find out what had happened because he remembered that he was using a regular user account that — he couldn’t remember — might not have the right permissions to view logs.

Q. Did that seem strange to you that there were no log files there?

A. Yes. At first this was strange to me.

Q. Why did you think it was strange at first?

A. Just because, a system managing this many VMs should have lots of logs.

Q. Did you try to find out why there weren’t any log files there?

A. I did some more digging, yes.

Q. What did you think as a result of your digging?

A. I remembered that this account that I was using was a regular user account, and I couldn’t remember if the regular user accounts had administrative permissions to view logs.

But as Shroff had him explain on cross, Michael told the FBI that Schulte had given him “pseudo creds” to one of his virtual machines. He told them that almost three months before the FBI first asked him about the screen cap showing Schulte delete logs.

Q. No, it’s not correct? What is it then?

A. This is a VM that he would have run on his DevLAN machine.

Q. So it is a virtual machine that he ran on his own DevLAN, correct?

A. Yes.

Q. Okay. So it says “Josh.” Correct?

A. Yes.

Q. Then it says “Michael,” correct?

A. Yes.

Q. And then it says “other,” correct?

A. Yes.

Q. And they asked you about this document, correct?

A. Yes.

Q. And you told them, did you not, that Josh had given you what you turned as a phrase “pseudo creds,” correct?

A. I don’t remember specific wording but, yes. I believe he gave me pseudo accesses to this VM.

[snip]

Q. And then you told them that you probably had root access to the machine to do with it what you wanted, correct?

A. Yes. If I had pseudo creds, then that’s true.

Q. They asked you if you were surprised to find out that you shared a VM with Josh, and you said no, correct?

This is a reference to “sudo” credentials, which is root access. The government response makes it clear that Michael had administrative access, using the “root” password, to the ESXi server, but did not have admin access to the Atlassian suite, which is what Schulte alleged used to steal the documents.

Michael’s “system administrator” privileges were well-documented in the reports of the FBI interviews. Indeed, Michael’s “system administrator privileges” were discussed in at least three different interviews, one of Michael and the other two of Mr. Weber:

  • In a March 22, 2017 interview, Weber stated that “Michael, [the defendant], [Weber], and [Matt] had administrative access to the ESXi server …. A root password was required to directly log into the ESXi server and this password was shared on OSB’s Confluence page that all of OSB had access to.” CLASSIFIED JAS _ 001318 – 001320 ( emphasis added).
  • In a May 26, 2017 interview, Weber stated that he “believed that [Matt] and [Michael] were possibly added as [ESXi] administrators later.” CLASSIFIED JAS 010153 – 010159.
  • In a March 8, 2018 interview, Michael explained the relevant distinction in administrative privileges: “There is a difference between being considered an Atlassian administrator and having the root password for the ESXi server. The root password for the ESXi server was likely needed to create and control VMs, which are frequently used by developers for testing. [Michael] believed he used the ESXi root password to create VMs. The status of being an Atlassian administrator is reflected in the user’s domain credentials. [Michael] is not aware of how to get access to Atlassian as an administrator.” CLASSIFIED JAS _ O I 0514 ( emphasis added).

These reports make clear that Michael never had Atlassian administrator privileges, and thus did not have the ability to access or copy the Altabackups (from which the Vault 7 Information was stolen).

Still, that part of his testimony hasn’t changed. And CIA would have known about all this by August 2017, two years before they put Michael on administrative leave.

And curiously, having had this information for quite some time, Schulte never tried to suggest that Michael could have conducted the theft while using Schulte’s credentials.

Thus far, it looks like the CIA moved Michael to administrative leave not to change his pre-August 2019 testimony — because that hasn’t changed — but out of concern that Michael learned about Schulte’s actions in real time but didn’t tell anyone, not in 2016 when the CIA could have done something about it, nor immediately after the Vault 7 publication. It wasn’t until the FBI discovered the screen cap and asked Michael about it in August 2017 that he told this story.

Q. Is it fair to say, sir, by the time the FBI showed it to you, you had forgotten about the screenshot?

A. Yes.

Q. You had taken it on April 20, 2016, right?

A. Yes.

Michael similarly did not offer up to the FBI that Schulte contacted him after the first Vault 7 publication (presumably in March) until it came up in June 2017.

