A Different DOJ Search of Note: Joshua Schulte

/0 Comments/in , /by

Josh Schulte should have grown concerned when David Denton — one of the two AUSAs in charge of his prosecution — didn’t show up to a status conference on July 26.

THE COURT: All right. Good afternoon, everyone. Mr. Lockard, will Mr. Denton be joining us?

MR. LOCKARD: He will not be joining us today.

For that matter, he should have sussed something was up a month earlier, during trial, when Denton objected to Schulte’s bid to introduce a script he wrote as evidence at his trial because of ongoing and escalating security concerns.

[Y]our Honor, we have accepted a continuing expansion of the defendant’s use of a laptop that was originally provided for the purpose of reviewing discovery, but to us, this is really a bridge too far in terms of security concerns, particularly in light of the issues uncovered during the last issue with his laptop and the concerns that the MDC has raised to us about tampering with the law library computer. We have not taken any action in response to that, because we’re in the middle of trial and we’re loath to do things that would disrupt the trial at this point.

As I laid out, among the security concerns Denton was worried about was that, just weeks before trial when Schulte claimed that his laptop was broken, IT staff at the US Attorney’s Office discovered that Schulte had been tampering with the BIOS on his laptop, seemingly in an attempt to bypass WiFi restrictions.

First, with respect to the defendant’s discovery laptop, which he reported to be inoperable as of June 1, 2022 (D.E. 838), the laptop was operational and returned to Mr. Schulte by the end of the day on June 3, 2022. Mr. Schulte brought the laptop to the courthouse on the morning of June 3 and it was provided to the U.S. Attorney’s Office information technology staff in the early afternoon. It appears that the laptop’s charger was not working and, after being charged with one of the Office’s power cords, the laptop could be turned on and booted. IT staff discovered, however, that the user login for the laptop BIOS1 had been changed. IT staff was able to log in to the laptop using an administrator BIOS account and a Windows login password provided by the defendant. IT staff also discovery an encrypted 15-gigabyte partition on the defendant’s hard drive. The laptop was returned to Mr. Schulte, who confirmed that he was able to log in to the laptop and access his files, along with a replacement power cord. Mr. Schulte was admonished about electronic security requirements, that he is not permitted to enable or use any wireless capabilities on the laptop, and that attempting to do so may result in the laptop being confiscated and other consequences. Mr. Schulte returned to the MDC with the laptop.

1 The BIOS is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. The BIOS settings can determine, for example, whether external ports and wireless capabilities are enabled or disabled.

So DOJ revealed evidence that Schulte was attempting to hack his discovery laptop before trial, Denton implied DOJ was waiting until after trial to do anything about it, and Denton was too busy to show up at the status hearing on July 26.

He appears to have been busy getting a search warrant for the laptop. The government served Schulte with the warrant and seized the offending laptop two days later, on July 28. After Schulte attorney Sabrina Shroff complained, the government explained that since they had not yet charged Schulte in conjunction with the new warrant, they didn’t have to provide their affidavit.

[T]he Government’s investigation of the defendant’s conduct that gave rise to the search warrant is ongoing, no charges related to his use of the laptop have been filed, and the scope and precise nature of the conduct that the Government is investigating are not known either to the public or to the defendant.

If that investigation results in the use of information obtained pursuant to the search warrant, the Government will comply with its discovery obligations promptly.

They did, however, object to getting Schulte a new laptop.

The defendant has seven weeks to draft and file his pro se motions pursuant to Federal Rules of Criminal Procedure 29 and 33, and can do so using the normal resources available to pro se inmates at the Metropolitan Detention Center. The defendant “has the right to legal help through appointed counsel, and when he declines that help, other alternative rights, like access to a [personal laptop], do not spring up.” United States v. Byrd, 208 F.3d 592, 593 (7th Cir. 2000). Particularly in view of the Magistrate Judge’s determination that there is probable cause to believe that the defendant’s previous laptop contains evidence of additional crimes, there is no reason that the defendant should be afforded special access to a new laptop simply because the Court has permitted him to proceed partially pro se for certain matters going forward.

Shroff’s reply, in addition to making a legitimate case that Schulte should be able to get a laptop to finish his Rule 29 and 33 motions, provided more detail of what she knows about the warrant. This is not about espionage. She mentions only additional counts of contempt and possessing contraband, the same charges investigated in 2018 when Schulte’s phone was found (though those crimes seem inconsistent with the security concerns — hacking — described leading up to the trial).

The search warrant itself notes that the government is not alleging it has probable cause for any acts of espionage.

[snip]

Notably, while the government’s letter states the factors which may permit an affidavit to be withheld – e.g., to preserve confidential sources or protect witnesses – the government never explains how those factors possibly could apply here, where someone already incarcerated is accused of violations of Title 18, United States Code, Sections 401(3) (contempt of court) and 1791(a) (possessing contraband in a correctional facility). There are no confidential sources or witness at risk – and production of the affidavit in support of the search warrants implicates none of the articulated concerns.

But that’s not right. It can’t be right. If Schulte got contraband, it means someone — his legal team, his family, or the guards — shared it with him. He has a history of getting the latter two involved in ferrying information or goods improperly. I’m mindful, too, of Schulte’s curious replication of a WikiLeaks-seeded propaganda campaign about Mike Pompeo, even in spite of being on SAMs.

After suggesting there couldn’t be witnesses in a situation where there’d have to be witnesses, Shroff turns the government’s efforts to avoid disrupting Schulte’s trial on its head, claiming it is proof that waiting until after the trial is punitive.

The timing of the search warrant sought by the government as it relates to its stance on a replacement laptop is perhaps informative. Right before start of trial, a guard at the MDC dropped Mr. Schulte’s laptop. See ECF Docket Entry No. 838. In an effort to “fix” the laptop, Mr. Schulte provided it to the government – for that limited purpose. The government then returned the laptop saying it was working but asked Mr. Schulte about the organization of the laptop and then asked the court to admonish Mr. Schulte for manner in which he was maintaining it. The government did nothing more. It did not ask the Court for a search warrant or to curtail Mr. Schulte’s access to the laptop. The government allowed Mr. Schulte to keep his laptop – all through the trial – and only now seeks its seizure. The timing appears punitive and not keyed to any potential harm to a third party.

Ultimately, Judge Jesse Furman declined to intervene, in part because the warrant was obtained in EDNY, not SDNY.

Brandon Straka’s Cell

/22 Comments/in , , /by

I first published this post on the revelations about Brandon Straka’s misdemeanor plea on August 5 at 2:10PM ET.

I posted it about 29 hours after Judge Dabney Friedrich ordered the Probation Office to provide a report by September 30 about Straka’s compliance with probation; during a status hearing a day earlier, Friedrich admonished Straka about saying things publicly that conflicted with what he had said to the FBI in interviews and said to her at his plea colloquy.

I posted it about 28 hours after FBI Director Christopher Wray responded to one of the only questions raised in an SJC oversight hearing about January 6 that, “And then, of course, I have to be a little bit careful about what I say here but we are continuing to develop some of the more complicated parts of the investigation in terms of conspiracy charges and that sort of thing.”

I posted it minutes before a CPAC panel (sponsored, in part, by a Viktor Orbán-tied NGO) featuring Andy Biggs, Straka, and Kash Patel warning that  “Soros prosecutors” were instituting a “Democrat Gulag.”

Straka spent most of the rest of that day, Friday — the day after the judge overseeing his probation ordered more scrutiny into the sincerity of claims he made under oath and to the FBI — in a cage, performing the role of a jailed January 6 defendant counting the days until his release, crying.

Some spectators wept. Some threw money into the cage. Others came up close to mutter words of comfort and support to the emotionally distraught man inside, who was alternating sitting on a bare cot with his head in his hands, and writing sad slogans on a blackboard like “Where is Everyone?” Among those in the audience was Zuny Duarte, mother of Enrique Tarrio, the jailed ex-chairman of the Proud Boys facing seditious conspiracy charges for his role in the Capitol. One man, wearing a T-shirt saying “Correctional Officers for Trump 2020” pointed at his chest, making sure the “jailed” activist saw, and said “”I know how it works, man.”

During Thursday’s performance in the J6 cage, the man in the prison had been an actor. But on Friday, the man was none other than Brandon Straka, a self-proclaimed former liberal who founded #WalkAway, a social media campaign encouraging Democrats to ditch their party for the GOP. Straka was a vocal Stop the Steal proponent and activist, and landed in hot water with the feds when he filmed himself from the steps of the Capitol building on Jan. 6.

All of which makes me really glad that, in that post, I reiterated all the concerns I’ve raised in the past about Straka’s treatment, including that the deal given to Straka would backfire.

Plus, it’s not entirely clear whether such pleas will backfire down the road, given that prosecutors have little ongoing means to ensure cooperation, as they would with felony cooperators hoping to benefit from 5K letters supporting leniency at sentencing.

[snip]

At the time, it looked like a shitty deal by the government, and multiple researchers I know grumbled that the government simply didn’t know what a central role Straka had when they interviewed him just weeks after the riot.

Even in December, there was good reason to question whether DOJ had made a decent deal when it traded information about Stop the Steal organizers in exchange for a misdemeanor plea, rather than building their case, including Straka in a conspiracy to obstruct the vote certification, and then flipping him.

Now, with Straka openly mocking the entire DOJ investigation, there should be real questions at DOJ whether Straka is replaying the Mike Flynn or Jerome Corsi play, reneging on purported cooperation to sabotage the investigation into Trump and his associates.

As a reminder, in Corsi’s case, in an initial interview with Mueller’s prosecutors, they caught him making claims that conflicted with communications records DOJ already obtained. Then, they got him to admit to a grand jury that Stone had asked him to establish a cover story for his “Podesta time in a barrel” tweet in real time, just days after Stone tweeted it. But then — at a time when, Corsi claimed, he was in communication with Trump’s attorney Jay Sekulow, Corsi went on his podcast and amid a dramatic meltdown not dissimilar from the drama we’ve seen from Straka, revealed that prosecutors were trying to force him into a cooperation plea deal with the government. After that point, his interviews with Mueller were a conflicting mishmash that, whatever else they were, made his prior testimony largely useless in any prosecution. It’s likely that an investigation against him was among those referred by Mueller. But he’s also such a batshit crazy person, it’d be hard to hold him accountable for deliberately blowing up interviews with the government.

In Mike Flynn’s case, his competent Covington lawyers negotiated a ridiculously lenient plea deal (in my opinion, one of Mueller’s three greatest mistakes), one that would have gotten the retired General no jail time. During the period he was supposed to be cooperating, he remained in touch with SJC staffer Barbara Ledeen and her husband Michael and Nunes aide Derek Harvey, all of whom kept him apprised of Sara Carter-backed propaganda efforts and Republican Congressional efforts to discredit the investigation. In 2018, Flynn even sent Matt Gaetz a text pushing for more pressure on Mueller. Then, once Bill Barr was confirmed, Flynn fired his competent lawyers and replaced them with Sidney Powell, who with Barr’s collusion, invented a slew of reasons that undermined the investigation against Flynn (in the process, protecting Trump from any Flynn-related obstruction charges). The outcome for Flynn was probably worse. But in the process, Flynn convinced a lot of people who only too late came to understand that both he and Sidney Powell are completely unhinged when they claim that the investigation against him was not a sweetheart deal, but instead a gross abuse of prosecutorial authority.

In both cases, Trump associates or movement operatives identified a cooperating witness and instead turned them into a chaos agent undermining an ongoing investigation. Here, Straka is appearing on a panel with suspected participants in the coup attempt, Andy Biggs and Kash Patel, and cozying up with someone who called for “Marshall Law,” all at a time when DOJ seems to be working on charges arising out of his so-called cooperation.

Given Straka’s recent trajectory, two details of his case from after the time his limited cooperation was made public are noteworthy. First, while Stuart Dornan, a former FBI Agent located (like Straka) in Nebraska remains on Straka’s team, in January, Straka added Bilal Essayli to his legal team, who appears to have taken the lead since, with it striking a far more confrontational tone.

Additionally, Straka’s team specifically — and successfully — objected to the Probation Office’s recommendation that Straka’s social media be monitored.

Brandon also objects to the recommendation by the Probation Officer that he be subjected to a discretionary condition of Probation that monitors his electronic communications service accounts, including email accounts, social media accounts, and cloud storage accounts. Brandon also objects to his financial activity being monitored by the Probation Office. These discretionary conditions of Probation are not sufficiently relevant to the offense committed. In United States v. Taylor, 796 F.3d 788 (7th Cir. 2015), the Seventh Circuit reversed a restriction on the defendant’s computer ownership and internet access in a bank larceny case, stating that the restriction was not reasonably related to his prior conviction for incest. In Brandon’s case, emailing, using social media, and using cloud storage has nothing to do with his offense.

Thus, while Dabney Friedrich ordered the Probation Office to conduct a review of what Straka has been up to while he has been engaging in deceitful performance art attacking the case, when she sentenced Straka, she specifically declined to include review of Straka’s social media. Straka has spent the last six months making a mockery of what he said to Friedrich back in January, most often on social media.

Mike Flynn, especially, has become a movement hero for tanking his own case to create havoc for any case against Trump. And Straka seems intent on pursuing just that kind of notoriety.

And it’s not clear what tools DOJ has retained to prevent that from happening.

The Evidentiary Hole in the Middle of Ari Melber’s “Not anything but evidence”

/110 Comments/in , , /by

Fresh off giving Andrew Weissmann a platform to complain that DOJ’s multi-spoked investigation into January 6 should be multi-spoked, fresh off giving Adam Schiff an opportunity to make the (still-uncorrected) false claim that Congress never gets ahead of DOJ on parts of investigations they’re conducting in parallel, Ari Melber rolled out a schema (one, two) about his understanding of Trump’s corrupt acts that others have found really helpful.

It came with a nifty, mostly-accurate graphic that shows how multiple attempts to stay in power worked in parallel.

That graphic is helpful for those trying to keep track of all the efforts Trump pursued.

But Ari’s “special report,” which he claims is “built on evidence, not anything but evidence,” is most useful for demonstrating the evidentiary hole in the middle of his understanding of events leading up to January 6. And not just his understanding: also my own, and (at least based off their hearings) even the January 6 Committee’s. Neither Ari, the Committee, nor I, nor anyone I know to be investigating — save possibly DOJ and one or two really well sourced journalists — knows for certain what happened between the end of the December 18, 2020 meeting where Sidney Powell pitched Trump on a plan to seize voting machines and Trump’s December 19 tweet that led Stop the Steal plotters to start taking steps that led to a violent attack on the Capitol.

Before I lay out how well Ari illustrates that evidentiary hole, there are multiple things that Ari gets wrong (I’ve put my transcription of the most important parts of his presentation below). Most have to do with Ari’s apparent misunderstanding of how the blue collar violent attack on the Capitol related to the white collar parts of the coup attempt he has familiarity with.

For example, he claims, without evidence, that Rudy Giuliani, Mark Meadows, and John Eastman wanted pardons, “totally separate from the January 6 violence.” But according to Cassidy Hutchinson, both Rudy and Meadows knew by January 2 that Trump planned to go to the Capitol and it might get “real, real bad.”