Q. It was during this meeting that you told them about Mr. Schulte reaching out to you after the leaks had become public; correct? Do you remember that?

A. I remember telling them about him reaching out to me. I don’t remember if it was this specific meeting.

Q. Okay. Take a look at the highlighted portion on page one, okay?

A. Okay.

Q. You told the FBI, did you not, that Mr. Schulte had sounded upset to you that people thought it was he who had done the leaks, correct?

A. Yes. I believe the word was he seemed concerned.

Q. Right. You would be concerned too if somebody accused you of something you didn’t do, correct?

A. Yes.

Q. And you also told them that you essentially blew him off, correct? You didn’t want to engage and talk to him, correct?

A. Yes, I ignored the initial text messages. And then in the phone call, I didn’t want to talk about that subject.

Q. Okay. And at first you didn’t report the fact that Mr. Schulte contacted you, correct?

A. Correct.

Q. And then somehow or the other, the deputy chief of EDG said if somebody’s contacted you, report it. And then you reported it, correct?

A. Correct.

The most likely explanation for CIA’s change in Michael’s personnel status, then (but not the timing), is that Michael did not alert security when he had the opportunity, and then when he discovered that his buddy was the lead suspect for a huge theft of CIA tools, he tried to downplay his knowledge, perhaps hoping to avoid suspicion himself (which, if true, backfired). As Michael said himself in one of his FBI interviews, it sucks when you’re the single guy the prime suspect for a crime has given credentials to his VM, by name.

Q. And then you kind of added that it kind of sucked that your name was on this VM, correct?

A. I don’t remember that.

Q. Take a look at the first paragraph, page two of eight. It sucks. I don’t mean to be rude, but that’s the word it says, “suck,” right?

A. Yes.

Q. That your name was on the virtual machine, correct?

A. Correct.

Q. And that you understood from the FBI that that put you under the microscope, correct?

A. Correct.

So, again, the most likely implication of all this is just that the CIA believes Michael had information about a data breach in real time that he offered unconvincing (and, possibly, technically false) explanations for why he didn’t alert anyone.

But, particularly given the delay in putting him on administrative leave, I wonder whether there’s not something more.

DOJ and CIA clearly suspect Michael is being less than forthcoming about what he witnessed in real time. That doesn’t undermine his value as a witness to having taken the screen shot, but it does raise questions about his trustworthiness to retain clearance at CIA. It does undermine his claims to the FBI, which Shroff portrayed as largely unique among CIA witnesses, that Schulte wasn’t the culprit (which he hasn’t yet explained in the presence of the jury).

That may, however, raise questions about his candor on other answers asked by the FBI, answers that may speak to how Schulte came to steal CIA’s hacking tools in the first place or even whether Michael knew more about it than he knows.

For example, the FBI asked Michael repeatedly about Schulte’s League of Legends habit.

Q. He played a lot of League of Legends or something?

A. Yes.

Q. Some kind of game?

A. Yes, it’s a video game.

Q. A lot of men, people play it; is that right?

A. It has a large user base.

Q. It is some kind of online game where you pretend to have avatars and kill each other online or something like that? Is that right, basically?

A. Yes.

Q. And you played that game, did you not, with Mr. Schulte? A. Yes.

In recent years the government has come to regard gaming communications systems as a means to communicate covertly (which Schulte would have known because his hacking tools targeted terrorists).

They also asked Michael whether Schulte was a “vigilante hacker” by night, and about his Tor usage (which, according to Michael, Schulte didn’t hide).

Q. You remember the FBI asking you if Mr. Schulte was a vigilante hacker by night? Do you remember that phrase they used?

A. I think I do actually, yes.

Q. You told them, no, you didn’t know him to be a vigilante hacker at night?

A. Correct.

Q. You in fact did not know him to be a vigilante hacker at night.

A. Correct. I did not know him to be a vigilante hacker.

This question is particularly relevant given Schulte’s claim, in communicating with a journalist from jail, that he had been involved with Anonymous.

The FBI asked Michael how he came to buy two hard drives for Schulte from Amazon, the same place Schulte bought a SATA adapter they think he used in the theft.

A. I only ever bought him hard drives this one time. But the reason, like, I wouldn’t normally just buy him hard drives, I would have told him to buy it himself. But the reason was there was some deal going on, and so he’s like, if I buy it and then you buy it, we all get the deal and I’ll just pay you back.

Q. Right. It’s normal, right?

A. Yeah.

Q. Yeah. Amazon had a cap on the sale, like everyone could only get two, and he wanted four or something like that?

A. Yes, it was something along those lines.

Of the hard drives the FBI seized from Schulte’s home in March 2017 (PDF 116), the ones he owned the most copies of — the 1TB Western Digital drives — are the ones they suspect were used in the theft because they were overwritten.

The FBI asked about a time when Michael worked over a weekend, when Schulte also happened to be working. Michael first explained he had been working on his performance review, but when he subsequently checked his records, discovered that couldn’t be right. Even though he recognized how unusual it was for him to be working the same weekend as Schulte without knowing Schulte was there, he concluded (like he had about the deleted log files) that it was normal.

Q. They asked you about that weekend because Mr. Schulte also happened to be working that weekend?

A. They mentioned that, yes.

Q. Did you think it was odd that Mr. Schulte was working that weekend or did the FBI think it was odd that Mr. Schulte was working that weekend or both?

A. At first I thought it was odd.

Q. Okay.

A. Just because —

Q. Go ahead.

A. Just because, you know, although it was normal to come in on the weekend, it was less common — rare, I would say, to come in on the weekend. One of us probably would have told each other, you know, we were going to come in on the weekend. But then I looked at my situation, I was like, well, I didn’t tell him I was coming in, so I guess this is normal.

The government may still be trying to figure out precisely when Schulte removed the files on hard drives from CIA — they also asked Michael about that repeatedly — which is why these questions are so important. Among the reasons CIA put him on leave, per the government response, is that he and Schulte left together that night; if Schulte had carried out hard drives that night Michael may have seen them.

The FBI asked about Michael’s role — apparently unplanned — in helping Schulte move to New York.

Q. Then they talked to you about your involvement in helping him move from Virginia to New York, correct?

A. Yes.

Q. They asked you a whole series of questions as to how you came about to help him move, correct?

A. Yes.

Q. And they asked you why you helped him move, correct?

A. I don’t remember specific questions, but I do remember questions about helping him move.

Q. And you explained to them that it was like a coincidence, right? You’d already planned a trip with another friend, he was moving at the same time, he needed help loading up luggage and moving stuff, correct?

A. Yes.

Q. It was not preplanned, right? It just happened, right?

A. Yeah.

Q. You told them that you had already planned to do this with another friend, right?

A. Yes.

Q. And then they asked you about that friend, correct? They asked you what the name of the friend was, correct?

A. Yes.

Q. Then they asked you for your friend’s number, correct?

A. I don’t remember specifically what information they asked for.

The FBI also asked Michael about the stuff he left with him when he moved to New York, which Michael explained was just furniture, though a lot of it.

Q. We’ll come back to that if we need to. Let’s move to the next point. They then asked you if Mr. Schulte had left any stuff with you, correct?

A. Yes.

Q. You told them that he had, correct?

A. Yes.

Q. It was normal, everyday stuff he left with you, correct?

A. I wouldn’t say it’s normal. It was a lot of furniture. So I don’t think that’s normal.

Again, it may well be that, two years after the FBI would have had real questions about Michael’s candor, the CIA concluded they had to reconsider his employment because he could have prevented the theft but did not.

But I wonder whether, by the time DOJ posed these questions anew in August 2019 (which, if I’ve got his interview dates correct, was the only interview he had after the time that Schulte had been formally charged with the theft), their doubts about his other answers had taken on greater significance.

Update: Clarified that the “pseudo” credentials in the transcript are a reference to “sudo” root access.

Update: In a letter opposing any order to share the CIA’s determination to put Michael on paid leave, the government explains the basis for it:

  • Adverse polygraph results
  • His relationship with Schulte
  • His close proximity to the theft of the data and (what appears to be) reason to believe he witnessed more anomalies at the time Schulte was stealing it
  • “Recent inquiries” suggesting Michael may still be hiding information about the theft
  • His “unwillingness to cooperate with a CIA security investigation into his physical altercation with the defendant”

That is, the speculation above seems to be born out. The three questions that leaves are”

  • Why did they put him on leave rather than fire him?
  • Which of the questions above do they think he was not truthful about?
  • Why did they wait until August 2019 to put him on leave?
image_print