CASSIDY HUTCHINSON: As Mr. Giuliani and I were walking to his vehicles that evening, he looked at me and said something to the effect of, Cass, are you excited for the 6th? It’s going to be a great day. I remember looking at him saying, Rudy, could you explain what’s happening on the 6th? He had responded something to the effect of, we’re going to the Capitol.

It’s going to be great. The President’s going to be there. He’s going to look powerful. He’s — he’s going to be with the members. He’s going to be with the Senators. Talk to the chief about it, talk to the chief about it. He knows about it.

LIZ CHENEY: And did you go back then up to the West Wing and tell Mr. Meadows about your conversation with Mr. Giuliani?

CASSIDY HUTCHINSON: I did. After Mr. Giuliani had left the campus that evening, I went back up to our office and I found Mr. Meadows in his office on the couch. He was scrolling through his phone. I remember leaning against the doorway and saying, I just had an interesting conversation with Rudy, Mark. It sounds like we’re going to go to the Capitol.

He didn’t look up from his phone and said something to the effect of, there’s a lot going on, Cass, but I don’t know. Things might get real, real bad on January 6th.

Hutchinson also tied White House awareness of the militias now charged with seditious conspiracy with Rudy’s presence.

CASSIDY HUTCHINSON: I recall hearing the word Oath Keeper and hearing the word Proud Boys closer to the planning of the January 6th rally when Mr. Giuliani would be around.

As for Eastman, Mike Pence’s Counsel, Greg Jacob, accused Eastman in real time, as his family was worried whether Jacob would get out alive, of causing the “siege” on the Capitol by “whipping large numbers of people into a frenzy over something with no chance of ever attaining legal force through actual process of law.”

[T]hanks to your bullshit, we are now under siege.

[snip]

[I]t was gravely, gravely irresponsible of you to entice the President of with an academic theory that had no legal viability, and that you well know we would lose before any judge who heard and decided the case. And if the courts declined to hear it, I suppose it could only be decided in the streets. The knowing amplification of that theory through numerous surrogates, whipping large numbers of people into a frenzy over something with no chance of ever attaining legal force through actual process of law, has led us to where we are.

Judge David Carter’s opinion finding it likely Eastman and Trump conspired to obstruct the vote count included Trump’s effort to send the mob, which we now know he knew to be armed, to the Capitol.

President Trump ended his speech by galvanizing the crowd to join him in enacting the plan: “[L]et’s walk down Pennsylvania Avenue” to give Vice President Pence and Congress “the kind of pride and boldness that they need to take back our country.”218

So all of these three men, per key witnesses and one judge, have legal exposure that is directly tied to the violence at the Capitol. Maybe they only wanted pardons for their white collar crimes, but — according to the evidence — all are implicated in the blue collar crimes.

Ari also treats the consideration of a plan to have DOD seize the voting machines as “the military plot,” one that ended on December 18. There are two problems with this. First, Ari ignores that this plan was revised to put DHS in charge of seizing the machines, which is how the plan resurfaced on December 31, when Trump serially tried to get DOJ and DHS to seize the machines.

ADAM KINZINGER: Mr. Rosen, the President asked you to seize voting machines from state governments. What was your response to that request?

JEFFREY A. ROSEN: That we had — we had seen nothing improper with regard to the voting machines. And I told him that the — the real experts that had been at DHS and they had briefed us, that they had looked at it and that there was nothing wrong with the — the voting machines. And so that was not something that was appropriate to do.

ADAM KINZINGER: There would be no factual basis to seize machines. Mr. Donoghue —

JEFFREY A. ROSEN: — I — I don’t think there was legal authority either.

ADAM KINZINGER: Yeah. Mr. Donohue can you explain what the President did after he was told that the Justice Department would not seize voting machines?

RICHARD DONOGHUE: The President was very agitated by the Acting Attorney General’s response. And to the extent that machines and — and the technology was being discussed, the Acting Attorney General said that the DHS, Department of Homeland Security, has expertise in machines and certifying them and making sure that the states are operating them properly.

And since DHS had been mentioned, the President yelled out to his Secretary get Ken Cuccinelli on the phone. And she did in very short order. Mr. Cuccinelli was on the phone. He was the number two at DHS at the time. It was on the speakerphone, and the President essentially said, Ken, I’m sitting here with the Acting Attorney General.

He just told me it’s your job to seize machines and you’re not doing your job. And Mr. Cuccinelli responded.

More importantly, Ari ignores that both militias charged with sedition and a goodly number of other armed rioters believed that larger scale violence would break out (possibly via clashes with counter-protestors, possibly in response to the GOP attempt to steal votes at the Capitol) on January 6, which would create the excuse for Trump to invoke the Insurrection Act to accord legal authority to the mob to act on his behalf. That will literally be Stewart Rhodes’ defense against a sedition charge, that he expected his attack on the US to come with Trump’s legal sanction.

And the plan may have gone further than that. To the extent that Trump asked the National Guard to be prepared for January 6, it was to protect his supporters, not to protect the Capitol.

Mr. Meadows sent an email to an individual about the events on January 6 and said that the National Guard would be present to ‘‘protect pro Trump people’’ and that many more would be available on standby.

When reports that the Guard would deploy first started to come out on January 6, Proud Boy Charles Donohoe [now a cooperating witness] reacted with surprise that the Guard would attack, rather than protect, Trump supporters.

That is, the actual plans for a military coup, rather than a Sidney Powell plan that Trump rejected then revisited, envisioned having armed Trump supporters and the National Guard holding the Capitol together. It was a plan that multiple militia members — most notably Rhodes, which forms a key part of the sedition evidence against him — but even joined by some members of Congress continued to pursue after January 6. There was a military plot that was far worse than the one that Ari labels as “that very bad red illegal plan,” but to understand it, you need to understand what happened at the Capitol, and what plans continued for weeks — still continue!! — after, per Ari, the violence “ended within one day.”

On top of a lack of understanding of what actually happened at the Capitol, Ari’s scheme includes conflicting claims. Ari claims that after Trump chose not to pursue Sidney Powell’s plan on December 18, he turned to “muscle.” “So that’s when I bring muscle to January 6.” His nifty graphic shows the plans to “sabotage Jan. 6” (adopting an utterly bizarre word, “sabotage,” which whitewashes both the violence planned and the legal crime, obstruction, committed) started right then, on December 19. But then, after claiming that Trump turned to “muscle” starting on December 19, Ari suggests that Trump’s only agency in the violence that ensued was the speech he gave on January 6. “The law makes it hard to pin an insurrection on one speech.”

In his presentation, at least, Ari ignores that “muscle” had been a part of the plan from the start, with operatives forming mobs at counting locations in the swing states that in turn created the cover for the fake electors plot and elicited threats against election officials, and it continued through to January 6 and beyond.

This may stem from an unfortunate unevenness on the part of the January 6 Committee.

The seventh hearing — the one purportedly focused on the rioters — depicted the actions of Ali Alexander and Alex Jones as an organic response to Trump’s December 19 tweet.

Donald Trump issued a tweet that would galvanize his followers, unleash a political firestorm, and change the course of our history as a country. Trump’s purpose was to mobilize a crowd. And how do you mobilize a crowd in 2020? With millions of followers on Twitter, President Trump knew exactly how to do it. At 1:42 AM on December 19, 2020, shortly after the last participants left the unhinged meeting, Trump sent out the tweet with his explosive invitation.

Trump repeated his big lie and claimed it was “statistically impossible to have lost the 2020 election” before calling for a big protest in DC on January 6th, be there, will be wild. Trump supporters responded immediately. Women for America First, a pro-Trump organizing group, had previously applied for a rally permit for January 22nd and 23rd in Washington, DC, several days after Joe Biden was to be inaugurated.

But in the hours after the tweet, they moved their permit to January 6th, two weeks before. This rescheduling created the rally where Trump would eventually speak. The next day, Ali Alexander, leader of the Stop the Steal organization and a key mobilizer of Trump supporters, registered Wildprotest.com, named after Trump’s tweet.

Wildprotest.com provided comprehensive information about numerous newly organized protest events in Washington. It included event times, places, speakers, and details on transportation to Washington DC. Meanwhile, other key Trump supporters, including far right media personalities, began promoting the wild protest on January 6th. [Begin videotape]

ALEX JONES: It’s Saturday, December 19th. The year is 2020, and one of the most historic events in American history has just taken place. President Trump, in the early morning hours today, tweeted that he wants the American people to march on Washington DC on January 6th, 2021.

That hearing similarly implied that Oath Keeper Kelly Meggs’ efforts to set up an alliance between the militias, which undoubtedly started at least days earlier, was a response to Trump’s tweet.

On December 19th at 10:22 a.m., just hours after President Trump’s tweet, Kelly Meggs, the head of the Florida Oath Keepers, declared an alliance among the Oath Keepers, the Proud Boys and the Florida Three Percenters, another militia group.

He wrote, we have decided to work together and shut this shit down. Phone records obtained by the Select Committee show that later that afternoon, Mr. Meggs called Proud Boys leader Enrique Tarrio, and they spoke for several minutes. The very next day, the Proud Boys got to work. The Proud Boys launched an encrypted chat called the Ministry of Self-defense.

That is, in places, the Committee encouraged this notion that everything pivoted on December 19 after that tweet.

But elsewhere, the Committee made it clear that the “muscle” and the militia were part of the plan from the start. Its fourth hearing on the Big Lie, for example, made clear that the earlier mobs were led by the very same people who seemingly sprung to action in response to Trump’s December 19 tweet.

[Ali Alexander]:

Let us in. Let us in. Let us in. Special session. Special session. Special session. We’ll light the whole shit on fire.

NICK FUENTES:

What are we going to do? What can you and I do to a state legislator besides kill him? Although, we should not do that. I’m not advising that, but I mean what else can you do? Right?

UNKNOWN:

The punishment for treason is death.

[End Videotape]

ADAM SCHIFF:

The state pressure campaign and the danger it posed to state officials and to State Capitols around the nation was a dangerous precursor to the violence we saw on January 6th at the US Capitol.

[snip]

The Select Committee has uncovered evidence in the course of our investigation that at stop the steal protests at state capitols across the country, there were individuals with ties to the groups or parties involved in the January 6th attack on the US Capitol. One of those incursions took place in the Arizona House of Representatives building, as you can see in this footage.

This is previously undisclosed video of protesters illegally entering and refusing to leave the building. One of the individuals prominently shown in this video is Jacob Chansley, perhaps better known as the QAnon Shaman. This rioter entered the Capitol on January 6th, was photographed leaving a threatening note on the dais in the US Senate chamber, and was ultimately sentenced to 41 months in prison after pleading guilty to obstruction of an official proceeding. Other protesters who occupied the Arizona House of Representatives building included — included Proud Boys, while men armed with rifles stood just outside the entrance.

And different parts of the seventh hearing showed that these ties are much better established, including through Roger Stone’s Friends of Stone listserv that started plotting immediately after the election.

Raskin: In the same time frame, Stone communicated with both the Proud Boys and the Oath Keepers regularly. The committee obtained encrypted content from a group – – from a group chat called Friends of Stone, FOS, which included Stone, Rhodes, Tarrio and Ali Alexander.

The chat focused on various pro-Trump events in November and December of 2020, as well as January 6th. As you can see here, Stewart Rhodes himself urged the Friends of Stone to have people go to their state capitols if they could not make it to Washington for the first million MAGA March on November 14th. These friends of Roger Stone had a significant presence at multiple pro-Trump events after the election, including in Washington on December the 12th. On that day, Stewart Rhodes called for Donald Trump to invoke martial law, promising bloodshed if he did not.

[snip]

JAMIE RASKIN: Encrypted chats obtained by the Select Committee show that Kelly Meggs, the indicted leader of the Florida Oath Keepers, spoke directly with Roger Stone about security on January 5th and 6th. In fact, on January 6th, Stone was guarded by two Oath Keepers who have since been criminally indicted for seditious conspiracy.

One of them later pleaded guilty and, according to the Department of Justice, admitted that the Oath Keepers were ready to use, quote, lethal force if necessary against anyone who tried to remove President Trump from the White House, including the National Guard. As we’ve seen, the Proud Boys were also part of the Friends of Stone Network.

Stone’s ties to the Proud Boys go back many years. He’s even taken their so-called fraternity creed required for the first level of initiation to the group.

[snip]

Katrina Pierson, one of the organizers of January 6th rally and a former campaign spokeswoman for President Trump, grew increasingly apprehensive after learning that multiple activists had been proposed as speakers for the January 6th rally. These included some of the people we discussed earlier in this hearing.

Roger Stone, a longtime outside advisor to President Trump; Alex Jones, the founder of the conspiracy theory website Infowars; and Ali Alexander, an activist known for his violent political rhetoric. On December 30th, Miss Pierson exchanged text messages with another key rally organizer about why people like Mr. Alexander and Mr. Jones were being suggested as speakers at the President’s rally on January 6th. Ms. Pierson’s explanation was POTUS, and she remarks that the President likes the crazies.

Remember that the Committee cut a good deal of their presentation focused on the militia in that seventh hearing to integrate more of Pat Cipollone’s testimony, which I think was one of the more unsuccessful planning decisions the Committee made.

Even still, taken as a whole, the Committee shows that the network around Roger Stone, which linked Ali Alexander, Alex Jones, and other movement activists to the militias (Jones had his own long-standing ties to the militias, including his former employee Joe Biggs), was riling up crowds starting immediately after the election, took concrete steps seemingly in response to Trump’s December 19 tweet, and continued to do so on January 6.

I mean, Roger Stone has been doing this since 2000.

In his most recent schema at least, Ari ignores all of that. Stone, Alexander, the militias, go unmentioned, and Trump’s role in the violence is limited to a single speech.

Which brings me back to the evidentiary gap that Ari and I share, seemingly in conjunction with the Committee.

In Ari’s telling, Donald Trump and Peter Navarro (with whom Ari has had a series of interviews) are the agents of this timeline. In his telling, Trump made an effort to “find a coup plotter” who would go further than his personal lawyer Rudy, who at least according to Hutchinson, had ties to the militias (though Powell is currently funding the legal defense of several Oath Keepers). Ari claimed that Powell was still on the campaign team, even though Rudy had explicitly and publicly stated she had no role on the campaign as early as November 22.

And Ari suggested that Trump adopted Powell’s plan, then either “back[ed] down” or “quit” it.

But as the January 6 Committee described it, it’s not really clear what happened; Pat Cipollone couldn’t even say whether Powell was appointed Special Counsel.

PAT CIPOLLONE: I don’t know what her understanding of whether she had been appointed, what she had been appointed to, Ok? In my view, she hadn’t been appointed to anything and ultimately wasn’t appointed to anything, because there had to be other steps taken. And that was my view when I left the meeting. But she may have a different view, and others may have a different view, and — and the president may have a different view.

To make matters worse, there are few if any credible witnesses here. Sidney Powell and her entourage (including Patrick Byrne, Mike Flynn, and an unnamed attorney) are batshit insane. So is Rudy. Cipollone, who gets treated as a grown-up, seems to be protecting Trump with his privilege claims. Meadows showed up later, but he’s a liar. Cassidy Hutchinson was texting details about the screaming and took a picture of Meadows escorting Rudy from the premises, but she is not known to have been in the meeting.

What seems common to all descriptions is that the Powell entourage showed up without an appointment and were let in by (as Ari notes) Peter Navarro aide Garrett Ziegler, though Patrick Byrne’s account describes two others being involved in their unplanned entry as well. That’s not a plan, it’s a pitch.

During the course of the meeting, Trump entertained the Powell plan because, he complained, Rudy and others were offering him nothing better.

UNKNOWN: So one of the other things that’s been reported that was said during this meeting was that President Trump told White House lawyers Mr. Herschmann and Mr. Cipollone that they weren’t offering him any solutions, but Ms. Powell and others were. So why not try what Ms. Powell and others were proposing? Do you remember anything along those lines being said by President Trump?

DEREK LYONS: I do. That sounds right.

ERIC HERSCHMANN: I think that it got to the point where the screaming was completely, completely out there. I mean, you got people walk in, it was late at night, had been a long day. And what they were proposing I thought was nuts.

RUDY GIULIANI: I’m gonna — I’m gonna categorically describe it as you guys are not tough enough. Or maybe I put it another way. You’re a bunch of pussies. Excuse the expression, but that — that’s I — I’m almost certain the word was used.

But the impression given by virtually all versions of this story (key versions linked below) is that by the end of the night, the White House lawyers and Rudy had mostly convinced Trump not to adopt this plan.

If that’s the case (and several people have backed that story under oath), this will be exculpatory if and when Trump ever goes to trial, not inculpatory. Entertaining a suspect idea — even the arguably legal one of appointing Jeffrey Clark to more aggressively pursue voter fraud claims, and especially a plan to seize the poll machines — but rejecting it on the advice of lawyers, even if Trump was persuaded to do so largely out of self-interest, is evidence someone is trying to stay inside the law, not break it. To be sure, there’s plenty of other evidence that Trump knowingly broke the law, but some of the most contentious meetings will actually be used in his defense. That just means prosecutors will find their proof of motive in places more directly tied to the crimes.

But the meeting accounts showing lawyers at least stalling on any decision about seizing the machines is where the trail goes dark.

No one has yet explained what happened between the time everyone left and the moment Trump’s tweet went out, and the understanding with which key planners adjusted their own timelines. Instead, we get narratives like Ari’s, or Jamie Raskin’s, that present the timing as proof that Trump took a third alternative — a pretty strong inference, undoubtedly — without an explanation of how the tweet got sent out or whether those involved knew where things would lead or who pitched Trump.

Not long after Sidney Powell, General Flynn, and Rudy Giuliani — Giuliani left the White House in the early hours of the morning, President Trump turned away from both his outside advisers’ most outlandish and unworkable schemes and his White House counsel’s advice to swallow hard and accept the reality of his loss.

Instead, Donald Trump issued a tweet that would galvanize his followers, unleash a political firestorm, and change the course of our history as a country. Trump’s purpose was to mobilize a crowd. And how do you mobilize a crowd in 2020? With millions of followers on Twitter, President Trump knew exactly how to do it. At 1:42 AM on December 19, 2020, shortly after the last participants left the unhinged meeting, Trump sent out the tweet with his explosive invitation.

Trump repeated his big lie and claimed it was “statistically impossible to have lost the 2020 election” before calling for a big protest in DC on January 6th, be there, will be wild. Trump supporters responded immediately. Women for America First, a pro-Trump organizing group, had previously applied for a rally permit for January 22nd and 23rd in Washington, DC, several days after Joe Biden was to be inaugurated.

But in the hours after the tweet, they moved their permit to January 6th, two weeks before. This rescheduling created the rally where Trump would eventually speak. The next day, Ali Alexander, leader of the Stop the Steal organization and a key mobilizer of Trump supporters, registered Wildprotest.com, named after Trump’s tweet.

Wildprotest.com provided comprehensive information about numerous newly organized protest events in Washington. It included event times, places, speakers, and details on transportation to Washington DC. Meanwhile, other key Trump supporters, including far right media personalities, began promoting the wild protest on January 6th. [Begin videotape]

It appears that both Powell’s contingent and Rudy left after midnight, with Meadows and Rudy together alone as Rudy left. Less than two hours later, that tweet went out, a tweet that was demonstrably central to both the organized and disorganized mobilization of the mob, one that has long been a focus of DOJ’s prosecutions (proof, among other proof, that Ari’s claim that DOJ has only focused on January 6 and the days immediately before it is false).

It’s certainly possible that after everyone left Peter Navarro came in, or maybe just Ziegler, and presented an alternative plan, a mob, but Ari presents no evidence that happened and it’s unlikely either Ziegler or Navarro would have been silent about their role in it. It’s more likely that Rudy and Meadows agreed they had to offer Trump another alternative, and they settled on January 6 (certainly, Meadows had advanced knowledge of Rudy’s plans for January 6). It’s possible that Trump had a late night call with someone else — Roger Stone or Bannon, maybe — who operationalized what came next. Maybe the dim-witted Meadows came up with the plan by himself.

Meadows, who refused to cooperate with the Committee, surely knows. Dan Scavino, who refused to cooperate, spent four years knowing what led up to most every tweet that Trump sent out. He also must know.

And while Ari doesn’t appear to know and I don’t either and the Committee doesn’t explain it if they know the answer, the one other place one might learn the answer is from those who turned existing infrastructure — the Stop the Steal effort, the permits — towards planning for January 6 (both of which DOJ has issued grand jury subpoenas to learn).

DOJ has been a bit coy about whether they know. That’s why I pointed to the remarkable use of the passive voice in Donohoe’s statement of offense in April, which virtually alone among January 6 filings obscures Trump’s role in announcing the riot on December 19, then turns immediately to Enrique Tarrio’s very hierarchical plan to instill discipline in the Proud Boys that didn’t exist at the December 12 MAGA March (the same trip to DC where Tarrio visited the White House as part of a Latinos for Trump visit).

On December 19, 2020, plans were announced for a protest event in Washington, D.C., on January 6, 2021, which protest would coincide with Congress’s certification of the Electoral College vote.

On or before December 20, 2020, Tarrio approached Donohoe and solicited his interest in joining the leadership of a new chapter of the Proud Boys, called the Ministry of Self Defense (“MOSD”). Donohoe understood from Tarrio that the new chapter would be focused on the planning and execution of national rallies and would consist of hand-selected “rally” boys. Donohoe felt privileged to be included and agreed to participate.

That happened “on or before” December 20, allowing for the possibility that the Proud Boys started to plan before Trump publicly announced the rally. Among other communications that DOJ likely has that the Committee has more limited access to are at least three versions of the Friends of Stone listserv (from Tarrio, Rhodes, and Owen Shroyer’s phones).

My instinct — based on all the evidence that these same people had been the muscle going back to the election — is that that’s where one could find the answer: Meadows, Scavino, Trump, Rudy, but also those who directed existing infrastructure towards January 6. But that’s just instinct. We still really don’t know for sure.

Presidents often adopt the plans of the last person in the room, and that’s probably more true with Trump than many of his predecessors. We know — or believe — that Sidney Powell and Rudy both left. Which means we don’t know who pitched Trump on the plan he ultimately adopted, the one that led directly to an attack on the Capitol.

There absolutely is a slew of evidence that that tweet made the difference, not just with the militias, but with disorganized conspirators and individuals who took Trump’s tweet as an order to make travel plans. It is absolutely the case that after that meeting, Trump took a fateful step (though that has been clear for at least a year). We just don’t know what led him to post that tweet.

Many of those people [Rudy, Meadows, Eastman] wanted pardons totally separate from the January 6 violence and that is important as we look at a different plot Trump’s effort to find a coup plotter would who go farther than Giuliani, his lawyer, Sidney Powell. She would go even farther. So the plan was to take her off the campaign team and try to install her inside the government to get the military to seize voting machines.

[snip]

Trump did back down on that very bad red illegal plan. And by the way, quitting an illegal coup would be a good thing, but this was the military plot: another conspiracy’s prong that hits a dead end. And this is key, because facing that dead end, late that same night of December 18th, Trump turned to the other plot pushed by Eastman and Navarro, posting what is by now an infamous tweet that announces the January 6 rally, beginning, quote, Peter Navarro releases 36-page report alleging election fraud ‘more than sufficient’ to swing victory to Trump. That was the lie Trump needed to build on when he summons the people to DC for the first time. Quote, big protest in DC on January 6th. Will be wild. Now that’s the first time Trump ever told supporters there was a place to come join this fight. And none of this happened in isolation. The evidence of Trump’s criminal intent is worse when all the facts are shown about the plot. Trump began the public operation to sabotage January 6 as a certified vote which was criminal, only after hitting this dead end in the failed plot to have the military help a coup. Now his lawyers warned him of the criminal issues here. Of the criminal intent and actions of that military plot. And he still moved, continuously, from that conspiracy to this one. Now, that’s damning evidence if prosecutors are indicting a broader conspiracy. And the White House aide connecting both plots is Navarro whose aide helped sneak in the military plotters there, then, he’s part of Trump’s January 6th announcement.

[A quote about seizing machines, ignores DHS]

This is something that Rudy Giuliani said would land them all in prison. Rudy Giuliani. He’s already lost his law license. We’ll see what else happens to him. But that is the context as we showed tonight: That when that fails, is the same time, the same night, that Donald Trump comes in and says, alright, I can’t abuse military power. I’m even being told by my most aggressive, lawless lawyers — the kind that he apparently prefers — that that’s not gonna work. So that’s when I bring muscle to January 6. But we have had, in this country, in our minds and apparently at the Justice Department as we reported tonight, a fixation on only looking here [post December 19]. On basically the 6th, or the lead-up to the 6th, or a few days out. And that’s understandable, given what we lived through. We’re human beings and the 6th was one of the worst attacks and one of the worst national security crises America has ever faced, from a domestic threat, let alone an incumbent outgoing President. The point tonight, which we’ve built on evidence, not anything but evidence, is that when you actually go all the way back, when you actually understand how this started, and how many different plots were pursued, thwarted, warned about, and then desperately doubled down upon, that goes to the criminal intent. Let me put it simply. Taken separately, some of these plots can be viewed like a gray area, clumsy plans that didn’t occur or the insurrection that exploded but also ended within one day. I’ll tell you something. The law makes it hard to pin an insurrection on one speech. As it should. But taken together, you have the evidence of this wider criminal conspiracy with criminal intent running across weeks if not more. Remember, in court, prosecutors have to prove criminal intent in a moment, just that you meant to do it. This is weeks of that with lawyers warning these were crimes, especially after the legal door was closed in mid-December when the Electoral College voted — everything after that, when it comes to overturning votes and installing fraudulent electors, that’s that illegal red zone. That’s where you see the evidence of several crimes. And taken together? Well, this evidence suggests the question is no longer whether there are any indictable election offenses here, but how prosecutors would explain a failure to indict and enforce the law and how that does risk letting the close call of this documented and attempted multi-prong coup conspiracy turn into a training exercise that American democracy may not survive.

 

The Discovery Refrigerator: When Joshua Schulte Social Engineered His Cellmate’s Brother

/10 Comments/in , , /by

In advance of some other things, I want to look at the time that Joshua Schulte, who was convicted last week on nine counts related to stealing and leaking CIA files to WikiLeaks, social engineered the brother of his cellmate.

One of the charges on which the jury found Schulte guilty was sending WaPo reporter Shane Harris a warrant affidavit from the investigation into him, along with Schulte’s own narrative purportedly debunking the allegations made in the warrant. The jury found that Schulte’s description of two hundred people who might have access to the DevLAN backups and the network setup that would allow them that access was National Defense Information. Effectively, prosecutors argued and the jury agreed, Schulte was revealing CIA’s organizational structure and numbers of classified employees to a journalist. It’s a picayune Espionage count that because it likely won’t be treated as the same leak as the charge for sending CIA’s hacking tools, could add years to Schulte’s sentence.

Schulte sent the warrant affidavits along with a dangle, a promise to tell Harris some dirt about Russian oligarchs’ ties to Marc Kasowitz and Rudy Giuliani.

We have decided to share with you an initial exposé (depending on how the first one goes with you we will share up to nine more) involving Russian oligarchs, business ties and wire transfers involving hundreds of millions of dollars to Donald Trump’s closest advisers and law firms, including Giuliani and Mark Kasowitz firms. Trump’s self-reported best friend plays a starting role.

In cross-examination of FBI Agent Evan Schlessinger, Schulte suggested, credibly, that this dangle came from his cellmate, Omar Amanat.

Q. Well, you remember the ProtonMail email that referenced Marc Kasowitz, right?

A. Yes.

Q. OK. And there’s no relation between me and Marc Kasowitz, right?

A. No. You’re — not that I’m aware of.

Q. OK. Let’s talk about the cell search at the MCC. Now, in the cell search at the MCC, did you know what cell I was in?

A. Yes.

Q. And just real quick, you did know that there was a relationship between Mr. Amanat and Marc Kasowitz, right?

A. I know it was a — it’s connected to Mr. Amanat. I don’t know exactly how.

Q. OK.

A. Or how it relates to Mr. Amanat.

Of course, Schulte wasn’t charged for leaking information about Trump’s once and future lawyers. He was charged for sharing information about the CIA that — even if Amanat were the one who sent the email to Harris — would still mean Schulte shared it with Amanat, someone else who wasn’t cleared to receive it.

Plus, the record now shows that Schulte had been working with Omar Amanat and his brother, Irfan, to get these documents out.

An FBI interview of Schulte’s cousin, Shane Presnall, conducted just days before his first trial on January 13, 2020 but only released in April, explains that the Amanats were participating in the effort to publicize Schulte’s case starting as soon as Schulte and Amanat ended up in a cell together in December 2017. In fact, Presnall handed off Schulte’s warrants (it’s not clear whether this includes Schulte’s response, which is where the classified information was) to Amanat’s brother, Irfan, by leaving them in the fridge at the apartment he had shared with Schulte. (At the time, Irfan had been charged in the same fraud as Omar, but he was still out on pretrial release; since these events in 2018, both Omar and Irfan have been sentenced, served their time, and released.)

JS’s idea to get to press was to get court documents to get more attention to his case. JS told SP he was trying to create public outrage. When arrested in December 2017, another inmate in MCC, named Omar Amanat, told JS that Omar had media comments [sic] and that JS should send documents out and Omar will get them out. SP expressed skepticism about having a stranger do this. Then Omar’s cousin (Iffy) reaches out to SP via WhatsApp and says they have media contacts and can get documents out. When moving everything out of the apartment, SP put the documents in the bottom of the fridge in his apartment and informed Iffy where the where the documents would be. Iffy came and got the documents at JS’s apartment. Iffy confirmed to SP that Iffy got the documents. Iffy had the key because SP handed it to him.

Presnall was also communicating with reporters via Signal and a ProtonMail account, JohnGalt. But after he handed off the documents, he never heard from Irfan again.

But Schulte and the Amanats continued to work closely to get the documents out.

Just days before the ProtonMail dangle with the warrants was sent to Harris on September 24, the Samsung phone primarily used by Schulte texted Irfan on Signal. [This is a version of the Signal report, GX 822-1 as submitted in the first trial, but in which I replaced phone numbers with names and eliminated extraneous data; the righthand-most column shows who sent a particular text, the second-from-right is who received it.]

Schulte claimed to be Omar. He said that J — Schulte — needed “screen shots of Romania hack and Moscow.”

Irfan was understandably confused because, at the same time as someone claiming to be his brother was texting from the Samsung, someone else was calling him on what must be the iPhone that Omar primarily used.

Nevertheless, Irfan sent the files and only then did Schulte tell Omar’s brother he had pretended to be Omar to get Irfan to send files he had been trying to get from his cellmate.

Irfan and Schulte had a good laugh together about “master airhead” Omar, and then they got back to work on the documents they were working on.

Over the next two days Irfan and Schulte chatted away as they worked on various files, at several points, switching to group chat. At one point, Omar asked who “anonymous badger” is. “My bro?”

Here’s a picture of Omar’s side of that conversation, working on the Google doc via his iPhone while Schulte and Irfan worked from other locations, from one of the 2018 warrant affidavits tied to this part of the investigation.

On September 26, Schulte texted Irfan to say that Omar broke a screen (perhaps an exacerbation of the crack seen above) but that everything was still a go.

That’s the day when jailhouse informant Carlos Betances narced them out to the guard before they could do … something … in the law library.

Q. Mr. Betances, did there come a time when you learned of an effort to take the Samsung somewhere else in the jail?

A. Yes.

Q. And what did you learn about that?

A. That they were going to pay this friend of mine, Flaco, 200 bucks to take it down to the library that day.

Q. And who wanted to pay to bring the phone to the library?

MR. SCHULTE: Objection. Hearsay.

THE COURT: How did you learn about that information?

THE WITNESS: Because Flaco told me.

[snip]

BY MR. LOCKARD: Q. Mr. Betances, did you observe anything about Mr. Schulte’s or Omar’s behavior around that time?

A. Yes. They were very wary. They wanted to go down to the library then, and — so once I realized that they wanted to go down there, I threw this little piece of paper at the guard who was right there, and letting him know that something was going to happen in the library, that he could — he should —

THE INTERPRETER: Interpreter correction. A. — that he should conduct a search or everybody should go down and figure out what was about to happen. So that is what happened. When Josh and Omar came up, they said something had happened, that there was a search, there had been a search in the library, but they never found out that I was the one who had prevented that from happening.

Q. And did you hear Mr. Schulte or Omar discuss why they wanted the phone in the library?

MR. SCHULTE: Objection.

THE COURT: Overruled.

A. They wanted to send something very important. I don’t know what it was, but it was important. They had spent a week, a long time with the phones. They would give me the phone back very late at night with a very low charge.

Over the course of the next few days, as one after another of the detainees in on the contraband phone gig got caught and put into the SHU, it seemed that Omar came to rely on the Samsung (the first of the contraband phones was seized on September 26) to send Irfan gloomy texts. What appears to be Omar asks Irfan to call Carlos’ son to let the son know they’d put $500 in his father’s commissary fund, something that Betances testified to at the second trial, claiming he newly remembered just last month being offered a $5,000 bribe through the air conditioning pipes to stay quiet.

So as the brothers allegedly discussed arranging paying off the guy who narced them out, they also discussed what Harris has received. “How much to carlo,” Irfan asked about the payment. “Washpo has em,” Omar discussed the documents.

The very last Signal text sent on the phone, on a day when Schulte was definitely in SHU but Omar was not yet, was a text from Omar to Harris, asking if they could shift to a different ProtonMail address, [email protected]

It’s a point Schulte made at trial: When that last text was sent, he was in SHU. He couldn’t have sent it.

According to Agent Schlessinger, there was no activity on the ProtonMail account Schulte had described in his notebook setting up on August 21, Annon1204, after Schulte was put in SHU. While Schulte pointed to a follow-up, on Annon1204, on September 26 that he suggested must have come from Omar, the switch to a different ProtonMail account after Schulte was moved overnight on October 1 is consistent with Omar not having the password for Annon1204, and so moving the ongoing conversation with Harris to another ProtonMail account, psalms100.

The entire (resumed) conversation with Shane Harris started with Schulte pretending to be Anonymous, partly in an effort to get Harris to send documents that Schulte’s family had already been warned, by the FBI, not to release publicly. Along the way, Schulte pretended to be Omar and then Omar pretended to be Schulte pretending to be Anonymous.

It was a grand scheme across contraband cell phones and Google docs to send out a bunch of documents. One of which, the jury has now issued their verdict, constituted a very costly crime.

What DOJ Was Doing While You Were Wasting Time Whinging on Twitter

/162 Comments/in , , /by

Because people are so desperate for information on investigations into Trump, they’re over-reading articles to see only the most panic-inducing details.

So I wanted to collect all the known details of investigative steps against Trump and his associates. This will be a running thread.

Note that while I’ve focused on named subjects, these investigations absolutely intersect. That’s readily apparent with the fake electors investigation, but less so with the “Stop the Steal” nexus (best seen in the Ali Alexander entry below; which is where I’m putting some movement activists who played key roles). Those who were speakers on January 5, VIPs who were removed from the speaker’s list on January 6, or who were on Stone’s Friends of Stone or Alexander’s Stop the Steal lists often had roles both in ginning up mobs in states or advance planning for events at the Capitol on January 6 and played some role as things rolled out that day. These people would likely be the “influencers” identified in the investigative plan put together before Michael Sherwin left.

Rudy Giuliani

April 13, 2021: SDNY obtains historic and prospective cell site warrant for Rudy.

April 21, 2021: Warrants for Ukraine-related investigation approved. This was Lisa Monaco’s first day as Deputy Attorney General. The temporal scope on the Ukraine warrants extends from August 1, 2018 through May 31, 2019.

April 28, 2021: Warrants executed. Around 18 devices seized, of which 16 can be cracked.

September 3, 2021: SDNY argues that the privilege review for Rudy’s devices must be conducted pre-scope (meaning, before just the information on Ukraine is identified) and generously offers to limit temporal range of review to items post-dating January 1, 2018, significantly expanding the temporal scope of the privilege review vis a vis the known warrants.

September 16, 2021: Judge Paul Oetken approves SDNY’s desired treatment of Rudy’s phones, meaning anything that post-dates January 1, 2018, regardless of topic, will be reviewed for privilege.

November 2, 2021: Special Master releases contents of 7 devices, for which privilege review extended through seizure. 2,223 items were provided to the government.

January 15, 2022: WaPo quotes Rob Jenkins, who represents a number of Proud Boy defendants, explaining that DOJ is asking about Roger Stone and Rudy Giuliani’s ties to militia members.

January 19, 2022: Special Master releases contents through April 2021 of one phone amounting to over 25,000 items, as well as eight other devices for which the privilege review extended from December 1, 2018 through May 31, 2019.

April 12, 2022: In guise of coming to a final decision on the Ukraine influence-peddling that hasn’t happened yet, DOJ asks Rudy to unlock last several devices.

May 26, 2022: Subpoenas (CNN, NYT) relating to the fake elector plot ask for information on:

  • Rudy Giuliani,
  • Boris Epshteyn
  • Justin Clark
  • John Eastman
  • Bernard Kerik
  • Joe diGenova
  • Victoria Toensing
  • Jenna Ellis
  • Kenneth Chesebro

July 22, 2022: In grand jury testimony, Marc Short and (earlier) Greg Jacob are asked about Rudy and Eastman.

Roger Stone

March 17, 2021: In response to motion for bail for Connie Meggs, DOJ includes picture showing both she and Graydon Young worked a Roger Stone event on December 14, 2020.

June 23, 2021: Oath Keeper Graydon Young, who interacted with Stone in Florida in December 2020, enters into a cooperation agreement.

June 30, 2021: Oath Keeper Mark Grods, who worked the Willard the morning of the insurrection, enters into a cooperation agreement.

September 15, 2021: Oath Keeper Jason Dolan, who guarded Stone in both Florida and DC and would have witnessed discussions between Kelly Meggs and Roger Stone in December, enters into a cooperation agreement.

January 15, 2022: WaPo quotes Rob Jenkins, who represents a number of Proud Boy defendants, explaining that DOJ is asking about Roger Stone and Rudy Giuliani’s ties to militia members.

March 2, 2022: Oath Keeper Joshua James, who oversaw security of Stone on the morning of January 6 and reported back frequently, enters into a cooperation agreement. James also provides statement to NYPD inquiry of Stone associate Sal Greco.

March 4, 2022: WaPo describes hours of documentary video tracking Stone’s events leading up to the attack, including details from a Friends of Stone list on which Stone started planning Stop the Steal immediately after the election. Both DOJ and January 6 sought the outtakes, with Oath Keeper prosecutor Jeffrey Nestler offering to fly to Denmark to make the request. [Note this entry has been corrected to reflect ongoing efforts to get the footage.]

May 2022: NYT describes more about the FOS list, confirming that Owen Shroyer, Enrique Tarrio, Stewart Rhodes, and Ivan Raiklin took part. By June 23, 2022, DOJ had extracted the contents of Shroyer, Tarrio, and Rhodes’ phones.

Sidney Powell

June 2021: Nikki Fried announces Sidney Powell’s Defending the Republic had been raising funds in Florida without registering as a charity.

August 24, 2021: Powell’s fund settles with Florida.

September 2021: AUSA Molly Gaston issues subpoena for records relating to Sidney Powell’s grift going back to November 2, 2020.

November 30, 2021: Several outlets report on subpoenas relating to Powell. (WaPo, Daily Beast)

January 22, 2022: Powell’s attorney claims to be “cooperating” with DOJ investigation.

June 22, 2022: Months after BuzzFeed and Mother Jones report on the scheme, DOJ asks Judge Amit Mehta to conduct conflict inquiry regarding Powell’s funding of Oath Keeper defendants’ defense.

Alex Jones

April 13, 2021: Jones videographer Sam Montoya arrested on trespassing charges related to January 6.

August 19, 2021: Jones sidekick and January 5 speaker Owen Shroyer arrested for violating a non-prosecution agreement by trespassing; Shroyer did not enter the Capitol.

January 20, 2022: Judge Tim Kelly denies Shroyer’s motion to dismiss, effectively agreeing with DOJ that Shroyer (and so Alexander and Jones) weren’t invited by cops to the East steps and didn’t de-escalate the crowd. According to his pre-released testimony, Alexander had claimed they were de-escalating in his sworn testimony to the January 6 Committee.

May 5, 2022: Montoya asks for 60 day extension to discuss plea deal.

May 9, 2022: At status hearing, Shroyer attorney Norm Pattis describes talks of a plea deal.

June 14, 2022: Long-time Jones attorney Norm Pattis, who is representing Owen Shroyer, joins Joe Biggs’ defense team.

June 23, 2022: DOJ provides Shroyer unscoped contents of his phone, to provide scoped contents later.

Ali Alexander

January 25, 2021: Brandon Straka arrested for trespassing and civil disorder. Straka was a key player in the Stop the Steal movement, playing a key role at the riot at the TCF vote counting center in Michigan after the election, spoke at the January 5 rally, sat next to Mike Flynn at Trump’s speech, and stopped at the Willard before heading to the riot. Straka was also on Alexander’s Stop the Steal LISTSERV.

February 17, 2021: First FBI interview with Straka.

March 25, 2021: Second interview with Straka.

December 8, 2021: In released testimony for an appearance before J6C, Alexander told a story that DOJ had already debunked in the Owen Shroyer case. For this and other appearances, Alexander was represented by Paul Kamenar, the same attorney that guided Andrew Miller through stalling the Mueller investigation for a year.

January 5, 2022: Third interview with Straka.

January 13, 2022: DOJ includes sealed cooperation memo in Straka’s sentencing memo.

April 19, 2022: After 15 months of continuations, Anthime “Baked Alaska” Gionet charged with a single trespassing charge, a charge understood to have required some cooperation in advance.

May 11, 2022: Anthime “Baked Alaska” Gionet balks at a plea hearing for a cooperative misdemeanor plea. It is understood that Gionet shared certain materials to avoid a felony indictment. Gionet was given two months (until July 22) to plead to the misdemeanor or face the prospect of felony charges relying on his cooperation.

June 24, 2022: Ali Alexander testifies before grand jury.

June 28, 2022: Alexander returns to DC.

Jeffrey Clark

Note there are two Trump lawyers named Clark: Jeffrey is the DOJ official who would have replaced Jeffrey Rosen . Justin worked on campaign issues. [Really bad error corrected.]

January 25, 2021: DOJ IG Michael Horowitz opens probe into whether current or former DOJ officials attempted to overturn the election.

July 26, 2021: Associate Deputy Attorney General Bradley Weinsheimer writes former top Trump DOJ officials permitting them to testify on efforts, led by but not limited to Clark, to involve DOJ in an attempt to overturn the election. This was the first of a series of Executive Privilege review waivers DOJ asked Biden to make and roughly coincided with the delayed institution of a Contact Policy preventing Biden from learning about investigations.

June 22, 2022: Agents search Clark’s home and seize his devices. Per CNN, DOJ IG coordinated with the wider investigation into January 6.

John Eastman

March 28, 2022: Judge David Carter rules it is more likely than not that Eastman and Trump conspired to obstruct the vote certification. DOJ would be able to obtain any emails Judge Carter released directly from Chapman University covertly.

May 26, 2022: Subpoenas (CNN, NYT) relating to the fake elector plot ask for information on:

  • Rudy Giuliani,
  • Boris Epshteyn
  • Justin Clark
  • John Eastman
  • Bernard Kerik
  • Joe diGenova
  • Victoria Toensing
  • Jenna Ellis
  • Kenneth Chesebro

June 28, 2022: FBI seizes Eastman’s phone, gets him to unlock it.

July 22, 2022: In grand jury testimony, Marc Short and (earlier) Greg Jacob are asked about Rudy and Eastman.

Fake Electors

Fall 2021: According to NYT, Thomas Windom assigned, “to pull together some of the disparate strands of the elector scheme.”

January 25, 2022: Lisa Monaco confirms on the record that DOJ is investigating the fake elector scheme.

May 26, 2022: Subpoenas (CNN, NYT) relating to the fake elector plot ask for information on:

  • Rudy Giuliani,
  • Boris Epshteyn
  • Justin Clark
  • John Eastman
  • Bernard Kerik
  • Joe diGenova
  • Victoria Toensing
  • Jenna Ellis
  • Kenneth Chesebro

June 21, 2022: On July 25, 2022, WaPo published subpoenas to AZ fake electors Karen Fann and Kelly Townsend. In addition to AZ-specific list and the already published list of names of interest, those add:

  • James Troupis
  • Joshua Findlay
  • Mike Roman

June 22, 2022: DOJ takes a slew of overt steps in their investigation into the fake electors:

  • WaPo: Law enforcement activity targeting GA lawyer David Carver and Trump staffer Thomas Lane, subpoenas for GA GOP Chair David Shafer and Michigan fake electors
  • NYT: Subpoenas to Trump campaign aide in MI, Shawn Flynn, as well as Carver, Lane, and Shafer
  • CBS: Search warrants for NV GOP Chair Michael McDonald and Secretary James DeGraffenreid
  • CNN: Subpoena for Shafer, a warrant for David Carver’s phone, information on a GA Signal chat

July 8, 2022: Due date for June 21 subpoenas.

July 13, 2022: Talks between J6C and DOJ about sharing transcripts prioritizes fake electors scheme.

The Mark Meadows Gap

As I was writing this timeline, I realized that, aside from efforts on behalf of the Archives to force Meadows to reconstruct the insurrection he carried out on his personal phone and email, we really do have little information about an active investigation into Meadows’ role in the plot. That may explain why DOJ had not considered interviewing Cassidy Hutchinson before they saw her testimony.

Meadows should be included in the fake electors investigation, but thus far, he’s not. He would be included in any DOJ investigation of pressure in Georgia, but thus far, it seems DOJ has let Fani Willis take the lead on that investigation.

With the exception of Scott Perry, Meadows would be an absolutely necessary pivot to members of Congress who conspired in an attack on their own institution.

Additionally, there are credible allegations of obstruction against Meadows — for replacing his phone, likely deleting Signal and other encrypted app texts, after the FBI investigation started; for burning documents; for pressuring Hutchinson not to testify.

All that said, while Meadows is undeniably the most important gap in this timeline, Trumpsters are predicting that Meadows will go to jail, citing not just his own schemes, but his finances.

Steve Bannon

September 23, 2021: January 6 Committee subpoenas Bannon.

November 3 and 8, 2021: At interviews Bannon attorney Robert Costello did with DC US Attorney’s Office, at which FBI Agents were present, he gives materially inconsistent answers.

November 11, 2021: DOJ obtains Internet and telephony toll records for Robert Costello spanning from March 5 through November 12, which cannot pertain exclusively to the subpoena from a Committee the founding of which came months after the start date of toll request.

November 2021: DOJ subpoenas the toll records for two people — one is a financial advisor — under whose accounts he was believed to communicate in the past; DOJ provided these in discovery on July 8, 2022. The scope for at least one of the subpoenas is for September 22, 2021 through October 21, 2021.

November 12, 2021: DOJ indicts Bannon for contempt.

December 2, 2021: After DOJ raises concerns about Costello serving as a witness, he joins Bannon’s legal team until just before trial.

June 29, 2022: Pursuant to a trial subpoena, DOJ interviews Trump attorney Justin Clark about circumstances of Bannon’s non-compliance.

July 22, 2022: Jury finds Bannon guilty of both counts of contempt.

Peter Navarro

June 2, 2022: DOJ indicts Navarro on two counts of contempt.

Stolen classified documents

February 18, 2022: NARA informs Oversight Chair Carolyn Maloney that there were classified documents among the 15 boxes taken to Mar-a-Lago.

February 22, 2022: Merrick Garland implies DOJ will investigate the mishandled documents.

April 7, 2022: Because DOJ opened investigation into documents, NARA refuses request for more information from Maloney.

May 12, 2022: DOJ issues subpoena to NARA regarding documents and requests interviews with those involved in packing boxes before leaving the White House.

Other key dates

January 4, 2021: DC authorities seize Enrique Tarrio’s phone.

January 8, 2021: Grand jury that carries out bulk of investigation on Capitol and ultimately charges Oath Keepers with sedition convened.

May 25, 2021: Grand jury that indicted Bannon, handful of Jan6ers convened.

August 11, 2021: Grand jury that indicted Michael Riley (Capitol Policeman), several serious defendants (including a superseding) convened.

Summer 2021: FBI interviewed Doug Mastriano about January 6.

October 21, 2021: In Congressional hearing, Merrick Garland makes clear that the OLC memo prohibiting the prosecution of a sitting President is not pertinent to whether Trump can be charged.

November 10, 2021: Still-active grand jury indicting more serious ongoing assault cases, among others, convened.

November 22, 2021: In hearing in Garret Miller case, Judge Carl Nichols asks AUSA James Pearce whether DOJ’s application of 18 USC 1512(c)(2) to the vote certification could apply to someone like Trump. Nichols would go on to be the lone DC judge to reject this application.

December 2021: FBI first gets access to Tarrio’s phone.

December 10, 2021: Judge Dabney Friedrich is the first DC Judge to uphold DOJ’s application of 18 USC 1512(c)(2) to the certification of the vote, the same crime discussed for use with Trump.

January 5, 2022: Garland promises DOJ, “remains committed to holding all January 6th perpetrators, at any level, accountable under law — whether they were present that day or were otherwise criminally responsible for the assault on our democracy. We will follow the facts wherever they lead” and describes, “follow[ing] the money.”

January 12, 2022: DOJ charges Oath Keepers with sedition (and adds Stewart Rhodes to conspiracy).

Mid-January 2022: After filter review, DOJ first obtains materials from Tarrio’s phone that was seized over a year earlier.

January 19, 2022: SCOTUS rejects Trump’s bid to shield January 6 records under Executive Privilege. Not only will J6C get subpoenaed materials directly, but DOJ will be able to obtain the same materials directly, using privilege waiver Biden made for the Committee without violating contact rules.

February 14, 2022: Grand jury that charges Proud Boys with sedition convened.

February 15, 2022: Grand jury that charges Peter Navarro convened.

February 18, 2022: Judge Mehta denies Trump’s motion to dismiss various lawsuits, finding it plausible that Trump conspired with rioters at the Capitol, that he conspired with the militias who attacked the Capitol, and that he has aid and abet liability for assaults at the Capitol, including on cops.

March 3, 2022: Judge Carl Nichols holds that 18 USC 1512(c)(2) must have a documentary component and applies the rule of lenity to dismiss obstruction charge against Garret Miller. In briefing in this case, Nichols had hypothetically asked whether the law could apply to the then-President.

March 7, 2022: DOJ adds Enrique Tarrio to Proud Boy Leaders conspiracy.

March 28, 2022: Judge David Carter rules it is more likely than not that Eastman and Trump conspired to obstruct the vote certification.

May 25, 2022: Garland issues memo affirming that the same rules that always apply to DOJ investigations still apply to DOJ investigations.

June 6, 2022: DOJ charges Proud Boy leaders with sedition.

June 28, 2022: Testimony of Cassidy Hutchinson said to “jolt” DOJ to discuss Trump crimes other than those tied to inspiring rioters, though that report also says that, “change that was underway even before Ms. Hutchinson’s testimony.”

June 29, 2022: In a public appearance, Lisa Monaco says, Congress “is doing their job and we’re doing ours” and describes that DOJ is “deep” into its January 6 probe.

July 15, 2022: After declining to prosecute Mark Meadows for contempt in June, DOJ weighs in on Meadows lawsuit against J6C to opine that Hutchinson’s testimony demonstrated that the Committee is unable to obtain necessary information from other sources.

July 20, 2022: In response to a question about whether DOJ guidance on opening sensitive investigations would be affected if Trump announced he was running, Lisa Monaco reiterates that DOJ would follow the facts, “no matter where they lead, no matter to what level.”

July 21, 2022: Merrick Garland suggests that those who claim DOJ should, but is not, doing a hub-and-spoke investigation are speculating, and calls the investigation “the most wide-ranging” investigation that the Justice Department has ever entered into.

July 22, 2022: Marc Short appears before a grand jury (Greg Jacob did by July 22 as well).

How Josh Schulte Got Judge Jesse Furman to Open a File in Internet Explorer

/26 Comments/in , , /by

Something puzzles me about both Josh Schulte trials (as noted yesterday, the jury found Schulte guilty of al charges against him yesterday).

In both, the government introduced a passage from his prison notebooks advocating the use of the tools he has now been found guilty of sharing with WikiLeaks in an attack similar to NotPetya. [This is the version of this exhibit from his first trial.]

Vault 7 contains numerous zero days and malware that could be [easily] deployed repurposed and released onto the world in a devastating fashion that would make NotPetya look like Child’s play.

Neither time, however, did prosecutors explain the implications of this passage, which proved both knowledge of the non-public files released to WikiLeaks and a desire that they would be used, possibly by Russia, as a weapon.

Here’s how AUSA Sidhardha Kamaraju walked FBI Agent Evan Schlessinger through explaining it on February 26, 2020, in the first trial.

Q. Let’s look at the last paragraph there.

A. “Vault 7 contains numerous zero days and malware that could easily be deployed, repurposed, and released on to the world in a devastating fashion that would make NotPetya look like child’s play.”

Q. Do you know what NotPetya is?

A. Yes, generally.

Q. What is it?

A. It is a version of Russian malware.

Here’s how AUSA David Denton walked Agent Shlessinger through that same exact script this June 30 in the second trial.

Q. And the next paragraph, please.

A. “Vault 7 contains numerous zero days and malware that could easily be deployed,” struck through “repurposed and released onto the world in a devastating fashion that would make NotPetya look like child’s play.”

Q. Sir, do you know what NotPetya is?

A. Yes, generally.

Q. Generally, what is a reference to?

A. Russian malware.

The placid treatment of that passage was all the more striking in this second trial because it came shortly after Schulte had gone on, at length, mocking the claim from jail informant Carlos Betances that Schulte had expressed some desire for Russia’s help to do what he wanted to do, which in context (though Betances wouldn’t know it) would be to launch an information war.

Q. OK. Next, you testified on direct that I told you the Russians would have to help me for the work I was doing, right?

A. Yes, correct.

Q. OK. So the Russians were going to send paratroopers into New York and break me out of MCC?

MR. LOCKARD: Objection.

THE COURT: Sustained.

BY MR. SCHULTE: Q. What is your understanding of how the Russians were going to help?

A. No, I don’t know how they were going to help you. You were the one who knew that.

Q. What work was I doing for Russia?

A. I don’t know what kind of work you were doing for Russia, but I know you were spending long periods of time in your cell with the phones.

Q. OK.

A. With a sheet covering you.

Q. OK. But only Omar ever spoke about Russia, correct?

A. No. You spoke about Russia.

Q. Your testimony is you never learned anything about Omar and Russian oligarchs?

A. No.

Denton could easily have had Schlessinger point out that wanting to get a CIA tool repurposed in Russian malware just like the Russians had integrated stolen NSA tools to use in a malware attack of unprecedented scope would be pretty compelling malicious cooperation with Russia. It would have made Schulte’s mockery with Betances very costly. But Denton did not do that.

In fact, the government entirely left this theory of information war out of Schulte’s trial. In his closing argument for the second trial, for example, Michael Lockard explicitly said that Schulte’s weapon was to leak classified information, not to launch cyberattacks.

Mr. Schulte goes on to make it even more clear. He says essentially it is the same as taking a soldier in the military, handing him a rifle, and then begin beating him senseless to test his loyalty and see if you end up getting shot in the foot or not. It just isn’t smart.

Now, Mr. Schulte is not a soldier in the military, he is a former CIA officer and he doesn’t have a rifle. He has classified information. That is his bullet.

To be sure, that’s dictated by the charges against Schulte. Lockard was trying to prove that Schulte developed malicious plans to leak classified information, not that he developed malicious plans to unleash a global cyberattack that would shut down ports in the United States. But that’s part of my point: The NotPetya reference was superfluous to the charges against Schulte except to prove maliciousness they didn’t use it for.

I may return to this puzzle in a future post. For now, though, I want to use it as background to explain how, that very same day that prosecutors raised Schulte’s alleged plan to get CIA hacking tools used to launch a global malware attack, Schulte got Judge Jesse Furman to open a document in Internet Explorer.

One of the challenges presented when a computer hacker like Schulte represents himself (pro se) is how to equip him to prepare a defense without providing the tools he can use to launch an information war. It’s a real challenge, but also one that Schulte exploited.

In one such instance, in February, Schulte argued the two MDC law library desktops available to him did not allow him to prepare his defense, and so he needed a DVD drive to transfer files including “other binary files,” the kind of thing that might include malware.

Neither of these two computers suffices for writing and printing motions, letters, and other documents. The government proposes no solution — they essentially assert I have no right to access and use a computer to defend myself in this justice system.

I require an electronic transfer system; printing alone will not suffice, because I cannot print video demonstratives I’ve created for use at trial; I cannot print forensics, forensic artifacts, and other binary files that would ultimately be tens of thousands of useless printed pages. I need a way to transfer my notes, documents, motion drafts, demonstrative videos, technical research, analysis, and countless other documents to my standby counsel, forensic expert, and for filing in this court.

The government had told Schulte on January 21 that he could not have a replacement DVD drive that his standby counsel had provided in January because it had write-capabilities; as they noted in March, not having such a drive was not preventing him from filing a blizzard of court filings. Ultimately, in March, the government got Schulte to let them access the laptop to add a printer driver to his discovery laptop. Schulte renewed his request for a write-capable DVD, though, in April.

Schulte continued to complain about his access to the law library for months, sometimes with merit, and other times (such as when he objected to the meal times associated with his choice to fast during Ramadan) not.

The continued issues, though, and Schulte’s claims of retaliation by prison staffers, are why I was so surprised that when, on June 1, Sabrina Shroff reported that a guard had broken Schulte’s discovery laptop by dropping it just weeks before trial, she didn’t ask for any intervention from Judge Furman. Note, she attributes her understanding of what happened to the laptop to Schulte’s parents (who could only have learned that from Schulte) and the prison attorney (who may have learned of it via Schulte as well). In response, as Shroff had tried to do with the write-capable DVD, she was just going to get him a new laptop.

We write to inform the Court that a guard at the MDC accidently dropped Mr. Schulte’s laptop today, breaking it. Because the computer no longer functions, Mr. Schulte is unable to access or print anything from the laptop, including the legal papers due this week. The defense team was first notified of the incident by Mr. Schulte’s parents early this afternoon. It was later confirmed in an email from BOP staff Attorney Irene Chan, who stated in pertinent part: “I just called the housing unit and can confirm that his laptop is broken. It was an unfortunate incident where it was accidentally dropped.”

Given the June 13, 2022 trial date, we have ordered him a new computer, and the BOP, government, and defense team are working to resolve this matter as quickly as possible. We do not seek any relief from the Court at this time.

Only, as I previously noted, that’s not what happened to the laptop, at all. When DOJ’s tech people examined the laptop, it just needed to be charged. As they were assessing it, though,  they discovered he had a 15GB encrypted partition on the laptop and had been trying to use wireless capabilities.

First, with respect to the defendant’s discovery laptop, which he reported to be inoperable as of June 1, 2022 (D.E. 838), the laptop was operational and returned to Mr. Schulte by the end of the day on June 3, 2022. Mr. Schulte brought the laptop to the courthouse on the morning of June 3 and it was provided to the U.S. Attorney’s Office information technology staff in the early afternoon. It appears that the laptop’s charger was not working and, after being charged with one of the Office’s power cords, the laptop could be turned on and booted. IT staff discovered, however, that the user login for the laptop BIOS1 had been changed. IT staff was able to log in to the laptop using an administrator BIOS account and a Windows login password provided by the defendant. IT staff also discovery an encrypted 15-gigabyte partition on the defendant’s hard drive. The laptop was returned to Mr. Schulte, who confirmed that he was able to log in to the laptop and access his files, along with a replacement power cord. Mr. Schulte was admonished about electronic security requirements, that he is not permitted to enable or use any wireless capabilities on the laptop, and that attempting to do so may result in the laptop being confiscated and other consequences. Mr. Schulte returned to the MDC with the laptop.

1 The BIOS is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. The BIOS settings can determine, for example, whether external ports and wireless capabilities are enabled or disabled.

This had all the markings of a hacker — someone who had once envisioned launching a cyberattack as part of his information war from jail — trying to prepare just such an attack.

Weeks later, during the trial, the government intimated that they might punish Schulte for that stunt, but were just trying to get through trial.

We have not taken any action in response to that, because we’re in the middle of trial and we’re loath to do things that would disrupt the trial at this point.

Along the way, though, Schulte’s laptop access continued to grow — for perfectly justifiable reasons tied to the trial, but which appears to have resulted in the discovery laptop (the one with the encrypted partition that he had apparently tried to access WiFi on) being in the same place as a second exhibit laptop, perhaps the very laptop originally intended to replace the one that wasn’t really broken at all. On June 13, Judge Furman ordered the Marshals to let Schulte keep his laptop at breaks. On June 15, Schulte got Furman to order the Marshals to let him use his second laptop, “just like the discovery laptop.”

MR. SCHULTE: OK. So the first thing is I think the marshals just need permission or authorization from you for me to be able to use the second laptop for my exhibits.

THE COURT: Use in the courtroom?

MR. SCHULTE: Yeah, be able to access and use it likeI use the other. I think there was court order for me to be able to use this laptop so they need authorization from you for me to use the second laptop.

THE COURT: And the second laptop is something that standby counsel procured? What is it?

MR. SCHULTE: Yes.

THE COURT: Any objection, Mr. Denton? Any concerns?

MR. DENTON: I think as long as it is something that’s used just here in the courtroom, that’s fine, your Honor. I think to the extent that it was going with the defendant anywhere else other than the courtroom, we would want to make sure that we applied the same security procedures that were applied to his original laptop.

THE COURT: Is it just to be used in this courtroom?

MR. SCHULTE: Yes. That’s correct. It is being locked, I think, in the FBI marshal’s room by the SCIF.

On June 17, Schulte asked Furman to issue a specific order to MDC to ensure he’d be able to “go to the law library and access the laptop.” Again, these are generally understandable accommodations for a defendant going pro se. But they may have placed his discovery laptop (normally used in MDC in Brooklyn) in close proximity to his exhibit laptop used outside of a SCIF in Manhattan.

With that in the background, on June 24, prosecutors described that just days earlier, Schulte had provided them code he wanted to introduce as an exhibit at trial. There were evidentiary problems — this was a defendant representing himself trying to introduce his own writing without taking the stand — but the real issue was his admission he was writing (very rudimentary) code on his laptop. As part of that explanation, the government also claimed that MDC had found Schulte tampering with the law library computer.

The third, however, and most sort of problematic category are the items that were marked as defense exhibits 1210 and 1211, which is code and then a compiled executable program of that code that appear to have been written by the defendant. That raises an evidentiary concern in the sense that those are essentially his own statements, which he’s not entitled to offer but, separately, to us, raises a substantial security concern of how the defendant was able to, first, write but, more significantly, compile code into an executable program on his laptop.

You know, your Honor, we have accepted a continuing expansion of the defendant’s use of a laptop that was originally provided for the purpose of reviewing discovery, but to us, this is really a bridge too far in terms of security concerns, particularly in light of the issues uncovered during the last issue with his laptop and the concerns that the MDC has raised to us about tampering with the law library computer. We have not taken any action in response to that, because we’re in the middle of trial and we’re loath to do things that would disrupt the trial at this point. The fact that defendant is compiling executable code on his laptop raises a substantial concern for us separate from the evidentiary objections we have to its introduction.

THE COURT: OK. Maybe this is better addressed to Mr. Schulte, but I don’t even understand what the third category would be offered for, how it would be offered, what it would be offered for.

MR. DENTON: As best we can tell, it is a program to change the time stamps on a file, which I suppose would be introduced to show that such a thing is possible. I don’t know. We were only provided with it on Tuesday. Again, we think there are obvious issues with its admissibility separate and apart from its relevance, but like I said, for us, it also raises the security concern that we wanted to bring to the Court’s attention.

[snip]

MR. SCHULTE: But for the code, the government produced lots of source code in discovery, and this specific file is, like, ten, ten lines of source code as well as —

THE COURT: Where does it come from? Did you write it?

MR. SCHULTE: Yes, I wrote it. That’s correct.

Schulte didn’t end up introducing the script he wrote. Instead, he asked forensics expert Patrick Leedom if he knew that Schulte had used the “touch” command in malware to alter file times.

Q. Do you know about the Linux touch command?

A. Yes.

Q. This command can be used to change file times, right?

A. Yes, it can.

Q. That includes access times, right?

A. Yes.

Q. And from reviewing my workstation, you know that I developed Linux malware tools for the CIA, right?

A. I know you worked on a few tools. I don’t know if they were Linux-specific or not, but —

Q. And you knew from that that I wrote malware that specifically used the touch command to change file times, right?

In the end, then, it turned out to be just one of many instances during the trial where Schulte raised the various kinds of malware he had written to hide his tracks, infect laptops, and jump air gaps, instances that appeared amidst testimony — from that same jail informant, Carlos Betonces — that Schulte had planned to launch some kind of key event in his information war from the (MCC) law library.

Q. That we — you testified that we were going to do something really big and needed to go to the law library, right?

A. You were paying $200 to my friend named Flaco to go to the library, yes.

Q. I paid someone money?

A. No. They were paying. And Flaco refused to take it downstairs. And the only option left was that they had to go down and take it themselves.

Q. OK. So Omar offered to pay money for Flaco to take some phone down, right?

A. That’s not how Flaco told me. That’s not the way Flaco described it. He said that both of them were offering him money.

Q. All right. But there were cameras in the law library, correct?

THE INTERPRETER: I’m sorry. Can you repeat the question?

Q. There were cameras in the law library, correct?

A. I don’t know.

Q. OK. But your testimony on direct was that me and Omar needed to send some information from the phone, right?

A. Let me explain it to you again. Not information. It’s that you had to do something in the, in the library. That’s what I testified about.

Q. OK. What did I have to do in the law library, according to you?

A. Well, you’re very smart. You must know the question. There was something down there that you wanted to use that you couldn’t use upstairs.

Q. OK. You also testified something about a USB drive, right?

A. Yes.

Q. You testified, I believe, that me and Omar wanted a USB device, right?

A. Yeah. You asked me all the time when the drive was going to arrive. When was it coming? When was it coming?

Q. OK. But there were already USB hard drives given to prisoners in the prison, right?

A. Not to my understanding.

Q. You don’t — you never received or saw anyone using a USB drive with their discovery on it?

A. No, because I — no, I hardly ever went down to the law library.

Q. All right. And then you said, you testified that you slipped a note under the guard’s door?

A. Yes.

Q. And that was about, you said something was going to happen in the law library, right?

THE INTERPRETER: Could you repeat the question, please?

MR. SCHULTE: Yes.

Q. You said that the note said something was going to happen in the law library, right?

A. Yes.

Which finally brings us to the Internet Explorer reference. During his cross-examination of FBI Agent Schlessinger on June 30, Schulte attempted to introduce the return from the warrant FBI served on WordPress after discovering Schulte was using the platform to blog from jail. The government objected, which led to an evidentiary discussion after the jury left for the weekend. The evidentiary discussion pertained to how to introduce the exhibit — which was basically his narrative attacking the criminal justice system — without also disclosing the child porn charges against Schulte referenced within them.

Schulte won that discussion. On the next trial day, July 6, Furman ruled for Schulte, and Schulte said he’d just put a document that redacted the references to his chid porn and sexual assault charges on a CD to share with the government.

MR. SCHULTE: Yes. I just — if I can get the blank CD from them or something I can just give it to them and they can review it.

But back on June 30, during the evidentiary discussion, Judge Furman suggested that the 80- or 90-page document that the government was looking at was something different than the file he was looking at.

That was surprising to Furman.

So was the fact that his version of the document opened in Internet Explorer.

MR. DENTON: Your Honor, on Exhibit 410 we recognize the Court has reserved judgment on that. I want to put sort of a fourth version in the hopper. At least in the version we are looking at, it is a 94-page 35000-word document. To the extent that the only thing the Court deems admissible is sort of the fact that there were postings that did not contain NDI, we would think it might be more appropriate to stipulate to that fact rather than put, essentially, a giant manifesto in evidence not for the truth. So I want to put that option out there given the scope of the document.

[snip]

MR. DENTON: Understood, your Honor. I think at that point, even if we get past the hearsay and the not for the truth problems, then there is a sort of looming 403 problem in the sense that it is a massive document that is essentially an manifesto offered for a comparatively small point. I think at that point it is risk of confusing the jury and potentially inflaming them if people decide to sit down and to read his entire screed, it significantly outweighs the fairly limited value it serves. But, we recognize the Court has reserved on this so I don’t need to belabor the point now.

THE COURT: Unless I am looking at something different, what I opened as Defendant’s Exhibit 410 — it opened for me in Internet Explorer, for some reason and I didn’t even think Internet Explorer existed anymore — and it does not appear to be 84 pages. So, I don’t even know if I am looking at what is being offered or not. But, let me add another option, which is if the government identifies any particular content in here that it thinks should be excluded under 403, then you are certainly welcome to make that proposal as well in the event that I do decide that it should come in in more or less its entirety with the child porn redacted. And if you think that there is something else that should be redacted pursuant to 403, I will consider that. All right?

MR. DENTON: We will make sure we are looking at the same thing and take a look at it over the weekend, your Honor.

To be clear: The reason this opened in IE for Furman is almost certainly that the document was old — it would date to October 2018 — and came in a proprietary form that Furman’s computer didn’t recognize. So for some reason, his computer opened it in IE.

That said, it’s not clear that the discrepancy on the page numbers in the file was ever addressed. Schulte just spoke to one of the prosecutors and they agreed on how it would be introduced.

And if a developer who had worked on malware in 2016 wanted an infection vector, IE might be one he’d pick. That’s because Microsoft stopped supporting older versions of IE in 2016, the year Schulte left the CIA. And WordPress itself was a ripe target for hacking in 2018. Schulte himself might relish using a Microsoft vector because the expert in the trial, Leedom, has moved onto Microsoft since working as a consultant to the FBI.

I have no idea how alarmed to be about all this. The opinions from experts I’ve asked have ranged from “dated file” to “he’d have to be lucky” to “unlikely but potentially terrifying” to “no no no no!” And Schulte is the kind of guy who lets grudges fester so badly that avenging the grudge becomes more important than all else.

So I wanted to put this out there so smarter people can access the documents directly — and perhaps so technical staff from the courthouse can try to figure out why that document opened in Internet Explorer.

Note: As it did with the first trial, Calyx Institute made the transcripts available. This time, however, they were funded by Germany’s Wau Holland Foundation. WHF board member Andy Müller-Maguhn has been named in WikiLeaks operations and was in the US during some of the rough period when Schulte is alleged to have leaked these documents. 

On Oath Keeper Jeremy Brown’s Asymmetric Treatment

/82 Comments/in /by

CNN got a lot of people in a tizzy by incorrectly claiming that a 404b notice filed Friday included new information about the Oath Keeper conspiracy (this story, from Kyle Cheney, makes no claim this is new information). None of the general allegations — that Jessica Watkins had explosives making recipe at her house, that Thomas Caldwell had a list targeting a Georgia election official, that the Oath Keepers did a variety of training sessions before the insurrection — are new. They’ve shown up in detention motions going back to January 2021.

Perhaps the most inflammatory allegation, regarding former Special Forces guy Jeremy Brown, describes that the grenade discovered in Brown’s RV when the FBI searched his property in September was in the RV as it drove to DC for the insurrection.

Jeremy Brown is currently an unindicted co-conspirator in the Oath Keeper conspiracy.2 In November 2020, Brown led the Florida chapter of the Oath Keepers in a training on “unconventional warfare.” See ECF No. 167 at ¶ 22. During this period, he messaged extensively with Florida-based co-conspirators on Signal.3 For example, on November 9, he messaged, “As I am sure you all have plenty of ammo and guns. What I suspect we are not deep on are burner phones and phone cards. These will be needed in great numbers as part of a clandestine comms plan.”

In preparation for January 6, 2021, Brown continued to participate on Signal chats with Rhodes and various Florida Oath Keepers, including Meggs, Kenneth Harrelson and Caleb Berry, regarding transportation to Washington, D.C. on January 6:

We have a RV an Van going. Plenty of Gun Ports left to fill. We can pick you up… If you can, come to my house anytime Saturday. You can stop by and drop stuff off, or stay the night. This way we can load plan, route plan, and conduct PCIs (Pre Combat Inspections). I would LIKE to depart by 0645 on Sunday morning, Jan 3rd. Push through to the NC linkup on the 3rd, RON (Rest Over Night) there, then push to DC on the 4th. This will give us the 4th/5th to set up, conduct route recons, CTR (Close Target Reconnaissance) and any link ups needed with DC elements.

On January 4, 2021, Brown supplied a helmet to Florida Oath Keeper Berry, who met Brown at Brown’s house, and then caravanned with Berry, Meggs, Harrelson and other Florida Oath Keepers first to North Carolina, where they rendezvoused with additional Oath Keepers, and then to the Washington, D.C. area.

The same day, January 4, Meggs informed Jessica Watkins and other co-conspirators via Signal that Brown would be assisting in the Washington, D.C. operation, writing, “Jessica you have 4 working the detail from Ohio. Padimaster you have 6 confirmed for detail from SC. If correct that gives us 27 man team I like it!! Perfect mi with 4-5 medics in the group. I’ll keep working on overall contact between Natl/congress team and stop the steal team for scheduling etc… Kenneth Harrelson runs the ground team. Whippit and Jeremy Brown will assist him especially when we are moving!” Upon arrival in the Washington, D.C. area, Brown deposited various weapons at the Comfort Inn hotel in Virginia that served as the staging area for the QRF. During this same period, Meggs informed Berry that Brown possessed explosives in his Recreational Vehicle (“RV”). 4

The government subsequently seized explosives from Brown. On September 30, 2021, pursuant to an authorized search warrant, the government seized two illegal short barrel firearms from Brown’s residence and military ordinance grenades from Brown’s RV—the same RV that Brown used to travel to Washington, D.C. on January 6.

4 The government is unaware whether Brown deposited the explosives at the Comfort Inn in Virginia or retained them in his RV, which he parked in College Park, Maryland.

Substantially that same information appeared in a detention dispute for Brown in February.

These details have, probably, gone largely unnoticed because Brown is, thus far, only charged for trespassing in conjunction with January 6; he is charged in Florida for his arsenal and some classified documents he kept from his service in Afghanistan. That trial is currently scheduled to start August 1.

Let that be a lesson not to sleep on the misdemeanor cases, because some of them are quite important!

His inclusion in this 404b notice, however, does raise questions about his asymmetric treatment, thus far. He didn’t enter the building — but that’s true of Thomas Caldwell (who is accused of playing a leadership role) or Bennie Parker (who is not) as well. If he is treated as an unindicted co-conspirator, then why isn’t he a charged conspirator?

Indeed, Brown — who is representing himself but who as of recently had two pro bono lawyers expecting to share his discovery without filing notices of appearance — asked just that question in a status hearing on June 23. He noted that the full Oath Keeper team had been added to his case and was demanding the discovery from the sedition case, wanting to share it with those unnamed pro bono standby attorneys. He demanded to know whether he would be charged with sedition.

At the hearing, prosecutor Louis Manzo said there was no plan to add him to the sedition trial scheduled for September. When Brown noted that that didn’t preclude him being added to the lesser Oath Keeper conspiracy, Manzo said that as of now DOJ had no plan to add him to either of the existing conspiracies, though wanted to avoid committing to it.

Obviously, that could change. DOJ only recently added the field leader for the day, Michael Greene/Simmons to the lesser conspiracy. And if he were acquitted in the Florida trial, DOJ would likely charge him in DC to keep him detained — they believed he was dangerous even before the insurrection.

But I can’t help but wonder whether DOJ has some other plan for him.

Update: To clarify something for those claiming this asymmetry reflects a lack of seriousness on DOJ’s part, what DOJ has done is charge Brown with crimes that could represent ~80 years in jail (though would more likely end up in the 10-20 year range), all without having to risk him fucking up the main sedition case, even while allowing DOJ to use his actions against the accused seditionists. That is, this may reflect a way to hold Brown accountable in a way that gives him the least ability to fuck up the main case.

The Josh Schulte Trial Moves to Deliberations

/7 Comments/in , , /by

Yesterday, the two sides in the Josh Schulte case presented their closing arguments.

It is always difficult to read how a jury will view a case, and in this case (in part for reasons I’ll lay out below) that’s all the more true. I could imagine any of a range of outcomes: full acquittal, acquittal on some charges, guilty on most but not all charges, or another hung jury (though I think it likely he’ll win acquittal on at least one or two charges).

This is what the jury will be deliberating about. The short version: Judge Furman seems very skeptical of the obstruction charge against Schulte, quite persuaded by the government’s CFAA charges, but very impressed by Schulte’s closing argument.

The charges

After his first mistrial, DOJ obtained a superseding indictment designed to break his alleged crimes into explicitly identifiable crimes, presumably to prevent the jury from getting confused about what specific actions allegedly constitute a crime, as the first jury appears to have done.

The indictment is generally broken into Espionage tied to files taken directly from the CIA’s servers (Counts One and Two), Espionage tied to stuff Schulte allegedly tried to send out from jail (Counts Three and Four), CFAA for hacking the CIA servers (Counts Five through Eight), and obstruction (Count Nine). I’ve put the legal code below, but here’s how Judge Furman described the charges in his draft jury instructions.

Specifically, Count One charges the defendant with illegal gathering of national defense  information or “NDI.” Specifically, it charges that, on or about April 20, 2016, the defendant, without authorization, copied backup files of certain electronic databases (what I will refer to as the “Backup Files”) housed on a classified computer system maintained by the CIA (namely “DEVLAN”).

Count Two charges the defendant with illegal transmission of unlawfully possessed documents, writings, or notes containing NDI. Specifically, it charges that, between April and May 2016, the defendant, without authorization, retained copies of the Backup Files and communicated them to a third party not authorized to receive them, the organization WikiLeaks.

Count Five charges the defendant with unauthorized access to a computer to obtain classified  information. Specifically, it charges that, between April 18 and April 20, 2016, the defendant accessed a 16 computer without authorization and exceeded his authorized access to obtain the Backup Files and subsequently transmitted them to WikiLeaks without authorization.

Count Six charges the defendant with unauthorized access to a computer to obtain information form a department or agency of the United States. Specifically, it charges that, on or about April 20, 2016, the defendant, accessed a computer without authorization or in excess of his authorized access, and copied the Backup Files.

Count Seven charges the defendant with causing transmission of a harmful computer command. Specifically, it charges that, on or about April 20, 2016, the defendant transmitted commands on DEVLAN to manipulate the state of the Confluence virtual server on DEVLAN.

Count Eight charges the defendant with causing transmission of a harmful computer command. Specifically, it charges that, on or about April 20, 2016, the defendant transmitted commands on DEVLAN to delete log files of activity on DEVLAN.

Counts Three and Four charge the defendant with crimes relating to the unlawful disclosure or attempted disclosure of NDI while he was in the Metropolitan Correctional Center (“MCC”), the federal jail.

Count Three charges that, in or about September 2018, the defendant had unauthorized possession of documents, writings, or notes containing NDI related to the internal computer networks of the CIA, and willfully transmitted them to a third party not authorized to receive them.

Count Four charges that, between July and September 2018, the defendant had unauthorized possession of documents, writings, and notes containing NDI related to tradecraft techniques, operations, and intelligence gathering tools used by the CIA, and attempted to transmit them to a third party or parties not authorized to receive them.

Finally, Count Nine charges the defendant with obstruction of justice. Specifically, it charges that between March and June 2017, the defendant made certain false statements to agents of the FBI during their investigation of the WikiLeaks leak.

Here’s that language with the legal statutes included:

Count One, 18 USC 793(d) and 2 (WikiLeaks Espionage), Illegal gathering of National Defense Information: For copying the DevLAN backup files on or about April 20, 2016.

Count Two, 18 USC 793(e) and 2 (WikiLeaks Espionage), Illegal transmission of unlawfully possessed NDI: For transmitting the backup files to WikiLeaks in or about April and May 2016.

Count Three, 18 USC 793(e) and 2 (MCC Espionage), Illegal transmission of unlawfully possessed NDI: For sending this information about DevLAN to Shane Harris in or about September 2018.

In reality, two groups — EDG and COG and at least 400 people had access. They don’t include COG who was connected to our DEVLAN through HICOC, an intermediary network that connected both COG and EDG. . . . There is absolutely NO reason they shouldn’t have known this connection exists. Step one is narrowing down the possible suspects and to completely disregard an ENTIRE GROUP and HALF the suspects is reckless. All they needed to do was talk to ONE person on Infrastructure branch or through ANY technical description / diagram of the network.”

Count Four, 18 USC 793(e) and 2 (MCC Espionage), Attempted illegal transmission of unlawfully possessed NDI: For staging a tweet and preparing to send out information about CIA’s hacking tools from at least July 2018 through October 2018. (Here’s the version of Exhibit 809 used at the first trial.)

Government Exhibit 801, page 3: “Which brings me to my next point — Do you know what my speciality was at the CIA? Do you know what I did for fun? Data hiding and crypto. I designed and wrote software to conceal data in a custom-designed file system contained with the drive slackspace or hidden partitions. I disguised data. I split data across files and file systems to conceal the crypto—analysis tools could NEVER detect random or pseudo-random data indicative of potential crypto. I designed and wrote my own crypto—how better to foll bafoons [sic] like forensic examiners ad the FBI than to have custom software that doesn’t fit into their 2-week class where they become forensic ‘experts.’”

Government Exhibit 809, page 8: “[tool from vendor report] — Bartender for [redacted] [vendor].”

Government Exhibit 809, page 10: “Additionally, [Tool described in vendor report] is in fact Bartender. A CIA toolset for [operators] to configure for [redacted] deployment.”

Government Exhibit 809, page 11: “[@vendor] discussed [tool] in 2016, which is really the CIA’s Bartender tool suite. Bartender was written to [redacted] deploy against various targets. The source code is available in the Vault 7 release.”

Count Five, 18 USC 1030(a)(1) and 2 (CFAA), Unauthorized access to a computer to obtain classified information: For hacking into the DevLAN backup files.

Count Six, 18 USC 1030(a)(2)(B) and 2 (CFAA), Unauthorized access of a computer to obtain classified information from a department or agency, for hacking into and copying the backup files.

Count Seven, 18 USC 1030(a)(5)(A) and 2 (CFAA), Causing transmission of harmful computer code: For the reversion of Confluence on April 20, 2016.

Count Eight, 18 USC 1030(a)(5)(A) and 2 (CFAA), Causing transmission of harmful computer code: For deleting log files on DevLAN on April 20, 2016.

Count Nine, 18 USC 1503, obstruction: For lying about having taken the backup files, keeping a copy of the letter he sent to the CIA IG, having classified information in his apartment, taking information from the CIA and transferring it to an unclassified network, making DevLAN vulnerable to theft, housing information from the CIA on his home computer, and removing classified information from the CIA.

The law

Based on orders Judge Jesse Furman issued and his response to Schulte’s Rule 29 motions for an acquittal after trial, it seems he views some of the charges to be stronger than others.

Espionage, WikiLeaks charges: Furman didn’t say much about the charges tied to Schulte allegedly obtaining and sharing the Vault 7 and 8 content with WikiLeaks. The transmission charge is the one that is most circumstantial (because the government made no claims about how Schulte got the stolen files out of the CIA and didn’t fully commit to how Schulte sent them to WikiLeaks), and so is one a jury might unsurprisingly find reasonable doubt on.

Espionage, MCC charges: There are two weaknesses to the MCC charges. First, Furman allowed Schulte to argue that because the Bartender information was already made public by WikiLeaks — a topic on which Schulte elicited helpful testimony — it was no longer National Defense Information (there’s more discussion on this issue here). There’s some question whether the Hickock information was NDI as well. But also, in the Bartender case, there’s a question about whether drafting a Tweet in a notebook is a significant enough step to be found guilty.

Obstruction: Furman seems quite skeptical the government has proven their case on obstruction and came close to ruling for Schulte on his Rule 29 motion on it. He ordered the two sides to brief whether the government had provided sufficient evidence of this charge. And in the conference on the instructions, he challenged whether things Schulte said on March 15, 2017 before receiving a grand jury subpoena could be included in an obstruction charge. As Schulte pointed out, too, his false statements from later interviews got less focus in this trial.

CFAA: Furman did rule against Schulte’s Rule 29 motions on the CFAA charges, suggesting he finds the evidence here much stronger. Schulte as much as admitted he had taken the steps DOJ claims he did to revert the confluence files, effectively admitting to one of the charges as written (and that’s what the government focused on in their rebuttal). That said, if he were found guilty on the CFAA charges, Schulte would mount an interesting appeal under SCOTUS’ Van Buren ruling, issued since his last trial, which held that you can’t be guilty of CFAA if you had authorized access. Schulte laid the groundwork to argue that while he didn’t have access to Atlassian, the CIA had not revoked his access as an Administrator to ESXi, which is what he used to be able to do the reversion.

Emotion

In Schulte’s first trial, it seems clear the jury hung based on nullification of one juror, who (according to some jurors) refused to deliberate fairly. DOJ stupidly presented the case in a way that emphasized the human resource dispute, and not the leak. And in a contest of popularity between the CIA and WikiLeaks, the CIA is never going to win 12 votes unanimously, certainly not in SDNY.

I had thought that Schulte would be able to recreate that dynamic with this trial, by once again portraying himself as the unfair victim of CIA bullying. But in at least one case, I think that attempt backfired (by showing Schulte to be precisely the insubordinate prick that the CIA claims him to be).

That said, given Furman’s response, Schulte did brilliantly portray the investigation into him as being biased. So he may win the emotional battle yet again. After he finished, Furman suggested that if Schulte were acquitted, he might have a future as a defense attorney.

THE COURT: You may be seated. All right. Mr. Schulte, that was very impressive, impressively done.

MR. SCHULTE: Thank you.

THE COURT: Depending on what happens here, you may have a future as a defense lawyer. Who knows?

Tactics

In a recent New Yorker profile of Schulte, Sabrina Shroff described how by going pro se, Schulte would be able to push boundaries that she herself could not.

When you consider the powerful forces arrayed against him—and the balance of probabilities that he is guilty—Schulte’s decision to represent himself seems reckless. But, for the C.I.A. and the Justice Department, he remains a formidable adversary, because he is bent on destroying them, he has little to lose, and his head is full of classified information. “Lawyers are bound,” Shroff told me. “There are certain things we can’t argue, certain arguments we can’t make. But if you’re pro se ”—representing yourself—“you can make all the motions you want. You can really try your case.”

Schulte did this repeatedly. He did so with classified information, as when he tried to get “Jeremy Weber” to admit to a report by a still-classified group that Weber was not aware of and which the government insists, to this day, does not exist undermined the attribution of the case (this is based off an out of context text that Weber was not privy to).

Q. Were there many forensic reports filed by AFD about the leak?

A. Not that I’m aware of.

Q. OK. But at some point you learned that AFD determined the backups from the Altabackups must have been stolen, correct?

MR. LOCKARD: Objection.

THE COURT: Sustained. (Defendant conferred with standby counsel)

BY MR. SCHULTE: Q. You reviewed the AFD reports, correct?

MR. LOCKARD: Objection.

THE COURT: Sustained. Let’s move on, Mr. Schulte. (Defendant conferred with standby counsel)

THE COURT: And please keep your voice down when conferring with standby counsel.

… with investigative details (both into his own and a presumed ongoing investigation into WikiLeaks) he has become privy to, such as when he suggested that a SysAdmin named Dave had lost a Stash backup.

Q. Speaking with the admins, you’re talking Dave, Dave C., right; he was one of those?

A. Yeah, Dave.

Q. And he was an employee who put the Stash on a hard drive, correct?

A. I know I’ve heard some of that. I don’t know exactly the situation around that, but —

Q. But that, basically this hard drive with Stash was lost, correct?

MR. DENTON: Objection.

THE COURT: Sustained.

… with testimony presented as questions, as here when Schulte tried to get Special Agent Evanchec to testify that his retention of an OIG email was an honest mistake.

Q. So in your career, classifying documents, sometimes people make honest mistakes when they classify documents, correct?

MR. LOCKARD: Objection.

A. I think that’s —

THE COURT: Sustained.

BY MR. SCHULTE: Q. Have you ever made a mistake classifying a document, sir?

MR. LOCKARD: Objection.

THE COURT: Sustained.

BY MR. SCHULTE: Q. Do you know if someone makes an honest mistake in classifying a document, if they can be charged with a crime?

MR. LOCKARD: Objection.

THE COURT: Sustained.

… and with speculative claims about alternative theories, such as here when he mocked jail informant Carlos Betances’ claim that Schulte said he needed Russian help for what he wanted to accomplish.

Q. OK. Next, you testified on direct that I told you the Russians would have to help me for the work I was doing, right?

A. Yes, correct.

Q. OK. So the Russians were going to send paratroopers into New York and break me out of MCC?

MR. LOCKARD: Objection.

THE COURT: Sustained.

Over and over, prosecutors objected when Schulte made such claims, and most often their objections were sustained. But I think it highly unlikely jurors will be able to entirely unhear many of the speculative claims Schulte made, and so while some of the claims Schulte presented in such fashion were outright false, the jury is unlikely to be able to fully ignore that information.

The unsaid

There are three things that didn’t happen at the trial that I’m quite fascinated by.

First, after delaying the trial for at least four months so as to be able to use Steve Bellovin as his expert, Schulte didn’t even submit an expert report for him. There are many possible explanations for this — that Schulte didn’t like what Bellovin would have said, that Schulte used Bellovin, instead, as a hyper-competent forensic source to check his own theories but never intended to call him, or finally, that Schulte correctly judged he could serve as his own expert in questioning witnesses. That said, the fact that he didn’t use Bellovin makes the delay far more curious.

There are numerous instances — one example is a gotcha that Schulte staged about a purported error (but not a far more significant real error) one of the FBI agents in the case made about Schulte’s Google searches — that were actually quite incriminating. The government, unsurprisingly, didn’t distract from their main case to lay this out though. But I hope to return to some of these details because, while they are irrelevant to the verdict against Schulte (and I want to make clear are distinct from the jury’s ultimate decision about his innocence), they do provide interesting details about Schulte’s actions.

Finally, the government fought hard for the right to be able to present a Schulte narrative about what happened that he shared with his cousin, Shane Presnall, but didn’t introduce it at trial. Effectively, in the document Schulte exposed the real identity of one or more of his colleagues to his cousin. I’m not sure whether the government didn’t rely on this because they wanted to avoid the possibility Presnall would testify, they wanted to limit damage already done to the covert status of the CIA employees, or they didn’t want jeopardy to attach to the document (meaning they could use it in further charges in case of an acquittal). But I’d sure like to know why DOJ didn’t rely on it.

Note: As it did with the first trial, Calyx Institute made the transcripts available. This time, however, they were funded by Germany’s Wau Holland Foundation. WHF board member Andy Müller-Maguhn has been named in WikiLeaks operations and was in the US during some of the rough period when Schulte is alleged to have leaked these documents. 

South Carolinians Converging at the East Door … and Hampton Inn

/38 Comments/in , , /by

I’d like to look at how two men from South Carolina who stayed at the Hampton Inn together, George Tenney and Robbie Norwood, serially played key roles in opening the East Door on January 6.

As I noted in a post last July, Tenney was arrested with a former Marine named Darrell Youngers, though the subsequent investigation seems to have confirmed that they first met that day. The two of them entered the Capitol together at 2:19PM and went fairly directly to the East door by 2:24PM, where Tenney was the first to attempt to open that door to admit the thousands who had assembled outside. After tussling with the cops for a bit, the two gave up and left the Capitol.

Youngers was charged with just trespassing, but Tenney was charged with three felonies — obstruction, civil disorder, and assault — reflecting in part his contact with the cops and presumably also his premeditation in the weeks leading up to January 6.

When the men first started talking about pleading guilty, Youngers’ lawyer suggested they were sharing information with the government (though that doesn’t show up in their guilty pleas).

On March 30, Youngers pled guilty to parading, the trespassing charge most misdemeanor defendants plead to. His statement of offense focused on three things: Tenney’s efforts to open the East doors (and the contact he had with cops in doing so), Youngers’ own description of the “multiple doors” involved in breaching the Capitol, and an interview he and Tenney gave with William Norwood later that night.

12. YOUNGERS and Tenney proceeded to the area inside the Rotunda Doors. Tenney tried to force open the Rotunda Doors to allow more rioters to enter the Capitol, and he had contact with multiple federal employees in the course of doing so. Tenney and others succeeded in getting the Rotunda Doors open, allowing others to enter the Capitol.

13. YOUNGERS and Tenney eventually moved into the Rotunda. Before leaving the area of the Rotunda Doors, YOUNGERS said, “Two stories. Two floors. Multiple doors. The Capitol Building’s been breached.” YOUNGERS and Tenney retreated to the Rotunda and made their way to the area near Senate Wing Doors, exiting the Capitol Building through a window at approximately 2:32 p.m.

14. That evening, YOUNGERS gave an interview from a hotel room with Tenney and William Robert Norwood III, where they wore masks and head coverings to conceal their identities.

Here’s that interview, which Youngers, Norwood, and Tenney (from left to right) gave while masked.

Norwood — who according to his first bail hearing used to be in a militia, about three years ago — was arrested months earlier than the other two. He had been turned in by family members shortly after the attack after he bragged (falsely) about assaulting a cop. He does appear to know Tenney from South Carolina, but entered the Capitol separately, four minutes after him at 2:23. In a second motion for detention, the government alleged that Norwood led rioters to Nancy Pelosi’s office before joining the later effort to open the East door — the one that led to the Oath Keepers and others breaching the building. After allegedly asking his estranged wife to lie about his case, he was detained, though he and the government are in plea discussions.

Youngers’ plea agreement included the standard language January 6 misdemeanor pleas include, consisting of either a social media review and/or an interview with the FBI, suggesting (though the inclusion of such boilerplate is not reliable) he had not yet done so.

Your client agrees to allow law enforcement agents to conduct an interview of your client regarding the events in and around January 6, 2021 prior to sentencing. Your client can accomplish this through an in-person meeting with a law enforcement agent to allow the law enforcement agent to look through social media accounts on your client’s phone or other device.

The plea agreement Tenney entered into last Thursday, however, lacks that language, which may suggest he already did one or some interviews with the FBI. If Tenney did, he didn’t get much of a deal: he pled to two of the felonies against him: civil disorder and obstruction, avoiding only an assault charge for wrestling with cops. Depending on whether DOJ succeeds in persuading Judge Thomas Hogan to apply an 8-level enhancement for official victim/property damage, Tenney’s sentencing guidelines will be 21 to 27 months (without the enhancement) or 41 to 51 months (with it) — the latter of which would be one of the stiffest sentences to date for a prosecution that didn’t involve assaulting a cop, but which might be appropriate for the tactically critical role that opening that East door played in occupying the Capitol.

But I’m more interested in Tenney’s statement of offense, particularly how it compares to his and Youngers’ arrest affidavit. That is, I’m interested in any sign that DOJ has learned why and how Tenney came to head right through the Capitol to the East side to open that door, where thousands were waiting, or whether Norwood’s subsequent successful efforts (as part of a larger group) to open the East doors was related.

With Tenney’s guilty plea, the government has included slightly more language from December 28 indicating that Tenney was coordinating with people who were planning for all eventualities.

In two bail proceedings the government focused on Norwood’s lies about leaving the vest and helmet he stole at the hotel. But he also appears to have lied about with whom he was staying at the Hampton, claiming he stayed with an older couple from Ohio rather than people close to his same age from nearby in South Carolina.

Finally, NORWOOD claimed that upon leaving the Capitol grounds, he and his wife met an older couple from Ohio, who invited them to stay in their hotel room at the Hampton Inn for the night. NORWOOD claimed that he left the police vest and helmet inside the hotel room, but he could not provide interviewing agents with any further details about the hotel.

After Norwood was interviewed. by the FBI, he let Tenney know about it, because Tenney told the FBI that he knew about it in an (similarly misleading) interview little over two weeks later.

TENNEY said that he was only inside the Capitol Building for three or four minutes before he and the people he was with realized that something bad was happening, prompting them to leave. He indicated that he did not think he was doing anything wrong at the time, but, in hindsight, wishes he had not gone inside the Capitol Building. TENNEY further stated that he did not engage in any violence inside or cause property damage. Instead, he said, he told people to stop damaging things and helped officers who had fallen to the ground to get back on their feet.

[snip]

During his February 9 interview, TENNEY also mentioned two other names: “Darnell,” (YOUNGERS’ first name is “Darrell”) and a person he identified as “Robbie” from Greenville, S.C., whom he said had already been interviewed by the FBI. TENNEY admitted to having met “Robbie” in the crowd at the January 6 rally, before he entered the Capitol.

In an interview after his arrest, Norwood admitted sharing a hotel room with Tenney.

In a subsequent interview on February 26, 2021, Norwood mentioned sharing a hotel room the night of January 6 with an individual named “George,” which is TENNEY’s first name.

What happened in that hotel room appears to be some of the substance of what Norwood was trying to convince his estranged wife to renege her testimony on months later, leading up to January (when prosecutors first asked Judge Emmet Sullivan to revoke Norwood’s bail).

The content of the defendant’s text messages with his estranged wife, appended as attachments to Pretrial’s Violation Report, show what appears to be a sustained campaign by the defendant to coerce, intimidate, threaten, and corruptly persuade a potential government witness to recant her statements to law enforcement and to obstruct justice. Communications between the estranged wife and defense counsel, which are also appended as attachments to Pretrial’s Violation Report, provide context for the text messages between the defendant and his estranged wife: “Robert Norwood has been trying to [coerce] me into emailing you, stating that, anything from my statements to the FBI were not true. However, I do not feel comfortable lying [sic] about anything. . . . I do not feel comfortable in anything that he was telling me to do.”

[snip]

The estranged wife’s communications with Norwood and with Norwood’s counsel show that the defendant has, at the very least, been pressuring his estranged wife to recant her statements to the FBI, to not be truthful, and to “keep [her] mouth shut.” ECF No. 29, Att. 3. In fact, when the estranged wife texted the defendant, “I will tell the whole truth,” the defendant responded, “No you won’t . . . You’ll tell them you reached out to me and made the offer. That I didn’t respond to you . . . Do not throw me under the bus . . . What part of spousal privilege don’t you get???” Id. Additionally, when the estranged wife texted the defendant, “I refuse to write another bogus f***ing email,” the defendant responded, “It’s not bogus, and it will help us both. . . . Do what you said you already did. You lied to me. STUP F***ING LYING ABOUT EVERYTHING AND HELP ME LIKE YOU SAID YOU WOULD.”

To be clear: it’s not clear what relationship there is between Tenney and Norwood, aside from their shared hotel room and proximity in South Carolina. It’s their shared focus on the East door.

At 2:24, after making a beeline through the Capitol, Tenney was the first person to open the East door.

And about fourteen minutes later, Norwood similarly helped open the East door.

Then later that night, the two men donned masks and told their stories of the day, stories that presumably explain how both came to help rioters amassed on the East side of the building open a second front of attack.

By December 28, 2020, Tenney knew of plans to siege the Capitol. On January 6, he and fellow South Carolinian Norwood both played key roles in that siege.

So what happened in between?

Thanks to @CapitolHunters for pointing me to this video, which takes forever to download, which shows both breaches, and to talk me through some of the other people of interest who have yet to be arrested.

Amid Claims of Witness Tampering, Revisiting Peter Navarro’s Alleged Contempt

/97 Comments/in , , /by

Last week, Steve Bannon engaged in a stunt, claiming that a Carl Nichols order requiring DOJ to provide official documents on things like executive privilege and testimonial immunity must cover DOJ’s declination decision with respect to Mark Meadows and Dan Scavino.

The stunt itself isn’t all that interesting.

Bannon claimed that he refused to testify in part on the same basis that Mark Meadows and Dan Scavino did, and so understanding how DOJ had distinguished them (whose prosecution DOJ declined) from him (who got charged) would reflect official policy.

The letters Trump lawyer Justin Clark sent to Meadows and Scavino made one difference clear, however (which the Bannon filing obliquely acknowledges). In instructing Meadows and Scavino to refuse to testify to the January 6 Committee as much as possible, Clark included language invoking testimonial immunity, on top of Executive Privilege.

Furthermore, President Trump believes that Mr. Meadows is immune from compelled congressional testimony on matters related to his official responsibilities. See Testimonial Immunity Before Congress of the Former Counsel to the President, [citing the Don McGahn OLC opinion]

The letter that Clark sent Bannon on the same day, October 6, had no such language on testimony immunity.

Indeed, after Robert Costello kept making claims about Trump instructing Bannon not to testify, Clark emailed him twice more, the first time to resend the same letter, and the second time to explicitly say that they didn’t think Bannon had testimonial immunity.

In light of press reports regarding your client I wanted to reach out. Just to reiterate, our letter referenced below didn’t indicate that we believe there is immunity from testimony for your client. As I indicated to you the other day, we don’t believe there is. Now, you may have made a different determination. That is entirely your call. But as I also indicated the other day other avenues to invoke the privilege — if you believe it to be appropriate — exist and are your responsibility.

Effectively, Trump’s team told Bannon to stall, but gave him no legal tools to do so. Bannon didn’t entirely ignore testimonial immunity. In a footnote, he accused Carl Nichols of misapplying the law with respect to immunity and privilege.

Finally, on this question, the Court’s oral Order of June 15, 2022, appears to indicate a view by the Court that Justin Clark’s view on the question of “immunity” is either relevant or somehow undercuts the invocation of executive privilege. It certainly is not relevant – immunity, unlike, executive privilege is not a legal concept for the President to invoke or confer and his view on “immunity” is of no consequence at all on the question of whether executive privilege was invoked. It was.

But he said the common invocation of Executive Privilege was itself enough to merit a more formal comparison (ignoring, of course, that Meadows provided some materials to the Committee that did not involve the President, whereas Bannon withheld even his public podcasts).

Though some of the news reports he cites name Peter Navarro, Bannon doesn’t invoke his case. In Navarro’s now-withdrawn lawsuit against the Committee, he invoked both testimonial immunity and Executive Privilege. But he cites no letter from Trump; instead, he relies on the same Don McGahn OLC opinion Bannon invoked in his filing. Of course, by the time Navarro was subpoenaed — February 9, as compared to the September 23 subpoenas for Bannon, Meadows, and Scavino (as well as Kash Patel) — SCOTUS had already ruled against Trump’s privilege claim.

So it may be that DOJ’s decision tree regarding charges looks like this:

Bannon’s filing may be a stunt, but he may be right that DOJ didn’t charge Meadows and Scavino because they could claim to have been covered by both Executive Privilege and testimonial immunity (and in Meadows’ case, even attempted to comply with non-privileged materials).

Given the evidence in Tuesday’s hearing that Trump and his associates continued to try to influence Cassidy Hutchinson’s testimony at least through March 7, I want to return to something I noted before: because Navarro didn’t lawyer up, whatever communications he exchanged with Trump’s lawyers would not be privileged.

After Bannon got indicted for contempt, DOJ obtained the call records for his lawyer, Robert Costello’s, communications going all the way back to when Costello’s previous representation of Bannon ended. If they did that with Navarro, they could get more than the call records, though.

Whatever else DOJ did with their charging decision, they also allowed themselves the greatest visibility into ongoing obstruction, while sustaining the case in chief.

image_print